@sphereon/ssi-sdk.credential-vcdm1-jwt-provider 0.34.1-next.91 → 0.36.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.cjs.map +1 -1
  2. package/dist/index.js.map +1 -1
  3. package/package.json +9 -9
  4. package/src/__tests__/issue-verify-flow-jwt.test.ts +1 -1
  5. package/src/agent/CredentialProviderJWT.ts +20 -27
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/agent/CredentialProviderJWT.ts"],"sourcesContent":["export { CredentialProviderJWT } from './agent/CredentialProviderJWT'\n","import { asArray, intersect, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\nimport {\n type ICanIssueCredentialTypeArgs,\n type ICanVerifyDocumentTypeArgs,\n type ICreateVerifiableCredentialLDArgs,\n type ICreateVerifiablePresentationLDArgs,\n type IVcdmCredentialProvider,\n type IVcdmIssuerAgentContext,\n IVerifyCredentialVcdmArgs,\n IVerifyPresentationLDArgs,\n pickSigningKey,\n preProcessCredentialPayload,\n preProcessPresentation\n} from '@sphereon/ssi-sdk.credential-vcdm'\nimport { isVcdm1Credential, IVerifyResult } from '@sphereon/ssi-types'\nimport type {\n IAgentContext,\n IIdentifier,\n IKey,\n IKeyManager,\n VerifiableCredential,\n VerifierAgentContext\n} from '@veramo/core'\n\nimport canonicalize from 'canonicalize'\n\nimport Debug from 'debug'\n\nimport { decodeJWT } from 'did-jwt'\n\n\nimport {\n createVerifiableCredentialJwt,\n createVerifiablePresentationJwt,\n normalizeCredential,\n normalizePresentation,\n verifyCredential as verifyCredentialJWT,\n verifyPresentation as verifyPresentationJWT\n // @ts-ignore\n} from 'did-jwt-vc'\n\nimport { type Resolvable } from 'did-resolver'\n\nconst debug = Debug('sphereon:ssi-sdk:credential-jwt')\n\n/**\n * A handler that implements the {@link IVcdmCredentialProvider} methods.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport class CredentialProviderJWT implements IVcdmCredentialProvider {\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.matchKeyForType} */\n matchKeyForType(key: IKey): boolean {\n return this.matchKeyForJWT(key)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.getTypeProofFormat} */\n getTypeProofFormat(): string {\n return 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canIssueCredentialType} */\n canIssueCredentialType(args: ICanIssueCredentialTypeArgs): boolean {\n return args.proofFormat === 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canVerifyDocumentType */\n canVerifyDocumentType(args: ICanVerifyDocumentTypeArgs): boolean {\n const { document } = args\n const jwt = typeof document === 'string' ? document : (<VerifiableCredential>document)?.proof?.jwt\n if (!jwt) {\n return false\n }\n const { payload } = decodeJWT(jwt)\n if ('vc' in payload) {\n return isVcdm1Credential(payload.vc)\n } else if ('vp' in payload) {\n return isVcdm1Credential(payload.vp)\n }\n return false\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiableCredential} */\n async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n let { keyRef, removeOriginalFields, ...otherOptions } = args\n\n const { credential, issuer } = preProcessCredentialPayload(args)\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: issuer })\n } catch (e) {\n throw new Error(`invalid_argument: ${credential.issuer} must be a DID managed by this agent. ${e}`)\n }\n\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VC with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiableCredentialJwt(\n credential as any,\n {\n did: identifier.did,\n signer,\n alg, ...(key.meta.verificationMethod.id && { kid: key.meta.verificationMethod.id })\n },\n { removeOriginalFields, ...otherOptions }\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizeCredential(jwt)\n }\n\n /** {@inheritdoc ICredentialVerifier.verifyCredential} */\n async verifyCredential(args: IVerifyCredentialVcdmArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { credential, policies, ...otherOptions } = args\n let verifiedCredential: VerifiableCredential\n let verificationResult: IVerifyResult = { verified: false }\n let jwt: string = typeof credential === 'string' ? credential : asArray('proof' in credential ? credential.proof : [])?.[0]?.jwt\n let errorCode, message\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions\n })\n } as Resolvable\n try {\n // needs broader credential as well to check equivalence with jwt\n verificationResult = await verifyCredentialJWT(jwt, resolver, {\n ...otherOptions,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience\n }\n })\n verifiedCredential = verificationResult.verifiableCredential\n\n // if credential was presented with other fields, make sure those fields match what's in the JWT\n if (typeof credential !== 'string' && 'proof' in credential && asArray(credential.proof)[0].type === 'JwtProof2020') {\n const credentialCopy = JSON.parse(JSON.stringify(credential))\n delete credentialCopy.proof.jwt\n\n const verifiedCopy = JSON.parse(JSON.stringify(verifiedCredential))\n delete verifiedCopy.proof.jwt\n\n if (canonicalize(credentialCopy) !== canonicalize(verifiedCopy)) {\n verificationResult.verified = false\n verificationResult.error = new Error('invalid_credential: Credential JSON does not match JWT payload')\n }\n }\n } catch (e: any) {\n errorCode = e.errorCode\n message = e.message\n }\n if (verificationResult.verified) {\n return verificationResult\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0]\n }\n }\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiablePresentation} */\n async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n const { presentation, holder } = preProcessPresentation(args)\n let { domain, challenge, removeOriginalFields, keyRef, now, ...otherOptions } = args\n\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: holder })\n } catch (e) {\n throw new Error('invalid_argument: presentation.holder must be a DID managed by this agent')\n }\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VP with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiablePresentationJwt(\n presentation as any,\n { did: identifier.did, signer, alg },\n { removeOriginalFields, challenge, domain, ...otherOptions }\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizePresentation(jwt)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.verifyPresentation} */\n async verifyPresentation(args: IVerifyPresentationLDArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { presentation, domain, challenge, fetchRemoteContexts, policies, ...otherOptions } = args\n let jwt: string\n if (typeof presentation === 'string') {\n jwt = presentation\n } else {\n jwt = asArray(presentation.proof)[0].jwt\n }\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions\n })\n } as Resolvable\n\n let audience = domain\n if (!audience) {\n const { payload } = await decodeJWT(jwt)\n if (payload.aud) {\n // automatically add a managed DID as audience if one is found\n const intendedAudience = asArray(payload.aud)\n const managedDids = await context.agent.didManagerFind()\n const filtered = managedDids.filter((identifier) => intendedAudience.includes(identifier.did))\n if (filtered.length > 0) {\n audience = filtered[0].did\n }\n }\n }\n\n let message, errorCode\n try {\n const result = await verifyPresentationJWT(jwt, resolver, {\n challenge,\n domain,\n audience,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience\n },\n ...otherOptions\n })\n if (result) {\n return {\n verified: true,\n verifiablePresentation: result\n }\n }\n } catch (e: any) {\n message = e.message\n errorCode = e.errorCode\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0]\n }\n }\n }\n\n /**\n * Checks if a key is suitable for signing JWT payloads.\n * @param key - the key to check\n * @param context - the Veramo agent context, unused here\n *\n * @beta\n */\n matchKeyForJWT(key: IKey): boolean {\n switch (key.type) {\n case 'Ed25519':\n case 'Secp256r1':\n return true\n case 'Secp256k1':\n return intersect(key.meta?.algorithms ?? [], ['ES256K', 'ES256K-R']).length > 0\n default:\n return false\n }\n }\n\n wrapSigner(context: IAgentContext<Pick<IKeyManager, 'keyManagerSign'>>, key: IKey, algorithm?: string) {\n return async (data: string | Uint8Array): Promise<string> => {\n const result = await context.agent.keyManagerSign({ keyRef: key.kid, data: <string>data, algorithm })\n return result\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;ACAA,qBAAqF;AACrF,IAAAA,kBAYO;AACP,uBAAiD;AAUjD,0BAAyB;AAEzB,mBAAkB;AAElB,qBAA0B;AAG1B,wBAQO;AAIP,IAAMC,YAAQC,aAAAA,SAAM,iCAAA;AAOb,IAAMC,wBAAN,MAAMA;EAlDb,OAkDaA;;;;EAEXC,gBAAgBC,KAAoB;AAClC,WAAO,KAAKC,eAAeD,GAAAA;EAC7B;;EAGAE,qBAA6B;AAC3B,WAAO;EACT;;EAGAC,uBAAuBC,MAA4C;AACjE,WAAOA,KAAKC,gBAAgB;EAC9B;;EAGAC,sBAAsBF,MAA2C;AAC/D,UAAM,EAAEG,SAAQ,IAAKH;AACrB,UAAMI,MAAM,OAAOD,aAAa,WAAWA,WAAkCA,UAAWE,OAAOD;AAC/F,QAAI,CAACA,KAAK;AACR,aAAO;IACT;AACA,UAAM,EAAEE,QAAO,QAAKC,0BAAUH,GAAAA;AAC9B,QAAI,QAAQE,SAAS;AACnB,iBAAOE,oCAAkBF,QAAQG,EAAE;IACrC,WAAW,QAAQH,SAAS;AAC1B,iBAAOE,oCAAkBF,QAAQI,EAAE;IACrC;AACA,WAAO;EACT;;EAGA,MAAMC,2BAA2BX,MAAyCY,SAAmE;AAC3I,QAAI,EAAEC,QAAQC,sBAAsB,GAAGC,aAAAA,IAAiBf;AAExD,UAAM,EAAEgB,YAAYC,OAAM,QAAKC,6CAA4BlB,IAAAA;AAC3D,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKL;MAAO,CAAA;IAC/D,SAASM,GAAG;AACV,YAAM,IAAIC,MAAM,qBAAqBR,WAAWC,MAAM,yCAAyCM,CAAAA,EAAG;IACpG;AAEA,UAAM3B,MAAM,UAAM6B,gCAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,UAAM2B,iDAChBf,YACA;MACEM,KAAKH,WAAWG;MAChBO;MACAF;MAAK,GAAI/B,IAAIoC,KAAKC,mBAAmBC,MAAM;QAAEC,KAAKvC,IAAIoC,KAAKC,mBAAmBC;MAAG;IACnF,GACA;MAAEpB;MAAsB,GAAGC;IAAa,CAAA;AAG1CvB,UAAMY,GAAAA;AACN,eAAOgC,uCAAoBhC,GAAAA;EAC7B;;EAGA,MAAMiC,iBAAiBrC,MAAiCY,SAAuD;AAC7G,QAAI,EAAEI,YAAYsB,UAAU,GAAGvB,aAAAA,IAAiBf;AAChD,QAAIuC;AACJ,QAAIC,qBAAoC;MAAEC,UAAU;IAAM;AAC1D,QAAIrC,MAAc,OAAOY,eAAe,WAAWA,iBAAa0B,wBAAQ,WAAW1B,aAAaA,WAAWX,QAAQ,CAAA,CAAE,IAAI,CAAA,GAAID;AAC7H,QAAIuC,WAAWC;AACf,UAAMC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AACA,QAAI;AAEFV,2BAAqB,UAAMW,kBAAAA,kBAAoB/C,KAAKyC,UAAU;QAC5D,GAAG9B;QACHuB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;MACF,CAAA;AACAnB,2BAAqBC,mBAAmBmB;AAGxC,UAAI,OAAO3C,eAAe,YAAY,WAAWA,kBAAc0B,wBAAQ1B,WAAWX,KAAK,EAAE,CAAA,EAAGuB,SAAS,gBAAgB;AACnH,cAAMgC,iBAAiBC,KAAKC,MAAMD,KAAKE,UAAU/C,UAAAA,CAAAA;AACjD,eAAO4C,eAAevD,MAAMD;AAE5B,cAAM4D,eAAeH,KAAKC,MAAMD,KAAKE,UAAUxB,kBAAAA,CAAAA;AAC/C,eAAOyB,aAAa3D,MAAMD;AAE1B,gBAAI6D,oBAAAA,SAAaL,cAAAA,UAAoBK,oBAAAA,SAAaD,YAAAA,GAAe;AAC/DxB,6BAAmBC,WAAW;AAC9BD,6BAAmB0B,QAAQ,IAAI1C,MAAM,gEAAA;QACvC;MACF;IACF,SAASD,GAAQ;AACfoB,kBAAYpB,EAAEoB;AACdC,gBAAUrB,EAAEqB;IACd;AACA,QAAIJ,mBAAmBC,UAAU;AAC/B,aAAOD;IACT;AACA,WAAO;MACLC,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;EAGA,MAAMC,6BAA6BpE,MAA2CY,SAAqE;AACjJ,UAAM,EAAEyD,cAAcC,OAAM,QAAKC,wCAAuBvE,IAAAA;AACxD,QAAI,EAAEwE,QAAQC,WAAW3D,sBAAsBD,QAAQ6D,KAAK,GAAG3D,aAAAA,IAAiBf;AAEhF,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKgD;MAAO,CAAA;IAC/D,SAAS/C,GAAG;AACV,YAAM,IAAIC,MAAM,2EAAA;IAClB;AACA,UAAM5B,MAAM,UAAM6B,gCAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,UAAMuE,mDAChBN,cACA;MAAE/C,KAAKH,WAAWG;MAAKO;MAAQF;IAAI,GACnC;MAAEb;MAAsB2D;MAAWD;MAAQ,GAAGzD;IAAa,CAAA;AAG7DvB,UAAMY,GAAAA;AACN,eAAOwE,yCAAsBxE,GAAAA;EAC/B;;EAGA,MAAMyE,mBAAmB7E,MAAiCY,SAAuD;AAC/G,QAAI,EAAEyD,cAAcG,QAAQC,WAAWK,qBAAqBxC,UAAU,GAAGvB,aAAAA,IAAiBf;AAC1F,QAAII;AACJ,QAAI,OAAOiE,iBAAiB,UAAU;AACpCjE,YAAMiE;IACR,OAAO;AACLjE,gBAAMsC,wBAAQ2B,aAAahE,KAAK,EAAE,CAAA,EAAGD;IACvC;AACA,UAAMyC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AAEA,QAAIQ,WAAWc;AACf,QAAI,CAACd,UAAU;AACb,YAAM,EAAEpD,QAAO,IAAK,UAAMC,0BAAUH,GAAAA;AACpC,UAAIE,QAAQmD,KAAK;AAEf,cAAMsB,uBAAmBrC,wBAAQpC,QAAQmD,GAAG;AAC5C,cAAMuB,cAAc,MAAMpE,QAAQQ,MAAM6D,eAAc;AACtD,cAAMC,WAAWF,YAAYG,OAAO,CAAChE,eAAe4D,iBAAiBK,SAASjE,WAAWG,GAAG,CAAA;AAC5F,YAAI4D,SAASG,SAAS,GAAG;AACvB3B,qBAAWwB,SAAS,CAAA,EAAG5D;QACzB;MACF;IACF;AAEA,QAAIsB,SAASD;AACb,QAAI;AACF,YAAM2C,SAAS,UAAMC,kBAAAA,oBAAsBnF,KAAKyC,UAAU;QACxD4B;QACAD;QACAd;QACApB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;QACA,GAAG3C;MACL,CAAA;AACA,UAAIuE,QAAQ;AACV,eAAO;UACL7C,UAAU;UACV+C,wBAAwBF;QAC1B;MACF;IACF,SAAS/D,GAAQ;AACfqB,gBAAUrB,EAAEqB;AACZD,kBAAYpB,EAAEoB;IAChB;AACA,WAAO;MACLF,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;;;;;;;EASAtE,eAAeD,KAAoB;AACjC,YAAQA,IAAIgC,MAAI;MACd,KAAK;MACL,KAAK;AACH,eAAO;MACT,KAAK;AACH,mBAAO6D,0BAAU7F,IAAIoC,MAAM0D,cAAc,CAAA,GAAI;UAAC;UAAU;SAAW,EAAEL,SAAS;MAChF;AACE,eAAO;IACX;EACF;EAEAvD,WAAWlB,SAA6DhB,KAAW+F,WAAoB;AACrG,WAAO,OAAOC,SAAAA;AACZ,YAAMN,SAAS,MAAM1E,QAAQQ,MAAMyE,eAAe;QAAEhF,QAAQjB,IAAIuC;QAAKyD;QAAoBD;MAAU,CAAA;AACnG,aAAOL;IACT;EACF;AACF;","names":["import_ssi_sdk","debug","Debug","CredentialProviderJWT","matchKeyForType","key","matchKeyForJWT","getTypeProofFormat","canIssueCredentialType","args","proofFormat","canVerifyDocumentType","document","jwt","proof","payload","decodeJWT","isVcdm1Credential","vc","vp","createVerifiableCredential","context","keyRef","removeOriginalFields","otherOptions","credential","issuer","preProcessCredentialPayload","identifier","agent","didManagerGet","did","e","Error","pickSigningKey","kmsKeyRef","alg","type","signer","wrapSigner","createVerifiableCredentialJwt","meta","verificationMethod","id","kid","normalizeCredential","verifyCredential","policies","verifiedCredential","verificationResult","verified","asArray","errorCode","message","resolver","resolve","didUrl","resolveDid","options","resolutionOptions","verifyCredentialJWT","nbf","issuanceDate","iat","exp","expirationDate","aud","audience","verifiableCredential","credentialCopy","JSON","parse","stringify","verifiedCopy","canonicalize","error","split","createVerifiablePresentation","presentation","holder","preProcessPresentation","domain","challenge","now","createVerifiablePresentationJwt","normalizePresentation","verifyPresentation","fetchRemoteContexts","intendedAudience","managedDids","didManagerFind","filtered","filter","includes","length","result","verifyPresentationJWT","verifiablePresentation","intersect","algorithms","algorithm","data","keyManagerSign"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/agent/CredentialProviderJWT.ts"],"sourcesContent":["export { CredentialProviderJWT } from './agent/CredentialProviderJWT'\n","import { asArray, intersect, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\nimport {\n type ICanIssueCredentialTypeArgs,\n type ICanVerifyDocumentTypeArgs,\n type ICreateVerifiableCredentialLDArgs,\n type ICreateVerifiablePresentationLDArgs,\n type IVcdmCredentialProvider,\n type IVcdmIssuerAgentContext,\n IVerifyCredentialVcdmArgs,\n IVerifyPresentationLDArgs,\n pickSigningKey,\n preProcessCredentialPayload,\n preProcessPresentation,\n} from '@sphereon/ssi-sdk.credential-vcdm'\nimport { isVcdm1Credential, IVerifyResult } from '@sphereon/ssi-types'\nimport type { IAgentContext, IIdentifier, IKey, IKeyManager, VerifiableCredential, VerifierAgentContext } from '@veramo/core'\n\nimport canonicalize from 'canonicalize'\n\nimport Debug from 'debug'\n\nimport { decodeJWT } from 'did-jwt'\n\nimport {\n createVerifiableCredentialJwt,\n createVerifiablePresentationJwt,\n normalizeCredential,\n normalizePresentation,\n verifyCredential as verifyCredentialJWT,\n verifyPresentation as verifyPresentationJWT,\n // @ts-ignore\n} from 'did-jwt-vc'\n\nimport { type Resolvable } from 'did-resolver'\n\nconst debug = Debug('sphereon:ssi-sdk:credential-jwt')\n\n/**\n * A handler that implements the {@link IVcdmCredentialProvider} methods.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport class CredentialProviderJWT implements IVcdmCredentialProvider {\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.matchKeyForType} */\n matchKeyForType(key: IKey): boolean {\n return this.matchKeyForJWT(key)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.getTypeProofFormat} */\n getTypeProofFormat(): string {\n return 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canIssueCredentialType} */\n canIssueCredentialType(args: ICanIssueCredentialTypeArgs): boolean {\n return args.proofFormat === 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canVerifyDocumentType */\n canVerifyDocumentType(args: ICanVerifyDocumentTypeArgs): boolean {\n const { document } = args\n const jwt = typeof document === 'string' ? document : (<VerifiableCredential>document)?.proof?.jwt\n if (!jwt) {\n return false\n }\n const { payload } = decodeJWT(jwt)\n if ('vc' in payload) {\n return isVcdm1Credential(payload.vc)\n } else if ('vp' in payload) {\n return isVcdm1Credential(payload.vp)\n }\n return false\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiableCredential} */\n async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n let { keyRef, removeOriginalFields, ...otherOptions } = args\n\n const { credential, issuer } = preProcessCredentialPayload(args)\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: issuer })\n } catch (e) {\n throw new Error(`invalid_argument: ${credential.issuer} must be a DID managed by this agent. ${e}`)\n }\n\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VC with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiableCredentialJwt(\n credential as any,\n {\n did: identifier.did,\n signer,\n alg,\n ...(key.meta.verificationMethod.id && { kid: key.meta.verificationMethod.id }),\n },\n { removeOriginalFields, ...otherOptions },\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizeCredential(jwt)\n }\n\n /** {@inheritdoc ICredentialVerifier.verifyCredential} */\n async verifyCredential(args: IVerifyCredentialVcdmArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { credential, policies, ...otherOptions } = args\n let verifiedCredential: VerifiableCredential\n let verificationResult: IVerifyResult = { verified: false }\n let jwt: string = typeof credential === 'string' ? credential : asArray('proof' in credential ? credential.proof : [])?.[0]?.jwt\n let errorCode, message\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions,\n }),\n } as Resolvable\n try {\n // needs broader credential as well to check equivalence with jwt\n verificationResult = await verifyCredentialJWT(jwt, resolver, {\n ...otherOptions,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience,\n },\n })\n verifiedCredential = verificationResult.verifiableCredential\n\n // if credential was presented with other fields, make sure those fields match what's in the JWT\n if (typeof credential !== 'string' && 'proof' in credential && asArray(credential.proof)[0].type === 'JwtProof2020') {\n const credentialCopy = JSON.parse(JSON.stringify(credential))\n delete credentialCopy.proof.jwt\n\n const verifiedCopy = JSON.parse(JSON.stringify(verifiedCredential))\n delete verifiedCopy.proof.jwt\n\n if (canonicalize(credentialCopy) !== canonicalize(verifiedCopy)) {\n verificationResult.verified = false\n verificationResult.error = new Error('invalid_credential: Credential JSON does not match JWT payload')\n }\n }\n } catch (e: any) {\n errorCode = e.errorCode\n message = e.message\n }\n if (verificationResult.verified) {\n return verificationResult\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0],\n },\n }\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiablePresentation} */\n async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n const { presentation, holder } = preProcessPresentation(args)\n let { domain, challenge, removeOriginalFields, keyRef, now, ...otherOptions } = args\n\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: holder })\n } catch (e) {\n throw new Error('invalid_argument: presentation.holder must be a DID managed by this agent')\n }\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VP with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiablePresentationJwt(\n presentation as any,\n { did: identifier.did, signer, alg },\n { removeOriginalFields, challenge, domain, ...otherOptions },\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizePresentation(jwt)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.verifyPresentation} */\n async verifyPresentation(args: IVerifyPresentationLDArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { presentation, domain, challenge, fetchRemoteContexts, policies, ...otherOptions } = args\n let jwt: string\n if (typeof presentation === 'string') {\n jwt = presentation\n } else {\n jwt = asArray(presentation.proof)[0].jwt\n }\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions,\n }),\n } as Resolvable\n\n let audience = domain\n if (!audience) {\n const { payload } = await decodeJWT(jwt)\n if (payload.aud) {\n // automatically add a managed DID as audience if one is found\n const intendedAudience = asArray(payload.aud)\n const managedDids = await context.agent.didManagerFind()\n const filtered = managedDids.filter((identifier) => intendedAudience.includes(identifier.did))\n if (filtered.length > 0) {\n audience = filtered[0].did\n }\n }\n }\n\n let message, errorCode\n try {\n const result = await verifyPresentationJWT(jwt, resolver, {\n challenge,\n domain,\n audience,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience,\n },\n ...otherOptions,\n })\n if (result) {\n return {\n verified: true,\n verifiablePresentation: result,\n }\n }\n } catch (e: any) {\n message = e.message\n errorCode = e.errorCode\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0],\n },\n }\n }\n\n /**\n * Checks if a key is suitable for signing JWT payloads.\n * @param key - the key to check\n * @param context - the Veramo agent context, unused here\n *\n * @beta\n */\n matchKeyForJWT(key: IKey): boolean {\n switch (key.type) {\n case 'Ed25519':\n case 'Secp256r1':\n return true\n case 'Secp256k1':\n return intersect(key.meta?.algorithms ?? [], ['ES256K', 'ES256K-R']).length > 0\n default:\n return false\n }\n }\n\n wrapSigner(context: IAgentContext<Pick<IKeyManager, 'keyManagerSign'>>, key: IKey, algorithm?: string) {\n return async (data: string | Uint8Array): Promise<string> => {\n const result = await context.agent.keyManagerSign({ keyRef: key.kid, data: <string>data, algorithm })\n return result\n }\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;ACAA,qBAAqF;AACrF,IAAAA,kBAYO;AACP,uBAAiD;AAGjD,0BAAyB;AAEzB,mBAAkB;AAElB,qBAA0B;AAE1B,wBAQO;AAIP,IAAMC,YAAQC,aAAAA,SAAM,iCAAA;AAOb,IAAMC,wBAAN,MAAMA;EA1Cb,OA0CaA;;;;EAEXC,gBAAgBC,KAAoB;AAClC,WAAO,KAAKC,eAAeD,GAAAA;EAC7B;;EAGAE,qBAA6B;AAC3B,WAAO;EACT;;EAGAC,uBAAuBC,MAA4C;AACjE,WAAOA,KAAKC,gBAAgB;EAC9B;;EAGAC,sBAAsBF,MAA2C;AAC/D,UAAM,EAAEG,SAAQ,IAAKH;AACrB,UAAMI,MAAM,OAAOD,aAAa,WAAWA,WAAkCA,UAAWE,OAAOD;AAC/F,QAAI,CAACA,KAAK;AACR,aAAO;IACT;AACA,UAAM,EAAEE,QAAO,QAAKC,0BAAUH,GAAAA;AAC9B,QAAI,QAAQE,SAAS;AACnB,iBAAOE,oCAAkBF,QAAQG,EAAE;IACrC,WAAW,QAAQH,SAAS;AAC1B,iBAAOE,oCAAkBF,QAAQI,EAAE;IACrC;AACA,WAAO;EACT;;EAGA,MAAMC,2BAA2BX,MAAyCY,SAAmE;AAC3I,QAAI,EAAEC,QAAQC,sBAAsB,GAAGC,aAAAA,IAAiBf;AAExD,UAAM,EAAEgB,YAAYC,OAAM,QAAKC,6CAA4BlB,IAAAA;AAC3D,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKL;MAAO,CAAA;IAC/D,SAASM,GAAG;AACV,YAAM,IAAIC,MAAM,qBAAqBR,WAAWC,MAAM,yCAAyCM,CAAAA,EAAG;IACpG;AAEA,UAAM3B,MAAM,UAAM6B,gCAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,UAAM2B,iDAChBf,YACA;MACEM,KAAKH,WAAWG;MAChBO;MACAF;MACA,GAAI/B,IAAIoC,KAAKC,mBAAmBC,MAAM;QAAEC,KAAKvC,IAAIoC,KAAKC,mBAAmBC;MAAG;IAC9E,GACA;MAAEpB;MAAsB,GAAGC;IAAa,CAAA;AAG1CvB,UAAMY,GAAAA;AACN,eAAOgC,uCAAoBhC,GAAAA;EAC7B;;EAGA,MAAMiC,iBAAiBrC,MAAiCY,SAAuD;AAC7G,QAAI,EAAEI,YAAYsB,UAAU,GAAGvB,aAAAA,IAAiBf;AAChD,QAAIuC;AACJ,QAAIC,qBAAoC;MAAEC,UAAU;IAAM;AAC1D,QAAIrC,MAAc,OAAOY,eAAe,WAAWA,iBAAa0B,wBAAQ,WAAW1B,aAAaA,WAAWX,QAAQ,CAAA,CAAE,IAAI,CAAA,GAAID;AAC7H,QAAIuC,WAAWC;AACf,UAAMC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AACA,QAAI;AAEFV,2BAAqB,UAAMW,kBAAAA,kBAAoB/C,KAAKyC,UAAU;QAC5D,GAAG9B;QACHuB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;MACF,CAAA;AACAnB,2BAAqBC,mBAAmBmB;AAGxC,UAAI,OAAO3C,eAAe,YAAY,WAAWA,kBAAc0B,wBAAQ1B,WAAWX,KAAK,EAAE,CAAA,EAAGuB,SAAS,gBAAgB;AACnH,cAAMgC,iBAAiBC,KAAKC,MAAMD,KAAKE,UAAU/C,UAAAA,CAAAA;AACjD,eAAO4C,eAAevD,MAAMD;AAE5B,cAAM4D,eAAeH,KAAKC,MAAMD,KAAKE,UAAUxB,kBAAAA,CAAAA;AAC/C,eAAOyB,aAAa3D,MAAMD;AAE1B,gBAAI6D,oBAAAA,SAAaL,cAAAA,UAAoBK,oBAAAA,SAAaD,YAAAA,GAAe;AAC/DxB,6BAAmBC,WAAW;AAC9BD,6BAAmB0B,QAAQ,IAAI1C,MAAM,gEAAA;QACvC;MACF;IACF,SAASD,GAAQ;AACfoB,kBAAYpB,EAAEoB;AACdC,gBAAUrB,EAAEqB;IACd;AACA,QAAIJ,mBAAmBC,UAAU;AAC/B,aAAOD;IACT;AACA,WAAO;MACLC,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;EAGA,MAAMC,6BAA6BpE,MAA2CY,SAAqE;AACjJ,UAAM,EAAEyD,cAAcC,OAAM,QAAKC,wCAAuBvE,IAAAA;AACxD,QAAI,EAAEwE,QAAQC,WAAW3D,sBAAsBD,QAAQ6D,KAAK,GAAG3D,aAAAA,IAAiBf;AAEhF,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKgD;MAAO,CAAA;IAC/D,SAAS/C,GAAG;AACV,YAAM,IAAIC,MAAM,2EAAA;IAClB;AACA,UAAM5B,MAAM,UAAM6B,gCAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,UAAMuE,mDAChBN,cACA;MAAE/C,KAAKH,WAAWG;MAAKO;MAAQF;IAAI,GACnC;MAAEb;MAAsB2D;MAAWD;MAAQ,GAAGzD;IAAa,CAAA;AAG7DvB,UAAMY,GAAAA;AACN,eAAOwE,yCAAsBxE,GAAAA;EAC/B;;EAGA,MAAMyE,mBAAmB7E,MAAiCY,SAAuD;AAC/G,QAAI,EAAEyD,cAAcG,QAAQC,WAAWK,qBAAqBxC,UAAU,GAAGvB,aAAAA,IAAiBf;AAC1F,QAAII;AACJ,QAAI,OAAOiE,iBAAiB,UAAU;AACpCjE,YAAMiE;IACR,OAAO;AACLjE,gBAAMsC,wBAAQ2B,aAAahE,KAAK,EAAE,CAAA,EAAGD;IACvC;AACA,UAAMyC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AAEA,QAAIQ,WAAWc;AACf,QAAI,CAACd,UAAU;AACb,YAAM,EAAEpD,QAAO,IAAK,UAAMC,0BAAUH,GAAAA;AACpC,UAAIE,QAAQmD,KAAK;AAEf,cAAMsB,uBAAmBrC,wBAAQpC,QAAQmD,GAAG;AAC5C,cAAMuB,cAAc,MAAMpE,QAAQQ,MAAM6D,eAAc;AACtD,cAAMC,WAAWF,YAAYG,OAAO,CAAChE,eAAe4D,iBAAiBK,SAASjE,WAAWG,GAAG,CAAA;AAC5F,YAAI4D,SAASG,SAAS,GAAG;AACvB3B,qBAAWwB,SAAS,CAAA,EAAG5D;QACzB;MACF;IACF;AAEA,QAAIsB,SAASD;AACb,QAAI;AACF,YAAM2C,SAAS,UAAMC,kBAAAA,oBAAsBnF,KAAKyC,UAAU;QACxD4B;QACAD;QACAd;QACApB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;QACA,GAAG3C;MACL,CAAA;AACA,UAAIuE,QAAQ;AACV,eAAO;UACL7C,UAAU;UACV+C,wBAAwBF;QAC1B;MACF;IACF,SAAS/D,GAAQ;AACfqB,gBAAUrB,EAAEqB;AACZD,kBAAYpB,EAAEoB;IAChB;AACA,WAAO;MACLF,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;;;;;;;EASAtE,eAAeD,KAAoB;AACjC,YAAQA,IAAIgC,MAAI;MACd,KAAK;MACL,KAAK;AACH,eAAO;MACT,KAAK;AACH,mBAAO6D,0BAAU7F,IAAIoC,MAAM0D,cAAc,CAAA,GAAI;UAAC;UAAU;SAAW,EAAEL,SAAS;MAChF;AACE,eAAO;IACX;EACF;EAEAvD,WAAWlB,SAA6DhB,KAAW+F,WAAoB;AACrG,WAAO,OAAOC,SAAAA;AACZ,YAAMN,SAAS,MAAM1E,QAAQQ,MAAMyE,eAAe;QAAEhF,QAAQjB,IAAIuC;QAAKyD;QAAoBD;MAAU,CAAA;AACnG,aAAOL;IACT;EACF;AACF;","names":["import_ssi_sdk","debug","Debug","CredentialProviderJWT","matchKeyForType","key","matchKeyForJWT","getTypeProofFormat","canIssueCredentialType","args","proofFormat","canVerifyDocumentType","document","jwt","proof","payload","decodeJWT","isVcdm1Credential","vc","vp","createVerifiableCredential","context","keyRef","removeOriginalFields","otherOptions","credential","issuer","preProcessCredentialPayload","identifier","agent","didManagerGet","did","e","Error","pickSigningKey","kmsKeyRef","alg","type","signer","wrapSigner","createVerifiableCredentialJwt","meta","verificationMethod","id","kid","normalizeCredential","verifyCredential","policies","verifiedCredential","verificationResult","verified","asArray","errorCode","message","resolver","resolve","didUrl","resolveDid","options","resolutionOptions","verifyCredentialJWT","nbf","issuanceDate","iat","exp","expirationDate","aud","audience","verifiableCredential","credentialCopy","JSON","parse","stringify","verifiedCopy","canonicalize","error","split","createVerifiablePresentation","presentation","holder","preProcessPresentation","domain","challenge","now","createVerifiablePresentationJwt","normalizePresentation","verifyPresentation","fetchRemoteContexts","intendedAudience","managedDids","didManagerFind","filtered","filter","includes","length","result","verifyPresentationJWT","verifiablePresentation","intersect","algorithms","algorithm","data","keyManagerSign"]}
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/agent/CredentialProviderJWT.ts"],"sourcesContent":["import { asArray, intersect, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\nimport {\n type ICanIssueCredentialTypeArgs,\n type ICanVerifyDocumentTypeArgs,\n type ICreateVerifiableCredentialLDArgs,\n type ICreateVerifiablePresentationLDArgs,\n type IVcdmCredentialProvider,\n type IVcdmIssuerAgentContext,\n IVerifyCredentialVcdmArgs,\n IVerifyPresentationLDArgs,\n pickSigningKey,\n preProcessCredentialPayload,\n preProcessPresentation\n} from '@sphereon/ssi-sdk.credential-vcdm'\nimport { isVcdm1Credential, IVerifyResult } from '@sphereon/ssi-types'\nimport type {\n IAgentContext,\n IIdentifier,\n IKey,\n IKeyManager,\n VerifiableCredential,\n VerifierAgentContext\n} from '@veramo/core'\n\nimport canonicalize from 'canonicalize'\n\nimport Debug from 'debug'\n\nimport { decodeJWT } from 'did-jwt'\n\n\nimport {\n createVerifiableCredentialJwt,\n createVerifiablePresentationJwt,\n normalizeCredential,\n normalizePresentation,\n verifyCredential as verifyCredentialJWT,\n verifyPresentation as verifyPresentationJWT\n // @ts-ignore\n} from 'did-jwt-vc'\n\nimport { type Resolvable } from 'did-resolver'\n\nconst debug = Debug('sphereon:ssi-sdk:credential-jwt')\n\n/**\n * A handler that implements the {@link IVcdmCredentialProvider} methods.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport class CredentialProviderJWT implements IVcdmCredentialProvider {\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.matchKeyForType} */\n matchKeyForType(key: IKey): boolean {\n return this.matchKeyForJWT(key)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.getTypeProofFormat} */\n getTypeProofFormat(): string {\n return 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canIssueCredentialType} */\n canIssueCredentialType(args: ICanIssueCredentialTypeArgs): boolean {\n return args.proofFormat === 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canVerifyDocumentType */\n canVerifyDocumentType(args: ICanVerifyDocumentTypeArgs): boolean {\n const { document } = args\n const jwt = typeof document === 'string' ? document : (<VerifiableCredential>document)?.proof?.jwt\n if (!jwt) {\n return false\n }\n const { payload } = decodeJWT(jwt)\n if ('vc' in payload) {\n return isVcdm1Credential(payload.vc)\n } else if ('vp' in payload) {\n return isVcdm1Credential(payload.vp)\n }\n return false\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiableCredential} */\n async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n let { keyRef, removeOriginalFields, ...otherOptions } = args\n\n const { credential, issuer } = preProcessCredentialPayload(args)\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: issuer })\n } catch (e) {\n throw new Error(`invalid_argument: ${credential.issuer} must be a DID managed by this agent. ${e}`)\n }\n\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VC with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiableCredentialJwt(\n credential as any,\n {\n did: identifier.did,\n signer,\n alg, ...(key.meta.verificationMethod.id && { kid: key.meta.verificationMethod.id })\n },\n { removeOriginalFields, ...otherOptions }\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizeCredential(jwt)\n }\n\n /** {@inheritdoc ICredentialVerifier.verifyCredential} */\n async verifyCredential(args: IVerifyCredentialVcdmArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { credential, policies, ...otherOptions } = args\n let verifiedCredential: VerifiableCredential\n let verificationResult: IVerifyResult = { verified: false }\n let jwt: string = typeof credential === 'string' ? credential : asArray('proof' in credential ? credential.proof : [])?.[0]?.jwt\n let errorCode, message\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions\n })\n } as Resolvable\n try {\n // needs broader credential as well to check equivalence with jwt\n verificationResult = await verifyCredentialJWT(jwt, resolver, {\n ...otherOptions,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience\n }\n })\n verifiedCredential = verificationResult.verifiableCredential\n\n // if credential was presented with other fields, make sure those fields match what's in the JWT\n if (typeof credential !== 'string' && 'proof' in credential && asArray(credential.proof)[0].type === 'JwtProof2020') {\n const credentialCopy = JSON.parse(JSON.stringify(credential))\n delete credentialCopy.proof.jwt\n\n const verifiedCopy = JSON.parse(JSON.stringify(verifiedCredential))\n delete verifiedCopy.proof.jwt\n\n if (canonicalize(credentialCopy) !== canonicalize(verifiedCopy)) {\n verificationResult.verified = false\n verificationResult.error = new Error('invalid_credential: Credential JSON does not match JWT payload')\n }\n }\n } catch (e: any) {\n errorCode = e.errorCode\n message = e.message\n }\n if (verificationResult.verified) {\n return verificationResult\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0]\n }\n }\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiablePresentation} */\n async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n const { presentation, holder } = preProcessPresentation(args)\n let { domain, challenge, removeOriginalFields, keyRef, now, ...otherOptions } = args\n\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: holder })\n } catch (e) {\n throw new Error('invalid_argument: presentation.holder must be a DID managed by this agent')\n }\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VP with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiablePresentationJwt(\n presentation as any,\n { did: identifier.did, signer, alg },\n { removeOriginalFields, challenge, domain, ...otherOptions }\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizePresentation(jwt)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.verifyPresentation} */\n async verifyPresentation(args: IVerifyPresentationLDArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { presentation, domain, challenge, fetchRemoteContexts, policies, ...otherOptions } = args\n let jwt: string\n if (typeof presentation === 'string') {\n jwt = presentation\n } else {\n jwt = asArray(presentation.proof)[0].jwt\n }\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions\n })\n } as Resolvable\n\n let audience = domain\n if (!audience) {\n const { payload } = await decodeJWT(jwt)\n if (payload.aud) {\n // automatically add a managed DID as audience if one is found\n const intendedAudience = asArray(payload.aud)\n const managedDids = await context.agent.didManagerFind()\n const filtered = managedDids.filter((identifier) => intendedAudience.includes(identifier.did))\n if (filtered.length > 0) {\n audience = filtered[0].did\n }\n }\n }\n\n let message, errorCode\n try {\n const result = await verifyPresentationJWT(jwt, resolver, {\n challenge,\n domain,\n audience,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience\n },\n ...otherOptions\n })\n if (result) {\n return {\n verified: true,\n verifiablePresentation: result\n }\n }\n } catch (e: any) {\n message = e.message\n errorCode = e.errorCode\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0]\n }\n }\n }\n\n /**\n * Checks if a key is suitable for signing JWT payloads.\n * @param key - the key to check\n * @param context - the Veramo agent context, unused here\n *\n * @beta\n */\n matchKeyForJWT(key: IKey): boolean {\n switch (key.type) {\n case 'Ed25519':\n case 'Secp256r1':\n return true\n case 'Secp256k1':\n return intersect(key.meta?.algorithms ?? [], ['ES256K', 'ES256K-R']).length > 0\n default:\n return false\n }\n }\n\n wrapSigner(context: IAgentContext<Pick<IKeyManager, 'keyManagerSign'>>, key: IKey, algorithm?: string) {\n return async (data: string | Uint8Array): Promise<string> => {\n const result = await context.agent.keyManagerSign({ keyRef: key.kid, data: <string>data, algorithm })\n return result\n }\n }\n}\n"],"mappings":";;;;AAAA,SAASA,SAASC,iBAAmE;AACrF,SASEC,gBACAC,6BACAC,8BACK;AACP,SAASC,yBAAwC;AAUjD,OAAOC,kBAAkB;AAEzB,OAAOC,WAAW;AAElB,SAASC,iBAAiB;AAG1B,SACEC,+BACAC,iCACAC,qBACAC,uBACAC,oBAAoBC,qBACpBC,sBAAsBC,6BAEjB;AAIP,IAAMC,QAAQC,MAAM,iCAAA;AAOb,IAAMC,wBAAN,MAAMA;EAlDb,OAkDaA;;;;EAEXC,gBAAgBC,KAAoB;AAClC,WAAO,KAAKC,eAAeD,GAAAA;EAC7B;;EAGAE,qBAA6B;AAC3B,WAAO;EACT;;EAGAC,uBAAuBC,MAA4C;AACjE,WAAOA,KAAKC,gBAAgB;EAC9B;;EAGAC,sBAAsBF,MAA2C;AAC/D,UAAM,EAAEG,SAAQ,IAAKH;AACrB,UAAMI,MAAM,OAAOD,aAAa,WAAWA,WAAkCA,UAAWE,OAAOD;AAC/F,QAAI,CAACA,KAAK;AACR,aAAO;IACT;AACA,UAAM,EAAEE,QAAO,IAAKC,UAAUH,GAAAA;AAC9B,QAAI,QAAQE,SAAS;AACnB,aAAOE,kBAAkBF,QAAQG,EAAE;IACrC,WAAW,QAAQH,SAAS;AAC1B,aAAOE,kBAAkBF,QAAQI,EAAE;IACrC;AACA,WAAO;EACT;;EAGA,MAAMC,2BAA2BX,MAAyCY,SAAmE;AAC3I,QAAI,EAAEC,QAAQC,sBAAsB,GAAGC,aAAAA,IAAiBf;AAExD,UAAM,EAAEgB,YAAYC,OAAM,IAAKC,4BAA4BlB,IAAAA;AAC3D,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKL;MAAO,CAAA;IAC/D,SAASM,GAAG;AACV,YAAM,IAAIC,MAAM,qBAAqBR,WAAWC,MAAM,yCAAyCM,CAAAA,EAAG;IACpG;AAEA,UAAM3B,MAAM,MAAM6B,eAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,MAAM2B,8BAChBf,YACA;MACEM,KAAKH,WAAWG;MAChBO;MACAF;MAAK,GAAI/B,IAAIoC,KAAKC,mBAAmBC,MAAM;QAAEC,KAAKvC,IAAIoC,KAAKC,mBAAmBC;MAAG;IACnF,GACA;MAAEpB;MAAsB,GAAGC;IAAa,CAAA;AAG1CvB,UAAMY,GAAAA;AACN,WAAOgC,oBAAoBhC,GAAAA;EAC7B;;EAGA,MAAMiC,iBAAiBrC,MAAiCY,SAAuD;AAC7G,QAAI,EAAEI,YAAYsB,UAAU,GAAGvB,aAAAA,IAAiBf;AAChD,QAAIuC;AACJ,QAAIC,qBAAoC;MAAEC,UAAU;IAAM;AAC1D,QAAIrC,MAAc,OAAOY,eAAe,WAAWA,aAAa0B,QAAQ,WAAW1B,aAAaA,WAAWX,QAAQ,CAAA,CAAE,IAAI,CAAA,GAAID;AAC7H,QAAIuC,WAAWC;AACf,UAAMC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AACA,QAAI;AAEFV,2BAAqB,MAAMW,oBAAoB/C,KAAKyC,UAAU;QAC5D,GAAG9B;QACHuB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;MACF,CAAA;AACAnB,2BAAqBC,mBAAmBmB;AAGxC,UAAI,OAAO3C,eAAe,YAAY,WAAWA,cAAc0B,QAAQ1B,WAAWX,KAAK,EAAE,CAAA,EAAGuB,SAAS,gBAAgB;AACnH,cAAMgC,iBAAiBC,KAAKC,MAAMD,KAAKE,UAAU/C,UAAAA,CAAAA;AACjD,eAAO4C,eAAevD,MAAMD;AAE5B,cAAM4D,eAAeH,KAAKC,MAAMD,KAAKE,UAAUxB,kBAAAA,CAAAA;AAC/C,eAAOyB,aAAa3D,MAAMD;AAE1B,YAAI6D,aAAaL,cAAAA,MAAoBK,aAAaD,YAAAA,GAAe;AAC/DxB,6BAAmBC,WAAW;AAC9BD,6BAAmB0B,QAAQ,IAAI1C,MAAM,gEAAA;QACvC;MACF;IACF,SAASD,GAAQ;AACfoB,kBAAYpB,EAAEoB;AACdC,gBAAUrB,EAAEqB;IACd;AACA,QAAIJ,mBAAmBC,UAAU;AAC/B,aAAOD;IACT;AACA,WAAO;MACLC,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;EAGA,MAAMC,6BAA6BpE,MAA2CY,SAAqE;AACjJ,UAAM,EAAEyD,cAAcC,OAAM,IAAKC,uBAAuBvE,IAAAA;AACxD,QAAI,EAAEwE,QAAQC,WAAW3D,sBAAsBD,QAAQ6D,KAAK,GAAG3D,aAAAA,IAAiBf;AAEhF,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKgD;MAAO,CAAA;IAC/D,SAAS/C,GAAG;AACV,YAAM,IAAIC,MAAM,2EAAA;IAClB;AACA,UAAM5B,MAAM,MAAM6B,eAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,MAAMuE,gCAChBN,cACA;MAAE/C,KAAKH,WAAWG;MAAKO;MAAQF;IAAI,GACnC;MAAEb;MAAsB2D;MAAWD;MAAQ,GAAGzD;IAAa,CAAA;AAG7DvB,UAAMY,GAAAA;AACN,WAAOwE,sBAAsBxE,GAAAA;EAC/B;;EAGA,MAAMyE,mBAAmB7E,MAAiCY,SAAuD;AAC/G,QAAI,EAAEyD,cAAcG,QAAQC,WAAWK,qBAAqBxC,UAAU,GAAGvB,aAAAA,IAAiBf;AAC1F,QAAII;AACJ,QAAI,OAAOiE,iBAAiB,UAAU;AACpCjE,YAAMiE;IACR,OAAO;AACLjE,YAAMsC,QAAQ2B,aAAahE,KAAK,EAAE,CAAA,EAAGD;IACvC;AACA,UAAMyC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AAEA,QAAIQ,WAAWc;AACf,QAAI,CAACd,UAAU;AACb,YAAM,EAAEpD,QAAO,IAAK,MAAMC,UAAUH,GAAAA;AACpC,UAAIE,QAAQmD,KAAK;AAEf,cAAMsB,mBAAmBrC,QAAQpC,QAAQmD,GAAG;AAC5C,cAAMuB,cAAc,MAAMpE,QAAQQ,MAAM6D,eAAc;AACtD,cAAMC,WAAWF,YAAYG,OAAO,CAAChE,eAAe4D,iBAAiBK,SAASjE,WAAWG,GAAG,CAAA;AAC5F,YAAI4D,SAASG,SAAS,GAAG;AACvB3B,qBAAWwB,SAAS,CAAA,EAAG5D;QACzB;MACF;IACF;AAEA,QAAIsB,SAASD;AACb,QAAI;AACF,YAAM2C,SAAS,MAAMC,sBAAsBnF,KAAKyC,UAAU;QACxD4B;QACAD;QACAd;QACApB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;QACA,GAAG3C;MACL,CAAA;AACA,UAAIuE,QAAQ;AACV,eAAO;UACL7C,UAAU;UACV+C,wBAAwBF;QAC1B;MACF;IACF,SAAS/D,GAAQ;AACfqB,gBAAUrB,EAAEqB;AACZD,kBAAYpB,EAAEoB;IAChB;AACA,WAAO;MACLF,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;;;;;;;EASAtE,eAAeD,KAAoB;AACjC,YAAQA,IAAIgC,MAAI;MACd,KAAK;MACL,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO6D,UAAU7F,IAAIoC,MAAM0D,cAAc,CAAA,GAAI;UAAC;UAAU;SAAW,EAAEL,SAAS;MAChF;AACE,eAAO;IACX;EACF;EAEAvD,WAAWlB,SAA6DhB,KAAW+F,WAAoB;AACrG,WAAO,OAAOC,SAAAA;AACZ,YAAMN,SAAS,MAAM1E,QAAQQ,MAAMyE,eAAe;QAAEhF,QAAQjB,IAAIuC;QAAKyD;QAAoBD;MAAU,CAAA;AACnG,aAAOL;IACT;EACF;AACF;","names":["asArray","intersect","pickSigningKey","preProcessCredentialPayload","preProcessPresentation","isVcdm1Credential","canonicalize","Debug","decodeJWT","createVerifiableCredentialJwt","createVerifiablePresentationJwt","normalizeCredential","normalizePresentation","verifyCredential","verifyCredentialJWT","verifyPresentation","verifyPresentationJWT","debug","Debug","CredentialProviderJWT","matchKeyForType","key","matchKeyForJWT","getTypeProofFormat","canIssueCredentialType","args","proofFormat","canVerifyDocumentType","document","jwt","proof","payload","decodeJWT","isVcdm1Credential","vc","vp","createVerifiableCredential","context","keyRef","removeOriginalFields","otherOptions","credential","issuer","preProcessCredentialPayload","identifier","agent","didManagerGet","did","e","Error","pickSigningKey","kmsKeyRef","alg","type","signer","wrapSigner","createVerifiableCredentialJwt","meta","verificationMethod","id","kid","normalizeCredential","verifyCredential","policies","verifiedCredential","verificationResult","verified","asArray","errorCode","message","resolver","resolve","didUrl","resolveDid","options","resolutionOptions","verifyCredentialJWT","nbf","issuanceDate","iat","exp","expirationDate","aud","audience","verifiableCredential","credentialCopy","JSON","parse","stringify","verifiedCopy","canonicalize","error","split","createVerifiablePresentation","presentation","holder","preProcessPresentation","domain","challenge","now","createVerifiablePresentationJwt","normalizePresentation","verifyPresentation","fetchRemoteContexts","intendedAudience","managedDids","didManagerFind","filtered","filter","includes","length","result","verifyPresentationJWT","verifiablePresentation","intersect","algorithms","algorithm","data","keyManagerSign"]}
1
+ {"version":3,"sources":["../src/agent/CredentialProviderJWT.ts"],"sourcesContent":["import { asArray, intersect, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\nimport {\n type ICanIssueCredentialTypeArgs,\n type ICanVerifyDocumentTypeArgs,\n type ICreateVerifiableCredentialLDArgs,\n type ICreateVerifiablePresentationLDArgs,\n type IVcdmCredentialProvider,\n type IVcdmIssuerAgentContext,\n IVerifyCredentialVcdmArgs,\n IVerifyPresentationLDArgs,\n pickSigningKey,\n preProcessCredentialPayload,\n preProcessPresentation,\n} from '@sphereon/ssi-sdk.credential-vcdm'\nimport { isVcdm1Credential, IVerifyResult } from '@sphereon/ssi-types'\nimport type { IAgentContext, IIdentifier, IKey, IKeyManager, VerifiableCredential, VerifierAgentContext } from '@veramo/core'\n\nimport canonicalize from 'canonicalize'\n\nimport Debug from 'debug'\n\nimport { decodeJWT } from 'did-jwt'\n\nimport {\n createVerifiableCredentialJwt,\n createVerifiablePresentationJwt,\n normalizeCredential,\n normalizePresentation,\n verifyCredential as verifyCredentialJWT,\n verifyPresentation as verifyPresentationJWT,\n // @ts-ignore\n} from 'did-jwt-vc'\n\nimport { type Resolvable } from 'did-resolver'\n\nconst debug = Debug('sphereon:ssi-sdk:credential-jwt')\n\n/**\n * A handler that implements the {@link IVcdmCredentialProvider} methods.\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport class CredentialProviderJWT implements IVcdmCredentialProvider {\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.matchKeyForType} */\n matchKeyForType(key: IKey): boolean {\n return this.matchKeyForJWT(key)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.getTypeProofFormat} */\n getTypeProofFormat(): string {\n return 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canIssueCredentialType} */\n canIssueCredentialType(args: ICanIssueCredentialTypeArgs): boolean {\n return args.proofFormat === 'jwt'\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canVerifyDocumentType */\n canVerifyDocumentType(args: ICanVerifyDocumentTypeArgs): boolean {\n const { document } = args\n const jwt = typeof document === 'string' ? document : (<VerifiableCredential>document)?.proof?.jwt\n if (!jwt) {\n return false\n }\n const { payload } = decodeJWT(jwt)\n if ('vc' in payload) {\n return isVcdm1Credential(payload.vc)\n } else if ('vp' in payload) {\n return isVcdm1Credential(payload.vp)\n }\n return false\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiableCredential} */\n async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n let { keyRef, removeOriginalFields, ...otherOptions } = args\n\n const { credential, issuer } = preProcessCredentialPayload(args)\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: issuer })\n } catch (e) {\n throw new Error(`invalid_argument: ${credential.issuer} must be a DID managed by this agent. ${e}`)\n }\n\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VC with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiableCredentialJwt(\n credential as any,\n {\n did: identifier.did,\n signer,\n alg,\n ...(key.meta.verificationMethod.id && { kid: key.meta.verificationMethod.id }),\n },\n { removeOriginalFields, ...otherOptions },\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizeCredential(jwt)\n }\n\n /** {@inheritdoc ICredentialVerifier.verifyCredential} */\n async verifyCredential(args: IVerifyCredentialVcdmArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { credential, policies, ...otherOptions } = args\n let verifiedCredential: VerifiableCredential\n let verificationResult: IVerifyResult = { verified: false }\n let jwt: string = typeof credential === 'string' ? credential : asArray('proof' in credential ? credential.proof : [])?.[0]?.jwt\n let errorCode, message\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions,\n }),\n } as Resolvable\n try {\n // needs broader credential as well to check equivalence with jwt\n verificationResult = await verifyCredentialJWT(jwt, resolver, {\n ...otherOptions,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience,\n },\n })\n verifiedCredential = verificationResult.verifiableCredential\n\n // if credential was presented with other fields, make sure those fields match what's in the JWT\n if (typeof credential !== 'string' && 'proof' in credential && asArray(credential.proof)[0].type === 'JwtProof2020') {\n const credentialCopy = JSON.parse(JSON.stringify(credential))\n delete credentialCopy.proof.jwt\n\n const verifiedCopy = JSON.parse(JSON.stringify(verifiedCredential))\n delete verifiedCopy.proof.jwt\n\n if (canonicalize(credentialCopy) !== canonicalize(verifiedCopy)) {\n verificationResult.verified = false\n verificationResult.error = new Error('invalid_credential: Credential JSON does not match JWT payload')\n }\n }\n } catch (e: any) {\n errorCode = e.errorCode\n message = e.message\n }\n if (verificationResult.verified) {\n return verificationResult\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0],\n },\n }\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiablePresentation} */\n async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n const { presentation, holder } = preProcessPresentation(args)\n let { domain, challenge, removeOriginalFields, keyRef, now, ...otherOptions } = args\n\n let identifier: IIdentifier\n try {\n identifier = await context.agent.didManagerGet({ did: holder })\n } catch (e) {\n throw new Error('invalid_argument: presentation.holder must be a DID managed by this agent')\n }\n const key = await pickSigningKey({ identifier, kmsKeyRef: keyRef }, context)\n\n debug('Signing VP with', identifier.did)\n let alg = 'ES256'\n if (key.type === 'Ed25519') {\n alg = 'EdDSA'\n } else if (key.type === 'Secp256k1') {\n alg = 'ES256K'\n }\n\n const signer = this.wrapSigner(context, key, alg)\n const jwt = await createVerifiablePresentationJwt(\n presentation as any,\n { did: identifier.did, signer, alg },\n { removeOriginalFields, challenge, domain, ...otherOptions },\n )\n //FIXME: flagging this as a potential privacy leak.\n debug(jwt)\n return normalizePresentation(jwt)\n }\n\n /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.verifyPresentation} */\n async verifyPresentation(args: IVerifyPresentationLDArgs, context: VerifierAgentContext): Promise<IVerifyResult> {\n let { presentation, domain, challenge, fetchRemoteContexts, policies, ...otherOptions } = args\n let jwt: string\n if (typeof presentation === 'string') {\n jwt = presentation\n } else {\n jwt = asArray(presentation.proof)[0].jwt\n }\n const resolver = {\n resolve: (didUrl: string) =>\n context.agent.resolveDid({\n didUrl,\n options: otherOptions?.resolutionOptions,\n }),\n } as Resolvable\n\n let audience = domain\n if (!audience) {\n const { payload } = await decodeJWT(jwt)\n if (payload.aud) {\n // automatically add a managed DID as audience if one is found\n const intendedAudience = asArray(payload.aud)\n const managedDids = await context.agent.didManagerFind()\n const filtered = managedDids.filter((identifier) => intendedAudience.includes(identifier.did))\n if (filtered.length > 0) {\n audience = filtered[0].did\n }\n }\n }\n\n let message, errorCode\n try {\n const result = await verifyPresentationJWT(jwt, resolver, {\n challenge,\n domain,\n audience,\n policies: {\n ...policies,\n nbf: policies?.nbf ?? policies?.issuanceDate,\n iat: policies?.iat ?? policies?.issuanceDate,\n exp: policies?.exp ?? policies?.expirationDate,\n aud: policies?.aud ?? policies?.audience,\n },\n ...otherOptions,\n })\n if (result) {\n return {\n verified: true,\n verifiablePresentation: result,\n }\n }\n } catch (e: any) {\n message = e.message\n errorCode = e.errorCode\n }\n return {\n verified: false,\n error: {\n message,\n errorCode: errorCode ? errorCode : message?.split(':')[0],\n },\n }\n }\n\n /**\n * Checks if a key is suitable for signing JWT payloads.\n * @param key - the key to check\n * @param context - the Veramo agent context, unused here\n *\n * @beta\n */\n matchKeyForJWT(key: IKey): boolean {\n switch (key.type) {\n case 'Ed25519':\n case 'Secp256r1':\n return true\n case 'Secp256k1':\n return intersect(key.meta?.algorithms ?? [], ['ES256K', 'ES256K-R']).length > 0\n default:\n return false\n }\n }\n\n wrapSigner(context: IAgentContext<Pick<IKeyManager, 'keyManagerSign'>>, key: IKey, algorithm?: string) {\n return async (data: string | Uint8Array): Promise<string> => {\n const result = await context.agent.keyManagerSign({ keyRef: key.kid, data: <string>data, algorithm })\n return result\n }\n }\n}\n"],"mappings":";;;;AAAA,SAASA,SAASC,iBAAmE;AACrF,SASEC,gBACAC,6BACAC,8BACK;AACP,SAASC,yBAAwC;AAGjD,OAAOC,kBAAkB;AAEzB,OAAOC,WAAW;AAElB,SAASC,iBAAiB;AAE1B,SACEC,+BACAC,iCACAC,qBACAC,uBACAC,oBAAoBC,qBACpBC,sBAAsBC,6BAEjB;AAIP,IAAMC,QAAQC,MAAM,iCAAA;AAOb,IAAMC,wBAAN,MAAMA;EA1Cb,OA0CaA;;;;EAEXC,gBAAgBC,KAAoB;AAClC,WAAO,KAAKC,eAAeD,GAAAA;EAC7B;;EAGAE,qBAA6B;AAC3B,WAAO;EACT;;EAGAC,uBAAuBC,MAA4C;AACjE,WAAOA,KAAKC,gBAAgB;EAC9B;;EAGAC,sBAAsBF,MAA2C;AAC/D,UAAM,EAAEG,SAAQ,IAAKH;AACrB,UAAMI,MAAM,OAAOD,aAAa,WAAWA,WAAkCA,UAAWE,OAAOD;AAC/F,QAAI,CAACA,KAAK;AACR,aAAO;IACT;AACA,UAAM,EAAEE,QAAO,IAAKC,UAAUH,GAAAA;AAC9B,QAAI,QAAQE,SAAS;AACnB,aAAOE,kBAAkBF,QAAQG,EAAE;IACrC,WAAW,QAAQH,SAAS;AAC1B,aAAOE,kBAAkBF,QAAQI,EAAE;IACrC;AACA,WAAO;EACT;;EAGA,MAAMC,2BAA2BX,MAAyCY,SAAmE;AAC3I,QAAI,EAAEC,QAAQC,sBAAsB,GAAGC,aAAAA,IAAiBf;AAExD,UAAM,EAAEgB,YAAYC,OAAM,IAAKC,4BAA4BlB,IAAAA;AAC3D,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKL;MAAO,CAAA;IAC/D,SAASM,GAAG;AACV,YAAM,IAAIC,MAAM,qBAAqBR,WAAWC,MAAM,yCAAyCM,CAAAA,EAAG;IACpG;AAEA,UAAM3B,MAAM,MAAM6B,eAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,MAAM2B,8BAChBf,YACA;MACEM,KAAKH,WAAWG;MAChBO;MACAF;MACA,GAAI/B,IAAIoC,KAAKC,mBAAmBC,MAAM;QAAEC,KAAKvC,IAAIoC,KAAKC,mBAAmBC;MAAG;IAC9E,GACA;MAAEpB;MAAsB,GAAGC;IAAa,CAAA;AAG1CvB,UAAMY,GAAAA;AACN,WAAOgC,oBAAoBhC,GAAAA;EAC7B;;EAGA,MAAMiC,iBAAiBrC,MAAiCY,SAAuD;AAC7G,QAAI,EAAEI,YAAYsB,UAAU,GAAGvB,aAAAA,IAAiBf;AAChD,QAAIuC;AACJ,QAAIC,qBAAoC;MAAEC,UAAU;IAAM;AAC1D,QAAIrC,MAAc,OAAOY,eAAe,WAAWA,aAAa0B,QAAQ,WAAW1B,aAAaA,WAAWX,QAAQ,CAAA,CAAE,IAAI,CAAA,GAAID;AAC7H,QAAIuC,WAAWC;AACf,UAAMC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AACA,QAAI;AAEFV,2BAAqB,MAAMW,oBAAoB/C,KAAKyC,UAAU;QAC5D,GAAG9B;QACHuB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;MACF,CAAA;AACAnB,2BAAqBC,mBAAmBmB;AAGxC,UAAI,OAAO3C,eAAe,YAAY,WAAWA,cAAc0B,QAAQ1B,WAAWX,KAAK,EAAE,CAAA,EAAGuB,SAAS,gBAAgB;AACnH,cAAMgC,iBAAiBC,KAAKC,MAAMD,KAAKE,UAAU/C,UAAAA,CAAAA;AACjD,eAAO4C,eAAevD,MAAMD;AAE5B,cAAM4D,eAAeH,KAAKC,MAAMD,KAAKE,UAAUxB,kBAAAA,CAAAA;AAC/C,eAAOyB,aAAa3D,MAAMD;AAE1B,YAAI6D,aAAaL,cAAAA,MAAoBK,aAAaD,YAAAA,GAAe;AAC/DxB,6BAAmBC,WAAW;AAC9BD,6BAAmB0B,QAAQ,IAAI1C,MAAM,gEAAA;QACvC;MACF;IACF,SAASD,GAAQ;AACfoB,kBAAYpB,EAAEoB;AACdC,gBAAUrB,EAAEqB;IACd;AACA,QAAIJ,mBAAmBC,UAAU;AAC/B,aAAOD;IACT;AACA,WAAO;MACLC,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;EAGA,MAAMC,6BAA6BpE,MAA2CY,SAAqE;AACjJ,UAAM,EAAEyD,cAAcC,OAAM,IAAKC,uBAAuBvE,IAAAA;AACxD,QAAI,EAAEwE,QAAQC,WAAW3D,sBAAsBD,QAAQ6D,KAAK,GAAG3D,aAAAA,IAAiBf;AAEhF,QAAImB;AACJ,QAAI;AACFA,mBAAa,MAAMP,QAAQQ,MAAMC,cAAc;QAAEC,KAAKgD;MAAO,CAAA;IAC/D,SAAS/C,GAAG;AACV,YAAM,IAAIC,MAAM,2EAAA;IAClB;AACA,UAAM5B,MAAM,MAAM6B,eAAe;MAAEN;MAAYO,WAAWb;IAAO,GAAGD,OAAAA;AAEpEpB,UAAM,mBAAmB2B,WAAWG,GAAG;AACvC,QAAIK,MAAM;AACV,QAAI/B,IAAIgC,SAAS,WAAW;AAC1BD,YAAM;IACR,WAAW/B,IAAIgC,SAAS,aAAa;AACnCD,YAAM;IACR;AAEA,UAAME,SAAS,KAAKC,WAAWlB,SAAShB,KAAK+B,GAAAA;AAC7C,UAAMvB,MAAM,MAAMuE,gCAChBN,cACA;MAAE/C,KAAKH,WAAWG;MAAKO;MAAQF;IAAI,GACnC;MAAEb;MAAsB2D;MAAWD;MAAQ,GAAGzD;IAAa,CAAA;AAG7DvB,UAAMY,GAAAA;AACN,WAAOwE,sBAAsBxE,GAAAA;EAC/B;;EAGA,MAAMyE,mBAAmB7E,MAAiCY,SAAuD;AAC/G,QAAI,EAAEyD,cAAcG,QAAQC,WAAWK,qBAAqBxC,UAAU,GAAGvB,aAAAA,IAAiBf;AAC1F,QAAII;AACJ,QAAI,OAAOiE,iBAAiB,UAAU;AACpCjE,YAAMiE;IACR,OAAO;AACLjE,YAAMsC,QAAQ2B,aAAahE,KAAK,EAAE,CAAA,EAAGD;IACvC;AACA,UAAMyC,WAAW;MACfC,SAAS,wBAACC,WACRnC,QAAQQ,MAAM4B,WAAW;QACvBD;QACAE,SAASlC,cAAcmC;MACzB,CAAA,GAJO;IAKX;AAEA,QAAIQ,WAAWc;AACf,QAAI,CAACd,UAAU;AACb,YAAM,EAAEpD,QAAO,IAAK,MAAMC,UAAUH,GAAAA;AACpC,UAAIE,QAAQmD,KAAK;AAEf,cAAMsB,mBAAmBrC,QAAQpC,QAAQmD,GAAG;AAC5C,cAAMuB,cAAc,MAAMpE,QAAQQ,MAAM6D,eAAc;AACtD,cAAMC,WAAWF,YAAYG,OAAO,CAAChE,eAAe4D,iBAAiBK,SAASjE,WAAWG,GAAG,CAAA;AAC5F,YAAI4D,SAASG,SAAS,GAAG;AACvB3B,qBAAWwB,SAAS,CAAA,EAAG5D;QACzB;MACF;IACF;AAEA,QAAIsB,SAASD;AACb,QAAI;AACF,YAAM2C,SAAS,MAAMC,sBAAsBnF,KAAKyC,UAAU;QACxD4B;QACAD;QACAd;QACApB,UAAU;UACR,GAAGA;UACHc,KAAKd,UAAUc,OAAOd,UAAUe;UAChCC,KAAKhB,UAAUgB,OAAOhB,UAAUe;UAChCE,KAAKjB,UAAUiB,OAAOjB,UAAUkB;UAChCC,KAAKnB,UAAUmB,OAAOnB,UAAUoB;QAClC;QACA,GAAG3C;MACL,CAAA;AACA,UAAIuE,QAAQ;AACV,eAAO;UACL7C,UAAU;UACV+C,wBAAwBF;QAC1B;MACF;IACF,SAAS/D,GAAQ;AACfqB,gBAAUrB,EAAEqB;AACZD,kBAAYpB,EAAEoB;IAChB;AACA,WAAO;MACLF,UAAU;MACVyB,OAAO;QACLtB;QACAD,WAAWA,YAAYA,YAAYC,SAASuB,MAAM,GAAA,EAAK,CAAA;MACzD;IACF;EACF;;;;;;;;EASAtE,eAAeD,KAAoB;AACjC,YAAQA,IAAIgC,MAAI;MACd,KAAK;MACL,KAAK;AACH,eAAO;MACT,KAAK;AACH,eAAO6D,UAAU7F,IAAIoC,MAAM0D,cAAc,CAAA,GAAI;UAAC;UAAU;SAAW,EAAEL,SAAS;MAChF;AACE,eAAO;IACX;EACF;EAEAvD,WAAWlB,SAA6DhB,KAAW+F,WAAoB;AACrG,WAAO,OAAOC,SAAAA;AACZ,YAAMN,SAAS,MAAM1E,QAAQQ,MAAMyE,eAAe;QAAEhF,QAAQjB,IAAIuC;QAAKyD;QAAoBD;MAAU,CAAA;AACnG,aAAOL;IACT;EACF;AACF;","names":["asArray","intersect","pickSigningKey","preProcessCredentialPayload","preProcessPresentation","isVcdm1Credential","canonicalize","Debug","decodeJWT","createVerifiableCredentialJwt","createVerifiablePresentationJwt","normalizeCredential","normalizePresentation","verifyCredential","verifyCredentialJWT","verifyPresentation","verifyPresentationJWT","debug","Debug","CredentialProviderJWT","matchKeyForType","key","matchKeyForJWT","getTypeProofFormat","canIssueCredentialType","args","proofFormat","canVerifyDocumentType","document","jwt","proof","payload","decodeJWT","isVcdm1Credential","vc","vp","createVerifiableCredential","context","keyRef","removeOriginalFields","otherOptions","credential","issuer","preProcessCredentialPayload","identifier","agent","didManagerGet","did","e","Error","pickSigningKey","kmsKeyRef","alg","type","signer","wrapSigner","createVerifiableCredentialJwt","meta","verificationMethod","id","kid","normalizeCredential","verifyCredential","policies","verifiedCredential","verificationResult","verified","asArray","errorCode","message","resolver","resolve","didUrl","resolveDid","options","resolutionOptions","verifyCredentialJWT","nbf","issuanceDate","iat","exp","expirationDate","aud","audience","verifiableCredential","credentialCopy","JSON","parse","stringify","verifiedCopy","canonicalize","error","split","createVerifiablePresentation","presentation","holder","preProcessPresentation","domain","challenge","now","createVerifiablePresentationJwt","normalizePresentation","verifyPresentation","fetchRemoteContexts","intendedAudience","managedDids","didManagerFind","filtered","filter","includes","length","result","verifyPresentationJWT","verifiablePresentation","intersect","algorithms","algorithm","data","keyManagerSign"]}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.credential-vcdm1-jwt-provider",
3
3
  "description": "Plugin for working with JWT Verifiable Credentials & Presentations.",
4
- "version": "0.34.1-next.91+3c949810",
4
+ "version": "0.36.0",
5
5
  "source": "src/index.ts",
6
6
  "type": "module",
7
7
  "main": "./dist/index.cjs",
@@ -22,9 +22,9 @@
22
22
  "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
23
23
  },
24
24
  "dependencies": {
25
- "@sphereon/ssi-sdk.core": "0.34.1-next.91+3c949810",
26
- "@sphereon/ssi-sdk.credential-vcdm": "0.34.1-next.91+3c949810",
27
- "@sphereon/ssi-types": "0.34.1-next.91+3c949810",
25
+ "@sphereon/ssi-sdk.core": "0.36.0",
26
+ "@sphereon/ssi-sdk.credential-vcdm": "0.36.0",
27
+ "@sphereon/ssi-types": "0.36.0",
28
28
  "@veramo/core": "4.2.0",
29
29
  "@veramo/utils": "4.2.0",
30
30
  "canonicalize": "^2.0.0",
@@ -33,10 +33,10 @@
33
33
  "did-resolver": "^4.1.0"
34
34
  },
35
35
  "devDependencies": {
36
- "@sphereon/ssi-sdk-ext.did-provider-key": "0.34.1-next.91+3c949810",
37
- "@sphereon/ssi-sdk-ext.key-manager": "0.34.1-next.91+3c949810",
38
- "@sphereon/ssi-sdk-ext.kms-local": "0.34.1-next.91+3c949810",
39
- "@sphereon/ssi-sdk.agent-config": "0.34.1-next.91+3c949810",
36
+ "@sphereon/ssi-sdk-ext.did-provider-key": "0.36.0",
37
+ "@sphereon/ssi-sdk-ext.key-manager": "0.36.0",
38
+ "@sphereon/ssi-sdk-ext.kms-local": "0.36.0",
39
+ "@sphereon/ssi-sdk.agent-config": "0.36.0",
40
40
  "@types/debug": "4.1.8",
41
41
  "@veramo/did-manager": "4.2.0",
42
42
  "@veramo/did-provider-ethr": "4.2.0",
@@ -73,5 +73,5 @@
73
73
  "node_modules",
74
74
  "src"
75
75
  ],
76
- "gitHead": "3c9498100ca07dfc2ba7979e7347fb9b19c47d18"
76
+ "gitHead": "f713d3a83948ef69aaa7d435700b16d5655ac863"
77
77
  }
package/src/__tests__/issue-verify-flow-jwt.test.ts CHANGED
@@ -9,7 +9,7 @@ import { EthrDIDProvider } from '@veramo/did-provider-ethr'
9
9
  import { Resolver } from 'did-resolver'
10
10
  import { getResolver as ethrDidResolver } from 'ethr-did-resolver'
11
11
 
12
- import 'cross-fetch/polyfill'
12
+ import fetch from 'cross-fetch'
13
13
  import { CredentialProviderJWT } from '../agent/CredentialProviderJWT'
14
14
  import { type ISphereonKeyManager, MemoryKeyStore, MemoryPrivateKeyStore, SphereonKeyManager } from '@sphereon/ssi-sdk-ext.key-manager'
15
15
  import { SphereonKeyManagementSystem } from '@sphereon/ssi-sdk-ext.kms-local'
package/src/agent/CredentialProviderJWT.ts CHANGED
@@ -10,17 +10,10 @@ import {
10
10
  IVerifyPresentationLDArgs,
11
11
  pickSigningKey,
12
12
  preProcessCredentialPayload,
13
- preProcessPresentation
13
+ preProcessPresentation,
14
14
  } from '@sphereon/ssi-sdk.credential-vcdm'
15
15
  import { isVcdm1Credential, IVerifyResult } from '@sphereon/ssi-types'
16
- import type {
17
- IAgentContext,
18
- IIdentifier,
19
- IKey,
20
- IKeyManager,
21
- VerifiableCredential,
22
- VerifierAgentContext
23
- } from '@veramo/core'
16
+ import type { IAgentContext, IIdentifier, IKey, IKeyManager, VerifiableCredential, VerifierAgentContext } from '@veramo/core'
24
17
 
25
18
  import canonicalize from 'canonicalize'
26
19
 
@@ -28,14 +21,13 @@ import Debug from 'debug'
28
21
 
29
22
  import { decodeJWT } from 'did-jwt'
30
23
 
31
-
32
24
  import {
33
25
  createVerifiableCredentialJwt,
34
26
  createVerifiablePresentationJwt,
35
27
  normalizeCredential,
36
28
  normalizePresentation,
37
29
  verifyCredential as verifyCredentialJWT,
38
- verifyPresentation as verifyPresentationJWT
30
+ verifyPresentation as verifyPresentationJWT,
39
31
  // @ts-ignore
40
32
  } from 'did-jwt-vc'
41
33
 
@@ -108,9 +100,10 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
108
100
  {
109
101
  did: identifier.did,
110
102
  signer,
111
- alg, ...(key.meta.verificationMethod.id && { kid: key.meta.verificationMethod.id })
103
+ alg,
104
+ ...(key.meta.verificationMethod.id && { kid: key.meta.verificationMethod.id }),
112
105
  },
113
- { removeOriginalFields, ...otherOptions }
106
+ { removeOriginalFields, ...otherOptions },
114
107
  )
115
108
  //FIXME: flagging this as a potential privacy leak.
116
109
  debug(jwt)
@@ -128,8 +121,8 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
128
121
  resolve: (didUrl: string) =>
129
122
  context.agent.resolveDid({
130
123
  didUrl,
131
- options: otherOptions?.resolutionOptions
132
- })
124
+ options: otherOptions?.resolutionOptions,
125
+ }),
133
126
  } as Resolvable
134
127
  try {
135
128
  // needs broader credential as well to check equivalence with jwt
@@ -140,8 +133,8 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
140
133
  nbf: policies?.nbf ?? policies?.issuanceDate,
141
134
  iat: policies?.iat ?? policies?.issuanceDate,
142
135
  exp: policies?.exp ?? policies?.expirationDate,
143
- aud: policies?.aud ?? policies?.audience
144
- }
136
+ aud: policies?.aud ?? policies?.audience,
137
+ },
145
138
  })
146
139
  verifiedCredential = verificationResult.verifiableCredential
147
140
 
@@ -169,8 +162,8 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
169
162
  verified: false,
170
163
  error: {
171
164
  message,
172
- errorCode: errorCode ? errorCode : message?.split(':')[0]
173
- }
165
+ errorCode: errorCode ? errorCode : message?.split(':')[0],
166
+ },
174
167
  }
175
168
  }
176
169
 
@@ -199,7 +192,7 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
199
192
  const jwt = await createVerifiablePresentationJwt(
200
193
  presentation as any,
201
194
  { did: identifier.did, signer, alg },
202
- { removeOriginalFields, challenge, domain, ...otherOptions }
195
+ { removeOriginalFields, challenge, domain, ...otherOptions },
203
196
  )
204
197
  //FIXME: flagging this as a potential privacy leak.
205
198
  debug(jwt)
@@ -219,8 +212,8 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
219
212
  resolve: (didUrl: string) =>
220
213
  context.agent.resolveDid({
221
214
  didUrl,
222
- options: otherOptions?.resolutionOptions
223
- })
215
+ options: otherOptions?.resolutionOptions,
216
+ }),
224
217
  } as Resolvable
225
218
 
226
219
  let audience = domain
@@ -248,14 +241,14 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
248
241
  nbf: policies?.nbf ?? policies?.issuanceDate,
249
242
  iat: policies?.iat ?? policies?.issuanceDate,
250
243
  exp: policies?.exp ?? policies?.expirationDate,
251
- aud: policies?.aud ?? policies?.audience
244
+ aud: policies?.aud ?? policies?.audience,
252
245
  },
253
- ...otherOptions
246
+ ...otherOptions,
254
247
  })
255
248
  if (result) {
256
249
  return {
257
250
  verified: true,
258
- verifiablePresentation: result
251
+ verifiablePresentation: result,
259
252
  }
260
253
  }
261
254
  } catch (e: any) {
@@ -266,8 +259,8 @@ export class CredentialProviderJWT implements IVcdmCredentialProvider {
266
259
  verified: false,
267
260
  error: {
268
261
  message,
269
- errorCode: errorCode ? errorCode : message?.split(':')[0]
270
- }
262
+ errorCode: errorCode ? errorCode : message?.split(':')[0],
263
+ },
271
264
  }
272
265
  }
273
266