@sphereon/ssi-sdk-ext.identifier-resolution 0.25.1-feature.SDK.41.oidf.support.13 → 0.25.1-feature.SDK.41.oidf.support.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/functions/externalOIDFIdentifier.d.ts.map +1 -1
  2. package/dist/functions/externalOIDFIdentifier.js +21 -27
  3. package/dist/functions/externalOIDFIdentifier.js.map +1 -1
  4. package/package.json +9 -9
  5. package/src/functions/externalOIDFIdentifier.ts +28 -30
package/dist/functions/externalOIDFIdentifier.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"externalOIDFIdentifier.d.ts","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,kCAAkC,EAClC,oCAAoC,EAGrC,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAK3D;;;;;;;;;;;;;GAaG;AACH,wBAAsB,qCAAqC,CACzD,IAAI,EAAE,kCAAkC,EACxC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,GAClC,OAAO,CAAC,oCAAoC,CAAC,CAgE/C"}
1
+ {"version":3,"file":"externalOIDFIdentifier.d.ts","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,kCAAkC,EAClC,oCAAoC,EAIrC,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAI3D;;;;;;;;;;;;;GAaG;AACH,wBAAsB,qCAAqC,CACzD,IAAI,EAAE,kCAAkC,EACxC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,GAClC,OAAO,CAAC,oCAAoC,CAAC,CA8D/C"}
package/dist/functions/externalOIDFIdentifier.js CHANGED
@@ -48,34 +48,28 @@ function resolveExternalOIDFEntityIdIdentifier(opts, context) {
48
48
  }
49
49
  else {
50
50
  const trustChain = resolveResult.trustChain.asJsReadonlyArrayView();
51
- let authorityJWK = undefined;
52
- for (const [i, jwt] of [...trustChain].reverse().entries()) {
53
- const isLast = i === trustChain.length - 1;
54
- const verifyArgs = { jws: jwt };
55
- if (authorityJWK && !isLast) {
56
- verifyArgs.jwk = authorityJWK;
57
- }
58
- const jwtVerifyResult = yield context.agent.jwtVerifyJwsSignature(verifyArgs);
59
- if (jwtVerifyResult.error || jwtVerifyResult.critical) {
60
- errorList[trustAnchor] = jwtVerifyResult.message;
61
- break;
62
- }
63
- if (jwtVerifyResult.jws.signatures.length === 0) {
64
- errorList[trustAnchor] = 'No signature was present in the trust anchor JWS';
65
- break;
66
- }
67
- const signature = jwtVerifyResult.jws.signatures[0];
68
- if (signature.identifier.jwks.length === 0) {
69
- errorList[trustAnchor] = 'No JWK was present in the trust anchor signature';
70
- break;
71
- }
72
- const jwkInfo = signature.identifier.jwks[0];
73
- if (!authorityJWK) {
74
- authorityJWK = jwkInfo.jwk;
75
- jwkInfos.push(jwkInfo);
76
- trustedAnchors[trustAnchor] = signature.publicKeyHex; // When we have multiple hits from different trust anchor authorities the caller can infer which signature came from which trust anchor
77
- }
51
+ if (trustChain.length === 0) {
52
+ errorList[trustAnchor] = 'Trust chain is empty';
53
+ continue;
78
54
  }
55
+ const jwt = trustChain[trustChain.length - 1];
56
+ const jwtVerifyResult = yield context.agent.jwtVerifyJwsSignature({ jws: jwt });
57
+ if (jwtVerifyResult.error || jwtVerifyResult.critical) {
58
+ errorList[trustAnchor] = jwtVerifyResult.message;
59
+ continue;
60
+ }
61
+ if (jwtVerifyResult.jws.signatures.length === 0) {
62
+ errorList[trustAnchor] = 'No signature was present in the trust anchor JWS';
63
+ continue;
64
+ }
65
+ const signature = jwtVerifyResult.jws.signatures[0];
66
+ if (signature.identifier.jwks.length === 0) {
67
+ errorList[trustAnchor] = 'No JWK was present in the trust anchor signature';
68
+ continue;
69
+ }
70
+ const jwkInfo = signature.identifier.jwks[0];
71
+ jwkInfos.push(jwkInfo);
72
+ trustedAnchors[trustAnchor] = signature.publicKeyHex;
79
73
  }
80
74
  }
81
75
  return Object.assign(Object.assign({ method: 'entity_id', trustedAnchors }, (Object.keys(errorList).length > 0 && { errorList })), { jwks: jwkInfos, trustEstablished: Object.keys(trustedAnchors).length > 0 });
package/dist/functions/externalOIDFIdentifier.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"externalOIDFIdentifier.js","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":";;;;;;;;;;;AA2BA,sFAmEC;AArFD,yEAAiE;AAIjE;;;;;;;;;;;;;GAaG;AACH,SAAsB,qCAAqC,CACzD,IAAwC,EACxC,OAAmC;;;QAEnC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEvC,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC,CAAA;QAChG,CAAC;QAED,IAAI,CAAC,IAAA,uCAAgB,EAAC,OAAO,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACxD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kFAAkF,CAAC,CAAC,CAAA;QAClH,CAAC;QAED,MAAM,cAAc,GAAwC,EAAE,CAAA;QAC9D,MAAM,SAAS,GAAwC,EAAE,CAAA;QACzD,MAAM,QAAQ,GAA2B,EAAE,CAAA;QAE3C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC;gBAC1D,gBAAgB,EAAE,UAAU;gBAC5B,YAAY,EAAE,CAAC,WAAW,CAAC;aAC5B,CAAC,CAAA;YAEF,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;gBACrD,SAAS,CAAC,WAAW,CAAC,GAAG,MAAA,aAAa,CAAC,YAAY,mCAAI,aAAa,CAAA;YACtE,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAA0B,aAAa,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAA;gBAC1F,IAAI,YAAY,GAAmB,SAAS,CAAA;gBAC5C,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC3D,MAAM,MAAM,GAAG,CAAC,KAAK,UAAU,CAAC,MAAM,GAAG,CAAC,CAAA;oBAE1C,MAAM,UAAU,GAAiB,EAAC,GAAG,EAAE,GAAG,EAAC,CAAA;oBAC3C,IAAG,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;wBAC3B,UAAU,CAAC,GAAG,GAAG,YAAY,CAAA;oBAC/B,CAAC;oBACD,MAAM,eAAe,GAAwB,MAAM,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAA;oBAClG,IAAG,eAAe,CAAC,KAAK,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;wBACrD,SAAS,CAAC,WAAW,CAAC,GAAG,eAAe,CAAC,OAAO,CAAA;wBAChD,MAAK;oBACP,CAAC;oBACD,IAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC/C,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;wBAC3E,MAAK;oBACP,CAAC;oBACD,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;oBACnD,IAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC1C,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;wBAC3E,MAAK;oBACP,CAAC;oBACD,MAAM,OAAO,GAAmB,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBAC5D,IAAG,CAAC,YAAY,EAAE,CAAC;wBACjB,YAAY,GAAG,OAAO,CAAC,GAAG,CAAA;wBAC1B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;wBACtB,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,YAAY,CAAA,CAAC,yIAAyI;oBAChM,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,qCACE,MAAM,EAAE,WAAW,EACnB,cAAc,IACX,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,KACvD,IAAI,EAAE,QAAQ,EACd,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,IACzD;IACH,CAAC;CAAA"}
1
+ {"version":3,"file":"externalOIDFIdentifier.js","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":";;;;;;;;;;;AA2BA,sFAiEC;AAlFD,yEAAiE;AAGjE;;;;;;;;;;;;;GAaG;AACH,SAAsB,qCAAqC,CACzD,IAAwC,EACxC,OAAmC;;;QAEnC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEvC,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC,CAAA;QAChG,CAAC;QAED,IAAI,CAAC,IAAA,uCAAgB,EAAC,OAAO,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACxD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kFAAkF,CAAC,CAAC,CAAA;QAClH,CAAC;QAED,MAAM,cAAc,GAAwC,EAAE,CAAA;QAC9D,MAAM,SAAS,GAAwC,EAAE,CAAA;QACzD,MAAM,QAAQ,GAA2B,EAAE,CAAA;QAE3C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC;gBAC1D,gBAAgB,EAAE,UAAU;gBAC5B,YAAY,EAAE,CAAC,WAAW,CAAC;aAC5B,CAAC,CAAA;YAEF,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;gBACrD,SAAS,CAAC,WAAW,CAAC,GAAG,MAAA,aAAa,CAAC,YAAY,mCAAI,aAAa,CAAA;YACtE,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAA0B,aAAa,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAA;gBAC1F,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC5B,SAAS,CAAC,WAAW,CAAC,GAAG,sBAAsB,CAAA;oBAC/C,SAAQ;gBACV,CAAC;gBAED,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;gBAC7C,MAAM,eAAe,GAAyB,MAAM,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;gBAErG,IAAI,eAAe,CAAC,KAAK,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;oBACtD,SAAS,CAAC,WAAW,CAAC,GAAG,eAAe,CAAC,OAAO,CAAA;oBAChD,SAAQ;gBACV,CAAC;gBAED,IAAI,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAChD,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;oBAC3E,SAAQ;gBACV,CAAC;gBAED,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBACnD,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC3C,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;oBAC3E,SAAQ;gBACV,CAAC;gBAED,MAAM,OAAO,GAAoB,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBAC7D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACtB,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,YAAY,CAAA;YACtD,CAAC;QACH,CAAC;QAED,qCACE,MAAM,EAAE,WAAW,EACnB,cAAc,IACX,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,KACvD,IAAI,EAAE,QAAQ,EACd,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,IACzD;IACH,CAAC;CAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.identifier-resolution",
3
- "version": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
3
+ "version": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
4
4
  "source": "src/index.ts",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -15,9 +15,9 @@
15
15
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
16
16
  },
17
17
  "dependencies": {
18
- "@sphereon/ssi-sdk-ext.did-utils": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
19
- "@sphereon/ssi-sdk-ext.key-utils": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
20
- "@sphereon/ssi-sdk-ext.x509-utils": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
18
+ "@sphereon/ssi-sdk-ext.did-utils": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
19
+ "@sphereon/ssi-sdk-ext.key-utils": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
20
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
21
21
  "@sphereon/ssi-sdk.agent-config": "0.30.2-feature.SDK.41.oidf.support.286",
22
22
  "@sphereon/ssi-sdk.oidf-client": " 0.30.2-feature.SDK.41.oidf.support.286",
23
23
  "@sphereon/ssi-types": "0.30.2-feature.SDK.41.oidf.support.286",
@@ -28,10 +28,10 @@
28
28
  "uint8arrays": "^3.1.1"
29
29
  },
30
30
  "devDependencies": {
31
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
32
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
33
- "@sphereon/ssi-sdk-ext.key-manager": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
34
- "@sphereon/ssi-sdk-ext.kms-local": "0.25.1-feature.SDK.41.oidf.support.13+516a35a",
31
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
32
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
33
+ "@sphereon/ssi-sdk-ext.key-manager": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
34
+ "@sphereon/ssi-sdk-ext.kms-local": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
35
35
  "@sphereon/ssi-sdk.dev": "0.30.2-feature.SDK.41.oidf.support.286",
36
36
  "@veramo/data-store": "4.2.0",
37
37
  "@veramo/did-manager": "4.2.0",
@@ -65,5 +65,5 @@
65
65
  "X.509 Certificates",
66
66
  "ARF"
67
67
  ],
68
- "gitHead": "516a35aea08f722ad70da4f6e970fa9e7d920cba"
68
+ "gitHead": "29c81731f66362cc843430f4d138d08cf0fd8e9a"
69
69
  }
package/src/functions/externalOIDFIdentifier.ts CHANGED
@@ -1,15 +1,15 @@
1
1
  import {
2
2
  ErrorMessage,
3
3
  ExternalIdentifierOIDFEntityIdOpts,
4
- ExternalIdentifierOIDFEntityIdResult, ExternalJwkInfo,
4
+ ExternalIdentifierOIDFEntityIdResult,
5
+ ExternalJwkInfo,
5
6
  PublicKeyHex,
6
7
  TrustedAnchor,
7
8
  } from '../types'
8
9
  import { IAgentContext } from '@veramo/core'
9
10
  import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
10
11
  import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
11
- import { JWK } from '@sphereon/ssi-types'
12
- import { IJwsValidationResult, VerifyJwsArgs } from '../types/IJwtService'
12
+ import { IJwsValidationResult } from '../types/IJwtService'
13
13
 
14
14
  /**
15
15
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
@@ -53,35 +53,33 @@ export async function resolveExternalOIDFEntityIdIdentifier(
53
53
  errorList[trustAnchor] = resolveResult.errorMessage ?? 'unspecified'
54
54
  } else {
55
55
  const trustChain: ReadonlyArray<string> = resolveResult.trustChain.asJsReadonlyArrayView()
56
- let authorityJWK:JWK | undefined = undefined
57
- for (const [i, jwt] of [...trustChain].reverse().entries()) {
58
- const isLast = i === trustChain.length - 1
56
+ if (trustChain.length === 0) {
57
+ errorList[trustAnchor] = 'Trust chain is empty'
58
+ continue
59
+ }
60
+
61
+ const jwt = trustChain[trustChain.length - 1]
62
+ const jwtVerifyResult: IJwsValidationResult = await context.agent.jwtVerifyJwsSignature({ jws: jwt })
63
+
64
+ if (jwtVerifyResult.error || jwtVerifyResult.critical) {
65
+ errorList[trustAnchor] = jwtVerifyResult.message
66
+ continue
67
+ }
59
68
 
60
- const verifyArgs:VerifyJwsArgs = {jws: jwt}
61
- if(authorityJWK && !isLast) {
62
- verifyArgs.jwk = authorityJWK
63
- }
64
- const jwtVerifyResult:IJwsValidationResult = await context.agent.jwtVerifyJwsSignature(verifyArgs)
65
- if(jwtVerifyResult.error || jwtVerifyResult.critical) {
66
- errorList[trustAnchor] = jwtVerifyResult.message
67
- break
68
- }
69
- if(jwtVerifyResult.jws.signatures.length === 0) {
70
- errorList[trustAnchor] = 'No signature was present in the trust anchor JWS'
71
- break
72
- }
73
- const signature = jwtVerifyResult.jws.signatures[0]
74
- if(signature.identifier.jwks.length === 0) {
75
- errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
76
- break
77
- }
78
- const jwkInfo:ExternalJwkInfo = signature.identifier.jwks[0]
79
- if(!authorityJWK) {
80
- authorityJWK = jwkInfo.jwk
81
- jwkInfos.push(jwkInfo)
82
- trustedAnchors[trustAnchor] = signature.publicKeyHex // When we have multiple hits from different trust anchor authorities the caller can infer which signature came from which trust anchor
83
- }
69
+ if (jwtVerifyResult.jws.signatures.length === 0) {
70
+ errorList[trustAnchor] = 'No signature was present in the trust anchor JWS'
71
+ continue
84
72
  }
73
+
74
+ const signature = jwtVerifyResult.jws.signatures[0]
75
+ if (signature.identifier.jwks.length === 0) {
76
+ errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
77
+ continue
78
+ }
79
+
80
+ const jwkInfo: ExternalJwkInfo = signature.identifier.jwks[0]
81
+ jwkInfos.push(jwkInfo)
82
+ trustedAnchors[trustAnchor] = signature.publicKeyHex
85
83
  }
86
84
  }
87
85