@twin.org/trust-verifiers 0.0.3-next.6 → 0.0.3-next.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
// Copyright 2025 IOTA Stiftung.
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0.
|
|
3
3
|
import { BaseError, Coerce, ComponentFactory, GeneralError, Is } from "@twin.org/core";
|
|
4
|
+
import { JsonLdHelper } from "@twin.org/data-json-ld";
|
|
4
5
|
import { Jwt } from "@twin.org/web";
|
|
5
6
|
/**
|
|
6
7
|
* Class to verify a JWT Verifiable Credential.
|
|
@@ -47,9 +48,6 @@ export class JwtVerifiableCredentialVerifier {
|
|
|
47
48
|
if (Is.stringValue(payload)) {
|
|
48
49
|
const jwt = await Jwt.decode(payload);
|
|
49
50
|
if (Is.objectValue(jwt.header) && Is.object(jwt.payload) && Is.uint8Array(jwt.signature)) {
|
|
50
|
-
info.jwtHeader = jwt.header;
|
|
51
|
-
info.jwtPayload = jwt.payload;
|
|
52
|
-
info.jwtSignature = jwt.signature;
|
|
53
51
|
let isVerified = true;
|
|
54
52
|
try {
|
|
55
53
|
const expiredMs = (Coerce.number(jwt.payload.exp) ?? 0) * 1000;
|
|
@@ -64,7 +62,8 @@ export class JwtVerifiableCredentialVerifier {
|
|
|
64
62
|
isVerified = false;
|
|
65
63
|
}
|
|
66
64
|
else {
|
|
67
|
-
info.
|
|
65
|
+
info.data ??= {};
|
|
66
|
+
info.data.verifiableCredential = JsonLdHelper.toNodeObject(verifiableCredential);
|
|
68
67
|
}
|
|
69
68
|
const issuer = Is.stringValue(verifiableCredential?.issuer)
|
|
70
69
|
? verifiableCredential?.issuer
|
|
@@ -82,7 +81,8 @@ export class JwtVerifiableCredentialVerifier {
|
|
|
82
81
|
isVerified = false;
|
|
83
82
|
}
|
|
84
83
|
else {
|
|
85
|
-
info.
|
|
84
|
+
info.data ??= {};
|
|
85
|
+
info.data.subject = JsonLdHelper.toNodeObject(subject);
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
catch (err) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwtVerifiableCredentialVerifier.js","sourceRoot":"","sources":["../../../src/verifiers/jwtVerifiableCredentialVerifier.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,EAAE,EAAe,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"jwtVerifiableCredentialVerifier.js","sourceRoot":"","sources":["../../../src/verifiers/jwtVerifiableCredentialVerifier.ts"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,uCAAuC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,YAAY,EAAE,EAAE,EAAe,MAAM,gBAAgB,CAAC;AACpG,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAKtD,OAAO,EAAE,GAAG,EAAE,MAAM,eAAe,CAAC;AAGpC;;GAEG;AACH,MAAM,OAAO,+BAA+B;IAC3C;;OAEG;IACI,MAAM,CAAU,UAAU,qCAAqD;IAEtF;;;OAGG;IACc,iBAAiB,CAAqB;IAEvD;;;OAGG;IACc,kBAAkB,CAAqB;IAExD;;;OAGG;IACH,YAAY,OAA4D;QACvE,IAAI,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,WAAW,CACpD,OAAO,EAAE,oBAAoB,IAAI,SAAS,CAC1C,CAAC;QAEF,IAAI,CAAC,kBAAkB,GAAG,gBAAgB,CAAC,GAAG,CAAC,OAAO,EAAE,qBAAqB,IAAI,UAAU,CAAC,CAAC;IAC9F,CAAC;IAED;;;OAGG;IACI,SAAS;QACf,OAAO,+BAA+B,CAAC,UAAU,CAAC;IACnD,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,MAAM,CAClB,OAAgB,EAChB,IAA4B,EAC5B,MAAgB;QAEhB,IAAI,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAEtC,IAAI,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC1F,IAAI,UAAU,GAAG,IAAI,CAAC;gBACtB,IAAI,CAAC;oBACJ,MAAM,SAAS,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;oBAC/D,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;wBAC7C,MAAM,CAAC,IAAI,CACV,IAAI,YAAY,CAAC,+BAA+B,CAAC,UAAU,EAAE,cAAc,CAAC,CAC5E,CAAC;wBACF,UAAU,GAAG,KAAK,CAAC;oBACpB,CAAC;oBAED,MAAM,kBAAkB,GACvB,MAAM,IAAI,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,OAAO,CAAC,CAAC;oBAEnE,MAAM,oBAAoB,GAAG,kBAAkB,CAAC,oBAAoB,CAAC;oBACrE,IAAI,EAAE,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,CAAC;wBACpC,MAAM,CAAC,IAAI,CACV,IAAI,YAAY,CAAC,+BAA+B,CAAC,UAAU,EAAE,wBAAwB,CAAC,CACtF,CAAC;wBACF,UAAU,GAAG,KAAK,CAAC;oBACpB,CAAC;yBAAM,CAAC;wBACP,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;wBACjB,IAAI,CAAC,IAAI,CAAC,oBAAoB,GAAG,YAAY,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;oBAClF,CAAC;oBAED,MAAM,MAAM,GAAuB,EAAE,CAAC,WAAW,CAAC,oBAAoB,EAAE,MAAM,CAAC;wBAC9E,CAAC,CAAC,oBAAoB,EAAE,MAAM;wBAC9B,CAAC,CAAC,SAAS,CAAC;oBACb,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;wBACtB,MAAM,CAAC,IAAI,CACV,IAAI,YAAY,CAAC,+BAA+B,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAClF,CAAC;wBACF,UAAU,GAAG,KAAK,CAAC;oBACpB,CAAC;yBAAM,CAAC;wBACP,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC;oBACxB,CAAC;oBAED,MAAM,OAAO,GAAG,oBAAoB,EAAE,iBAAiB,CAAC;oBACxD,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;wBACvB,MAAM,CAAC,IAAI,CACV,IAAI,YAAY,CAAC,+BAA+B,CAAC,UAAU,EAAE,qBAAqB,CAAC,CACnF,CAAC;wBACF,UAAU,GAAG,KAAK,CAAC;oBACpB,CAAC;yBAAM,CAAC;wBACP,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;wBACjB,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;oBACxD,CAAC;gBACF,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACd,UAAU,GAAG,KAAK,CAAC;oBACnB,MAAM,CAAC,IAAI,CACV,IAAI,YAAY,CACf,+BAA+B,CAAC,UAAU,EAC1C,qBAAqB,EACrB,SAAS,EACT,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,CACxB,CACD,CAAC;gBACH,CAAC;gBAED,OAAO,UAAU,CAAC;YACnB,CAAC;QACF,CAAC;IACF,CAAC","sourcesContent":["// Copyright 2025 IOTA Stiftung.\n// SPDX-License-Identifier: Apache-2.0.\nimport { BaseError, Coerce, ComponentFactory, GeneralError, Is, type IError } from \"@twin.org/core\";\nimport { JsonLdHelper } from \"@twin.org/data-json-ld\";\nimport type { IIdentityComponent } from \"@twin.org/identity-models\";\nimport type { ILoggingComponent } from \"@twin.org/logging-models\";\nimport { nameof } from \"@twin.org/nameof\";\nimport type { ITrustVerificationInfo, ITrustVerifier } from \"@twin.org/trust-models\";\nimport { Jwt } from \"@twin.org/web\";\nimport type { IJwtVerifiableCredentialVerifierConstructorOptions } from \"../models/IJwtVerifiableCredentialVerifierConstructorOptions.js\";\n\n/**\n * Class to verify a JWT Verifiable Credential.\n */\nexport class JwtVerifiableCredentialVerifier implements ITrustVerifier {\n\t/**\n\t * Runtime name for the class.\n\t */\n\tpublic static readonly CLASS_NAME: string = nameof<JwtVerifiableCredentialVerifier>();\n\n\t/**\n\t * The logging component.\n\t * @internal\n\t */\n\tprivate readonly _loggingComponent?: ILoggingComponent;\n\n\t/**\n\t * The identity component.\n\t * @internal\n\t */\n\tprivate readonly _identityComponent: IIdentityComponent;\n\n\t/**\n\t * Create a new instance of JwtVerifiableCredentialVerifier.\n\t * @param options The options for the service.\n\t */\n\tconstructor(options?: IJwtVerifiableCredentialVerifierConstructorOptions) {\n\t\tthis._loggingComponent = ComponentFactory.getIfExists(\n\t\t\toptions?.loggingComponentType ?? \"logging\"\n\t\t);\n\n\t\tthis._identityComponent = ComponentFactory.get(options?.identityComponentType ?? \"identity\");\n\t}\n\n\t/**\n\t * Returns the class name of the component.\n\t * @returns The class name of the component.\n\t */\n\tpublic className(): string {\n\t\treturn JwtVerifiableCredentialVerifier.CLASS_NAME;\n\t}\n\n\t/**\n\t * Verify a payload by checking the validity of its structure and content.\n\t * @param payload The payload to verify.\n\t * @param info Information extracted from previous verifiers and to be added by this verifier.\n\t * @param info.identity The identity associated with the payload.\n\t * @param errors Array to collect verification errors.\n\t * @returns Whether the payload is verified, returns undefined if payload was not processed.\n\t */\n\tpublic async verify(\n\t\tpayload: unknown,\n\t\tinfo: ITrustVerificationInfo,\n\t\terrors: IError[]\n\t): Promise<boolean | undefined> {\n\t\tif (Is.stringValue(payload)) {\n\t\t\tconst jwt = await Jwt.decode(payload);\n\n\t\t\tif (Is.objectValue(jwt.header) && Is.object(jwt.payload) && Is.uint8Array(jwt.signature)) {\n\t\t\t\tlet isVerified = true;\n\t\t\t\ttry {\n\t\t\t\t\tconst expiredMs = (Coerce.number(jwt.payload.exp) ?? 0) * 1000;\n\t\t\t\t\tif (expiredMs > 0 && expiredMs < Date.now()) {\n\t\t\t\t\t\terrors.push(\n\t\t\t\t\t\t\tnew GeneralError(JwtVerifiableCredentialVerifier.CLASS_NAME, \"tokenExpired\")\n\t\t\t\t\t\t);\n\t\t\t\t\t\tisVerified = false;\n\t\t\t\t\t}\n\n\t\t\t\t\tconst verificationResult =\n\t\t\t\t\t\tawait this._identityComponent.verifiableCredentialVerify(payload);\n\n\t\t\t\t\tconst verifiableCredential = verificationResult.verifiableCredential;\n\t\t\t\t\tif (Is.empty(verifiableCredential)) {\n\t\t\t\t\t\terrors.push(\n\t\t\t\t\t\t\tnew GeneralError(JwtVerifiableCredentialVerifier.CLASS_NAME, \"tokenMissingCredential\")\n\t\t\t\t\t\t);\n\t\t\t\t\t\tisVerified = false;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tinfo.data ??= {};\n\t\t\t\t\t\tinfo.data.verifiableCredential = JsonLdHelper.toNodeObject(verifiableCredential);\n\t\t\t\t\t}\n\n\t\t\t\t\tconst issuer: string | undefined = Is.stringValue(verifiableCredential?.issuer)\n\t\t\t\t\t\t? verifiableCredential?.issuer\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tif (Is.empty(issuer)) {\n\t\t\t\t\t\terrors.push(\n\t\t\t\t\t\t\tnew GeneralError(JwtVerifiableCredentialVerifier.CLASS_NAME, \"tokenMissingIssuer\")\n\t\t\t\t\t\t);\n\t\t\t\t\t\tisVerified = false;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tinfo.identity = issuer;\n\t\t\t\t\t}\n\n\t\t\t\t\tconst subject = verifiableCredential?.credentialSubject;\n\t\t\t\t\tif (Is.empty(subject)) {\n\t\t\t\t\t\terrors.push(\n\t\t\t\t\t\t\tnew GeneralError(JwtVerifiableCredentialVerifier.CLASS_NAME, \"tokenMissingSubject\")\n\t\t\t\t\t\t);\n\t\t\t\t\t\tisVerified = false;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tinfo.data ??= {};\n\t\t\t\t\t\tinfo.data.subject = JsonLdHelper.toNodeObject(subject);\n\t\t\t\t\t}\n\t\t\t\t} catch (err) {\n\t\t\t\t\tisVerified = false;\n\t\t\t\t\terrors.push(\n\t\t\t\t\t\tnew GeneralError(\n\t\t\t\t\t\t\tJwtVerifiableCredentialVerifier.CLASS_NAME,\n\t\t\t\t\t\t\t\"tokenDecodingFailed\",\n\t\t\t\t\t\t\tundefined,\n\t\t\t\t\t\t\tBaseError.fromError(err)\n\t\t\t\t\t\t)\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\treturn isVerified;\n\t\t\t}\n\t\t}\n\t}\n}\n"]}
|
package/docs/changelog.md
CHANGED
|
@@ -1,5 +1,33 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.0.3-next.8](https://github.com/twinfoundation/trust/compare/trust-verifiers-v0.0.3-next.7...trust-verifiers-v0.0.3-next.8) (2026-01-30)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Features
|
|
7
|
+
|
|
8
|
+
* verification info structure ([#10](https://github.com/twinfoundation/trust/issues/10)) ([8b09ec8](https://github.com/twinfoundation/trust/commit/8b09ec8128214b659f427fc3a985eb8ced9ed5dc))
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Dependencies
|
|
12
|
+
|
|
13
|
+
* The following workspace dependencies were updated
|
|
14
|
+
* dependencies
|
|
15
|
+
* @twin.org/trust-models bumped from 0.0.3-next.7 to 0.0.3-next.8
|
|
16
|
+
|
|
17
|
+
## [0.0.3-next.7](https://github.com/twinfoundation/trust/compare/trust-verifiers-v0.0.3-next.6...trust-verifiers-v0.0.3-next.7) (2025-12-04)
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
### Miscellaneous Chores
|
|
21
|
+
|
|
22
|
+
* **trust-verifiers:** Synchronize repo versions
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
### Dependencies
|
|
26
|
+
|
|
27
|
+
* The following workspace dependencies were updated
|
|
28
|
+
* dependencies
|
|
29
|
+
* @twin.org/trust-models bumped from 0.0.3-next.6 to 0.0.3-next.7
|
|
30
|
+
|
|
3
31
|
## [0.0.3-next.6](https://github.com/twinfoundation/trust/compare/trust-verifiers-v0.0.3-next.5...trust-verifiers-v0.0.3-next.6) (2025-12-04)
|
|
4
32
|
|
|
5
33
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@twin.org/trust-verifiers",
|
|
3
|
-
"version": "0.0.3-next.
|
|
3
|
+
"version": "0.0.3-next.8",
|
|
4
4
|
"description": "Verifiers for trust",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -15,10 +15,11 @@
|
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@twin.org/core": "next",
|
|
18
|
+
"@twin.org/data-json-ld": "next",
|
|
18
19
|
"@twin.org/identity-models": "next",
|
|
19
20
|
"@twin.org/logging-models": "next",
|
|
20
21
|
"@twin.org/nameof": "next",
|
|
21
|
-
"@twin.org/trust-models": "0.0.3-next.
|
|
22
|
+
"@twin.org/trust-models": "0.0.3-next.8",
|
|
22
23
|
"@twin.org/web": "next"
|
|
23
24
|
},
|
|
24
25
|
"main": "./dist/es/index.js",
|