UNPKG

@ew-did-registry/claims

Version:

The package exposes functionality needed to create, inspect, approve, and verify Private and Public claims

1 lines • 17.1 kB

JavaScript

(()=>{"use strict";var e={878:function(e,t,i){var r=this&&this.__awaiter||function(e,t,i,r){return new(i||(i=Promise))((function(n,s){function o(e){try{c(r.next(e))}catch(e){s(e)}}function a(e){try{c(r.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(o,a)}c((r=r.apply(e,t||[])).next())}))};Object.defineProperty(t,"__esModule",{value:!0}),t.Claims=void 0;const n=i(532),s=i(622),o=i(797),a=i(361);t.Claims=class{constructor(e,t,i){this.document=t,this.store=i,this.keys={publicKey:e.publicKey,privateKey:e.privateKey},this.jwt=new n.JWT(e),this.did=t.did}verify(e,{hashFns:t,issuerDoc:i,holderDoc:n,verificationPurpose:o=s.VerificationPurpose.Assertion}={}){return r(this,void 0,void 0,(function*(){const r=yield this.store.get(e),c=this.jwt.decode(r);i||(i=yield this.document.read(c.iss)),n||(n=yield this.document.read(c.sub)),yield this.validateServiceEndpointToken(e,{hashFns:t,holderDoc:n});const u=new a.ProofVerifier(i);switch(o){case s.VerificationPurpose.Authentication:if(yield u.verifyAuthenticationProof(r))return c;break;case s.VerificationPurpose.Assertion:if(yield u.verifyAssertionProof(r))return c}throw new Error("Token is not verified")}))}validateServiceEndpointToken(e,{hashFns:t,holderDoc:i}){return r(this,void 0,void 0,(function*(){const r=yield this.store.get(e),n=i.service.find((t=>t.serviceEndpoint===e));if(!n)throw new Error(`No service endpoint found for ${e} in holder DID document`);const{hash:s,hashAlg:a}=n;if(s!==(0,Object.assign(Object.assign({},o.hashes),t)[a])(r))throw new Error(`Claim at ${e} was changed`)}))}}},974:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(878),t)},126:(e,t,i)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.ClaimsFactory=void 0;const r=i(263),n=i(588),s=i(726),o=i(249);t.ClaimsFactory=class{constructor(e,t,i,n){this.keys=e,this.document=t,this.store=i,this.providerSettings=n,this.owner=r.EwSigner.fromPrivateKey(e.privateKey,n)}createClaimsUser(){return new n.ClaimsUser(this.owner,this.document,this.store)}createClaimsIssuer(){return new s.ClaimsIssuer(this.owner,this.document,this.store)}createClaimsVerifier(){return new o.ClaimsVerifier(this.owner,this.document,this.store)}}},497:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(126),t)},333:function(e,t,i){var r=this&&this.__awaiter||function(e,t,i,r){return new(i||(i=Promise))((function(n,s){function o(e){try{c(r.next(e))}catch(e){s(e)}}function a(e){try{c(r.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(o,a)}c((r=r.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.ClaimsIssuer=void 0;const s=i(558),o=n(i(113)),a=i(231),c=i(532),u=i(974),d=i(920);class h extends u.Claims{issuePublicClaim(e){return r(this,void 0,void 0,(function*(){"string"==typeof e&&(e=this.jwt.decode(e));const{claimData:t,did:i,credentialStatus:r,exp:n}=e,s=Object.assign(Object.assign({claimData:t,did:i,signer:this.did},r&&{credentialStatus:r}),{exp:n});return yield this.jwt.sign(s,{algorithm:c.Algorithms.ES256,issuer:this.did,subject:e.did,noTimestamp:!0})}))}issuePrivateClaim(e){return r(this,void 0,void 0,(function*(){if(!this.keys.privateKey)throw new Error("Private claim not supported");const t=a.ecc.curves.k256.G,i=this.jwt.decode(e),r=new d.ProofVerifier(yield this.document.read(i.signer));if(!(yield r.verifyAssertionProof(e)))throw new Error("User signature not valid");return i.signer=this.did,Object.entries(i.claimData).forEach((([e,r])=>{const n=(0,s.decrypt)(this.keys.privateKey,Buffer.from(r,"hex")),c=o.default.createHash("sha256").update(n).digest("hex"),u=t.mult(new a.bn(c));i.claimData[e]=u.toBits()})),delete i.iss,this.jwt.sign(i,{algorithm:c.Algorithms.ES256,issuer:this.did,subject:i.sub,noTimestamp:!0})}))}}t.ClaimsIssuer=h,t.default=h},726:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(333),t)},294:function(e,t,i){var r=this&&this.__awaiter||function(e,t,i,r){return new(i||(i=Promise))((function(n,s){function o(e){try{c(r.next(e))}catch(e){s(e)}}function a(e){try{c(r.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(o,a)}c((r=r.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.ClaimsUser=void 0;const s=n(i(113)),o=i(558),a=i(231),c=n(i(491)),u=i(632),d=i(464),h=i(532),l=i(974),f=i(797),v=i(920);class y extends l.Claims{constructor(){super(...arguments),this.curve=a.ecc.curves.k256,this.q=this.curve.r,this.g=this.curve.G,this.paranoia=6}createPublicClaim(e,t={subject:"",issuer:""}){return r(this,void 0,void 0,(function*(){t.subject=t.subject||this.did,t.issuer=this.did;const i={did:t.subject,signer:this.did,claimData:e};return this.jwt.sign(i,Object.assign(Object.assign({},t),{algorithm:h.Algorithms.ES256}))}))}createPrivateClaim(e,t,i={subject:"",issuer:""}){return r(this,void 0,void 0,(function*(){i.subject=i.subject||this.did,i.issuer=this.did;const r={},n={did:this.did,signer:this.did,claimData:e},a=(yield this.document.readAttribute({publicKey:{id:`${t}#${u.KeyTags.OWNER}`}},t)).publicKeyHex;return Object.entries(e).forEach((([e,t])=>{const i=t+s.default.randomBytes(32).toString("base64"),c=(0,o.encrypt)(a,Buffer.from(i));n.claimData[e]=c.toString("hex"),r[e]=i})),{token:yield this.jwt.sign(n,Object.assign(Object.assign({},i),{algorithm:h.Algorithms.ES256})),saltedFields:r}}))}createProofClaim(e,t,i={subject:"",issuer:""}){return r(this,void 0,void 0,(function*(){i.subject=i.subject||this.did,i.issuer=this.did;const r={did:this.did,signer:this.did,claimUrl:e,proofData:t};return Object.entries(t).forEach((([e,t])=>{if(t.encrypted){const i=a.bn.random(this.q,this.paranoia),n=this.g.mult(i),o=s.default.createHash("sha256").update(t.value).digest("hex"),c=new a.bn(o),u=this.g.mult(c),d=a.bn.fromBits(a.hash.sha256.hash(this.g.x.toBits().concat(n.toBits()).concat(u.toBits()))).mul(c).mod(this.q).add(i).mod(this.q);r.proofData[e]={value:{h:n.toBits(),s:d.toBits()},encrypted:!0}}else r.proofData[e]={value:t.value,encrypted:!1}})),this.jwt.sign(r,Object.assign(Object.assign({},i),{algorithm:h.Algorithms.ES256}))}))}verifyClaimContent(e,t){const i=this.jwt.decode(e);c.default.deepStrictEqual(i.claimData,t,"Token payload doesn't match user data")}verifyPrivateClaim(e,t){return r(this,void 0,void 0,(function*(){const i=this.jwt.decode(e),r=i.iss,n=new v.ProofVerifier(yield this.document.read(r));if(!(yield n.verifyAssertionProof(e)))throw new Error("Invalid signature");for(const[e,r]of Object.entries(t)){const t=s.default.createHash("sha256").update(r).digest("hex"),n=this.g.mult(new a.bn(t));if(!a.bitArray.equal(i.claimData[e],n.toBits()))throw new Error("Issued claim data doesn't match user data")}const[,,o]=i.iss.split(":");return(yield this.document.isValidDelegate(u.DelegateTypes.verification,i.iss))||(yield this.document.update(u.DIDAttribute.Authenticate,{algo:d.KeyType.ED25519,type:u.PubKeyType.VerificationKey2018,encoding:u.Encoding.HEX,delegate:o})),!0}))}publishPublicClaim(e,t,i){return r(this,void 0,void 0,(function*(){this.verifyClaimContent(e,t);const{signer:r}=this.jwt.decode(e),n=new v.ProofVerifier(yield this.document.read(r));if(!(yield n.verifyAssertionProof(e)))throw new Error("User signature not valid");return this.addClaimToServiceEndpoints(e,i)}))}publishPrivateClaim(e,t,i){return r(this,void 0,void 0,(function*(){return(yield this.verifyPrivateClaim(e,t))?this.addClaimToServiceEndpoints(e,i):""}))}addClaimToServiceEndpoints(e,t={hashAlg:"SHA256",createHash:f.hashes.SHA256}){return r(this,void 0,void 0,(function*(){const{hashAlg:i,createHash:r}=t,n=yield this.store.save(e);return yield this.document.update(u.DIDAttribute.ServicePoint,{type:u.PubKeyType.VerificationKey2018,value:{serviceEndpoint:n,hash:r(e),hashAlg:i}}),n}))}}t.ClaimsUser=y},588:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(294),t)},47:function(e,t,i){var r=this&&this.__awaiter||function(e,t,i,r){return new(i||(i=Promise))((function(n,s){function o(e){try{c(r.next(e))}catch(e){s(e)}}function a(e){try{c(r.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(o,a)}c((r=r.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.ClaimsVerifier=void 0;const s=i(231),o=i(632),a=n(i(113)),c=i(974);class u extends c.Claims{verifyPublicProof(e,{holderDoc:t,issuerDoc:i}={}){return r(this,void 0,void 0,(function*(){return this.verify(e,{holderDoc:t,issuerDoc:i})}))}verifyPrivateProof(e){return r(this,void 0,void 0,(function*(){const{claimUrl:t}=this.jwt.decode(e),i=yield this.verify(t),r=s.ecc.curves.k256,n=r.G,c=this.jwt.decode(e);if(!this.document.isValidDelegate(o.DelegateTypes.verification,i.signer,i.did))throw new Error("Issuer isn't a user delegate");const{proofData:u}=c;Object.entries(i.claimData).forEach((([e,t])=>{const i=u[e];if(i.encrypted){const e=r.fromBits(t);let{h:o,s:a}=i.value;o=r.fromBits(o),a=s.bn.fromBits(a);const c=s.bn.fromBits(s.hash.sha256.hash(n.x.toBits().concat(o.toBits()).concat(e.toBits()))),u=n.mult(a),d=e.mult(c).toJac().add(o).toAffine();if(!s.bitArray.equal(u.toBits(),d.toBits()))throw new Error("User didn't prove the knowledge of the private data")}else{const e=a.default.createHash("sha256").update(i.value).digest("hex"),r=n.mult(new s.bn(e)).toBits();if(!s.bitArray.equal(t,r))throw new Error("Disclosed field does not correspond to stored field")}}))}))}}t.ClaimsVerifier=u},249:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(47),t),n(i(361),t)},361:function(e,t,i){var r=this&&this.__awaiter||function(e,t,i,r){return new(i||(i=Promise))((function(n,s){function o(e){try{c(r.next(e))}catch(e){s(e)}}function a(e){try{c(r.throw(e))}catch(e){s(e)}}function c(e){var t;e.done?n(e.value):(t=e.value,t instanceof i?t:new i((function(e){e(t)}))).then(o,a)}c((r=r.apply(e,t||[])).next())}))},n=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.ProofVerifier=void 0;const s=i(532),o=i(263),a=i(464),c=i(632),u=i(982),d=n(i(291)),{arrayify:h,recoverAddress:l,keccak256:f,hashMessage:v}=u.utils;t.ProofVerifier=class{constructor(e){this._jwt=new s.JWT(new a.Keys),this.verifySignature=(e,t)=>r(this,void 0,void 0,(function*(){const i=yield Promise.all(e.map((e=>r(this,void 0,void 0,(function*(){try{if(e.publicKeyHex){const i=e.publicKeyHex.split("x"),r=2===i.length?i[1]:i[0];return void 0!==(yield this._jwt.verify(t,r,{algorithms:[s.Algorithms.ES256,s.Algorithms.EIP191]}))}return!1}catch(e){return!1}})))));return e.filter(((e,t)=>i[t]))})),this.areLinked=(e,t)=>e===t||!!e.includes("#")&&t.split("#")[0]===e.split("#")[0],this._didDocument=e}verifyAuthenticationProof(e){return r(this,void 0,void 0,(function*(){return(yield this.isIdentity(e))||(yield this.isAuthenticationDelegate(e))?this._didDocument.id:null}))}verifyAssertionProof(e){return r(this,void 0,void 0,(function*(){return(yield this.isIdentity(e))||(yield this.isVerificationDelegate(e))?this._didDocument.id:null}))}isIdentity(e){return r(this,void 0,void 0,(function*(){const[t,i,r]=e.split("."),n=`0x${Buffer.from(`${t}.${i}`).toString("hex")}`,s=d.default.decode(r),a=h(f(n)),c=(0,o.addressOf)(this._didDocument.id);try{if(c===l(a,s))return!0}catch(e){}const u=h(v(a));try{if(c===l(u,s))return!0}catch(e){}return!1}))}isAuthenticationDelegate(e){return r(this,void 0,void 0,(function*(){return 0!==(yield this.verifySignature(this.authenticationKeys(),e)).length}))}isVerificationDelegate(e){return r(this,void 0,void 0,(function*(){return 0!==(yield this.verifySignature(this.verificationKeys(),e)).length}))}authenticationKeys(){const e=this._didDocument.publicKey;return 0===e.length?[]:e.filter((e=>this.isSigAuth(e.type)||this._didDocument.authentication.some((t=>t.publicKey&&this.areLinked(t.publicKey,e.id)))))}verificationKeys(){const e=this._didDocument.publicKey;return 0===e.length?[]:e.filter((e=>this.isVeriKey(e.type)))}isSigAuth(e){return e.endsWith(c.PubKeyType.SignatureAuthentication2018)}isVeriKey(e){return e.endsWith(c.PubKeyType.VerificationKey2018)}}},920:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(622),t),n(i(956),t),n(i(974),t),n(i(588),t),n(i(726),t),n(i(249),t),n(i(497),t),n(i(797),t)},956:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0})},622:(e,t)=>{var i;Object.defineProperty(t,"__esModule",{value:!0}),t.VerificationPurpose=void 0,(i=t.VerificationPurpose||(t.VerificationPurpose={})).Authentication="Authentication",i.Assertion="Assertion"},797:function(e,t,i){var r=this&&this.__createBinding||(Object.create?function(e,t,i,r){void 0===r&&(r=i);var n=Object.getOwnPropertyDescriptor(t,i);n&&!("get"in n?!t.__esModule:n.writable||n.configurable)||(n={enumerable:!0,get:function(){return t[i]}}),Object.defineProperty(e,r,n)}:function(e,t,i,r){void 0===r&&(r=i),e[r]=t[i]}),n=this&&this.__exportStar||function(e,t){for(var i in e)"default"===i||Object.prototype.hasOwnProperty.call(t,i)||r(t,e,i)};Object.defineProperty(t,"__esModule",{value:!0}),n(i(754),t)},754:function(e,t,i){var r=this&&this.__importDefault||function(e){return e&&e.__esModule?e:{default:e}};Object.defineProperty(t,"__esModule",{value:!0}),t.hashes=void 0;const n=r(i(113));t.hashes={SHA256:e=>n.default.createHash("sha256").update(e).digest("hex")}},263:e=>{e.exports=require("@ew-did-registry/did-ethr-resolver")},632:e=>{e.exports=require("@ew-did-registry/did-resolver-interface")},532:e=>{e.exports=require("@ew-did-registry/jwt")},464:e=>{e.exports=require("@ew-did-registry/keys")},291:e=>{e.exports=require("base64url")},558:e=>{e.exports=require("eciesjs")},982:e=>{e.exports=require("ethers")},231:e=>{e.exports=require("sjcl")},491:e=>{e.exports=require("assert")},113:e=>{e.exports=require("crypto")}},t={},i=function i(r){var n=t[r];if(void 0!==n)return n.exports;var s=t[r]={exports:{}};return e[r].call(s.exports,s,s.exports,i),s.exports}(920),r=exports;for(var n in i)r[n]=i[n];i.__esModule&&Object.defineProperty(r,"__esModule",{value:!0})})();