@sphereon/ssi-sdk.credential-vcdm2-jose-provider 0.33.1-feature.jose.vcdm.67 → 0.33.1-feature.vcdm.verification.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +108 -27
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +4 -3
  4. package/dist/index.d.ts +4 -3
  5. package/dist/index.js +102 -21
  6. package/dist/index.js.map +1 -1
  7. package/package.json +13 -13
  8. package/src/__tests__/issue-verify-flow-vcdm2-jose.test.ts +11 -2
  9. package/src/agent/CredentialProviderVcdm2Jose.ts +161 -61
package/dist/index.js CHANGED
@@ -2,14 +2,15 @@ var __defProp = Object.defineProperty;
2
2
  var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
3
3
 
4
4
  // src/agent/CredentialProviderVcdm2Jose.ts
5
- import { pickSigningKey, preProcessCredentialPayload, preProcessPresentation } from "@sphereon/ssi-sdk.credential-vcdm";
6
- import { normalizeCredential, normalizePresentation, verifyPresentation as verifyPresentationJWT } from "did-jwt-vc";
7
- import { decodeJWT, JWT_ERROR as JWT_ERROR2 } from "did-jwt";
8
- import Debug from "debug";
9
- import { asArray, intersect } from "@sphereon/ssi-sdk.core";
10
- import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
11
5
  import { isDidIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
6
+ import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
7
+ import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
8
+ import { asArray, intersect } from "@sphereon/ssi-sdk.core";
9
+ import { pickSigningKey, preProcessCredentialPayload, preProcessPresentation } from "@sphereon/ssi-sdk.credential-vcdm";
12
10
  import { CredentialMapper, isVcdm2Credential } from "@sphereon/ssi-types";
11
+ import Debug from "debug";
12
+ import { decodeJWT, JWT_ERROR as JWT_ERROR2 } from "did-jwt";
13
+ import { normalizeCredential, normalizePresentation, verifyPresentation as verifyPresentationJWT } from "did-jwt-vc";
13
14
 
14
15
  // src/did-jwt/JWT.ts
15
16
  import canonicalizeData from "canonicalize";
@@ -409,7 +410,6 @@ var SELF_ISSUED_V2_VC_INTEROP = "https://self-issued.me/v2/openid-vc";
409
410
  var SELF_ISSUED_V0_1 = "https://self-issued.me";
410
411
 
411
412
  // src/agent/CredentialProviderVcdm2Jose.ts
412
- import { signatureAlgorithmFromKey } from "@sphereon/ssi-sdk-ext.key-utils";
413
413
  var debug = Debug("sphereon:ssi-sdk:credential-jwt");
414
414
  var CredentialProviderVcdm2Jose = class {
415
415
  static {
@@ -483,13 +483,10 @@ var CredentialProviderVcdm2Jose = class {
483
483
  }
484
484
  /** {@inheritdoc ICredentialVerifier.verifyCredential} */
485
485
  async verifyCredential(args, context) {
486
- let {
487
- credential
488
- /*policies, ...otherOptions*/
489
- } = args;
486
+ let { credential, policies } = args;
490
487
  const uniform = CredentialMapper.toUniformCredential(credential);
491
488
  if (!isVcdm2Credential(uniform)) {
492
- return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " + credential["@context"]));
489
+ return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential. Context: " + uniform["@context"]));
493
490
  }
494
491
  let verificationResult = {
495
492
  verified: false
@@ -498,8 +495,16 @@ var CredentialProviderVcdm2Jose = class {
498
495
  if (!jwt) {
499
496
  return Promise.reject(new Error("invalid_argument: credential must be a VCDM2 credential in JOSE format (string)"));
500
497
  }
498
+ policies = {
499
+ ...policies,
500
+ nbf: policies?.nbf ?? policies?.issuanceDate ?? policies?.validFrom,
501
+ iat: policies?.iat ?? policies?.issuanceDate ?? policies?.validFrom,
502
+ exp: policies?.exp ?? policies?.expirationDate ?? policies?.validUntil,
503
+ aud: policies?.aud ?? policies?.audience
504
+ };
501
505
  verificationResult = await verifierSignature({
502
- jwt
506
+ jwt,
507
+ policies
503
508
  }, context);
504
509
  return verificationResult;
505
510
  }
@@ -599,7 +604,18 @@ var CredentialProviderVcdm2Jose = class {
599
604
  if (result) {
600
605
  return {
601
606
  verified: true,
602
- verifiablePresentation: result
607
+ results: [
608
+ {
609
+ verified: true,
610
+ presentation: result.verifiablePresentation,
611
+ log: [
612
+ {
613
+ id: "valid_signature",
614
+ valid: true
615
+ }
616
+ ]
617
+ }
618
+ ]
603
619
  };
604
620
  }
605
621
  } catch (e) {
@@ -646,7 +662,7 @@ var CredentialProviderVcdm2Jose = class {
646
662
  };
647
663
  }
648
664
  };
649
- async function verifierSignature({ jwt }, verifierContext) {
665
+ async function verifierSignature({ jwt, policies }, verifierContext) {
650
666
  let credIssuer = void 0;
651
667
  const context = assertContext(verifierContext);
652
668
  const agent = context.agent;
@@ -687,9 +703,16 @@ async function verifierSignature({ jwt }, verifierContext) {
687
703
  if (!credIssuer) {
688
704
  throw new Error(`${JWT_ERROR2.INVALID_JWT}: No DID has been found in the JWT`);
689
705
  }
690
- const resolution = await agent.identifierExternalResolve({
691
- identifier: credIssuer
692
- });
706
+ let resolution = void 0;
707
+ try {
708
+ resolution = await agent.identifierExternalResolve({
709
+ identifier: credIssuer
710
+ });
711
+ } catch (e) {
712
+ }
713
+ const credential = CredentialMapper.toUniformCredential(jwt);
714
+ const validFromError = policies.nbf !== false && policies.iat !== false && "validFrom" in credential && !!credential.validFrom && Date.parse(credential.validFrom) > (/* @__PURE__ */ new Date()).getTime();
715
+ const expired = policies.exp !== false && "validUntil" in credential && !!credential.validUntil && Date.parse(credential.validUntil) < (/* @__PURE__ */ new Date()).getTime();
693
716
  const didOpts = {
694
717
  method: "did",
695
718
  identifier: credIssuer
@@ -697,27 +720,85 @@ async function verifierSignature({ jwt }, verifierContext) {
697
720
  const jwtResult = await agent.jwtVerifyJwsSignature({
698
721
  jws: jwt,
699
722
  // @ts-ignore
700
- jwk: resolution.jwks[0].jwk,
723
+ jwk: resolution?.jwks[0].jwk,
701
724
  opts: {
702
725
  ...isDidIdentifier(credIssuer) && {
703
726
  did: didOpts
704
727
  }
705
728
  }
706
729
  });
707
- if (jwtResult.error) {
730
+ const error = jwtResult.error || expired || !resolution;
731
+ const errorMessage = expired ? "Credential is expired" : validFromError ? "Credential is not valid yet" : !resolution ? `Issuer ${credIssuer} could not be resolved` : jwtResult.message;
732
+ if (error) {
733
+ const log2 = [
734
+ {
735
+ id: "valid_signature",
736
+ valid: !jwtResult.error
737
+ },
738
+ {
739
+ id: "issuer_did_resolves",
740
+ valid: resolution != void 0
741
+ },
742
+ {
743
+ id: "validFrom",
744
+ valid: !validFromError
745
+ },
746
+ {
747
+ id: "expiration",
748
+ valid: !expired
749
+ }
750
+ ];
708
751
  return {
709
752
  verified: false,
710
753
  error: {
711
- message: jwtResult.message,
754
+ message: errorMessage,
712
755
  errorCode: jwtResult.name
713
756
  },
757
+ log: log2,
758
+ results: [
759
+ {
760
+ verified: false,
761
+ credential: jwt,
762
+ log: log2,
763
+ error: {
764
+ message: errorMessage,
765
+ errorCode: jwtResult.name
766
+ }
767
+ }
768
+ ],
714
769
  payload,
715
770
  didResolutionResult: resolution,
716
771
  jwt
717
772
  };
718
773
  }
774
+ const log = [
775
+ {
776
+ id: "valid_signature",
777
+ valid: true
778
+ },
779
+ {
780
+ id: "issuer_did_resolves",
781
+ valid: true
782
+ },
783
+ {
784
+ id: "validFrom",
785
+ valid: true
786
+ },
787
+ {
788
+ id: "expiration",
789
+ valid: true
790
+ }
791
+ ];
719
792
  return {
720
793
  verified: true,
794
+ log,
795
+ results: [
796
+ {
797
+ verified: true,
798
+ credential,
799
+ log
800
+ }
801
+ ],
721
802
  payload,
722
803
  didResolutionResult: resolution,
723
804
  jwt