@sphereon/ssi-sdk.credential-validation 0.31.1-next.39 → 0.31.1-next.41
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CredentialValidation.d.ts","sourceRoot":"","sources":["../../src/agent/CredentialValidation.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"CredentialValidation.d.ts","sourceRoot":"","sources":["../../src/agent/CredentialValidation.ts"],"names":[],"mappings":"AAUA,OAAO,EACL,YAAY,EAGb,MAAM,cAAc,CAAA;AAIrB,OAAO,EAEL,qBAAqB,EAUtB,MAAM,UAAU,CAAA;AAMjB,eAAO,MAAM,2BAA2B,EAAE,KAAK,CAAC,MAAM,CAMrD,CAAA;AAED;;GAEG;AACH,qBAAa,oBAAqB,YAAW,YAAY;IACvD,QAAQ,CAAC,MAAM,MAA+B;IAC9C,QAAQ,CAAC,OAAO,EAAE,qBAAqB,CAMtC;IAED,OAAO,CAAC,aAAa;YAkBP,kBAAkB;YAuBlB,cAAc;YAad,cAAc;YA4Bd,WAAW;YAQX,6BAA6B;YA0B7B,YAAY;YAyBZ,qBAAqB;YA6CrB,uBAAuB;CAqBtC"}
|
|
@@ -13,12 +13,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
13
13
|
};
|
|
14
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
15
|
exports.CredentialValidation = exports.credentialValidationMethods = void 0;
|
|
16
|
-
const
|
|
16
|
+
const kmp_mdoc_core_1 = require("@sphereon/kmp-mdoc-core");
|
|
17
17
|
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
18
|
-
const cross_fetch_1 = __importDefault(require("cross-fetch"));
|
|
19
|
-
const _2020_1 = __importDefault(require("ajv/dist/2020"));
|
|
20
18
|
const ajv_formats_1 = __importDefault(require("ajv-formats"));
|
|
21
|
-
const
|
|
19
|
+
const _2020_1 = __importDefault(require("ajv/dist/2020"));
|
|
20
|
+
const cross_fetch_1 = __importDefault(require("cross-fetch"));
|
|
21
|
+
const index_1 = require("../index");
|
|
22
22
|
var decodeFrom = kmp_mdoc_core_1.com.sphereon.kmp.decodeFrom;
|
|
23
23
|
var IssuerSignedCbor = kmp_mdoc_core_1.com.sphereon.mdoc.data.device.IssuerSignedCbor;
|
|
24
24
|
// Exposing the methods here for any REST implementation
|
|
@@ -27,7 +27,7 @@ exports.credentialValidationMethods = [
|
|
|
27
27
|
'cvVerifySchema',
|
|
28
28
|
'cvVerifyMdoc',
|
|
29
29
|
'cvVerifySDJWTCredential',
|
|
30
|
-
'cvVerifyW3CCredential'
|
|
30
|
+
'cvVerifyW3CCredential'
|
|
31
31
|
];
|
|
32
32
|
/**
|
|
33
33
|
* {@inheritDoc ICredentialValidation}
|
|
@@ -40,7 +40,7 @@ class CredentialValidation {
|
|
|
40
40
|
cvVerifySchema: this.cvVerifySchema.bind(this),
|
|
41
41
|
cvVerifyMdoc: this.cvVerifyMdoc.bind(this),
|
|
42
42
|
cvVerifySDJWTCredential: this.cvVerifySDJWTCredential.bind(this),
|
|
43
|
-
cvVerifyW3CCredential: this.cvVerifyW3CCredential.bind(this)
|
|
43
|
+
cvVerifyW3CCredential: this.cvVerifyW3CCredential.bind(this)
|
|
44
44
|
};
|
|
45
45
|
}
|
|
46
46
|
detectSchemas(wrappedVC) {
|
|
@@ -66,7 +66,7 @@ class CredentialValidation {
|
|
|
66
66
|
const schemaResult = yield this.cvVerifySchema({
|
|
67
67
|
credential,
|
|
68
68
|
validationPolicy: (_a = policies === null || policies === void 0 ? void 0 : policies.schemaValidation) !== null && _a !== void 0 ? _a : index_1.SchemaValidation.WHEN_PRESENT,
|
|
69
|
-
hasher
|
|
69
|
+
hasher
|
|
70
70
|
});
|
|
71
71
|
if (!schemaResult.result) {
|
|
72
72
|
return schemaResult;
|
|
@@ -90,7 +90,7 @@ class CredentialValidation {
|
|
|
90
90
|
return {
|
|
91
91
|
result: true,
|
|
92
92
|
source: wrappedCredential,
|
|
93
|
-
subResults: []
|
|
93
|
+
subResults: []
|
|
94
94
|
};
|
|
95
95
|
}
|
|
96
96
|
return this.validateSchema(wrappedCredential, validationPolicy);
|
|
@@ -100,23 +100,27 @@ class CredentialValidation {
|
|
|
100
100
|
return __awaiter(this, void 0, void 0, function* () {
|
|
101
101
|
const schemas = this.detectSchemas(wrappedVC);
|
|
102
102
|
if (!schemas) {
|
|
103
|
-
|
|
104
|
-
|
|
103
|
+
if (validationPolicy === index_1.SchemaValidation.ALWAYS) {
|
|
104
|
+
console.error(`No schema found for credential, but validation policy is set to ALWAYS. Returning false. Credential: ${JSON.stringify(wrappedVC.credential, null, 2)}`);
|
|
105
|
+
return {
|
|
105
106
|
result: false,
|
|
106
107
|
source: wrappedVC,
|
|
107
|
-
subResults: []
|
|
108
|
-
}
|
|
109
|
-
|
|
108
|
+
subResults: []
|
|
109
|
+
};
|
|
110
|
+
}
|
|
111
|
+
else {
|
|
112
|
+
return {
|
|
110
113
|
result: true,
|
|
111
114
|
source: wrappedVC,
|
|
112
|
-
subResults: []
|
|
115
|
+
subResults: []
|
|
113
116
|
};
|
|
117
|
+
}
|
|
114
118
|
}
|
|
115
119
|
const subResults = yield Promise.all(schemas.map((schema) => this.verifyCredentialAgainstSchema(wrappedVC, schema)));
|
|
116
120
|
return {
|
|
117
121
|
result: subResults.every((subResult) => subResult.result),
|
|
118
122
|
source: wrappedVC,
|
|
119
|
-
subResults
|
|
123
|
+
subResults
|
|
120
124
|
};
|
|
121
125
|
});
|
|
122
126
|
}
|
|
@@ -136,18 +140,22 @@ class CredentialValidation {
|
|
|
136
140
|
try {
|
|
137
141
|
schemaValue = yield this.fetchSchema(schemaUrl);
|
|
138
142
|
}
|
|
139
|
-
catch (
|
|
143
|
+
catch (error) {
|
|
144
|
+
console.error(error);
|
|
140
145
|
return {
|
|
141
146
|
result: false,
|
|
142
|
-
error:
|
|
147
|
+
error: error
|
|
143
148
|
};
|
|
144
149
|
}
|
|
145
150
|
const ajv = new _2020_1.default({ loadSchema: this.fetchSchema });
|
|
146
151
|
(0, ajv_formats_1.default)(ajv);
|
|
147
152
|
const validate = yield ajv.compileAsync(schemaValue);
|
|
148
153
|
const valid = validate(wrappedVC.credential);
|
|
154
|
+
if (!valid) {
|
|
155
|
+
console.error(`Schema validation failed for `, wrappedVC.credential);
|
|
156
|
+
}
|
|
149
157
|
return {
|
|
150
|
-
result: valid
|
|
158
|
+
result: valid
|
|
151
159
|
};
|
|
152
160
|
});
|
|
153
161
|
}
|
|
@@ -158,15 +166,16 @@ class CredentialValidation {
|
|
|
158
166
|
const issuerSigned = IssuerSignedCbor.Static.cborDecode(decodeFrom(credential, kmp_mdoc_core_1.com.sphereon.kmp.Encoding.BASE64URL));
|
|
159
167
|
const verification = yield context.agent.mdocVerifyIssuerSigned({ input: issuerSigned.toJson().issuerAuth }).catch((error) => {
|
|
160
168
|
var _a;
|
|
169
|
+
console.error(error);
|
|
161
170
|
return {
|
|
162
171
|
name: 'mdoc',
|
|
163
172
|
critical: true,
|
|
164
173
|
error: true,
|
|
165
|
-
message: (_a = error.message) !== null && _a !== void 0 ? _a : '
|
|
174
|
+
message: (_a = error.message) !== null && _a !== void 0 ? _a : 'Mdoc Issuer Signed VC could not be verified'
|
|
166
175
|
};
|
|
167
176
|
});
|
|
168
177
|
return Object.assign({ source: ssi_types_1.CredentialMapper.toWrappedVerifiableCredential(credential), result: !verification.error, subResults: [] }, (verification.error && {
|
|
169
|
-
error: (_a = verification.message) !== null && _a !== void 0 ? _a : `Could not verify mdoc from issuer
|
|
178
|
+
error: (_a = verification.message) !== null && _a !== void 0 ? _a : `Could not verify mdoc from issuer`
|
|
170
179
|
}));
|
|
171
180
|
});
|
|
172
181
|
}
|
|
@@ -181,7 +190,7 @@ class CredentialValidation {
|
|
|
181
190
|
// FIXME the source is never used, need to start using this as the source of truth
|
|
182
191
|
source: ssi_types_1.CredentialMapper.toWrappedVerifiableCredential(args.credential), result }, (!result && {
|
|
183
192
|
error: 'Invalid JWT VC',
|
|
184
|
-
errorDetails: `JWT VC was not valid with policies: ${JSON.stringify(policies)}
|
|
193
|
+
errorDetails: `JWT VC was not valid with policies: ${JSON.stringify(policies)}`
|
|
185
194
|
})), { subResults: [] });
|
|
186
195
|
}
|
|
187
196
|
else {
|
|
@@ -199,13 +208,14 @@ class CredentialValidation {
|
|
|
199
208
|
(errorDetails !== '' ? `${errorDetails}, ` : '') +
|
|
200
209
|
((_o = (_m = result.error) === null || _m === void 0 ? void 0 : _m.errors) === null || _o === void 0 ? void 0 : _o.map((error) => { var _a, _b, _c; return (((_a = error === null || error === void 0 ? void 0 : error.details) === null || _a === void 0 ? void 0 : _a.code) ? `${error.details.code}, ` : '') + ((_c = (_b = error === null || error === void 0 ? void 0 : error.details) === null || _b === void 0 ? void 0 : _b.url) !== null && _c !== void 0 ? _c : ''); }).join(', '));
|
|
201
210
|
}
|
|
211
|
+
console.error(error);
|
|
202
212
|
}
|
|
203
213
|
return {
|
|
204
214
|
source: ssi_types_1.CredentialMapper.toWrappedVerifiableCredential(credential),
|
|
205
215
|
result: result.verified,
|
|
206
216
|
subResults,
|
|
207
217
|
error,
|
|
208
|
-
errorDetails
|
|
218
|
+
errorDetails
|
|
209
219
|
};
|
|
210
220
|
}
|
|
211
221
|
});
|
|
@@ -217,9 +227,10 @@ class CredentialValidation {
|
|
|
217
227
|
.verifySdJwtVc({ credential })
|
|
218
228
|
.catch((error) => {
|
|
219
229
|
var _a;
|
|
230
|
+
console.error(error);
|
|
220
231
|
return {
|
|
221
232
|
error: 'Invalid SD-JWT VC',
|
|
222
|
-
errorDetails: (_a = error.message) !== null && _a !== void 0 ? _a : 'SD-JWT VC could not be verified'
|
|
233
|
+
errorDetails: (_a = error.message) !== null && _a !== void 0 ? _a : 'SD-JWT VC could not be verified'
|
|
223
234
|
};
|
|
224
235
|
});
|
|
225
236
|
const result = 'header' in verification && 'payload' in verification;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"CredentialValidation.js","sourceRoot":"","sources":["../../src/agent/CredentialValidation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"CredentialValidation.js","sourceRoot":"","sources":["../../src/agent/CredentialValidation.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2DAA6C;AAE7C,mDAO4B;AAM5B,8DAAoC;AACpC,0DAAmC;AACnC,8DAA+B;AAC/B,oCAYiB;AAEjB,IAAO,UAAU,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAA;AAC/C,IAAO,gBAAgB,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAA;AAExE,wDAAwD;AAC3C,QAAA,2BAA2B,GAAkB;IACxD,oBAAoB;IACpB,gBAAgB;IAChB,cAAc;IACd,yBAAyB;IACzB,uBAAuB;CACxB,CAAA;AAED;;GAEG;AACH,MAAa,oBAAoB;IAAjC;QACW,WAAM,GAAG,cAAM,CAAC,qBAAqB,CAAA;QACrC,YAAO,GAA0B;YACxC,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;YACtD,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9C,YAAY,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1C,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC;SAC7D,CAAA;IAiNH,CAAC;IA/MS,aAAa,CAAC,SAAsC;QAC1D,IAAI,YAAY,IAAI,SAAS,EAAE,CAAC;YAC9B,MAAM,EAAE,UAAU,EAAE,GAAG,SAAS,CAAA;YAEhC,IAAI,kBAAkB,IAAI,UAAU,EAAE,CAAC;gBACrC,MAAM,EAAE,gBAAgB,EAAE,GAAG,UAAU,CAAA;gBAEvC,IAAI,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBACpC,OAAO,gBAAgB,CAAA;gBACzB,CAAC;qBAAM,IAAI,gBAAgB,EAAE,CAAC;oBAC5B,OAAO,CAAC,gBAAgB,CAAC,CAAA;gBAC3B,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEa,kBAAkB,CAAC,IAA0B,EAAE,OAAwB;;;YACnF,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAA;YAC7C,mDAAmD;YACnD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;gBAC7C,UAAU;gBACV,gBAAgB,EAAE,MAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,gBAAgB,mCAAI,wBAAgB,CAAC,YAAY;gBAC7E,MAAM;aACP,CAAC,CAAA;YACF,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;gBACzB,OAAO,YAAY,CAAA;YACrB,CAAC;YACD,IAAI,4BAAgB,CAAC,sBAAsB,CAAC,UAAU,CAAC,EAAE,CAAC;gBACxD,OAAO,MAAM,IAAI,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,EAAE,OAAO,CAAC,CAAA;YACzD,CAAC;iBAAM,IAAI,4BAAgB,CAAC,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC;gBACvD,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,EAAE,OAAO,CAAC,CAAA;YAC5E,CAAC;iBAAM,CAAC;gBACN,OAAO,MAAM,IAAI,CAAC,qBAAqB,iCAClC,IAAI,KACP,UAAU,EAAE,UAA2C,KACtD,OAAO,CAAC,CAAA;YACb,CAAC;QACH,CAAC;KAAA;IAEa,cAAc,CAAC,IAAwB;;YACnD,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,IAAI,CAAA;YACrD,MAAM,iBAAiB,GAAgC,4BAAgB,CAAC,6BAA6B,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;YAC7H,IAAI,gBAAgB,KAAK,wBAAgB,CAAC,KAAK,EAAE,CAAC;gBAChD,OAAO;oBACL,MAAM,EAAE,IAAI;oBACZ,MAAM,EAAE,iBAAiB;oBACzB,UAAU,EAAE,EAAE;iBACf,CAAA;YACH,CAAC;YACD,OAAO,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAA;QACjE,CAAC;KAAA;IAEa,cAAc,CAAC,SAAsC,EAAE,gBAAmC;;YACtG,MAAM,OAAO,GAAwC,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAA;YAClF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,IAAI,gBAAgB,KAAK,wBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjD,OAAO,CAAC,KAAK,CAAC,wGAAwG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAA;oBACtK,OAAO;wBACL,MAAM,EAAE,KAAK;wBACb,MAAM,EAAE,SAAS;wBACjB,UAAU,EAAE,EAAE;qBACf,CAAA;gBACH,CAAC;qBAAM,CAAC;oBACN,OAAO;wBACL,MAAM,EAAE,IAAI;wBACZ,MAAM,EAAE,SAAS;wBACjB,UAAU,EAAE,EAAE;qBACf,CAAA;gBACH,CAAC;YACH,CAAC;YAED,MAAM,UAAU,GAA4B,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,6BAA6B,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,CAAA;YAE7I,OAAO;gBACL,MAAM,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC;gBACzD,MAAM,EAAE,SAAS;gBACjB,UAAU;aACX,CAAA;QACH,CAAC;KAAA;IAEa,WAAW,CAAC,GAAW;;YACnC,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAK,EAAC,GAAG,CAAC,CAAA;YACjC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,EAAE,CAAC,CAAA;YACvD,CAAC;YACD,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAA;QACxB,CAAC;KAAA;IAEa,6BAA6B,CAAC,SAAsC,EAAE,MAA6B;;YAC/G,MAAM,SAAS,GAAW,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAA;YACzE,IAAI,WAAW,CAAA;YACf,IAAI,CAAC;gBACH,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAA;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;gBACpB,OAAO;oBACL,MAAM,EAAE,KAAK;oBACb,KAAK,EAAE,KAAK;iBACb,CAAA;YACH,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,eAAO,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAA;YACzD,IAAA,qBAAU,EAAC,GAAG,CAAC,CAAA;YAEf,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,YAAY,CAAC,WAAW,CAAC,CAAA;YACpD,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAA;YAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,KAAK,CAAC,+BAA+B,EAAE,SAAS,CAAC,UAAU,CAAC,CAAA;YACtE,CAAC;YACD,OAAO;gBACL,MAAM,EAAE,KAAK;aACd,CAAA;QACH,CAAC;KAAA;IAEa,YAAY,CAAC,IAA8B,EAAE,OAAwB;;;YACjF,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAA;YAE3B,MAAM,YAAY,GAAG,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,UAAU,EAAE,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;YAEpH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,KAAY,EAAE,EAAE;;gBAClI,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;gBACpB,OAAO;oBACL,IAAI,EAAE,MAAM;oBACZ,QAAQ,EAAE,IAAI;oBACd,KAAK,EAAE,IAAI;oBACX,OAAO,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,6CAA6C;iBACzB,CAAA;YAClD,CAAC,CAAC,CAAA;YAEF,uBACE,MAAM,EAAE,4BAAgB,CAAC,6BAA6B,CAAC,UAA0C,CAAC,EAClG,MAAM,EAAE,CAAC,YAAY,CAAC,KAAK,EAC3B,UAAU,EAAE,EAAE,IACX,CAAC,YAAY,CAAC,KAAK,IAAI;gBACxB,KAAK,EAAE,MAAA,YAAY,CAAC,OAAO,mCAAI,mCAAmC;aACnE,CAAC,EACH;QACH,CAAC;KAAA;IAEa,qBAAqB,CAAC,IAA2B,EAAE,OAAwB;;;YACvF,2GAA2G;YAC3G,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAA;YAErC,MAAM,MAAM,GAA4B,CAAC,MAAM,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAA4B,CAAA;YAE/G,IAAI,OAAO,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC;oBACE,kFAAkF;oBAClF,MAAM,EAAE,4BAAgB,CAAC,6BAA6B,CAAC,IAAI,CAAC,UAA0C,CAAC,EACvG,MAAM,IACH,CAAC,CAAC,MAAM,IAAI;oBACb,KAAK,EAAE,gBAAgB;oBACvB,YAAY,EAAE,uCAAuC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE;iBAChF,CAAC,KACF,UAAU,EAAE,EAAE,IACf;YACH,CAAC;iBAAM,CAAC;gBACN,kEAAkE;gBAClE,IAAI,KAAyB,CAAA;gBAC7B,IAAI,YAAgC,CAAA;gBACpC,MAAM,UAAU,GAAiC,EAAE,CAAA;gBACnD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;oBACjB,KAAK,GAAG,MAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,OAAO,mCAAI,EAAE,CAAA;oBACnC,YAAY,GAAG,MAAA,MAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,OAAO,0CAAE,IAAI,mCAAI,EAAE,CAAA;oBAChD,YAAY,GAAG,CAAC,YAAY,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,YAAY,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAA,MAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,OAAO,0CAAE,GAAG,mCAAI,EAAE,CAAC,CAAA;oBACpG,IAAI,MAAA,MAAM,CAAC,KAAK,0CAAE,MAAM,EAAE,CAAC;wBACzB,KAAK,GAAG,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAG,MAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,MAAM,0CAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,WAAC,OAAA,MAAA,KAAK,CAAC,OAAO,mCAAI,KAAK,CAAC,IAAI,CAAA,EAAA,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA,CAAA;wBACzH,YAAY;4BACV,CAAC,YAAY,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,YAAY,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;iCAChD,MAAA,MAAA,MAAM,CAAC,KAAK,0CAAE,MAAM,0CAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,mBAAC,OAAA,CAAC,CAAA,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,0CAAE,IAAI,EAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,MAAA,MAAA,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,0CAAE,GAAG,mCAAI,EAAE,CAAC,CAAA,EAAA,EAAE,IAAI,CAAC,IAAI,CAAC,CAAA,CAAA;oBAC1I,CAAC;oBACD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;gBACtB,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,4BAAgB,CAAC,6BAA6B,CAAC,UAA0C,CAAC;oBAClG,MAAM,EAAE,MAAM,CAAC,QAAQ;oBACvB,UAAU;oBACV,KAAK;oBACL,YAAY;iBACb,CAAA;YACH,CAAC;QACH,CAAC;KAAA;IAEa,uBAAuB,CAAC,IAA+B,EAAE,OAAwB;;YAC7F,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;YAEnC,MAAM,YAAY,GAAuD,MAAM,OAAO,CAAC,KAAK;iBACzF,aAAa,CAAC,EAAE,UAAU,EAAE,CAAC;iBAC7B,KAAK,CAAC,CAAC,KAAY,EAA+B,EAAE;;gBACnD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;gBACpB,OAAO;oBACL,KAAK,EAAE,mBAAmB;oBAC1B,YAAY,EAAE,MAAA,KAAK,CAAC,OAAO,mCAAI,iCAAiC;iBACjE,CAAA;YACH,CAAC,CAAC,CAAA;YAEJ,MAAM,MAAM,GAAG,QAAQ,IAAI,YAAY,IAAI,SAAS,IAAI,YAAY,CAAA;YACpE,uBACE,MAAM,EAAE,4BAAgB,CAAC,6BAA6B,CAAC,UAA0C,EAAE,EAAE,MAAM,EAAE,CAAC,EAC9G,MAAM,EACN,UAAU,EAAE,EAAE,IACX,CAAC,CAAC,MAAM,sBAAS,YAAY,CAAE,CAAC,EACpC;QACH,CAAC;KAAA;CACF;AAzND,oDAyNC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk.credential-validation",
|
|
3
|
-
"version": "0.31.1-next.
|
|
3
|
+
"version": "0.31.1-next.41+4e186358",
|
|
4
4
|
"source": "src/index.ts",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -15,12 +15,12 @@
|
|
|
15
15
|
"generate-plugin-schema": "ts-node ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
|
|
16
16
|
},
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.
|
|
19
|
-
"@sphereon/ssi-sdk.agent-config": "0.31.1-next.
|
|
20
|
-
"@sphereon/ssi-sdk.core": "0.31.1-next.
|
|
21
|
-
"@sphereon/ssi-sdk.mdl-mdoc": "0.31.1-next.
|
|
22
|
-
"@sphereon/ssi-sdk.sd-jwt": "0.31.1-next.
|
|
23
|
-
"@sphereon/ssi-types": "0.31.1-next.
|
|
18
|
+
"@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
|
|
19
|
+
"@sphereon/ssi-sdk.agent-config": "0.31.1-next.41+4e186358",
|
|
20
|
+
"@sphereon/ssi-sdk.core": "0.31.1-next.41+4e186358",
|
|
21
|
+
"@sphereon/ssi-sdk.mdl-mdoc": "0.31.1-next.41+4e186358",
|
|
22
|
+
"@sphereon/ssi-sdk.sd-jwt": "0.31.1-next.41+4e186358",
|
|
23
|
+
"@sphereon/ssi-types": "0.31.1-next.41+4e186358",
|
|
24
24
|
"@veramo/core": "4.2.0",
|
|
25
25
|
"@veramo/utils": "4.2.0",
|
|
26
26
|
"ajv": "^8.17.1",
|
|
@@ -54,5 +54,5 @@
|
|
|
54
54
|
"Credential",
|
|
55
55
|
"VerifiableCredential"
|
|
56
56
|
],
|
|
57
|
-
"gitHead": "
|
|
57
|
+
"gitHead": "4e1863586ff7d27c4fa8ccd1094e7618c364425f"
|
|
58
58
|
}
|
|
@@ -1,4 +1,21 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { com } from '@sphereon/kmp-mdoc-core'
|
|
2
|
+
import { IVerifySdJwtVcResult } from '@sphereon/ssi-sdk.sd-jwt'
|
|
3
|
+
import {
|
|
4
|
+
CredentialMapper,
|
|
5
|
+
ICoseKeyJson,
|
|
6
|
+
ICredentialSchemaType,
|
|
7
|
+
IVerifyResult,
|
|
8
|
+
OriginalVerifiableCredential,
|
|
9
|
+
WrappedVerifiableCredential
|
|
10
|
+
} from '@sphereon/ssi-types'
|
|
11
|
+
import {
|
|
12
|
+
IAgentPlugin,
|
|
13
|
+
IVerifyCredentialArgs,
|
|
14
|
+
W3CVerifiableCredential as VeramoW3CVerifiableCredential
|
|
15
|
+
} from '@veramo/core'
|
|
16
|
+
import addFormats from 'ajv-formats'
|
|
17
|
+
import Ajv2020 from 'ajv/dist/2020'
|
|
18
|
+
import fetch from 'cross-fetch'
|
|
2
19
|
import {
|
|
3
20
|
CredentialVerificationError,
|
|
4
21
|
ICredentialValidation,
|
|
@@ -10,24 +27,11 @@ import {
|
|
|
10
27
|
VerificationSubResult,
|
|
11
28
|
VerifyCredentialArgs,
|
|
12
29
|
VerifyMdocCredentialArgs,
|
|
13
|
-
VerifySDJWTCredentialArgs
|
|
30
|
+
VerifySDJWTCredentialArgs
|
|
14
31
|
} from '../index'
|
|
15
|
-
import
|
|
16
|
-
CredentialMapper,
|
|
17
|
-
ICoseKeyJson,
|
|
18
|
-
ICredentialSchemaType,
|
|
19
|
-
IVerifyResult,
|
|
20
|
-
OriginalVerifiableCredential,
|
|
21
|
-
WrappedVerifiableCredential,
|
|
22
|
-
} from '@sphereon/ssi-types'
|
|
23
|
-
import fetch from 'cross-fetch'
|
|
24
|
-
import Ajv2020 from 'ajv/dist/2020'
|
|
25
|
-
import addFormats from 'ajv-formats'
|
|
26
|
-
import { com } from '@sphereon/kmp-mdoc-core'
|
|
27
|
-
import { IVerifySdJwtVcResult } from '@sphereon/ssi-sdk.sd-jwt'
|
|
32
|
+
import IVerifySignatureResult = com.sphereon.crypto.generic.IVerifySignatureResult
|
|
28
33
|
import decodeFrom = com.sphereon.kmp.decodeFrom
|
|
29
34
|
import IssuerSignedCbor = com.sphereon.mdoc.data.device.IssuerSignedCbor
|
|
30
|
-
import IVerifySignatureResult = com.sphereon.crypto.generic.IVerifySignatureResult
|
|
31
35
|
|
|
32
36
|
// Exposing the methods here for any REST implementation
|
|
33
37
|
export const credentialValidationMethods: Array<string> = [
|
|
@@ -35,7 +39,7 @@ export const credentialValidationMethods: Array<string> = [
|
|
|
35
39
|
'cvVerifySchema',
|
|
36
40
|
'cvVerifyMdoc',
|
|
37
41
|
'cvVerifySDJWTCredential',
|
|
38
|
-
'cvVerifyW3CCredential'
|
|
42
|
+
'cvVerifyW3CCredential'
|
|
39
43
|
]
|
|
40
44
|
|
|
41
45
|
/**
|
|
@@ -48,7 +52,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
48
52
|
cvVerifySchema: this.cvVerifySchema.bind(this),
|
|
49
53
|
cvVerifyMdoc: this.cvVerifyMdoc.bind(this),
|
|
50
54
|
cvVerifySDJWTCredential: this.cvVerifySDJWTCredential.bind(this),
|
|
51
|
-
cvVerifyW3CCredential: this.cvVerifyW3CCredential.bind(this)
|
|
55
|
+
cvVerifyW3CCredential: this.cvVerifyW3CCredential.bind(this)
|
|
52
56
|
}
|
|
53
57
|
|
|
54
58
|
private detectSchemas(wrappedVC: WrappedVerifiableCredential): ICredentialSchemaType[] | undefined {
|
|
@@ -75,7 +79,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
75
79
|
const schemaResult = await this.cvVerifySchema({
|
|
76
80
|
credential,
|
|
77
81
|
validationPolicy: policies?.schemaValidation ?? SchemaValidation.WHEN_PRESENT,
|
|
78
|
-
hasher
|
|
82
|
+
hasher
|
|
79
83
|
})
|
|
80
84
|
if (!schemaResult.result) {
|
|
81
85
|
return schemaResult
|
|
@@ -85,7 +89,10 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
85
89
|
} else if (CredentialMapper.isSdJwtEncoded(credential)) {
|
|
86
90
|
return await this.cvVerifySDJWTCredential({ credential, hasher }, context)
|
|
87
91
|
} else {
|
|
88
|
-
return await this.cvVerifyW3CCredential({
|
|
92
|
+
return await this.cvVerifyW3CCredential({
|
|
93
|
+
...args,
|
|
94
|
+
credential: credential as VeramoW3CVerifiableCredential
|
|
95
|
+
}, context)
|
|
89
96
|
}
|
|
90
97
|
}
|
|
91
98
|
|
|
@@ -96,7 +103,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
96
103
|
return {
|
|
97
104
|
result: true,
|
|
98
105
|
source: wrappedCredential,
|
|
99
|
-
subResults: []
|
|
106
|
+
subResults: []
|
|
100
107
|
}
|
|
101
108
|
}
|
|
102
109
|
return this.validateSchema(wrappedCredential, validationPolicy)
|
|
@@ -105,17 +112,20 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
105
112
|
private async validateSchema(wrappedVC: WrappedVerifiableCredential, validationPolicy?: SchemaValidation): Promise<VerificationResult> {
|
|
106
113
|
const schemas: ICredentialSchemaType[] | undefined = this.detectSchemas(wrappedVC)
|
|
107
114
|
if (!schemas) {
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
115
|
+
if (validationPolicy === SchemaValidation.ALWAYS) {
|
|
116
|
+
console.error(`No schema found for credential, but validation policy is set to ALWAYS. Returning false. Credential: ${JSON.stringify(wrappedVC.credential, null, 2)}`)
|
|
117
|
+
return {
|
|
118
|
+
result: false,
|
|
119
|
+
source: wrappedVC,
|
|
120
|
+
subResults: []
|
|
121
|
+
}
|
|
122
|
+
} else {
|
|
123
|
+
return {
|
|
124
|
+
result: true,
|
|
125
|
+
source: wrappedVC,
|
|
126
|
+
subResults: []
|
|
127
|
+
}
|
|
128
|
+
}
|
|
119
129
|
}
|
|
120
130
|
|
|
121
131
|
const subResults: VerificationSubResult[] = await Promise.all(schemas.map((schema) => this.verifyCredentialAgainstSchema(wrappedVC, schema)))
|
|
@@ -123,7 +133,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
123
133
|
return {
|
|
124
134
|
result: subResults.every((subResult) => subResult.result),
|
|
125
135
|
source: wrappedVC,
|
|
126
|
-
subResults
|
|
136
|
+
subResults
|
|
127
137
|
}
|
|
128
138
|
}
|
|
129
139
|
|
|
@@ -140,10 +150,11 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
140
150
|
let schemaValue
|
|
141
151
|
try {
|
|
142
152
|
schemaValue = await this.fetchSchema(schemaUrl)
|
|
143
|
-
} catch (
|
|
153
|
+
} catch (error) {
|
|
154
|
+
console.error(error)
|
|
144
155
|
return {
|
|
145
156
|
result: false,
|
|
146
|
-
error:
|
|
157
|
+
error: error
|
|
147
158
|
}
|
|
148
159
|
}
|
|
149
160
|
|
|
@@ -152,8 +163,11 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
152
163
|
|
|
153
164
|
const validate = await ajv.compileAsync(schemaValue)
|
|
154
165
|
const valid = validate(wrappedVC.credential)
|
|
166
|
+
if (!valid) {
|
|
167
|
+
console.error(`Schema validation failed for `, wrappedVC.credential)
|
|
168
|
+
}
|
|
155
169
|
return {
|
|
156
|
-
result: valid
|
|
170
|
+
result: valid
|
|
157
171
|
}
|
|
158
172
|
}
|
|
159
173
|
|
|
@@ -163,11 +177,12 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
163
177
|
const issuerSigned = IssuerSignedCbor.Static.cborDecode(decodeFrom(credential, com.sphereon.kmp.Encoding.BASE64URL))
|
|
164
178
|
|
|
165
179
|
const verification = await context.agent.mdocVerifyIssuerSigned({ input: issuerSigned.toJson().issuerAuth }).catch((error: Error) => {
|
|
180
|
+
console.error(error)
|
|
166
181
|
return {
|
|
167
182
|
name: 'mdoc',
|
|
168
183
|
critical: true,
|
|
169
184
|
error: true,
|
|
170
|
-
message: error.message ?? '
|
|
185
|
+
message: error.message ?? 'Mdoc Issuer Signed VC could not be verified'
|
|
171
186
|
} satisfies IVerifySignatureResult<ICoseKeyJson>
|
|
172
187
|
})
|
|
173
188
|
|
|
@@ -176,8 +191,8 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
176
191
|
result: !verification.error,
|
|
177
192
|
subResults: [],
|
|
178
193
|
...(verification.error && {
|
|
179
|
-
error: verification.message ?? `Could not verify mdoc from issuer
|
|
180
|
-
})
|
|
194
|
+
error: verification.message ?? `Could not verify mdoc from issuer`
|
|
195
|
+
})
|
|
181
196
|
}
|
|
182
197
|
}
|
|
183
198
|
|
|
@@ -194,9 +209,9 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
194
209
|
result,
|
|
195
210
|
...(!result && {
|
|
196
211
|
error: 'Invalid JWT VC',
|
|
197
|
-
errorDetails: `JWT VC was not valid with policies: ${JSON.stringify(policies)}
|
|
212
|
+
errorDetails: `JWT VC was not valid with policies: ${JSON.stringify(policies)}`
|
|
198
213
|
}),
|
|
199
|
-
subResults: []
|
|
214
|
+
subResults: []
|
|
200
215
|
}
|
|
201
216
|
} else {
|
|
202
217
|
// TODO look at what this is doing and make it simple and readable
|
|
@@ -213,6 +228,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
213
228
|
(errorDetails !== '' ? `${errorDetails}, ` : '') +
|
|
214
229
|
result.error?.errors?.map((error) => (error?.details?.code ? `${error.details.code}, ` : '') + (error?.details?.url ?? '')).join(', ')
|
|
215
230
|
}
|
|
231
|
+
console.error(error)
|
|
216
232
|
}
|
|
217
233
|
|
|
218
234
|
return {
|
|
@@ -220,7 +236,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
220
236
|
result: result.verified,
|
|
221
237
|
subResults,
|
|
222
238
|
error,
|
|
223
|
-
errorDetails
|
|
239
|
+
errorDetails
|
|
224
240
|
}
|
|
225
241
|
}
|
|
226
242
|
}
|
|
@@ -231,9 +247,10 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
231
247
|
const verification: IVerifySdJwtVcResult | CredentialVerificationError = await context.agent
|
|
232
248
|
.verifySdJwtVc({ credential })
|
|
233
249
|
.catch((error: Error): CredentialVerificationError => {
|
|
250
|
+
console.error(error)
|
|
234
251
|
return {
|
|
235
252
|
error: 'Invalid SD-JWT VC',
|
|
236
|
-
errorDetails: error.message ?? 'SD-JWT VC could not be verified'
|
|
253
|
+
errorDetails: error.message ?? 'SD-JWT VC could not be verified'
|
|
237
254
|
}
|
|
238
255
|
})
|
|
239
256
|
|
|
@@ -242,7 +259,7 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
242
259
|
source: CredentialMapper.toWrappedVerifiableCredential(credential as OriginalVerifiableCredential, { hasher }),
|
|
243
260
|
result,
|
|
244
261
|
subResults: [],
|
|
245
|
-
...(!result && { ...verification })
|
|
262
|
+
...(!result && { ...verification })
|
|
246
263
|
}
|
|
247
264
|
}
|
|
248
265
|
}
|