@verii/server-credentialagent 1.0.0-pre.1752076816

package/test/holder/helpers/credential-type-metadata.js

@@ -0,0 +1,98 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const nock = require('nock');
+const { castArray, every, includes, pick, keyBy } = require('lodash/fp');
+
+const credentialTypeMetadata = keyBy('credentialType', [
+  {
+    credentialType: 'EmailV1.0',
+    layer1: true,
+    schemaUrl:
+      'https://velocitynetwork.foundation/schemas/email-v1.0.schema.json',
+  },
+  {
+    credentialType: 'EmploymentCurrentV1.1',
+    layer1: true,
+    schemaUrl:
+      'https://velocitynetwork.foundation/schemas/employment-v1.1.schema.json',
+    jsonldContext: [
+      'https://velocitynetwork.foundation/contexts/layer1-credentials-v1.1.json',
+    ],
+  },
+  {
+    credentialType: 'EmploymentCurrentV1.0',
+    layer1: true,
+    schemaUrl:
+      'https://velocitynetwork.foundation/schemas/employment-v1.0.schema.json',
+    jsonldContext: [
+      'https://velocitynetwork.foundation/contexts/layer1-credentials-v1.0.json',
+    ],
+  },
+  {
+    credentialType: 'PastEmploymentPosition',
+    layer1: true,
+    schemaUrl: 'http://oracle.localhost.test/schemas/PastEmploymentPosition',
+    jsonldContext: [
+      'https://velocitynetwork.foundation/contexts/layer1-credentials-v1.1.json',
+    ],
+  },
+  {
+    credentialType: 'EducationDegree',
+    layer1: true,
+    schemaUrl:
+      'http://oracle.localhost.test/schemas/education-degree-v1.1.json',
+    jsonldContext: [
+      'https://velocitynetwork.foundation/contexts/layer1-credentials-v1.1.json',
+    ],
+  },
+  {
+    credentialType: '1EdtechCLR2.0',
+    layer1: false,
+    schemaUrl: 'https://imsglobal.org/schemas/clr-v2.0-schema.json',
+    jsonldContext: ['https://imsglobal.org/schemas/clr-context.json'],
+  },
+]);
+
+const nockCredentialTypes = (times = 2) => {
+  nock('http://oracle.localhost.test')
+    .get('/api/v0.6/credential-types')
+    .query((query) =>
+      every(
+        (credentialType) =>
+          includes(credentialType, Object.keys(credentialTypeMetadata)),
+        castArray(query.credentialType)
+      )
+    )
+    .times(times)
+    .reply(200, (uri) => {
+      const questionMarkIdx = uri.indexOf('?');
+      const searchParamsString = uri.substring(questionMarkIdx);
+      const query = new URLSearchParams(searchParamsString);
+      return Object.values(
+        pick(query.getAll('credentialType'), credentialTypeMetadata)
+      );
+    });
+};
+
+const freeCredentialTypesList = ['EmailV1.0', 'DrivingLicenseV1.0'];
+
+module.exports = {
+  credentialTypeMetadata,
+  nockCredentialTypes,
+  freeCredentialTypesList,
+};

package/test/holder/helpers/credentialagent-holder-build-fastify.js

@@ -0,0 +1,32 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { createTestServer } = require('@verii/server-provider');
+const { loadTestEnv, buildMongoConnection } = require('@verii/tests-helpers');
+
+loadTestEnv();
+
+const { flow } = require('lodash/fp');
+const { holderConfig } = require('../../../src/config/holder-config');
+const { initHolderServer } = require('../../../src/init-holder-server');
+
+const mongoConnection = buildMongoConnection('test-credential-agent');
+
+module.exports = (overrideConfig = {}) =>
+  flow(
+    createTestServer,
+    initHolderServer
+  )({ ...holderConfig, ...overrideConfig, mongoConnection });

package/test/holder/helpers/generate-presentation.js

@@ -0,0 +1,441 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { generateKeyPair } = require('@verii/crypto');
+const { mapWithIndex } = require('@verii/common-functions');
+const {
+  castArray,
+  fromPairs,
+  get,
+  map,
+  merge,
+  pick,
+  set,
+  values,
+  unset,
+  slice,
+  size,
+} = require('lodash/fp');
+const { nanoid } = require('nanoid/non-secure');
+const {
+  jwkFromSecp256k1Key,
+  generateDocJwt,
+  generateCredentialJwt,
+  generatePresentationJwt,
+  jwkThumbprint,
+} = require('@verii/jwt');
+const { ExchangeProtocols } = require('../../../src/entities');
+
+const credential1 = {
+  sub: 'did:velocity:0xda16fdbde1f8b73d1c981e6988bbca37fcdaa6ae',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0xda16fdbde1f8b73d1c981e6988bbca37fcdaa6ae',
+    type: ['IdDocumentV1.0', 'VerifiableCredential'],
+    issuer: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa',
+    credentialSubject: {
+      firstName: {
+        localized: {
+          en: 'Adam',
+        },
+      },
+      lastName: {
+        localized: {
+          en: 'Smith',
+        },
+      },
+      dob: {
+        day: 3,
+        month: 3,
+        year: 1971,
+      },
+      kind: 'DriversLicense',
+      authority: 'California DMV',
+      identityNumber: '12310312312',
+      location: {
+        countryCode: 'US',
+        regionCode: 'CA',
+      },
+      address: {
+        line1: '400 Bell St',
+        line2: 'East Palo Alto',
+        postcode: '94303',
+        regionCode: 'CA',
+        countryCode: 'US',
+      },
+    },
+    credentialStatus: {
+      id: 'https://credentialstatus.velocitycareerlabs.io',
+      type: 'VelocityRevocationRegistry',
+    },
+  },
+};
+
+const credential2 = {
+  sub: 'did:velocity:0x358f694f4ba5f00c15f7e92ecc3e4ccac7ca5f00',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x358f694f4ba5f00c15f7e92ecc3e4ccac7ca5f00',
+    type: ['CurrentEmploymentPosition', 'VerifiableCredential'],
+    issuer: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa',
+    issuanceDate: '2020-08-17T11:26:49.000Z',
+    credentialSubject: {
+      company: 'did:velocity:iamanissuer1234567890',
+      companyName: {
+        localized: {
+          en: 'ACME Corporation',
+        },
+      },
+      title: {
+        localized: {
+          en: 'Programme Manager',
+        },
+      },
+      startMonthYear: {
+        month: 2,
+        year: 2015,
+      },
+      location: {
+        countryCode: 'US',
+        regionCode: 'CA',
+      },
+      description:
+        'Responsible for digital transformation portfolio at ACME Corporation',
+    },
+    credentialStatus: {
+      id: 'https://credentialstatus.velocitycareerlabs.io',
+      type: 'VelocityRevocationRegistry',
+    },
+  },
+};
+
+const credential3 = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    type: ['EducationDegree', 'VerifiableCredential'],
+    issuer: { id: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    credentialSubject: {
+      school: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa',
+      schoolName: {
+        localized: {
+          en: 'University of Cambridge',
+        },
+      },
+      degreeName: {
+        localized: {
+          en: 'Bachelor',
+        },
+      },
+      program: {
+        localized: {
+          en: 'Computer Science',
+        },
+      },
+      startMonthYear: {
+        month: 9,
+        year: 2002,
+      },
+      endMonthYear: {
+        month: 5,
+        year: 2005,
+      },
+    },
+    credentialStatus: {
+      id: 'https://credentialstatus.velocitycareerlabs.io',
+      type: 'VelocityRevocationRegistry',
+    },
+  },
+};
+
+const credential4 = {
+  sub: 'did:ethr.0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:ethr.0x0a63c18d09d5430363b2f3b270698a677fb513e5',
+    type: ['EmailV1.0', 'VerifiableCredential'],
+    issuer: { id: 'did:ethr.0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    credentialSubject: {
+      email: 'adam.smith@example.com',
+    },
+  },
+};
+
+const idDocPayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: { id: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['IdDocumentV1.0', 'VerifiableCredential'],
+    credentialSubject: {
+      person: {
+        givenName: 'Sam',
+        familyName: 'Smith',
+      },
+      validity: {
+        validFrom: '2017-09-01',
+        validUntil: '2021-09-01',
+      },
+    },
+  },
+};
+
+const driversLicensePayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa',
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['DriversLicensesV1.0', 'VerifiableCredential'],
+    credentialSubject: {
+      person: {
+        givenName: 'Sam',
+        familyName: 'Smith',
+      },
+      identifier: '2200221100',
+    },
+  },
+};
+
+const legacyIdDocPayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: { id: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['IdDocument', 'VerifiableCredential'],
+    credentialSubject: {
+      firstName: { localized: { en: 'Sam' } },
+      lastName: { localized: { en: 'Smith' } },
+    },
+    validFrom: '2017-09-01',
+    validUntil: '2021-09-01',
+  },
+};
+
+const verificationIdentifierPayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: { id: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['VerificationIdentifier', 'VerifiableCredential'],
+    credentialSubject: {
+      id: 'dff447309917830',
+    },
+  },
+};
+
+const phonePayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: { id: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['PhoneV1.0', 'VerifiableCredential'],
+    credentialSubject: {
+      phone: '+447309917830',
+    },
+  },
+};
+
+const emailPayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa',
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['EmailV1.0', 'VerifiableCredential'],
+    credentialSubject: {
+      email: 'adam.smith@example.com',
+    },
+  },
+};
+const legacyEmailPayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa',
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['Email', 'VerifiableCredential'],
+    credentialSubject: {
+      email: 'adam.smith@example.com',
+    },
+  },
+};
+
+const whateverPayload = {
+  sub: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+  vc: {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: 'did:velocity:0x0a63c18d09d5430363b2f3b270698a677fb513e4',
+    issuer: { id: 'did:velocity:0x0b154da48d0f213c26c4b1d040dc5ff1dbf99ffa' },
+    issuanceDate: '2020-08-17T11:27:06.000Z',
+    type: ['Whatever', 'VerifiableCredential'],
+    credentialSubject: {
+      email: 'adam.smith@example.com',
+    },
+  },
+};
+
+const { privateKey, publicKey } = generateKeyPair();
+
+const generateKYCPresentation = (exchange, idDocTypes, options) => {
+  const idCredentials = {
+    email: emailPayload,
+    legacyEmail: legacyEmailPayload,
+    phone: phonePayload,
+    idDocument: idDocPayload,
+    driversLicense: driversLicensePayload,
+    legacyIdDocument: legacyIdDocPayload,
+    verificationIdentifier: verificationIdentifierPayload,
+    whateverIdentifier: whateverPayload,
+    whateverWithLogoName: {
+      ...emailPayload,
+      vc: {
+        ...emailPayload.vc,
+        issuer: {
+          id: emailPayload.vc.issuer,
+          image: 'https://example.com/image.png',
+          name: 'Whatever',
+        },
+      },
+    },
+  };
+
+  const selectedCredentials = idDocTypes
+    ? pick(castArray(idDocTypes), idCredentials)
+    : values(idCredentials);
+
+  return doGeneratePresentation(selectedCredentials, exchange, options);
+};
+
+const generatePresentation = (exchange) => {
+  return doGeneratePresentation(
+    [credential1, credential2, credential3, credential4],
+    exchange
+  );
+};
+
+const doGeneratePresentation = async (
+  credentials,
+  exchange,
+  options = { isBrokeVCS: false }
+) => {
+  const signedCredentials = await Promise.all(
+    map((c) => generateCredentialJwt(c, privateKey), credentials)
+  );
+
+  const publicJwk = jwkFromSecp256k1Key(publicKey, false);
+
+  const presentation =
+    get('protocolMetadata.protocol', exchange) === ExchangeProtocols.OIDC_SIOP
+      ? {
+          id: nanoid(),
+          state: exchange._id,
+          sub: await jwkThumbprint(publicJwk),
+          sub_jwk: publicJwk,
+          aud: exchange.protocolMetadata.redirect_uri,
+          nonce: exchange.protocolMetadata.nonce,
+          iss: 'https://self-issuanceDate.me',
+          ...fromPairs(
+            mapWithIndex(
+              (c, i) => [`signedCredential${i + 1}`, c],
+              signedCredentials
+            )
+          ),
+          presentation_submission: {
+            id: nanoid(),
+            definition_id: `${exchange._id}.${exchange.disclosureId}`,
+            descriptor_map: mapWithIndex(
+              (c, i) => ({
+                id: nanoid(),
+                path: `$.signedCredential${i + 1}`,
+                format: 'jwt_vc',
+              }),
+              signedCredentials
+            ),
+          },
+        }
+      : {
+          id: nanoid(),
+          issuer: 'https://self-issuanceDate.me',
+          verifiableCredential: options.isBrokeVCS
+            ? [
+                ...slice(0, 1, signedCredentials),
+                ...Array(size(signedCredentials) - 1).fill(''),
+              ]
+            : signedCredentials,
+          presentation_submission: {
+            id: nanoid(),
+            definition_id: `${exchange._id}.${exchange.disclosureId}`,
+            descriptor_map: mapWithIndex(
+              (c, i) => ({
+                id: nanoid(),
+                path: `$.verifiableCredential[${i}]`,
+                format: 'jwt_vc',
+              }),
+              signedCredentials
+            ),
+          },
+        };
+
+  return {
+    presentation,
+    credentials,
+    override(overrides) {
+      return merge(this, { presentation: overrides });
+    },
+    delete(key) {
+      return set('presentation', unset(key, this.presentation), this);
+    },
+    sign(kid, personPrivateKey, issuer = 'https://self-issuanceDate.me') {
+      this.presentation.issuer = issuer;
+      return generatePresentationJwt(this.presentation, personPrivateKey, kid);
+    },
+    selfSign() {
+      return get('protocolMetadata.protocol', exchange) ===
+        ExchangeProtocols.OIDC_SIOP
+        ? generateDocJwt(this.presentation, privateKey, {
+            // iss: this.presentation.iss,
+            aud: this.presentation.aud,
+            jti: nanoid(),
+          })
+        : generatePresentationJwt(this.presentation, privateKey);
+    },
+  };
+};
+
+module.exports = {
+  generatePresentation,
+  generateKYCPresentation,
+  idDocPayload,
+  legacyIdDocPayload,
+  emailPayload,
+  phonePayload,
+  verificationIdentifierPayload,
+};

package/test/holder/helpers/generate-test-access-token.js

@@ -0,0 +1,54 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const { jwtSign } = require('@verii/jwt');
+const { getUnixTime } = require('date-fns/fp');
+const { nanoid } = require('nanoid');
+
+const generateTestAccessToken = (
+  id,
+  issuer,
+  subject,
+  scope,
+  payload,
+  expiresIn,
+  exp,
+  privateKey,
+  kid
+) => {
+  const tokenPayload = payload != null ? { ...payload } : {};
+  if (scope != null) {
+    tokenPayload.scope = scope;
+  }
+  const t = getUnixTime(new Date());
+  const options = {
+    iat: t,
+    nbf: t,
+    jti: id == null ? nanoid(16) : id.toString(),
+    issuer,
+    subject,
+    audience: issuer,
+    expiresIn,
+    exp,
+  };
+  if (kid != null) {
+    options.kid = kid;
+  }
+  return jwtSign(tokenPayload, privateKey, options);
+};
+
+module.exports = { generateTestAccessToken };

package/test/holder/helpers/jwt-access-token-expectation.js

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const jwtAccessTokenExpectation = (tenant, header, payload) => ({
+  header: { alg: 'ES256K', typ: 'JWT', kid: '#exchanges-1', ...header },
+  payload: {
+    aud: tenant.did,
+    iss: tenant.did,
+    exp: expect.any(Number),
+    iat: expect.any(Number),
+    nbf: expect.any(Number),
+    jti: expect.any(String),
+    sub: expect.any(String),
+    ...payload,
+  },
+});
+
+module.exports = { jwtAccessTokenExpectation };