@originals/sdk 1.8.2 → 1.8.3

package/src/vc/Issuer.ts

@@ -1,105 +0,0 @@
-import { VerifiableCredential, VerifiablePresentation } from '../types';
-import { multikey, MultikeyType } from '../crypto/Multikey';
-import { DIDManager } from '../did/DIDManager';
-import { createDocumentLoader } from './documentLoader';
-import { DataIntegrityProofManager } from './proofs/data-integrity';
-
-export interface IssueOptions {
-  proofPurpose: 'assertionMethod' | 'authentication';
-  documentLoader?: (iri: string) => Promise<{ document: unknown; documentUrl: string; contextUrl: string | null }>;
-  challenge?: string;
-  domain?: string;
-}
-
-export type VerificationMethodLike = {
-  id: string;
-  controller: string;
-  publicKeyMultibase: string;
-  secretKeyMultibase?: string;
-  type?: string;
-};
-
-export class Issuer {
-  constructor(private didManager: DIDManager, private verificationMethod: VerificationMethodLike) {}
-
-  private inferKeyType(publicKeyMultibase: string): MultikeyType {
-    try {
-      return multikey.decodePublicKey(publicKeyMultibase).type;
-    } catch {
-      return 'Ed25519';
-    }
-  }
-
-  async issueCredential(
-    unsigned: Omit<VerifiableCredential, '@context' | 'proof'>,
-    options: IssueOptions
-  ): Promise<VerifiableCredential> {
-    const documentLoader = options.documentLoader || createDocumentLoader(this.didManager);
-    await documentLoader(this.verificationMethod.id);
-
-    const issuerId = typeof unsigned.issuer === 'string' ? unsigned.issuer : (unsigned.issuer as { id?: string })?.id;
-    const credential: VerifiableCredential = {
-      ...unsigned,
-      '@context': ['https://www.w3.org/ns/credentials/v2'],
-      issuer: issuerId || this.verificationMethod.controller,
-      proof: undefined
-    } as VerifiableCredential;
-
-    if (!this.verificationMethod.secretKeyMultibase) {
-      throw new Error('Missing secretKeyMultibase for issuance');
-    }
-    const keyType = this.inferKeyType(this.verificationMethod.publicKeyMultibase);
-    if (keyType !== 'Ed25519') {
-      throw new Error('Only Ed25519 supported for eddsa-rdfc-2022');
-    }
-    const proof = await DataIntegrityProofManager.createProof(credential, {
-      verificationMethod: this.verificationMethod.id,
-      proofPurpose: options.proofPurpose,
-      cryptosuite: 'eddsa-rdfc-2022',
-      type: 'DataIntegrityProof',
-      privateKey: this.verificationMethod.secretKeyMultibase,
-      documentLoader
-    });
-    return { ...credential, proof } as VerifiableCredential;
-  }
-
-  async issuePresentation(
-    presentation: Omit<VerifiablePresentation, '@context' | 'proof'>,
-    options: IssueOptions
-  ): Promise<VerifiablePresentation> {
-    const documentLoader = options.documentLoader || createDocumentLoader(this.didManager);
-    await documentLoader(this.verificationMethod.id);
-
-    if (!this.verificationMethod.secretKeyMultibase) {
-      throw new Error('Missing secretKeyMultibase for issuance');
-    }
-    const keyType = this.inferKeyType(this.verificationMethod.publicKeyMultibase);
-    if (keyType !== 'Ed25519') {
-      throw new Error('Only Ed25519 supported for eddsa-rdfc-2022');
-    }
-    const presentationWithContext = {
-      ...presentation,
-      '@context': ['https://www.w3.org/ns/credentials/v2']
-    } as Record<string, unknown>;
-
-    const proof = await DataIntegrityProofManager.createProof(
-      presentationWithContext,
-      {
-        verificationMethod: this.verificationMethod.id,
-        proofPurpose: options.proofPurpose,
-        cryptosuite: 'eddsa-rdfc-2022',
-        type: 'DataIntegrityProof',
-        privateKey: this.verificationMethod.secretKeyMultibase,
-        challenge: options.challenge,
-        domain: options.domain,
-        documentLoader
-      }
-    );
-    return {
-      ...presentation,
-      '@context': ['https://www.w3.org/ns/credentials/v2'],
-      proof
-    } as VerifiablePresentation;
-  }
-}
-

package/src/vc/Verifier.ts

@@ -1,54 +0,0 @@
-import { VerifiableCredential, VerifiablePresentation } from '../types';
-import { DIDManager } from '../did/DIDManager';
-import { createDocumentLoader } from './documentLoader';
-import { DataIntegrityProofManager } from './proofs/data-integrity';
-import type { DataIntegrityProof } from './cryptosuites/eddsa';
-
-export type VerificationResult = { verified: boolean; errors: string[] };
-
-export class Verifier {
-  constructor(private didManager: DIDManager) {}
-
-  async verifyCredential(vc: VerifiableCredential, options: { documentLoader?: (iri: string) => Promise<unknown> } = {}): Promise<VerificationResult> {
-    try {
-      if (!vc || !vc['@context'] || !vc.type) throw new Error('Invalid credential');
-      if (!vc.proof) throw new Error('Credential has no proof');
-      const loader = options.documentLoader || createDocumentLoader(this.didManager);
-      const vcContext = vc['@context'];
-      const ctxs: string[] = Array.isArray(vcContext) ? vcContext.filter((c): c is string => typeof c === 'string') : [String(vcContext)];
-      for (const c of ctxs) await loader(c);
-      const proofValue = vc.proof;
-      const proof = Array.isArray(proofValue) ? proofValue[0] : proofValue;
-      const result = await DataIntegrityProofManager.verifyProof(vc, proof as unknown as DataIntegrityProof, { documentLoader: loader });
-      return result.verified ? { verified: true, errors: [] } : { verified: false, errors: result.errors ?? ['Verification failed'] };
-    } catch (e) {
-      const error = e as Error;
-      return { verified: false, errors: [error?.message ?? 'Unknown error in verifyCredential'] };
-    }
-  }
-
-  async verifyPresentation(vp: VerifiablePresentation, options: { documentLoader?: (iri: string) => Promise<unknown> } = {}): Promise<VerificationResult> {
-    try {
-      if (!vp || !vp['@context'] || !vp.type) throw new Error('Invalid presentation');
-      if (!vp.proof) throw new Error('Presentation has no proof');
-      const loader = options.documentLoader || createDocumentLoader(this.didManager);
-      const vpContext = vp['@context'];
-      const ctxs: string[] = Array.isArray(vpContext) ? vpContext.filter((c): c is string => typeof c === 'string') : [String(vpContext)];
-      for (const c of ctxs) await loader(c);
-      if (vp.verifiableCredential) {
-        for (const c of vp.verifiableCredential) {
-          const res = await this.verifyCredential(c, { documentLoader: loader });
-          if (!res.verified) return res;
-        }
-      }
-      const proofValue = vp.proof;
-      const proof = Array.isArray(proofValue) ? proofValue[0] : proofValue;
-      const result = await DataIntegrityProofManager.verifyProof(vp, proof as unknown as DataIntegrityProof, { documentLoader: loader });
-      return result.verified ? { verified: true, errors: [] } : { verified: false, errors: result.errors ?? ['Verification failed'] };
-    } catch (e) {
-      const error = e as Error;
-      return { verified: false, errors: [error?.message ?? 'Unknown error in verifyPresentation'] };
-    }
-  }
-}
-

package/src/vc/cryptosuites/bbs.ts

@@ -1,253 +0,0 @@
-import * as cbor from 'cbor-js';
-
-/**
- * Minimal BBS utility methods ported from legacy for working with
- * Data Integrity BBS (bbs-2023) base and derived proof value encoding.
- *
- * Notes:
- * - This module focuses on serialization/parsing helpers used by callers
- *   to pack/unpack proof values. It does not perform signing or verification.
- * - All methods operate on Uint8Array inputs and return multibase strings
- *   (base64url with 'u' prefix) where applicable to match the spec.
- */
-export class BBSCryptosuiteUtils {
-  private static encodeBase64urlNoPad(bytes: Uint8Array): string {
-    const b64 = Buffer.from(bytes).toString('base64');
-    const b64url = b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
-    return 'u' + b64url;
-  }
-
-  private static decodeBase64urlNoPad(s: string): Uint8Array {
-    if (!s.startsWith('u')) throw new Error('Not a multibase base64url (u- prefixed) string');
-    const raw = s.slice(1);
-    const b64 = raw.replace(/-/g, '+').replace(/_/g, '/');
-    const pad = b64.length % 4 === 2 ? '==' : b64.length % 4 === 3 ? '=' : '';
-    return new Uint8Array(Buffer.from(b64 + pad, 'base64'));
-  }
-  private static compareBytes(a: Uint8Array, b: number[]): boolean {
-    if (a.length !== b.length) return false;
-    for (let i = 0; i < b.length; i++) {
-      if (a[i] !== b[i]) return false;
-    }
-    return true;
-  }
-
-  private static concatBytes(a: Uint8Array, b: Uint8Array): Uint8Array {
-    const out = new Uint8Array(a.length + b.length);
-    out.set(a, 0);
-    out.set(b, a.length);
-    return out;
-  }
-
-  // ===== Base proof (serialize/parse) =====
-
-  static serializeBaseProofValue(
-    bbsSignature: Uint8Array,
-    bbsHeader: Uint8Array,
-    publicKey: Uint8Array,
-    hmacKey: Uint8Array,
-    mandatoryPointers: string[],
-    featureOption: 'baseline' | 'anonymous_holder_binding' | 'pseudonym_issuer_pid' | 'pseudonym_hidden_pid',
-    pid?: Uint8Array,
-    signerBlind?: Uint8Array
-  ): string {
-    let headerBytes: Uint8Array;
-    let components: (Uint8Array | string[] | Uint8Array)[];
-
-    switch (featureOption) {
-      case 'baseline':
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x02]);
-        components = [bbsSignature, bbsHeader, publicKey, hmacKey, mandatoryPointers];
-        break;
-      case 'anonymous_holder_binding':
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x04]);
-        if (!signerBlind) throw new Error('signerBlind is required for anonymous_holder_binding');
-        components = [bbsSignature, bbsHeader, publicKey, hmacKey, mandatoryPointers, signerBlind];
-        break;
-      case 'pseudonym_issuer_pid':
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x06]);
-        if (!pid) throw new Error('pid is required for pseudonym_issuer_pid');
-        components = [bbsSignature, bbsHeader, publicKey, hmacKey, mandatoryPointers, pid];
-        break;
-      case 'pseudonym_hidden_pid':
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x08]);
-        if (!signerBlind) throw new Error('signerBlind is required for pseudonym_hidden_pid');
-        components = [bbsSignature, bbsHeader, publicKey, hmacKey, mandatoryPointers, signerBlind];
-        break;
-      default:
-        throw new Error(`Unsupported feature option: ${featureOption}`);
-    }
-
-    const encodedComponents = cbor.encode(components);
-    const proofBytes = BBSCryptosuiteUtils.concatBytes(headerBytes, new Uint8Array(encodedComponents));
-    return BBSCryptosuiteUtils.encodeBase64urlNoPad(proofBytes);
-  }
-
-  static parseBaseProofValue(proofValue: string): {
-    bbsSignature: Uint8Array;
-    bbsHeader: Uint8Array;
-    publicKey: Uint8Array;
-    hmacKey: Uint8Array;
-    mandatoryPointers: string[];
-    featureOption: 'baseline' | 'anonymous_holder_binding' | 'pseudonym_issuer_pid' | 'pseudonym_hidden_pid' | 'base_proof';
-    pid?: Uint8Array;
-    signerBlind?: Uint8Array;
-  } {
-    const decoded = BBSCryptosuiteUtils.decodeBase64urlNoPad(proofValue);
-    const header = decoded.slice(0, 3);
-    let featureOption: any;
-    if (this.compareBytes(header, [0xd9, 0x5d, 0x02])) featureOption = 'baseline';
-    else if (this.compareBytes(header, [0xd9, 0x5d, 0x04])) featureOption = 'anonymous_holder_binding';
-    else if (this.compareBytes(header, [0xd9, 0x5d, 0x06])) featureOption = 'pseudonym_issuer_pid';
-    else if (this.compareBytes(header, [0xd9, 0x5d, 0x08])) featureOption = 'pseudonym_hidden_pid';
-    else if (this.compareBytes(header, [0xd9, 0x5d, 0x03])) featureOption = 'base_proof';
-    else throw new Error('Invalid BBS base proof header');
-
-    const components: any[] = cbor.decode(decoded.slice(3).buffer) as any[];
-    const base = {
-      bbsSignature: components[0] as Uint8Array,
-      bbsHeader: components[1] as Uint8Array,
-      publicKey: components[2] as Uint8Array,
-      hmacKey: components[3] as Uint8Array,
-      mandatoryPointers: components[4] as string[],
-      featureOption
-    } as any;
-
-    if (featureOption === 'anonymous_holder_binding' || featureOption === 'pseudonym_hidden_pid') {
-      base.signerBlind = components[5] as Uint8Array;
-    }
-    if (featureOption === 'pseudonym_issuer_pid') {
-      base.pid = components[5] as Uint8Array;
-    }
-    return base;
-  }
-
-  // ===== Label map compression helpers =====
-
-  private static compressLabelMap(labelMap: { [key: string]: string }): { [key: string]: string } {
-    const map: { [key: string]: string } = {};
-    for (const [k, v] of Object.entries(labelMap)) {
-      const c14nMatch = k.match(/^c14n(\d+)$/);
-      const bMatch = v.match(/^b(\d+)$/);
-      if (!c14nMatch || !bMatch) {
-        throw new Error(`Invalid label map entry: ${k} -> ${v}`);
-      }
-      const key = parseInt(c14nMatch[1], 10);
-      const value = parseInt(bMatch[1], 10);
-      map[key] = value.toString();
-    }
-    return map;
-  }
-
-  private static decompressLabelMap(compressed: { [key: string]: string }): { [key: string]: string } {
-    const map: { [key: string]: string } = {};
-    for (const [k, v] of Object.entries(compressed)) {
-      map[`c14n${k}`] = `b${v}`;
-    }
-    return map;
-  }
-
-  // ===== Derived proof (serialize/parse) =====
-
-  static serializeDerivedProofValue(
-    bbsProof: Uint8Array,
-    labelMap: { [key: string]: string },
-    mandatoryIndexes: number[],
-    selectiveIndexes: number[],
-    presentationHeader: Uint8Array,
-    featureOption: 'baseline' | 'anonymous_holder_binding' | 'pseudonym',
-    pseudonym?: string,
-    lengthBBSMessages?: number
-  ): string {
-    const compressedLabelMap = this.compressLabelMap(labelMap);
-
-    let headerBytes: Uint8Array;
-    let components: (Uint8Array | { [key: string]: string } | number[] | number | string)[];
-
-    switch (featureOption) {
-      case 'baseline':
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x03]);
-        components = [
-          bbsProof,
-          compressedLabelMap,
-          mandatoryIndexes,
-          selectiveIndexes,
-          presentationHeader
-        ];
-        break;
-      case 'anonymous_holder_binding':
-        if (typeof lengthBBSMessages !== 'number') {
-          throw new Error('lengthBBSMessages is required for anonymous_holder_binding');
-        }
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x05]);
-        components = [
-          bbsProof,
-          compressedLabelMap,
-          mandatoryIndexes,
-          selectiveIndexes,
-          presentationHeader,
-          lengthBBSMessages
-        ];
-        break;
-      case 'pseudonym':
-        if (!pseudonym || typeof lengthBBSMessages !== 'number') {
-          throw new Error('pseudonym and lengthBBSMessages are required for pseudonym features');
-        }
-        headerBytes = new Uint8Array([0xd9, 0x5d, 0x07]);
-        components = [
-          bbsProof,
-          compressedLabelMap,
-          mandatoryIndexes,
-          selectiveIndexes,
-          presentationHeader,
-          pseudonym,
-          lengthBBSMessages
-        ];
-        break;
-      default:
-        throw new Error(`Unsupported feature option: ${featureOption}`);
-    }
-
-    const encodedComponents = cbor.encode(components);
-    const proofBytes = this.concatBytes(headerBytes, new Uint8Array(encodedComponents));
-    return this.encodeBase64urlNoPad(proofBytes);
-  }
-
-  static parseDerivedProofValue(proofValue: string): {
-    bbsProof: Uint8Array;
-    labelMap: { [key: string]: string };
-    mandatoryIndexes: number[];
-    selectiveIndexes: number[];
-    presentationHeader: Uint8Array;
-    featureOption: 'baseline' | 'anonymous_holder_binding' | 'pseudonym';
-    pseudonym?: string;
-    lengthBBSMessages?: number;
-  } {
-    const decoded = this.decodeBase64urlNoPad(proofValue);
-    const header = decoded.slice(0, 3);
-    let featureOption: 'baseline' | 'anonymous_holder_binding' | 'pseudonym';
-    if (this.compareBytes(header, [0xd9, 0x5d, 0x03])) featureOption = 'baseline';
-    else if (this.compareBytes(header, [0xd9, 0x5d, 0x05])) featureOption = 'anonymous_holder_binding';
-    else if (this.compareBytes(header, [0xd9, 0x5d, 0x07])) featureOption = 'pseudonym';
-    else throw new Error('Invalid BBS derived proof header');
-
-    const components: any[] = cbor.decode(decoded.slice(3).buffer) as any[];
-    const decompressedLabelMap = this.decompressLabelMap(components[1]);
-    const result: any = {
-      bbsProof: components[0],
-      labelMap: decompressedLabelMap,
-      mandatoryIndexes: components[2],
-      selectiveIndexes: components[3],
-      presentationHeader: components[4],
-      featureOption
-    };
-    if (featureOption === 'anonymous_holder_binding') {
-      result.lengthBBSMessages = components[5];
-    } else if (featureOption === 'pseudonym') {
-      result.pseudonym = components[5];
-      result.lengthBBSMessages = components[6];
-    }
-    return result;
-  }
-}
-

package/src/vc/cryptosuites/bbsSimple.ts

@@ -1,21 +0,0 @@
-import { sha256 } from '@noble/hashes/sha2.js';
-
-export type BbsKeyPair = {
-  publicKey: Uint8Array;
-  privateKey: Uint8Array;
-};
-
-export class BbsSimple {
-  static readonly CIPHERSUITE = 'BLS12-381-SHA-256';
-
-  static async sign(messages: Uint8Array[], keypair: BbsKeyPair, header?: Uint8Array): Promise<Uint8Array> {
-    const headerBytes = header ?? new Uint8Array(sha256(new Uint8Array(0)));
-    throw new Error('BbsSimple.sign is not implemented');
-  }
-
-  static async verify(messages: Uint8Array[], signature: Uint8Array, publicKey: Uint8Array, header?: Uint8Array): Promise<boolean> {
-    const headerBytes = header ?? new Uint8Array(sha256(new Uint8Array(0)));
-    throw new Error('BbsSimple.verify is not implemented');
-  }
-}
-

package/src/vc/cryptosuites/eddsa.ts

@@ -1,99 +0,0 @@
-import { base58 } from '@scure/base';
-import * as ed25519 from '@noble/ed25519';
-import { canonize, canonizeProof } from '../utils/jsonld';
-import { multikey } from '../../crypto/Multikey';
-import { sha256Bytes } from '../../utils/hash';
-
-export interface DataIntegrityProof {
-  type: 'DataIntegrityProof';
-  cryptosuite: string;
-  created?: string;
-  verificationMethod: string;
-  proofPurpose: string;
-  proofValue: string;
-  id?: string;
-  previousProof?: string | string[];
-}
-
-export interface VerificationResult {
-  verified: boolean;
-  errors?: string[];
-}
-
-export class EdDSACryptosuiteManager {
-
-  static async createProof(document: any, options: any): Promise<DataIntegrityProof> {
-    const proofConfig = await this.createProofConfiguration(options);
-    const transformedData = await this.transform(document, options);
-    const hashData = await this.hash(transformedData, proofConfig, options);
-    let privateKey: Uint8Array;
-    if (typeof options.privateKey === 'string') {
-      const dec = multikey.decodePrivateKey(options.privateKey);
-      if (dec.type !== 'Ed25519') throw new Error('Invalid key type for EdDSA');
-      privateKey = dec.key;
-    } else if (options.privateKey instanceof Uint8Array) {
-      privateKey = options.privateKey;
-    } else {
-      throw new Error('Invalid private key format');
-    }
-    const proofValueBytes = await this.sign({ data: hashData, privateKey });
-    delete (proofConfig as any)['@context'];
-    return { ...proofConfig, proofValue: base58.encode(proofValueBytes) } as DataIntegrityProof;
-  }
-
-  static async verifyProof(document: any, proof: DataIntegrityProof, options: any): Promise<VerificationResult> {
-    try {
-      const documentToVerify = { ...document };
-      delete (documentToVerify as any).proof;
-      const transformedData = await this.transform(documentToVerify, options);
-      const hashData = await this.hash(transformedData, { '@context': document['@context'], ...proof }, options);
-      const vmDoc = await options.documentLoader(proof.verificationMethod);
-      const pk = vmDoc.document.publicKeyMultibase as string;
-      const dec = multikey.decodePublicKey(pk);
-      if (dec.type !== 'Ed25519') throw new Error('Invalid key type for EdDSA');
-      const signature = base58.decode(proof.proofValue);
-      const verified = await this.verify({ data: hashData, signature, publicKey: dec.key });
-      return verified ? { verified: true } : { verified: false, errors: ['Proof verification failed'] };
-    } catch (e: any) {
-      return { verified: false, errors: [e?.message ?? 'Unknown verification error'] };
-    }
-  }
-
-  private static async createProofConfiguration(options: any): Promise<any> {
-    return {
-      '@context': 'https://w3id.org/security/data-integrity/v2',
-      type: 'DataIntegrityProof',
-      cryptosuite: 'eddsa-rdfc-2022',
-      created: new Date().toISOString(),
-      verificationMethod: options.verificationMethod,
-      proofPurpose: options.proofPurpose || 'assertionMethod',
-      ...(options.challenge && { challenge: options.challenge }),
-      ...(options.domain && { domain: options.domain })
-    };
-  }
-
-  private static async transform(document: any, options: any): Promise<string> {
-    return await canonize(document, { documentLoader: options.documentLoader });
-  }
-
-  private static async hash(transformedData: string, proofConfig: any, options: any): Promise<Uint8Array> {
-    const canonicalProofConfig = await canonizeProof(proofConfig, { documentLoader: options.documentLoader });
-    const proofConfigHash = await sha256Bytes(canonicalProofConfig);
-    const documentHash = await sha256Bytes(transformedData);
-    return new Uint8Array([...proofConfigHash, ...documentHash]);
-  }
-
-  static async sign({ data, privateKey }: { data: Uint8Array; privateKey: Uint8Array }): Promise<Uint8Array> {
-    if (privateKey.length !== 32) {
-      if (privateKey.length === 64) privateKey = privateKey.slice(32);
-      else throw new Error('Invalid private key length');
-    }
-    const signature = await ed25519.signAsync(Buffer.from(data).toString('hex'), Buffer.from(privateKey).toString('hex'));
-    return signature;
-  }
-
-  static async verify({ data, signature, publicKey }: { data: Uint8Array; signature: Uint8Array; publicKey: Uint8Array }): Promise<boolean> {
-    return await ed25519.verifyAsync(Buffer.from(signature).toString('hex'), Buffer.from(data).toString('hex'), Buffer.from(publicKey).toString('hex'));
-  }
-}
-

package/src/vc/documentLoader.ts

@@ -1,81 +0,0 @@
-import { DIDManager } from '../did/DIDManager';
-
-type LoadedDocument = { document: unknown; documentUrl: string; contextUrl: string | null };
-
-interface ContextDocument {
-  '@context': {
-    '@version': number;
-  };
-}
-
-const CONTEXTS: Record<string, ContextDocument> = {
-  // Provide 1.1-compatible stubs for jsonld canonize
-  'https://www.w3.org/ns/credentials/v2': { '@context': { '@version': 1.1 } },
-  'https://w3id.org/security/data-integrity/v2': { '@context': { '@version': 1.1 } }
-};
-
-export class DocumentLoader {
-  constructor(private didManager: DIDManager) {}
-
-  async load(iri: string): Promise<LoadedDocument> {
-    if (iri.startsWith('did:')) {
-      return this.resolveDID(iri);
-    }
-    const doc = CONTEXTS[iri];
-    if (doc) {
-      return { document: doc, documentUrl: iri, contextUrl: null };
-    }
-    throw new Error(`Document not found: ${iri}`);
-  }
-
-  private async resolveDID(didUrl: string): Promise<LoadedDocument> {
-    const [did, fragment] = didUrl.split('#');
-    const didDoc = await this.didManager.resolveDID(did);
-    if (!didDoc) {
-      throw new Error(`DID not resolved: ${did}`);
-    }
-
-    interface DIDDocWithContext {
-      '@context'?: unknown;
-      verificationMethod?: Array<{ id?: string }>;
-    }
-
-    const didDocTyped = didDoc as DIDDocWithContext;
-
-    if (fragment) {
-      // If a VM was registered explicitly, prefer it
-      const cached = verificationMethodRegistry.get(didUrl);
-      if (cached) {
-        return {
-          document: { '@context': didDocTyped['@context'], ...cached },
-          documentUrl: didUrl,
-          contextUrl: null
-        };
-      }
-      const vms = didDocTyped.verificationMethod;
-      const vm = vms?.find((m) => m.id === didUrl);
-      if (vm) {
-        return {
-          document: { '@context': didDocTyped['@context'], ...vm },
-          documentUrl: didUrl,
-          contextUrl: null
-        };
-      }
-      return {
-        document: { '@context': didDocTyped['@context'], id: didUrl },
-        documentUrl: didUrl,
-        contextUrl: null
-      };
-    }
-    return { document: didDoc, documentUrl: didUrl, contextUrl: null };
-  }
-}
-
-export const createDocumentLoader = (didManager: DIDManager) =>
-  (iri: string) => new DocumentLoader(didManager).load(iri);
-
-export const verificationMethodRegistry: Map<string, Record<string, unknown>> = new Map();
-export function registerVerificationMethod(vm: Record<string, unknown> & { id?: string }): void {
-  if (vm?.id) verificationMethodRegistry.set(vm.id, vm);
-}
-

package/src/vc/proofs/data-integrity.ts

@@ -1,33 +0,0 @@
-import { EdDSACryptosuiteManager, type DataIntegrityProof } from '../cryptosuites/eddsa';
-
-export interface VerificationResult { verified: boolean; errors?: string[] }
-
-export interface ProofOptions {
-  verificationMethod: string;
-  proofPurpose: string;
-  privateKey?: Uint8Array | string;
-  type: 'DataIntegrityProof';
-  created?: string;
-  cryptosuite: string;
-  documentLoader?: (url: string) => Promise<any>;
-  previousProof?: string | string[];
-  challenge?: string;
-  domain?: string;
-}
-
-export class DataIntegrityProofManager {
-  static async createProof(document: any, options: ProofOptions): Promise<DataIntegrityProof> {
-    if (options.cryptosuite !== 'eddsa-rdfc-2022') {
-      throw new Error(`Unsupported cryptosuite: ${options.cryptosuite}`);
-    }
-    return await EdDSACryptosuiteManager.createProof(document, options);
-  }
-
-  static async verifyProof(document: any, proof: DataIntegrityProof, options: any): Promise<VerificationResult> {
-    if (proof.cryptosuite !== 'eddsa-rdfc-2022') {
-      return { verified: false, errors: [`Unsupported cryptosuite: ${proof.cryptosuite}`] };
-    }
-    return await EdDSACryptosuiteManager.verifyProof(document, proof, options);
-  }
-}
-

package/src/vc/utils/jsonld.ts

@@ -1,18 +0,0 @@
-import jsonld from 'jsonld';
-
-export async function canonize(input: any, { documentLoader }: any): Promise<string> {
-  return await jsonld.canonize(input, {
-    algorithm: 'URDNA2015',
-    format: 'application/n-quads',
-    documentLoader,
-    safe: false,
-    useNative: false,
-    rdfDirection: 'i18n-datatype'
-  } as any);
-}
-
-export async function canonizeProof(proof: any, { documentLoader }: any): Promise<string> {
-  const { jws, signatureValue, proofValue, ...rest } = proof;
-  return await canonize(rest, { documentLoader });
-}
-