mirror of
https://github.com/oceanprotocol/ocean.js.git
synced 2024-11-26 20:39:05 +01:00
103 lines
3.3 KiB
TypeScript
103 lines
3.3 KiB
TypeScript
import { base64url, importJWK, JWTPayload, jwtVerify, SignJWT } from 'jose'
|
|
import axios from 'axios'
|
|
import { IssuerKey, IssuerKeyJWK, SignedCredential } from '../@types/IssuerSignature'
|
|
|
|
/**
|
|
* Signs a verifiable credential using Walt.id's issuer API.
|
|
* @param {any} verifiableCredential - The verifiable credential to sign.
|
|
* @param {string} waltIdIssuerApi - URL of the Walt.id issuer API.
|
|
* @param {string} issuerDid - DID of the issuer.
|
|
* @param {IssuerKey} issuerKey - Issuer's key for signing.
|
|
* @returns {Promise<SignedCredential>} - The signed credential's JWS, header, and issuer information.
|
|
* @throws {Error} If the signing process fails.
|
|
*/
|
|
export async function signCredentialWithWaltId(
|
|
verifiableCredential: any,
|
|
waltIdIssuerApi: string,
|
|
issuerDid: string,
|
|
issuerKey: IssuerKey
|
|
): Promise<SignedCredential> {
|
|
try {
|
|
const response = await axios.post(waltIdIssuerApi, {
|
|
credentialData: verifiableCredential,
|
|
issuerDid,
|
|
issuerKey,
|
|
subjectDid: verifiableCredential.credentialSubject.id
|
|
})
|
|
const jws = response.data
|
|
const header = { alg: issuerKey.jwk.kty }
|
|
return { jws, header, issuer: issuerDid }
|
|
} catch (error) {
|
|
console.error('Error signing credential with WaltId:', error)
|
|
throw error
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Signs a verifiable credential locally using a private key.
|
|
* @param {any} verifiableCredential - The verifiable credential to sign.
|
|
* @param {IssuerKeyJWK} issuerKeyJWK - the JWK from private key.
|
|
* @param {string} publicKeyHex - the public key
|
|
* @returns {Promise<SignedCredential>} - The signed credential's JWS, header, and issuer information.
|
|
* @throws {Error} If the signing process fails.
|
|
*/
|
|
export async function signCredential(
|
|
verifiableCredential: any,
|
|
issuerKeyJWK: IssuerKeyJWK,
|
|
publicKeyHex: string
|
|
): Promise<SignedCredential> {
|
|
try {
|
|
const key = await importJWK(issuerKeyJWK, 'ES256K')
|
|
|
|
const jws = await new SignJWT(verifiableCredential as unknown as JWTPayload)
|
|
.setProtectedHeader({ alg: 'ES256K' })
|
|
.setIssuedAt()
|
|
.setIssuer(publicKeyHex)
|
|
.sign(key)
|
|
const header = { alg: 'ES256K' }
|
|
|
|
return { jws, header, issuer: publicKeyHex }
|
|
} catch (error) {
|
|
console.error('Error signing credential:', error)
|
|
throw error
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Verifies a verifiable credential's JWS using the issuer's public key.
|
|
* @param {string} jws - The JSON Web Signature (JWS) to verify.
|
|
* @param {string} issuerPublicKey - The public key of the issuer in hexadecimal format.
|
|
* @returns {Promise<JWTPayload>} - The verified payload of the credential.
|
|
* @throws {Error} If the verification fails.
|
|
*/
|
|
export async function verifyCredential(
|
|
jws: string,
|
|
issuerPublicKey: string
|
|
): Promise<JWTPayload> {
|
|
const publicKeyBuffer = Buffer.from(issuerPublicKey.substring(2), 'hex')
|
|
const xBuffer = publicKeyBuffer.slice(1, 33)
|
|
const yBuffer = publicKeyBuffer.slice(33, 65)
|
|
|
|
const x = base64url.encode(xBuffer as any as Uint8Array)
|
|
const y = base64url.encode(yBuffer as any as Uint8Array)
|
|
|
|
const publicJwk = {
|
|
kty: 'EC',
|
|
crv: 'secp256k1',
|
|
x,
|
|
y,
|
|
alg: 'ES256K',
|
|
use: 'sig'
|
|
}
|
|
|
|
const key = await importJWK(publicJwk, 'ES256K')
|
|
|
|
try {
|
|
const { payload } = await jwtVerify(jws, key)
|
|
return payload
|
|
} catch (error) {
|
|
console.error('Verification failed:', error)
|
|
throw error
|
|
}
|
|
}
|