UNPKG

@sphereon/ssi-sdk.presentation-exchange

Version:

143 lines (126 loc) 5.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
import { IDefinitionCredentialFilterArgs, IDefinitionValidateArgs, IPEXFilterResult, IPEXFilterResultWithInputDescriptor, IRequiredContext, PEXOpts, schema, VersionDiscoveryResult, } from '../index' import { IAgentPlugin } from '@veramo/core' import { IPresentationExchange } from '../types/IPresentationExchange' import { Checked, IPresentationDefinition, PEX } from '@sphereon/pex' import { CompactJWT, CredentialMapper, IProof, JWT_PROOF_TYPE_2020, W3CVerifiableCredential } from '@sphereon/ssi-types' import { InputDescriptorV1, InputDescriptorV2 } from '@sphereon/pex-models' import { toDIDs } from '@sphereon/ssi-sdk-ext.did-utils' import { CredentialRole, UniqueDigitalCredential, verifiableCredentialForRoleFilter } from '@sphereon/ssi-sdk.credential-store' import { FindDigitalCredentialArgs } from '@sphereon/ssi-sdk.data-store-types' export class PresentationExchange implements IAgentPlugin { readonly schema = schema.IDidAuthSiopOpAuthenticator private readonly pex = new PEX() readonly methods: IPresentationExchange = { pexValidateDefinition: this.pexValidateDefinition.bind(this), pexDefinitionVersion: this.pexDefinitionVersion.bind(this), pexDefinitionFilterCredentials: this.pexDefinitionFilterCredentials.bind(this), pexDefinitionFilterCredentialsPerInputDescriptor: this.pexDefinitionFilterCredentialsPerInputDescriptor.bind(this), } constructor(opts?: PEXOpts) {} private async pexValidateDefinition(args: IDefinitionValidateArgs): Promise<boolean> { const { definition } = args const invalids: Checked[] = [] try { const result = PEX.validateDefinition(definition) const validations = Array.isArray(result) ? result : [result] invalids.push(...validations.filter((v) => v.status === 'error')) } catch (error) { invalids.push({ status: 'error', message: typeof error === 'string' ? error : typeof error === 'object' && 'message' in (error as object) ? (error as Error).message : 'unknown error', tag: 'validation', }) } if (invalids.length > 0) { throw Error(`Invalid definition. ${invalids.map((v) => v.message).toString()}`) } return true // Never returns false, but REST API does not allow Promise<void> } async pexDefinitionVersion(presentationDefinition: IPresentationDefinition): Promise<VersionDiscoveryResult> { return PEX.definitionVersionDiscovery(presentationDefinition) } async pexDefinitionFilterCredentials(args: IDefinitionCredentialFilterArgs, context: IRequiredContext): Promise<IPEXFilterResult> { const credentials = await this.pexFilterCredentials(args.credentialFilterOpts, context) const holderDIDs = args.holderDIDs ? toDIDs(args.holderDIDs) : toDIDs(await context.agent.dataStoreORMGetIdentifiers()) const selectResults = this.pex.selectFrom(args.presentationDefinition, credentials ?? [], { ...args, holderDIDs, limitDisclosureSignatureSuites: args.limitDisclosureSignatureSuites ?? ['BbsBlsSignature2020'], }) return { id: args.presentationDefinition.id, selectResults, filteredCredentials: selectResults.verifiableCredential?.map((vc) => CredentialMapper.storedCredentialToOriginalFormat(vc)) ?? [], } } async pexDefinitionFilterCredentialsPerInputDescriptor( args: IDefinitionCredentialFilterArgs, context: IRequiredContext, ): Promise<IPEXFilterResultWithInputDescriptor[]> { const origDefinition = args.presentationDefinition const credentials = await this.pexFilterCredentials(args.credentialFilterOpts ?? {}, context) const holderDIDs = args.holderDIDs ? toDIDs(args.holderDIDs) : toDIDs(await context.agent.dataStoreORMGetIdentifiers()) const limitDisclosureSignatureSuites = args.limitDisclosureSignatureSuites const promises = new Map<InputDescriptorV1 | InputDescriptorV2, Promise<IPEXFilterResult>>() origDefinition.input_descriptors.forEach((inputDescriptor) => { const presentationDefinition = { id: inputDescriptor.id, input_descriptors: [inputDescriptor], } const credentialRole = args.credentialFilterOpts.credentialRole promises.set( inputDescriptor, this.pexDefinitionFilterCredentials( { credentialFilterOpts: { credentialRole, verifiableCredentials: credentials }, // @ts-ignore presentationDefinition, holderDIDs, limitDisclosureSignatureSuites, }, context, ), ) }) await Promise.all(promises.values()) const result: IPEXFilterResultWithInputDescriptor[] = [] for (const entry of promises.entries()) { result.push({ ...(await entry[1]), inputDescriptor: entry[0] }) } return result } private async pexFilterCredentials( filterOpts: { credentialRole: CredentialRole verifiableCredentials?: W3CVerifiableCredential[] filter?: FindDigitalCredentialArgs }, context: IRequiredContext, ): Promise<W3CVerifiableCredential[]> { if (filterOpts.verifiableCredentials && filterOpts.verifiableCredentials.length > 0) { return filterOpts.verifiableCredentials as W3CVerifiableCredential[] } const filter = verifiableCredentialForRoleFilter(filterOpts.credentialRole, filterOpts.filter) const uniqueCredentials = await context.agent.crsGetUniqueCredentials({ filter }) return uniqueCredentials.map((uniqueVC: UniqueDigitalCredential) => { const vc = uniqueVC.uniformVerifiableCredential! const proof = Array.isArray(vc.proof) ? vc.proof : [vc.proof] const jwtProof = proof.find((p: IProof) => p?.type === JWT_PROOF_TYPE_2020) return jwtProof ? (jwtProof.jwt as CompactJWT) : vc }) } }