@sphereon/ssi-sdk.mdl-mdoc 0.33.1-next.3 → 0.33.1-next.68
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +2568 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +223 -0
- package/dist/index.d.ts +222 -6
- package/dist/index.js +2538 -25
- package/dist/index.js.map +1 -1
- package/package.json +36 -25
- package/src/agent/mDLMdoc.ts +18 -21
- package/src/functions/index.ts +35 -34
- package/src/types/ImDLMdoc.ts +25 -8
- package/dist/agent/mDLMdoc.d.ts +0 -68
- package/dist/agent/mDLMdoc.d.ts.map +0 -1
- package/dist/agent/mDLMdoc.js +0 -251
- package/dist/agent/mDLMdoc.js.map +0 -1
- package/dist/functions/index.d.ts +0 -47
- package/dist/functions/index.d.ts.map +0 -1
- package/dist/functions/index.js +0 -260
- package/dist/functions/index.js.map +0 -1
- package/dist/index.d.ts.map +0 -1
- package/dist/types/ImDLMdoc.d.ts +0 -75
- package/dist/types/ImDLMdoc.d.ts.map +0 -1
- package/dist/types/ImDLMdoc.js +0 -3
- package/dist/types/ImDLMdoc.js.map +0 -1
package/src/functions/index.ts
CHANGED
|
@@ -12,30 +12,28 @@ import {
|
|
|
12
12
|
import { JWK } from '@sphereon/ssi-types'
|
|
13
13
|
import * as crypto from 'crypto'
|
|
14
14
|
import { Certificate, CryptoEngine, setEngine } from 'pkijs'
|
|
15
|
-
|
|
15
|
+
// @ts-ignore
|
|
16
|
+
import { fromString } from 'uint8arrays/from-string'
|
|
16
17
|
import { IRequiredContext, VerifyCertificateChainArgs } from '../types/ImDLMdoc'
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
import encodeTo = com.sphereon.kmp.encodeTo
|
|
37
|
-
import Encoding = com.sphereon.kmp.Encoding
|
|
38
|
-
import LocalDateTimeKMP = com.sphereon.kmp.LocalDateTimeKMP
|
|
18
|
+
|
|
19
|
+
type CoseKeyCbor = com.sphereon.crypto.cose.CoseKeyCbor
|
|
20
|
+
type ICoseKeyCbor = com.sphereon.crypto.cose.ICoseKeyCbor
|
|
21
|
+
type ToBeSignedCbor = com.sphereon.crypto.cose.ToBeSignedCbor
|
|
22
|
+
const CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService
|
|
23
|
+
type SignatureAlgorithm = com.sphereon.crypto.generic.SignatureAlgorithm
|
|
24
|
+
type ICoseCryptoCallbackJS = com.sphereon.crypto.ICoseCryptoCallbackJS
|
|
25
|
+
type IKey = com.sphereon.crypto.IKey
|
|
26
|
+
type IX509ServiceJS = com.sphereon.crypto.IX509ServiceJS
|
|
27
|
+
type Jwk = com.sphereon.crypto.jose.Jwk
|
|
28
|
+
const KeyInfo = com.sphereon.crypto.KeyInfo
|
|
29
|
+
type X509VerificationProfile = com.sphereon.crypto.X509VerificationProfile
|
|
30
|
+
const DateTimeUtils = com.sphereon.kmp.DateTimeUtils
|
|
31
|
+
const decodeFrom = com.sphereon.kmp.decodeFrom
|
|
32
|
+
const encodeTo = com.sphereon.kmp.encodeTo
|
|
33
|
+
const Encoding = com.sphereon.kmp.Encoding
|
|
34
|
+
type LocalDateTimeKMP = com.sphereon.kmp.LocalDateTimeKMP
|
|
35
|
+
const SignatureAlgorithm = com.sphereon.crypto.generic.SignatureAlgorithm
|
|
36
|
+
const DefaultCallbacks = com.sphereon.crypto.DefaultCallbacks
|
|
39
37
|
|
|
40
38
|
export class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
41
39
|
constructor(private context?: IRequiredContext) {}
|
|
@@ -55,8 +53,8 @@ export class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
|
55
53
|
if (key == null) {
|
|
56
54
|
return Promise.reject(Error('No key present in keyInfo. This implementation cannot sign without a key!'))
|
|
57
55
|
}
|
|
58
|
-
const resolvedKeyInfo = ResolvedKeyInfo.Static.fromKeyInfo(keyInfo, key)
|
|
59
|
-
const jwkKeyInfo: ResolvedKeyInfo<Jwk> = CoseJoseKeyMappingService.toResolvedJwkKeyInfo(resolvedKeyInfo)
|
|
56
|
+
const resolvedKeyInfo = com.sphereon.crypto.ResolvedKeyInfo.Static.fromKeyInfo(keyInfo, key)
|
|
57
|
+
const jwkKeyInfo: com.sphereon.crypto.ResolvedKeyInfo<Jwk> = CoseJoseKeyMappingService.toResolvedJwkKeyInfo(resolvedKeyInfo)
|
|
60
58
|
|
|
61
59
|
const kid = jwkKeyInfo.kid ?? calculateJwkThumbprint({ jwk: jwkKeyInfo.key.toJsonDTO() }) ?? jwkKeyInfo.key.getKidAsString(true)
|
|
62
60
|
if (!kid) {
|
|
@@ -74,10 +72,10 @@ export class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
|
74
72
|
}
|
|
75
73
|
|
|
76
74
|
async verify1Async<CborType>(
|
|
77
|
-
input: CoseSign1Cbor<CborType>,
|
|
78
|
-
keyInfo: IKeyInfo<ICoseKeyCbor>,
|
|
75
|
+
input: com.sphereon.crypto.cose.CoseSign1Cbor<CborType>,
|
|
76
|
+
keyInfo: com.sphereon.crypto.IKeyInfo<ICoseKeyCbor>,
|
|
79
77
|
requireX5Chain: Nullable<boolean>,
|
|
80
|
-
): Promise<IVerifySignatureResult<ICoseKeyCbor>> {
|
|
78
|
+
): Promise<com.sphereon.crypto.generic.IVerifySignatureResult<ICoseKeyCbor>> {
|
|
81
79
|
const getCertAndKey = async (
|
|
82
80
|
x5c: Nullable<Array<string>>,
|
|
83
81
|
): Promise<{
|
|
@@ -128,7 +126,7 @@ export class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
|
128
126
|
if (kid === null) {
|
|
129
127
|
kid = coseKeyInfo.key.getKidAsString(false)
|
|
130
128
|
}
|
|
131
|
-
issuerCoseKey = CoseKeyCbor.Static.fromDTO(coseKeyInfo.key)
|
|
129
|
+
issuerCoseKey = com.sphereon.crypto.cose.CoseKeyCbor.Static.fromDTO(coseKeyInfo.key)
|
|
132
130
|
}
|
|
133
131
|
|
|
134
132
|
const issuerCoseKeyInfo = new KeyInfo<CoseKeyCbor>(
|
|
@@ -145,8 +143,8 @@ export class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
|
145
143
|
const recalculatedToBeSigned = input.toBeSignedJson(issuerCoseKeyInfo, SignatureAlgorithm.Static.fromCose(coseAlg))
|
|
146
144
|
const key = CoseJoseKeyMappingService.toJoseJwk(issuerCoseKeyInfo.key!).toJsonDTO<JWK>()
|
|
147
145
|
const valid = await verifyRawSignature({
|
|
148
|
-
data:
|
|
149
|
-
signature:
|
|
146
|
+
data: fromString(recalculatedToBeSigned.base64UrlValue, 'base64url'),
|
|
147
|
+
signature: fromString(sign1Json.signature, 'base64url'),
|
|
150
148
|
key,
|
|
151
149
|
})
|
|
152
150
|
|
|
@@ -156,7 +154,7 @@ export class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
|
156
154
|
error: !valid,
|
|
157
155
|
message: `Signature of '${issuerCert ? getSubjectDN(issuerCert).DN : kid}' was ${valid ? '' : 'in'}valid`,
|
|
158
156
|
keyInfo: issuerCoseKeyInfo,
|
|
159
|
-
} satisfies IVerifySignatureResult<ICoseKeyCbor>
|
|
157
|
+
} satisfies com.sphereon.crypto.generic.IVerifySignatureResult<ICoseKeyCbor>
|
|
160
158
|
}
|
|
161
159
|
|
|
162
160
|
resolvePublicKeyAsync<KT extends com.sphereon.crypto.IKey>(
|
|
@@ -212,7 +210,7 @@ export class X509CallbackService implements IX509ServiceJS {
|
|
|
212
210
|
trustedCerts: Nullable<string[]>,
|
|
213
211
|
verificationProfile?: X509VerificationProfile | undefined,
|
|
214
212
|
verificationTime?: Nullable<LocalDateTimeKMP>,
|
|
215
|
-
): Promise<IX509VerificationResult<KeyType>> {
|
|
213
|
+
): Promise<com.sphereon.crypto.IX509VerificationResult<KeyType>> {
|
|
216
214
|
const verificationAt = verificationTime ?? DateTimeUtils.Static.DEFAULT.dateTimeLocal()
|
|
217
215
|
let chain: Array<string | Uint8Array> = []
|
|
218
216
|
if (chainDER && chainDER.length > 0) {
|
|
@@ -238,7 +236,7 @@ export class X509CallbackService implements IX509ServiceJS {
|
|
|
238
236
|
message: result.message,
|
|
239
237
|
error: result.error,
|
|
240
238
|
verificationTime: verificationAt,
|
|
241
|
-
} satisfies IX509VerificationResult<KeyType>
|
|
239
|
+
} satisfies com.sphereon.crypto.IX509VerificationResult<KeyType>
|
|
242
240
|
}
|
|
243
241
|
|
|
244
242
|
setTrustedCerts = (trustedCertsInPEM?: Array<string>) => {
|
|
@@ -255,9 +253,12 @@ export class X509CallbackService implements IX509ServiceJS {
|
|
|
255
253
|
}
|
|
256
254
|
|
|
257
255
|
const defaultCryptoEngine = () => {
|
|
256
|
+
// @ts-ignore
|
|
258
257
|
if (typeof self !== 'undefined') {
|
|
258
|
+
// @ts-ignore
|
|
259
259
|
if ('crypto' in self) {
|
|
260
260
|
let engineName = 'webcrypto'
|
|
261
|
+
// @ts-ignore
|
|
261
262
|
if ('webkitSubtle' in self.crypto) {
|
|
262
263
|
engineName = 'safari'
|
|
263
264
|
}
|
package/src/types/ImDLMdoc.ts
CHANGED
|
@@ -3,14 +3,31 @@ import { PresentationDefinitionV2, PresentationSubmission } from '@sphereon/pex-
|
|
|
3
3
|
import { ISphereonKeyManager } from '@sphereon/ssi-sdk-ext.key-manager'
|
|
4
4
|
import { CertificateInfo, SubjectAlternativeGeneralName, X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils'
|
|
5
5
|
import { IAgentContext, IDIDManager, IPluginMethodMap, IResolver } from '@veramo/core'
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
6
|
+
export type IKey = com.sphereon.crypto.IKey
|
|
7
|
+
export type CoseSign1Json = com.sphereon.crypto.cose.CoseSign1Json
|
|
8
|
+
export type CoseSign1Cbor<Any> = com.sphereon.crypto.cose.CoseSign1Cbor<Any>
|
|
9
|
+
export type ICoseKeyCbor = com.sphereon.crypto.cose.ICoseKeyCbor
|
|
10
|
+
export type ICoseKeyJson = com.sphereon.crypto.cose.ICoseKeyJson
|
|
11
|
+
export type IKeyInfo<KT extends IKey = IKey> = com.sphereon.crypto.IKeyInfo<KT>
|
|
12
|
+
export type IVerifyResults<KT extends IKey> = com.sphereon.crypto.generic.IVerifyResults<KT>
|
|
13
|
+
export type IVerifySignatureResult<KT extends IKey> = com.sphereon.crypto.generic.IVerifySignatureResult<KT>
|
|
14
|
+
export type DocumentJson = com.sphereon.mdoc.data.device.DocumentJson
|
|
15
|
+
export type DocumentCbor = com.sphereon.mdoc.data.device.DocumentCbor
|
|
16
|
+
export const CborByteString = com.sphereon.cbor.CborByteString
|
|
17
|
+
export const CoseKeyCbor = com.sphereon.crypto.cose.CoseKeyCbor
|
|
18
|
+
export const CoseCryptoServiceJS = com.sphereon.crypto.CoseCryptoServiceJS
|
|
19
|
+
export const CoseJoseKeyMappingService = com.sphereon.crypto.CoseJoseKeyMappingService
|
|
20
|
+
export const KeyInfo = com.sphereon.crypto.KeyInfo
|
|
21
|
+
export const DateTimeUtils = com.sphereon.kmp.DateTimeUtils
|
|
22
|
+
export const decodeFrom = com.sphereon.kmp.decodeFrom
|
|
23
|
+
export const encodeTo = com.sphereon.kmp.encodeTo
|
|
24
|
+
export const Encoding = com.sphereon.kmp.Encoding
|
|
25
|
+
export const MdocValidations = com.sphereon.mdoc.data.MdocValidations
|
|
26
|
+
export const MdocOid4vpService = com.sphereon.mdoc.oid4vp.MdocOid4vpServiceJs
|
|
27
|
+
export const Jwk = com.sphereon.crypto.jose.Jwk
|
|
28
|
+
export type DocumentDescriptorMatchResult = com.sphereon.mdoc.oid4vp.DocumentDescriptorMatchResult
|
|
29
|
+
export type IOid4VPPresentationDefinition = com.sphereon.mdoc.oid4vp.IOid4VPPresentationDefinition
|
|
30
|
+
export const Oid4VPPresentationSubmission = com.sphereon.mdoc.oid4vp.Oid4VPPresentationSubmission
|
|
14
31
|
|
|
15
32
|
export interface ImDLMdoc extends IPluginMethodMap {
|
|
16
33
|
// TODO: Extract cert methods to its own plugin
|
package/dist/agent/mDLMdoc.d.ts
DELETED
|
@@ -1,68 +0,0 @@
|
|
|
1
|
-
import { IAgentPlugin } from '@veramo/core';
|
|
2
|
-
import { ImDLMdoc } from '../types/ImDLMdoc';
|
|
3
|
-
export declare const mdocSupportMethods: Array<string>;
|
|
4
|
-
/**
|
|
5
|
-
* The MDLMdoc class implements the IAgentPlugin interface, providing methods for
|
|
6
|
-
* verification and information retrieval related to X.509 certificates and mDL (mobile
|
|
7
|
-
* driver's license) documents.
|
|
8
|
-
*/
|
|
9
|
-
export declare class MDLMdoc implements IAgentPlugin {
|
|
10
|
-
readonly schema: any;
|
|
11
|
-
readonly methods: ImDLMdoc;
|
|
12
|
-
private readonly trustAnchors;
|
|
13
|
-
private opts;
|
|
14
|
-
constructor(args?: {
|
|
15
|
-
trustAnchors?: string[];
|
|
16
|
-
opts?: {
|
|
17
|
-
trustRootWhenNoAnchors?: boolean;
|
|
18
|
-
allowSingleNoCAChainElement?: boolean;
|
|
19
|
-
blindlyTrustedAnchors?: string[];
|
|
20
|
-
};
|
|
21
|
-
});
|
|
22
|
-
/**
|
|
23
|
-
* Processes and verifies the provided mdoc, generates device response and presentation submission tokens.
|
|
24
|
-
*
|
|
25
|
-
* @param {MdocOid4vpPresentArgs} args - An object containing arguments for mdoc oid4vp holder presentation.
|
|
26
|
-
* @param {IRequiredContext} _context - Required context for the operation.
|
|
27
|
-
* @return {Promise<MdocOid4VPPresentationAuth>} A promise that resolves to an object containing vp_token and presentation_submission.
|
|
28
|
-
*/
|
|
29
|
-
private mdocOid4vpHolderPresent;
|
|
30
|
-
/**
|
|
31
|
-
* Verifies on the Relying Party (RP) side for mdoc (mobile document) OIDC4VP (OpenID Connect for Verifiable Presentations).
|
|
32
|
-
*
|
|
33
|
-
* @param {MdocOid4vpRPVerifyArgs} args - The arguments required for verification, including the vp_token, presentation_submission, and trustAnchors.
|
|
34
|
-
* @param {IRequiredContext} _context - The required context for this method.
|
|
35
|
-
* @return {Promise<MdocOid4vpRPVerifyResult>} - A promise that resolves to an object containing error status,
|
|
36
|
-
* validated documents, and the original presentation submission.
|
|
37
|
-
*/
|
|
38
|
-
private mdocOid4vpRPVerify;
|
|
39
|
-
/**
|
|
40
|
-
* Verifies the issuer-signed Mobile Document (mDoc) using the provided arguments and context.
|
|
41
|
-
*
|
|
42
|
-
* @param {MdocVerifyIssuerSignedArgs} args - The arguments required for verification, including input and key information.
|
|
43
|
-
* @param {IRequiredContext} context - The context encompassing necessary dependencies and configurations.
|
|
44
|
-
* @return {Promise<IVerifySignatureResult<KeyType>>} A promise that resolves to the result of the signature verification, including key information if available.
|
|
45
|
-
*/
|
|
46
|
-
private mdocVerifyIssuerSigned;
|
|
47
|
-
/**
|
|
48
|
-
* Verifies an X.509 certificate chain against a set of trust anchors.
|
|
49
|
-
*
|
|
50
|
-
* @param {VerifyCertificateChainArgs} args - The arguments required for verifying the certificate chain.
|
|
51
|
-
* This includes the certificate chain to be verified and any additional trust anchors to be used.
|
|
52
|
-
* @param {IRequiredContext} _context - The context required for verification, including necessary dependencies and settings.
|
|
53
|
-
* @return {Promise<X509ValidationResult>} A promise that resolves to the result of the validation process, indicating the success or failure of the certificate chain verification.
|
|
54
|
-
*/
|
|
55
|
-
private x509VerifyCertificateChain;
|
|
56
|
-
/**
|
|
57
|
-
* Extracts information from a list of X509 certificates.
|
|
58
|
-
*
|
|
59
|
-
* @param {GetX509CertificateInfoArgs} args - Arguments required to retrieve certificate information,
|
|
60
|
-
* including the certificates and optional Subject Alternative Name (SAN) type filter.
|
|
61
|
-
* @param {IRequiredContext} context - The context required for the operation, which may include
|
|
62
|
-
* logging, configuration, and other operational details.
|
|
63
|
-
* @return {Promise<CertificateInfo[]>} A promise that resolves with an array of certificate
|
|
64
|
-
* information objects, each containing details extracted from individual certificates.
|
|
65
|
-
*/
|
|
66
|
-
private x509GetCertificateInfo;
|
|
67
|
-
}
|
|
68
|
-
//# sourceMappingURL=mDLMdoc.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mDLMdoc.d.ts","sourceRoot":"","sources":["../../src/agent/mDLMdoc.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAG3C,OAAO,EAEL,QAAQ,EAKT,MAAM,mBAAmB,CAAA;AAoB1B,eAAO,MAAM,kBAAkB,EAAE,KAAK,CAAC,MAAM,CAM5C,CAAA;AAED;;;;GAIG;AACH,qBAAa,OAAQ,YAAW,YAAY;IAC1C,QAAQ,CAAC,MAAM,MAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAMzB;IACD,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAU;IACvC,OAAO,CAAC,IAAI,CAIX;gBAEW,IAAI,CAAC,EAAE;QACjB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;QACvB,IAAI,CAAC,EAAE;YAEL,sBAAsB,CAAC,EAAE,OAAO,CAAA;YAEhC,2BAA2B,CAAC,EAAE,OAAO,CAAA;YAGrC,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAA;SACjC,CAAA;KACF;IAKD;;;;;;OAMG;YACW,uBAAuB;IAuGrC;;;;;;;OAOG;YACW,kBAAkB;IAiDhC;;;;;;OAMG;YACW,sBAAsB;IAWpC;;;;;;;OAOG;YACW,0BAA0B;IAcxC;;;;;;;;;OASG;YACW,sBAAsB;CAIrC"}
|
package/dist/agent/mDLMdoc.js
DELETED
|
@@ -1,251 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
-
});
|
|
10
|
-
};
|
|
11
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.MDLMdoc = exports.mdocSupportMethods = void 0;
|
|
13
|
-
const kmp_mdoc_core_1 = require("@sphereon/kmp-mdoc-core");
|
|
14
|
-
const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
|
|
15
|
-
const ssi_sdk_ext_x509_utils_1 = require("@sphereon/ssi-sdk-ext.x509-utils");
|
|
16
|
-
const __1 = require("..");
|
|
17
|
-
const functions_1 = require("../functions");
|
|
18
|
-
var CborByteString = kmp_mdoc_core_1.com.sphereon.cbor.CborByteString;
|
|
19
|
-
var CoseKeyCbor = kmp_mdoc_core_1.com.sphereon.crypto.cose.CoseKeyCbor;
|
|
20
|
-
var CoseSign1Json = kmp_mdoc_core_1.com.sphereon.crypto.cose.CoseSign1Json;
|
|
21
|
-
var CoseCryptoServiceJS = kmp_mdoc_core_1.com.sphereon.crypto.CoseCryptoServiceJS;
|
|
22
|
-
var CoseJoseKeyMappingService = kmp_mdoc_core_1.com.sphereon.crypto.CoseJoseKeyMappingService;
|
|
23
|
-
var KeyInfo = kmp_mdoc_core_1.com.sphereon.crypto.KeyInfo;
|
|
24
|
-
var DateTimeUtils = kmp_mdoc_core_1.com.sphereon.kmp.DateTimeUtils;
|
|
25
|
-
var decodeFrom = kmp_mdoc_core_1.com.sphereon.kmp.decodeFrom;
|
|
26
|
-
var encodeTo = kmp_mdoc_core_1.com.sphereon.kmp.encodeTo;
|
|
27
|
-
var Encoding = kmp_mdoc_core_1.com.sphereon.kmp.Encoding;
|
|
28
|
-
var DeviceResponseCbor = kmp_mdoc_core_1.com.sphereon.mdoc.data.device.DeviceResponseCbor;
|
|
29
|
-
var MdocValidations = kmp_mdoc_core_1.com.sphereon.mdoc.data.MdocValidations;
|
|
30
|
-
var MdocOid4vpService = kmp_mdoc_core_1.com.sphereon.mdoc.oid4vp.MdocOid4vpServiceJs;
|
|
31
|
-
var Oid4VPPresentationSubmission = kmp_mdoc_core_1.com.sphereon.mdoc.oid4vp.Oid4VPPresentationSubmission;
|
|
32
|
-
exports.mdocSupportMethods = [
|
|
33
|
-
'x509VerifyCertificateChain',
|
|
34
|
-
'x509GetCertificateInfo',
|
|
35
|
-
'mdocVerifyIssuerSigned',
|
|
36
|
-
'mdocOid4vpHolderPresent',
|
|
37
|
-
'mdocOid4vpRPVerify',
|
|
38
|
-
];
|
|
39
|
-
/**
|
|
40
|
-
* The MDLMdoc class implements the IAgentPlugin interface, providing methods for
|
|
41
|
-
* verification and information retrieval related to X.509 certificates and mDL (mobile
|
|
42
|
-
* driver's license) documents.
|
|
43
|
-
*/
|
|
44
|
-
class MDLMdoc {
|
|
45
|
-
constructor(args) {
|
|
46
|
-
var _a, _b;
|
|
47
|
-
this.schema = __1.schema.IMDLMdoc;
|
|
48
|
-
this.methods = {
|
|
49
|
-
x509VerifyCertificateChain: this.x509VerifyCertificateChain.bind(this),
|
|
50
|
-
x509GetCertificateInfo: this.x509GetCertificateInfo.bind(this),
|
|
51
|
-
mdocVerifyIssuerSigned: this.mdocVerifyIssuerSigned.bind(this),
|
|
52
|
-
mdocOid4vpHolderPresent: this.mdocOid4vpHolderPresent.bind(this),
|
|
53
|
-
mdocOid4vpRPVerify: this.mdocOid4vpRPVerify.bind(this),
|
|
54
|
-
};
|
|
55
|
-
this.trustAnchors = (_a = args === null || args === void 0 ? void 0 : args.trustAnchors) !== null && _a !== void 0 ? _a : [];
|
|
56
|
-
this.opts = (_b = args === null || args === void 0 ? void 0 : args.opts) !== null && _b !== void 0 ? _b : { trustRootWhenNoAnchors: true };
|
|
57
|
-
}
|
|
58
|
-
/**
|
|
59
|
-
* Processes and verifies the provided mdoc, generates device response and presentation submission tokens.
|
|
60
|
-
*
|
|
61
|
-
* @param {MdocOid4vpPresentArgs} args - An object containing arguments for mdoc oid4vp holder presentation.
|
|
62
|
-
* @param {IRequiredContext} _context - Required context for the operation.
|
|
63
|
-
* @return {Promise<MdocOid4VPPresentationAuth>} A promise that resolves to an object containing vp_token and presentation_submission.
|
|
64
|
-
*/
|
|
65
|
-
mdocOid4vpHolderPresent(args, _context) {
|
|
66
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
67
|
-
var _a, _b, _c, _d, _e, _f;
|
|
68
|
-
const { mdocs, presentationDefinition, trustAnchors, verifications, mdocHolderNonce, authorizationRequestNonce, responseUri, clientId } = args;
|
|
69
|
-
const oid4vpService = new MdocOid4vpService();
|
|
70
|
-
// const mdoc = DocumentCbor.Static.cborDecode(decodeFrom(mdocBase64Url, Encoding.BASE64URL))
|
|
71
|
-
const validate = (mdoc) => __awaiter(this, void 0, void 0, function* () {
|
|
72
|
-
var _a, _b;
|
|
73
|
-
try {
|
|
74
|
-
const result = yield MdocValidations.fromDocumentAsync(mdoc, null, trustAnchors !== null && trustAnchors !== void 0 ? trustAnchors : this.trustAnchors, DateTimeUtils.Static.DEFAULT.dateTimeLocal(((_b = (_a = verifications === null || verifications === void 0 ? void 0 : verifications.verificationTime) === null || _a === void 0 ? void 0 : _a.getTime()) !== null && _b !== void 0 ? _b : Date.now()) / 1000), verifications === null || verifications === void 0 ? void 0 : verifications.allowExpiredDocuments);
|
|
75
|
-
if (result.error) {
|
|
76
|
-
console.log(JSON.stringify(result, null, 2));
|
|
77
|
-
}
|
|
78
|
-
return result;
|
|
79
|
-
}
|
|
80
|
-
catch (e) {
|
|
81
|
-
console.log(e);
|
|
82
|
-
return {
|
|
83
|
-
error: true,
|
|
84
|
-
verifications: [
|
|
85
|
-
{
|
|
86
|
-
name: 'mdoc',
|
|
87
|
-
error: true,
|
|
88
|
-
critical: true,
|
|
89
|
-
message: e.message,
|
|
90
|
-
},
|
|
91
|
-
],
|
|
92
|
-
};
|
|
93
|
-
}
|
|
94
|
-
});
|
|
95
|
-
const allMatches = oid4vpService.matchDocumentsAndDescriptors(mdocHolderNonce, mdocs, presentationDefinition);
|
|
96
|
-
const docsAndDescriptors = [];
|
|
97
|
-
let lastError = undefined;
|
|
98
|
-
for (let match of allMatches) {
|
|
99
|
-
if (match.document) {
|
|
100
|
-
const result = yield validate(match.document);
|
|
101
|
-
if (!result.error || responseUri.includes('openid.net')) {
|
|
102
|
-
// TODO: We relax for the conformance suite, as the cert would be invalid
|
|
103
|
-
try {
|
|
104
|
-
const cborKey = ((_a = result.keyInfo) === null || _a === void 0 ? void 0 : _a.key) ? CoseKeyCbor.Static.fromDTO(result.keyInfo.key) : undefined;
|
|
105
|
-
if (!cborKey) {
|
|
106
|
-
throw Error('No key found in result');
|
|
107
|
-
}
|
|
108
|
-
let jwk = CoseJoseKeyMappingService.toJoseJwk(cborKey).toJsonDTO();
|
|
109
|
-
if (!((_b = result.keyInfo) === null || _b === void 0 ? void 0 : _b.kmsKeyRef)) {
|
|
110
|
-
const keyInfo = result.keyInfo;
|
|
111
|
-
const kid = (_c = jwk.kid) !== null && _c !== void 0 ? _c : (0, ssi_sdk_ext_key_utils_1.calculateJwkThumbprint)({ jwk: jwk });
|
|
112
|
-
const key = yield _context.agent.keyManagerGet({ kid });
|
|
113
|
-
const kms = key.kms;
|
|
114
|
-
const kmsKeyRef = (_d = key.meta) === null || _d === void 0 ? void 0 : _d.kmsKeyRef;
|
|
115
|
-
const updateCborKey = cborKey.copy(false, cborKey.kty, (_e = cborKey.kid) !== null && _e !== void 0 ? _e : new CborByteString(decodeFrom(kid, Encoding.UTF8)));
|
|
116
|
-
const deviceKeyInfo = KeyInfo.Static.fromDTO(keyInfo).copy(kid, updateCborKey, keyInfo.opts, keyInfo.keyVisibility, keyInfo.signatureAlgorithm, keyInfo.x5c, kmsKeyRef, kms);
|
|
117
|
-
const updateMatch = match.copy(match.inputDescriptor, match.document, match.documentError, deviceKeyInfo);
|
|
118
|
-
match = updateMatch;
|
|
119
|
-
}
|
|
120
|
-
}
|
|
121
|
-
catch (e) {
|
|
122
|
-
console.log(`We tied to ammend key info from the KMS, but failed. Potential trouble ahead ${e.message}`, e);
|
|
123
|
-
}
|
|
124
|
-
docsAndDescriptors.push(match);
|
|
125
|
-
}
|
|
126
|
-
else if (result.error) {
|
|
127
|
-
lastError = result;
|
|
128
|
-
}
|
|
129
|
-
}
|
|
130
|
-
}
|
|
131
|
-
if (docsAndDescriptors.length === 0) {
|
|
132
|
-
if (lastError) {
|
|
133
|
-
return Promise.reject(Error((_f = lastError.verifications[0].message) !== null && _f !== void 0 ? _f : 'No matching documents found'));
|
|
134
|
-
}
|
|
135
|
-
return Promise.reject(Error('No matching documents found'));
|
|
136
|
-
}
|
|
137
|
-
const deviceResponse = yield oid4vpService.createDeviceResponse(docsAndDescriptors, presentationDefinition, clientId, responseUri, authorizationRequestNonce);
|
|
138
|
-
const vp_token = encodeTo(deviceResponse.cborEncode(), Encoding.BASE64URL);
|
|
139
|
-
const presentation_submission = Oid4VPPresentationSubmission.Static.fromPresentationDefinition(presentationDefinition);
|
|
140
|
-
return { vp_token, presentation_submission };
|
|
141
|
-
});
|
|
142
|
-
}
|
|
143
|
-
/**
|
|
144
|
-
* Verifies on the Relying Party (RP) side for mdoc (mobile document) OIDC4VP (OpenID Connect for Verifiable Presentations).
|
|
145
|
-
*
|
|
146
|
-
* @param {MdocOid4vpRPVerifyArgs} args - The arguments required for verification, including the vp_token, presentation_submission, and trustAnchors.
|
|
147
|
-
* @param {IRequiredContext} _context - The required context for this method.
|
|
148
|
-
* @return {Promise<MdocOid4vpRPVerifyResult>} - A promise that resolves to an object containing error status,
|
|
149
|
-
* validated documents, and the original presentation submission.
|
|
150
|
-
*/
|
|
151
|
-
mdocOid4vpRPVerify(args, _context) {
|
|
152
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
153
|
-
const { vp_token, presentation_submission, trustAnchors } = args;
|
|
154
|
-
const deviceResponse = DeviceResponseCbor.Static.cborDecode(decodeFrom(vp_token, Encoding.BASE64URL));
|
|
155
|
-
if (!deviceResponse.documents) {
|
|
156
|
-
return Promise.reject(Error(`No documents found in vp_token`));
|
|
157
|
-
}
|
|
158
|
-
let error = false;
|
|
159
|
-
const documents = yield Promise.all(deviceResponse.documents.map((document) => __awaiter(this, void 0, void 0, function* () {
|
|
160
|
-
try {
|
|
161
|
-
const validations = yield MdocValidations.fromDocumentAsync(document, null, trustAnchors !== null && trustAnchors !== void 0 ? trustAnchors : this.trustAnchors);
|
|
162
|
-
if (!validations || validations.error) {
|
|
163
|
-
error = true;
|
|
164
|
-
}
|
|
165
|
-
if (presentation_submission.descriptor_map.find((m) => m.id === document.docType.value) === null) {
|
|
166
|
-
error = true;
|
|
167
|
-
validations.verifications.push({
|
|
168
|
-
name: 'mdoc',
|
|
169
|
-
error,
|
|
170
|
-
critical: error,
|
|
171
|
-
message: `No descriptor map id with document type ${document.docType.value} present`,
|
|
172
|
-
});
|
|
173
|
-
}
|
|
174
|
-
return { document: document.toJson(), validations };
|
|
175
|
-
}
|
|
176
|
-
catch (e) {
|
|
177
|
-
error = true;
|
|
178
|
-
return {
|
|
179
|
-
document: document.toJson(),
|
|
180
|
-
validations: {
|
|
181
|
-
error: true,
|
|
182
|
-
verifications: [
|
|
183
|
-
{
|
|
184
|
-
name: 'mdoc',
|
|
185
|
-
error,
|
|
186
|
-
critical: true,
|
|
187
|
-
message: e.message,
|
|
188
|
-
},
|
|
189
|
-
],
|
|
190
|
-
},
|
|
191
|
-
};
|
|
192
|
-
}
|
|
193
|
-
})));
|
|
194
|
-
if (error) {
|
|
195
|
-
console.log(JSON.stringify(documents, null, 2));
|
|
196
|
-
}
|
|
197
|
-
return { error, documents, presentation_submission };
|
|
198
|
-
});
|
|
199
|
-
}
|
|
200
|
-
/**
|
|
201
|
-
* Verifies the issuer-signed Mobile Document (mDoc) using the provided arguments and context.
|
|
202
|
-
*
|
|
203
|
-
* @param {MdocVerifyIssuerSignedArgs} args - The arguments required for verification, including input and key information.
|
|
204
|
-
* @param {IRequiredContext} context - The context encompassing necessary dependencies and configurations.
|
|
205
|
-
* @return {Promise<IVerifySignatureResult<KeyType>>} A promise that resolves to the result of the signature verification, including key information if available.
|
|
206
|
-
*/
|
|
207
|
-
mdocVerifyIssuerSigned(args, context) {
|
|
208
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
209
|
-
const { input, keyInfo, requireX5Chain } = args;
|
|
210
|
-
const coseKeyInfo = keyInfo && CoseJoseKeyMappingService.toCoseKeyInfo(keyInfo);
|
|
211
|
-
const verification = yield new CoseCryptoServiceJS(new functions_1.CoseCryptoService(context)).verify1(CoseSign1Json.Static.fromDTO(input).toCbor(), coseKeyInfo, requireX5Chain);
|
|
212
|
-
return Object.assign(Object.assign({}, verification), { keyInfo: keyInfo });
|
|
213
|
-
});
|
|
214
|
-
}
|
|
215
|
-
/**
|
|
216
|
-
* Verifies an X.509 certificate chain against a set of trust anchors.
|
|
217
|
-
*
|
|
218
|
-
* @param {VerifyCertificateChainArgs} args - The arguments required for verifying the certificate chain.
|
|
219
|
-
* This includes the certificate chain to be verified and any additional trust anchors to be used.
|
|
220
|
-
* @param {IRequiredContext} _context - The context required for verification, including necessary dependencies and settings.
|
|
221
|
-
* @return {Promise<X509ValidationResult>} A promise that resolves to the result of the validation process, indicating the success or failure of the certificate chain verification.
|
|
222
|
-
*/
|
|
223
|
-
x509VerifyCertificateChain(args, _context) {
|
|
224
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
225
|
-
var _a;
|
|
226
|
-
const mergedAnchors = [...this.trustAnchors, ...((_a = args.trustAnchors) !== null && _a !== void 0 ? _a : [])];
|
|
227
|
-
const trustAnchors = new Set(mergedAnchors);
|
|
228
|
-
const validationResult = yield new functions_1.X509CallbackService(Array.from(mergedAnchors)).verifyCertificateChain(Object.assign(Object.assign({}, args), { trustAnchors: Array.from(trustAnchors), opts: Object.assign(Object.assign({}, args === null || args === void 0 ? void 0 : args.opts), this.opts) }));
|
|
229
|
-
console.log(`x509 validation for ${validationResult.error ? 'Error' : 'Success'}. message: ${validationResult.message}, details: ${validationResult.detailMessage}`);
|
|
230
|
-
return validationResult;
|
|
231
|
-
});
|
|
232
|
-
}
|
|
233
|
-
/**
|
|
234
|
-
* Extracts information from a list of X509 certificates.
|
|
235
|
-
*
|
|
236
|
-
* @param {GetX509CertificateInfoArgs} args - Arguments required to retrieve certificate information,
|
|
237
|
-
* including the certificates and optional Subject Alternative Name (SAN) type filter.
|
|
238
|
-
* @param {IRequiredContext} context - The context required for the operation, which may include
|
|
239
|
-
* logging, configuration, and other operational details.
|
|
240
|
-
* @return {Promise<CertificateInfo[]>} A promise that resolves with an array of certificate
|
|
241
|
-
* information objects, each containing details extracted from individual certificates.
|
|
242
|
-
*/
|
|
243
|
-
x509GetCertificateInfo(args, context) {
|
|
244
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
245
|
-
const certificates = args.certificates.map((cert) => (0, ssi_sdk_ext_x509_utils_1.pemOrDerToX509Certificate)(cert));
|
|
246
|
-
return yield Promise.all(certificates.map((cert) => (0, ssi_sdk_ext_x509_utils_1.getCertificateInfo)(cert, args.sanTypeFilter && { sanTypeFilter: args.sanTypeFilter })));
|
|
247
|
-
});
|
|
248
|
-
}
|
|
249
|
-
}
|
|
250
|
-
exports.MDLMdoc = MDLMdoc;
|
|
251
|
-
//# sourceMappingURL=mDLMdoc.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mDLMdoc.js","sourceRoot":"","sources":["../../src/agent/mDLMdoc.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2DAA6C;AAC7C,2EAAwE;AACxE,6EAAuI;AAGvI,0BAAgI;AAChI,4CAAqE;AASrE,IAAO,cAAc,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAA;AACxD,IAAO,WAAW,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAA;AACzD,IAAO,aAAa,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAA;AAC7D,IAAO,mBAAmB,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,mBAAmB,CAAA;AACpE,IAAO,yBAAyB,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,yBAAyB,CAAA;AAEhF,IAAO,OAAO,GAAG,mBAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAA;AAC5C,IAAO,aAAa,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,aAAa,CAAA;AACrD,IAAO,UAAU,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAA;AAC/C,IAAO,QAAQ,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAA;AAC3C,IAAO,QAAQ,GAAG,mBAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAA;AAC3C,IAAO,kBAAkB,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAA;AAE5E,IAAO,eAAe,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAA;AAG/D,IAAO,iBAAiB,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAA;AACvE,IAAO,4BAA4B,GAAG,mBAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,4BAA4B,CAAA;AAE9E,QAAA,kBAAkB,GAAkB;IAC/C,4BAA4B;IAC5B,wBAAwB;IACxB,wBAAwB;IACxB,yBAAyB;IACzB,oBAAoB;CACrB,CAAA;AAED;;;;GAIG;AACH,MAAa,OAAO;IAgBlB,YAAY,IAWX;;QA1BQ,WAAM,GAAG,UAAM,CAAC,QAAQ,CAAA;QACxB,YAAO,GAAa;YAC3B,0BAA0B,EAAE,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC;YACtE,sBAAsB,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9D,sBAAsB,EAAE,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9D,uBAAuB,EAAE,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC;YAChE,kBAAkB,EAAE,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;SACvD,CAAA;QAoBC,IAAI,CAAC,YAAY,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,YAAY,mCAAI,EAAE,CAAA;QAC5C,IAAI,CAAC,IAAI,GAAG,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,mCAAI,EAAE,sBAAsB,EAAE,IAAI,EAAE,CAAA;IAC5D,CAAC;IAED;;;;;;OAMG;IACW,uBAAuB,CAAC,IAA2B,EAAE,QAA0B;;;YAC3F,MAAM,EAAE,KAAK,EAAE,sBAAsB,EAAE,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,yBAAyB,EAAE,WAAW,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAA;YAE9I,MAAM,aAAa,GAAG,IAAI,iBAAiB,EAAE,CAAA;YAC7C,6FAA6F;YAC7F,MAAM,QAAQ,GAAG,CAAO,IAAkB,EAAE,EAAE;;gBAC5C,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,iBAAiB,CACpD,IAAI,EACJ,IAAI,EACJ,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,IAAI,CAAC,YAAY,EACjC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,MAAA,MAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,gBAAgB,0CAAE,OAAO,EAAE,mCAAI,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,EAC7G,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,qBAAqB,CACrC,CAAA;oBACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;oBAC9C,CAAC;oBACD,OAAO,MAAM,CAAA;gBACf,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;oBACd,OAAO;wBACL,KAAK,EAAE,IAAI;wBACX,aAAa,EAAE;4BACb;gCACE,IAAI,EAAE,MAAM;gCACZ,KAAK,EAAE,IAAI;gCACX,QAAQ,EAAE,IAAI;gCACd,OAAO,EAAE,CAAC,CAAC,OAAiB;6BAC7B;yBACF;qBACF,CAAA;gBACH,CAAC;YACH,CAAC,CAAA,CAAA;YAED,MAAM,UAAU,GAAoC,aAAa,CAAC,4BAA4B,CAC5F,eAAe,EACf,KAAK,EACL,sBAAuD,CACxD,CAAA;YACD,MAAM,kBAAkB,GAAoC,EAAE,CAAA;YAC9D,IAAI,SAAS,GAAkG,SAAS,CAAA;YACxH,KAAK,IAAI,KAAK,IAAI,UAAU,EAAE,CAAC;gBAC7B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACnB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;oBAC7C,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;wBACxD,yEAAyE;wBACzE,IAAI,CAAC;4BACH,MAAM,OAAO,GAAG,CAAA,MAAA,MAAM,CAAC,OAAO,0CAAE,GAAG,EAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;4BAChG,IAAI,CAAC,OAAO,EAAE,CAAC;gCACb,MAAM,KAAK,CAAC,wBAAwB,CAAC,CAAA;4BACvC,CAAC;4BACD,IAAI,GAAG,GAAG,yBAAyB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,SAAS,EAAO,CAAA;4BACvE,IAAI,CAAC,CAAA,MAAA,MAAM,CAAC,OAAO,0CAAE,SAAS,CAAA,EAAE,CAAC;gCAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAQ,CAAA;gCAC/B,MAAM,GAAG,GAAG,MAAA,GAAG,CAAC,GAAG,mCAAI,IAAA,8CAAsB,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;gCAE3D,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,GAAG,EAAE,CAAC,CAAA;gCACvD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAA;gCACnB,MAAM,SAAS,GAAG,MAAA,GAAG,CAAC,IAAI,0CAAE,SAAS,CAAA;gCACrC,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,EAAE,MAAA,OAAO,CAAC,GAAG,mCAAI,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;gCACzH,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CACxD,GAAG,EACH,aAAa,EACb,OAAO,CAAC,IAAI,EACZ,OAAO,CAAC,aAAa,EACrB,OAAO,CAAC,kBAAkB,EAC1B,OAAO,CAAC,GAAG,EACX,SAAS,EACT,GAAG,CACJ,CAAA;gCACD,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,aAAa,EAAE,aAAa,CAAC,CAAA;gCACzG,KAAK,GAAG,WAAW,CAAA;4BACrB,CAAC;wBACH,CAAC;wBAAC,OAAO,CAAM,EAAE,CAAC;4BAChB,OAAO,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAA;wBAC7G,CAAC;wBAED,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;oBAChC,CAAC;yBAAM,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBACxB,SAAS,GAAG,MAAM,CAAA;oBACpB,CAAC;gBACH,CAAC;YACH,CAAC;YACD,IAAI,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACpC,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAA,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,OAAO,mCAAI,6BAA6B,CAAC,CAAC,CAAA;gBACnG,CAAC;gBACD,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAA;YAC7D,CAAC;YACD,MAAM,cAAc,GAAG,MAAM,aAAa,CAAC,oBAAoB,CAC7D,kBAAkB,EAClB,sBAAuD,EACvD,QAAQ,EACR,WAAW,EACX,yBAAyB,CAC1B,CAAA;YACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,EAAE,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAA;YAC1E,MAAM,uBAAuB,GAAG,4BAA4B,CAAC,MAAM,CAAC,0BAA0B,CAC5F,sBAAuD,CACxD,CAAA;YACD,OAAO,EAAE,QAAQ,EAAE,uBAAuB,EAAE,CAAA;QAC9C,CAAC;KAAA;IAED;;;;;;;OAOG;IACW,kBAAkB,CAAC,IAA4B,EAAE,QAA0B;;YACvF,MAAM,EAAE,QAAQ,EAAE,uBAAuB,EAAE,YAAY,EAAE,GAAG,IAAI,CAAA;YAChE,MAAM,cAAc,GAAG,kBAAkB,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAA;YACrG,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;gBAC9B,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAA;YAChE,CAAC;YACD,IAAI,KAAK,GAAG,KAAK,CAAA;YACjB,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,GAAG,CACjC,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAO,QAAQ,EAAE,EAAE;gBAC9C,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,iBAAiB,CAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,aAAZ,YAAY,cAAZ,YAAY,GAAI,IAAI,CAAC,YAAY,CAAC,CAAA;oBAC9G,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,KAAK,EAAE,CAAC;wBACtC,KAAK,GAAG,IAAI,CAAA;oBACd,CAAC;oBACD,IAAI,uBAAuB,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC;wBACjG,KAAK,GAAG,IAAI,CAAA;wBACZ,WAAW,CAAC,aAAa,CAAC,IAAI,CAAC;4BAC7B,IAAI,EAAE,MAAM;4BACZ,KAAK;4BACL,QAAQ,EAAE,KAAK;4BACf,OAAO,EAAE,2CAA2C,QAAQ,CAAC,OAAO,CAAC,KAAK,UAAU;yBACrF,CAAC,CAAA;oBACJ,CAAC;oBACD,OAAO,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,CAAA;gBACrD,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,KAAK,GAAG,IAAI,CAAA;oBACZ,OAAO;wBACL,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE;wBAC3B,WAAW,EAAE;4BACX,KAAK,EAAE,IAAI;4BACX,aAAa,EAAE;gCACb;oCACE,IAAI,EAAE,MAAM;oCACZ,KAAK;oCACL,QAAQ,EAAE,IAAI;oCACd,OAAO,EAAE,CAAC,CAAC,OAAiB;iCAC7B;6BACF;yBACF;qBACF,CAAA;gBACH,CAAC;YACH,CAAC,CAAA,CAAC,CACH,CAAA;YACD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACjD,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,uBAAuB,EAAE,CAAA;QACtD,CAAC;KAAA;IAED;;;;;;OAMG;IACW,sBAAsB,CAAC,IAAgC,EAAE,OAAyB;;YAC9F,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;YAC/C,MAAM,WAAW,GAAG,OAAO,IAAI,yBAAyB,CAAC,aAAa,CAAC,OAAO,CAAC,CAAA;YAC/E,MAAM,YAAY,GAAG,MAAM,IAAI,mBAAmB,CAAC,IAAI,6BAAiB,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CACxF,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAC5C,WAAW,EACX,cAAc,CACf,CAAA;YACD,uCAAY,YAAY,KAAE,OAAO,EAAE,OAAO,IAAE;QAC9C,CAAC;KAAA;IAED;;;;;;;OAOG;IACW,0BAA0B,CAAC,IAAgC,EAAE,QAA0B;;;YACnG,MAAM,aAAa,GAAa,CAAC,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,MAAA,IAAI,CAAC,YAAY,mCAAI,EAAE,CAAC,CAAC,CAAA;YACpF,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,aAAa,CAAC,CAAA;YACnD,MAAM,gBAAgB,GAAG,MAAM,IAAI,+BAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,sBAAsB,iCACnG,IAAI,KACP,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EACtC,IAAI,kCAAO,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,IAAI,GAAK,IAAI,CAAC,IAAI,KACnC,CAAA;YACF,OAAO,CAAC,GAAG,CACT,uBAAuB,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,cAAc,gBAAgB,CAAC,OAAO,cAAc,gBAAgB,CAAC,aAAa,EAAE,CACxJ,CAAA;YACD,OAAO,gBAAgB,CAAA;QACzB,CAAC;KAAA;IAED;;;;;;;;;OASG;IACW,sBAAsB,CAAC,IAAgC,EAAE,OAAyB;;YAC9F,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,kDAAyB,EAAC,IAAI,CAAC,CAAC,CAAA;YACrF,OAAO,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAA,2CAAkB,EAAC,IAAI,EAAE,IAAI,CAAC,aAAa,IAAI,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAA;QAC7I,CAAC;KAAA;CACF;AA7PD,0BA6PC"}
|
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
import { com, Nullable } from '@sphereon/kmp-mdoc-core';
|
|
2
|
-
import { X509ValidationResult } from '@sphereon/ssi-sdk-ext.x509-utils';
|
|
3
|
-
import { IRequiredContext, VerifyCertificateChainArgs } from '../types/ImDLMdoc';
|
|
4
|
-
import CoseSign1Cbor = com.sphereon.crypto.cose.CoseSign1Cbor;
|
|
5
|
-
import ICoseKeyCbor = com.sphereon.crypto.cose.ICoseKeyCbor;
|
|
6
|
-
import ToBeSignedCbor = com.sphereon.crypto.cose.ToBeSignedCbor;
|
|
7
|
-
import IVerifySignatureResult = com.sphereon.crypto.generic.IVerifySignatureResult;
|
|
8
|
-
import ICoseCryptoCallbackJS = com.sphereon.crypto.ICoseCryptoCallbackJS;
|
|
9
|
-
import IKey = com.sphereon.crypto.IKey;
|
|
10
|
-
import IKeyInfo = com.sphereon.crypto.IKeyInfo;
|
|
11
|
-
import IX509ServiceJS = com.sphereon.crypto.IX509ServiceJS;
|
|
12
|
-
import IX509VerificationResult = com.sphereon.crypto.IX509VerificationResult;
|
|
13
|
-
import X509VerificationProfile = com.sphereon.crypto.X509VerificationProfile;
|
|
14
|
-
import LocalDateTimeKMP = com.sphereon.kmp.LocalDateTimeKMP;
|
|
15
|
-
export declare class CoseCryptoService implements ICoseCryptoCallbackJS {
|
|
16
|
-
private context?;
|
|
17
|
-
constructor(context?: IRequiredContext | undefined);
|
|
18
|
-
setContext(context: IRequiredContext): void;
|
|
19
|
-
signAsync(input: ToBeSignedCbor, requireX5Chain: Nullable<boolean>): Promise<Int8Array>;
|
|
20
|
-
verify1Async<CborType>(input: CoseSign1Cbor<CborType>, keyInfo: IKeyInfo<ICoseKeyCbor>, requireX5Chain: Nullable<boolean>): Promise<IVerifySignatureResult<ICoseKeyCbor>>;
|
|
21
|
-
resolvePublicKeyAsync<KT extends com.sphereon.crypto.IKey>(keyInfo: com.sphereon.crypto.IKeyInfo<KT>): Promise<com.sphereon.crypto.IResolvedKeyInfo<KT>>;
|
|
22
|
-
}
|
|
23
|
-
/**
|
|
24
|
-
* This class can be used for X509 validations.
|
|
25
|
-
* Either have an instance per trustedCerts and verification invocation or use a single instance and provide the trusted certs in the method argument
|
|
26
|
-
*
|
|
27
|
-
* The class is also registered with the low-level mDL/mdoc Kotlin Multiplatform library
|
|
28
|
-
* Next to the specific function for the library it exports a more powerful version of the same verification method as well
|
|
29
|
-
*/
|
|
30
|
-
export declare class X509CallbackService implements IX509ServiceJS {
|
|
31
|
-
private _trustedCerts?;
|
|
32
|
-
constructor(trustedCerts?: Array<string>);
|
|
33
|
-
/**
|
|
34
|
-
* A more powerful version of the method below. Allows to verify at a specific time and returns more information
|
|
35
|
-
* @param chain
|
|
36
|
-
* @param trustAnchors
|
|
37
|
-
* @param verificationTime
|
|
38
|
-
*/
|
|
39
|
-
verifyCertificateChain({ chain, trustAnchors, verificationTime, opts, }: VerifyCertificateChainArgs): Promise<X509ValidationResult>;
|
|
40
|
-
/**
|
|
41
|
-
* This method is the implementation used within the mDL/Mdoc library
|
|
42
|
-
*/
|
|
43
|
-
verifyCertificateChainJS<KeyType extends IKey>(chainDER: Nullable<Int8Array[]>, chainPEM: Nullable<string[]>, trustedCerts: Nullable<string[]>, verificationProfile?: X509VerificationProfile | undefined, verificationTime?: Nullable<LocalDateTimeKMP>): Promise<IX509VerificationResult<KeyType>>;
|
|
44
|
-
setTrustedCerts: (trustedCertsInPEM?: Array<string>) => void;
|
|
45
|
-
getTrustedCerts: () => string[] | undefined;
|
|
46
|
-
}
|
|
47
|
-
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/functions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AAEvD,OAAO,EAOL,oBAAoB,EACrB,MAAM,kCAAkC,CAAA;AAKzC,OAAO,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAA;AAEhF,OAAO,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAA;AAC7D,OAAO,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAA;AAC3D,OAAO,cAAc,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAA;AAG/D,OAAO,sBAAsB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAA;AAElF,OAAO,qBAAqB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,qBAAqB,CAAA;AACxE,OAAO,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAA;AACtC,OAAO,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAA;AAC9C,OAAO,cAAc,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,cAAc,CAAA;AAC1D,OAAO,uBAAuB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,uBAAuB,CAAA;AAI5E,OAAO,uBAAuB,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,uBAAuB,CAAA;AAK5E,OAAO,gBAAgB,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAA;AAE3D,qBAAa,iBAAkB,YAAW,qBAAqB;IACjD,OAAO,CAAC,OAAO,CAAC;gBAAR,OAAO,CAAC,EAAE,gBAAgB,YAAA;IAE9C,UAAU,CAAC,OAAO,EAAE,gBAAgB;IAI9B,SAAS,CAAC,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;IA6BvF,YAAY,CAAC,QAAQ,EACzB,KAAK,EAAE,aAAa,CAAC,QAAQ,CAAC,EAC9B,OAAO,EAAE,QAAQ,CAAC,YAAY,CAAC,EAC/B,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,GAChC,OAAO,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC;IAkFhD,qBAAqB,CAAC,EAAE,SAAS,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,EACvD,OAAO,EAAE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,GACxC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC,CAAC;CAMrD;AAED;;;;;;GAMG;AACH,qBAAa,mBAAoB,YAAW,cAAc;IACxD,OAAO,CAAC,aAAa,CAAC,CAAe;gBAEzB,YAAY,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC;IAIxC;;;;;OAKG;IACG,sBAAsB,CAAC,EAC3B,KAAK,EACL,YAAqC,EACrC,gBAAgB,EAChB,IAAI,GACL,EAAE,0BAA0B,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAS7D;;OAEG;IACG,wBAAwB,CAAC,OAAO,SAAS,IAAI,EACjD,QAAQ,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,EAC/B,QAAQ,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,EAC5B,YAAY,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,EAChC,mBAAmB,CAAC,EAAE,uBAAuB,GAAG,SAAS,EACzD,gBAAgB,CAAC,EAAE,QAAQ,CAAC,gBAAgB,CAAC,GAC5C,OAAO,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IA6B5C,eAAe,uBAAwB,KAAK,CAAC,MAAM,CAAC,UAQnD;IAED,eAAe,6BAA2B;CAC3C"}
|