Merge pull request #64 from lacchain/ecdsa-jcs-2019

Ecdsa jcs 2019

.example.env

@@ -73,6 +73,7 @@ EMAIL_TRANSPORTER = AWS
 # KEY_MANAGER_DID_JWT = /did-jwt/generate
 # KEY_MANAGER_DID_COMM_ENCRYPT = /didcomm/x25519/encrypt
 # KEY_MANAGER_SECP256K1_PLAIN_MESSAGE_SIGN = /secp256k1/sign/plain-message
+# KEY_MANAGER_P256_PLAIN_MESSAGE_SIGN = /secp256k1/sign/plain-message
 # KEY_MANAGER_SECP256K1_SIGN_LACCHAIN_TRANSACTION=/secp256k1/sign/lacchain-tx
 
 
@@ -113,4 +114,4 @@ NODE_ADDRESS = 0xad730de8c4bfc3d845f7ce851bcf2ea17c049585
 
 ## verification registry
 # PROOF_OF_EXISTENCE_MODE = "ENABLED_NOT_THROWABLE" # options: "STRICT", "DISABLED", by default "ENABLED_NOT_THROWABLE"
-# VERIFICATION_REGISTRY_CONTRACT_ADDRESS = '0xF17Da8641771c0196318515b662b0C00132C4163' # optional, just in case you are willing to use another verification registry
+# VERIFICATION_REGISTRY_CONTRACT_ADDRESS = '0x64CaA0fC7E0C1f051078da9525A31D00dB1F50eE' # optional, just in case you are willing to use another verification registry

.example.env.dev

@@ -72,6 +72,7 @@ EMAIL_TRANSPORTER = AWS
 # KEY_MANAGER_DID_JWT = /did-jwt/generate
 # KEY_MANAGER_DID_COMM_ENCRYPT = /didcomm/x25519/encrypt
 # KEY_MANAGER_SECP256K1_PLAIN_MESSAGE_SIGN = /secp256k1/sign/plain-message
+# KEY_MANAGER_P256_PLAIN_MESSAGE_SIGN = /secp256k1/sign/plain-message
 # KEY_MANAGER_SECP256K1_SIGN_LACCHAIN_TRANSACTION=/secp256k1/sign/lacchain-tx
 
 
@@ -112,4 +113,4 @@ NODE_ADDRESS = 0xad730de8c4bfc3d845f7ce851bcf2ea17c049585
 
 ## verification registry
 # PROOF_OF_EXISTENCE_MODE = "ENABLED_NOT_THROWABLE" # options: "STRICT", "DISABLED", by default "ENABLED_NOT_THROWABLE"
-# VERIFICATION_REGISTRY_CONTRACT_ADDRESS = '0xF17Da8641771c0196318515b662b0C00132C4163' # optional, just in case you are willing to use another verification registry
+# VERIFICATION_REGISTRY_CONTRACT_ADDRESS = '0x64CaA0fC7E0C1f051078da9525A31D00dB1F50eE' # optional, just in case you are willing to use another verification registry

CHANGELOG.md

@@ -1,5 +1,13 @@
 # Changelog
 
+### 0.0.9
+
+* Update verification Registry default contract address for OpenProtest network to '0x64CaA0fC7E0C1f051078da9525A31D00dB1F50eE' (since this considers isRevoked flag on queried for a digest issued by some entity)
+### 0.0.8
+
+* Update credential schema version to https://www.w3.org/ns/credentials/v2
+* Add support for ecdsa-jcs-2019 cryptographic suite for verifiable credentials
+
 ### 0.0.7
 
 * Add PoE for emitted credentials.

package.json

@@ -1,6 +1,6 @@
 {
   "name": "lacpass-client",
-  "version": "0.0.7",
+  "version": "0.0.9",
   "description": "Rest api for lacpass Client",
   "license": "MIT",
   "scripts": {
@@ -81,7 +81,7 @@
     "form-data": "^4.0.0",
     "helmet": "^5.0.2",
     "jsonwebtoken": "^9.0.0",
-    "lacchain-trust": "^0.0.2",
+    "lacchain-trust": "^0.0.6",
     "morgan": "^1.10.0",
     "multer": "^1.4.4",
     "nodemailer": "^6.7.3",

src/config/index.ts

@@ -174,6 +174,7 @@ export const {
   KEY_MANAGER_DID_JWT,
   KEY_MANAGER_DID_COMM_ENCRYPT,
   KEY_MANAGER_SECP256K1_PLAIN_MESSAGE_SIGN,
+  KEY_MANAGER_P256_PLAIN_MESSAGE_SIGN,
   KEY_MANAGER_SECP256K1_SIGN_LACCHAIN_TRANSACTION,
   SECURE_RELAY_MESSAGE_DELIVERER_BASE_URL,
   SECURE_RELAY_MESSAGE_DELIVERER_SEND

src/constants/lacchain/verification.registry.abi.ts

@@ -377,6 +377,11 @@ export const VERIFICATION_REGISTRY_ABI = [
         internalType: 'bool',
         name: 'onHold',
         type: 'bool'
+      },
+      {
+        internalType: 'bool',
+        name: 'isRevoked',
+        type: 'bool'
       }
     ],
     stateMutability: 'view',
@@ -401,30 +406,6 @@ export const VERIFICATION_REGISTRY_ABI = [
     stateMutability: 'view',
     type: 'function'
   },
-  {
-    inputs: [
-      {
-        internalType: 'address',
-        name: 'issuer',
-        type: 'address'
-      },
-      {
-        internalType: 'bytes32',
-        name: 'digest',
-        type: 'bytes32'
-      }
-    ],
-    name: 'isValidCredential',
-    outputs: [
-      {
-        internalType: 'bool',
-        name: 'value',
-        type: 'bool'
-      }
-    ],
-    stateMutability: 'view',
-    type: 'function'
-  },
   {
     inputs: [
       {

src/constants/verification.registry.ts

@@ -2,5 +2,5 @@ export const VERIFICATION_REGISTRY_CONTRACT_ADDRESSES: Map<string, string> =
   new Map<string, string>();
 VERIFICATION_REGISTRY_CONTRACT_ADDRESSES.set(
   '0x9e55c',
-  '0xF17Da8641771c0196318515b662b0C00132C4163'
+  '0x64CaA0fC7E0C1f051078da9525A31D00dB1F50eE'
 );

src/interfaces/verifiable-credential/ddcc.credential.ts

@@ -1,14 +1,14 @@
-export interface ICredential {
+export interface ICredentialV2 {
   '@context': string[];
   id: string;
   type: string[] | string;
   issuer: string;
   name: string;
   identifier: string;
-  issuanceDate: string;
-  expirationDate?: string;
+  validFrom: string;
+  validUntil?: string;
 }
-export interface IDDCCCredential extends ICredential {
+export interface IDDCCCredential extends ICredentialV2 {
   credentialSubject: IDDCCCredentialSubject;
 }
 
@@ -68,8 +68,22 @@ export interface IType1Proof {
   proofValue: string;
 }
 
+export interface IType2ProofConfig {
+  type: 'DataIntegrityProof';
+  cryptosuite: 'ecdsa-jcs-2019';
+  created: string;
+  proofPurpose: 'assertionMethod';
+  verificationMethod: string;
+  domain?: string;
+}
+export interface IType2Proof extends IType2ProofConfig {
+  proofValue: string;
+}
+
 export type IDDCCVerifiableCredential = IDDCCCredential & {
-  proof: IType1Proof;
+  proof: IType2Proof;
 };
 
-export type IVerifiableCredential = ICredential & { proof: IType1Proof };
+export type IVerifiableCredential = ICredentialV2 & {
+  proof: IType2Proof;
+};

src/services/did/did.document.service.ts

@@ -67,7 +67,7 @@ export class DidDocumentService {
   static filterSecp256k1PublicKeysFromJwkAssertionKeys(
     doc: any,
     algorithm: string,
-    curve: 'secp256k1'
+    curve: 'secp256k1' | 'P-256'
   ): { id: string; publicKeyBuffer: Buffer }[] | undefined {
     const keys = doc.assertionMethod.filter(
       (ka: { crv: string; publicKeyJwk: any; type: string }) =>

src/services/external/key-manager/key-manager.service.ts

@@ -6,7 +6,8 @@ import {
   KEY_MANAGER_BASE_URL,
   log4TSProvider,
   KEY_MANAGER_SECP256K1_PLAIN_MESSAGE_SIGN,
-  KEY_MANAGER_SECP256K1_SIGN_LACCHAIN_TRANSACTION
+  KEY_MANAGER_SECP256K1_SIGN_LACCHAIN_TRANSACTION,
+  KEY_MANAGER_P256_PLAIN_MESSAGE_SIGN
 } from '../../../config';
 import { Service } from 'typedi';
 import { ErrorsMessages } from '../../../constants/errorMessages';
@@ -16,11 +17,13 @@ import {
   IDidCommService,
   IDidCommToEncryptData,
   ISignPlainMessageByAddress,
-  ISecp256k1SignatureMessageResponse,
+  ISignPlainMessageByCompressedPublicKey,
+  IECDSASignatureMessageResponse,
   Secp256k1GenericSignerService,
   ISignedTransaction,
   ILacchainTransaction,
-  Secp256k1SignLacchainTransactionService
+  Secp256k1SignLacchainTransactionService,
+  P256SignerServiceDb
 } from 'lacchain-key-manager';
 
 @Service()
@@ -31,21 +34,25 @@ export class KeyManagerService {
 
   public createDidJwt: (didJwt: IDidJwt) => Promise<string>;
   public didCommEncrypt: (args: IDidCommToEncryptData) => Promise<any>;
-  public secpSignPlainMessage: (
+  public secp256k1SignPlainMessage: (
     message: ISignPlainMessageByAddress
-  ) => Promise<ISecp256k1SignatureMessageResponse>;
+  ) => Promise<IECDSASignatureMessageResponse>;
+  public p256SignPlainMessage: (
+    message: ISignPlainMessageByCompressedPublicKey
+  ) => Promise<IECDSASignatureMessageResponse>;
   public signLacchainTransaction: (
     lacchainTransaction: ILacchainTransaction
   ) => Promise<ISignedTransaction>;
   // eslint-disable-next-line max-len
   private secp256k1SignLacchainTransactionService: Secp256k1SignLacchainTransactionService | null;
+  private p256SignPlainMessageService: P256SignerServiceDb | null;
   log = log4TSProvider.getLogger('IdentityManagerService');
   constructor() {
     if (IS_CLIENT_DEPENDENT_SERVICE !== 'true') {
       this.log.info('Configuring library usage for key manager service');
       this.createDidJwt = this.createDidJwtByLib;
       this.didCommEncrypt = this.didCommEncryptByLib;
-      this.secpSignPlainMessage = this.secpSignPlainMessageByLib;
+      this.secp256k1SignPlainMessage = this.secp256k1SignPlainMessageByLib;
 
       const S = require('lacchain-key-manager').DidJwtDbService;
       this.didJwtService = new S();
@@ -60,18 +67,26 @@ export class KeyManagerService {
       const V =
         require('lacchain-key-manager').Secp256k1SignLacchainTransactionServiceDb;
       this.secp256k1SignLacchainTransactionService = new V();
+
+      this.p256SignPlainMessage = this.p256SignPlainMessageByLib;
+      const W = require('lacchain-key-manager').P256SignerServiceDb;
+      this.p256SignPlainMessageService = new W();
     } else {
       this.log.info('Configuring key manager as external service connection');
       this.didJwtService = null;
       this.createDidJwt = this.createDidJwtByExternalService;
       this.didCommEncrypt = this.didCommEncryptByExternalService;
       this.didCommEncryptService = null;
-      this.secpSignPlainMessage = this.secpSignPlainMessageByExternalService;
+      this.secp256k1SignPlainMessage =
+        this.secp256k1SignPlainMessageByExternalService;
       this.secp256k1GenericSignerService = null;
 
       this.secp256k1SignLacchainTransactionService = null;
       this.signLacchainTransaction =
         this.signLacchainTransactionByExternalService;
+
+      this.p256SignPlainMessageService = null;
+      this.p256SignPlainMessage = this.p256SignPlainMessageByExternalService;
     }
   }
   private async createDidJwtByLib(didJwt: IDidJwt): Promise<string> {
@@ -82,12 +97,18 @@ export class KeyManagerService {
     return (await this.didCommEncryptService?.encrypt(args)) as any;
   }
 
-  private async secpSignPlainMessageByLib(
+  private async secp256k1SignPlainMessageByLib(
     message: ISignPlainMessageByAddress
-  ): Promise<ISecp256k1SignatureMessageResponse> {
+  ): Promise<IECDSASignatureMessageResponse> {
     return await this.secp256k1GenericSignerService?.signPlainMessage(message);
   }
 
+  private async p256SignPlainMessageByLib(
+    message: ISignPlainMessageByCompressedPublicKey
+  ): Promise<IECDSASignatureMessageResponse> {
+    return await this.p256SignPlainMessageService?.signPlainMessage(message);
+  }
+
   async signLacchainTransactionByLib(
     lacchainTransaction: ILacchainTransaction
   ): Promise<ISignedTransaction> {
@@ -138,9 +159,9 @@ export class KeyManagerService {
     return (await result.json()) as any;
   }
 
-  private async secpSignPlainMessageByExternalService(
+  private async secp256k1SignPlainMessageByExternalService(
     message: ISignPlainMessageByAddress
-  ): Promise<ISecp256k1SignatureMessageResponse> {
+  ): Promise<IECDSASignatureMessageResponse> {
     const result = await fetch(
       `${KEY_MANAGER_BASE_URL}${KEY_MANAGER_SECP256K1_PLAIN_MESSAGE_SIGN}`,
       {
@@ -159,6 +180,27 @@ export class KeyManagerService {
     return (await result.json()) as any;
   }
 
+  private async p256SignPlainMessageByExternalService(
+    message: ISignPlainMessageByCompressedPublicKey
+  ): Promise<IECDSASignatureMessageResponse> {
+    const result = await fetch(
+      `${KEY_MANAGER_BASE_URL}${KEY_MANAGER_P256_PLAIN_MESSAGE_SIGN}`,
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json'
+        },
+        body: JSON.stringify(message)
+      }
+    );
+    console.log('status', result.status);
+    if (result.status !== 200) {
+      console.log(await result.text());
+      throw new InternalServerError(ErrorsMessages.PLAIN_MESSAGE_SIGNING_ERROR);
+    }
+    return (await result.json()) as any;
+  }
+
   async signLacchainTransactionByExternalService(
     lacchainTransaction: ILacchainTransaction
   ): Promise<ISignedTransaction> {