@sphereon/ssi-sdk.credential-vcdm2-jose-provider 0.33.1-feature.jose.vcdm.60 → 0.33.1-feature.jose.vcdm.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +31 -31
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +16 -16
  4. package/dist/index.js.map +1 -1
  5. package/package.json +6 -6
  6. package/src/did-jwt/JWT.ts +4 -4
  7. package/src/did-jwt/SignerAlgorithm.ts +2 -2
  8. package/src/did-jwt/VerifierAlgorithm.ts +15 -9
  9. package/src/did-jwt/util.ts +18 -4
package/dist/index.cjs CHANGED
@@ -37,8 +37,8 @@ module.exports = __toCommonJS(index_exports);
37
37
 
38
38
  // src/agent/CredentialProviderVcdm2Jose.ts
39
39
  var import_ssi_sdk = require("@sphereon/ssi-sdk.credential-vcdm");
40
- var import_did_jwt_vc3 = require("did-jwt-vc");
41
- var import_did_jwt2 = require("did-jwt");
40
+ var import_did_jwt_vc = require("did-jwt-vc");
41
+ var import_did_jwt3 = require("did-jwt");
42
42
  var import_debug = __toESM(require("debug"), 1);
43
43
  var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
44
44
  var import_ssi_sdk3 = require("@sphereon/ssi-sdk.agent-config");
@@ -50,17 +50,12 @@ var import_canonicalize = __toESM(require("canonicalize"), 1);
50
50
  var import_did_resolver = require("did-resolver");
51
51
 
52
52
  // src/did-jwt/util.ts
53
- var import_uint8arrays = require("uint8arrays");
53
+ var u8a = __toESM(require("uint8arrays"), 1);
54
54
  var import_ed25519 = require("@noble/curves/ed25519");
55
55
  var import_multiformats = require("multiformats");
56
56
  var import_multibase = require("multibase");
57
57
  var import_secp256k1 = require("@noble/curves/secp256k1");
58
58
  var import_p256 = require("@noble/curves/p256");
59
- var u8a = {
60
- toString: import_uint8arrays.toString,
61
- fromString: import_uint8arrays.fromString,
62
- concat: import_uint8arrays.concat
63
- };
64
59
  function bytesToBase64url(b) {
65
60
  return u8a.toString(b, "base64url");
66
61
  }
@@ -293,11 +288,17 @@ var algorithms = {
293
288
  };
294
289
 
295
290
  // src/did-jwt/VerifierAlgorithm.ts
296
- var import_did_jwt_vc = require("did-jwt-vc");
297
- var import_did_jwt_vc2 = require("did-jwt-vc");
291
+ var import_did_jwt = require("did-jwt");
298
292
  var import_secp256k12 = require("@noble/curves/secp256k1");
299
293
  var import_p2562 = require("@noble/curves/p256");
300
294
  var import_ed255192 = require("@noble/curves/ed25519");
295
+ var u8a2 = __toESM(require("uint8arrays"), 1);
296
+ var import_sha256 = require("@noble/hashes/sha256");
297
+ function sha256(payload) {
298
+ const data = typeof payload === "string" ? u8a2.fromString(payload) : payload;
299
+ return (0, import_sha256.sha256)(data);
300
+ }
301
+ __name(sha256, "sha256");
301
302
  function toSignatureObject(signature, recoverable = false) {
302
303
  const rawSig = base64ToBytes(signature);
303
304
  if (rawSig.length !== (recoverable ? 65 : 64)) {
@@ -327,13 +328,13 @@ function toSignatureObject2(signature, recoverable = false) {
327
328
  }
328
329
  __name(toSignatureObject2, "toSignatureObject2");
329
330
  function verifyES256(data, signature, authenticators) {
330
- const hash = (0, import_did_jwt_vc.sha256)(data);
331
+ const hash2 = sha256(data);
331
332
  const sig = import_p2562.p256.Signature.fromCompact(toSignatureObject2(signature).compact);
332
333
  const fullPublicKeys = authenticators.filter((a) => !a.ethereumAddress && !a.blockchainAccountId);
333
334
  const signer = fullPublicKeys.find((pk) => {
334
335
  try {
335
336
  const { keyBytes } = extractPublicKeyBytes(pk);
336
- return import_p2562.p256.verify(sig, hash, keyBytes);
337
+ return import_p2562.p256.verify(sig, hash2, keyBytes);
337
338
  } catch (err) {
338
339
  return false;
339
340
  }
@@ -343,7 +344,7 @@ function verifyES256(data, signature, authenticators) {
343
344
  }
344
345
  __name(verifyES256, "verifyES256");
345
346
  function verifyES256K(data, signature, authenticators) {
346
- const hash = (0, import_did_jwt_vc.sha256)(data);
347
+ const hash2 = sha256(data);
347
348
  const signatureNormalized = import_secp256k12.secp256k1.Signature.fromCompact(base64ToBytes(signature)).normalizeS();
348
349
  const fullPublicKeys = authenticators.filter((a) => {
349
350
  return !a.ethereumAddress && !a.blockchainAccountId;
@@ -354,7 +355,7 @@ function verifyES256K(data, signature, authenticators) {
354
355
  let signer = fullPublicKeys.find((pk) => {
355
356
  try {
356
357
  const { keyBytes } = extractPublicKeyBytes(pk);
357
- return import_secp256k12.secp256k1.verify(signatureNormalized, hash, keyBytes);
358
+ return import_secp256k12.secp256k1.verify(signatureNormalized, hash2, keyBytes);
358
359
  } catch (err) {
359
360
  return false;
360
361
  }
@@ -381,18 +382,17 @@ function verifyRecoverableES256K(data, signature, authenticators) {
381
382
  recovery: 1
382
383
  });
383
384
  }
384
- const hash = (0, import_did_jwt_vc.sha256)(data);
385
+ const hash2 = sha256(data);
385
386
  const checkSignatureAgainstSigner = /* @__PURE__ */ __name((sigObj) => {
386
387
  const signature2 = import_secp256k12.secp256k1.Signature.fromCompact(sigObj.compact).addRecoveryBit(sigObj.recovery || 0);
387
- const recoveredPublicKey = signature2.recoverPublicKey(hash);
388
- const recoveredAddress = (0, import_did_jwt_vc.toEthereumAddress)(recoveredPublicKey.toHex(false)).toLowerCase();
388
+ const recoveredPublicKey = signature2.recoverPublicKey(hash2);
389
+ const recoveredAddress = (0, import_did_jwt.toEthereumAddress)(recoveredPublicKey.toHex(false)).toLowerCase();
389
390
  const recoveredPublicKeyHex = recoveredPublicKey.toHex(false);
390
391
  const recoveredCompressedPublicKeyHex = recoveredPublicKey.toHex(true);
391
392
  return authenticators.find((a) => {
392
393
  const { keyBytes } = extractPublicKeyBytes(a);
393
394
  const keyHex = bytesToHex(keyBytes);
394
- return keyHex === recoveredPublicKeyHex || keyHex === recoveredCompressedPublicKeyHex || a.ethereumAddress?.toLowerCase() === recoveredAddress || a.blockchainAccountId?.split("@eip155")?.[0].toLowerCase() === recoveredAddress || // CAIP-2
395
- (0, import_did_jwt_vc2.verifyBlockchainAccountId)(recoveredPublicKeyHex, a.blockchainAccountId);
395
+ return keyHex === recoveredPublicKeyHex || keyHex === recoveredCompressedPublicKeyHex || a.ethereumAddress?.toLowerCase() === recoveredAddress || a.blockchainAccountId?.split("@eip155")?.[0].toLowerCase() === recoveredAddress;
396
396
  });
397
397
  }, "checkSignatureAgainstSigner");
398
398
  for (const signature2 of signatures) {
@@ -437,7 +437,7 @@ __name(VerifierAlgorithm, "VerifierAlgorithm");
437
437
  VerifierAlgorithm.toSignatureObject = toSignatureObject;
438
438
 
439
439
  // src/did-jwt/JWT.ts
440
- var import_did_jwt = require("did-jwt");
440
+ var import_did_jwt2 = require("did-jwt");
441
441
  var SELF_ISSUED_V2 = "https://self-issued.me/v2";
442
442
  var SELF_ISSUED_V2_VC_INTEROP = "https://self-issued.me/v2/openid-vc";
443
443
  var SELF_ISSUED_V0_1 = "https://self-issued.me";
@@ -468,7 +468,7 @@ var CredentialProviderVcdm2Jose = class {
468
468
  if (!jwt) {
469
469
  return false;
470
470
  }
471
- const { payload } = (0, import_did_jwt2.decodeJWT)(jwt);
471
+ const { payload } = (0, import_did_jwt3.decodeJWT)(jwt);
472
472
  return (0, import_ssi_types.isVcdm2Credential)(payload);
473
473
  }
474
474
  /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiableCredential} */
@@ -516,7 +516,7 @@ var CredentialProviderVcdm2Jose = class {
516
516
  clientIdScheme: "did"
517
517
  });
518
518
  debug(jwt);
519
- return (0, import_did_jwt_vc3.normalizeCredential)(jwt.jwt);
519
+ return (0, import_did_jwt_vc.normalizeCredential)(jwt.jwt);
520
520
  }
521
521
  /** {@inheritdoc ICredentialVerifier.verifyCredential} */
522
522
  async verifyCredential(args, context) {
@@ -589,7 +589,7 @@ var CredentialProviderVcdm2Jose = class {
589
589
  clientIdScheme: "did"
590
590
  });
591
591
  debug(jwt);
592
- return (0, import_did_jwt_vc3.normalizePresentation)(jwt.jwt);
592
+ return (0, import_did_jwt_vc.normalizePresentation)(jwt.jwt);
593
593
  }
594
594
  /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.verifyPresentation} */
595
595
  async verifyPresentation(args, context) {
@@ -608,7 +608,7 @@ var CredentialProviderVcdm2Jose = class {
608
608
  };
609
609
  let audience = domain;
610
610
  if (!audience) {
611
- const { payload } = await (0, import_did_jwt2.decodeJWT)(jwt);
611
+ const { payload } = await (0, import_did_jwt3.decodeJWT)(jwt);
612
612
  if (payload.aud) {
613
613
  const intendedAudience = (0, import_ssi_sdk2.asArray)(payload.aud);
614
614
  const managedDids = await context.agent.didManagerFind();
@@ -620,7 +620,7 @@ var CredentialProviderVcdm2Jose = class {
620
620
  }
621
621
  let message, errorCode;
622
622
  try {
623
- const result = await (0, import_did_jwt_vc3.verifyPresentation)(jwt, resolver, {
623
+ const result = await (0, import_did_jwt_vc.verifyPresentation)(jwt, resolver, {
624
624
  challenge,
625
625
  domain,
626
626
  audience,
@@ -691,13 +691,13 @@ async function verifierSignature({ jwt }, verifierContext) {
691
691
  payload,
692
692
  header
693
693
  /*signature, data*/
694
- } = (0, import_did_jwt2.decodeJWT)(jwt);
694
+ } = (0, import_did_jwt3.decodeJWT)(jwt);
695
695
  if (!payload.iss && !payload.client_id) {
696
- throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT iss or client_id are required`);
696
+ throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT iss or client_id are required`);
697
697
  }
698
698
  if (payload.iss === SELF_ISSUED_V2 || payload.iss === SELF_ISSUED_V2_VC_INTEROP) {
699
699
  if (!payload.sub) {
700
- throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT sub is required`);
700
+ throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT sub is required`);
701
701
  }
702
702
  if (typeof payload.sub_jwk === "undefined") {
703
703
  credIssuer = payload.sub;
@@ -706,12 +706,12 @@ async function verifierSignature({ jwt }, verifierContext) {
706
706
  }
707
707
  } else if (payload.iss === SELF_ISSUED_V0_1) {
708
708
  if (!payload.did) {
709
- throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT did is required`);
709
+ throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT did is required`);
710
710
  }
711
711
  credIssuer = payload.did;
712
712
  } else if (!payload.iss && payload.scope === "openid" && payload.redirect_uri) {
713
713
  if (!payload.client_id) {
714
- throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: JWT client_id is required`);
714
+ throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: JWT client_id is required`);
715
715
  }
716
716
  credIssuer = payload.client_id;
717
717
  } else if (payload.iss?.indexOf("did:") === 0) {
@@ -722,7 +722,7 @@ async function verifierSignature({ jwt }, verifierContext) {
722
722
  credIssuer = payload.iss;
723
723
  }
724
724
  if (!credIssuer) {
725
- throw new Error(`${import_did_jwt2.JWT_ERROR.INVALID_JWT}: No DID has been found in the JWT`);
725
+ throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: No DID has been found in the JWT`);
726
726
  }
727
727
  const resolution = await agent.identifierExternalResolve({
728
728
  identifier: credIssuer