npm - @sphereon/ssi-sdk.credential-vcdm2-jose-provider - Versions diffs - 0.33.1-feature.jose.vcdm.59 → 0.33.1-feature.jose.vcdm.61 - Mend

@sphereon/ssi-sdk.credential-vcdm2-jose-provider 0.33.1-feature.jose.vcdm.59 → 0.33.1-feature.jose.vcdm.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/index.cjs +34 -33
package/dist/index.cjs.map +1 -1
package/dist/index.js +19 -18
package/dist/index.js.map +1 -1
package/package.json +6 -6
package/src/__tests__/issue-verify-flow-vcdm2-jose.test.ts +1 -1
package/src/agent/CredentialProviderVcdm2Jose.ts +3 -2
package/src/did-jwt/JWT.ts +4 -4
package/src/did-jwt/SignerAlgorithm.ts +2 -2
package/src/did-jwt/VerifierAlgorithm.ts +15 -9
package/src/did-jwt/util.ts +18 -4

package/dist/index.cjs CHANGED Viewed

@@ -37,8 +37,8 @@ module.exports = __toCommonJS(index_exports);
 // src/agent/CredentialProviderVcdm2Jose.ts
 var import_ssi_sdk = require("@sphereon/ssi-sdk.credential-vcdm");
-var import_did_jwt_vc3 = require("did-jwt-vc");
-var import_did_jwt2 = require("did-jwt");
+var import_did_jwt_vc = require("did-jwt-vc");
+var import_did_jwt3 = require("did-jwt");
 var import_debug = __toESM(require("debug"), 1);
 var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
 var import_ssi_sdk3 = require("@sphereon/ssi-sdk.agent-config");
@@ -50,17 +50,12 @@ var import_canonicalize = __toESM(require("canonicalize"), 1);
 var import_did_resolver = require("did-resolver");
 // src/did-jwt/util.ts
-var import_uint8arrays = require("uint8arrays");
+var u8a = __toESM(require("uint8arrays"), 1);
 var import_ed25519 = require("@noble/curves/ed25519");
 var import_multiformats = require("multiformats");
 var import_multibase = require("multibase");
 var import_secp256k1 = require("@noble/curves/secp256k1");
 var import_p256 = require("@noble/curves/p256");
-var u8a = {
-  toString: import_uint8arrays.toString,
-  fromString: import_uint8arrays.fromString,
-  concat: import_uint8arrays.concat
-};
 function bytesToBase64url(b) {
   return u8a.toString(b, "base64url");
 }
@@ -293,11 +288,17 @@ var algorithms = {
 };
 // src/did-jwt/VerifierAlgorithm.ts
-var import_did_jwt_vc = require("did-jwt-vc");
-var import_did_jwt_vc2 = require("did-jwt-vc");
+var import_did_jwt = require("did-jwt");
 var import_secp256k12 = require("@noble/curves/secp256k1");
 var import_p2562 = require("@noble/curves/p256");
 var import_ed255192 = require("@noble/curves/ed25519");
+var u8a2 = __toESM(require("uint8arrays"), 1);
+var import_sha256 = require("@noble/hashes/sha256");
+function sha256(payload) {
+  const data = typeof payload === "string" ? u8a2.fromString(payload) : payload;
+  return (0, import_sha256.sha256)(data);
+}
+__name(sha256, "sha256");
 function toSignatureObject(signature, recoverable = false) {
   const rawSig = base64ToBytes(signature);
   if (rawSig.length !== (recoverable ? 65 : 64)) {
@@ -327,13 +328,13 @@ function toSignatureObject2(signature, recoverable = false) {
 }
 __name(toSignatureObject2, "toSignatureObject2");
 function verifyES256(data, signature, authenticators) {
-  const hash = (0, import_did_jwt_vc.sha256)(data);
+  const hash2 = sha256(data);
   const sig = import_p2562.p256.Signature.fromCompact(toSignatureObject2(signature).compact);
   const fullPublicKeys = authenticators.filter((a) => !a.ethereumAddress && !a.blockchainAccountId);
   const signer = fullPublicKeys.find((pk) => {
     try {
       const { keyBytes } = extractPublicKeyBytes(pk);
-      return import_p2562.p256.verify(sig, hash, keyBytes);
+      return import_p2562.p256.verify(sig, hash2, keyBytes);
     } catch (err) {
       return false;
     }
@@ -343,7 +344,7 @@ function verifyES256(data, signature, authenticators) {
 }
 __name(verifyES256, "verifyES256");
 function verifyES256K(data, signature, authenticators) {
-  const hash = (0, import_did_jwt_vc.sha256)(data);
+  const hash2 = sha256(data);
   const signatureNormalized = import_secp256k12.secp256k1.Signature.fromCompact(base64ToBytes(signature)).normalizeS();
   const fullPublicKeys = authenticators.filter((a) => {
     return !a.ethereumAddress && !a.blockchainAccountId;
@@ -354,7 +355,7 @@ function verifyES256K(data, signature, authenticators) {
   let signer = fullPublicKeys.find((pk) => {
     try {
       const { keyBytes } = extractPublicKeyBytes(pk);
-      return import_secp256k12.secp256k1.verify(signatureNormalized, hash, keyBytes);
+      return import_secp256k12.secp256k1.verify(signatureNormalized, hash2, keyBytes);
     } catch (err) {
       return false;
     }
@@ -381,18 +382,17 @@ function verifyRecoverableES256K(data, signature, authenticators) {
       recovery: 1
     });
   }
-  const hash = (0, import_did_jwt_vc.sha256)(data);
+  const hash2 = sha256(data);
   const checkSignatureAgainstSigner = /* @__PURE__ */ __name((sigObj) => {
     const signature2 = import_secp256k12.secp256k1.Signature.fromCompact(sigObj.compact).addRecoveryBit(sigObj.recovery || 0);
-    const recoveredPublicKey = signature2.recoverPublicKey(hash);
-    const recoveredAddress = (0, import_did_jwt_vc.toEthereumAddress)(recoveredPublicKey.toHex(false)).toLowerCase();
+    const recoveredPublicKey = signature2.recoverPublicKey(hash2);
+    const recoveredAddress = (0, import_did_jwt.toEthereumAddress)(recoveredPublicKey.toHex(false)).toLowerCase();
     const recoveredPublicKeyHex = recoveredPublicKey.toHex(false);
     const recoveredCompressedPublicKeyHex = recoveredPublicKey.toHex(true);
     return authenticators.find((a) => {
       const { keyBytes } = extractPublicKeyBytes(a);
       const keyHex = bytesToHex(keyBytes);
-      return keyHex === recoveredPublicKeyHex || keyHex === recoveredCompressedPublicKeyHex || a.ethereumAddress?.toLowerCase() === recoveredAddress || a.blockchainAccountId?.split("@eip155")?.[0].toLowerCase() === recoveredAddress || // CAIP-2
-      (0, import_did_jwt_vc2.verifyBlockchainAccountId)(recoveredPublicKeyHex, a.blockchainAccountId);
+      return keyHex === recoveredPublicKeyHex || keyHex === recoveredCompressedPublicKeyHex || a.ethereumAddress?.toLowerCase() === recoveredAddress || a.blockchainAccountId?.split("@eip155")?.[0].toLowerCase() === recoveredAddress;
     });
   }, "checkSignatureAgainstSigner");
   for (const signature2 of signatures) {
@@ -437,7 +437,7 @@ __name(VerifierAlgorithm, "VerifierAlgorithm");
 VerifierAlgorithm.toSignatureObject = toSignatureObject;
 // src/did-jwt/JWT.ts
-var import_did_jwt = require("did-jwt");
+var import_did_jwt2 = require("did-jwt");
 var SELF_ISSUED_V2 = "https://self-issued.me/v2";
 var SELF_ISSUED_V2_VC_INTEROP = "https://self-issued.me/v2/openid-vc";
 var SELF_ISSUED_V0_1 = "https://self-issued.me";
@@ -454,11 +454,12 @@ var CredentialProviderVcdm2Jose = class {
   }
   /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.getTypeProofFormat} */
   getTypeProofFormat() {
-    return "vcdm2_jose";
+    return "vc+jwt";
   }
   /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canIssueCredentialType} */
   canIssueCredentialType(args) {
-    return args.proofFormat === "vcdm2_jose" || args.proofFormat === "vcdm_jose" || args.proofFormat === "jose";
+    const format = args.proofFormat.toLowerCase();
+    return format === "vc+jwt" || format === "vcdm2_jose" || format === "vcdm_jose" || format === "jose";
   }
   /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.canVerifyDocumentType */
   canVerifyDocumentType(args) {
@@ -467,7 +468,7 @@ var CredentialProviderVcdm2Jose = class {
     if (!jwt) {
       return false;
     }
-    const { payload } = (0, import_did_jwt2.decodeJWT)(jwt);
+    const { payload } = (0, import_did_jwt3.decodeJWT)(jwt);
     return (0, import_ssi_types.isVcdm2Credential)(payload);
   }
   /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiableCredential} */
@@ -515,7 +516,7 @@ var CredentialProviderVcdm2Jose = class {
       clientIdScheme: "did"
     });
     debug(jwt);
-    return (0, import_did_jwt_vc3.normalizeCredential)(jwt.jwt);
+    return (0, import_did_jwt_vc.normalizeCredential)(jwt.jwt);
   }
   /** {@inheritdoc ICredentialVerifier.verifyCredential} */
   async verifyCredential(args, context) {
@@ -588,7 +589,7 @@ var CredentialProviderVcdm2Jose = class {
       clientIdScheme: "did"
     });
     debug(jwt);
-    return (0, import_did_jwt_vc3.normalizePresentation)(jwt.jwt);
+    return (0, import_did_jwt_vc.normalizePresentation)(jwt.jwt);
   }
   /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.verifyPresentation} */
   async verifyPresentation(args, context) {
@@ -607,7 +608,7 @@ var CredentialProviderVcdm2Jose = class {
     };
     let audience = domain;
     if (!audience) {
-      const { payload } = await (0, import_did_jwt2.decodeJWT)(jwt);
+      const { payload } = await (0, import_did_jwt3.decodeJWT)(jwt);
       if (payload.aud) {
         const intendedAudience = (0, import_ssi_sdk2.asArray)(payload.aud);
         const managedDids = await context.agent.didManagerFind();
@@ -619,7 +620,7 @@ var CredentialProviderVcdm2Jose = class {
     }
     let message, errorCode;
     try {
-      const result = await (0, import_did_jwt_vc3.verifyPresentation)(jwt, resolver, {
+      const result = await (0, import_did_jwt_vc.verifyPresentation)(jwt, resolver, {
         challenge,
         domain,
         audience,
@@ -690,13 +691,13 @@ async function verifierSignature({ jwt }, verifierContext) {
     payload,
     header
     /*signature, data*/
-  } = (0, import_did_jwt2.decodeJWT)(jwt);
+  } = (0, import_did_jwt3.decodeJWT)(jwt);
   if (!payload.iss && !payload.client_id) {
-    throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT iss or client_id are required`);
+    throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT iss or client_id are required`);
   }
   if (payload.iss === SELF_ISSUED_V2 || payload.iss === SELF_ISSUED_V2_VC_INTEROP) {
     if (!payload.sub) {
-      throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT sub is required`);
+      throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT sub is required`);
     }
     if (typeof payload.sub_jwk === "undefined") {
       credIssuer = payload.sub;
@@ -705,12 +706,12 @@ async function verifierSignature({ jwt }, verifierContext) {
     }
   } else if (payload.iss === SELF_ISSUED_V0_1) {
     if (!payload.did) {
-      throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT did is required`);
+      throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT did is required`);
     }
     credIssuer = payload.did;
   } else if (!payload.iss && payload.scope === "openid" && payload.redirect_uri) {
     if (!payload.client_id) {
-      throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT client_id is required`);
+      throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT client_id is required`);
     }
     credIssuer = payload.client_id;
   } else if (payload.iss?.indexOf("did:") === 0) {
@@ -721,7 +722,7 @@ async function verifierSignature({ jwt }, verifierContext) {
     credIssuer = payload.iss;
   }
   if (!credIssuer) {
-    throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: No DID has been found in the JWT`);
+    throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: No DID has been found in the JWT`);
   }
   const resolution = await agent.identifierExternalResolve({
     identifier: credIssuer