@twin.org/standards-w3c-did 0.0.2-next.8 → 0.0.3-next.1

package/dist/esm/index.mjs

@@ -1,546 +0,0 @@
-import { Guards, Is, GeneralError, ObjectHelper, Converter, JsonHelper, Uint8ArrayHelper } from '@twin.org/core';
-import { Ed25519, Sha256 } from '@twin.org/crypto';
-import { JsonLdProcessor } from '@twin.org/data-json-ld';
-import { Jwk, Jws } from '@twin.org/web';
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The contexts for DIDs.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const DidContexts = {
-    /**
-     * The context root for DID.
-     */
-    Context: "https://www.w3.org/ns/did/v1",
-    /**
-     * The context root for DID VC v1.
-     */
-    ContextVCv1: "https://www.w3.org/2018/credentials/v1",
-    /**
-     * The context root for DID VC v2.
-     */
-    ContextVCv2: "https://www.w3.org/ns/credentials/v2",
-    /**
-     * The context root for security ed25519 suites.
-     */
-    ContextSecurityEd25519: "https://w3id.org/security/suites/ed25519-2020/v1",
-    /**
-     * The context root for security jws-2020 suites.
-     */
-    ContextSecurityJws2020: "https://w3id.org/security/suites/jws-2020/v1",
-    /**
-     * The context root for VC Data Integrity.
-     */
-    ContextDataIntegrity: "https://www.w3.org/ns/credentials/v2",
-    /**
-     * The context root for VC Data Integrity.
-     */
-    ContextControllerIdentifiers: "https://www.w3.org/ns/cid/v1",
-    /**
-     * The context root for security multikey suites.
-     */
-    ContextSecurityMultikey: "https://w3id.org/security/multikey/v1"
-};
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The types for DID Proof crypto suites.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const DidCryptoSuites = {
-    /**
-     * The type for EdDSA crypto suite for JSON Canonicalization Scheme [RFC8785].
-     * https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022
-     */
-    EdDSAJcs2022: "eddsa-jcs-2022",
-    /**
-     * The type for EdDSA crypto suite for RDF Dataset Canonicalization.
-     * https://www.w3.org/TR/vc-di-eddsa/#eddsa-rdfc-2022
-     */
-    EdDSARdfc2022: "eddsa-rdfc-2022"
-};
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The types for DIDs.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const DidTypes = {
-    /**
-     * The type for Verifiable Credential.
-     */
-    VerifiableCredential: "VerifiableCredential",
-    /**
-     * The type for Verifiable Presentation.
-     */
-    VerifiablePresentation: "VerifiablePresentation",
-    /**
-     * The type for Ed25519VerificationKey2020.
-     */
-    Ed25519VerificationKey2020: "Ed25519VerificationKey2020",
-    /**
-     * The type for JsonWebKey2020.
-     */
-    JsonWebKey2020: "JsonWebKey2020",
-    /**
-     * The type for LinkedDomains.
-     */
-    LinkedDomains: "LinkedDomains",
-    /**
-     * The type for Multikey.
-     */
-    Multikey: "Multikey"
-};
-
-/**
- * The types of verification method.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const DidVerificationMethodType = {
-    /**
-     * VerificationMethod.
-     */
-    VerificationMethod: "verificationMethod",
-    /**
-     * Authentication.
-     */
-    Authentication: "authentication",
-    /**
-     * Assertion Method.
-     */
-    AssertionMethod: "assertionMethod",
-    /**
-     * Key Agreement.
-     */
-    KeyAgreement: "keyAgreement",
-    /**
-     * Capability Invocation.
-     */
-    CapabilityInvocation: "capabilityInvocation",
-    /**
-     * Capability Delegation.
-     */
-    CapabilityDelegation: "capabilityDelegation"
-};
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * The types for proofs.
- */
-// eslint-disable-next-line @typescript-eslint/naming-convention
-const ProofTypes = {
-    /**
-     * The type for Data Integrity Proof.
-     */
-    DataIntegrityProof: "DataIntegrityProof",
-    /**
-     * The type for Json Web Signature 2020.
-     */
-    JsonWebSignature2020: "JsonWebSignature2020"
-};
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for creating and verifying proofs.
- * https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022
- */
-class DataIntegrityProofSignerVerifier {
-    /**
-     * Runtime name for the class.
-     */
-    CLASS_NAME = "DataIntegrityProofSignerVerifier";
-    /**
-     * Create a proof for the given data.
-     * @param unsecuredDocument The data to create the proof for.
-     * @param unsignedProof The proof options.
-     * @param signKey The key to sign the proof with.
-     * @returns The created proof.
-     */
-    async createProof(unsecuredDocument, unsignedProof, signKey) {
-        Guards.object(this.CLASS_NAME, "unsecuredDocument", unsecuredDocument);
-        Guards.object(this.CLASS_NAME, "unsignedProof", unsignedProof);
-        Guards.object(this.CLASS_NAME, "signKey", signKey);
-        const rawKeys = await Jwk.toRaw(signKey);
-        if (!Is.uint8Array(rawKeys.privateKey)) {
-            throw new GeneralError(this.CLASS_NAME, "missingPrivateKey");
-        }
-        const unsecuredDocumentClone = ObjectHelper.clone(unsecuredDocument);
-        const signedProof = ObjectHelper.clone(unsignedProof);
-        unsecuredDocumentClone["@context"] = JsonLdProcessor.combineContexts(unsecuredDocumentClone["@context"], DidContexts.ContextDataIntegrity);
-        signedProof["@context"] = unsecuredDocumentClone["@context"];
-        const combinedHash = await this.createHash(unsecuredDocument, unsignedProof);
-        const signature = Ed25519.sign(rawKeys.privateKey, combinedHash);
-        signedProof.proofValue = `z${Converter.bytesToBase58(signature)}`;
-        return signedProof;
-    }
-    /**
-     * Verify a proof for the given data in format.
-     * @param securedDocument The credential to verify.
-     * @param signedProof The proof to verify.
-     * @param verifyKey The public key to verify the proof with.
-     * @returns True if the credential was verified.
-     */
-    async verifyProof(securedDocument, signedProof, verifyKey) {
-        Guards.object(this.CLASS_NAME, "securedDocument", securedDocument);
-        Guards.object(this.CLASS_NAME, "signedProof", signedProof);
-        Guards.stringValue(this.CLASS_NAME, "signedProof.proofValue", signedProof.proofValue);
-        Guards.object(this.CLASS_NAME, "verifyKey", verifyKey);
-        const rawKeys = await Jwk.toRaw(verifyKey);
-        if (!Is.uint8Array(rawKeys.publicKey)) {
-            throw new GeneralError(this.CLASS_NAME, "missingPublicKey");
-        }
-        const combinedHash = await this.createHash(securedDocument, signedProof);
-        return Ed25519.verify(rawKeys.publicKey, combinedHash, Converter.base58ToBytes(signedProof.proofValue.slice(1)));
-    }
-    /**
-     * Create a hash for the given data.
-     * @param unsecuredDocument The data to create the proof for.
-     * @param unsignedProof The unsigned proof.
-     * @returns The created hash.
-     */
-    async createHash(unsecuredDocument, unsignedProof) {
-        Guards.object(this.CLASS_NAME, "unsecuredDocument", unsecuredDocument);
-        Guards.object(this.CLASS_NAME, "unsignedProof", unsignedProof);
-        Guards.stringValue(this.CLASS_NAME, "unsignedProof.cryptosuite", unsignedProof.cryptosuite);
-        Guards.stringValue(this.CLASS_NAME, "unsignedProof.verificationMethod", unsignedProof.verificationMethod);
-        const unsecuredDocumentClone = ObjectHelper.clone(unsecuredDocument);
-        const proofOptionsClone = ObjectHelper.clone(unsignedProof);
-        delete unsecuredDocumentClone.proof;
-        delete proofOptionsClone.proofValue;
-        if (proofOptionsClone.cryptosuite !== DidCryptoSuites.EdDSAJcs2022) {
-            throw new GeneralError(this.CLASS_NAME, "cryptosuiteNotSupported", {
-                cryptoSuite: proofOptionsClone.cryptosuite
-            });
-        }
-        unsecuredDocumentClone["@context"] = JsonLdProcessor.combineContexts(unsecuredDocumentClone["@context"], DidContexts.ContextDataIntegrity);
-        proofOptionsClone["@context"] = unsecuredDocumentClone["@context"];
-        const transformedDocument = JsonHelper.canonicalize(unsecuredDocumentClone);
-        const transformedDocumentHash = Sha256.sum256(Converter.utf8ToBytes(transformedDocument));
-        const transformedProofOptions = JsonHelper.canonicalize(proofOptionsClone);
-        const proofOptionsHash = Sha256.sum256(Converter.utf8ToBytes(transformedProofOptions));
-        return Uint8ArrayHelper.concat([proofOptionsHash, transformedDocumentHash]);
-    }
-}
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for creating and verifying proofs.
- */
-class JsonWebSignature2020SignerVerifier {
-    /**
-     * Runtime name for the class.
-     */
-    CLASS_NAME = "JsonWebSignature2020SignerVerifier";
-    /**
-     * Create a proof for the given data.
-     * @param unsecuredDocument The data to create the proof for.
-     * @param unsignedProof The proof options.
-     * @param signKey The key to sign the proof with.
-     * @returns The created proof.
-     */
-    async createProof(unsecuredDocument, unsignedProof, signKey) {
-        Guards.object(this.CLASS_NAME, "unsecuredDocument", unsecuredDocument);
-        Guards.object(this.CLASS_NAME, "unsignedProof", unsignedProof);
-        Guards.object(this.CLASS_NAME, "signKey", signKey);
-        const unsecuredDocumentClone = ObjectHelper.clone(unsecuredDocument);
-        unsecuredDocumentClone["@context"] = JsonLdProcessor.combineContexts(unsecuredDocumentClone["@context"], DidContexts.ContextSecurityJws2020);
-        const hash = await this.createHash(unsecuredDocument, unsignedProof);
-        const cryptoKey = await Jwk.toCryptoKey(signKey);
-        const signature = await Jws.create(cryptoKey, hash, signKey.alg);
-        const signedProof = ObjectHelper.clone(unsignedProof);
-        signedProof["@context"] = unsecuredDocumentClone["@context"];
-        signedProof.jws = signature;
-        return signedProof;
-    }
-    /**
-     * Verify a proof for the given data in format.
-     * @param securedDocument The credential to verify.
-     * @param signedProof The proof to verify.
-     * @param verifyKey The public key to verify the proof with.
-     * @returns True if the credential was verified.
-     */
-    async verifyProof(securedDocument, signedProof, verifyKey) {
-        Guards.object(this.CLASS_NAME, "securedDocument", securedDocument);
-        Guards.object(this.CLASS_NAME, "signedProof", signedProof);
-        Guards.object(this.CLASS_NAME, "verifyKey", verifyKey);
-        const jws = signedProof.jws;
-        if (!Is.stringValue(jws)) {
-            throw new GeneralError(this.CLASS_NAME, "jwsMissing");
-        }
-        const hash = await this.createHash(securedDocument, signedProof);
-        const cryptoKey = await Jwk.toCryptoKey(verifyKey);
-        return Jws.verify(jws, cryptoKey, hash);
-    }
-    /**
-     * Create a hash for the given data.
-     * @param unsecuredDocument The data to create the proof for.
-     * @param unsignedProof The unsigned proof.
-     * @returns The created hash.
-     */
-    async createHash(unsecuredDocument, unsignedProof) {
-        Guards.object(this.CLASS_NAME, "unsecuredDocument", unsecuredDocument);
-        Guards.object(this.CLASS_NAME, "unsignedProof", unsignedProof);
-        Guards.stringValue(this.CLASS_NAME, "unsignedProof.verificationMethod", unsignedProof.verificationMethod);
-        const unsecuredDocumentClone = ObjectHelper.clone(unsecuredDocument);
-        const proofOptionsClone = ObjectHelper.clone(unsignedProof);
-        unsecuredDocumentClone["@context"] = JsonLdProcessor.combineContexts(unsecuredDocumentClone["@context"], DidContexts.ContextSecurityJws2020);
-        proofOptionsClone["@context"] = unsecuredDocumentClone["@context"];
-        delete unsecuredDocumentClone.proof;
-        delete proofOptionsClone.jws;
-        const canonizedData = await JsonLdProcessor.canonize(unsecuredDocumentClone);
-        const canonizedProof = await JsonLdProcessor.canonize(proofOptionsClone);
-        const hashedProof = Sha256.sum256(Converter.utf8ToBytes(canonizedProof));
-        const hashedData = Sha256.sum256(Converter.utf8ToBytes(canonizedData));
-        return Uint8ArrayHelper.concat([hashedProof, hashedData]);
-    }
-}
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for multikey.
- */
-class MultikeyHelper {
-    /**
-     * Runtime name for the class.
-     */
-    static CLASS_NAME = "MultikeyHelper";
-    /**
-     * Convert a multikey to a JWK.
-     * @param multikey The multikey to convert.
-     * @returns The JWK.
-     * @throws GeneralError if the multikey is invalid.
-     */
-    static toJwk(multikey) {
-        Guards.object(MultikeyHelper.CLASS_NAME, "multikey", multikey);
-        const { publicKey, privateKey } = MultikeyHelper.toRaw(multikey);
-        return {
-            kty: "OKP",
-            crv: "Ed25519",
-            alg: "EdDSA",
-            x: Is.uint8Array(publicKey) ? Converter.bytesToBase64Url(publicKey) : undefined,
-            d: Is.uint8Array(privateKey) ? Converter.bytesToBase64Url(privateKey) : undefined
-        };
-    }
-    /**
-     * Convert a JWK to a Multikey.
-     * @param controller The controller of the multikey.
-     * @param id The id of the multikey.
-     * @param jwk The jwk to convert.
-     * @returns The multikey.
-     * @throws GeneralError if the jwk is invalid.
-     */
-    static fromJwk(controller, id, jwk) {
-        Guards.stringValue(MultikeyHelper.CLASS_NAME, "controller", controller);
-        Guards.stringValue(MultikeyHelper.CLASS_NAME, "id", id);
-        Guards.object(MultikeyHelper.CLASS_NAME, "jwk", jwk);
-        Guards.stringValue(MultikeyHelper.CLASS_NAME, "jwk.x", jwk.x);
-        if (jwk.kty !== "OKP") {
-            throw new GeneralError(MultikeyHelper.CLASS_NAME, "unsupportedKty", { kty: jwk.kty });
-        }
-        if (jwk.crv !== "Ed25519") {
-            throw new GeneralError(MultikeyHelper.CLASS_NAME, "unsupportedCrv", { crv: jwk.crv });
-        }
-        const publicRaw = Converter.base64UrlToBytes(jwk.x);
-        const publicKey = new Uint8Array(2 + publicRaw.length);
-        publicKey[0] = 0xed;
-        publicKey[1] = 0x01;
-        publicKey.set(publicRaw, 2);
-        const multikey = {
-            "@context": DidContexts.ContextControllerIdentifiers,
-            type: DidTypes.Multikey,
-            controller,
-            id,
-            publicKeyMultibase: `z${Converter.bytesToBase58(publicKey)}`
-        };
-        if (Is.stringValue(jwk.d)) {
-            const privateRaw = Converter.base64UrlToBytes(jwk.d);
-            const secretKey = new Uint8Array(2 + privateRaw.length);
-            secretKey[0] = 0x80;
-            secretKey[1] = 0x26;
-            secretKey.set(privateRaw, 2);
-            multikey.secretKeyMultibase = `z${Converter.bytesToBase58(secretKey)}`;
-        }
-        return multikey;
-    }
-    /**
-     * Convert a multikey to raw keys.
-     * @param multikey The multikey to convert.
-     * @returns The JWK.
-     * @throws GeneralError if the multikey is invalid.
-     */
-    static toRaw(multikey) {
-        Guards.object(MultikeyHelper.CLASS_NAME, "multikey", multikey);
-        let publicKeyRaw;
-        let secretKeyRaw;
-        if (Is.stringValue(multikey.publicKeyMultibase)) {
-            if (!multikey.publicKeyMultibase.startsWith("z")) {
-                throw new GeneralError(MultikeyHelper.CLASS_NAME, "invalidPublicKeyMultibase", {
-                    publicKeyMultibase: multikey.publicKeyMultibase
-                });
-            }
-            publicKeyRaw = Converter.base58ToBytes(multikey.publicKeyMultibase.slice(1));
-            if (publicKeyRaw[0] !== 0xed || publicKeyRaw[1] !== 0x01) {
-                throw new GeneralError(MultikeyHelper.CLASS_NAME, "publicKeyMultibaseMissingHeader", {
-                    publicKeyMultibase: multikey.publicKeyMultibase
-                });
-            }
-        }
-        if (Is.stringValue(multikey.secretKeyMultibase)) {
-            if (!multikey.secretKeyMultibase.startsWith("z")) {
-                throw new GeneralError(MultikeyHelper.CLASS_NAME, "invalidSecretKeyMultibase", {
-                    secretKeyMultibase: multikey.secretKeyMultibase
-                });
-            }
-            secretKeyRaw = Converter.base58ToBytes(multikey.secretKeyMultibase.slice(1));
-            if (secretKeyRaw[0] !== 0x80 || secretKeyRaw[1] !== 0x26) {
-                throw new GeneralError(MultikeyHelper.CLASS_NAME, "publicKeyMultibaseMissingHeader", {
-                    publicKeyMultibase: multikey.publicKeyMultibase
-                });
-            }
-        }
-        return {
-            publicKey: publicKeyRaw?.slice(2) ?? new Uint8Array(),
-            privateKey: secretKeyRaw?.slice(2, 34) ?? new Uint8Array()
-        };
-    }
-}
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for creating and verifying proofs.
- */
-class ProofHelper {
-    /**
-     * Runtime name for the class.
-     */
-    static CLASS_NAME = "ProofHelper";
-    /**
-     * Create a signer verifier.
-     * @param proofType The type of proof to create.
-     * @returns The created signer verifier.
-     * @throws GeneralError if the proof type is not supported.
-     */
-    static createSignerVerifier(proofType) {
-        Guards.arrayOneOf(this.CLASS_NAME, "proofType", proofType, Object.values(ProofTypes));
-        let signerVerifier;
-        if (proofType === ProofTypes.DataIntegrityProof) {
-            signerVerifier = new DataIntegrityProofSignerVerifier();
-        }
-        else if (proofType === ProofTypes.JsonWebSignature2020) {
-            signerVerifier = new JsonWebSignature2020SignerVerifier();
-        }
-        if (Is.empty(signerVerifier)) {
-            throw new GeneralError(ProofHelper.CLASS_NAME, "unsupportedProofType", { proofType });
-        }
-        return signerVerifier;
-    }
-    /**
-     * Create a proof for the given data.
-     * @param proofType The type of proof to create.
-     * @param unsecuredDocument The data to create the proof for.
-     * @param unsignedProof The proof options.
-     * @param signKey The key to sign the proof with.
-     * @returns The created proof.
-     */
-    static async createProof(proofType, unsecuredDocument, unsignedProof, signKey) {
-        Guards.arrayOneOf(this.CLASS_NAME, "proofType", proofType, Object.values(ProofTypes));
-        Guards.object(this.CLASS_NAME, "unsecuredDocument", unsecuredDocument);
-        Guards.object(this.CLASS_NAME, "unsignedProof", unsignedProof);
-        Guards.object(this.CLASS_NAME, "signKey", signKey);
-        return ProofHelper.createSignerVerifier(proofType).createProof(unsecuredDocument, unsignedProof, signKey);
-    }
-    /**
-     * Verify a proof for the given data.
-     * @param securedDocument The credential to verify.
-     * @param signedProof The proof to verify.
-     * @param verifyKey The public key to verify the proof with.
-     * @returns True if the credential was verified.
-     */
-    static async verifyProof(securedDocument, signedProof, verifyKey) {
-        Guards.object(this.CLASS_NAME, "securedDocument", securedDocument);
-        Guards.object(this.CLASS_NAME, "signedProof", signedProof);
-        Guards.stringValue(this.CLASS_NAME, "signedProof.type", signedProof.type);
-        Guards.object(this.CLASS_NAME, "verifyKey", verifyKey);
-        const signerVerifier = ProofHelper.createSignerVerifier(signedProof.type);
-        return signerVerifier.verifyProof(securedDocument, signedProof, verifyKey);
-    }
-    /**
-     * Create an unsigned proof.
-     * @param proofType The type of proof to create.
-     * @param verificationMethodId The verification method id.
-     * @param otherParams Other parameters for the proof.
-     * @returns The created proof.
-     * @throws GeneralError if the proof type is not supported.
-     */
-    static createUnsignedProof(proofType, verificationMethodId, 
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    otherParams) {
-        let proof;
-        if (proofType === ProofTypes.DataIntegrityProof) {
-            proof = {
-                "@context": DidContexts.ContextDataIntegrity,
-                type: ProofTypes.DataIntegrityProof,
-                cryptosuite: DidCryptoSuites.EdDSAJcs2022,
-                created: new Date(Date.now()).toISOString(),
-                verificationMethod: verificationMethodId,
-                proofPurpose: "assertionMethod",
-                ...otherParams
-            };
-        }
-        else if (proofType === ProofTypes.JsonWebSignature2020) {
-            proof = {
-                "@context": DidContexts.ContextSecurityJws2020,
-                type: ProofTypes.JsonWebSignature2020,
-                created: new Date(Date.now()).toISOString(),
-                verificationMethod: verificationMethodId,
-                proofPurpose: "assertionMethod",
-                ...otherParams
-            };
-        }
-        if (Is.empty(proof)) {
-            throw new GeneralError(ProofHelper.CLASS_NAME, "unsupportedProofType", { proofType });
-        }
-        return proof;
-    }
-}
-
-// Copyright 2024 IOTA Stiftung.
-// SPDX-License-Identifier: Apache-2.0.
-/**
- * Helper methods for creating and verifying proofs.
- */
-class VerifiableCredentialHelper {
-    /**
-     * Runtime name for the class.
-     */
-    static CLASS_NAME = "VerifiableCredentialHelper";
-    /**
-     * Get the valid until date from a verifiable credential.
-     * @param verifiableCredential The verifiable credential to extract the expiration date from.
-     * @returns The expiration date, if available.
-     */
-    static getValidUntil(verifiableCredential) {
-        return (ObjectHelper.propertyGet(verifiableCredential, "validUntil") ??
-            ObjectHelper.propertyGet(verifiableCredential, "expirationDate"));
-    }
-    /**
-     * Get the valid from from a verifiable credential.
-     * @param verifiableCredential The verifiable credential to extract the issuance date from.
-     * @returns The issuance date, if available.
-     */
-    static getValidFrom(verifiableCredential) {
-        return (ObjectHelper.propertyGet(verifiableCredential, "validFrom") ??
-            ObjectHelper.propertyGet(verifiableCredential, "issuanceDate"));
-    }
-}
-
-export { DataIntegrityProofSignerVerifier, DidContexts, DidCryptoSuites, DidTypes, DidVerificationMethodType, JsonWebSignature2020SignerVerifier, MultikeyHelper, ProofHelper, ProofTypes, VerifiableCredentialHelper };