@sphereon/ssi-sdk.mdl-mdoc 0.30.2-fix.367 → 0.30.2-fix.395
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/mDLMdoc.d.ts +45 -0
- package/dist/agent/mDLMdoc.d.ts.map +1 -1
- package/dist/agent/mDLMdoc.js +139 -35
- package/dist/agent/mDLMdoc.js.map +1 -1
- package/dist/functions/index.d.ts +13 -8
- package/dist/functions/index.d.ts.map +1 -1
- package/dist/functions/index.js +87 -40
- package/dist/functions/index.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -1
- package/dist/index.js.map +1 -1
- package/dist/types/ImDLMdoc.d.ts +14 -6
- package/dist/types/ImDLMdoc.d.ts.map +1 -1
- package/package.json +16 -16
- package/src/agent/mDLMdoc.ts +182 -46
- package/src/functions/index.ts +100 -43
- package/src/index.ts +2 -1
- package/src/types/ImDLMdoc.ts +14 -6
package/dist/agent/mDLMdoc.d.ts
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
import { IAgentPlugin } from '@veramo/core';
|
|
2
2
|
import { ImDLMdoc } from '../types/ImDLMdoc';
|
|
3
3
|
export declare const mdocSupportMethods: Array<string>;
|
|
4
|
+
/**
|
|
5
|
+
* The MDLMdoc class implements the IAgentPlugin interface, providing methods for
|
|
6
|
+
* verification and information retrieval related to X.509 certificates and mDL (mobile
|
|
7
|
+
* driver's license) documents.
|
|
8
|
+
*/
|
|
4
9
|
export declare class MDLMdoc implements IAgentPlugin {
|
|
5
10
|
readonly schema: any;
|
|
6
11
|
readonly methods: ImDLMdoc;
|
|
@@ -14,10 +19,50 @@ export declare class MDLMdoc implements IAgentPlugin {
|
|
|
14
19
|
blindlyTrustedAnchors?: string[];
|
|
15
20
|
};
|
|
16
21
|
});
|
|
22
|
+
/**
|
|
23
|
+
* Processes and verifies the provided mdoc, generates device response and presentation submission tokens.
|
|
24
|
+
*
|
|
25
|
+
* @param {MdocOid4vpPresentArgs} args - An object containing arguments for mdoc oid4vp holder presentation.
|
|
26
|
+
* @param {IRequiredContext} _context - Required context for the operation.
|
|
27
|
+
* @return {Promise<MdocOid4VPPresentationAuth>} A promise that resolves to an object containing vp_token and presentation_submission.
|
|
28
|
+
*/
|
|
17
29
|
private mdocOid4vpHolderPresent;
|
|
30
|
+
/**
|
|
31
|
+
* Verifies the Result Provider (RP) for mdoc (mobile document) OIDC4VP (OpenID Connect for Verifiable Presentations).
|
|
32
|
+
*
|
|
33
|
+
* @param {MdocOid4vpRPVerifyArgs} args - The arguments required for verification, including the vp_token, presentation_submission, and trustAnchors.
|
|
34
|
+
* @param {IRequiredContext} _context - The required context for this method.
|
|
35
|
+
* @return {Promise<MdocOid4vpRPVerifyResult>} - A promise that resolves to an object containing error status,
|
|
36
|
+
* validated documents, and the original presentation submission.
|
|
37
|
+
*/
|
|
18
38
|
private mdocOid4vpRPVerify;
|
|
39
|
+
/**
|
|
40
|
+
* Verifies the issuer-signed Mobile Document (mDoc) using the provided arguments and context.
|
|
41
|
+
*
|
|
42
|
+
* @param {MdocVerifyIssuerSignedArgs} args - The arguments required for verification, including input and key information.
|
|
43
|
+
* @param {IRequiredContext} context - The context encompassing necessary dependencies and configurations.
|
|
44
|
+
* @return {Promise<IVerifySignatureResult<KeyType>>} A promise that resolves to the result of the signature verification, including key information if available.
|
|
45
|
+
*/
|
|
19
46
|
private mdocVerifyIssuerSigned;
|
|
47
|
+
/**
|
|
48
|
+
* Verifies an X.509 certificate chain against a set of trust anchors.
|
|
49
|
+
*
|
|
50
|
+
* @param {VerifyCertificateChainArgs} args - The arguments required for verifying the certificate chain.
|
|
51
|
+
* This includes the certificate chain to be verified and any additional trust anchors to be used.
|
|
52
|
+
* @param {IRequiredContext} _context - The context required for verification, including necessary dependencies and settings.
|
|
53
|
+
* @return {Promise<X509ValidationResult>} A promise that resolves to the result of the validation process, indicating the success or failure of the certificate chain verification.
|
|
54
|
+
*/
|
|
20
55
|
private x509VerifyCertificateChain;
|
|
56
|
+
/**
|
|
57
|
+
* Extracts information from a list of X509 certificates.
|
|
58
|
+
*
|
|
59
|
+
* @param {GetX509CertificateInfoArgs} args - Arguments required to retrieve certificate information,
|
|
60
|
+
* including the certificates and optional Subject Alternative Name (SAN) type filter.
|
|
61
|
+
* @param {IRequiredContext} context - The context required for the operation, which may include
|
|
62
|
+
* logging, configuration, and other operational details.
|
|
63
|
+
* @return {Promise<CertificateInfo[]>} A promise that resolves with an array of certificate
|
|
64
|
+
* information objects, each containing details extracted from individual certificates.
|
|
65
|
+
*/
|
|
21
66
|
private x509GetCertificateInfo;
|
|
22
67
|
}
|
|
23
68
|
//# sourceMappingURL=mDLMdoc.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mDLMdoc.d.ts","sourceRoot":"","sources":["../../src/agent/mDLMdoc.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"mDLMdoc.d.ts","sourceRoot":"","sources":["../../src/agent/mDLMdoc.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAS3C,OAAO,EAEL,QAAQ,EAKT,MAAM,mBAAmB,CAAA;AAiB1B,eAAO,MAAM,kBAAkB,EAAE,KAAK,CAAC,MAAM,CAM5C,CAAA;AAED;;;;GAIG;AACH,qBAAa,OAAQ,YAAW,YAAY;IAC1C,QAAQ,CAAC,MAAM,MAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAMzB;IACD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAU;IACvC,OAAO,CAAC,IAAI,CAIX;gBAEW,IAAI,CAAC,EAAE;QACjB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;QACvB,IAAI,CAAC,EAAE;YAEL,sBAAsB,CAAC,EAAE,OAAO,CAAA;YAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;YAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;SACjC,CAAA;KACF;IAKD;;;;;;OAMG;YACW,uBAAuB;IAgFrC;;;;;;;OAOG;YACW,kBAAkB;IA+ChC;;;;;;OAMG;YACW,sBAAsB;IAWpC;;;;;;;OAOG;YACW,0BAA0B;IAUxC;;;;;;;;;OASG;YACW,sBAAsB;CAIrC"}
|
package/dist/agent/mDLMdoc.js
CHANGED
|
@@ -10,25 +10,33 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.MDLMdoc = exports.mdocSupportMethods = void 0;
|
|
13
|
-
const
|
|
13
|
+
const kmp_mdoc_core_1 = require("@sphereon/kmp-mdoc-core");
|
|
14
14
|
const ssi_sdk_ext_x509_utils_1 = require("@sphereon/ssi-sdk-ext.x509-utils");
|
|
15
15
|
const __1 = require("..");
|
|
16
16
|
const functions_1 = require("../functions");
|
|
17
|
-
var CoseSign1Json =
|
|
18
|
-
var
|
|
19
|
-
var
|
|
20
|
-
var
|
|
21
|
-
var
|
|
22
|
-
var
|
|
23
|
-
var
|
|
24
|
-
var
|
|
17
|
+
var CoseSign1Json = kmp_mdoc_core_1.com.sphereon.crypto.cose.CoseSign1Json;
|
|
18
|
+
var CoseCryptoServiceJS = kmp_mdoc_core_1.com.sphereon.crypto.CoseCryptoServiceJS;
|
|
19
|
+
var CoseJoseKeyMappingService = kmp_mdoc_core_1.com.sphereon.crypto.CoseJoseKeyMappingService;
|
|
20
|
+
var DateTimeUtils = kmp_mdoc_core_1.com.sphereon.kmp.DateTimeUtils;
|
|
21
|
+
var decodeFrom = kmp_mdoc_core_1.com.sphereon.kmp.decodeFrom;
|
|
22
|
+
var encodeTo = kmp_mdoc_core_1.com.sphereon.kmp.encodeTo;
|
|
23
|
+
var Encoding = kmp_mdoc_core_1.com.sphereon.kmp.Encoding;
|
|
24
|
+
var DeviceResponseCbor = kmp_mdoc_core_1.com.sphereon.mdoc.data.device.DeviceResponseCbor;
|
|
25
|
+
var MdocValidations = kmp_mdoc_core_1.com.sphereon.mdoc.data.MdocValidations;
|
|
26
|
+
var MdocOid4vpService = kmp_mdoc_core_1.com.sphereon.mdoc.oid4vp.MdocOid4vpServiceJs;
|
|
27
|
+
var Oid4VPPresentationSubmission = kmp_mdoc_core_1.com.sphereon.mdoc.oid4vp.Oid4VPPresentationSubmission;
|
|
25
28
|
exports.mdocSupportMethods = [
|
|
26
29
|
'x509VerifyCertificateChain',
|
|
27
30
|
'x509GetCertificateInfo',
|
|
28
31
|
'mdocVerifyIssuerSigned',
|
|
29
32
|
'mdocOid4vpHolderPresent',
|
|
30
|
-
'mdocOid4vpRPVerify'
|
|
33
|
+
'mdocOid4vpRPVerify'
|
|
31
34
|
];
|
|
35
|
+
/**
|
|
36
|
+
* The MDLMdoc class implements the IAgentPlugin interface, providing methods for
|
|
37
|
+
* verification and information retrieval related to X.509 certificates and mDL (mobile
|
|
38
|
+
* driver's license) documents.
|
|
39
|
+
*/
|
|
32
40
|
class MDLMdoc {
|
|
33
41
|
constructor(args) {
|
|
34
42
|
var _a, _b;
|
|
@@ -38,28 +46,81 @@ class MDLMdoc {
|
|
|
38
46
|
x509GetCertificateInfo: this.x509GetCertificateInfo.bind(this),
|
|
39
47
|
mdocVerifyIssuerSigned: this.mdocVerifyIssuerSigned.bind(this),
|
|
40
48
|
mdocOid4vpHolderPresent: this.mdocOid4vpHolderPresent.bind(this),
|
|
41
|
-
mdocOid4vpRPVerify: this.mdocOid4vpRPVerify.bind(this)
|
|
49
|
+
mdocOid4vpRPVerify: this.mdocOid4vpRPVerify.bind(this)
|
|
42
50
|
};
|
|
43
51
|
this.trustAnchors = (_a = args === null || args === void 0 ? void 0 : args.trustAnchors) !== null && _a !== void 0 ? _a : [];
|
|
44
52
|
this.opts = (_b = args === null || args === void 0 ? void 0 : args.opts) !== null && _b !== void 0 ? _b : { trustRootWhenNoAnchors: true };
|
|
45
53
|
}
|
|
54
|
+
/**
|
|
55
|
+
* Processes and verifies the provided mdoc, generates device response and presentation submission tokens.
|
|
56
|
+
*
|
|
57
|
+
* @param {MdocOid4vpPresentArgs} args - An object containing arguments for mdoc oid4vp holder presentation.
|
|
58
|
+
* @param {IRequiredContext} _context - Required context for the operation.
|
|
59
|
+
* @return {Promise<MdocOid4VPPresentationAuth>} A promise that resolves to an object containing vp_token and presentation_submission.
|
|
60
|
+
*/
|
|
46
61
|
mdocOid4vpHolderPresent(args, _context) {
|
|
47
62
|
return __awaiter(this, void 0, void 0, function* () {
|
|
48
|
-
|
|
49
|
-
const
|
|
50
|
-
const
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
.
|
|
63
|
+
var _a;
|
|
64
|
+
const { mdocs, presentationDefinition, trustAnchors, verifications, mdocHolderNonce, authorizationRequestNonce, responseUri, clientId } = args;
|
|
65
|
+
const oid4vpService = new MdocOid4vpService();
|
|
66
|
+
// const mdoc = DocumentCbor.Static.cborDecode(decodeFrom(mdocBase64Url, Encoding.BASE64URL))
|
|
67
|
+
const validate = (mdoc) => __awaiter(this, void 0, void 0, function* () {
|
|
68
|
+
var _a, _b;
|
|
69
|
+
try {
|
|
70
|
+
const result = yield MdocValidations.fromDocumentAsync(mdoc, null, trustAnchors !== null && trustAnchors !== void 0 ? trustAnchors : this.trustAnchors, DateTimeUtils.Static.DEFAULT.dateTimeLocal(((_b = (_a = verifications === null || verifications === void 0 ? void 0 : verifications.verificationTime) === null || _a === void 0 ? void 0 : _a.getTime()) !== null && _b !== void 0 ? _b : Date.now()) / 1000), verifications === null || verifications === void 0 ? void 0 : verifications.allowExpiredDocuments);
|
|
71
|
+
if (result.error) {
|
|
72
|
+
console.log(JSON.stringify(result, null, 2));
|
|
73
|
+
}
|
|
74
|
+
return result;
|
|
75
|
+
}
|
|
76
|
+
catch (e) {
|
|
77
|
+
console.log(e);
|
|
78
|
+
return {
|
|
79
|
+
error: true,
|
|
80
|
+
verifications: [{
|
|
81
|
+
name: 'mdoc',
|
|
82
|
+
error: true,
|
|
83
|
+
critical: true,
|
|
84
|
+
message: e.message
|
|
85
|
+
}]
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
const allMatches = oid4vpService.matchDocumentsAndDescriptors(mdocHolderNonce, mdocs, presentationDefinition);
|
|
90
|
+
const docsAndDescriptors = [];
|
|
91
|
+
var lastError = undefined;
|
|
92
|
+
for (const match of allMatches) {
|
|
93
|
+
if (match.document) {
|
|
94
|
+
const result = yield validate(match.document);
|
|
95
|
+
if (!result.error || responseUri.includes('openid.net')) {
|
|
96
|
+
// TODO: We relax for the conformance suite, as the cert would be invalid
|
|
97
|
+
docsAndDescriptors.push(match);
|
|
98
|
+
}
|
|
99
|
+
else if (result.error) {
|
|
100
|
+
lastError = result;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
56
103
|
}
|
|
57
|
-
|
|
104
|
+
if (docsAndDescriptors.length === 0) {
|
|
105
|
+
if (lastError) {
|
|
106
|
+
return Promise.reject(Error((_a = lastError.verifications[0].message) !== null && _a !== void 0 ? _a : 'No matching documents found'));
|
|
107
|
+
}
|
|
108
|
+
return Promise.reject(Error('No matching documents found'));
|
|
109
|
+
}
|
|
110
|
+
const deviceResponse = yield oid4vpService.createDeviceResponse(docsAndDescriptors, presentationDefinition, clientId, responseUri, authorizationRequestNonce);
|
|
58
111
|
const vp_token = encodeTo(deviceResponse.cborEncode(), Encoding.BASE64URL);
|
|
59
112
|
const presentation_submission = Oid4VPPresentationSubmission.Static.fromPresentationDefinition(presentationDefinition);
|
|
60
113
|
return { vp_token, presentation_submission };
|
|
61
114
|
});
|
|
62
115
|
}
|
|
116
|
+
/**
|
|
117
|
+
* Verifies the Result Provider (RP) for mdoc (mobile document) OIDC4VP (OpenID Connect for Verifiable Presentations).
|
|
118
|
+
*
|
|
119
|
+
* @param {MdocOid4vpRPVerifyArgs} args - The arguments required for verification, including the vp_token, presentation_submission, and trustAnchors.
|
|
120
|
+
* @param {IRequiredContext} _context - The required context for this method.
|
|
121
|
+
* @return {Promise<MdocOid4vpRPVerifyResult>} - A promise that resolves to an object containing error status,
|
|
122
|
+
* validated documents, and the original presentation submission.
|
|
123
|
+
*/
|
|
63
124
|
mdocOid4vpRPVerify(args, _context) {
|
|
64
125
|
return __awaiter(this, void 0, void 0, function* () {
|
|
65
126
|
const { vp_token, presentation_submission, trustAnchors } = args;
|
|
@@ -69,32 +130,65 @@ class MDLMdoc {
|
|
|
69
130
|
}
|
|
70
131
|
let error = false;
|
|
71
132
|
const documents = yield Promise.all(deviceResponse.documents.map((document) => __awaiter(this, void 0, void 0, function* () {
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
error
|
|
133
|
+
try {
|
|
134
|
+
const validations = yield MdocValidations.fromDocumentAsync(document, null, trustAnchors !== null && trustAnchors !== void 0 ? trustAnchors : this.trustAnchors);
|
|
135
|
+
if (!validations || validations.error) {
|
|
136
|
+
error = true;
|
|
137
|
+
}
|
|
138
|
+
if (presentation_submission.descriptor_map.find((m) => m.id === document.docType.value) === null) {
|
|
139
|
+
error = true;
|
|
140
|
+
validations.verifications.push({
|
|
141
|
+
name: 'mdoc',
|
|
142
|
+
error,
|
|
143
|
+
critical: error,
|
|
144
|
+
message: `No descriptor map id with document type ${document.docType.value} present`
|
|
145
|
+
});
|
|
146
|
+
}
|
|
147
|
+
return { document: document.toJson(), validations };
|
|
75
148
|
}
|
|
76
|
-
|
|
149
|
+
catch (e) {
|
|
77
150
|
error = true;
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
151
|
+
return {
|
|
152
|
+
document: document.toJson(), validations: {
|
|
153
|
+
error: true, verifications: [{
|
|
154
|
+
name: 'mdoc',
|
|
155
|
+
error,
|
|
156
|
+
critical: true,
|
|
157
|
+
message: e.message
|
|
158
|
+
}]
|
|
159
|
+
}
|
|
160
|
+
};
|
|
84
161
|
}
|
|
85
|
-
return { document: document.toJson(), validations };
|
|
86
162
|
})));
|
|
163
|
+
if (error) {
|
|
164
|
+
console.log(JSON.stringify(documents, null, 2));
|
|
165
|
+
}
|
|
87
166
|
return { error, documents, presentation_submission };
|
|
88
167
|
});
|
|
89
168
|
}
|
|
169
|
+
/**
|
|
170
|
+
* Verifies the issuer-signed Mobile Document (mDoc) using the provided arguments and context.
|
|
171
|
+
*
|
|
172
|
+
* @param {MdocVerifyIssuerSignedArgs} args - The arguments required for verification, including input and key information.
|
|
173
|
+
* @param {IRequiredContext} context - The context encompassing necessary dependencies and configurations.
|
|
174
|
+
* @return {Promise<IVerifySignatureResult<KeyType>>} A promise that resolves to the result of the signature verification, including key information if available.
|
|
175
|
+
*/
|
|
90
176
|
mdocVerifyIssuerSigned(args, context) {
|
|
91
177
|
return __awaiter(this, void 0, void 0, function* () {
|
|
92
|
-
const { input, keyInfo } = args;
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
return
|
|
178
|
+
const { input, keyInfo, requireX5Chain } = args;
|
|
179
|
+
const coseKeyInfo = keyInfo && CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo);
|
|
180
|
+
const verification = yield new CoseCryptoServiceJS(new functions_1.CoseCryptoService(context)).verify1(CoseSign1Json.Static.fromDTO(input).toCbor(), coseKeyInfo, requireX5Chain);
|
|
181
|
+
return Object.assign(Object.assign({}, verification), { keyInfo: keyInfo });
|
|
96
182
|
});
|
|
97
183
|
}
|
|
184
|
+
/**
|
|
185
|
+
* Verifies an X.509 certificate chain against a set of trust anchors.
|
|
186
|
+
*
|
|
187
|
+
* @param {VerifyCertificateChainArgs} args - The arguments required for verifying the certificate chain.
|
|
188
|
+
* This includes the certificate chain to be verified and any additional trust anchors to be used.
|
|
189
|
+
* @param {IRequiredContext} _context - The context required for verification, including necessary dependencies and settings.
|
|
190
|
+
* @return {Promise<X509ValidationResult>} A promise that resolves to the result of the validation process, indicating the success or failure of the certificate chain verification.
|
|
191
|
+
*/
|
|
98
192
|
x509VerifyCertificateChain(args, _context) {
|
|
99
193
|
return __awaiter(this, void 0, void 0, function* () {
|
|
100
194
|
var _a, _b;
|
|
@@ -103,6 +197,16 @@ class MDLMdoc {
|
|
|
103
197
|
return yield new functions_1.X509CallbackService().verifyCertificateChain(Object.assign(Object.assign({}, args), { trustAnchors: Array.from(trustAnchors), opts: (_b = args === null || args === void 0 ? void 0 : args.opts) !== null && _b !== void 0 ? _b : this.opts }));
|
|
104
198
|
});
|
|
105
199
|
}
|
|
200
|
+
/**
|
|
201
|
+
* Extracts information from a list of X509 certificates.
|
|
202
|
+
*
|
|
203
|
+
* @param {GetX509CertificateInfoArgs} args - Arguments required to retrieve certificate information,
|
|
204
|
+
* including the certificates and optional Subject Alternative Name (SAN) type filter.
|
|
205
|
+
* @param {IRequiredContext} context - The context required for the operation, which may include
|
|
206
|
+
* logging, configuration, and other operational details.
|
|
207
|
+
* @return {Promise<CertificateInfo[]>} A promise that resolves with an array of certificate
|
|
208
|
+
* information objects, each containing details extracted from individual certificates.
|
|
209
|
+
*/
|
|
106
210
|
x509GetCertificateInfo(args, context) {
|
|
107
211
|
return __awaiter(this, void 0, void 0, function* () {
|
|
108
212
|
const certificates = args.certificates.map((cert) => (0, ssi_sdk_ext_x509_utils_1.pemOrDerToX509Certificate)(cert));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mDLMdoc.js","sourceRoot":"","sources":["../../src/agent/mDLMdoc.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"mDLMdoc.js","sourceRoot":"","sources":["../../src/agent/mDLMdoc.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2DAA6C;AAC7C,6EAKyC;AAEzC,0BAMW;AACX,4CAAqE;AASrE,IAAO,aAAa,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAA;AAC7D,IAAO,mBAAmB,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAA;AACpE,IAAO,yBAAyB,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,yBAAyB,CAAA;AAEhF,IAAO,aAAa,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,aAAa,CAAA;AACrD,IAAO,UAAU,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAA;AAC/C,IAAO,QAAQ,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAA;AAC3C,IAAO,QAAQ,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAA;AAC3C,IAAO,kBAAkB,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAA;AAE5E,IAAO,eAAe,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAA;AAG/D,IAAO,iBAAiB,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAA;AACvE,IAAO,4BAA4B,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAA;AAE9E,QAAA,kBAAkB,GAAkB;IAC/C,4BAA4B;IAC5B,wBAAwB;IACxB,wBAAwB;IACxB,yBAAyB;IACzB,oBAAoB;CACrB,CAAA;AAED;;;;GAIG;AACH,MAAa,OAAO;IAgBlB,YAAY,IAWX;;QA1BQ,WAAM,GAAG,UAAM,CAAC,QAAQ,CAAA;QACxB,YAAO,GAAa;YAC3B,0BAA0B,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC;YACtE,sBAAsB,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9D,sBAAsB,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9D,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;SACvD,CAAA;QAoBC,IAAI,CAAC,YAAY,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,mCAAI,EAAE,CAAA;QAC5C,IAAI,CAAC,IAAI,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,mCAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAA;IAC5D,CAAC;IAED;;;;;;OAMG;IACW,uBAAuB,CAAC,IAA2B,EAAE,QAA0B;;;YAC3F,MAAM,EACJ,KAAK,EACL,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,eAAe,EACf,yBAAyB,EACzB,WAAW,EACX,QAAQ,EACT,GAAG,IAAI,CAAA;YAER,MAAM,aAAa,GAAG,IAAI,iBAAiB,EAAE,CAAA;YAC7C,6FAA6F;YAC7F,MAAM,QAAQ,GAAG,CAAO,IAAkB,EAAE,EAAE;;gBAC5C,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,iBAAiB,CACpD,IAAI,EACJ,IAAI,EACJ,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,IAAI,CAAC,YAAY,EACjC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,MAAA,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,gBAAgB,0CAAE,OAAO,EAAE,mCAAI,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,EAC7G,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,qBAAqB,CACrC,CAAA;oBACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;oBAC9C,CAAC;oBACD,OAAO,MAAM,CAAA;gBACf,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;oBACd,OAAO;wBACL,KAAK,EAAE,IAAI;wBACX,aAAa,EAAE,CAAC;gCACd,IAAI,EAAE,MAAM;gCACZ,KAAK,EAAE,IAAI;gCACX,QAAQ,EAAE,IAAI;gCACd,OAAO,EAAE,CAAC,CAAC,OAAiB;6BAC7B,CAAC;qBACH,CAAA;gBACH,CAAC;YAEH,CAAC,CAAA,CAAA;YAED,MAAM,UAAU,GAAoC,aAAa,CAAC,4BAA4B,CAC5F,eAAe,EACf,KAAK,EACL,sBAAuD,CACxD,CAAA;YACD,MAAM,kBAAkB,GAAoC,EAAE,CAAA;YAC9D,IAAI,SAAS,GAAkG,SAAS,CAAA;YACxH,KAAK,MAAM,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC/B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACnB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;oBAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;wBACxD,yEAAyE;wBACzE,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;oBAChC,CAAC;yBAAM,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBACxB,SAAS,GAAG,MAAM,CAAA;oBACpB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpC,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAA,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,OAAO,mCAAI,6BAA6B,CAAC,CAAC,CAAA;gBACnG,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAA;YAC7D,CAAC;YACD,MAAM,cAAc,GAAG,MAAM,aAAa,CAAC,oBAAoB,CAC7D,kBAAkB,EAClB,sBAAuD,EACvD,QAAQ,EACR,WAAW,EACX,yBAAyB,CAC1B,CAAA;YACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC1E,MAAM,uBAAuB,GAAG,4BAA4B,CAAC,MAAM,CAAC,0BAA0B,CAC5F,sBAAuD,CACxD,CAAA;YACD,OAAO,EAAE,QAAQ,EAAE,uBAAuB,EAAE,CAAA;QAC9C,CAAC;KAAA;IAED;;;;;;;OAOG;IACW,kBAAkB,CAAC,IAA4B,EAAE,QAA0B;;YACvF,MAAM,EAAE,QAAQ,EAAE,uBAAuB,EAAE,YAAY,EAAE,GAAG,IAAI,CAAA;YAChE,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;YACrG,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;gBAC9B,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAA;YAChE,CAAC;YACD,IAAI,KAAK,GAAG,KAAK,CAAA;YACjB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAO,QAAQ,EAAE,EAAE;gBAC9C,IAAI,CAAC;oBAEH,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,IAAI,CAAC,YAAY,CAAC,CAAA;oBAC9G,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;wBACtC,KAAK,GAAG,IAAI,CAAA;oBACd,CAAC;oBACD,IAAI,uBAAuB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;wBACjG,KAAK,GAAG,IAAI,CAAA;wBACZ,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC;4BAC7B,IAAI,EAAE,MAAM;4BACZ,KAAK;4BACL,QAAQ,EAAE,KAAK;4BACf,OAAO,EAAE,2CAA2C,QAAQ,CAAC,OAAO,CAAC,KAAK,UAAU;yBACrF,CAAC,CAAA;oBACJ,CAAC;oBACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,CAAA;gBACrD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,KAAK,GAAG,IAAI,CAAA;oBACZ,OAAO;wBACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE;4BACxC,KAAK,EAAE,IAAI,EAAE,aAAa,EAAE,CAAC;oCAC3B,IAAI,EAAE,MAAM;oCACZ,KAAK;oCACL,QAAQ,EAAE,IAAI;oCACd,OAAO,EAAE,CAAC,CAAC,OAAiB;iCAC7B,CAAC;yBACH;qBACF,CAAA;gBACH,CAAC;YAEH,CAAC,CAAA,CAAC,CACH,CAAA;YACD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACjD,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,uBAAuB,EAAE,CAAA;QACtD,CAAC;KAAA;IAED;;;;;;OAMG;IACW,sBAAsB,CAAC,IAAgC,EAAE,OAAyB;;YAC9F,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;YAC/C,MAAM,WAAW,GAAG,OAAO,IAAI,yBAAyB,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;YAC/E,MAAM,YAAY,GAAG,MAAM,IAAI,mBAAmB,CAAC,IAAI,6BAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CACxF,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAC5C,WAAW,EACX,cAAc,CACf,CAAA;YACD,uCAAY,YAAY,KAAE,OAAO,EAAE,OAAO,IAAE;QAC9C,CAAC;KAAA;IAED;;;;;;;OAOG;IACW,0BAA0B,CAAC,IAAgC,EAAE,QAA0B;;;YACnG,MAAM,aAAa,GAAa,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,MAAA,IAAI,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,CAAA;YACpF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,aAAa,CAAC,CAAA;YACnD,OAAO,MAAM,IAAI,+BAAmB,EAAE,CAAC,sBAAsB,iCACxD,IAAI,KACP,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EACtC,IAAI,EAAE,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,mCAAI,IAAI,CAAC,IAAI,IAC7B,CAAA;QACJ,CAAC;KAAA;IAED;;;;;;;;;OASG;IACW,sBAAsB,CAAC,IAAgC,EAAE,OAAyB;;YAC9F,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,kDAAyB,EAAC,IAAI,CAAC,CAAC,CAAA;YACrF,OAAO,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,2CAAkB,EAAC,IAAI,EAAE,IAAI,CAAC,aAAa,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAA;QAC7I,CAAC;KAAA;CACF;AAhOD,0BAgOC"}
|
|
@@ -1,19 +1,24 @@
|
|
|
1
|
-
import { com, Nullable } from '@sphereon/kmp-
|
|
1
|
+
import { com, Nullable } from '@sphereon/kmp-mdoc-core';
|
|
2
2
|
import { X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils';
|
|
3
|
-
import { VerifyCertificateChainArgs } from '../types/ImDLMdoc';
|
|
3
|
+
import { IRequiredContext, VerifyCertificateChainArgs } from '../types/ImDLMdoc';
|
|
4
4
|
import CoseSign1Cbor = com.sphereon.crypto.cose.CoseSign1Cbor;
|
|
5
|
-
import CoseSign1InputCbor = com.sphereon.crypto.cose.CoseSign1InputCbor;
|
|
6
5
|
import ICoseKeyCbor = com.sphereon.crypto.cose.ICoseKeyCbor;
|
|
6
|
+
import ToBeSignedCbor = com.sphereon.crypto.cose.ToBeSignedCbor;
|
|
7
|
+
import IVerifySignatureResult = com.sphereon.crypto.generic.IVerifySignatureResult;
|
|
7
8
|
import ICoseCryptoCallbackJS = com.sphereon.crypto.ICoseCryptoCallbackJS;
|
|
8
9
|
import IKey = com.sphereon.crypto.IKey;
|
|
9
10
|
import IKeyInfo = com.sphereon.crypto.IKeyInfo;
|
|
10
|
-
import IVerifySignatureResult = com.sphereon.crypto.IVerifySignatureResult;
|
|
11
11
|
import IX509ServiceJS = com.sphereon.crypto.IX509ServiceJS;
|
|
12
12
|
import IX509VerificationResult = com.sphereon.crypto.IX509VerificationResult;
|
|
13
13
|
import X509VerificationProfile = com.sphereon.crypto.X509VerificationProfile;
|
|
14
|
+
import LocalDateTimeKMP = com.sphereon.kmp.LocalDateTimeKMP;
|
|
14
15
|
export declare class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
15
|
-
|
|
16
|
-
|
|
16
|
+
private context?;
|
|
17
|
+
constructor(context?: IRequiredContext | undefined);
|
|
18
|
+
setContext(context: IRequiredContext): void;
|
|
19
|
+
signAsync(input: ToBeSignedCbor, requireX5Chain: Nullable<boolean>): Promise<Int8Array>;
|
|
20
|
+
verify1Async<CborType>(input: CoseSign1Cbor<CborType>, keyInfo: IKeyInfo<ICoseKeyCbor>, requireX5Chain: Nullable<boolean>): Promise<IVerifySignatureResult<ICoseKeyCbor>>;
|
|
21
|
+
resolvePublicKeyAsync<KT extends com.sphereon.crypto.IKey>(keyInfo: com.sphereon.crypto.IKeyInfo<KT>): Promise<com.sphereon.crypto.IResolvedKeyInfo<KT>>;
|
|
17
22
|
}
|
|
18
23
|
/**
|
|
19
24
|
* This class can be used for X509 validations.
|
|
@@ -31,11 +36,11 @@ export declare class X509CallbackService implements IX509ServiceJS {
|
|
|
31
36
|
* @param trustAnchors
|
|
32
37
|
* @param verificationTime
|
|
33
38
|
*/
|
|
34
|
-
verifyCertificateChain({ chain, trustAnchors, verificationTime, opts
|
|
39
|
+
verifyCertificateChain({ chain, trustAnchors, verificationTime, opts }: VerifyCertificateChainArgs): Promise<X509ValidationResult>;
|
|
35
40
|
/**
|
|
36
41
|
* This method is the implementation used within the mDL/Mdoc library
|
|
37
42
|
*/
|
|
38
|
-
verifyCertificateChainJS<KeyType extends IKey>(chainDER: Nullable<Int8Array[]>, chainPEM: Nullable<string[]>, trustedCerts: Nullable<string[]>, verificationProfile?: X509VerificationProfile | undefined): Promise<IX509VerificationResult<KeyType>>;
|
|
43
|
+
verifyCertificateChainJS<KeyType extends IKey>(chainDER: Nullable<Int8Array[]>, chainPEM: Nullable<string[]>, trustedCerts: Nullable<string[]>, verificationProfile?: X509VerificationProfile | undefined, verificationTime?: Nullable<LocalDateTimeKMP>): Promise<IX509VerificationResult<KeyType>>;
|
|
39
44
|
setTrustedCerts: (trustedCertsInPEM?: Array<string>) => void;
|
|
40
45
|
getTrustedCerts: () => string[] | undefined;
|
|
41
46
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/functions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/functions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAML,oBAAoB,EACrB,MAAM,kCAAkC,CAAA;AAGzC,OAAO,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAA;AAEhF,OAAO,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAA;AAC7D,OAAO,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAA;AAC3D,OAAO,cAAc,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAA;AAG/D,OAAO,sBAAsB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAA;AAElF,OAAO,qBAAqB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,qBAAqB,CAAA;AACxE,OAAO,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAA;AACtC,OAAO,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAA;AAC9C,OAAO,cAAc,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAA;AAC1D,OAAO,uBAAuB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,uBAAuB,CAAA;AAI5E,OAAO,uBAAuB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,uBAAuB,CAAA;AAK5E,OAAO,gBAAgB,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAA;AAE3D,qBAAa,iBAAkB,YAAW,qBAAqB;IAEjD,OAAO,CAAC,OAAO,CAAC;gBAAR,OAAO,CAAC,EAAE,gBAAgB,YAAA;IAG9C,UAAU,CAAC,OAAO,EAAE,gBAAgB;IAI9B,SAAS,CAAC,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;IA6BvF,YAAY,CAAC,QAAQ,EACzB,KAAK,EAAE,aAAa,CAAC,QAAQ,CAAC,EAC9B,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,EAC/B,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAChC,OAAO,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC;IA4FhD,qBAAqB,CAAC,EAAE,SAAS,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EACvD,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,GACxC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;CAMrD;AAED;;;;;;GAMG;AACH,qBAAa,mBAAoB,YAAW,cAAc;IACxD,OAAO,CAAC,aAAa,CAAC,CAAe;gBAEzB,YAAY,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC;IAIxC;;;;;OAKG;IACG,sBAAsB,CAAC,EACE,KAAK,EACL,YAAqC,EACrC,gBAAgB,EAChB,IAAI,EACL,EAAE,0BAA0B,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAS1F;;OAEG;IACG,wBAAwB,CAAC,OAAO,SAAS,IAAI,EACjD,QAAQ,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,EAC/B,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,EAC5B,YAAY,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,EAChC,mBAAmB,CAAC,EAAE,uBAAuB,GAAG,SAAS,EACzD,gBAAgB,CAAC,EAAE,QAAQ,CAAC,gBAAgB,CAAC,GAC5C,OAAO,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IA6B5C,eAAe,uBAAwB,KAAK,CAAC,MAAM,CAAC,UAQnD;IAED,eAAe,6BAA2B;CAC3C"}
|
package/dist/functions/index.js
CHANGED
|
@@ -33,35 +33,72 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
33
33
|
};
|
|
34
34
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
35
|
exports.X509CallbackService = exports.CoseCryptoService = void 0;
|
|
36
|
-
const
|
|
36
|
+
const kmp_mdoc_core_1 = require("@sphereon/kmp-mdoc-core");
|
|
37
37
|
const ssi_sdk_ext_x509_utils_1 = require("@sphereon/ssi-sdk-ext.x509-utils");
|
|
38
38
|
const crypto = __importStar(require("crypto"));
|
|
39
39
|
const pkijs_1 = require("pkijs");
|
|
40
|
-
var
|
|
41
|
-
var
|
|
42
|
-
var
|
|
43
|
-
var
|
|
40
|
+
var CoseJoseKeyMappingService = kmp_mdoc_core_1.com.sphereon.crypto.CoseJoseKeyMappingService;
|
|
41
|
+
var DefaultCallbacks = kmp_mdoc_core_1.com.sphereon.crypto.DefaultCallbacks;
|
|
42
|
+
var SignatureAlgorithm = kmp_mdoc_core_1.com.sphereon.crypto.generic.SignatureAlgorithm;
|
|
43
|
+
var Jwk = kmp_mdoc_core_1.com.sphereon.crypto.jose.Jwk;
|
|
44
|
+
var KeyInfo = kmp_mdoc_core_1.com.sphereon.crypto.KeyInfo;
|
|
45
|
+
var ResolvedKeyInfo = kmp_mdoc_core_1.com.sphereon.crypto.ResolvedKeyInfo;
|
|
46
|
+
var DateTimeUtils = kmp_mdoc_core_1.com.sphereon.kmp.DateTimeUtils;
|
|
47
|
+
var decodeFrom = kmp_mdoc_core_1.com.sphereon.kmp.decodeFrom;
|
|
48
|
+
var encodeTo = kmp_mdoc_core_1.com.sphereon.kmp.encodeTo;
|
|
49
|
+
var Encoding = kmp_mdoc_core_1.com.sphereon.kmp.Encoding;
|
|
44
50
|
class CoseCryptoService {
|
|
45
|
-
|
|
51
|
+
constructor(context) {
|
|
52
|
+
this.context = context;
|
|
53
|
+
}
|
|
54
|
+
setContext(context) {
|
|
55
|
+
this.context = context;
|
|
56
|
+
}
|
|
57
|
+
signAsync(input, requireX5Chain) {
|
|
46
58
|
return __awaiter(this, void 0, void 0, function* () {
|
|
47
|
-
|
|
59
|
+
var _a, _b, _c;
|
|
60
|
+
if (!this.context) {
|
|
61
|
+
throw Error('No context provided. Please provide a context with the setContext method or constructor');
|
|
62
|
+
}
|
|
63
|
+
const { keyInfo, alg, value } = input;
|
|
64
|
+
let kmsKeyRef = (_a = keyInfo.kmsKeyRef) !== null && _a !== void 0 ? _a : undefined;
|
|
65
|
+
if (!kmsKeyRef) {
|
|
66
|
+
const key = keyInfo.key;
|
|
67
|
+
if (key == null) {
|
|
68
|
+
return Promise.reject(Error('No key present in keyInfo. This implementation cannot sign without a key!'));
|
|
69
|
+
}
|
|
70
|
+
const resolvedKeyInfo = ResolvedKeyInfo.Static.fromKeyInfo(keyInfo, key);
|
|
71
|
+
const jwkKeyInfo = CoseJoseKeyMappingService.toResolvedJwkKeyInfo(resolvedKeyInfo);
|
|
72
|
+
const kid = (_c = (_b = jwkKeyInfo.kid) !== null && _b !== void 0 ? _b : key.getKidAsString(true)) !== null && _c !== void 0 ? _c : undefined;
|
|
73
|
+
if (!kid) {
|
|
74
|
+
return Promise.reject(Error('No kid present'));
|
|
75
|
+
}
|
|
76
|
+
kmsKeyRef = kid;
|
|
77
|
+
}
|
|
78
|
+
const result = yield this.context.agent.keyManagerSign({
|
|
79
|
+
algorithm: alg.jose.value,
|
|
80
|
+
data: encodeTo(value, Encoding.UTF8),
|
|
81
|
+
encoding: 'utf-8',
|
|
82
|
+
keyRef: kmsKeyRef
|
|
83
|
+
});
|
|
84
|
+
return decodeFrom(result, Encoding.UTF8);
|
|
48
85
|
});
|
|
49
86
|
}
|
|
50
|
-
|
|
87
|
+
verify1Async(input, keyInfo, requireX5Chain) {
|
|
51
88
|
return __awaiter(this, void 0, void 0, function* () {
|
|
52
|
-
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
89
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p;
|
|
90
|
+
const getCertAndKey = (x5c) => __awaiter(this, void 0, void 0, function* () {
|
|
91
|
+
if (requireX5Chain && (!x5c || x5c.length === 0)) {
|
|
92
|
+
// We should not be able to get here anyway, as the MLD-mdoc library already validated at this point. But let's make sure
|
|
93
|
+
return Promise.reject(new Error(`No x5chain was present in the CoseSign headers!`));
|
|
94
|
+
}
|
|
95
|
+
// TODO: According to the IETF spec there should be a x5t in case the x5chain is in the protected headers. In the Funke this does not seem to be done/used!
|
|
96
|
+
issuerCert = x5c ? (0, ssi_sdk_ext_x509_utils_1.pemOrDerToX509Certificate)(x5c[0]) : undefined;
|
|
97
|
+
if (issuerCert) {
|
|
61
98
|
issuerPublicKey = yield issuerCert.getPublicKey();
|
|
62
|
-
|
|
63
|
-
}
|
|
64
|
-
}
|
|
99
|
+
}
|
|
100
|
+
return { issuerCert, issuerPublicKey };
|
|
101
|
+
});
|
|
65
102
|
if ((_a = keyInfo === null || keyInfo === void 0 ? void 0 : keyInfo.key) === null || _a === void 0 ? void 0 : _a.d) {
|
|
66
103
|
throw Error('Do not use private keys to verify!');
|
|
67
104
|
}
|
|
@@ -77,43 +114,50 @@ class CoseCryptoService {
|
|
|
77
114
|
let issuerCert;
|
|
78
115
|
let kid = (_d = (_c = keyInfo === null || keyInfo === void 0 ? void 0 : keyInfo.kid) !== null && _c !== void 0 ? _c : sign1Json.protectedHeader.kid) !== null && _d !== void 0 ? _d : (_e = sign1Json.unprotectedHeader) === null || _e === void 0 ? void 0 : _e.kid;
|
|
79
116
|
// Please note this method does not perform chain validation. The MDL-MSO_MDOC library already performed this before this step
|
|
80
|
-
const x5c = (
|
|
81
|
-
if (!keyInfo || !(keyInfo === null || keyInfo === void 0 ? void 0 : keyInfo.key) || ((
|
|
117
|
+
const x5c = (_j = (_g = (_f = keyInfo === null || keyInfo === void 0 ? void 0 : keyInfo.key) === null || _f === void 0 ? void 0 : _f.getX509CertificateChain()) !== null && _g !== void 0 ? _g : (_h = sign1Json.protectedHeader) === null || _h === void 0 ? void 0 : _h.x5chain) !== null && _j !== void 0 ? _j : (_k = sign1Json.unprotectedHeader) === null || _k === void 0 ? void 0 : _k.x5chain;
|
|
118
|
+
if (!keyInfo || !(keyInfo === null || keyInfo === void 0 ? void 0 : keyInfo.key) || ((_l = keyInfo === null || keyInfo === void 0 ? void 0 : keyInfo.key) === null || _l === void 0 ? void 0 : _l.x5chain)) {
|
|
82
119
|
const certAndKey = yield getCertAndKey(x5c);
|
|
83
120
|
issuerPublicKey = certAndKey.issuerPublicKey;
|
|
84
121
|
issuerCert = certAndKey.issuerCert;
|
|
85
122
|
}
|
|
86
123
|
else {
|
|
87
|
-
|
|
124
|
+
const jwkKeyInfo = CoseJoseKeyMappingService.toJwkKeyInfo(keyInfo);
|
|
125
|
+
if (!(jwkKeyInfo === null || jwkKeyInfo === void 0 ? void 0 : jwkKeyInfo.key)) {
|
|
88
126
|
return Promise.reject(Error(`Either a x5c needs to be in the headers, or you need to provide a key for verification`));
|
|
89
127
|
}
|
|
90
|
-
const
|
|
91
|
-
// todo: Workaround as the Agent only works with cosekey json objects and we do not support conversion of these from Json to cbor yet
|
|
92
|
-
const jwk = typeof key.x === 'string' ? Jwk.Static.fromCoseKeyJson(keyInfo.key) : Jwk.Static.fromCoseKey(keyInfo.key);
|
|
128
|
+
const jwk = jwkKeyInfo.key;
|
|
93
129
|
if (kid === null) {
|
|
94
130
|
kid = jwk.kid;
|
|
95
131
|
}
|
|
96
|
-
let keyAlg = (
|
|
97
|
-
const crv = (
|
|
132
|
+
let keyAlg = (_m = jwk.kty) !== null && _m !== void 0 ? _m : 'ECDSA';
|
|
133
|
+
const crv = (_p = (_o = jwk.crv) === null || _o === void 0 ? void 0 : _o.value) !== null && _p !== void 0 ? _p : 'P-256';
|
|
98
134
|
issuerPublicKey = yield crypto.subtle.importKey('jwk', Object.assign(Object.assign(Object.assign({ kty: jwk.kty.value, crv }, (jwk.x5c && { x5c: jwk.x5c })), (jwk.x && { x: jwk.x })), (jwk.y && { y: jwk.y })), {
|
|
99
135
|
name: keyAlg.value === 'EC' ? 'ECDSA' : keyAlg.value,
|
|
100
|
-
namedCurve: crv
|
|
136
|
+
namedCurve: crv
|
|
101
137
|
}, true, ['verify']);
|
|
102
138
|
}
|
|
103
139
|
const exportedJwk = yield crypto.subtle.exportKey('jwk', issuerPublicKey);
|
|
104
140
|
const crv = exportedJwk.crv;
|
|
105
|
-
const coseKey = Jwk.Static.
|
|
106
|
-
const
|
|
107
|
-
const
|
|
141
|
+
const coseKey = Jwk.Static.fromDTO(exportedJwk).jwkToCoseKeyJson();
|
|
142
|
+
const coseKeyInfo = CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo !== null && keyInfo !== void 0 ? keyInfo : new KeyInfo(kid, coseKey.toCbor()));
|
|
143
|
+
const recalculatedToBeSigned = input.toBeSignedJson(coseKeyInfo, SignatureAlgorithm.Static.fromCose(coseAlg));
|
|
144
|
+
const valid = yield crypto.subtle.verify(Object.assign(Object.assign({}, issuerPublicKey.algorithm), { hash: (crv === null || crv === void 0 ? void 0 : crv.includes('-')) ? `SHA-${crv.split('-')[1]}` : 'SHA-256' // todo: this needs to be more robust
|
|
145
|
+
}), issuerPublicKey, decodeFrom(sign1Json.signature, Encoding.BASE64URL), decodeFrom(recalculatedToBeSigned.base64UrlValue, Encoding.BASE64URL));
|
|
108
146
|
return {
|
|
109
147
|
name: 'mdoc',
|
|
110
148
|
critical: true,
|
|
111
149
|
error: !valid,
|
|
112
150
|
message: `Signature of '${issuerCert ? (0, ssi_sdk_ext_x509_utils_1.getSubjectDN)(issuerCert).DN : kid}' was ${valid ? '' : 'in'}valid`,
|
|
113
|
-
keyInfo:
|
|
151
|
+
keyInfo: coseKeyInfo
|
|
114
152
|
};
|
|
115
153
|
});
|
|
116
154
|
}
|
|
155
|
+
resolvePublicKeyAsync(keyInfo) {
|
|
156
|
+
if (keyInfo.key) {
|
|
157
|
+
return Promise.resolve(CoseJoseKeyMappingService.toResolvedKeyInfo(keyInfo, keyInfo.key));
|
|
158
|
+
}
|
|
159
|
+
return Promise.reject(Error('No key present in keyInfo. This implementation cannot resolve public keys on its own currently!'));
|
|
160
|
+
}
|
|
117
161
|
}
|
|
118
162
|
exports.CoseCryptoService = CoseCryptoService;
|
|
119
163
|
/**
|
|
@@ -144,21 +188,22 @@ class X509CallbackService {
|
|
|
144
188
|
* @param verificationTime
|
|
145
189
|
*/
|
|
146
190
|
verifyCertificateChain(_a) {
|
|
147
|
-
return __awaiter(this, arguments, void 0, function* ({ chain, trustAnchors = this.getTrustedCerts(), verificationTime, opts
|
|
191
|
+
return __awaiter(this, arguments, void 0, function* ({ chain, trustAnchors = this.getTrustedCerts(), verificationTime, opts }) {
|
|
148
192
|
return yield (0, ssi_sdk_ext_x509_utils_1.validateX509CertificateChain)({
|
|
149
193
|
chain,
|
|
150
194
|
trustAnchors,
|
|
151
195
|
verificationTime,
|
|
152
|
-
opts
|
|
196
|
+
opts
|
|
153
197
|
});
|
|
154
198
|
});
|
|
155
199
|
}
|
|
156
200
|
/**
|
|
157
201
|
* This method is the implementation used within the mDL/Mdoc library
|
|
158
202
|
*/
|
|
159
|
-
verifyCertificateChainJS(chainDER, chainPEM, trustedCerts, verificationProfile) {
|
|
203
|
+
verifyCertificateChainJS(chainDER, chainPEM, trustedCerts, verificationProfile, verificationTime) {
|
|
160
204
|
return __awaiter(this, void 0, void 0, function* () {
|
|
161
205
|
var _a;
|
|
206
|
+
const verificationAt = verificationTime !== null && verificationTime !== void 0 ? verificationTime : DateTimeUtils.Static.DEFAULT.dateTimeLocal();
|
|
162
207
|
let chain = [];
|
|
163
208
|
if (chainDER && chainDER.length > 0) {
|
|
164
209
|
chain = chainDER.map((der) => Uint8Array.from(der));
|
|
@@ -169,7 +214,8 @@ class X509CallbackService {
|
|
|
169
214
|
const result = yield (0, ssi_sdk_ext_x509_utils_1.validateX509CertificateChain)({
|
|
170
215
|
chain: chain, // The function will handle an empty array
|
|
171
216
|
trustAnchors: trustedCerts !== null && trustedCerts !== void 0 ? trustedCerts : this.getTrustedCerts(),
|
|
172
|
-
|
|
217
|
+
verificationTime: new Date(verificationAt.toEpochSeconds().toULong() * 1000),
|
|
218
|
+
opts: { trustRootWhenNoAnchors: true }
|
|
173
219
|
});
|
|
174
220
|
const cert = result.certificateChain ? result.certificateChain[result.certificateChain.length - 1] : undefined;
|
|
175
221
|
return {
|
|
@@ -179,6 +225,7 @@ class X509CallbackService {
|
|
|
179
225
|
critical: result.critical,
|
|
180
226
|
message: result.message,
|
|
181
227
|
error: result.error,
|
|
228
|
+
verificationTime: verificationAt
|
|
182
229
|
};
|
|
183
230
|
});
|
|
184
231
|
}
|
|
@@ -210,7 +257,7 @@ const defaultCryptoEngine = () => {
|
|
|
210
257
|
}
|
|
211
258
|
};
|
|
212
259
|
defaultCryptoEngine();
|
|
213
|
-
// We register the services with the mDL/mdoc library
|
|
214
|
-
|
|
215
|
-
|
|
260
|
+
// We register the services with the mDL/mdoc library. Please note that the context is not passed in, meaning we cannot sign by default.
|
|
261
|
+
DefaultCallbacks.setCoseCryptoDefault(new CoseCryptoService());
|
|
262
|
+
DefaultCallbacks.setX509Default(new X509CallbackService());
|
|
216
263
|
//# sourceMappingURL=index.js.map
|