UNPKG

jsonld-signatures-merkleproof2019

Version:

A jsonld signature implementation to support MerkleProof2019 verification in Verifiable Credential context

github.com/blockchain-certificates/jsonld-signatures-merkleproof2019

blockchain-certificates/jsonld-signatures-merkleproof2019

93 lines (78 loc) 3.02 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import VerifierError from '../models/VerifierError.js'; import getText from '../helpers/getText.js'; import type { VCProof } from '../models/Proof'; interface AssertProofPurposeValidityAPI { expectedProofPurpose: string; proof: VCProof; issuer: any; // TODO: use better defined, from CVJS potentially (split to avoid circular dependency) } function assertProofPurposeValidity ({ expectedProofPurpose, proof, issuer }: AssertProofPurposeValidityAPI): void { if (proof.proofPurpose !== expectedProofPurpose) { throw new VerifierError('assertProofValidity', getText('errors', 'assertProofValidityPurposeVerifier') .replace('${expectedProofPurpose}', expectedProofPurpose) .replace('${proof.proofPurpose}', proof.proofPurpose) ); } if (issuer && !issuer[expectedProofPurpose]?.includes(proof.verificationMethod)) { throw new VerifierError('assertProofValidity', getText('errors', 'assertProofValidityPurposeIssuerKey') .replace('${proof.verificationMethod}', proof.verificationMethod) .replace('${expectedProofPurpose}', expectedProofPurpose) ); } if (expectedProofPurpose === 'authentication' && !proof.domain) { // TODO: return actual warning console.warn('No domain found in proof, but it is recommended for authentication purposes'); } } interface AssertProofDomainAPI { expectedDomain: string[]; proof: VCProof; expectedChallenge: string; } function assertProofDomain ({ expectedDomain, proof, expectedChallenge }: AssertProofDomainAPI): void { if (!expectedDomain.includes(proof.domain)) { throw new VerifierError('assertProofValidity', getText('errors', 'assertProofValidityDomainVerifier') .replace('${expectedDomain}', expectedDomain.join(', ')) .replace('${proof.domain}', proof.domain) ); } if (proof.domain && !proof.challenge) { // TODO: return actual warning console.warn('No challenge found in proof, but it is recommended for domain verification'); } if (proof.challenge && proof.challenge !== expectedChallenge) { throw new VerifierError('assertProofValidity', getText('errors', 'assertProofValidityInvalidChallenge')); } } interface AssertProofValidityAPI { expectedProofPurpose: string; expectedDomain: string[]; expectedChallenge: string; proof: VCProof; issuer: any; } export default function assertProofValidity ({ expectedProofPurpose, expectedDomain, expectedChallenge, proof, issuer }: AssertProofValidityAPI): boolean { if (!proof.proofPurpose) { throw new VerifierError('assertProofValidity', getText('errors', 'assertProofValidityNoProofPurpose')); } if (!proof.created) { throw new VerifierError('assertProofValidity', getText('errors', 'assertProofValidityNoCreated')); } if (proof.proofPurpose) { assertProofPurposeValidity({ expectedProofPurpose, proof, issuer }); } if (proof.domain) { assertProofDomain({ expectedDomain, proof, expectedChallenge }); } return true; }