@zkpassport/sdk 0.10.0 → 0.11.0-beta.2

package/dist/cjs/types.d.cts

@@ -175,8 +175,17 @@ type QueryBuilder = {
      * e.g. "US", ["US", "GB", "CH", "EU"], "all"
      * @param lists The specific lists from a given country to check against. Defaults to "all".
      * e.g. ["OFAC_SDN"], "all"
-     */
-    sanctions: (countries?: SanctionsCountries, lists?: SanctionsLists) => QueryBuilder;
+     * @param options The options to use for the sanction check.
+     * @param options.strict Whether to use a strict sanction check. Defaults to false.
+     *
+     * If set to true, this means the checks will be done against just the lastname and firstname,
+     * while when set to false, matches will need to include either the date of birth and name or
+     * the passport number and nationality.
+     * Strict mode has therefore a higher false positive rate but is harder to evade.
+     */
+    sanctions: (countries?: SanctionsCountries, lists?: SanctionsLists, options?: {
+        strict?: boolean;
+    }) => QueryBuilder;
     /**
      * This feature is not available yet in the public release of the app.
      * Requires that the ID holder's face matches the photo on the ID.

package/dist/esm/{chunk-O7ZONMCQ.js → chunk-6IK5VUOR.js}

@@ -18,7 +18,7 @@ import {
   getCommitmentOutFromIntegrityProof,
   getCommitmentInFromDisclosureProof,
   getMerkleRootFromDSCProof,
-  getCurrentDateFromIntegrityProof,
+  getCurrentDateFromDisclosureProof,
   DisclosedData,
   formatName,
   getNumberOfPublicInputs,
@@ -28,7 +28,6 @@ import {
   getDateParameterCommitment,
   getCertificateRegistryRootFromOuterProof,
   getParamCommitmentsFromOuterProof,
-  getCurrentDateFromCommittedInputs,
   getMinAgeFromCommittedInputs,
   getMaxAgeFromCommittedInputs,
   getAgeParameterCommitment,
@@ -57,7 +56,9 @@ import {
   getFacematchEvmParameterCommitment,
   getFacematchParameterCommitment,
   getNullifierTypeFromOuterProof,
-  getNullifierTypeFromDisclosureProof
+  getNullifierTypeFromDisclosureProof,
+  getServiceScopeFromDisclosureProof,
+  getServiceSubScopeFromDisclosureProof
 } from "@zkpassport/utils";
 import { RegistryClient } from "@zkpassport/registry";
 var PublicInputChecker = class {
@@ -451,21 +452,6 @@ var PublicInputChecker = class {
         }
       };
     }
-    const currentDate = getCurrentDateFromCommittedInputs(
-      proof.committedInputs?.compare_age ?? proof.committedInputs?.compare_age_evm
-    );
-    if (!areDatesEqual(currentDate, today) && !areDatesEqual(currentDate, today.getTime() - 864e5)) {
-      console.warn("Current date in the proof is too old");
-      isCorrect = false;
-      queryResultErrors.age = {
-        ...queryResultErrors.age,
-        disclose: {
-          expected: `${today.toISOString()}`,
-          received: `${currentDate.toISOString()}`,
-          message: "Current date in the proof is too old"
-        }
-      };
-    }
     return { isCorrect, queryResultErrors };
   }
   static checkBirthdatePublicInputs(proof, queryResult) {
@@ -488,9 +474,6 @@ var PublicInputChecker = class {
       proof.committedInputs?.compare_birthdate ?? proof.committedInputs?.compare_birthdate_evm,
       -1 * SECONDS_BETWEEN_1900_AND_1970
     );
-    const currentDate = getCurrentDateFromCommittedInputs(
-      proof.committedInputs?.compare_birthdate ?? proof.committedInputs?.compare_birthdate_evm
-    );
     if (queryResult.birthdate) {
       if (queryResult.birthdate.gte && queryResult.birthdate.gte.result && !areDatesEqual(minDate, queryResult.birthdate.gte.expected)) {
         console.warn("Birthdate is not greater than or equal to the expected birthdate");
@@ -564,18 +547,6 @@ var PublicInputChecker = class {
         }
       };
     }
-    if (!areDatesEqual(currentDate, today) && !areDatesEqual(currentDate, today.getTime() - 864e5)) {
-      console.warn("Current date in the proof is too old");
-      isCorrect = false;
-      queryResultErrors.birthdate = {
-        ...queryResultErrors.birthdate,
-        disclose: {
-          expected: `${today.toISOString()}`,
-          received: `${currentDate.toISOString()}`,
-          message: "Current date in the proof is too old"
-        }
-      };
-    }
     return { isCorrect, queryResultErrors };
   }
   static checkExpiryDatePublicInputs(proof, queryResult) {
@@ -596,9 +567,6 @@ var PublicInputChecker = class {
     const maxDate = getMaxDateFromCommittedInputs(
       proof.committedInputs?.compare_expiry ?? proof.committedInputs?.compare_expiry_evm
     );
-    const currentDate = getCurrentDateFromCommittedInputs(
-      proof.committedInputs?.compare_expiry ?? proof.committedInputs?.compare_expiry_evm
-    );
     if (queryResult.expiry_date) {
       if (queryResult.expiry_date.gte && queryResult.expiry_date.gte.result && !areDatesEqual(minDate, queryResult.expiry_date.gte.expected)) {
         console.warn("Expiry date is not greater than or equal to the expected expiry date");
@@ -672,18 +640,6 @@ var PublicInputChecker = class {
         }
       };
     }
-    if (!areDatesEqual(currentDate, today) && !areDatesEqual(currentDate, today.getTime() - 864e5)) {
-      console.warn("Current date in the proof is too old");
-      isCorrect = false;
-      queryResultErrors.expiry_date = {
-        ...queryResultErrors.expiry_date,
-        disclose: {
-          expected: `${today.toISOString()}`,
-          received: `${currentDate.toISOString()}`,
-          message: "Current date in the proof is too old"
-        }
-      };
-    }
     return { isCorrect, queryResultErrors };
   }
   static checkNationalityExclusionPublicInputs(queryResult, countryList) {
@@ -828,7 +784,7 @@ var PublicInputChecker = class {
   }
   static checkScopeFromDisclosureProof(domain, proofData, queryResultErrors, key, scope) {
     let isCorrect = true;
-    if (domain && getServiceScopeHash(domain) !== BigInt(proofData.publicInputs[1])) {
+    if (domain && getServiceScopeHash(domain) !== getServiceScopeFromDisclosureProof(proofData)) {
       console.warn("The proof comes from a different domain than the one expected");
       isCorrect = false;
       if (!queryResultErrors[key]) {
@@ -840,7 +796,7 @@ var PublicInputChecker = class {
         message: "The proof comes from a different domain than the one expected"
       };
     }
-    if (scope && getScopeHash(scope) !== BigInt(proofData.publicInputs[2])) {
+    if (scope && getScopeHash(scope) !== getServiceSubScopeFromDisclosureProof(proofData)) {
       console.warn("The proof uses a different scope than the one expected");
       isCorrect = false;
       if (!queryResultErrors[key]) {
@@ -1021,6 +977,36 @@ var PublicInputChecker = class {
     }
     return { isCorrect, queryResultErrors };
   }
+  static async checkCurrentDate(circuitName, proofData, validity, queryResultErrors) {
+    const currentTime = /* @__PURE__ */ new Date();
+    const today = new Date(
+      currentTime.getFullYear(),
+      currentTime.getMonth(),
+      currentTime.getDate(),
+      0,
+      0,
+      0,
+      0
+    );
+    const currentDate = getCurrentDateFromDisclosureProof(proofData);
+    const todayToCurrentDate = today.getTime() - currentDate.getTime();
+    const expectedDifference = validity ? validity * 1e3 : DEFAULT_VALIDITY * 1e3;
+    const actualDifference = today.getTime() - (today.getTime() - expectedDifference);
+    let isCorrect = true;
+    if (todayToCurrentDate >= actualDifference) {
+      console.warn("The date used to check the validity of the ID falls out of the validity period");
+      isCorrect = false;
+      if (!queryResultErrors[circuitName]) {
+        queryResultErrors[circuitName] = {};
+      }
+      queryResultErrors[circuitName].date = {
+        expected: `Difference: ${validity} seconds`,
+        received: `Difference: ${Math.round(todayToCurrentDate / 1e3)} seconds`,
+        message: "The date used to check the validity of the ID falls out of the validity period"
+      };
+    }
+    return { isCorrect, queryResultErrors };
+  }
   static async checkPublicInputs(domain, proofs, queryResult, validity, scope) {
     let commitmentIn;
     let commitmentOut;
@@ -1149,14 +1135,9 @@ var PublicInputChecker = class {
         if (!!committedInputs?.compare_age || !!committedInputs?.compare_age_evm) {
           const ageCommittedInputs = committedInputs?.compare_age ?? committedInputs?.compare_age_evm;
           const ageParameterCommitment = isForEVM ? await getAgeEVMParameterCommitment(
-            ageCommittedInputs.currentDateTimestamp,
-            ageCommittedInputs.minAge,
-            ageCommittedInputs.maxAge
-          ) : await getAgeParameterCommitment(
-            ageCommittedInputs.currentDateTimestamp,
             ageCommittedInputs.minAge,
             ageCommittedInputs.maxAge
-          );
+          ) : await getAgeParameterCommitment(ageCommittedInputs.minAge, ageCommittedInputs.maxAge);
           if (!paramCommitments.includes(ageParameterCommitment)) {
             console.warn("This proof does not verify the age");
             isCorrect = false;
@@ -1180,16 +1161,12 @@ var PublicInputChecker = class {
           const birthdateCommittedInputs = committedInputs?.compare_birthdate ?? committedInputs?.compare_birthdate_evm;
           const birthdateParameterCommitment = isForEVM ? await getDateEVMParameterCommitment(
             ProofType.BIRTHDATE,
-            birthdateCommittedInputs.currentDateTimestamp,
             birthdateCommittedInputs.minDateTimestamp,
-            birthdateCommittedInputs.maxDateTimestamp,
-            0
+            birthdateCommittedInputs.maxDateTimestamp
           ) : await getDateParameterCommitment(
             ProofType.BIRTHDATE,
-            birthdateCommittedInputs.currentDateTimestamp,
             birthdateCommittedInputs.minDateTimestamp,
-            birthdateCommittedInputs.maxDateTimestamp,
-            0
+            birthdateCommittedInputs.maxDateTimestamp
           );
           if (!paramCommitments.includes(birthdateParameterCommitment)) {
             console.warn("This proof does not verify the birthdate");
@@ -1214,12 +1191,10 @@ var PublicInputChecker = class {
           const expiryCommittedInputs = committedInputs?.compare_expiry ?? committedInputs?.compare_expiry_evm;
           const expiryParameterCommitment = isForEVM ? await getDateEVMParameterCommitment(
             ProofType.EXPIRY_DATE,
-            expiryCommittedInputs.currentDateTimestamp,
             expiryCommittedInputs.minDateTimestamp,
             expiryCommittedInputs.maxDateTimestamp
           ) : await getDateParameterCommitment(
             ProofType.EXPIRY_DATE,
-            expiryCommittedInputs.currentDateTimestamp,
             expiryCommittedInputs.minDateTimestamp,
             expiryCommittedInputs.maxDateTimestamp
           );
@@ -1423,7 +1398,11 @@ var PublicInputChecker = class {
         if (!!committedInputs?.exclusion_check_sanctions || !!committedInputs?.exclusion_check_sanctions_evm) {
           const sanctionsBuilder = await SanctionsBuilder.create();
           const exclusionCheckSanctionsCommittedInputs = committedInputs?.exclusion_check_sanctions ?? committedInputs?.exclusion_check_sanctions_evm;
-          const exclusionCheckSanctionsParameterCommitment = isForEVM ? await sanctionsBuilder.getSanctionsEvmParameterCommitment() : await sanctionsBuilder.getSanctionsParameterCommitment();
+          const exclusionCheckSanctionsParameterCommitment = isForEVM ? await sanctionsBuilder.getSanctionsEvmParameterCommitment(
+            exclusionCheckSanctionsCommittedInputs.isStrict
+          ) : await sanctionsBuilder.getSanctionsParameterCommitment(
+            exclusionCheckSanctionsCommittedInputs.isStrict
+          );
           if (!paramCommitments.includes(exclusionCheckSanctionsParameterCommitment)) {
             console.warn("This proof does not verify the exclusion from the sanction lists");
             isCorrect = false;
@@ -1532,24 +1511,6 @@ var PublicInputChecker = class {
           };
         }
         commitmentOut = getCommitmentOutFromIntegrityProof(proofData);
-        const currentDate = getCurrentDateFromIntegrityProof(proofData);
-        const todayToCurrentDate = today.getTime() - currentDate.getTime();
-        const expectedDifference = validity ? validity * 1e3 : DEFAULT_VALIDITY * 1e3;
-        const actualDifference = today.getTime() - (today.getTime() - expectedDifference);
-        if (todayToCurrentDate >= actualDifference) {
-          console.warn(
-            `The date used to check the validity of the ID is older than the validity period`
-          );
-          isCorrect = false;
-          queryResultErrors.data_check_integrity = {
-            ...queryResultErrors.data_check_integrity,
-            date: {
-              expected: `Difference: ${validity} seconds`,
-              received: `Difference: ${Math.round(todayToCurrentDate / 1e3)} seconds`,
-              message: "The date used to check the validity of the ID is older than the validity period"
-            }
-          };
-        }
       } else if (proof.name === "disclose_bytes") {
         commitmentIn = getCommitmentInFromDisclosureProof(proofData);
         if (commitmentIn !== commitmentOut) {
@@ -1602,6 +1563,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsDisclose,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "disclose",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "compare_age") {
@@ -1623,7 +1595,6 @@ var PublicInputChecker = class {
         const paramCommitment = getParameterCommitmentFromDisclosureProof(proofData);
         const committedInputs = proof.committedInputs?.compare_age;
         const calculatedParamCommitment = await getAgeParameterCommitment(
-          committedInputs.currentDateTimestamp,
           committedInputs.minAge,
           committedInputs.maxAge
         );
@@ -1649,6 +1620,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsAge,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "age",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "compare_birthdate") {
@@ -1671,7 +1653,6 @@ var PublicInputChecker = class {
         const committedInputs = proof.committedInputs?.compare_birthdate;
         const calculatedParamCommitment = await getDateParameterCommitment(
           ProofType.BIRTHDATE,
-          committedInputs.currentDateTimestamp,
           committedInputs.minDateTimestamp,
           committedInputs.maxDateTimestamp,
           0
@@ -1704,6 +1685,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsBirthdate,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "birthdate",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "compare_expiry") {
@@ -1726,7 +1718,6 @@ var PublicInputChecker = class {
         const committedInputs = proof.committedInputs?.compare_expiry;
         const calculatedParamCommitment = await getDateParameterCommitment(
           ProofType.EXPIRY_DATE,
-          committedInputs.currentDateTimestamp,
           committedInputs.minDateTimestamp,
           committedInputs.maxDateTimestamp
         );
@@ -1758,6 +1749,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsExpiryDate,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "expiry_date",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "exclusion_check_nationality") {
@@ -1814,6 +1816,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsNationalityExclusion,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "nationality",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "exclusion_check_issuing_country") {
@@ -1870,6 +1883,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsIssuingCountryExclusion,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "issuing_country",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "inclusion_check_nationality") {
@@ -1926,6 +1950,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsNationalityInclusion,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "nationality",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "inclusion_check_issuing_country") {
@@ -1982,6 +2017,17 @@ var PublicInputChecker = class {
           ...queryResultErrorsIssuingCountryInclusion,
           ...queryResultErrorsScope
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "issuing_country",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "bind") {
@@ -2008,12 +2054,25 @@ var PublicInputChecker = class {
           ...queryResultErrors,
           ...queryResultErrorsBind
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "bind",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name === "exclusion_check_sanctions") {
         const sanctionsBuilder = await SanctionsBuilder.create();
         const exclusionCheckSanctionsCommittedInputs = proof.committedInputs?.exclusion_check_sanctions;
-        const calculatedParamCommitment = await sanctionsBuilder.getSanctionsParameterCommitment();
+        const calculatedParamCommitment = await sanctionsBuilder.getSanctionsParameterCommitment(
+          exclusionCheckSanctionsCommittedInputs.isStrict
+        );
         const paramCommittment = getParameterCommitmentFromDisclosureProof(proofData);
         if (paramCommittment !== calculatedParamCommitment) {
           console.warn(
@@ -2042,6 +2101,17 @@ var PublicInputChecker = class {
           ...queryResultErrors,
           ...queryResultErrorsSanctionsExclusion
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "sanctions",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       } else if (proof.name?.startsWith("facematch") && !proof.name?.endsWith("_evm")) {
@@ -2071,6 +2141,17 @@ var PublicInputChecker = class {
           ...queryResultErrors,
           ...queryResultErrorsFacematch
         };
+        const { isCorrect: isCorrectCurrentDate, queryResultErrors: queryResultErrorsCurrentDate } = await this.checkCurrentDate(
+          "facematch",
+          proofData,
+          validity ?? DEFAULT_VALIDITY,
+          queryResultErrors
+        );
+        isCorrect = isCorrect && isCorrectCurrentDate;
+        queryResultErrors = {
+          ...queryResultErrors,
+          ...queryResultErrorsCurrentDate
+        };
         uniqueIdentifier = getNullifierFromDisclosureProof(proofData).toString(10);
         uniqueIdentifierType = getNullifierTypeFromDisclosureProof(proofData);
       }