@twin.org/immutable-proof-service 0.0.1-next.25 → 0.0.1-next.27

package/dist/cjs/index.cjs

@@ -11,7 +11,6 @@ var dataJsonLd = require('@twin.org/data-json-ld');
 var entityStorageModels = require('@twin.org/entity-storage-models');
 var identityModels = require('@twin.org/identity-models');
 var immutableStorageModels = require('@twin.org/immutable-storage-models');
-var vaultModels = require('@twin.org/vault-models');
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -65,7 +64,7 @@ __decorate([
     __metadata("design:type", String)
 ], exports.ImmutableProof.prototype, "dateCreated", void 0);
 __decorate([
-    entity.property({ type: "string" }),
+    entity.property({ type: "string", optional: true }),
     __metadata("design:type", String)
 ], exports.ImmutableProof.prototype, "proofObjectId", void 0);
 __decorate([
@@ -73,7 +72,7 @@ __decorate([
     __metadata("design:type", String)
 ], exports.ImmutableProof.prototype, "proofObjectHash", void 0);
 __decorate([
-    entity.property({ type: "string" }),
+    entity.property({ type: "string", optional: true }),
     __metadata("design:type", String)
 ], exports.ImmutableProof.prototype, "immutableStorageId", void 0);
 exports.ImmutableProof = __decorate([
@@ -114,7 +113,7 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                     id: "immutableProofCreateRequestExample",
                     request: {
                         body: {
-                            proofObject: {
+                            document: {
                                 "@context": "https://schema.org",
                                 type: "Person",
                                 name: "John Smith"
@@ -176,17 +175,18 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                         response: {
                             body: {
                                 "@context": [
-                                    immutableProofModels.ImmutableProofTypes.ContextRoot,
-                                    immutableProofModels.ImmutableProofTypes.ContextRootCommon
+                                    immutableProofModels.ImmutableProofContexts.ContextRoot,
+                                    immutableProofModels.ImmutableProofContexts.ContextRootCommon
                                 ],
                                 type: immutableProofModels.ImmutableProofTypes.ImmutableProof,
                                 id: "ais:1234567890",
+                                nodeIdentity: "node-1",
                                 userIdentity: "user-1",
                                 proofObjectId: "test:1234567890",
                                 proofObjectHash: "EAOKyDN0mYQbBh91eMdVeroxQx1H4GfnRbmt6n/2L/Y=",
                                 proof: {
-                                    "@context": standardsW3cDid.DidContexts.ContextVCDataIntegrity,
-                                    type: standardsW3cDid.DidTypes.DataIntegrityProof,
+                                    "@context": standardsW3cDid.DidContexts.ContextDataIntegrity,
+                                    type: standardsW3cDid.ProofTypes.DataIntegrityProof,
                                     cryptosuite: standardsW3cDid.DidCryptoSuites.EdDSAJcs2022,
                                     created: "2024-08-22T11:56:56.272Z",
                                     proofPurpose: "assertionMethod",
@@ -209,17 +209,18 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                             },
                             body: {
                                 "@context": [
-                                    immutableProofModels.ImmutableProofTypes.ContextRoot,
-                                    immutableProofModels.ImmutableProofTypes.ContextRootCommon
+                                    immutableProofModels.ImmutableProofContexts.ContextRoot,
+                                    immutableProofModels.ImmutableProofContexts.ContextRootCommon
                                 ],
                                 type: immutableProofModels.ImmutableProofTypes.ImmutableProof,
                                 id: "ais:1234567890",
+                                nodeIdentity: "node-1",
                                 userIdentity: "user-1",
                                 proofObjectId: "test:1234567890",
                                 proofObjectHash: "EAOKyDN0mYQbBh91eMdVeroxQx1H4GfnRbmt6n/2L/Y=",
                                 proof: {
-                                    "@context": standardsW3cDid.DidContexts.ContextVCDataIntegrity,
-                                    type: standardsW3cDid.DidTypes.DataIntegrityProof,
+                                    "@context": standardsW3cDid.DidContexts.ContextDataIntegrity,
+                                    type: standardsW3cDid.ProofTypes.DataIntegrityProof,
                                     cryptosuite: standardsW3cDid.DidCryptoSuites.EdDSAJcs2022,
                                     created: "2024-08-22T11:56:56.272Z",
                                     proofPurpose: "assertionMethod",
@@ -263,7 +264,7 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                         id: "immutableProofVerifyResponseExample",
                         response: {
                             body: {
-                                "@context": immutableProofModels.ImmutableProofTypes.ContextRoot,
+                                "@context": immutableProofModels.ImmutableProofContexts.ContextRoot,
                                 type: immutableProofModels.ImmutableProofTypes.ImmutableProofVerification,
                                 verified: true
                             }
@@ -278,7 +279,7 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                         id: "immutableProofVerifyResponseFailExample",
                         response: {
                             body: {
-                                "@context": immutableProofModels.ImmutableProofTypes.ContextRoot,
+                                "@context": immutableProofModels.ImmutableProofContexts.ContextRoot,
                                 type: immutableProofModels.ImmutableProofTypes.ImmutableProofVerification,
                                 verified: false,
                                 failure: immutableProofModels.ImmutableProofFailure.ProofTypeMismatch
@@ -303,9 +304,9 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
  */
 async function immutableProofCreate(httpRequestContext, componentName, request) {
     core.Guards.object(ROUTES_SOURCE, "request", request);
-    core.Guards.object(ROUTES_SOURCE, "request.body.proofObject", request.body.proofObject);
+    core.Guards.object(ROUTES_SOURCE, "request.body.document", request.body.document);
     const component = core.ComponentFactory.get(componentName);
-    const result = await component.create(request.body.proofObject, httpRequestContext.userIdentity, httpRequestContext.nodeIdentity);
+    const result = await component.create(request.body.document, httpRequestContext.userIdentity, httpRequestContext.nodeIdentity);
     return {
         statusCode: web.HttpStatusCode.created,
         headers: {
@@ -375,11 +376,6 @@ class ImmutableProofService {
      * @internal
      */
     _config;
-    /**
-     * The vault connector.
-     * @internal
-     */
-    _vaultConnector;
     /**
      * The identity connector.
      * @internal
@@ -410,11 +406,6 @@ class ImmutableProofService {
      * @internal
      */
     _verificationMethodId;
-    /**
-     * The proof hash key id to use for the proofs.
-     * @internal
-     */
-    _proofHashKeyId;
     /**
      * The identity connector type.
      * @internal
@@ -425,7 +416,6 @@ class ImmutableProofService {
      * @param options The dependencies for the immutable proof connector.
      */
     constructor(options) {
-        this._vaultConnector = vaultModels.VaultConnectorFactory.get(options?.vaultConnectorType ?? "vault");
         this._proofStorage = entityStorageModels.EntityStorageConnectorFactory.get(options?.immutableProofEntityStorageType ?? core.StringHelper.kebabCase("ImmutableProof"));
         this._immutableStorage = immutableStorageModels.ImmutableStorageConnectorFactory.get(options?.immutableStorageType ?? "immutable-storage");
         this._identityConnectorType = options?.identityConnectorType ?? "identity";
@@ -436,47 +426,48 @@ class ImmutableProofService {
         }
         this._config = options?.config ?? {};
         this._verificationMethodId = this._config.verificationMethodId ?? "immutable-proof-assertion";
-        this._proofHashKeyId = this._config.proofHashKeyId ?? "immutable-proof-hash";
         this._backgroundTaskConnector.registerHandler("immutable-proof", "@twin.org/immutable-proof-task", "processProofTask", async (task) => {
             await this.finaliseTask(task);
         });
     }
     /**
-     * Create a new authentication proof.
-     * @param proofObject The object for the proof as JSON-LD.
+     * Create a new proof.
+     * @param document The document to create the proof for.
      * @param userIdentity The identity to create the immutable proof operation with.
      * @param nodeIdentity The node identity to use for vault operations.
-     * @returns The id of the new authentication proof.
+     * @returns The id of the new proof.
      */
-    async create(proofObject, userIdentity, nodeIdentity) {
-        core.Guards.object(this.CLASS_NAME, "proofObject", proofObject);
+    async create(document, userIdentity, nodeIdentity) {
+        core.Guards.object(this.CLASS_NAME, "document", document);
         core.Guards.stringValue(this.CLASS_NAME, "userIdentity", userIdentity);
         core.Guards.stringValue(this.CLASS_NAME, "nodeIdentity", nodeIdentity);
         try {
             const validationFailures = [];
-            await dataJsonLd.JsonLdHelper.validate(proofObject, validationFailures);
-            core.Validation.asValidationError(this.CLASS_NAME, "proofObject", validationFailures);
+            await dataJsonLd.JsonLdHelper.validate(document, validationFailures);
+            core.Validation.asValidationError(this.CLASS_NAME, "document", validationFailures);
             const id = core.Converter.bytesToHex(core.RandomHelper.generate(32), false);
             const dateCreated = new Date(Date.now()).toISOString();
-            const proofObjectId = core.ObjectHelper.extractProperty(proofObject, ["@id", "id"], false);
-            const hash = this.calculateHash(id, dateCreated, nodeIdentity, userIdentity, proofObject);
+            const proofObjectId = core.ObjectHelper.extractProperty(document, ["@id", "id"], false);
+            // We don't want to store the whole document in the immutable proof, as this could be large
+            // and also reveal information that should not be stored in the proof so we hash the document
+            // and store the hash
+            const proofObjectHash = this.calculateDocumentHash(document);
             const proofEntity = {
                 id,
                 nodeIdentity,
                 userIdentity,
                 dateCreated,
                 proofObjectId,
-                proofObjectHash: core.Converter.bytesToBase64(hash)
+                proofObjectHash
             };
             await this._proofStorage.set(proofEntity);
             const immutableProof = this.proofEntityToJsonLd(proofEntity);
-            const hashData = await this.generateHashData(proofEntity.nodeIdentity, immutableProof);
             const proofTaskPayload = {
                 proofId: id,
                 nodeIdentity,
                 identityConnectorType: this._identityConnectorType,
-                assertionMethodId: this._verificationMethodId,
-                hashData: core.Converter.bytesToHex(hashData)
+                verificationMethodId: this._verificationMethodId,
+                document: immutableProof
             };
             await this._backgroundTaskConnector.create("immutable-proof", proofTaskPayload);
             return new core.Urn(ImmutableProofService.NAMESPACE, id).toString();
@@ -486,7 +477,7 @@ class ImmutableProofService {
         }
     }
     /**
-     * Get an authentication proof.
+     * Get a proof.
      * @param id The id of the proof to get.
      * @returns The proof.
      * @throws NotFoundError if the proof is not found.
@@ -509,7 +500,7 @@ class ImmutableProofService {
         }
     }
     /**
-     * Verify an authentication proof.
+     * Verify a proof.
      * @param id The id of the proof to verify.
      * @returns The result of the verification and any failures.
      * @throws NotFoundError if the proof is not found.
@@ -526,7 +517,7 @@ class ImmutableProofService {
         try {
             const { verified, failure } = await this.internalGet(id, true);
             return {
-                "@context": immutableProofModels.ImmutableProofTypes.ContextRoot,
+                "@context": immutableProofModels.ImmutableProofContexts.ContextRoot,
                 type: immutableProofModels.ImmutableProofTypes.ImmutableProofVerification,
                 verified,
                 failure
@@ -575,14 +566,8 @@ class ImmutableProofService {
      * @returns The hash.
      * @internal
      */
-    calculateHash(id, dateCreated, nodeIdentity, userIdentity, proofObject) {
-        const b2b = new crypto.Blake2b(crypto.Blake2b.SIZE_256);
-        b2b.update(core.Converter.utf8ToBytes(id));
-        b2b.update(core.Converter.utf8ToBytes(dateCreated));
-        b2b.update(core.Converter.utf8ToBytes(nodeIdentity));
-        b2b.update(core.Converter.utf8ToBytes(userIdentity));
-        b2b.update(core.ObjectHelper.toBytes(proofObject));
-        return b2b.digest();
+    calculateDocumentHash(nodeObject) {
+        return `sha256:${core.Converter.bytesToBase64(crypto.Sha256.sum256(core.ObjectHelper.toBytes(core.JsonHelper.canonicalize(nodeObject))))}`;
     }
     /**
      * Map the stream entity to a model.
@@ -591,15 +576,16 @@ class ImmutableProofService {
      * @internal
      */
     proofEntityToJsonLd(proofEntity) {
-        const model = {
-            "@context": [immutableProofModels.ImmutableProofTypes.ContextRoot, immutableProofModels.ImmutableProofTypes.ContextRootCommon],
+        const jsonLd = {
+            "@context": [immutableProofModels.ImmutableProofContexts.ContextRoot, immutableProofModels.ImmutableProofContexts.ContextRootCommon],
             type: immutableProofModels.ImmutableProofTypes.ImmutableProof,
             id: proofEntity.id,
+            nodeIdentity: proofEntity.nodeIdentity,
             userIdentity: proofEntity.userIdentity,
             proofObjectId: proofEntity.proofObjectId,
             proofObjectHash: proofEntity.proofObjectHash
         };
-        return model;
+        return jsonLd;
     }
     /**
      * Process a proof.
@@ -612,12 +598,9 @@ class ImmutableProofService {
             if (core.Is.object(proofEntity)) {
                 const immutableProof = this.proofEntityToJsonLd(proofEntity);
                 // As we are adding the proof to the data we update its context
-                immutableProof["@context"] = [
-                    immutableProofModels.ImmutableProofTypes.ContextRoot,
-                    immutableProofModels.ImmutableProofTypes.ContextRootCommon,
-                    standardsW3cDid.DidContexts.ContextVCDataIntegrity
-                ];
+                immutableProof["@context"] = dataJsonLd.JsonLdProcessor.combineContexts([immutableProofModels.ImmutableProofContexts.ContextRoot, immutableProofModels.ImmutableProofContexts.ContextRootCommon], task.result.proof["@context"]);
                 immutableProof.proof = task.result.proof;
+                core.ObjectHelper.propertyDelete(immutableProof.proof, "@context");
                 if (core.Is.stringValue(immutableProof.proof.created)) {
                     proofEntity.dateCreated = immutableProof.proof.created;
                 }
@@ -630,7 +613,7 @@ class ImmutableProofService {
         }
     }
     /**
-     * Verify an authentication proof.
+     * Verify a proof.
      * @param id The id of the proof to verify.
      * @param verify Validate the proof.
      * @returns The result of the verification and any failures.
@@ -644,7 +627,7 @@ class ImmutableProofService {
         if (core.Is.empty(proofEntity)) {
             throw new core.NotFoundError(this.CLASS_NAME, "proofNotFound", id);
         }
-        let proofJsonLd = await this.proofEntityToJsonLd(proofEntity);
+        let proofJsonLd = this.proofEntityToJsonLd(proofEntity);
         let verified = false;
         let failure = immutableProofModels.ImmutableProofFailure.NotIssued;
         if (core.Is.stringValue(proofEntity.immutableStorageId)) {
@@ -652,6 +635,7 @@ class ImmutableProofService {
             const immutableResult = await this._immutableStorage.get(proofEntity.immutableStorageId);
             if (core.Is.uint8Array(immutableResult.data)) {
                 proofJsonLd = core.ObjectHelper.fromBytes(immutableResult.data);
+                const unsecureDocument = core.ObjectHelper.clone(proofJsonLd);
                 proofJsonLd.immutableReceipt = immutableResult.receipt;
                 // As we are adding the receipt to the data we update the JSON-LD context
                 const receiptContext = immutableResult.receipt["@context"];
@@ -662,12 +646,11 @@ class ImmutableProofService {
                     if (proofJsonLd.proof.cryptosuite !== standardsW3cDid.DidCryptoSuites.EdDSAJcs2022) {
                         failure = immutableProofModels.ImmutableProofFailure.CryptoSuiteMismatch;
                     }
-                    else if (proofJsonLd.proof.type !== standardsW3cDid.DidTypes.DataIntegrityProof) {
+                    else if (proofJsonLd.proof.type !== standardsW3cDid.ProofTypes.DataIntegrityProof) {
                         failure = immutableProofModels.ImmutableProofFailure.ProofTypeMismatch;
                     }
                     else {
-                        const hashData = await this.generateHashData(proofEntity.nodeIdentity, proofJsonLd);
-                        const isVerified = await this._identityConnector.verifyProof(hashData, proofJsonLd.proof);
+                        const isVerified = await this._identityConnector.verifyProof(unsecureDocument, proofJsonLd.proof);
                         if (isVerified) {
                             verified = true;
                             failure = undefined;
@@ -685,28 +668,6 @@ class ImmutableProofService {
             failure
         };
     }
-    /**
-     * Generate the hash data for the proof.
-     * Conforms to https://www.w3.org/TR/vc-di-eddsa/#create-proof-eddsa-jcs-2022
-     * @param nodeIdentity The node identity to use for vault operations.
-     * @param immutableProof The immutable proof to generate the hash data for.
-     * @returns The hash data.
-     * @internal
-     */
-    async generateHashData(nodeIdentity, immutableProof) {
-        // We hash the data for the proof without the the proof or immutable receipt for the proof
-        // without these objects we can simplify the context
-        const object = core.ObjectHelper.omit(immutableProof, ["proof", "immutableReceipt"]);
-        object["@context"] = [immutableProofModels.ImmutableProofTypes.ContextRoot, immutableProofModels.ImmutableProofTypes.ContextRootCommon];
-        const canonicalDocument = core.JsonHelper.canonicalize(object);
-        const proofKey = await this._vaultConnector.getKey(`${nodeIdentity}/${this._proofHashKeyId}`);
-        const proofHash = crypto.Sha256.sum256(proofKey.privateKey);
-        const transformedDocumentHash = crypto.Sha256.sum256(core.Converter.utf8ToBytes(canonicalDocument));
-        const hashData = new Uint8Array(proofHash.length + transformedDocumentHash.length);
-        hashData.set(proofHash);
-        hashData.set(transformedDocumentHash, proofHash.length);
-        return hashData;
-    }
 }
 
 const restEntryPoints = [

package/dist/esm/index.mjs

@@ -1,15 +1,14 @@
 import { property, SortDirection, entity, EntitySchemaFactory, EntitySchemaHelper } from '@twin.org/entity';
 import { Guards, ComponentFactory, StringHelper, Is, Validation, Converter, RandomHelper, ObjectHelper, Urn, GeneralError, NotFoundError, JsonHelper } from '@twin.org/core';
-import { ImmutableProofTypes, ImmutableProofFailure, ImmutableProofTopics } from '@twin.org/immutable-proof-models';
-import { DidCryptoSuites, DidTypes, DidContexts } from '@twin.org/standards-w3c-did';
+import { ImmutableProofTypes, ImmutableProofContexts, ImmutableProofFailure, ImmutableProofTopics } from '@twin.org/immutable-proof-models';
+import { DidCryptoSuites, ProofTypes, DidContexts } from '@twin.org/standards-w3c-did';
 import { HttpStatusCode, HeaderTypes, MimeTypes } from '@twin.org/web';
 import { BackgroundTaskConnectorFactory, TaskStatus } from '@twin.org/background-task-models';
-import { Blake2b, Sha256 } from '@twin.org/crypto';
+import { Sha256 } from '@twin.org/crypto';
 import { JsonLdHelper, JsonLdProcessor } from '@twin.org/data-json-ld';
 import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
 import { IdentityConnectorFactory } from '@twin.org/identity-models';
 import { ImmutableStorageConnectorFactory } from '@twin.org/immutable-storage-models';
-import { VaultConnectorFactory } from '@twin.org/vault-models';
 
 // Copyright 2024 IOTA Stiftung.
 // SPDX-License-Identifier: Apache-2.0.
@@ -63,7 +62,7 @@ __decorate([
     __metadata("design:type", String)
 ], ImmutableProof.prototype, "dateCreated", void 0);
 __decorate([
-    property({ type: "string" }),
+    property({ type: "string", optional: true }),
     __metadata("design:type", String)
 ], ImmutableProof.prototype, "proofObjectId", void 0);
 __decorate([
@@ -71,7 +70,7 @@ __decorate([
     __metadata("design:type", String)
 ], ImmutableProof.prototype, "proofObjectHash", void 0);
 __decorate([
-    property({ type: "string" }),
+    property({ type: "string", optional: true }),
     __metadata("design:type", String)
 ], ImmutableProof.prototype, "immutableStorageId", void 0);
 ImmutableProof = __decorate([
@@ -112,7 +111,7 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                     id: "immutableProofCreateRequestExample",
                     request: {
                         body: {
-                            proofObject: {
+                            document: {
                                 "@context": "https://schema.org",
                                 type: "Person",
                                 name: "John Smith"
@@ -174,17 +173,18 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                         response: {
                             body: {
                                 "@context": [
-                                    ImmutableProofTypes.ContextRoot,
-                                    ImmutableProofTypes.ContextRootCommon
+                                    ImmutableProofContexts.ContextRoot,
+                                    ImmutableProofContexts.ContextRootCommon
                                 ],
                                 type: ImmutableProofTypes.ImmutableProof,
                                 id: "ais:1234567890",
+                                nodeIdentity: "node-1",
                                 userIdentity: "user-1",
                                 proofObjectId: "test:1234567890",
                                 proofObjectHash: "EAOKyDN0mYQbBh91eMdVeroxQx1H4GfnRbmt6n/2L/Y=",
                                 proof: {
-                                    "@context": DidContexts.ContextVCDataIntegrity,
-                                    type: DidTypes.DataIntegrityProof,
+                                    "@context": DidContexts.ContextDataIntegrity,
+                                    type: ProofTypes.DataIntegrityProof,
                                     cryptosuite: DidCryptoSuites.EdDSAJcs2022,
                                     created: "2024-08-22T11:56:56.272Z",
                                     proofPurpose: "assertionMethod",
@@ -207,17 +207,18 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                             },
                             body: {
                                 "@context": [
-                                    ImmutableProofTypes.ContextRoot,
-                                    ImmutableProofTypes.ContextRootCommon
+                                    ImmutableProofContexts.ContextRoot,
+                                    ImmutableProofContexts.ContextRootCommon
                                 ],
                                 type: ImmutableProofTypes.ImmutableProof,
                                 id: "ais:1234567890",
+                                nodeIdentity: "node-1",
                                 userIdentity: "user-1",
                                 proofObjectId: "test:1234567890",
                                 proofObjectHash: "EAOKyDN0mYQbBh91eMdVeroxQx1H4GfnRbmt6n/2L/Y=",
                                 proof: {
-                                    "@context": DidContexts.ContextVCDataIntegrity,
-                                    type: DidTypes.DataIntegrityProof,
+                                    "@context": DidContexts.ContextDataIntegrity,
+                                    type: ProofTypes.DataIntegrityProof,
                                     cryptosuite: DidCryptoSuites.EdDSAJcs2022,
                                     created: "2024-08-22T11:56:56.272Z",
                                     proofPurpose: "assertionMethod",
@@ -261,7 +262,7 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                         id: "immutableProofVerifyResponseExample",
                         response: {
                             body: {
-                                "@context": ImmutableProofTypes.ContextRoot,
+                                "@context": ImmutableProofContexts.ContextRoot,
                                 type: ImmutableProofTypes.ImmutableProofVerification,
                                 verified: true
                             }
@@ -276,7 +277,7 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
                         id: "immutableProofVerifyResponseFailExample",
                         response: {
                             body: {
-                                "@context": ImmutableProofTypes.ContextRoot,
+                                "@context": ImmutableProofContexts.ContextRoot,
                                 type: ImmutableProofTypes.ImmutableProofVerification,
                                 verified: false,
                                 failure: ImmutableProofFailure.ProofTypeMismatch
@@ -301,9 +302,9 @@ function generateRestRoutesImmutableProof(baseRouteName, componentName) {
  */
 async function immutableProofCreate(httpRequestContext, componentName, request) {
     Guards.object(ROUTES_SOURCE, "request", request);
-    Guards.object(ROUTES_SOURCE, "request.body.proofObject", request.body.proofObject);
+    Guards.object(ROUTES_SOURCE, "request.body.document", request.body.document);
     const component = ComponentFactory.get(componentName);
-    const result = await component.create(request.body.proofObject, httpRequestContext.userIdentity, httpRequestContext.nodeIdentity);
+    const result = await component.create(request.body.document, httpRequestContext.userIdentity, httpRequestContext.nodeIdentity);
     return {
         statusCode: HttpStatusCode.created,
         headers: {
@@ -373,11 +374,6 @@ class ImmutableProofService {
      * @internal
      */
     _config;
-    /**
-     * The vault connector.
-     * @internal
-     */
-    _vaultConnector;
     /**
      * The identity connector.
      * @internal
@@ -408,11 +404,6 @@ class ImmutableProofService {
      * @internal
      */
     _verificationMethodId;
-    /**
-     * The proof hash key id to use for the proofs.
-     * @internal
-     */
-    _proofHashKeyId;
     /**
      * The identity connector type.
      * @internal
@@ -423,7 +414,6 @@ class ImmutableProofService {
      * @param options The dependencies for the immutable proof connector.
      */
     constructor(options) {
-        this._vaultConnector = VaultConnectorFactory.get(options?.vaultConnectorType ?? "vault");
         this._proofStorage = EntityStorageConnectorFactory.get(options?.immutableProofEntityStorageType ?? StringHelper.kebabCase("ImmutableProof"));
         this._immutableStorage = ImmutableStorageConnectorFactory.get(options?.immutableStorageType ?? "immutable-storage");
         this._identityConnectorType = options?.identityConnectorType ?? "identity";
@@ -434,47 +424,48 @@ class ImmutableProofService {
         }
         this._config = options?.config ?? {};
         this._verificationMethodId = this._config.verificationMethodId ?? "immutable-proof-assertion";
-        this._proofHashKeyId = this._config.proofHashKeyId ?? "immutable-proof-hash";
         this._backgroundTaskConnector.registerHandler("immutable-proof", "@twin.org/immutable-proof-task", "processProofTask", async (task) => {
             await this.finaliseTask(task);
         });
     }
     /**
-     * Create a new authentication proof.
-     * @param proofObject The object for the proof as JSON-LD.
+     * Create a new proof.
+     * @param document The document to create the proof for.
      * @param userIdentity The identity to create the immutable proof operation with.
      * @param nodeIdentity The node identity to use for vault operations.
-     * @returns The id of the new authentication proof.
+     * @returns The id of the new proof.
      */
-    async create(proofObject, userIdentity, nodeIdentity) {
-        Guards.object(this.CLASS_NAME, "proofObject", proofObject);
+    async create(document, userIdentity, nodeIdentity) {
+        Guards.object(this.CLASS_NAME, "document", document);
         Guards.stringValue(this.CLASS_NAME, "userIdentity", userIdentity);
         Guards.stringValue(this.CLASS_NAME, "nodeIdentity", nodeIdentity);
         try {
             const validationFailures = [];
-            await JsonLdHelper.validate(proofObject, validationFailures);
-            Validation.asValidationError(this.CLASS_NAME, "proofObject", validationFailures);
+            await JsonLdHelper.validate(document, validationFailures);
+            Validation.asValidationError(this.CLASS_NAME, "document", validationFailures);
             const id = Converter.bytesToHex(RandomHelper.generate(32), false);
             const dateCreated = new Date(Date.now()).toISOString();
-            const proofObjectId = ObjectHelper.extractProperty(proofObject, ["@id", "id"], false);
-            const hash = this.calculateHash(id, dateCreated, nodeIdentity, userIdentity, proofObject);
+            const proofObjectId = ObjectHelper.extractProperty(document, ["@id", "id"], false);
+            // We don't want to store the whole document in the immutable proof, as this could be large
+            // and also reveal information that should not be stored in the proof so we hash the document
+            // and store the hash
+            const proofObjectHash = this.calculateDocumentHash(document);
             const proofEntity = {
                 id,
                 nodeIdentity,
                 userIdentity,
                 dateCreated,
                 proofObjectId,
-                proofObjectHash: Converter.bytesToBase64(hash)
+                proofObjectHash
             };
             await this._proofStorage.set(proofEntity);
             const immutableProof = this.proofEntityToJsonLd(proofEntity);
-            const hashData = await this.generateHashData(proofEntity.nodeIdentity, immutableProof);
             const proofTaskPayload = {
                 proofId: id,
                 nodeIdentity,
                 identityConnectorType: this._identityConnectorType,
-                assertionMethodId: this._verificationMethodId,
-                hashData: Converter.bytesToHex(hashData)
+                verificationMethodId: this._verificationMethodId,
+                document: immutableProof
             };
             await this._backgroundTaskConnector.create("immutable-proof", proofTaskPayload);
             return new Urn(ImmutableProofService.NAMESPACE, id).toString();
@@ -484,7 +475,7 @@ class ImmutableProofService {
         }
     }
     /**
-     * Get an authentication proof.
+     * Get a proof.
      * @param id The id of the proof to get.
      * @returns The proof.
      * @throws NotFoundError if the proof is not found.
@@ -507,7 +498,7 @@ class ImmutableProofService {
         }
     }
     /**
-     * Verify an authentication proof.
+     * Verify a proof.
      * @param id The id of the proof to verify.
      * @returns The result of the verification and any failures.
      * @throws NotFoundError if the proof is not found.
@@ -524,7 +515,7 @@ class ImmutableProofService {
         try {
             const { verified, failure } = await this.internalGet(id, true);
             return {
-                "@context": ImmutableProofTypes.ContextRoot,
+                "@context": ImmutableProofContexts.ContextRoot,
                 type: ImmutableProofTypes.ImmutableProofVerification,
                 verified,
                 failure
@@ -573,14 +564,8 @@ class ImmutableProofService {
      * @returns The hash.
      * @internal
      */
-    calculateHash(id, dateCreated, nodeIdentity, userIdentity, proofObject) {
-        const b2b = new Blake2b(Blake2b.SIZE_256);
-        b2b.update(Converter.utf8ToBytes(id));
-        b2b.update(Converter.utf8ToBytes(dateCreated));
-        b2b.update(Converter.utf8ToBytes(nodeIdentity));
-        b2b.update(Converter.utf8ToBytes(userIdentity));
-        b2b.update(ObjectHelper.toBytes(proofObject));
-        return b2b.digest();
+    calculateDocumentHash(nodeObject) {
+        return `sha256:${Converter.bytesToBase64(Sha256.sum256(ObjectHelper.toBytes(JsonHelper.canonicalize(nodeObject))))}`;
     }
     /**
      * Map the stream entity to a model.
@@ -589,15 +574,16 @@ class ImmutableProofService {
      * @internal
      */
     proofEntityToJsonLd(proofEntity) {
-        const model = {
-            "@context": [ImmutableProofTypes.ContextRoot, ImmutableProofTypes.ContextRootCommon],
+        const jsonLd = {
+            "@context": [ImmutableProofContexts.ContextRoot, ImmutableProofContexts.ContextRootCommon],
             type: ImmutableProofTypes.ImmutableProof,
             id: proofEntity.id,
+            nodeIdentity: proofEntity.nodeIdentity,
             userIdentity: proofEntity.userIdentity,
             proofObjectId: proofEntity.proofObjectId,
             proofObjectHash: proofEntity.proofObjectHash
         };
-        return model;
+        return jsonLd;
     }
     /**
      * Process a proof.
@@ -610,12 +596,9 @@ class ImmutableProofService {
             if (Is.object(proofEntity)) {
                 const immutableProof = this.proofEntityToJsonLd(proofEntity);
                 // As we are adding the proof to the data we update its context
-                immutableProof["@context"] = [
-                    ImmutableProofTypes.ContextRoot,
-                    ImmutableProofTypes.ContextRootCommon,
-                    DidContexts.ContextVCDataIntegrity
-                ];
+                immutableProof["@context"] = JsonLdProcessor.combineContexts([ImmutableProofContexts.ContextRoot, ImmutableProofContexts.ContextRootCommon], task.result.proof["@context"]);
                 immutableProof.proof = task.result.proof;
+                ObjectHelper.propertyDelete(immutableProof.proof, "@context");
                 if (Is.stringValue(immutableProof.proof.created)) {
                     proofEntity.dateCreated = immutableProof.proof.created;
                 }
@@ -628,7 +611,7 @@ class ImmutableProofService {
         }
     }
     /**
-     * Verify an authentication proof.
+     * Verify a proof.
      * @param id The id of the proof to verify.
      * @param verify Validate the proof.
      * @returns The result of the verification and any failures.
@@ -642,7 +625,7 @@ class ImmutableProofService {
         if (Is.empty(proofEntity)) {
             throw new NotFoundError(this.CLASS_NAME, "proofNotFound", id);
         }
-        let proofJsonLd = await this.proofEntityToJsonLd(proofEntity);
+        let proofJsonLd = this.proofEntityToJsonLd(proofEntity);
         let verified = false;
         let failure = ImmutableProofFailure.NotIssued;
         if (Is.stringValue(proofEntity.immutableStorageId)) {
@@ -650,6 +633,7 @@ class ImmutableProofService {
             const immutableResult = await this._immutableStorage.get(proofEntity.immutableStorageId);
             if (Is.uint8Array(immutableResult.data)) {
                 proofJsonLd = ObjectHelper.fromBytes(immutableResult.data);
+                const unsecureDocument = ObjectHelper.clone(proofJsonLd);
                 proofJsonLd.immutableReceipt = immutableResult.receipt;
                 // As we are adding the receipt to the data we update the JSON-LD context
                 const receiptContext = immutableResult.receipt["@context"];
@@ -660,12 +644,11 @@ class ImmutableProofService {
                     if (proofJsonLd.proof.cryptosuite !== DidCryptoSuites.EdDSAJcs2022) {
                         failure = ImmutableProofFailure.CryptoSuiteMismatch;
                     }
-                    else if (proofJsonLd.proof.type !== DidTypes.DataIntegrityProof) {
+                    else if (proofJsonLd.proof.type !== ProofTypes.DataIntegrityProof) {
                         failure = ImmutableProofFailure.ProofTypeMismatch;
                     }
                     else {
-                        const hashData = await this.generateHashData(proofEntity.nodeIdentity, proofJsonLd);
-                        const isVerified = await this._identityConnector.verifyProof(hashData, proofJsonLd.proof);
+                        const isVerified = await this._identityConnector.verifyProof(unsecureDocument, proofJsonLd.proof);
                         if (isVerified) {
                             verified = true;
                             failure = undefined;
@@ -683,28 +666,6 @@ class ImmutableProofService {
             failure
         };
     }
-    /**
-     * Generate the hash data for the proof.
-     * Conforms to https://www.w3.org/TR/vc-di-eddsa/#create-proof-eddsa-jcs-2022
-     * @param nodeIdentity The node identity to use for vault operations.
-     * @param immutableProof The immutable proof to generate the hash data for.
-     * @returns The hash data.
-     * @internal
-     */
-    async generateHashData(nodeIdentity, immutableProof) {
-        // We hash the data for the proof without the the proof or immutable receipt for the proof
-        // without these objects we can simplify the context
-        const object = ObjectHelper.omit(immutableProof, ["proof", "immutableReceipt"]);
-        object["@context"] = [ImmutableProofTypes.ContextRoot, ImmutableProofTypes.ContextRootCommon];
-        const canonicalDocument = JsonHelper.canonicalize(object);
-        const proofKey = await this._vaultConnector.getKey(`${nodeIdentity}/${this._proofHashKeyId}`);
-        const proofHash = Sha256.sum256(proofKey.privateKey);
-        const transformedDocumentHash = Sha256.sum256(Converter.utf8ToBytes(canonicalDocument));
-        const hashData = new Uint8Array(proofHash.length + transformedDocumentHash.length);
-        hashData.set(proofHash);
-        hashData.set(transformedDocumentHash, proofHash.length);
-        return hashData;
-    }
 }
 
 const restEntryPoints = [

package/dist/types/immutableProofService.d.ts

@@ -19,22 +19,22 @@ export declare class ImmutableProofService implements IImmutableProofComponent {
      */
     constructor(options?: IImmutableProofServiceConstructorOptions);
     /**
-     * Create a new authentication proof.
-     * @param proofObject The object for the proof as JSON-LD.
+     * Create a new proof.
+     * @param document The document to create the proof for.
      * @param userIdentity The identity to create the immutable proof operation with.
      * @param nodeIdentity The node identity to use for vault operations.
-     * @returns The id of the new authentication proof.
+     * @returns The id of the new proof.
      */
-    create(proofObject: IJsonLdNodeObject, userIdentity?: string, nodeIdentity?: string): Promise<string>;
+    create(document: IJsonLdNodeObject, userIdentity?: string, nodeIdentity?: string): Promise<string>;
     /**
-     * Get an authentication proof.
+     * Get a proof.
      * @param id The id of the proof to get.
      * @returns The proof.
      * @throws NotFoundError if the proof is not found.
      */
     get(id: string): Promise<IImmutableProof>;
     /**
-     * Verify an authentication proof.
+     * Verify a proof.
      * @param id The id of the proof to verify.
      * @returns The result of the verification and any failures.
      * @throws NotFoundError if the proof is not found.

package/dist/types/models/IImmutableProofServiceConfig.d.ts

@@ -7,9 +7,4 @@ export interface IImmutableProofServiceConfig {
      * @default immutable-proof-assertion
      */
     verificationMethodId?: string;
-    /**
-     * The key to use in the proof hash.
-     * @default immutable-proof-hash
-     */
-    proofHashKeyId?: string;
 }

package/dist/types/models/IImmutableProofServiceConstructorOptions.d.ts

@@ -3,11 +3,6 @@ import type { IImmutableProofServiceConfig } from "./IImmutableProofServiceConfi
  * Options for the immutable proof service constructor.
  */
 export interface IImmutableProofServiceConstructorOptions {
-    /**
-     * The vault connector type.
-     * @default vault
-     */
-    vaultConnectorType?: string;
     /**
      * The entity storage for proofs.
      * @default immutable-proof

package/docs/changelog.md

@@ -1,5 +1,5 @@
 # @twin.org/immutable-proof-service - Changelog
 
-## v0.0.1-next.25
+## v0.0.1-next.27
 
 - Initial Release

package/docs/open-api/spec.json

@@ -44,7 +44,7 @@
 							"examples": {
 								"immutableProofCreateRequestExample": {
 									"value": {
-										"proofObject": {
+										"document": {
 											"@context": "https://schema.org",
 											"type": "Person",
 											"name": "John Smith"
@@ -200,11 +200,12 @@
 											],
 											"type": "ImmutableProof",
 											"id": "ais:1234567890",
+											"nodeIdentity": "node-1",
 											"userIdentity": "user-1",
 											"proofObjectId": "test:1234567890",
 											"proofObjectHash": "EAOKyDN0mYQbBh91eMdVeroxQx1H4GfnRbmt6n/2L/Y=",
 											"proof": {
-												"@context": "https://w3id.org/security/data-integrity/v2",
+												"@context": "https://www.w3.org/ns/credentials/v2",
 												"type": "DataIntegrityProof",
 												"cryptosuite": "eddsa-jcs-2022",
 												"created": "2024-08-22T11:56:56.272Z",
@@ -228,11 +229,12 @@
 											],
 											"type": "ImmutableProof",
 											"id": "ais:1234567890",
+											"nodeIdentity": "node-1",
 											"userIdentity": "user-1",
 											"proofObjectId": "test:1234567890",
 											"proofObjectHash": "EAOKyDN0mYQbBh91eMdVeroxQx1H4GfnRbmt6n/2L/Y=",
 											"proof": {
-												"@context": "https://w3id.org/security/data-integrity/v2",
+												"@context": "https://www.w3.org/ns/credentials/v2",
 												"type": "DataIntegrityProof",
 												"cryptosuite": "eddsa-jcs-2022",
 												"created": "2024-08-22T11:56:56.272Z",
@@ -480,29 +482,14 @@
 	},
 	"components": {
 		"schemas": {
-			"DidCryptoSuites": {
-				"anyOf": [
-					{
-						"type": "string",
-						"const": "eddsa-jcs-2022",
-						"description": "The type for EdDSA crypto suite for JSON Canonicalization Scheme [RFC8785]. https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022"
-					},
-					{
-						"type": "string",
-						"const": "eddsa-rdfc-2022",
-						"description": "The type for EdDSA crypto suite for RDF Dataset Canonicalization. https://www.w3.org/TR/vc-di-eddsa/#eddsa-rdfc-2022"
-					}
-				],
-				"description": "The types for DID Proof crypto suites."
-			},
-			"DidProof": {
+			"DataIntegrityProof": {
 				"type": "object",
 				"properties": {
 					"@context": {
 						"anyOf": [
 							{
 								"type": "string",
-								"const": "https://w3id.org/security/data-integrity/v2"
+								"const": "https://www.w3.org/ns/credentials/v2"
 							},
 							{
 								"type": "array",
@@ -510,7 +497,7 @@
 								"items": [
 									{
 										"type": "string",
-										"const": "https://w3id.org/security/data-integrity/v2"
+										"const": "https://www.w3.org/ns/credentials/v2"
 									}
 								],
 								"additionalItems": {
@@ -522,6 +509,7 @@
 					},
 					"type": {
 						"type": "string",
+						"const": "DataIntegrityProof",
 						"description": "JSON-LD Type."
 					},
 					"cryptosuite": {
@@ -599,12 +587,26 @@
 				"required": [
 					"type",
 					"cryptosuite",
-					"proofPurpose",
-					"proofValue"
+					"proofPurpose"
 				],
 				"additionalProperties": false,
 				"description": "Interface describing a did proof. https://www.w3.org/TR/vc-data-integrity/"
 			},
+			"DidCryptoSuites": {
+				"anyOf": [
+					{
+						"type": "string",
+						"const": "eddsa-jcs-2022",
+						"description": "The type for EdDSA crypto suite for JSON Canonicalization Scheme [RFC8785]. https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022"
+					},
+					{
+						"type": "string",
+						"const": "eddsa-rdfc-2022",
+						"description": "The type for EdDSA crypto suite for RDF Dataset Canonicalization. https://www.w3.org/TR/vc-di-eddsa/#eddsa-rdfc-2022"
+					}
+				],
+				"description": "The types for DID Proof crypto suites."
+			},
 			"Error": {
 				"type": "object",
 				"properties": {
@@ -643,12 +645,12 @@
 			"ImmutableProofCreateRequest": {
 				"type": "object",
 				"properties": {
-					"proofObject": {
+					"document": {
 						"$ref": "https://schema.twindev.org/json-ld/JsonLdNodeObject"
 					}
 				},
 				"required": [
-					"proofObject"
+					"document"
 				],
 				"additionalProperties": false,
 				"description": "The parameters from the body."

package/docs/reference/classes/ImmutableProofService.md

@@ -50,17 +50,17 @@ Runtime name for the class.
 
 ### create()
 
-> **create**(`proofObject`, `userIdentity`?, `nodeIdentity`?): `Promise`\<`string`\>
+> **create**(`document`, `userIdentity`?, `nodeIdentity`?): `Promise`\<`string`\>
 
-Create a new authentication proof.
+Create a new proof.
 
 #### Parameters
 
-##### proofObject
+##### document
 
 `IJsonLdNodeObject`
 
-The object for the proof as JSON-LD.
+The document to create the proof for.
 
 ##### userIdentity?
 
@@ -78,7 +78,7 @@ The node identity to use for vault operations.
 
 `Promise`\<`string`\>
 
-The id of the new authentication proof.
+The id of the new proof.
 
 #### Implementation of
 
@@ -90,7 +90,7 @@ The id of the new authentication proof.
 
 > **get**(`id`): `Promise`\<`IImmutableProof`\>
 
-Get an authentication proof.
+Get a proof.
 
 #### Parameters
 
@@ -120,7 +120,7 @@ NotFoundError if the proof is not found.
 
 > **verify**(`id`): `Promise`\<`IImmutableProofVerification`\>
 
-Verify an authentication proof.
+Verify a proof.
 
 #### Parameters
 

package/docs/reference/interfaces/IImmutableProofServiceConfig.md

@@ -15,17 +15,3 @@ The verification method id to use for the proof.
 ```ts
 immutable-proof-assertion
 ```
-
-***
-
-### proofHashKeyId?
-
-> `optional` **proofHashKeyId**: `string`
-
-The key to use in the proof hash.
-
-#### Default
-
-```ts
-immutable-proof-hash
-```

package/docs/reference/interfaces/IImmutableProofServiceConstructorOptions.md

@@ -4,20 +4,6 @@ Options for the immutable proof service constructor.
 
 ## Properties
 
-### vaultConnectorType?
-
-> `optional` **vaultConnectorType**: `string`
-
-The vault connector type.
-
-#### Default
-
-```ts
-vault
-```
-
-***
-
 ### immutableProofEntityStorageType?
 
 > `optional` **immutableProofEntityStorageType**: `string`

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/immutable-proof-service",
-	"version": "0.0.1-next.25",
+	"version": "0.0.1-next.27",
 	"description": "Immutable proof contract implementation and REST endpoint definitions",
 	"repository": {
 		"type": "git",
@@ -23,8 +23,8 @@
 		"@twin.org/entity-storage-models": "next",
 		"@twin.org/event-bus-models": "next",
 		"@twin.org/identity-models": "next",
-		"@twin.org/immutable-proof-models": "0.0.1-next.25",
-		"@twin.org/immutable-proof-task": "0.0.1-next.25",
+		"@twin.org/immutable-proof-models": "0.0.1-next.27",
+		"@twin.org/immutable-proof-task": "0.0.1-next.27",
 		"@twin.org/immutable-storage-models": "next",
 		"@twin.org/nameof": "next",
 		"@twin.org/standards-w3c-did": "next",