@verii/verii-issuing 1.0.0-pre.1754543687

package/src/adapters/get-revocation-registry.js

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+/** @import { Issuer, Context } from "../../types/types" */
+
+const { hexFromJwk } = require('@verii/jwt');
+const { initRevocationRegistry } = require('@verii/metadata-registration');
+const { initCallWithKmsKey } = require('@verii/crypto');
+
+/**
+ * Get revocation registry
+ * @param {Issuer} issuer the issuer's dlt account
+ * @param {Context} context the context
+ * @returns {Promise<unknown>} the revocation registry contract
+ */
+const getRevocationRegistry = (issuer, context) => {
+  const {
+    config: { revocationContractAddress },
+    rpcProvider,
+  } = context;
+
+  return initCallWithKmsKey(context)(issuer.dltOperatorKMSKeyId, (key) =>
+    initRevocationRegistry(
+      {
+        contractAddress: revocationContractAddress,
+        rpcProvider,
+        privateKey: hexFromJwk(key.privateJwk),
+      },
+      context
+    )
+  );
+};
+
+module.exports = { getRevocationRegistry };

package/src/adapters/init-credential-metadata-contract.js

@@ -0,0 +1,102 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const {
+  initMetadataRegistry,
+  ALG_TYPE,
+} = require('@verii/metadata-registration');
+const { jsonLdToUnsignedVcJwtContent, hexFromJwk } = require('@verii/jwt');
+const { initCallWithKmsKey } = require('@verii/crypto');
+const { KeyAlgorithms } = require('@verii/crypto/src/constants');
+const { buildIssuerVcUrl } = require('./build-issuer-vc-url');
+
+/** @import { Issuer, CredentialMetadata, Context } from "../../types/types" */
+/**
+ * Creates a createCredentialMetadataEntry function
+ * @param {Issuer} issuer the issuer
+ * @param {Context} context the context
+ * @returns {Promise<{
+ *    addEntry: function(CredentialMetadata): Promise<void>,
+ *    createList: function(number): Promise<boolean>
+ *    }>} the contract interface to create metadata
+ */
+const initCredentialMetadataContract = async (issuer, context) => {
+  const { config, rpcProvider, caoDid } = context;
+
+  const credentialMetadataRegistry = await initCallWithKmsKey(context)(
+    issuer.dltOperatorKMSKeyId,
+    ({ privateJwk: dltJwk }) =>
+      initMetadataRegistry(
+        {
+          privateKey: hexFromJwk(dltJwk),
+          contractAddress: config.metadataRegistryContractAddress,
+          rpcProvider,
+        },
+        context
+      )
+  );
+
+  return {
+    /**
+     * Anchor credential metadata to the dlt
+     * @param {CredentialMetadata} metadata the credential metadata
+     * @returns {Promise<boolean>} true if entry is set
+     */
+    addEntry: (metadata) =>
+      credentialMetadataRegistry.addCredentialMetadataEntry(
+        metadata,
+        metadata.contentHash,
+        caoDid,
+        ALG_TYPE.COSEKEY_AES_256
+      ),
+    /**
+     * List to create on the dlt
+     * @param {number} listId list id to create
+     * @returns {Promise<boolean>} true if a list was created, false if it already existed
+     */
+    createList: async (listId) => {
+      const accountId = issuer.dltPrimaryAddress;
+      const { payload, header } = jsonLdToUnsignedVcJwtContent(
+        {
+          id: buildIssuerVcUrl(listId, issuer, context),
+          type: ['CredentialMetadataListHeader'],
+          issuer: issuer.did,
+          issuanceDate: new Date().toISOString(),
+          credentialSubject: { listId, accountId },
+        },
+        KeyAlgorithms.SECP256K1,
+        issuer.issuingServiceDIDKeyId
+      );
+
+      const issuerVC = await context.kms.signJwt(
+        payload,
+        issuer.issuingServiceKMSKeyId,
+        header
+      );
+
+      return credentialMetadataRegistry.createCredentialMetadataList(
+        accountId,
+        listId,
+        issuerVC,
+        caoDid,
+        ALG_TYPE.COSEKEY_AES_256
+      );
+    },
+  };
+};
+
+module.exports = { initCredentialMetadataContract };

package/src/adapters/mongo-allocation-list-queries.js

@@ -0,0 +1,123 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+/** @import { Issuer, AllocationListEntry, AllocationListQueries, Context } from "../../types/types" */
+
+const { toEthereumAddress } = require('@verii/blockchain-functions');
+const { hexFromJwk } = require('@verii/jwt');
+/**
+ * Returns the queries needed for allocating to DLT Lists
+ * @param {unknown} db the db connection
+ * @param {string} collectionName the collection name
+ * @returns {AllocationListQueries} queries to allocate to lists on a db
+ */
+const mongoAllocationListQueries = (db, collectionName) => {
+  /**
+   * Gets the next entry out of the list
+   * @param {string} entityName the name of the collection or table for the list
+   * @param {Issuer} issuer the issuer
+   * @param {Context} context the context
+   * @returns {AllocationListEntry} the next entry of the list
+   */
+  const allocateNextEntry = async (entityName, issuer, context) => {
+    const operatorAddress = await getOperatorAddress(issuer, context);
+    const result = await db.collection(collectionName).findOneAndUpdate(
+      {
+        tenantId: issuer.id,
+        operatorAddress,
+        entityName,
+        $and: [
+          { freeIndexes: { $exists: true } },
+          { freeIndexes: { $not: { $size: 0 } } },
+        ],
+      },
+      {
+        $pop: { freeIndexes: -1 },
+        $set: {
+          updatedAt: new Date(),
+        },
+      },
+      {
+        upsert: false,
+        returnNewDocument: false,
+        includeResultMetadata: true,
+      }
+    );
+    return {
+      listId: result.value.currentListId,
+      index: result.value.freeIndexes?.[0],
+      isNewList: false,
+    };
+  };
+
+  /**
+   * Create a new allocation list on ledger
+   * @param {string} entityName the name of the collection or table for the list
+   * @param {Issuer} issuer the issuer
+   * @param {number} newListId the new allocation list id
+   * @param {number[]} allocations the new allocations to use
+   * @param {Context} context the context
+   * @returns {AllocationListEntry} the first entry of the list
+   */
+  const createNewAllocationList = async (
+    entityName,
+    issuer,
+    newListId,
+    allocations,
+    context
+  ) => {
+    const operatorAddress = await getOperatorAddress(issuer, context);
+    await db.collection(collectionName).insertOne({
+      tenantId: issuer.id,
+      entityName,
+      freeIndexes: allocations.slice(1),
+      currentListId: newListId,
+      operatorAddress,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    });
+
+    return {
+      listId: newListId,
+      index: allocations[0],
+      isNewList: true,
+    };
+  };
+
+  return {
+    createNewAllocationList,
+    allocateNextEntry,
+  };
+};
+
+/**
+ * Gets the operator address
+ * @param {Issuer} issuer the issuer
+ * @param {Context} context the context
+ * @returns {string} the operator address
+ */
+const getOperatorAddress = async (issuer, { kms }) => {
+  if (issuer.dltOperatorAddress != null) {
+    return issuer.dltOperatorAddress;
+  }
+
+  const key = await kms.exportKeyOrSecret(issuer.dltOperatorKMSKeyId);
+  return toEthereumAddress(hexFromJwk(key.privateJwk));
+};
+
+module.exports = {
+  mongoAllocationListQueries,
+};

package/src/allocate-list-entries.js

@@ -0,0 +1,76 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+/** @import { Context, Issuer, AllocationListEntry, AllocationListQueries } from "../../types/types" */
+
+const { allocateArray } = require('./utils/allocate-array');
+const { generateListIndex } = require('./utils/generate-list-index');
+/**
+ * Allocates list entries
+ * @param {number} total the number of entries required (typically the number of offers)
+ * @param {Issuer}  issuer the issuer
+ * @param {string} entityName the entity name
+ * @param {number} listSize the list size
+ * @param {Context} context the context
+ * @returns {Promise<AllocationListEntry[]>} the allocated entries
+ */
+const allocateListEntries = async (
+  total,
+  issuer,
+  entityName,
+  listSize,
+  context
+) => {
+  const entries = [];
+  for (let i = 0; i < total; i += 1) {
+    entries.push(
+      // eslint-disable-next-line no-await-in-loop
+      await allocateListEntry(issuer, entityName, listSize, context)
+    );
+  }
+  return entries;
+};
+
+/**
+ * Gets the next list entry
+ * @param {Issuer} issuer the issuer
+ * @param {string} entityName the entity name
+ * @param {number} listSize the list size
+ * @param {Context} context the context
+ * @returns {Promise<AllocationListEntry>} the entry
+ */
+const allocateListEntry = async (issuer, entityName, listSize, context) => {
+  const { allocationListQueries: queries } = context;
+  try {
+    return await queries.allocateNextEntry(entityName, issuer, context);
+  } catch (error) {
+    const allocations = allocateArray(listSize);
+    const newListId = generateListIndex();
+    return queries.createNewAllocationList(
+      entityName,
+      issuer,
+      newListId,
+      allocations,
+      context
+    );
+  }
+};
+
+module.exports = {
+  allocateListEntries,
+  allocateListEntry,
+};

package/src/domain/build-verifiable-credentials.js

@@ -0,0 +1,116 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const { toLower } = require('lodash/fp');
+const { mapWithIndex } = require('@verii/common-functions');
+const {
+  generateJWAKeyPair,
+  get2BytesHash,
+  KeyAlgorithms,
+} = require('@verii/crypto');
+const { jsonLdToUnsignedVcJwtContent, jwtSign } = require('@verii/jwt');
+const { extractCredentialType } = require('@verii/vc-checks');
+const { hashOffer } = require('./hash-offer');
+const { buildRevocationUrl } = require('../adapters/build-revocation-url');
+const { prepareJsonLdCredential } = require('./prepare-jsonld-credential');
+
+/** @import { Issuer, AllocationListEntry, CredentialOffer, CredentialMetadata, CredentialTypeMetadata, Context } from "../types/types" */
+
+/**
+ * Builds the VCs
+ * @param {CredentialOffer[]} offers  array of offers
+ * @param {string} credentialSubjectId  optional field if credential subject needs to be bound into the offer
+ * @param {Issuer} issuer  the issuer
+ * @param {AllocationListEntry[]} metadataEntries metadata entries
+ * @param {AllocationListEntry[]} revocationListEntries revocation list entries
+ * @param {{[Name: string]: CredentialTypeMetadata}} credentialTypesMap the credential types
+ * @param {Context} context the context
+ * @returns {Promise<{metadata: CredentialMetadata, vcJwt: string}[]>} the vc and its metadata
+ */
+const buildVerifiableCredentials = async (
+  offers,
+  credentialSubjectId,
+  issuer,
+  metadataEntries,
+  revocationListEntries,
+  credentialTypesMap,
+  context
+) => {
+  return Promise.all(
+    mapWithIndex(async (offer, i) => {
+      const metadataEntry = metadataEntries[i];
+      const credentialType = extractCredentialType(offer);
+      const digitalSignatureAlgorithm =
+        credentialTypesMap[credentialType].defaultSignatureAlgorithm ??
+        KeyAlgorithms.SECP256K1;
+
+      const keyPair = generateJWAKeyPair(digitalSignatureAlgorithm);
+
+      const metadata = {
+        ...metadataEntry,
+        credentialType,
+        credentialTypeEncoded: get2BytesHash(credentialType), // TODO replace with bytes encoding from credentialMetadata
+        contentHash: hashOffer(offer),
+        publicKey: keyPair.publicKey,
+      };
+
+      const credentialId = buildVelocityCredentialMetadataDID(
+        metadataEntry,
+        issuer,
+        metadata.contentHash
+      );
+      const revocationUrl = buildRevocationUrl(
+        revocationListEntries[i],
+        issuer,
+        context
+      );
+      const jsonLdCredential = prepareJsonLdCredential(
+        issuer,
+        credentialSubjectId,
+        offer,
+        credentialId,
+        metadata.contentHash, // TODO remove June 2026
+        credentialTypesMap[metadata.credentialType],
+        revocationUrl,
+        context
+      );
+
+      const { header, payload } = jsonLdToUnsignedVcJwtContent(
+        jsonLdCredential,
+        digitalSignatureAlgorithm,
+        `${credentialId}#key-1`
+      );
+      const vcJwt = await jwtSign(payload, keyPair.privateKey, header);
+
+      return { metadata, jsonLdCredential, vcJwt };
+    }, offers)
+  );
+};
+
+/**
+ * Builds a credential metadata DID URI
+ * @param {AllocationListEntry} entry the list entry
+ * @param {Issuer} issuer the issuer
+ * @param {string} contentHash the content hash of the credential
+ * @returns {string} the DID URI for the location on the credential metadata list
+ */
+const buildVelocityCredentialMetadataDID = (entry, issuer, contentHash) =>
+  `did:velocity:v2:${toLower(issuer.dltPrimaryAddress)}:${entry.listId}:${
+    entry.index
+  }:${contentHash}`;
+
+module.exports = { buildVerifiableCredentials };

package/src/domain/hash-offer.js

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const { flow, pick } = require('lodash/fp');
+const canonicalize = require('canonicalize');
+const { hashAndEncodeHex } = require('@verii/crypto');
+/** @import { CredentialOffer } from "../types/types" */
+
+/**
+ * The hex encoded hash of the CredentialOffer
+ * @param {CredentialOffer} offer the offer to hash
+ * @returns {string} the hash of the offer encoded in hex
+ */
+const hashOffer = (offer) =>
+  flow(
+    pick(['credentialSubject', 'validFrom', 'expirationDate', 'validUntil']),
+    canonicalize,
+    hashAndEncodeHex
+  )(offer);
+
+module.exports = { hashOffer };