UNPKG

@digitalbazaar/vc

Version:

Verifiable Credentials JavaScript library.

github.com/digitalbazaar/vc

digitalbazaar/vc

80 lines (70 loc) 2.79 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
/*! * Copyright (c) 2019-2023 Digital Bazaar, Inc. All rights reserved. */ import jsigs from 'jsonld-signatures'; import jsonld from 'jsonld'; const {purposes: {AssertionProofPurpose}} = jsigs; /** * Creates a proof purpose that will validate whether or not the verification * method in a proof was authorized by its declared controller for the * proof's purpose. */ export class CredentialIssuancePurpose extends AssertionProofPurpose { /** * @param {object} options - The options to use. * @param {object} [options.controller] - The description of the controller, * if it is not to be dereferenced via a `documentLoader`. * @param {string|Date|number} [options.date] - The expected date for * the creation of the proof. * @param {number} [options.maxTimestampDelta=Infinity] - A maximum number * of seconds that the date on the signature can deviate from. */ constructor({controller, date, maxTimestampDelta} = {}) { super({controller, date, maxTimestampDelta}); } /** * Validates the purpose of a proof. This method is called during * proof verification, after the proof value has been checked against the * given verification method (in the case of a digital signature, the * signature has been cryptographically verified against the public key). * * @param {object} proof - The proof to validate. * @param {object} options - The options to use. * @param {object} options.document - The document whose signature is * being verified. * @param {object} options.suite - Signature suite used in * the proof. * @param {string} options.verificationMethod - Key id URL to the paired * public key. * @param {object} [options.documentLoader] - A document loader. * * @throws {Error} If verification method not authorized by controller. * @throws {Error} If proof's created timestamp is out of range. * * @returns {Promise<{valid: boolean, error: Error}>} Resolves on completion. */ async validate(proof, { document, suite, verificationMethod, documentLoader }) { try { const result = await super.validate(proof, { document, suite, verificationMethod, documentLoader }); if(!result.valid) { throw result.error; } const issuer = jsonld.getValues(document, 'issuer'); if(!issuer || issuer.length === 0) { throw new Error('Credential issuer is required.'); } const issuerId = typeof issuer[0] === 'string' ? issuer[0] : issuer[0].id; if(result.controller.id !== issuerId) { throw new Error( 'Credential issuer must match the verification method controller.'); } return {valid: true}; } catch(error) { return {valid: false, error}; } } }