@sphereon/ssi-sdk-ext.identifier-resolution 0.25.1-feature.SDK.41.oidf.support.14 → 0.25.1-feature.SDK.41.oidf.support.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/functions/externalOIDFIdentifier.d.ts.map +1 -1
  2. package/dist/functions/externalOIDFIdentifier.js +21 -28
  3. package/dist/functions/externalOIDFIdentifier.js.map +1 -1
  4. package/package.json +9 -9
  5. package/src/functions/externalOIDFIdentifier.ts +28 -32
package/dist/functions/externalOIDFIdentifier.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"externalOIDFIdentifier.d.ts","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,kCAAkC,EAClC,oCAAoC,EAGrC,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAK3D;;;;;;;;;;;;;GAaG;AACH,wBAAsB,qCAAqC,CACzD,IAAI,EAAE,kCAAkC,EACxC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,GAClC,OAAO,CAAC,oCAAoC,CAAC,CAkE/C"}
1
+ {"version":3,"file":"externalOIDFIdentifier.d.ts","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,kCAAkC,EAClC,oCAAoC,EAIrC,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAA;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAI3D;;;;;;;;;;;;;GAaG;AACH,wBAAsB,qCAAqC,CACzD,IAAI,EAAE,kCAAkC,EACxC,OAAO,EAAE,aAAa,CAAC,WAAW,CAAC,GAClC,OAAO,CAAC,oCAAoC,CAAC,CA8D/C"}
package/dist/functions/externalOIDFIdentifier.js CHANGED
@@ -48,35 +48,28 @@ function resolveExternalOIDFEntityIdIdentifier(opts, context) {
48
48
  }
49
49
  else {
50
50
  const trustChain = resolveResult.trustChain.asJsReadonlyArrayView();
51
- let authorityJWK = undefined;
52
- for (const [i, jwt] of [...trustChain].reverse().entries()) {
53
- const isLast = i === trustChain.length - 1;
54
- const verifyArgs = { jws: jwt };
55
- if (authorityJWK && !isLast) {
56
- verifyArgs.jwk = authorityJWK;
57
- }
58
- // FIXME remove jwtVerifyJwsSignature as the Kotlin client already did this
59
- const jwtVerifyResult = yield context.agent.jwtVerifyJwsSignature(verifyArgs);
60
- if (jwtVerifyResult.error || jwtVerifyResult.critical) {
61
- errorList[trustAnchor] = jwtVerifyResult.message;
62
- break;
63
- }
64
- if (jwtVerifyResult.jws.signatures.length === 0) {
65
- errorList[trustAnchor] = 'No signature was present in the trust anchor JWS';
66
- break;
67
- }
68
- const signature = jwtVerifyResult.jws.signatures[0];
69
- if (signature.identifier.jwks.length === 0) {
70
- errorList[trustAnchor] = 'No JWK was present in the trust anchor signature';
71
- break;
72
- }
73
- const jwkInfo = signature.identifier.jwks[0];
74
- if (!authorityJWK) {
75
- authorityJWK = jwkInfo.jwk;
76
- jwkInfos.push(jwkInfo);
77
- trustedAnchors[trustAnchor] = signature.publicKeyHex; // When we have multiple hits from different trust anchor authorities the caller can infer which signature came from which trust anchor
78
- }
51
+ if (trustChain.length === 0) {
52
+ errorList[trustAnchor] = 'Trust chain is empty';
53
+ continue;
79
54
  }
55
+ const jwt = trustChain[trustChain.length - 1];
56
+ const jwtVerifyResult = yield context.agent.jwtVerifyJwsSignature({ jws: jwt });
57
+ if (jwtVerifyResult.error || jwtVerifyResult.critical) {
58
+ errorList[trustAnchor] = jwtVerifyResult.message;
59
+ continue;
60
+ }
61
+ if (jwtVerifyResult.jws.signatures.length === 0) {
62
+ errorList[trustAnchor] = 'No signature was present in the trust anchor JWS';
63
+ continue;
64
+ }
65
+ const signature = jwtVerifyResult.jws.signatures[0];
66
+ if (signature.identifier.jwks.length === 0) {
67
+ errorList[trustAnchor] = 'No JWK was present in the trust anchor signature';
68
+ continue;
69
+ }
70
+ const jwkInfo = signature.identifier.jwks[0];
71
+ jwkInfos.push(jwkInfo);
72
+ trustedAnchors[trustAnchor] = signature.publicKeyHex;
80
73
  }
81
74
  }
82
75
  return Object.assign(Object.assign({ method: 'entity_id', trustedAnchors }, (Object.keys(errorList).length > 0 && { errorList })), { jwks: jwkInfos, trustEstablished: Object.keys(trustedAnchors).length > 0 });
package/dist/functions/externalOIDFIdentifier.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"externalOIDFIdentifier.js","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":";;;;;;;;;;;AA2BA,sFAqEC;AAvFD,yEAAiE;AAIjE;;;;;;;;;;;;;GAaG;AACH,SAAsB,qCAAqC,CACzD,IAAwC,EACxC,OAAmC;;;QAEnC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEvC,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC,CAAA;QAChG,CAAC;QAED,IAAI,CAAC,IAAA,uCAAgB,EAAC,OAAO,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACxD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kFAAkF,CAAC,CAAC,CAAA;QAClH,CAAC;QAED,MAAM,cAAc,GAAwC,EAAE,CAAA;QAC9D,MAAM,SAAS,GAAwC,EAAE,CAAA;QACzD,MAAM,QAAQ,GAA2B,EAAE,CAAA;QAE3C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC;gBAC1D,gBAAgB,EAAE,UAAU;gBAC5B,YAAY,EAAE,CAAC,WAAW,CAAC;aAC5B,CAAC,CAAA;YAEF,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;gBACrD,SAAS,CAAC,WAAW,CAAC,GAAG,MAAA,aAAa,CAAC,YAAY,mCAAI,aAAa,CAAA;YACtE,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAA0B,aAAa,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAA;gBAC1F,IAAI,YAAY,GAAmB,SAAS,CAAA;gBAC5C,KAAK,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC;oBAC3D,MAAM,MAAM,GAAG,CAAC,KAAK,UAAU,CAAC,MAAM,GAAG,CAAC,CAAA;oBAE1C,MAAM,UAAU,GAAiB,EAAC,GAAG,EAAE,GAAG,EAAC,CAAA;oBAC3C,IAAG,YAAY,IAAI,CAAC,MAAM,EAAE,CAAC;wBAC3B,UAAU,CAAC,GAAG,GAAG,YAAY,CAAA;oBAC/B,CAAC;oBAED,2EAA2E;oBAC3E,MAAM,eAAe,GAAwB,MAAM,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAA;oBAClG,IAAG,eAAe,CAAC,KAAK,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;wBACrD,SAAS,CAAC,WAAW,CAAC,GAAG,eAAe,CAAC,OAAO,CAAA;wBAChD,MAAK;oBACP,CAAC;oBACD,IAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC/C,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;wBAC3E,MAAK;oBACP,CAAC;oBACD,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;oBACnD,IAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;wBAC1C,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;wBAC3E,MAAK;oBACP,CAAC;oBACD,MAAM,OAAO,GAAmB,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;oBAC5D,IAAG,CAAC,YAAY,EAAE,CAAC;wBACjB,YAAY,GAAG,OAAO,CAAC,GAAG,CAAA;wBAC1B,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;wBACtB,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,YAAY,CAAA,CAAC,yIAAyI;oBAChM,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,qCACE,MAAM,EAAE,WAAW,EACnB,cAAc,IACX,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,KACvD,IAAI,EAAE,QAAQ,EACd,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,IACzD;IACH,CAAC;CAAA"}
1
+ {"version":3,"file":"externalOIDFIdentifier.js","sourceRoot":"","sources":["../../src/functions/externalOIDFIdentifier.ts"],"names":[],"mappings":";;;;;;;;;;;AA2BA,sFAiEC;AAlFD,yEAAiE;AAGjE;;;;;;;;;;;;;GAaG;AACH,SAAsB,qCAAqC,CACzD,IAAwC,EACxC,OAAmC;;;QAEnC,IAAI,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;QAEvC,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC,CAAA;QAChG,CAAC;QAED,IAAI,CAAC,IAAA,uCAAgB,EAAC,OAAO,EAAE,uBAAuB,CAAC,EAAE,CAAC;YACxD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kFAAkF,CAAC,CAAC,CAAA;QAClH,CAAC;QAED,MAAM,cAAc,GAAwC,EAAE,CAAA;QAC9D,MAAM,SAAS,GAAwC,EAAE,CAAA;QACzD,MAAM,QAAQ,GAA2B,EAAE,CAAA;QAE3C,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAC;gBAC1D,gBAAgB,EAAE,UAAU;gBAC5B,YAAY,EAAE,CAAC,WAAW,CAAC;aAC5B,CAAC,CAAA;YAEF,IAAI,aAAa,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,CAAC;gBACrD,SAAS,CAAC,WAAW,CAAC,GAAG,MAAA,aAAa,CAAC,YAAY,mCAAI,aAAa,CAAA;YACtE,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAA0B,aAAa,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAA;gBAC1F,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC5B,SAAS,CAAC,WAAW,CAAC,GAAG,sBAAsB,CAAA;oBAC/C,SAAQ;gBACV,CAAC;gBAED,MAAM,GAAG,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;gBAC7C,MAAM,eAAe,GAAyB,MAAM,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;gBAErG,IAAI,eAAe,CAAC,KAAK,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;oBACtD,SAAS,CAAC,WAAW,CAAC,GAAG,eAAe,CAAC,OAAO,CAAA;oBAChD,SAAQ;gBACV,CAAC;gBAED,IAAI,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAChD,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;oBAC3E,SAAQ;gBACV,CAAC;gBAED,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBACnD,IAAI,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC3C,SAAS,CAAC,WAAW,CAAC,GAAG,kDAAkD,CAAA;oBAC3E,SAAQ;gBACV,CAAC;gBAED,MAAM,OAAO,GAAoB,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gBAC7D,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBACtB,cAAc,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC,YAAY,CAAA;YACtD,CAAC;QACH,CAAC;QAED,qCACE,MAAM,EAAE,WAAW,EACnB,cAAc,IACX,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,KACvD,IAAI,EAAE,QAAQ,EACd,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,MAAM,GAAG,CAAC,IACzD;IACH,CAAC;CAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.identifier-resolution",
3
- "version": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
3
+ "version": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
4
4
  "source": "src/index.ts",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -15,9 +15,9 @@
15
15
  "generate-plugin-schema": "sphereon dev generate-plugin-schema"
16
16
  },
17
17
  "dependencies": {
18
- "@sphereon/ssi-sdk-ext.did-utils": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
19
- "@sphereon/ssi-sdk-ext.key-utils": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
20
- "@sphereon/ssi-sdk-ext.x509-utils": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
18
+ "@sphereon/ssi-sdk-ext.did-utils": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
19
+ "@sphereon/ssi-sdk-ext.key-utils": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
20
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
21
21
  "@sphereon/ssi-sdk.agent-config": "0.30.2-feature.SDK.41.oidf.support.286",
22
22
  "@sphereon/ssi-sdk.oidf-client": " 0.30.2-feature.SDK.41.oidf.support.286",
23
23
  "@sphereon/ssi-types": "0.30.2-feature.SDK.41.oidf.support.286",
@@ -28,10 +28,10 @@
28
28
  "uint8arrays": "^3.1.1"
29
29
  },
30
30
  "devDependencies": {
31
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
32
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
33
- "@sphereon/ssi-sdk-ext.key-manager": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
34
- "@sphereon/ssi-sdk-ext.kms-local": "0.25.1-feature.SDK.41.oidf.support.14+00e06af",
31
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
32
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
33
+ "@sphereon/ssi-sdk-ext.key-manager": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
34
+ "@sphereon/ssi-sdk-ext.kms-local": "0.25.1-feature.SDK.41.oidf.support.15+29c8173",
35
35
  "@sphereon/ssi-sdk.dev": "0.30.2-feature.SDK.41.oidf.support.286",
36
36
  "@veramo/data-store": "4.2.0",
37
37
  "@veramo/did-manager": "4.2.0",
@@ -65,5 +65,5 @@
65
65
  "X.509 Certificates",
66
66
  "ARF"
67
67
  ],
68
- "gitHead": "00e06af72f2687b7f784e4e1eded9377af93339d"
68
+ "gitHead": "29c81731f66362cc843430f4d138d08cf0fd8e9a"
69
69
  }
package/src/functions/externalOIDFIdentifier.ts CHANGED
@@ -1,15 +1,15 @@
1
1
  import {
2
2
  ErrorMessage,
3
3
  ExternalIdentifierOIDFEntityIdOpts,
4
- ExternalIdentifierOIDFEntityIdResult, ExternalJwkInfo,
4
+ ExternalIdentifierOIDFEntityIdResult,
5
+ ExternalJwkInfo,
5
6
  PublicKeyHex,
6
7
  TrustedAnchor,
7
8
  } from '../types'
8
9
  import { IAgentContext } from '@veramo/core'
9
10
  import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
10
11
  import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
11
- import { JWK } from '@sphereon/ssi-types'
12
- import { IJwsValidationResult, VerifyJwsArgs } from '../types/IJwtService'
12
+ import { IJwsValidationResult } from '../types/IJwtService'
13
13
 
14
14
  /**
15
15
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
@@ -53,37 +53,33 @@ export async function resolveExternalOIDFEntityIdIdentifier(
53
53
  errorList[trustAnchor] = resolveResult.errorMessage ?? 'unspecified'
54
54
  } else {
55
55
  const trustChain: ReadonlyArray<string> = resolveResult.trustChain.asJsReadonlyArrayView()
56
- let authorityJWK:JWK | undefined = undefined
57
- for (const [i, jwt] of [...trustChain].reverse().entries()) {
58
- const isLast = i === trustChain.length - 1
56
+ if (trustChain.length === 0) {
57
+ errorList[trustAnchor] = 'Trust chain is empty'
58
+ continue
59
+ }
60
+
61
+ const jwt = trustChain[trustChain.length - 1]
62
+ const jwtVerifyResult: IJwsValidationResult = await context.agent.jwtVerifyJwsSignature({ jws: jwt })
63
+
64
+ if (jwtVerifyResult.error || jwtVerifyResult.critical) {
65
+ errorList[trustAnchor] = jwtVerifyResult.message
66
+ continue
67
+ }
59
68
 
60
- const verifyArgs:VerifyJwsArgs = {jws: jwt}
61
- if(authorityJWK && !isLast) {
62
- verifyArgs.jwk = authorityJWK
63
- }
64
-
65
- // FIXME remove jwtVerifyJwsSignature as the Kotlin client already did this
66
- const jwtVerifyResult:IJwsValidationResult = await context.agent.jwtVerifyJwsSignature(verifyArgs)
67
- if(jwtVerifyResult.error || jwtVerifyResult.critical) {
68
- errorList[trustAnchor] = jwtVerifyResult.message
69
- break
70
- }
71
- if(jwtVerifyResult.jws.signatures.length === 0) {
72
- errorList[trustAnchor] = 'No signature was present in the trust anchor JWS'
73
- break
74
- }
75
- const signature = jwtVerifyResult.jws.signatures[0]
76
- if(signature.identifier.jwks.length === 0) {
77
- errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
78
- break
79
- }
80
- const jwkInfo:ExternalJwkInfo = signature.identifier.jwks[0]
81
- if(!authorityJWK) {
82
- authorityJWK = jwkInfo.jwk
83
- jwkInfos.push(jwkInfo)
84
- trustedAnchors[trustAnchor] = signature.publicKeyHex // When we have multiple hits from different trust anchor authorities the caller can infer which signature came from which trust anchor
85
- }
69
+ if (jwtVerifyResult.jws.signatures.length === 0) {
70
+ errorList[trustAnchor] = 'No signature was present in the trust anchor JWS'
71
+ continue
86
72
  }
73
+
74
+ const signature = jwtVerifyResult.jws.signatures[0]
75
+ if (signature.identifier.jwks.length === 0) {
76
+ errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
77
+ continue
78
+ }
79
+
80
+ const jwkInfo: ExternalJwkInfo = signature.identifier.jwks[0]
81
+ jwkInfos.push(jwkInfo)
82
+ trustedAnchors[trustAnchor] = signature.publicKeyHex
87
83
  }
88
84
  }
89
85