Merge pull request #343 from docknetwork/feat/jws-issuance

JWS issuance by default

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@docknetwork/sdk",
-  "version": "2.10.0",
+  "version": "3.0.0",
   "main": "index.js",
   "license": "MIT",
   "repository": {
@@ -55,15 +55,14 @@
     "staking_payouts": "npx babel-node scripts/staking_payouts.js",
     "did-resolver-example": "npx babel-node example/resolver.js",
     "revocation-example": "npx babel-node example/revocation.js",
-    "didweb-example": "npx babel-node example/didweb.js",
     "vcdm-example": "npx babel-node example/vcdm.js",
     "standard-schemas-example": "npx babel-node example/standard_schemas.js",
     "schema-example": "npx babel-node example/schema.js",
     "schema-validation-example": "npx babel-node example/schema-validation.js",
     "blob-example": "npx babel-node example/blob.js",
     "claim-deduction-example": "npx babel-node example/claim-deduction.js",
     "anchor-example": "npx babel-node example/anchor.js",
-    "test-examples": "yarn didweb-example && yarn dock-did-example && yarn did-resolver-example && yarn revocation-example && yarn vcdm-example && yarn standard-schemas-example && yarn schema-example && yarn schema-validation-example && yarn blob-example && yarn claim-deduction-example && yarn anchor-example",
+    "test-examples": "yarn dock-did-example && yarn did-resolver-example && yarn revocation-example && yarn vcdm-example && yarn standard-schemas-example && yarn schema-example && yarn schema-validation-example && yarn blob-example && yarn claim-deduction-example && yarn anchor-example",
     "get-did": "npx babel-node scripts/get_did_doc.js",
     "upgrade_with_sudo": "npx babel-node scripts/runtime_upgrade_with_sudo.js",
     "onboard_with_sudo": "npx babel-node scripts/onboard_validator_with_sudo.js",

src/bbs-plus-presentation.js

@@ -83,7 +83,6 @@ export default class BbsPlusPresentation {
     });
 
     const convertedCredential = Credential.fromJSON(credential, CustomLinkedDataSignature.fromJsigProofValue(credentialLD.proof.proofValue));
-    console.log('convertedCredential', convertedCredential.toJSON());
     const idx = await this.presBuilder.addCredential(convertedCredential, pk);
 
     // Enforce revealing of verificationMethod and type

src/utils/vc/credentials.js

@@ -250,9 +250,9 @@ export async function verifyCredential(credential, {
  *   `@context` (if it is not present, it's added to the context list).
  * @return {Promise<object>} The signed credential object.
  */
-export async function issueCredential(keyDoc, credential, compactProof = true, documentLoader = null, purpose = null, expansionMap = null, issuerObject = null, addSuiteContext = false) {
+export async function issueCredential(keyDoc, credential, compactProof = true, documentLoader = null, purpose = null, expansionMap = null, issuerObject = null, addSuiteContext = false, useProofValue = false) {
   // Get suite from keyDoc parameter
-  const suite = getSuiteFromKeyDoc(keyDoc);
+  const suite = getSuiteFromKeyDoc(keyDoc, useProofValue);
   if (!suite.verificationMethod) {
     throw new TypeError('"suite.verificationMethod" property is required.');
   }

src/utils/vc/crypto/Bls12381BBSSignatureDock2022.js

@@ -42,6 +42,7 @@ export default class Bls12381BBSSignatureDock2022 extends CustomLinkedDataSignat
       alg: 'Bls12381BBS+SignatureDock2022',
       signer: signer || Bls12381BBSSignatureDock2022.signerFactory(keypair, verificationMethod),
       verifier,
+      useProofValue: true,
     });
 
     this.proof = {

src/utils/vc/crypto/Bls12381BBSSignatureProofDock2022.js

@@ -71,6 +71,7 @@ export default class Bls12381BBSSignatureProofDock2022 extends CustomLinkedDataS
       LDKeyClass: Bls12381G2KeyPairDock2022,
       contextUrl: SUITE_CONTEXT_URL,
       alg: Bls12381BBSSigProofDockSigName,
+      useProofValue: true,
     });
 
     this.proof = {

src/utils/vc/crypto/EcdsaSepc256k1Signature2019.js

@@ -12,7 +12,7 @@ export default class EcdsaSepc256k1Signature2019 extends CustomLinkedDataSignatu
    * @param {object} config - Configuration options
    */
   constructor({
-    keypair, verificationMethod, verifier, signer,
+    keypair, verificationMethod, verifier, signer, useProofValue,
   } = {}) {
     super({
       type: EcdsaSecp256k1SigName,
@@ -21,6 +21,7 @@ export default class EcdsaSepc256k1Signature2019 extends CustomLinkedDataSignatu
       alg: 'ES256K',
       signer: signer || EcdsaSepc256k1Signature2019.signerFactory(keypair, verificationMethod),
       verifier,
+      useProofValue,
     });
     this.requiredKeyType = EcdsaSecp256k1VerKeyName;
   }

src/utils/vc/crypto/Sr25519Signature2020.js

@@ -11,7 +11,7 @@ export default class Sr25519Signature2020 extends CustomLinkedDataSignature {
    * @param {object} config - Configuration options
    */
   constructor({
-    keypair, verificationMethod, verifier, signer,
+    keypair, verificationMethod, verifier, signer, useProofValue,
   } = {}) {
     super({
       type: Sr25519SigName,
@@ -20,6 +20,7 @@ export default class Sr25519Signature2020 extends CustomLinkedDataSignature {
       alg: 'EdDSA',
       signer: signer || Sr25519Signature2020.signerFactory(keypair, verificationMethod),
       verifier,
+      useProofValue,
     });
     this.requiredKeyType = Sr25519VerKeyName;
   }

src/utils/vc/crypto/custom-linkeddatasignature.js

@@ -30,6 +30,7 @@ export default class CustomLinkedDataSignature extends jsigs.suites.LinkedDataSi
   constructor(config) {
     super(config);
     this.alg = config.alg;
+    this.useProofValue = config.useProofValue || false;
   }
 
   /**
@@ -101,22 +102,34 @@ export default class CustomLinkedDataSignature extends jsigs.suites.LinkedDataSi
       throw new Error('A signer API has not been specified.');
     }
 
-    let signatureBytes;
-    const signature = await this.signer.sign({ data: verifyData });
-    if (typeof signature === 'string') {
-      // Some signers will return a string like: header..signature
-      // split apart those strings to get the signature in bytes
-      const signatureSplit = signature.split('.');
-      const signatureEncoded = signatureSplit[signatureSplit.length - 1];
-      signatureBytes = decodeBase64Url(signatureEncoded);
+    const getSigBytes = async (data) => {
+      let signatureBytes;
+      const signature = await this.signer.sign({ data });
+      if (typeof signature === 'string') {
+        // Some signers will return a string like: header..signature
+        // split apart those strings to get the signature in bytes
+        const signatureSplit = signature.split('.');
+        const signatureEncoded = signatureSplit[signatureSplit.length - 1];
+        signatureBytes = decodeBase64Url(signatureEncoded);
+      } else {
+        signatureBytes = signature;
+      }
+      return signatureBytes;
+    };
+
+    const finalProof = { ...proof };
+    if (this.useProofValue) {
+      const signatureBytes = await getSigBytes(verifyData);
+      finalProof.proofValue = CustomLinkedDataSignature.encodeProofValue(signatureBytes);
     } else {
-      signatureBytes = signature;
+      const header = { alg: this.alg, b64: false, crit: ['b64'] };
+      const encodedHeader = base64url.encode(JSON.stringify(header));
+      const jwsData = createJws({ encodedHeader, verifyData });
+      const signatureBytesJWS = await getSigBytes(jwsData);
+      finalProof.jws = `${encodedHeader}..${base64url.encode(signatureBytesJWS)}`;
     }
 
-    return {
-      ...proof,
-      proofValue: CustomLinkedDataSignature.encodeProofValue(signatureBytes),
-    };
+    return finalProof;
   }
 
   static encodeProofValue(signatureBytes) {

src/utils/vc/helpers.js

@@ -39,7 +39,7 @@ export default function getKeyDoc(did, keypair, type, id) {
  * @param {object} keyDoc - key document containing `id`, `controller`, `type`, `privateKeyBase58` and `publicKeyBase58`
  * @returns {object} - signature suite.
  */
-export function getSuiteFromKeyDoc(keyDoc) {
+export function getSuiteFromKeyDoc(keyDoc, useProofValue) {
   // Check if passing suite directly
   if (keyDoc.verificationMethod) {
     return keyDoc;
@@ -62,9 +62,11 @@ export function getSuiteFromKeyDoc(keyDoc) {
     default:
       throw new Error(`Unknown key type ${keyDoc.type}.`);
   }
+
   return new Cls({
     ...keyDoc,
     verificationMethod: keyDoc.id,
+    useProofValue,
   });
 }
 

src/verifiable-credential.js

@@ -235,14 +235,15 @@ class VerifiableCredential {
    *   `@context` (if it is not present, it's added to the context list).
    * @returns {Promise<VerifiableCredential>}
    */
-  async sign(keyDoc, compactProof = true, issuerObject = null, addSuiteContext = false) {
+  async sign(keyDoc, compactProof = true, issuerObject = null, addSuiteContext = false, useProofValue = false) {
     const signedVC = await issueCredential(
       keyDoc,
       this.toJSON(),
       compactProof,
       null, null, null,
       issuerObject,
       addSuiteContext,
+      useProofValue,
     );
     this.setProof(signedVC.proof);
     this.issuer = signedVC.issuer;

tests/integration/helpers.js

@@ -87,7 +87,6 @@ export function getCredMatcherDoc(cred, issuer, issuerKeyId, sigType) {
     issuer,
     proof: expect.objectContaining({
       type: sigType,
-      proofValue: expect.anything(),
       proofPurpose: 'assertionMethod',
       verificationMethod: issuerKeyId,
     }),

tests/unit/issuing.test.js

@@ -65,7 +65,7 @@ function getSamplePres(signed = false) {
         type: 'EcdsaSecp256k1Signature2019',
         challenge: 'some_challenge',
         domain: 'some_domain',
-        proofValue: expect.anything(),
+        jws: expect.anything(),
         proofPurpose: 'authentication',
         verificationMethod: keyUrl,
       },
@@ -118,6 +118,13 @@ describe('Verifiable Credential Issuing', () => {
     expect(result.results[0].verified).toBe(true);
   }, 30000);
 
+  test('Issuing should return an object with a proof, and it must pass validation (using proofValue).', async () => {
+    const credential = await issueCredential(getSampleKey(), getSampleCredential(), true, null, null, null, null, false, true);
+    expect(credential.proof.proofValue).toBeDefined();
+    const result = await verifyCredential(credential);
+    expect(result.verified).toBe(true);
+  }, 30000);
+
   test('Tampered Credential should not pass validation.', async () => {
     const credential = await issueCredential(getSampleKey(), getSampleCredential());
     credential.issuanceDate = '9020-04-15T09:05:35Z';
@@ -422,7 +429,7 @@ describe('Verifiable Presentation incremental creation', () => {
     expect(vp.proof).toMatchObject({ created: expect.anything() });
     expect(vp.proof).toMatchObject({ challenge: 'some_challenge' });
     expect(vp.proof).toMatchObject({ domain: 'some_domain' });
-    expect(vp.proof).toMatchObject({ proofValue: expect.anything() });
+    expect(vp.proof).toMatchObject({ jws: expect.anything() });
     expect(vp.proof).toMatchObject({ proofPurpose: 'authentication' });
     expect(vp.proof).toMatchObject({ verificationMethod: expect.anything() });
 
@@ -462,7 +469,7 @@ describe('Verifiable Presentation incremental creation', () => {
     expect(vp.proof).toMatchObject({ created: expect.anything() });
     expect(vp.proof).toMatchObject({ challenge: 'some_challenge' });
     expect(vp.proof).toMatchObject({ domain: 'some_domain' });
-    expect(vp.proof).toMatchObject({ proofValue: expect.anything() });
+    expect(vp.proof).toMatchObject({ jws: expect.anything() });
     expect(vp.proof).toMatchObject({ proofPurpose: 'authentication' });
     expect(vp.proof).toMatchObject({ verificationMethod: expect.anything() });