@twin.org/identity-connector-entity-storage 0.0.1-next.28 → 0.0.1-next.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -479,10 +479,7 @@ class EntityStorageIdentityConnector {
479
479
  sub: credId,
480
480
  vc: jwtVc
481
481
  };
482
- const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (alg, key, payload) => {
483
- const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
484
- return sig;
485
- });
482
+ const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
486
483
  return {
487
484
  verifiableCredential,
488
485
  jwt: signature
@@ -531,10 +528,7 @@ class EntityStorageIdentityConnector {
531
528
  if (!core.Is.stringValue(didMethod.publicKeyJwk?.x)) {
532
529
  throw new core.GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", { method: jwtHeader.kid });
533
530
  }
534
- const verified = web.Jwt.verifySignature(jwtHeader, jwtPayload, jwtSignature, core.Converter.base64UrlToBytes(didMethod.publicKeyJwk.x));
535
- if (!verified) {
536
- throw new core.GeneralError(this.CLASS_NAME, "jwkSignatureFailed");
537
- }
531
+ await web.Jwt.verifySignature(credentialJwt, await web.Jwk.toCryptoKey(didMethod.publicKeyJwk));
538
532
  const verifiableCredential = jwtPayload.vc;
539
533
  if (core.Is.object(verifiableCredential)) {
540
534
  if (core.Is.string(jwtPayload.jti)) {
@@ -741,10 +735,7 @@ class EntityStorageIdentityConnector {
741
735
  const expiresInSeconds = expiresInMinutes * 60;
742
736
  jwtPayload.exp = Math.floor(Date.now() / 1000) + expiresInSeconds;
743
737
  }
744
- const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (alg, key, payload) => {
745
- const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
746
- return sig;
747
- });
738
+ const signature = await web.Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => vaultModels.VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
748
739
  return {
749
740
  verifiablePresentation,
750
741
  jwt: signature
@@ -847,13 +838,15 @@ class EntityStorageIdentityConnector {
847
838
  * Create a proof for arbitrary data with the specified verification method.
848
839
  * @param controller The controller of the identity who can make changes.
849
840
  * @param verificationMethodId The verification method id to use.
850
- * @param bytes The data bytes to sign.
841
+ * @param proofType The type of proof to create.
842
+ * @param unsecureDocument The unsecure document to create the proof for.
851
843
  * @returns The proof.
852
844
  */
853
- async createProof(controller, verificationMethodId, bytes) {
845
+ async createProof(controller, verificationMethodId, proofType, unsecureDocument) {
854
846
  core.Guards.stringValue(this.CLASS_NAME, "controller", controller);
855
847
  core.Guards.stringValue(this.CLASS_NAME, "verificationMethodId", verificationMethodId);
856
- core.Guards.uint8Array(this.CLASS_NAME, "bytes", bytes);
848
+ core.Guards.arrayOneOf(this.CLASS_NAME, "proofType", proofType, Object.values(standardsW3cDid.ProofTypes));
849
+ core.Guards.object(this.CLASS_NAME, "unsecureDocument", unsecureDocument);
857
850
  try {
858
851
  const idParts = identityModels.DocumentHelper.parseId(verificationMethodId);
859
852
  if (core.Is.empty(idParts.fragment)) {
@@ -881,16 +874,10 @@ class EntityStorageIdentityConnector {
881
874
  method: verificationMethodId
882
875
  });
883
876
  }
884
- const signature = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(didDocument.id, idParts.fragment ?? ""), bytes);
885
- return {
886
- "@context": standardsW3cDid.DidContexts.ContextVCDataIntegrity,
887
- type: standardsW3cDid.DidTypes.DataIntegrityProof,
888
- cryptosuite: standardsW3cDid.DidCryptoSuites.EdDSAJcs2022,
889
- created: new Date(Date.now()).toISOString(),
890
- verificationMethod: verificationMethodId,
891
- proofPurpose: "assertionMethod",
892
- proofValue: core.Converter.bytesToBase58(signature)
893
- };
877
+ const vaultKey = EntityStorageIdentityConnector.buildVaultKey(didDocument.id, idParts.fragment ?? "");
878
+ const key = await this._vaultConnector.getKey(vaultKey);
879
+ const signedProof = await standardsW3cDid.ProofHelper.createProof(proofType, unsecureDocument, standardsW3cDid.ProofHelper.createUnsignedProof(proofType, verificationMethodId), await web.Jwk.fromEd25519Private(key.privateKey));
880
+ return signedProof;
894
881
  }
895
882
  catch (error) {
896
883
  throw new core.GeneralError(this.CLASS_NAME, "createProofFailed", undefined, error);
@@ -898,24 +885,15 @@ class EntityStorageIdentityConnector {
898
885
  }
899
886
  /**
900
887
  * Verify proof for arbitrary data with the specified verification method.
901
- * @param bytes The data bytes to verify.
888
+ * @param document The document to verify.
902
889
  * @param proof The proof to verify.
903
890
  * @returns True if the proof is verified.
904
891
  */
905
- async verifyProof(bytes, proof) {
906
- core.Guards.uint8Array(this.CLASS_NAME, "bytes", bytes);
892
+ async verifyProof(document, proof) {
893
+ core.Guards.object(this.CLASS_NAME, "document", document);
907
894
  core.Guards.object(this.CLASS_NAME, "proof", proof);
908
- core.Guards.stringValue(this.CLASS_NAME, "proof.type", proof.type);
909
- core.Guards.stringValue(this.CLASS_NAME, "proof.cryptosuite", proof.cryptosuite);
910
895
  core.Guards.stringValue(this.CLASS_NAME, "proof.verificationMethod", proof.verificationMethod);
911
- core.Guards.stringBase58(this.CLASS_NAME, "proof.proofValue", proof.proofValue);
912
896
  try {
913
- if (proof.type !== standardsW3cDid.DidTypes.DataIntegrityProof) {
914
- throw new core.GeneralError(this.CLASS_NAME, "proofType", { proofType: proof.type });
915
- }
916
- if (proof.cryptosuite !== standardsW3cDid.DidCryptoSuites.EdDSAJcs2022) {
917
- throw new core.GeneralError(this.CLASS_NAME, "cryptoSuite", { cryptosuite: proof.cryptosuite });
918
- }
919
897
  const idParts = identityModels.DocumentHelper.parseId(proof.verificationMethod);
920
898
  if (core.Is.empty(idParts.fragment)) {
921
899
  throw new core.NotFoundError(this.CLASS_NAME, "missingDid", proof.verificationMethod);
@@ -941,10 +919,10 @@ class EntityStorageIdentityConnector {
941
919
  const didMethod = methodAndArray.method;
942
920
  if (!core.Is.stringValue(didMethod.publicKeyJwk?.x)) {
943
921
  throw new core.GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", {
944
- method: proof.verificationMethodId
922
+ method: proof.verificationMethod
945
923
  });
946
924
  }
947
- return this._vaultConnector.verify(EntityStorageIdentityConnector.buildVaultKey(didIdentityDocument.id, idParts.fragment), bytes, core.Converter.base58ToBytes(proof.proofValue));
925
+ return standardsW3cDid.ProofHelper.verifyProof(document, proof, didMethod.publicKeyJwk);
948
926
  }
949
927
  catch (error) {
950
928
  throw new core.GeneralError(this.CLASS_NAME, "verifyProofFailed", undefined, error);
@@ -4,9 +4,9 @@ import { Sha256 } from '@twin.org/crypto';
4
4
  import { JsonLdProcessor } from '@twin.org/data-json-ld';
5
5
  import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
6
6
  import { DocumentHelper } from '@twin.org/identity-models';
7
- import { DidContexts, DidVerificationMethodType, DidTypes, DidCryptoSuites } from '@twin.org/standards-w3c-did';
8
- import { VaultConnectorFactory, VaultKeyType } from '@twin.org/vault-models';
9
- import { Jwt } from '@twin.org/web';
7
+ import { DidContexts, DidVerificationMethodType, DidTypes, ProofTypes, ProofHelper } from '@twin.org/standards-w3c-did';
8
+ import { VaultConnectorFactory, VaultKeyType, VaultConnectorHelper } from '@twin.org/vault-models';
9
+ import { Jwt, Jwk } from '@twin.org/web';
10
10
 
11
11
  // Copyright 2024 IOTA Stiftung.
12
12
  // SPDX-License-Identifier: Apache-2.0.
@@ -477,10 +477,7 @@ class EntityStorageIdentityConnector {
477
477
  sub: credId,
478
478
  vc: jwtVc
479
479
  };
480
- const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (alg, key, payload) => {
481
- const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
482
- return sig;
483
- });
480
+ const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
484
481
  return {
485
482
  verifiableCredential,
486
483
  jwt: signature
@@ -529,10 +526,7 @@ class EntityStorageIdentityConnector {
529
526
  if (!Is.stringValue(didMethod.publicKeyJwk?.x)) {
530
527
  throw new GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", { method: jwtHeader.kid });
531
528
  }
532
- const verified = Jwt.verifySignature(jwtHeader, jwtPayload, jwtSignature, Converter.base64UrlToBytes(didMethod.publicKeyJwk.x));
533
- if (!verified) {
534
- throw new GeneralError(this.CLASS_NAME, "jwkSignatureFailed");
535
- }
529
+ await Jwt.verifySignature(credentialJwt, await Jwk.toCryptoKey(didMethod.publicKeyJwk));
536
530
  const verifiableCredential = jwtPayload.vc;
537
531
  if (Is.object(verifiableCredential)) {
538
532
  if (Is.string(jwtPayload.jti)) {
@@ -739,10 +733,7 @@ class EntityStorageIdentityConnector {
739
733
  const expiresInSeconds = expiresInMinutes * 60;
740
734
  jwtPayload.exp = Math.floor(Date.now() / 1000) + expiresInSeconds;
741
735
  }
742
- const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (alg, key, payload) => {
743
- const sig = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), payload);
744
- return sig;
745
- });
736
+ const signature = await Jwt.encodeWithSigner(jwtHeader, jwtPayload, async (header, payload) => VaultConnectorHelper.jwtSigner(this._vaultConnector, EntityStorageIdentityConnector.buildVaultKey(idParts.id, idParts.fragment ?? ""), header, payload));
746
737
  return {
747
738
  verifiablePresentation,
748
739
  jwt: signature
@@ -845,13 +836,15 @@ class EntityStorageIdentityConnector {
845
836
  * Create a proof for arbitrary data with the specified verification method.
846
837
  * @param controller The controller of the identity who can make changes.
847
838
  * @param verificationMethodId The verification method id to use.
848
- * @param bytes The data bytes to sign.
839
+ * @param proofType The type of proof to create.
840
+ * @param unsecureDocument The unsecure document to create the proof for.
849
841
  * @returns The proof.
850
842
  */
851
- async createProof(controller, verificationMethodId, bytes) {
843
+ async createProof(controller, verificationMethodId, proofType, unsecureDocument) {
852
844
  Guards.stringValue(this.CLASS_NAME, "controller", controller);
853
845
  Guards.stringValue(this.CLASS_NAME, "verificationMethodId", verificationMethodId);
854
- Guards.uint8Array(this.CLASS_NAME, "bytes", bytes);
846
+ Guards.arrayOneOf(this.CLASS_NAME, "proofType", proofType, Object.values(ProofTypes));
847
+ Guards.object(this.CLASS_NAME, "unsecureDocument", unsecureDocument);
855
848
  try {
856
849
  const idParts = DocumentHelper.parseId(verificationMethodId);
857
850
  if (Is.empty(idParts.fragment)) {
@@ -879,16 +872,10 @@ class EntityStorageIdentityConnector {
879
872
  method: verificationMethodId
880
873
  });
881
874
  }
882
- const signature = await this._vaultConnector.sign(EntityStorageIdentityConnector.buildVaultKey(didDocument.id, idParts.fragment ?? ""), bytes);
883
- return {
884
- "@context": DidContexts.ContextVCDataIntegrity,
885
- type: DidTypes.DataIntegrityProof,
886
- cryptosuite: DidCryptoSuites.EdDSAJcs2022,
887
- created: new Date(Date.now()).toISOString(),
888
- verificationMethod: verificationMethodId,
889
- proofPurpose: "assertionMethod",
890
- proofValue: Converter.bytesToBase58(signature)
891
- };
875
+ const vaultKey = EntityStorageIdentityConnector.buildVaultKey(didDocument.id, idParts.fragment ?? "");
876
+ const key = await this._vaultConnector.getKey(vaultKey);
877
+ const signedProof = await ProofHelper.createProof(proofType, unsecureDocument, ProofHelper.createUnsignedProof(proofType, verificationMethodId), await Jwk.fromEd25519Private(key.privateKey));
878
+ return signedProof;
892
879
  }
893
880
  catch (error) {
894
881
  throw new GeneralError(this.CLASS_NAME, "createProofFailed", undefined, error);
@@ -896,24 +883,15 @@ class EntityStorageIdentityConnector {
896
883
  }
897
884
  /**
898
885
  * Verify proof for arbitrary data with the specified verification method.
899
- * @param bytes The data bytes to verify.
886
+ * @param document The document to verify.
900
887
  * @param proof The proof to verify.
901
888
  * @returns True if the proof is verified.
902
889
  */
903
- async verifyProof(bytes, proof) {
904
- Guards.uint8Array(this.CLASS_NAME, "bytes", bytes);
890
+ async verifyProof(document, proof) {
891
+ Guards.object(this.CLASS_NAME, "document", document);
905
892
  Guards.object(this.CLASS_NAME, "proof", proof);
906
- Guards.stringValue(this.CLASS_NAME, "proof.type", proof.type);
907
- Guards.stringValue(this.CLASS_NAME, "proof.cryptosuite", proof.cryptosuite);
908
893
  Guards.stringValue(this.CLASS_NAME, "proof.verificationMethod", proof.verificationMethod);
909
- Guards.stringBase58(this.CLASS_NAME, "proof.proofValue", proof.proofValue);
910
894
  try {
911
- if (proof.type !== DidTypes.DataIntegrityProof) {
912
- throw new GeneralError(this.CLASS_NAME, "proofType", { proofType: proof.type });
913
- }
914
- if (proof.cryptosuite !== DidCryptoSuites.EdDSAJcs2022) {
915
- throw new GeneralError(this.CLASS_NAME, "cryptoSuite", { cryptosuite: proof.cryptosuite });
916
- }
917
895
  const idParts = DocumentHelper.parseId(proof.verificationMethod);
918
896
  if (Is.empty(idParts.fragment)) {
919
897
  throw new NotFoundError(this.CLASS_NAME, "missingDid", proof.verificationMethod);
@@ -939,10 +917,10 @@ class EntityStorageIdentityConnector {
939
917
  const didMethod = methodAndArray.method;
940
918
  if (!Is.stringValue(didMethod.publicKeyJwk?.x)) {
941
919
  throw new GeneralError(this.CLASS_NAME, "publicKeyJwkMissing", {
942
- method: proof.verificationMethodId
920
+ method: proof.verificationMethod
943
921
  });
944
922
  }
945
- return this._vaultConnector.verify(EntityStorageIdentityConnector.buildVaultKey(didIdentityDocument.id, idParts.fragment), bytes, Converter.base58ToBytes(proof.proofValue));
923
+ return ProofHelper.verifyProof(document, proof, didMethod.publicKeyJwk);
946
924
  }
947
925
  catch (error) {
948
926
  throw new GeneralError(this.CLASS_NAME, "verifyProofFailed", undefined, error);
@@ -1,6 +1,6 @@
1
1
  import { type IJsonLdContextDefinitionRoot, type IJsonLdNodeObject } from "@twin.org/data-json-ld";
2
2
  import { type IIdentityConnector } from "@twin.org/identity-models";
3
- import { DidVerificationMethodType, type IDidDocument, type IDidDocumentVerificationMethod, type IDidProof, type IDidService, type IDidVerifiableCredential, type IDidVerifiablePresentation } from "@twin.org/standards-w3c-did";
3
+ import { DidVerificationMethodType, ProofTypes, type IDidDocument, type IDidDocumentVerificationMethod, type IDidService, type IDidVerifiableCredential, type IDidVerifiablePresentation, type IProof } from "@twin.org/standards-w3c-did";
4
4
  import type { IEntityStorageIdentityConnectorConstructorOptions } from "./models/IEntityStorageIdentityConnectorConstructorOptions";
5
5
  /**
6
6
  * Class for performing identity operations using entity storage.
@@ -133,15 +133,16 @@ export declare class EntityStorageIdentityConnector implements IIdentityConnecto
133
133
  * Create a proof for arbitrary data with the specified verification method.
134
134
  * @param controller The controller of the identity who can make changes.
135
135
  * @param verificationMethodId The verification method id to use.
136
- * @param bytes The data bytes to sign.
136
+ * @param proofType The type of proof to create.
137
+ * @param unsecureDocument The unsecure document to create the proof for.
137
138
  * @returns The proof.
138
139
  */
139
- createProof(controller: string, verificationMethodId: string, bytes: Uint8Array): Promise<IDidProof>;
140
+ createProof(controller: string, verificationMethodId: string, proofType: ProofTypes, unsecureDocument: IJsonLdNodeObject): Promise<IProof>;
140
141
  /**
141
142
  * Verify proof for arbitrary data with the specified verification method.
142
- * @param bytes The data bytes to verify.
143
+ * @param document The document to verify.
143
144
  * @param proof The proof to verify.
144
145
  * @returns True if the proof is verified.
145
146
  */
146
- verifyProof(bytes: Uint8Array, proof: IDidProof): Promise<boolean>;
147
+ verifyProof(document: IJsonLdNodeObject, proof: IProof): Promise<boolean>;
147
148
  }
package/docs/changelog.md CHANGED
@@ -1,5 +1,5 @@
1
1
  # @twin.org/identity-connector-entity-storage- Changelog
2
2
 
3
- ## v0.0.1-next.28
3
+ ## v0.0.1-next.29
4
4
 
5
5
  - Initial Release
@@ -506,7 +506,7 @@ The presentation stored in the jwt and the revocation status.
506
506
 
507
507
  ### createProof()
508
508
 
509
- > **createProof**(`controller`, `verificationMethodId`, `bytes`): `Promise`\<`IDidProof`\>
509
+ > **createProof**(`controller`, `verificationMethodId`, `proofType`, `unsecureDocument`): `Promise`\<`IProof`\>
510
510
 
511
511
  Create a proof for arbitrary data with the specified verification method.
512
512
 
@@ -524,15 +524,21 @@ The controller of the identity who can make changes.
524
524
 
525
525
  The verification method id to use.
526
526
 
527
- ##### bytes
527
+ ##### proofType
528
528
 
529
- `Uint8Array`
529
+ `ProofTypes`
530
530
 
531
- The data bytes to sign.
531
+ The type of proof to create.
532
+
533
+ ##### unsecureDocument
534
+
535
+ `IJsonLdNodeObject`
536
+
537
+ The unsecure document to create the proof for.
532
538
 
533
539
  #### Returns
534
540
 
535
- `Promise`\<`IDidProof`\>
541
+ `Promise`\<`IProof`\>
536
542
 
537
543
  The proof.
538
544
 
@@ -544,21 +550,21 @@ The proof.
544
550
 
545
551
  ### verifyProof()
546
552
 
547
- > **verifyProof**(`bytes`, `proof`): `Promise`\<`boolean`\>
553
+ > **verifyProof**(`document`, `proof`): `Promise`\<`boolean`\>
548
554
 
549
555
  Verify proof for arbitrary data with the specified verification method.
550
556
 
551
557
  #### Parameters
552
558
 
553
- ##### bytes
559
+ ##### document
554
560
 
555
- `Uint8Array`
561
+ `IJsonLdNodeObject`
556
562
 
557
- The data bytes to verify.
563
+ The document to verify.
558
564
 
559
565
  ##### proof
560
566
 
561
- `IDidProof`
567
+ `IProof`
562
568
 
563
569
  The proof to verify.
564
570
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@twin.org/identity-connector-entity-storage",
3
- "version": "0.0.1-next.28",
3
+ "version": "0.0.1-next.29",
4
4
  "description": "Identity connector implementation using entity storage",
5
5
  "repository": {
6
6
  "type": "git",
@@ -19,7 +19,7 @@
19
19
  "@twin.org/data-core": "next",
20
20
  "@twin.org/data-json-ld": "next",
21
21
  "@twin.org/entity": "next",
22
- "@twin.org/identity-models": "0.0.1-next.28",
22
+ "@twin.org/identity-models": "0.0.1-next.29",
23
23
  "@twin.org/nameof": "next",
24
24
  "@twin.org/standards-w3c-did": "next",
25
25
  "@twin.org/vault-models": "next",