oceanprotocol · AdriGeorge · Nov 20, 2024 · Nov 20, 2024 · Nov 20, 2024 · Nov 20, 2024
@@ -56,10 +56,12 @@
   "dependencies": {
     "@oasisprotocol/sapphire-paratime": "^1.3.2",
     "@oceanprotocol/contracts": "^2.2.0",
+    "axios": "^1.7.7",
     "cross-fetch": "^4.0.0",
     "crypto-js": "^4.1.1",
     "decimal.js": "^10.4.1",
-    "ethers": "^5.7.2"
+    "ethers": "^5.7.2",
+    "jose": "^5.9.6"
   },
   "devDependencies": {
     "@truffle/hdwallet-provider": "^2.0.14",

@@ -0,0 +1,51 @@
+/**
+ * Represents a JSON Web Token (JWT) used in cryptographic operations.
+ */
+export interface JWT {
+  kty: string // Key type (e.g., 'EC' for Elliptic Curve)
+  d: string // Private key (base64url encoded)
+  crv: string // Cryptographic curve (e.g., 'secp256k1')
+  kid: string // Key ID
+  x: string // X-coordinate of the public key (base64url encoded)
+}
+
+/**
+ * Represents a key used by an issuer to sign credentials.
+ */
+export interface IssuerKey {
+  type: string // Type of the key (e.g., 'JWK')
+  jwk: JWT // The JSON Web Token associated with the issuer's key
+}
+
+/**
+ * Represents the result of signing a credential.
+ */
+export interface SignedCredential {
+  jws: string // JSON Web Signature (JWS) of the credential
+  header: Record<string, any> // Protected header used in the JWS
+  issuer: string // DID or public key of the issuer
+}
+
+/**
+ * Represents the common properties of a JSON Web Key (JWK).
+ */
+interface BaseJWK {
+  kty: string // Key type (e.g., 'EC' for Elliptic Curve)
+  crv: string // Cryptographic curve (e.g., 'secp256k1')
+  x: string // X-coordinate of the public key (base64url encoded)
+  y: string // Y-coordinate of the public key (base64url encoded)
+  alg: string // Algorithm used (e.g., 'ES256K')
+  use: string // Intended use of the key (e.g., 'sig' for signing)
+}
+
+/**
+ * Represents a JSON Web Key (JWK) for private signing operations.
+ */
+export interface IssuerKeyJWK extends BaseJWK {
+  d: string // Private key (base64url encoded)
+}
+
+/**
+ * Represents a JSON Web Key (JWK) for public verification operations.
+ */
+export interface IssuerPublicKeyJWK extends BaseJWK {}
@@ -0,0 +1,90 @@
+import { importJWK, JWTPayload, jwtVerify, SignJWT } from 'jose'
+import axios from 'axios'
+import {
+  IssuerKey,
+  IssuerKeyJWK,
+  IssuerPublicKeyJWK,
+  SignedCredential
+} from '../@types/IssuerSignature'
+
+/**
+ * Signs a verifiable credential using Walt.id's issuer API.
+ * @param {any} verifiableCredential - The verifiable credential to sign.
+ * @param {string} waltIdIssuerApi - URL of the Walt.id issuer API.
+ * @param {string} issuerDid - DID of the issuer.
+ * @param {IssuerKey} issuerKey - Issuer's key for signing.
+ * @returns {Promise<SignedCredential>} - The signed credential's JWS, header, and issuer information.
+ * @throws {Error} If the signing process fails.
+ */
+export async function signCredentialWithWaltId(
+  verifiableCredential: any,
+  waltIdIssuerApi: string,
+  issuerDid: string,
+  issuerKey: IssuerKey
+): Promise<SignedCredential> {
+  try {
+    const response = await axios.post(waltIdIssuerApi, {
+      credentialData: verifiableCredential,
+      issuerDid,
+      issuerKey,
+      subjectDid: verifiableCredential.credentialSubject.id
+    })
+    const jws = response.data
+    const header = { alg: issuerKey.jwk.kty }
+    return { jws, header, issuer: issuerDid }
+  } catch (error) {
+    console.error('Error signing credential with WaltId:', error)
+    throw error
+  }
+}
+
+/**
+ * Signs a verifiable credential locally using a private key.
+ * @param {any} verifiableCredential - The verifiable credential to sign.
+ * @param {IssuerKeyJWK} issuerKeyJWK - the JWK from private key.
+ * @param {string} publicKeyHex - the public key
+ * @returns {Promise<SignedCredential>} - The signed credential's JWS, header, and issuer information.
+ * @throws {Error} If the signing process fails.
+ */
+export async function signCredential(
+  verifiableCredential: any,
+  issuerKeyJWK: IssuerKeyJWK,
+  publicKeyHex: string
+): Promise<SignedCredential> {
+  try {
+    const key = await importJWK(issuerKeyJWK, issuerKeyJWK.alg)
+
+    const jws = await new SignJWT(verifiableCredential as unknown as JWTPayload)
+      .setProtectedHeader({ alg: issuerKeyJWK.alg })
+      .setIssuedAt()
+      .setIssuer(publicKeyHex)
+      .sign(key)
+    const header = { alg: issuerKeyJWK.alg }
+
+    return { jws, header, issuer: publicKeyHex }
+  } catch (error) {
+    console.error('Error signing credential:', error)
+    throw error
+  }
+}
+
+/**
+ * Verifies a verifiable credential's JWS using the issuer's public key.
+ * @param {string} jws - The JSON Web Signature (JWS) to verify.
+ * @param {IssuerPublicKeyJWK} issuerPublicKeyJWK - The public key JWK of the issuer.
+ * @returns {Promise<JWTPayload>} - The verified payload of the credential.
+ * @throws {Error} If the verification fails.
+ */
+export async function verifyCredential(
+  jws: string,
+  issuerPublicKeyJWK: IssuerPublicKeyJWK
+): Promise<JWTPayload> {
+  const key = await importJWK(issuerPublicKeyJWK, 'ES256K')
+  try {
+    const { payload } = await jwtVerify(jws, key)
+    return payload
+  } catch (error) {
+    console.error('Verification failed:', error)
+    throw error
+  }
+}
@@ -11,3 +11,4 @@ export * from './TokenUtils'
 export * from './ProviderErrors'
 export * from './OrderUtils'
 export * from './Assets'
+export * from './SignDDO'