UNPKG

@gs1us/vc-verifier-rules

Version:

GS1 US Rules Verification Library for validating GS1 based verifiable credentials.

github.com/gs1us-technology/vc-verifier-rules

gs1us-technology/vc-verifier-rules

132 lines (105 loc) 7.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
import { genericCredentialSchema } from "./rules-schema/genericCredentialSchema.js"; import { getCredentialRuleSchema } from "./get-credential-type.js"; import { buildCredentialChain, validateCredentialChain } from "./engine/validate-extended-credential.js"; import { CredentialPresentation, gs1RulesResult, gs1RulesResultContainer, gs1ValidatorRequest, VerifiableCredential, VerifiablePresentation } from "./types.js"; import { errorResolveCredentialCode } from "./engine/gs1-credential-errors.js"; import { checkSchema } from "./schema/validate-schema.js"; import { resolveExternalCredential } from "./engine/resolve-external-credential.js"; // Verify the credential and ensure it follows the GS1 level four rules. // - validatorRequest: Request Objetct with callback fuctions for resolving and verifying credentials // - verifiablePresentation: Verifiable Presentation containing the credential to be verified // - credential : Verifiable Credential to be verified // - When fullJsonSchemaValidationOn is true will Validate full GS1 JSON Schema // - When fullJsonSchemaValidationOn is false will Validate only validate GS1 Custom Rules and Root of Trust credential chain async function checkGS1Credentials(validatorRequest: gs1ValidatorRequest, verifiablePresentation: CredentialPresentation, credential: VerifiableCredential) : Promise<gs1RulesResult> { const credentialSubject = credential?.credentialSubject; if (!credential || !credentialSubject) { throw new Error("No Credential in Presentation"); } if (!validatorRequest || !validatorRequest.gs1DocumentResolver) { throw new Error("Document Resolver Callback must be provided to validate GS1 Credentials"); } const externalCredentialLoader = validatorRequest.gs1DocumentResolver.externalCredentialLoader; const externalCredentialVerification = validatorRequest.gs1DocumentResolver.externalCredentialVerification; const jsonSchemaLoader = validatorRequest.gs1DocumentResolver.externalJsonSchemaLoader; const credentialSchema = getCredentialRuleSchema(jsonSchemaLoader, credential, validatorRequest.fullJsonSchemaValidationOn); // Return verified when non GS1 Credential if (credentialSchema.$id === genericCredentialSchema.$id) { return { credentialId : credential.id, credentialName: "unknown", verified: true, errors: []}; } const gs1CredentialCheck: gs1RulesResult = { credentialId : credential.id, credentialName: credentialSchema.title ? credentialSchema.title : "unknown", verified: true, errors: []}; // Enforce GS1 Credential JSON Schema Rules const schemaCheckResult = await checkSchema(credentialSchema, credential); if (!schemaCheckResult.verified) { gs1CredentialCheck.errors = schemaCheckResult.errors; } const credentialChain = await buildCredentialChain(externalCredentialLoader, verifiablePresentation, credential); if (!credentialChain.error) { const extendedCredentialResult = await validateCredentialChain(externalCredentialVerification, credentialChain, true); gs1CredentialCheck.resolvedCredential = extendedCredentialResult.resolvedCredential; if (!extendedCredentialResult.verified) { gs1CredentialCheck.errors = gs1CredentialCheck.errors.concat(extendedCredentialResult.errors); } } else { gs1CredentialCheck.errors.push({ code: errorResolveCredentialCode, rule: credentialChain.error }); } if (gs1CredentialCheck.errors.length > 0) { gs1CredentialCheck.verified = false; } return gs1CredentialCheck; } // Verify an indiviual GS1 credential to ensure it follows the GS1 level four rules. // Will Resolve any required GS1 Credential to validate the root of trust chain // - validatorRequest: Request Objetct with callback fuctions for resolving and verifying credentials // - verifiableCredential : Verifiable Credential to be verified // - When fullJsonSchemaValidationOn is true will Validate full GS1 JSON Schema // - When fullJsonSchemaValidationOn is false will Validate only validate GS1 Custom Rules and Root of Trust credential chain export async function checkGS1CredentialWithoutPresentation(validatorRequest: gs1ValidatorRequest, verifiableCredential: VerifiableCredential) : Promise<gs1RulesResult> { const verifiablePresentation = { verifiableCredential: verifiableCredential }; return await checkGS1Credentials(validatorRequest, verifiablePresentation, verifiablePresentation.verifiableCredential); } // Verify a verifiable credential presentation and ensure all credentials follows the GS1 level four rules. // - validatorRequest: Request Objetct with callback fuctions for resolving and verifying credentials // - verifiablePresentation: Verifiable Presentation containing the credential to be verified // - When fullJsonSchemaValidationOn is true will Validate full GS1 JSON Schema // - When fullJsonSchemaValidationOn is false will Validate only validate GS1 Custom Rules and Root of Trust credential chain export async function checkGS1CredentialPresentationValidation(validatorRequest: gs1ValidatorRequest, verifiablePresentation: VerifiablePresentation) : Promise<gs1RulesResultContainer> { const gs1CredentialCheck: gs1RulesResultContainer = { verified: true, result: []}; const presentationCredentials = verifiablePresentation.verifiableCredential; if (Array.isArray(presentationCredentials)) { if (!validatorRequest.gs1DocumentResolver || !validatorRequest.gs1DocumentResolver.externalCredentialLoader) { throw new Error("Validation Document Resolver Callback must be provided to validate GS1 Credentials"); } const externalCredentialLoader = validatorRequest.gs1DocumentResolver.externalCredentialLoader; const presentationToValidateVC = structuredClone(presentationCredentials); for (const credential of presentationCredentials) { const extendedCredentialValue = credential.credentialSubject.extendsCredential; const extendedCredentialResult = await resolveExternalCredential(externalCredentialLoader, verifiablePresentation, extendedCredentialValue); // Add Resolved Credential to Presentation if (extendedCredentialResult?.credential) { if (!extendedCredentialResult.inPresentation) { presentationToValidateVC.unshift(extendedCredentialResult.credential); } } } const presentationToValidate = structuredClone(verifiablePresentation); presentationToValidate.verifiableCredential = presentationToValidateVC; for (const credential of presentationToValidate.verifiableCredential) { const credentialResult = await checkGS1Credentials(validatorRequest, presentationToValidate, credential); gs1CredentialCheck.result.push(credentialResult); if (!credentialResult.verified) { gs1CredentialCheck.verified = false; } } } else { const credentialResult = await checkGS1Credentials(validatorRequest, verifiablePresentation, presentationCredentials); gs1CredentialCheck.result.push(credentialResult); if (!credentialResult.verified) { gs1CredentialCheck.verified = false; } if (credentialResult.resolvedCredential) { gs1CredentialCheck.result.push(credentialResult.resolvedCredential); } } return gs1CredentialCheck; }