@sphereon/ssi-sdk.credential-vcdm2-jose-provider 0.33.1-feature.jose.vcdm.67 → 0.33.1-feature.vcdm.verification.69

package/dist/index.cjs

@@ -36,14 +36,15 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/agent/CredentialProviderVcdm2Jose.ts
-var import_ssi_sdk = require("@sphereon/ssi-sdk.credential-vcdm");
-var import_did_jwt_vc = require("did-jwt-vc");
-var import_did_jwt3 = require("did-jwt");
-var import_debug = __toESM(require("debug"), 1);
-var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.agent-config");
 var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.identifier-resolution");
+var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.key-utils");
+var import_ssi_sdk = require("@sphereon/ssi-sdk.agent-config");
+var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk3 = require("@sphereon/ssi-sdk.credential-vcdm");
 var import_ssi_types = require("@sphereon/ssi-types");
+var import_debug = __toESM(require("debug"), 1);
+var import_did_jwt3 = require("did-jwt");
+var import_did_jwt_vc = require("did-jwt-vc");
 
 // src/did-jwt/JWT.ts
 var import_canonicalize = __toESM(require("canonicalize"), 1);
@@ -443,7 +444,6 @@ var SELF_ISSUED_V2_VC_INTEROP = "https://self-issued.me/v2/openid-vc";
 var SELF_ISSUED_V0_1 = "https://self-issued.me";
 
 // src/agent/CredentialProviderVcdm2Jose.ts
-var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.key-utils");
 var debug = (0, import_debug.default)("sphereon:ssi-sdk:credential-jwt");
 var CredentialProviderVcdm2Jose = class {
   static {
@@ -476,7 +476,7 @@ var CredentialProviderVcdm2Jose = class {
   async createVerifiableCredential(args, context) {
     const { keyRef } = args;
     const agent = assertContext(context).agent;
-    const { credential, issuer } = (0, import_ssi_sdk.preProcessCredentialPayload)(args);
+    const { credential, issuer } = (0, import_ssi_sdk3.preProcessCredentialPayload)(args);
     if (!(0, import_ssi_types.isVcdm2Credential)(credential)) {
       return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " + credential["@context"]));
     }
@@ -492,7 +492,7 @@ var CredentialProviderVcdm2Jose = class {
       identifier: identifier.did,
       kmsKeyRef: keyRef
     });
-    const key = await (0, import_ssi_sdk.pickSigningKey)({
+    const key = await (0, import_ssi_sdk3.pickSigningKey)({
       identifier,
       kmsKeyRef: keyRef
     }, context);
@@ -523,7 +523,7 @@ var CredentialProviderVcdm2Jose = class {
     } = args;
     const uniform = import_ssi_types.CredentialMapper.toUniformCredential(credential);
     if (!(0, import_ssi_types.isVcdm2Credential)(uniform)) {
-      return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " + credential["@context"]));
+      return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " + uniform["@context"]));
     }
     let verificationResult = {
       verified: false
@@ -539,7 +539,7 @@ var CredentialProviderVcdm2Jose = class {
   }
   /** {@inheritdoc @veramo/credential-w3c#AbstractCredentialProvider.createVerifiablePresentation} */
   async createVerifiablePresentation(args, context) {
-    const { presentation, holder } = (0, import_ssi_sdk.preProcessPresentation)(args);
+    const { presentation, holder } = (0, import_ssi_sdk3.preProcessPresentation)(args);
     let {
       domain,
       challenge,
@@ -552,7 +552,7 @@ var CredentialProviderVcdm2Jose = class {
       kmsKeyRef: keyRef
     });
     const identifier = managedIdentifier.identifier;
-    const key = await (0, import_ssi_sdk.pickSigningKey)({
+    const key = await (0, import_ssi_sdk3.pickSigningKey)({
       identifier: managedIdentifier.identifier,
       kmsKeyRef: managedIdentifier.kmsKeyRef
     }, context);
@@ -633,7 +633,18 @@ var CredentialProviderVcdm2Jose = class {
       if (result) {
         return {
           verified: true,
-          verifiablePresentation: result
+          results: [
+            {
+              verified: true,
+              presentation: result.verifiablePresentation,
+              log: [
+                {
+                  id: "valid_signature",
+                  valid: true
+                }
+              ]
+            }
+          ]
         };
       }
     } catch (e) {
@@ -721,9 +732,15 @@ async function verifierSignature({ jwt }, verifierContext) {
   if (!credIssuer) {
     throw new Error(`${import_did_jwt3.JWT_ERROR.INVALID_JWT}: No DID has been found in the JWT`);
   }
-  const resolution = await agent.identifierExternalResolve({
-    identifier: credIssuer
-  });
+  let resolution = void 0;
+  try {
+    resolution = await agent.identifierExternalResolve({
+      identifier: credIssuer
+    });
+  } catch (e) {
+  }
+  const credential = import_ssi_types.CredentialMapper.toUniformCredential(jwt);
+  const expired = "validUntil" in credential && !!credential.validUntil && Date.parse(credential.validUntil) < (/* @__PURE__ */ new Date()).getTime() / 1e3;
   const didOpts = {
     method: "did",
     identifier: credIssuer
@@ -731,27 +748,77 @@ async function verifierSignature({ jwt }, verifierContext) {
   const jwtResult = await agent.jwtVerifyJwsSignature({
     jws: jwt,
     // @ts-ignore
-    jwk: resolution.jwks[0].jwk,
+    jwk: resolution?.jwks[0].jwk,
     opts: {
       ...(0, import_ssi_sdk_ext.isDidIdentifier)(credIssuer) && {
         did: didOpts
       }
     }
   });
-  if (jwtResult.error) {
+  const error = jwtResult.error || expired || !resolution;
+  const errorMessage = expired ? "Credential is expired" : !resolution ? `Issuer ${credIssuer} could not be resolved` : jwtResult.message;
+  if (error) {
+    const log2 = [
+      {
+        id: "valid_signature",
+        valid: false
+      },
+      {
+        id: "issuer_did_resolves",
+        valid: resolution != void 0
+      },
+      {
+        id: "expiration",
+        valid: !expired
+      }
+    ];
     return {
       verified: false,
       error: {
-        message: jwtResult.message,
+        message: errorMessage,
         errorCode: jwtResult.name
       },
+      log: log2,
+      results: [
+        {
+          verified: false,
+          credential: jwt,
+          log: log2,
+          error: {
+            message: errorMessage,
+            errorCode: jwtResult.name
+          }
+        }
+      ],
       payload,
       didResolutionResult: resolution,
       jwt
     };
   }
+  const log = [
+    {
+      id: "valid_signature",
+      valid: true
+    },
+    {
+      id: "issuer_did_resolves",
+      valid: true
+    },
+    {
+      id: "expiration",
+      valid: true
+    }
+  ];
   return {
     verified: true,
+    log,
+    results: [
+      {
+        verified: true,
+        credential,
+        log
+      }
+    ],
     payload,
     didResolutionResult: resolution,
     jwt
@@ -759,9 +826,9 @@ async function verifierSignature({ jwt }, verifierContext) {
 }
 __name(verifierSignature, "verifierSignature");
 function assertContext(context) {
-  if (!(0, import_ssi_sdk3.contextHasPlugin)(context, "jwtPrepareJws")) {
+  if (!(0, import_ssi_sdk.contextHasPlugin)(context, "jwtPrepareJws")) {
     throw Error("JwtService plugin not found, which is required for JWT signing in the VCDM2 Jose credential provider. Please add the JwtService plugin to your agent configuration.");
-  } else if (!(0, import_ssi_sdk3.contextHasPlugin)(context, "identifierManagedGet")) {
+  } else if (!(0, import_ssi_sdk.contextHasPlugin)(context, "identifierManagedGet")) {
     throw Error("Identifier resolution plugin not found, which is required for JWT signing in the VCDM2 Jose credential provider. Please add the JwtService plugin to your agent configuration.");
   }
   return context;