@openvtc/pnm-core 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -20,6 +20,20 @@ export interface SignTrustTaskOptions {
|
|
|
20
20
|
* attesting to a separate claim — e.g. a VP-framed bootstrap request
|
|
21
21
|
* (the provision-integration flow) or a SIOP-shaped self-attestation. */
|
|
22
22
|
proofPurpose?: "assertionMethod" | "authentication";
|
|
23
|
+
/** Milliseconds to back-date the proof's `created` timestamp, absorbing
|
|
24
|
+
* clock skew between this wallet and the verifier.
|
|
25
|
+
*
|
|
26
|
+
* VC Data-Integrity verifiers (the Rust `eddsa-jcs-2022` spec-conformance
|
|
27
|
+
* check on the VTA included) reject any proof whose `created` is in the
|
|
28
|
+
* verifier's future, with **no** skew tolerance. If the wallet's clock
|
|
29
|
+
* runs even slightly ahead of the verifier, an honest `created = now`
|
|
30
|
+
* fails with "Created date is in the future". Back-dating by a small
|
|
31
|
+
* margin keeps `created <= verifier_now` across normal NTP skew.
|
|
32
|
+
*
|
|
33
|
+
* Default 60_000 (60s). The timestamp is still UTC (`toISOString()`);
|
|
34
|
+
* this only shifts it earlier. Gross skew (clock minutes/hours off) is
|
|
35
|
+
* an environment problem a margin can't fix — keep the host on NTP. */
|
|
36
|
+
clockSkewMs?: number;
|
|
23
37
|
}
|
|
24
38
|
/**
|
|
25
39
|
* Attach an `eddsa-jcs-2022` Data Integrity proof to a Trust-Task envelope
|
|
@@ -27,5 +41,5 @@ export interface SignTrustTaskOptions {
|
|
|
27
41
|
* SHA-256(JCS(proofConfig)) and SHA-256(JCS(envelope minus proof)), per
|
|
28
42
|
* https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022.
|
|
29
43
|
*/
|
|
30
|
-
export declare function signTrustTask({ envelope, signing, proofPurpose, }: SignTrustTaskOptions): Promise<TrustTaskEnvelope>;
|
|
44
|
+
export declare function signTrustTask({ envelope, signing, proofPurpose, clockSkewMs, }: SignTrustTaskOptions): Promise<TrustTaskEnvelope>;
|
|
31
45
|
//# sourceMappingURL=sign.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/trust-tasks/sign.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAE9D;0DAC0D;AAC1D,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE9E,MAAM,WAAW,oBAAoB;IACnC;;2EAEuE;IACvE,QAAQ,EAAE,iBAAiB,CAAC;IAC5B;8EAC0E;IAC1E,OAAO,EAAE,eAAe,CAAC;IACzB;;;;;;8EAM0E;IAC1E,YAAY,CAAC,EAAE,iBAAiB,GAAG,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../../src/trust-tasks/sign.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAE9D;0DAC0D;AAC1D,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE9E,MAAM,WAAW,oBAAoB;IACnC;;2EAEuE;IACvE,QAAQ,EAAE,iBAAiB,CAAC;IAC5B;8EAC0E;IAC1E,OAAO,EAAE,eAAe,CAAC;IACzB;;;;;;8EAM0E;IAC1E,YAAY,CAAC,EAAE,iBAAiB,GAAG,gBAAgB,CAAC;IACpD;;;;;;;;;;;;4EAYwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAOD;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,EAClC,QAAQ,EACR,OAAO,EACP,YAAgC,EAChC,WAAmC,GACpC,EAAE,oBAAoB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA8BnD"}
|
package/dist/trust-tasks/sign.js
CHANGED
|
@@ -8,18 +8,25 @@
|
|
|
8
8
|
// 8785) the did-hosting UI uses for its session-key signed trust tasks, so
|
|
9
9
|
// a single AffinidiVerifier on the server-side accepts both flows.
|
|
10
10
|
import { ed25519 } from "@noble/curves/ed25519.js";
|
|
11
|
+
/** Default back-date applied to a DI proof's `created`. Comfortably inside
|
|
12
|
+
* the ±5min skew window the VTA already allows on `validUntil`, so it can't
|
|
13
|
+
* push `created` outside any window the verifier accepts. */
|
|
14
|
+
const DEFAULT_CLOCK_SKEW_MS = 60_000;
|
|
11
15
|
/**
|
|
12
16
|
* Attach an `eddsa-jcs-2022` Data Integrity proof to a Trust-Task envelope
|
|
13
17
|
* and return the same envelope. The signed input is the concatenation of
|
|
14
18
|
* SHA-256(JCS(proofConfig)) and SHA-256(JCS(envelope minus proof)), per
|
|
15
19
|
* https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022.
|
|
16
20
|
*/
|
|
17
|
-
export async function signTrustTask({ envelope, signing, proofPurpose = "assertionMethod", }) {
|
|
21
|
+
export async function signTrustTask({ envelope, signing, proofPurpose = "assertionMethod", clockSkewMs = DEFAULT_CLOCK_SKEW_MS, }) {
|
|
18
22
|
const proofConfig = {
|
|
19
23
|
type: "DataIntegrityProof",
|
|
20
24
|
cryptosuite: "eddsa-jcs-2022",
|
|
21
25
|
verificationMethod: signing.kid,
|
|
22
|
-
|
|
26
|
+
// UTC, back-dated by `clockSkewMs` so a wallet clock running slightly
|
|
27
|
+
// ahead of the verifier doesn't trip the "Created date is in the
|
|
28
|
+
// future" spec-conformance rejection. See `clockSkewMs` docs above.
|
|
29
|
+
created: new Date(Date.now() - clockSkewMs).toISOString(),
|
|
23
30
|
proofPurpose,
|
|
24
31
|
};
|
|
25
32
|
const docCopy = { ...envelope };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/trust-tasks/sign.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,2EAA2E;AAC3E,0EAA0E;AAC1E,2EAA2E;AAC3E,+CAA+C;AAC/C,EAAE;AACF,wEAAwE;AACxE,2EAA2E;AAC3E,mEAAmE;AAEnE,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"sign.js","sourceRoot":"","sources":["../../src/trust-tasks/sign.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,2EAA2E;AAC3E,0EAA0E;AAC1E,2EAA2E;AAC3E,+CAA+C;AAC/C,EAAE;AACF,wEAAwE;AACxE,2EAA2E;AAC3E,mEAAmE;AAEnE,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAuCnD;;8DAE8D;AAC9D,MAAM,qBAAqB,GAAG,MAAM,CAAC;AAErC;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAClC,QAAQ,EACR,OAAO,EACP,YAAY,GAAG,iBAAiB,EAChC,WAAW,GAAG,qBAAqB,GACd;IACrB,MAAM,WAAW,GAA4B;QAC3C,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,gBAAgB;QAC7B,kBAAkB,EAAE,OAAO,CAAC,GAAG;QAC/B,sEAAsE;QACtE,iEAAiE;QACjE,oEAAoE;QACpE,OAAO,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,CAAC,WAAW,EAAE;QACzD,YAAY;KACb,CAAC;IAEF,MAAM,OAAO,GAAsB,EAAE,GAAG,QAAQ,EAAE,CAAC;IACnD,OAAO,OAAO,CAAC,KAAK,CAAC;IAErB,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,CAAC;IACnE,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;IAEvD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,eAAe,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvE,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IAC/B,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IAE5C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACrD,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,CAAC,MAAM,QAAQ,CAAC,CAAC;IAC9E,CAAC;IAED,WAAW,CAAC,UAAU,GAAG,GAAG,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IACpD,QAAQ,CAAC,KAAK,GAAG,WAAW,CAAC;IAC7B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,yBAAyB;AACzB,2EAA2E;AAC3E,4EAA4E;AAC5E,sEAAsE;AACtE,0DAA0D;AAE1D,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IACnC,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC;IAElB,SAAS,GAAG,CAAC,CAAU;QACrB,IAAI,CAAC,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAC9B,IAAI,CAAC,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;QAC9B,IAAI,CAAC,KAAK,KAAK;YAAE,OAAO,OAAO,CAAC;QAChC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC3E,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAAE,OAAO,GAAG,CAAC;YACjC,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACpE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACZ,MAAM,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACf,OAAO,GAAG,CAAC;QACb,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;YACxC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAW,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAC9E,IAAI,CAAC,GAAG,CAAC,CAAW,CAAC,CAAC;YACtB,MAAM,GAAG,GAAG,CAA4B,CAAC;YACzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAChE,IAAI,CAAC,MAAM,CAAC,CAAW,CAAC,CAAC;YACzB,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACrC,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,mCAAmC,OAAO,CAAC,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,SAAS,SAAS,CAAC,CAAS;QAC1B,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAClC,MAAM,EAAE,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,KAAK,CAAC;iBACzB,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,MAAM,CAAC;iBAC/B,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,KAAK,CAAC;iBAC9B,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,KAAK,CAAC;iBAC9B,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,KAAK,CAAC;iBAC9B,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,KAAK,CAAC;iBAC9B,IAAI,EAAE,KAAK,IAAI;gBAAE,GAAG,IAAI,KAAK,CAAC;iBAC9B,IAAI,EAAE,GAAG,IAAI;gBAAE,GAAG,IAAI,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;;gBAC/D,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QACD,OAAO,GAAG,GAAG,GAAG,CAAC;IACnB,CAAC;AACH,CAAC;AAED,uCAAuC;AACvC,4EAA4E;AAE5E,MAAM,YAAY,GAAG,4DAA4D,CAAC;AAElF,SAAS,eAAe,CAAC,KAAiB;IACxC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,OAAO,KAAK,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC;QAAE,KAAK,EAAE,CAAC;IAC3D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,GAAG,KAAK,CAAC,CAAC,CAAW,CAAC;QAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,KAAK,IAAK,MAAM,CAAC,CAAC,CAAY,IAAI,CAAC,CAAC;YACpC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;YACvB,KAAK,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,KAAK,GAAG,CAAC,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;YACxB,KAAK,GAAG,CAAC,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,GAAG,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC,CAAW,CAAC,CAAC;IACtF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,MAAM,CAAC,KAAa;IACjC,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5C,OAAO,IAAI,UAAU,CAAC,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;AACpE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@openvtc/pnm-core",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Browser-side bridge between WebAuthn passkeys and VTA-managed DIDs. Wire types, WebAuthn ceremony helpers, COSE→Multikey conversion, DID verificationMethod builder, REST + DIDComm transports, mediator client, SIOP / RP-login / provision-integration flows.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"repository": {
|
|
@@ -46,7 +46,7 @@
|
|
|
46
46
|
"@hpke/chacha20poly1305": "^1.8.0",
|
|
47
47
|
"@hpke/core": "^1.9.0",
|
|
48
48
|
"@noble/curves": "^2.2.0",
|
|
49
|
-
"@openvtc/vti-didcomm-js": "^0.4.
|
|
49
|
+
"@openvtc/vti-didcomm-js": "^0.4.2",
|
|
50
50
|
"@scure/base": "^1.1.9",
|
|
51
51
|
"cbor-x": "^1.6.4"
|
|
52
52
|
},
|