@verii/verifgen 1.0.0-pre.1752076816

package/src/verifgen-credential.js

@@ -0,0 +1,119 @@
+const console = require('console');
+const { program } = require('commander');
+const { generateCredentialJwt } = require('@verii/jwt');
+const common = require('./common');
+
+const doGenerateJwt = async (selfsign, issuer, credentialType, credential) => {
+  const { didObject: credentialDid, privateKey: credentialPrivateKey } =
+    common.generateDid(issuer);
+
+  const payload = createPayload(
+    credential,
+    credentialType,
+    issuer.did.id,
+    credentialDid.id
+  );
+
+  if (selfsign) {
+    console.info(`Generating self signed ${credentialType} credential`);
+    return {
+      jwt: await generateCredentialJwt(payload, credentialPrivateKey),
+    };
+  }
+
+  console.info(`Generating ${credentialType} credential`);
+  return {
+    jwt: await generateCredentialJwt(
+      payload,
+      credentialPrivateKey,
+      `${credentialDid.id}#key-1`
+    ),
+    credentialDid,
+  };
+};
+
+const writeFiles = (outputPrefix, { jwt, credentialDid }) => {
+  const jwtFile = `${outputPrefix}.jwt`;
+  const didFile = `${outputPrefix}.did`;
+
+  common.writeFile(jwtFile, jwt);
+  if (credentialDid) {
+    common.writeFile(didFile, JSON.stringify(credentialDid, null, 2));
+  }
+};
+
+const isFilePath = (str) =>
+  str.startsWith('./') || str.startsWith('../') || str.startsWith('/');
+
+const loadCredentialSource = (sourceTemplateOrFile) => {
+  return isFilePath(sourceTemplateOrFile)
+    ? sourceTemplateOrFile
+    : common.resolveTemplate(sourceTemplateOrFile);
+};
+
+const generateCredential = async (
+  sourceTemplate,
+  selfsign,
+  issuerPersona,
+  credentialType,
+  outputPrefix
+) => {
+  const issuerPrefix = issuerPersona || (selfsign ? 'self' : 'issuer');
+
+  try {
+    const issuer = common.loadPersonaFiles(issuerPrefix);
+    const credential = JSON.parse(
+      common.readFile(
+        loadCredentialSource(sourceTemplate),
+        'Source template not found'
+      )
+    );
+
+    const result = await doGenerateJwt(
+      selfsign,
+      issuer,
+      credentialType,
+      credential
+    );
+
+    writeFiles(outputPrefix, result);
+  } catch (ex) {
+    common.printError(ex);
+  }
+};
+
+const createPayload = (credential, credentialType, issuer, did) => {
+  return {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: did,
+    type: [credentialType, 'VerifiableCredential'],
+    issuer,
+    issuanceDate: new Date().toISOString(),
+    credentialSubject: credential,
+  };
+};
+
+program
+  .name('verifgen credential')
+  .description('Generate a verifiable credential')
+  .usage('[source-template] [options]')
+  .arguments('[source-template]')
+  .option('-s, --self-sign', 'Self sign?')
+  .option('-i, --issuer-persona <filename>', 'Issuer Persona')
+  .option('-t, --credential-type <type>', 'Credential type', 'IdentityDocument')
+  .option(
+    '-o, --output-prefix <filename>',
+    'Output credential file prefix',
+    'credential'
+  )
+  .action((sourceTemplate) => {
+    const options = program.opts();
+    return generateCredential(
+      sourceTemplate,
+      options.selfSign,
+      options.issuerPersona,
+      options.credentialType,
+      options.outputPrefix
+    );
+  })
+  .parse(process.argv);

package/src/verifgen-did.js

@@ -0,0 +1,32 @@
+const { program } = require('commander');
+const common = require('./common');
+
+const generateDidFiles = ({ persona, controllerPersona }) => {
+  try {
+    const controller = controllerPersona
+      ? common.loadPersonaFiles(controllerPersona)
+      : null;
+
+    const { privateKey, didObject } = common.generateDid(controller);
+    const privateKeyFileName = `${persona}.prv.key`;
+    const didFileName = `${persona}.did`;
+
+    common.writeFile(privateKeyFileName, privateKey);
+    common.writeFile(didFileName, JSON.stringify(didObject, null, 2));
+  } catch (ex) {
+    common.printError(ex);
+  }
+};
+
+program
+  .name('verifgen did')
+  .description('Generates a did with a public key, and a separate private key')
+  .usage('[options]')
+  .option('-c, --controller-persona <name>', 'Input controller persona', null)
+  .option(
+    '-p, --persona <name>',
+    'Name of the persona that the did is being generated for',
+    'self'
+  )
+  .action(() => generateDidFiles(program.opts()))
+  .parse(process.argv);

package/src/verifgen-jwt.js

@@ -0,0 +1,43 @@
+const { program } = require('commander');
+const got = require('got');
+const { printInfo, printError, writeFile } = require('./common');
+
+const environments = {
+  dev: 'https://devauth.velocitynetwork.foundation/oauth/token',
+  staging: 'https://stagingauth.velocitynetwork.foundation/oauth/token',
+  prod: 'https://auth.velocitynetwork.foundation/oauth/token',
+};
+
+const generateJwt = async ({ clientId, clientSecret, environment }) => {
+  const url = environments[environment];
+  return got
+    .post(url, {
+      headers: { 'content-type': 'application/json' },
+      json: {
+        grant_type: 'client_credentials',
+        audience: 'https://velocitynetwork.node',
+        client_id: clientId,
+        client_secret: clientSecret,
+      },
+    })
+    .json();
+};
+
+program
+  .name('verifgen jwt')
+  .description('Generate JWT')
+  .usage('[options]')
+  .option('-ci, --client-id <id>', 'Client id')
+  .option('-cs, --client-secret <secret>', 'Client secret')
+  .option('-e, --environment <environment>', 'Auth0 environment')
+  .action(async () => {
+    const options = program.opts();
+    try {
+      const data = await generateJwt(options);
+      writeFile(`node-operator-${Date.now()}.jwt`, JSON.stringify(data));
+      printInfo(data);
+    } catch (error) {
+      printError(error);
+    }
+  })
+  .parse(process.argv);

package/src/verifgen-keys.js

@@ -0,0 +1,34 @@
+const { program } = require('commander');
+const { generateKeyPair } = require('@verii/crypto');
+const common = require('./common');
+
+const generateKeys = (publicKeyFile, privateKeyFile) => {
+  try {
+    const { privateKey, publicKey } = generateKeyPair();
+
+    common.writeFile(publicKeyFile, publicKey);
+    common.writeFile(privateKeyFile, privateKey);
+  } catch (ex) {
+    common.printError(ex);
+  }
+};
+
+program
+  .name('verifgen personal keys')
+  .description('Generates a public and private key pair')
+  .usage('[options]')
+  .option(
+    '-b, --public-key-file <filename>',
+    'Output public key file name',
+    'pub.key'
+  )
+  .option(
+    '-v, --private-key-file <filename>',
+    'Output private key file name',
+    'prv.key'
+  )
+  .action(() => {
+    const options = program.opts();
+    return generateKeys(options.publicKeyFile, options.privateKeyFile);
+  })
+  .parse(process.argv);

package/src/verifgen-presentation.js

@@ -0,0 +1,153 @@
+const { program } = require('commander');
+const { map, isEmpty } = require('lodash/fp');
+const { nanoid } = require('nanoid');
+const {
+  generatePresentationJwt,
+  toJwk,
+  publicKeyFromPrivateKey,
+} = require('@verii/jwt');
+const { mapWithIndex } = require('@verii/common-functions');
+const { generateKeyPair } = require('@verii/crypto');
+const { getDidUriFromJwk } = require('@verii/did-doc');
+const { VnfProtocolVersions } = require('@verii/vc-checks');
+
+const common = require('./common');
+
+const generatePresentation = async ({
+  credentialSources,
+  issuerPersona,
+  presentationRequestFilename,
+  presentationFile,
+  vendorOriginContext,
+  protocolVersion,
+}) => {
+  try {
+    const credentials = map(
+      (credentialSource) =>
+        common.readFile(`${credentialSource}`, 'JWT not found'),
+      credentialSources
+    );
+
+    const presentationRequest = JSON.parse(
+      common.readFile(
+        `${presentationRequestFilename}`,
+        'Presentation Request not found'
+      )
+    );
+
+    const { issuer, privateKey } = loadIssuerData(issuerPersona);
+    const parsedIssuer = getIssuer({ issuer, protocolVersion });
+    const payload = createPayload({
+      credentials,
+      presentationRequest,
+      issuer: parsedIssuer,
+      vendorOriginContext,
+    });
+    const generatePresentationJwtFunction =
+      protocolVersion < VnfProtocolVersions.VNF_PROTOCOL_VERSION_2
+        ? generatePresentationJwt(payload, privateKey)
+        : generatePresentationJwt(
+            payload,
+            issuer.privateKey,
+            `${parsedIssuer}#0`
+          );
+    const presentationJwt = await generatePresentationJwtFunction;
+
+    common.writeFile(`${presentationFile}.jwt`, presentationJwt);
+  } catch (ex) {
+    common.printError(ex);
+  }
+};
+
+const createPayload = ({
+  credentials,
+  presentationRequest,
+  issuer,
+  vendorOriginContext,
+}) => {
+  const presentationDefinition =
+    presentationRequest?.presentation_request?.presentation_definition ??
+    presentationRequest?.issuing_request?.presentation_definition;
+  const payload = {
+    '@context': ['https://www.w3.org/2018/credentials/v1'],
+    id: nanoid(),
+    issuer,
+    verifiableCredential: credentials,
+    presentation_submission: {
+      id: nanoid(),
+      definition_id: presentationDefinition.id,
+      descriptor_map: mapWithIndex(
+        (c, i) => ({
+          id: nanoid(),
+          path: `$.verifiableCredential[${i}]`,
+          format: 'jwt_vc',
+        }),
+        credentials
+      ),
+    },
+  };
+  if (!isEmpty(vendorOriginContext)) {
+    payload.vendorOriginContext = vendorOriginContext;
+  }
+  return payload;
+};
+
+const getIssuer = ({ issuer, protocolVersion }) => {
+  if (protocolVersion < VnfProtocolVersions.VNF_PROTOCOL_VERSION_2) {
+    return issuer == null ? 'https://self-issued.me' : issuer.did.id;
+  }
+
+  if (isEmpty(issuer?.privateKey)) {
+    throw new Error('Issuer Persona is required');
+  }
+
+  const publicKey = publicKeyFromPrivateKey(issuer?.privateKey);
+  return getDidUriFromJwk(toJwk(publicKey, false));
+};
+
+const loadIssuerData = (issuerPersona) => {
+  if (issuerPersona == null) {
+    return { privateKey: generateKeyPair({ format: 'jwk' }).privateKey };
+  }
+  const issuer = common.loadPersonaFiles(issuerPersona);
+
+  const { privateKey } = common.generateDid(issuer);
+  return {
+    issuer,
+    privateKey,
+  };
+};
+
+program
+  .name('verifgen presentation')
+  .description('Generate a verifiable presentation')
+  .usage('[options]')
+  .option('-c, --credential-sources [value...]', 'Credential sources', [])
+  .option(
+    '-r, --request <presentation-request-filename>',
+    'Presentation Request',
+    'presentation-request.json'
+  )
+  .option('-i, --issuer-persona <persona>', 'Issuer Persona')
+  .option('-p, --protocol-version <protocolVersion>', 'VNF protocol version', 1)
+  .option(
+    '-o, --output-presentation-fileprefix <filename>',
+    'Output presentation JWT file prefix',
+    'presentation'
+  )
+  .option(
+    '-v, --vendor-origin-context <vendor-origin-context>',
+    'A preauthorization code or access token'
+  )
+  .action(() => {
+    const options = program.opts();
+    return generatePresentation({
+      credentialSources: options.credentialSources,
+      issuerPersona: options.issuerPersona,
+      presentationRequestFilename: options.request,
+      presentationFile: options.outputPresentationFileprefix,
+      vendorOriginContext: options.vendorOriginContext,
+      protocolVersion: options.protocolVersion,
+    });
+  })
+  .parse(process.argv);

package/src/verifgen-proof/generate-proof.js

@@ -0,0 +1,53 @@
+const { isEmpty } = require('lodash/fp');
+const { jwtSign, publicKeyFromPrivateKey, toJwk } = require('@verii/jwt');
+const { getDidUriFromJwk } = require('@verii/did-doc');
+const common = require('../common');
+
+const generateProof = async (options) => {
+  try {
+    const nonce = loadNonce(options);
+    const personaInfo = await common.loadPersonaFiles(options.persona);
+    const publicKey = publicKeyFromPrivateKey(personaInfo.privateKey);
+    const proofJwt = await buildProofJwt({
+      nonce,
+      keyPair: {
+        publicKey,
+        privateKey: personaInfo.privateKey,
+      },
+      options,
+    });
+    common.printInfo(`\nGenerated proof jwt:\n${proofJwt}\n`);
+    common.writeFile('proof.jwt', proofJwt);
+    return proofJwt;
+  } catch (ex) {
+    common.printError(ex);
+    throw ex;
+  }
+};
+
+const loadNonce = (options) => {
+  if (!isEmpty(options.challenge)) {
+    return options.challenge;
+  }
+
+  const response = JSON.parse(
+    common.readFile(`${options.response}`, 'Generate Offers Response not found')
+  );
+  return response.challenge;
+};
+
+const buildProofJwt = async ({ nonce, keyPair, options }) => {
+  const kid = getDidUriFromJwk(toJwk(keyPair.publicKey, false));
+  const jwt = await jwtSign(
+    { aud: options.audience, nonce, iss: kid },
+    toJwk(keyPair.privateKey),
+    {
+      kid: `${kid}#0`,
+    }
+  );
+  return jwt;
+};
+
+module.exports = {
+  generateProof,
+};

package/src/verifgen-proof/verifgen-proof.js

@@ -0,0 +1,32 @@
+const { program } = require('commander');
+const common = require('../common');
+const { generateProof } = require('./generate-proof');
+
+program
+  .name('verifgen proof')
+  .description('Generate a proof')
+  .usage('[options]')
+  .option(
+    '-c, --challenge <challenge>',
+    'Challenge from generate-offers response'
+  )
+  .option(
+    '-r, --response <generate-offers-response-filename>',
+    'Generate Offers Response filename',
+    'generate-offers-response.json'
+  )
+  .requiredOption(
+    '-a, --audience <audience>',
+    'The audience to use when signing the proof'
+  )
+  .requiredOption(
+    '-p, --persona <persona>',
+    'The persona that will sign the proof. Must be hex format.'
+  )
+  .action(() => {
+    const options = program.opts();
+    common.printInfo('Generating proof');
+    common.printInfo(`Options: ${JSON.stringify(options, null, 2)}`);
+    return generateProof(options);
+  })
+  .parse(process.argv);

package/src/verifgen-templates.js

@@ -0,0 +1,36 @@
+const console = require('console');
+const fs = require('fs');
+const path = require('path');
+const { program } = require('commander');
+const common = require('./common');
+
+const viewTemplates = (printTemplate) => {
+  try {
+    if (printTemplate) {
+      const file = common.resolveTemplate(printTemplate);
+      const fileContent = common.readFile(file, 'Failed to read template');
+
+      console.info(fileContent);
+    } else {
+      const files = fs.readdirSync(common.templatesPath);
+
+      files.forEach((file) => console.info(path.basename(file, '.json')));
+    }
+  } catch (ex) {
+    common.printError(ex);
+  }
+};
+
+program
+  .name('verifgen templates')
+  .description('View available sample templates')
+  .usage('[options]')
+  .option(
+    '-p, --print-template <template-name>',
+    'Prints content of sample template <template-name>'
+  )
+  .action(() => {
+    const options = program.opts();
+    return viewTemplates(options.printTemplate);
+  })
+  .parse(process.argv);

package/src/verifgen-verify.js

@@ -0,0 +1,133 @@
+const { program } = require('commander');
+const fs = require('fs');
+const { all, find, get, last, map } = require('lodash/fp');
+const {
+  initDoVerifyCredentialChecks,
+  initVerifyIssuerChain,
+} = require('@verii/verifiable-credentials');
+const { decodePresentationJwt } = require('@verii/jwt');
+const { extractVerificationKey } = require('@verii/did-doc');
+const console = require('console');
+const common = require('./common');
+
+const context = { log: console };
+
+const verifyVcs = async (presentation, issuerChains, credentialDids) => {
+  const buildDidChain = () => issuerChains;
+  const verifyIssuerChain = initVerifyIssuerChain(
+    extractVerificationKey(get('publicKey[0].id', last(issuerChains)))
+  );
+  const { verifiableCredential } = decodePresentationJwt(presentation);
+
+  return Promise.all(
+    map((credential) => {
+      const doVerifyCredentialChecks = initDoVerifyCredentialChecks({
+        resolveDID: () => find({ id: credential.id }, credentialDids),
+        buildDidChain,
+        verifyIssuerChain,
+      });
+
+      return doVerifyCredentialChecks(credential, context);
+    }, verifiableCredential)
+  );
+};
+
+const verifyPresentation = async (presentation, issuerChains) => {
+  const presentationJwtFile = `${presentation}.jwt`;
+
+  const presentationJwt = common.readFile(
+    presentationJwtFile,
+    'Presentation JWT not found'
+  );
+  const credentials = await verifyVcs(presentationJwt, issuerChains);
+
+  console.info(
+    JSON.stringify(
+      map(
+        ({ credentialChecks, ...credential }) => ({
+          credential,
+          credentialChecks,
+        }),
+        credentials
+      )
+    )
+  );
+
+  if (
+    all(
+      (credential) => credential.credentialChecks.UNTAMPERED === 'PASS',
+      credentials
+    )
+  ) {
+    console.info('Presentation credentials look good');
+    process.exit(0);
+  } else {
+    console.info('Presentation credentials have been tampered with');
+    process.exit(1);
+  }
+};
+
+const verifyCredential = async (credentialSource, issuerChains) => {
+  const credentialJwtFile = `${credentialSource}.jwt`;
+  const credentialDidFile = `${credentialSource}.did`;
+
+  const credentialDid = fs.existsSync(credentialDidFile)
+    ? JSON.parse(common.readFile(credentialDidFile, 'DID not found'))
+    : null;
+
+  const credentialJwt = common.readFile(credentialJwtFile, 'JWT not found');
+
+  const { credentialChecks, ...credential } =
+    await initDoVerifyCredentialChecks(credentialJwt, {
+      log: console,
+      buildDidChain: () => issuerChains,
+      verifyIssuerChain: initVerifyIssuerChain({
+        vnfPublicKeyId: get('publicKey[0].id', last(issuerChains)),
+      }),
+      resolveCredentialDid: () => credentialDid,
+    });
+
+  console.info(JSON.stringify({ credential, credentialChecks }, null, 2));
+  if (credentialChecks.UNTAMPERED === 'PASS') {
+    console.info('Credential looks good');
+    process.exit(0);
+  } else {
+    console.info('Credential has been tampered with');
+    process.exit(1);
+  }
+};
+
+const verify = async (credentialSource, presentation, issuerPersonas) => {
+  try {
+    const issuerChains = map(
+      (issuerPersona) =>
+        JSON.parse(common.readFile(`${issuerPersona}.did`, 'DID not found')),
+      issuerPersonas
+    );
+
+    if (credentialSource) {
+      await verifyCredential(credentialSource, issuerChains);
+    } else if (presentation) {
+      await verifyPresentation(presentation, issuerChains);
+    }
+  } catch (ex) {
+    common.printError(ex);
+  }
+};
+
+program
+  .name('verifgen verify')
+  .description('Verify a credential')
+  .usage('[options]')
+  .option('-c, --credential-source <source>', 'Credential source')
+  .option('-p, --presentation <source>', 'presentation source')
+  .option('-i, --issuer-personas [personas...]', 'Issuer personas', ['vnf'])
+  .action(() => {
+    const options = program.opts();
+    return verify(
+      options.credentialSource,
+      options.presentation,
+      options.issuerPersonas
+    );
+  })
+  .parse(process.argv);

package/src/verifgen.js

@@ -0,0 +1,41 @@
+const { program } = require('commander');
+const packageJson = require('../package.json');
+
+program
+  .version(packageJson.version, '-v, --vers', 'Current tool version')
+  .command('templates', 'View available sample templates', {
+    executableFile: `${__dirname}/verifgen-templates.js`,
+  })
+  .command('keys', 'Generates a public and private key pair', {
+    executableFile: `${__dirname}/verifgen-keys.js`,
+  })
+  .command('address', 'Generates an account address', {
+    executableFile: `${__dirname}/verifgen-address.js`,
+  })
+  .command('credential', 'Generate a verifiable credential', {
+    executableFile: `${__dirname}/verifgen-credential.js`,
+  })
+  .command('presentation', 'Generate a verifiable presentation', {
+    executableFile: `${__dirname}/verifgen-presentation.js`,
+  })
+  .command('verify', 'Verify credential or presentation', {
+    executableFile: `${__dirname}/verifgen-verify.js`,
+  })
+  .command('did', 'Generate a DID', {
+    executableFile: `${__dirname}/verifgen-did.js`,
+  })
+  .command('jwt', 'Generate Signed JWTs for NO Voters', {
+    executableFile: `${__dirname}/verifgen-jwt.js`,
+  })
+  .command('agent-jwt', 'Generate JWTs for agent', {
+    executableFile: `${__dirname}/verifgen-agent-jwt-generator.js`,
+  })
+  .command('asymmetric-jwt', 'Generate JWTs using asymmetric keys', {
+    executableFile: `${__dirname}/verifgen-asymmetric-jwt.js`,
+  })
+  .command('proof', 'Generate a proof', {
+    executableFile: `${__dirname}/verifgen-proof/verifgen-proof.js`,
+  })
+  .usage('[command] [options]')
+  .passThroughOptions()
+  .parse(process.argv);