@sphereon/ssi-sdk.credential-vcdm2-jose-provider 0.33.1-feature.jose.vcdm.67 → 0.33.1-feature.vcdm.verification.69
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +88 -21
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +4 -3
- package/dist/index.d.ts +4 -3
- package/dist/index.js +82 -15
- package/dist/index.js.map +1 -1
- package/package.json +13 -13
- package/src/__tests__/issue-verify-flow-vcdm2-jose.test.ts +11 -2
- package/src/agent/CredentialProviderVcdm2Jose.ts +127 -41
package/dist/index.js
CHANGED
|
@@ -2,14 +2,15 @@ var __defProp = Object.defineProperty;
|
|
|
2
2
|
var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
|
|
3
3
|
|
|
4
4
|
// src/agent/CredentialProviderVcdm2Jose.ts
|
|
5
|
-
import { pickSigningKey, preProcessCredentialPayload, preProcessPresentation } from "@sphereon/ssi-sdk.credential-vcdm";
|
|
6
|
-
import { normalizeCredential, normalizePresentation, verifyPresentation as verifyPresentationJWT } from "did-jwt-vc";
|
|
7
|
-
import { decodeJWT, JWT_ERROR as JWT_ERROR2 } from "did-jwt";
|
|
8
|
-
import Debug from "debug";
|
|
9
|
-
import { asArray, intersect } from "@sphereon/ssi-sdk.core";
|
|
10
|
-
import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
|
|
11
5
|
import { isDidIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
|
|
6
|
+
import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
|
|
7
|
+
import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
|
|
8
|
+
import { asArray, intersect } from "@sphereon/ssi-sdk.core";
|
|
9
|
+
import { pickSigningKey, preProcessCredentialPayload, preProcessPresentation } from "@sphereon/ssi-sdk.credential-vcdm";
|
|
12
10
|
import { CredentialMapper, isVcdm2Credential } from "@sphereon/ssi-types";
|
|
11
|
+
import Debug from "debug";
|
|
12
|
+
import { decodeJWT, JWT_ERROR as JWT_ERROR2 } from "did-jwt";
|
|
13
|
+
import { normalizeCredential, normalizePresentation, verifyPresentation as verifyPresentationJWT } from "did-jwt-vc";
|
|
13
14
|
|
|
14
15
|
// src/did-jwt/JWT.ts
|
|
15
16
|
import canonicalizeData from "canonicalize";
|
|
@@ -409,7 +410,6 @@ var SELF_ISSUED_V2_VC_INTEROP = "https://self-issued.me/v2/openid-vc";
|
|
|
409
410
|
var SELF_ISSUED_V0_1 = "https://self-issued.me";
|
|
410
411
|
|
|
411
412
|
// src/agent/CredentialProviderVcdm2Jose.ts
|
|
412
|
-
import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
|
|
413
413
|
var debug = Debug("sphereon:ssi-sdk:credential-jwt");
|
|
414
414
|
var CredentialProviderVcdm2Jose = class {
|
|
415
415
|
static {
|
|
@@ -489,7 +489,7 @@ var CredentialProviderVcdm2Jose = class {
|
|
|
489
489
|
} = args;
|
|
490
490
|
const uniform = CredentialMapper.toUniformCredential(credential);
|
|
491
491
|
if (!isVcdm2Credential(uniform)) {
|
|
492
|
-
return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " +
|
|
492
|
+
return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " + uniform["@context"]));
|
|
493
493
|
}
|
|
494
494
|
let verificationResult = {
|
|
495
495
|
verified: false
|
|
@@ -599,7 +599,18 @@ var CredentialProviderVcdm2Jose = class {
|
|
|
599
599
|
if (result) {
|
|
600
600
|
return {
|
|
601
601
|
verified: true,
|
|
602
|
-
|
|
602
|
+
results: [
|
|
603
|
+
{
|
|
604
|
+
verified: true,
|
|
605
|
+
presentation: result.verifiablePresentation,
|
|
606
|
+
log: [
|
|
607
|
+
{
|
|
608
|
+
id: "valid_signature",
|
|
609
|
+
valid: true
|
|
610
|
+
}
|
|
611
|
+
]
|
|
612
|
+
}
|
|
613
|
+
]
|
|
603
614
|
};
|
|
604
615
|
}
|
|
605
616
|
} catch (e) {
|
|
@@ -687,9 +698,15 @@ async function verifierSignature({ jwt }, verifierContext) {
|
|
|
687
698
|
if (!credIssuer) {
|
|
688
699
|
throw new Error(`${JWT_ERROR2.INVALID_JWT}: No DID has been found in the JWT`);
|
|
689
700
|
}
|
|
690
|
-
|
|
691
|
-
|
|
692
|
-
|
|
701
|
+
let resolution = void 0;
|
|
702
|
+
try {
|
|
703
|
+
resolution = await agent.identifierExternalResolve({
|
|
704
|
+
identifier: credIssuer
|
|
705
|
+
});
|
|
706
|
+
} catch (e) {
|
|
707
|
+
}
|
|
708
|
+
const credential = CredentialMapper.toUniformCredential(jwt);
|
|
709
|
+
const expired = "validUntil" in credential && !!credential.validUntil && Date.parse(credential.validUntil) < (/* @__PURE__ */ new Date()).getTime() / 1e3;
|
|
693
710
|
const didOpts = {
|
|
694
711
|
method: "did",
|
|
695
712
|
identifier: credIssuer
|
|
@@ -697,27 +714,77 @@ async function verifierSignature({ jwt }, verifierContext) {
|
|
|
697
714
|
const jwtResult = await agent.jwtVerifyJwsSignature({
|
|
698
715
|
jws: jwt,
|
|
699
716
|
// @ts-ignore
|
|
700
|
-
jwk: resolution
|
|
717
|
+
jwk: resolution?.jwks[0].jwk,
|
|
701
718
|
opts: {
|
|
702
719
|
...isDidIdentifier(credIssuer) && {
|
|
703
720
|
did: didOpts
|
|
704
721
|
}
|
|
705
722
|
}
|
|
706
723
|
});
|
|
707
|
-
|
|
724
|
+
const error = jwtResult.error || expired || !resolution;
|
|
725
|
+
const errorMessage = expired ? "Credential is expired" : !resolution ? `Issuer ${credIssuer} could not be resolved` : jwtResult.message;
|
|
726
|
+
if (error) {
|
|
727
|
+
const log2 = [
|
|
728
|
+
{
|
|
729
|
+
id: "valid_signature",
|
|
730
|
+
valid: false
|
|
731
|
+
},
|
|
732
|
+
{
|
|
733
|
+
id: "issuer_did_resolves",
|
|
734
|
+
valid: resolution != void 0
|
|
735
|
+
},
|
|
736
|
+
{
|
|
737
|
+
id: "expiration",
|
|
738
|
+
valid: !expired
|
|
739
|
+
}
|
|
740
|
+
];
|
|
708
741
|
return {
|
|
709
742
|
verified: false,
|
|
710
743
|
error: {
|
|
711
|
-
message:
|
|
744
|
+
message: errorMessage,
|
|
712
745
|
errorCode: jwtResult.name
|
|
713
746
|
},
|
|
747
|
+
log: log2,
|
|
748
|
+
results: [
|
|
749
|
+
{
|
|
750
|
+
verified: false,
|
|
751
|
+
credential: jwt,
|
|
752
|
+
log: log2,
|
|
753
|
+
error: {
|
|
754
|
+
message: errorMessage,
|
|
755
|
+
errorCode: jwtResult.name
|
|
756
|
+
}
|
|
757
|
+
}
|
|
758
|
+
],
|
|
714
759
|
payload,
|
|
715
760
|
didResolutionResult: resolution,
|
|
716
761
|
jwt
|
|
717
762
|
};
|
|
718
763
|
}
|
|
764
|
+
const log = [
|
|
765
|
+
{
|
|
766
|
+
id: "valid_signature",
|
|
767
|
+
valid: true
|
|
768
|
+
},
|
|
769
|
+
{
|
|
770
|
+
id: "issuer_did_resolves",
|
|
771
|
+
valid: true
|
|
772
|
+
},
|
|
773
|
+
{
|
|
774
|
+
id: "expiration",
|
|
775
|
+
valid: true
|
|
776
|
+
}
|
|
777
|
+
];
|
|
719
778
|
return {
|
|
720
779
|
verified: true,
|
|
780
|
+
log,
|
|
781
|
+
results: [
|
|
782
|
+
{
|
|
783
|
+
verified: true,
|
|
784
|
+
credential,
|
|
785
|
+
log
|
|
786
|
+
}
|
|
787
|
+
],
|
|
721
788
|
payload,
|
|
722
789
|
didResolutionResult: resolution,
|
|
723
790
|
jwt
|