@twin.org/identity-connector-entity-storage 0.0.1-next.27 → 0.0.1-next.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cjs/index.cjs
CHANGED
|
@@ -160,6 +160,7 @@ class EntityStorageIdentityConnector {
|
|
|
160
160
|
const bitString = new core.BitString(EntityStorageIdentityConnector._REVOCATION_BITS_SIZE);
|
|
161
161
|
const compressed = await core.Compression.compress(bitString.getBits(), core.CompressionType.Gzip);
|
|
162
162
|
const didDocument = {
|
|
163
|
+
"@context": standardsW3cDid.DidContexts.Context,
|
|
163
164
|
id: did,
|
|
164
165
|
service: [
|
|
165
166
|
{
|
|
@@ -478,10 +479,7 @@ class EntityStorageIdentityConnector {
|
|
|
478
479
|
sub: credId,
|
|
479
480
|
vc: jwtVc
|
|
480
481
|
};
|
|
481
|
-
const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (
|
|
482
|
-
const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
|
|
483
|
-
return sig;
|
|
484
|
-
});
|
|
482
|
+
const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
|
|
485
483
|
return {
|
|
486
484
|
verifiableCredential,
|
|
487
485
|
jwt: signature
|
|
@@ -530,10 +528,7 @@ class EntityStorageIdentityConnector {
|
|
|
530
528
|
if (!core.Is.stringValue(didMethod.publicKeyJwk?.x)) {
|
|
531
529
|
throw new core.GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", { method: jwtHeader.kid });
|
|
532
530
|
}
|
|
533
|
-
|
|
534
|
-
if (!verified) {
|
|
535
|
-
throw new core.GeneralError(this.CLASS_NAME, "jwkSignatureFailed");
|
|
536
|
-
}
|
|
531
|
+
await web.Jwt.verifySignature(credentialJwt, await web.Jwk.toCryptoKey(didMethod.publicKeyJwk));
|
|
537
532
|
const verifiableCredential = jwtPayload.vc;
|
|
538
533
|
if (core.Is.object(verifiableCredential)) {
|
|
539
534
|
if (core.Is.string(jwtPayload.jti)) {
|
|
@@ -553,7 +548,19 @@ class EntityStorageIdentityConnector {
|
|
|
553
548
|
core.ObjectHelper.propertySet(verifiableCredential.credentialSubject, "id", jwtPayload.sub);
|
|
554
549
|
}
|
|
555
550
|
}
|
|
556
|
-
const
|
|
551
|
+
const credentialStatus = verifiableCredential.credentialStatus;
|
|
552
|
+
let revoked = false;
|
|
553
|
+
if (core.Is.object(credentialStatus)) {
|
|
554
|
+
revoked = await this.checkRevocation(issuerDidDocument, credentialStatus.revocationBitmapIndex);
|
|
555
|
+
}
|
|
556
|
+
else if (core.Is.arrayValue(credentialStatus)) {
|
|
557
|
+
for (let i = 0; i < credentialStatus.length; i++) {
|
|
558
|
+
revoked = await this.checkRevocation(issuerDidDocument, credentialStatus[i].revocationBitmapIndex);
|
|
559
|
+
if (revoked) {
|
|
560
|
+
break;
|
|
561
|
+
}
|
|
562
|
+
}
|
|
563
|
+
}
|
|
557
564
|
return {
|
|
558
565
|
revoked,
|
|
559
566
|
verifiableCredential: revoked ? undefined : verifiableCredential
|
|
@@ -728,10 +735,7 @@ class EntityStorageIdentityConnector {
|
|
|
728
735
|
const expiresInSeconds = expiresInMinutes * 60;
|
|
729
736
|
jwtPayload.exp = Math.floor(Date.now() / 1000) + expiresInSeconds;
|
|
730
737
|
}
|
|
731
|
-
const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (
|
|
732
|
-
const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
|
|
733
|
-
return sig;
|
|
734
|
-
});
|
|
738
|
+
const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
|
|
735
739
|
return {
|
|
736
740
|
verifiablePresentation,
|
|
737
741
|
jwt: signature
|
|
@@ -782,10 +786,30 @@ class EntityStorageIdentityConnector {
|
|
|
782
786
|
throw new core.NotFoundError(this.CLASS_NAME, "documentNotFound", issuerDocumentId);
|
|
783
787
|
}
|
|
784
788
|
await EntityStorageIdentityConnector.verifyDocument(issuerDidDocument, this._vaultConnector);
|
|
785
|
-
issuers.push(
|
|
789
|
+
issuers.push({
|
|
790
|
+
"@context": standardsW3cDid.DidContexts.Context,
|
|
791
|
+
...issuerDidDocument
|
|
792
|
+
});
|
|
786
793
|
const vc = jwt.payload.vc;
|
|
787
794
|
if (core.Is.object(vc)) {
|
|
788
|
-
|
|
795
|
+
const credentialStatus = vc.credentialStatus;
|
|
796
|
+
if (core.Is.object(credentialStatus)) {
|
|
797
|
+
revoked = await this.checkRevocation({
|
|
798
|
+
"@context": standardsW3cDid.DidContexts.Context,
|
|
799
|
+
...issuerDidDocument
|
|
800
|
+
}, credentialStatus.revocationBitmapIndex);
|
|
801
|
+
}
|
|
802
|
+
else if (core.Is.arrayValue(credentialStatus)) {
|
|
803
|
+
for (let i = 0; i < credentialStatus.length; i++) {
|
|
804
|
+
revoked = await this.checkRevocation({
|
|
805
|
+
"@context": standardsW3cDid.DidContexts.Context,
|
|
806
|
+
...issuerDidDocument
|
|
807
|
+
}, credentialStatus[i].revocationBitmapIndex);
|
|
808
|
+
if (revoked) {
|
|
809
|
+
break;
|
|
810
|
+
}
|
|
811
|
+
}
|
|
812
|
+
}
|
|
789
813
|
}
|
|
790
814
|
}
|
|
791
815
|
}
|
|
@@ -814,13 +838,15 @@ class EntityStorageIdentityConnector {
|
|
|
814
838
|
* Create a proof for arbitrary data with the specified verification method.
|
|
815
839
|
* @param controller The controller of the identity who can make changes.
|
|
816
840
|
* @param verificationMethodId The verification method id to use.
|
|
817
|
-
* @param
|
|
841
|
+
* @param proofType The type of proof to create.
|
|
842
|
+
* @param unsecureDocument The unsecure document to create the proof for.
|
|
818
843
|
* @returns The proof.
|
|
819
844
|
*/
|
|
820
|
-
async createProof(controller, verificationMethodId,
|
|
845
|
+
async createProof(controller, verificationMethodId, proofType, unsecureDocument) {
|
|
821
846
|
core.Guards.stringValue(this.CLASS_NAME, "controller", controller);
|
|
822
847
|
core.Guards.stringValue(this.CLASS_NAME, "verificationMethodId", verificationMethodId);
|
|
823
|
-
core.Guards.
|
|
848
|
+
core.Guards.arrayOneOf(this.CLASS_NAME, "proofType", proofType, Object.values(standardsW3cDid.ProofTypes));
|
|
849
|
+
core.Guards.object(this.CLASS_NAME, "unsecureDocument", unsecureDocument);
|
|
824
850
|
try {
|
|
825
851
|
const idParts = identityModels.DocumentHelper.parseId(verificationMethodId);
|
|
826
852
|
if (core.Is.empty(idParts.fragment)) {
|
|
@@ -848,16 +874,10 @@ class EntityStorageIdentityConnector {
|
|
|
848
874
|
method: verificationMethodId
|
|
849
875
|
});
|
|
850
876
|
}
|
|
851
|
-
const
|
|
852
|
-
|
|
853
|
-
|
|
854
|
-
|
|
855
|
-
cryptosuite: standardsW3cDid.DidCryptoSuites.EdDSAJcs2022,
|
|
856
|
-
created: new Date(Date.now()).toISOString(),
|
|
857
|
-
verificationMethod: verificationMethodId,
|
|
858
|
-
proofPurpose: "assertionMethod",
|
|
859
|
-
proofValue: core.Converter.bytesToBase58(signature)
|
|
860
|
-
};
|
|
877
|
+
const vaultKey = EntityStorageIdentityConnector.buildVaultKey(didDocument.id, idParts.fragment ?? "");
|
|
878
|
+
const key = await this._vaultConnector.getKey(vaultKey);
|
|
879
|
+
const signedProof = await standardsW3cDid.ProofHelper.createProof(proofType, unsecureDocument, standardsW3cDid.ProofHelper.createUnsignedProof(proofType, verificationMethodId), await web.Jwk.fromEd25519Private(key.privateKey));
|
|
880
|
+
return signedProof;
|
|
861
881
|
}
|
|
862
882
|
catch (error) {
|
|
863
883
|
throw new core.GeneralError(this.CLASS_NAME, "createProofFailed", undefined, error);
|
|
@@ -865,24 +885,15 @@ class EntityStorageIdentityConnector {
|
|
|
865
885
|
}
|
|
866
886
|
/**
|
|
867
887
|
* Verify proof for arbitrary data with the specified verification method.
|
|
868
|
-
* @param
|
|
888
|
+
* @param document The document to verify.
|
|
869
889
|
* @param proof The proof to verify.
|
|
870
890
|
* @returns True if the proof is verified.
|
|
871
891
|
*/
|
|
872
|
-
async verifyProof(
|
|
873
|
-
core.Guards.
|
|
892
|
+
async verifyProof(document, proof) {
|
|
893
|
+
core.Guards.object(this.CLASS_NAME, "document", document);
|
|
874
894
|
core.Guards.object(this.CLASS_NAME, "proof", proof);
|
|
875
|
-
core.Guards.stringValue(this.CLASS_NAME, "proof.type", proof.type);
|
|
876
|
-
core.Guards.stringValue(this.CLASS_NAME, "proof.cryptosuite", proof.cryptosuite);
|
|
877
895
|
core.Guards.stringValue(this.CLASS_NAME, "proof.verificationMethod", proof.verificationMethod);
|
|
878
|
-
core.Guards.stringBase58(this.CLASS_NAME, "proof.proofValue", proof.proofValue);
|
|
879
896
|
try {
|
|
880
|
-
if (proof.type !== standardsW3cDid.DidTypes.DataIntegrityProof) {
|
|
881
|
-
throw new core.GeneralError(this.CLASS_NAME, "proofType", { proofType: proof.type });
|
|
882
|
-
}
|
|
883
|
-
if (proof.cryptosuite !== standardsW3cDid.DidCryptoSuites.EdDSAJcs2022) {
|
|
884
|
-
throw new core.GeneralError(this.CLASS_NAME, "cryptoSuite", { cryptosuite: proof.cryptosuite });
|
|
885
|
-
}
|
|
886
897
|
const idParts = identityModels.DocumentHelper.parseId(proof.verificationMethod);
|
|
887
898
|
if (core.Is.empty(idParts.fragment)) {
|
|
888
899
|
throw new core.NotFoundError(this.CLASS_NAME, "missingDid", proof.verificationMethod);
|
|
@@ -908,10 +919,10 @@ class EntityStorageIdentityConnector {
|
|
|
908
919
|
const didMethod = methodAndArray.method;
|
|
909
920
|
if (!core.Is.stringValue(didMethod.publicKeyJwk?.x)) {
|
|
910
921
|
throw new core.GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", {
|
|
911
|
-
method: proof.
|
|
922
|
+
method: proof.verificationMethod
|
|
912
923
|
});
|
|
913
924
|
}
|
|
914
|
-
return
|
|
925
|
+
return standardsW3cDid.ProofHelper.verifyProof(document, proof, didMethod.publicKeyJwk);
|
|
915
926
|
}
|
|
916
927
|
catch (error) {
|
|
917
928
|
throw new core.GeneralError(this.CLASS_NAME, "verifyProofFailed", undefined, error);
|
package/dist/esm/index.mjs
CHANGED
|
@@ -4,9 +4,9 @@ import { Sha256 } from '@twin.org/crypto';
|
|
|
4
4
|
import { JsonLdProcessor } from '@twin.org/data-json-ld';
|
|
5
5
|
import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
|
|
6
6
|
import { DocumentHelper } from '@twin.org/identity-models';
|
|
7
|
-
import { DidVerificationMethodType, DidTypes,
|
|
8
|
-
import { VaultConnectorFactory, VaultKeyType } from '@twin.org/vault-models';
|
|
9
|
-
import { Jwt } from '@twin.org/web';
|
|
7
|
+
import { DidContexts, DidVerificationMethodType, DidTypes, ProofTypes, ProofHelper } from '@twin.org/standards-w3c-did';
|
|
8
|
+
import { VaultConnectorFactory, VaultKeyType, VaultConnectorHelper } from '@twin.org/vault-models';
|
|
9
|
+
import { Jwt, Jwk } from '@twin.org/web';
|
|
10
10
|
|
|
11
11
|
// Copyright 2024 IOTA Stiftung.
|
|
12
12
|
// SPDX-License-Identifier: Apache-2.0.
|
|
@@ -158,6 +158,7 @@ class EntityStorageIdentityConnector {
|
|
|
158
158
|
const bitString = new BitString(EntityStorageIdentityConnector._REVOCATION_BITS_SIZE);
|
|
159
159
|
const compressed = await Compression.compress(bitString.getBits(), CompressionType.Gzip);
|
|
160
160
|
const didDocument = {
|
|
161
|
+
"@context": DidContexts.Context,
|
|
161
162
|
id: did,
|
|
162
163
|
service: [
|
|
163
164
|
{
|
|
@@ -476,10 +477,7 @@ class EntityStorageIdentityConnector {
|
|
|
476
477
|
sub: credId,
|
|
477
478
|
vc: jwtVc
|
|
478
479
|
};
|
|
479
|
-
const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (
|
|
480
|
-
const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
|
|
481
|
-
return sig;
|
|
482
|
-
});
|
|
480
|
+
const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
|
|
483
481
|
return {
|
|
484
482
|
verifiableCredential,
|
|
485
483
|
jwt: signature
|
|
@@ -528,10 +526,7 @@ class EntityStorageIdentityConnector {
|
|
|
528
526
|
if (!Is.stringValue(didMethod.publicKeyJwk?.x)) {
|
|
529
527
|
throw new GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", { method: jwtHeader.kid });
|
|
530
528
|
}
|
|
531
|
-
|
|
532
|
-
if (!verified) {
|
|
533
|
-
throw new GeneralError(this.CLASS_NAME, "jwkSignatureFailed");
|
|
534
|
-
}
|
|
529
|
+
await Jwt.verifySignature(credentialJwt, await Jwk.toCryptoKey(didMethod.publicKeyJwk));
|
|
535
530
|
const verifiableCredential = jwtPayload.vc;
|
|
536
531
|
if (Is.object(verifiableCredential)) {
|
|
537
532
|
if (Is.string(jwtPayload.jti)) {
|
|
@@ -551,7 +546,19 @@ class EntityStorageIdentityConnector {
|
|
|
551
546
|
ObjectHelper.propertySet(verifiableCredential.credentialSubject, "id", jwtPayload.sub);
|
|
552
547
|
}
|
|
553
548
|
}
|
|
554
|
-
const
|
|
549
|
+
const credentialStatus = verifiableCredential.credentialStatus;
|
|
550
|
+
let revoked = false;
|
|
551
|
+
if (Is.object(credentialStatus)) {
|
|
552
|
+
revoked = await this.checkRevocation(issuerDidDocument, credentialStatus.revocationBitmapIndex);
|
|
553
|
+
}
|
|
554
|
+
else if (Is.arrayValue(credentialStatus)) {
|
|
555
|
+
for (let i = 0; i < credentialStatus.length; i++) {
|
|
556
|
+
revoked = await this.checkRevocation(issuerDidDocument, credentialStatus[i].revocationBitmapIndex);
|
|
557
|
+
if (revoked) {
|
|
558
|
+
break;
|
|
559
|
+
}
|
|
560
|
+
}
|
|
561
|
+
}
|
|
555
562
|
return {
|
|
556
563
|
revoked,
|
|
557
564
|
verifiableCredential: revoked ? undefined : verifiableCredential
|
|
@@ -726,10 +733,7 @@ class EntityStorageIdentityConnector {
|
|
|
726
733
|
const expiresInSeconds = expiresInMinutes * 60;
|
|
727
734
|
jwtPayload.exp = Math.floor(Date.now() / 1000) + expiresInSeconds;
|
|
728
735
|
}
|
|
729
|
-
const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (
|
|
730
|
-
const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
|
|
731
|
-
return sig;
|
|
732
|
-
});
|
|
736
|
+
const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
|
|
733
737
|
return {
|
|
734
738
|
verifiablePresentation,
|
|
735
739
|
jwt: signature
|
|
@@ -780,10 +784,30 @@ class EntityStorageIdentityConnector {
|
|
|
780
784
|
throw new NotFoundError(this.CLASS_NAME, "documentNotFound", issuerDocumentId);
|
|
781
785
|
}
|
|
782
786
|
await EntityStorageIdentityConnector.verifyDocument(issuerDidDocument, this._vaultConnector);
|
|
783
|
-
issuers.push(
|
|
787
|
+
issuers.push({
|
|
788
|
+
"@context": DidContexts.Context,
|
|
789
|
+
...issuerDidDocument
|
|
790
|
+
});
|
|
784
791
|
const vc = jwt.payload.vc;
|
|
785
792
|
if (Is.object(vc)) {
|
|
786
|
-
|
|
793
|
+
const credentialStatus = vc.credentialStatus;
|
|
794
|
+
if (Is.object(credentialStatus)) {
|
|
795
|
+
revoked = await this.checkRevocation({
|
|
796
|
+
"@context": DidContexts.Context,
|
|
797
|
+
...issuerDidDocument
|
|
798
|
+
}, credentialStatus.revocationBitmapIndex);
|
|
799
|
+
}
|
|
800
|
+
else if (Is.arrayValue(credentialStatus)) {
|
|
801
|
+
for (let i = 0; i < credentialStatus.length; i++) {
|
|
802
|
+
revoked = await this.checkRevocation({
|
|
803
|
+
"@context": DidContexts.Context,
|
|
804
|
+
...issuerDidDocument
|
|
805
|
+
}, credentialStatus[i].revocationBitmapIndex);
|
|
806
|
+
if (revoked) {
|
|
807
|
+
break;
|
|
808
|
+
}
|
|
809
|
+
}
|
|
810
|
+
}
|
|
787
811
|
}
|
|
788
812
|
}
|
|
789
813
|
}
|
|
@@ -812,13 +836,15 @@ class EntityStorageIdentityConnector {
|
|
|
812
836
|
* Create a proof for arbitrary data with the specified verification method.
|
|
813
837
|
* @param controller The controller of the identity who can make changes.
|
|
814
838
|
* @param verificationMethodId The verification method id to use.
|
|
815
|
-
* @param
|
|
839
|
+
* @param proofType The type of proof to create.
|
|
840
|
+
* @param unsecureDocument The unsecure document to create the proof for.
|
|
816
841
|
* @returns The proof.
|
|
817
842
|
*/
|
|
818
|
-
async createProof(controller, verificationMethodId,
|
|
843
|
+
async createProof(controller, verificationMethodId, proofType, unsecureDocument) {
|
|
819
844
|
Guards.stringValue(this.CLASS_NAME, "controller", controller);
|
|
820
845
|
Guards.stringValue(this.CLASS_NAME, "verificationMethodId", verificationMethodId);
|
|
821
|
-
Guards.
|
|
846
|
+
Guards.arrayOneOf(this.CLASS_NAME, "proofType", proofType, Object.values(ProofTypes));
|
|
847
|
+
Guards.object(this.CLASS_NAME, "unsecureDocument", unsecureDocument);
|
|
822
848
|
try {
|
|
823
849
|
const idParts = DocumentHelper.parseId(verificationMethodId);
|
|
824
850
|
if (Is.empty(idParts.fragment)) {
|
|
@@ -846,16 +872,10 @@ class EntityStorageIdentityConnector {
|
|
|
846
872
|
method: verificationMethodId
|
|
847
873
|
});
|
|
848
874
|
}
|
|
849
|
-
const
|
|
850
|
-
|
|
851
|
-
|
|
852
|
-
|
|
853
|
-
cryptosuite: DidCryptoSuites.EdDSAJcs2022,
|
|
854
|
-
created: new Date(Date.now()).toISOString(),
|
|
855
|
-
verificationMethod: verificationMethodId,
|
|
856
|
-
proofPurpose: "assertionMethod",
|
|
857
|
-
proofValue: Converter.bytesToBase58(signature)
|
|
858
|
-
};
|
|
875
|
+
const vaultKey = EntityStorageIdentityConnector.buildVaultKey(didDocument.id, idParts.fragment ?? "");
|
|
876
|
+
const key = await this._vaultConnector.getKey(vaultKey);
|
|
877
|
+
const signedProof = await ProofHelper.createProof(proofType, unsecureDocument, ProofHelper.createUnsignedProof(proofType, verificationMethodId), await Jwk.fromEd25519Private(key.privateKey));
|
|
878
|
+
return signedProof;
|
|
859
879
|
}
|
|
860
880
|
catch (error) {
|
|
861
881
|
throw new GeneralError(this.CLASS_NAME, "createProofFailed", undefined, error);
|
|
@@ -863,24 +883,15 @@ class EntityStorageIdentityConnector {
|
|
|
863
883
|
}
|
|
864
884
|
/**
|
|
865
885
|
* Verify proof for arbitrary data with the specified verification method.
|
|
866
|
-
* @param
|
|
886
|
+
* @param document The document to verify.
|
|
867
887
|
* @param proof The proof to verify.
|
|
868
888
|
* @returns True if the proof is verified.
|
|
869
889
|
*/
|
|
870
|
-
async verifyProof(
|
|
871
|
-
Guards.
|
|
890
|
+
async verifyProof(document, proof) {
|
|
891
|
+
Guards.object(this.CLASS_NAME, "document", document);
|
|
872
892
|
Guards.object(this.CLASS_NAME, "proof", proof);
|
|
873
|
-
Guards.stringValue(this.CLASS_NAME, "proof.type", proof.type);
|
|
874
|
-
Guards.stringValue(this.CLASS_NAME, "proof.cryptosuite", proof.cryptosuite);
|
|
875
893
|
Guards.stringValue(this.CLASS_NAME, "proof.verificationMethod", proof.verificationMethod);
|
|
876
|
-
Guards.stringBase58(this.CLASS_NAME, "proof.proofValue", proof.proofValue);
|
|
877
894
|
try {
|
|
878
|
-
if (proof.type !== DidTypes.DataIntegrityProof) {
|
|
879
|
-
throw new GeneralError(this.CLASS_NAME, "proofType", { proofType: proof.type });
|
|
880
|
-
}
|
|
881
|
-
if (proof.cryptosuite !== DidCryptoSuites.EdDSAJcs2022) {
|
|
882
|
-
throw new GeneralError(this.CLASS_NAME, "cryptoSuite", { cryptosuite: proof.cryptosuite });
|
|
883
|
-
}
|
|
884
895
|
const idParts = DocumentHelper.parseId(proof.verificationMethod);
|
|
885
896
|
if (Is.empty(idParts.fragment)) {
|
|
886
897
|
throw new NotFoundError(this.CLASS_NAME, "missingDid", proof.verificationMethod);
|
|
@@ -906,10 +917,10 @@ class EntityStorageIdentityConnector {
|
|
|
906
917
|
const didMethod = methodAndArray.method;
|
|
907
918
|
if (!Is.stringValue(didMethod.publicKeyJwk?.x)) {
|
|
908
919
|
throw new GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", {
|
|
909
|
-
method: proof.
|
|
920
|
+
method: proof.verificationMethod
|
|
910
921
|
});
|
|
911
922
|
}
|
|
912
|
-
return
|
|
923
|
+
return ProofHelper.verifyProof(document, proof, didMethod.publicKeyJwk);
|
|
913
924
|
}
|
|
914
925
|
catch (error) {
|
|
915
926
|
throw new GeneralError(this.CLASS_NAME, "verifyProofFailed", undefined, error);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { type IJsonLdContextDefinitionRoot, type IJsonLdNodeObject } from "@twin.org/data-json-ld";
|
|
2
2
|
import { type IIdentityConnector } from "@twin.org/identity-models";
|
|
3
|
-
import { DidVerificationMethodType, type IDidDocument, type IDidDocumentVerificationMethod, type
|
|
3
|
+
import { DidVerificationMethodType, ProofTypes, type IDidDocument, type IDidDocumentVerificationMethod, type IDidService, type IDidVerifiableCredential, type IDidVerifiablePresentation, type IProof } from "@twin.org/standards-w3c-did";
|
|
4
4
|
import type { IEntityStorageIdentityConnectorConstructorOptions } from "./models/IEntityStorageIdentityConnectorConstructorOptions";
|
|
5
5
|
/**
|
|
6
6
|
* Class for performing identity operations using entity storage.
|
|
@@ -133,15 +133,16 @@ export declare class EntityStorageIdentityConnector implements IIdentityConnecto
|
|
|
133
133
|
* Create a proof for arbitrary data with the specified verification method.
|
|
134
134
|
* @param controller The controller of the identity who can make changes.
|
|
135
135
|
* @param verificationMethodId The verification method id to use.
|
|
136
|
-
* @param
|
|
136
|
+
* @param proofType The type of proof to create.
|
|
137
|
+
* @param unsecureDocument The unsecure document to create the proof for.
|
|
137
138
|
* @returns The proof.
|
|
138
139
|
*/
|
|
139
|
-
createProof(controller: string, verificationMethodId: string,
|
|
140
|
+
createProof(controller: string, verificationMethodId: string, proofType: ProofTypes, unsecureDocument: IJsonLdNodeObject): Promise<IProof>;
|
|
140
141
|
/**
|
|
141
142
|
* Verify proof for arbitrary data with the specified verification method.
|
|
142
|
-
* @param
|
|
143
|
+
* @param document The document to verify.
|
|
143
144
|
* @param proof The proof to verify.
|
|
144
145
|
* @returns True if the proof is verified.
|
|
145
146
|
*/
|
|
146
|
-
verifyProof(
|
|
147
|
+
verifyProof(document: IJsonLdNodeObject, proof: IProof): Promise<boolean>;
|
|
147
148
|
}
|
package/docs/changelog.md
CHANGED
|
@@ -506,7 +506,7 @@ The presentation stored in the jwt and the revocation status.
|
|
|
506
506
|
|
|
507
507
|
### createProof()
|
|
508
508
|
|
|
509
|
-
> **createProof**(`controller`, `verificationMethodId`, `
|
|
509
|
+
> **createProof**(`controller`, `verificationMethodId`, `proofType`, `unsecureDocument`): `Promise`\<`IProof`\>
|
|
510
510
|
|
|
511
511
|
Create a proof for arbitrary data with the specified verification method.
|
|
512
512
|
|
|
@@ -524,15 +524,21 @@ The controller of the identity who can make changes.
|
|
|
524
524
|
|
|
525
525
|
The verification method id to use.
|
|
526
526
|
|
|
527
|
-
#####
|
|
527
|
+
##### proofType
|
|
528
528
|
|
|
529
|
-
`
|
|
529
|
+
`ProofTypes`
|
|
530
530
|
|
|
531
|
-
The
|
|
531
|
+
The type of proof to create.
|
|
532
|
+
|
|
533
|
+
##### unsecureDocument
|
|
534
|
+
|
|
535
|
+
`IJsonLdNodeObject`
|
|
536
|
+
|
|
537
|
+
The unsecure document to create the proof for.
|
|
532
538
|
|
|
533
539
|
#### Returns
|
|
534
540
|
|
|
535
|
-
`Promise`\<`
|
|
541
|
+
`Promise`\<`IProof`\>
|
|
536
542
|
|
|
537
543
|
The proof.
|
|
538
544
|
|
|
@@ -544,21 +550,21 @@ The proof.
|
|
|
544
550
|
|
|
545
551
|
### verifyProof()
|
|
546
552
|
|
|
547
|
-
> **verifyProof**(`
|
|
553
|
+
> **verifyProof**(`document`, `proof`): `Promise`\<`boolean`\>
|
|
548
554
|
|
|
549
555
|
Verify proof for arbitrary data with the specified verification method.
|
|
550
556
|
|
|
551
557
|
#### Parameters
|
|
552
558
|
|
|
553
|
-
#####
|
|
559
|
+
##### document
|
|
554
560
|
|
|
555
|
-
`
|
|
561
|
+
`IJsonLdNodeObject`
|
|
556
562
|
|
|
557
|
-
The
|
|
563
|
+
The document to verify.
|
|
558
564
|
|
|
559
565
|
##### proof
|
|
560
566
|
|
|
561
|
-
`
|
|
567
|
+
`IProof`
|
|
562
568
|
|
|
563
569
|
The proof to verify.
|
|
564
570
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@twin.org/identity-connector-entity-storage",
|
|
3
|
-
"version": "0.0.1-next.
|
|
3
|
+
"version": "0.0.1-next.29",
|
|
4
4
|
"description": "Identity connector implementation using entity storage",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -19,7 +19,7 @@
|
|
|
19
19
|
"@twin.org/data-core": "next",
|
|
20
20
|
"@twin.org/data-json-ld": "next",
|
|
21
21
|
"@twin.org/entity": "next",
|
|
22
|
-
"@twin.org/identity-models": "0.0.1-next.
|
|
22
|
+
"@twin.org/identity-models": "0.0.1-next.29",
|
|
23
23
|
"@twin.org/nameof": "next",
|
|
24
24
|
"@twin.org/standards-w3c-did": "next",
|
|
25
25
|
"@twin.org/vault-models": "next",
|