jsonld-signatures - npm Package Compare versions

Comparing version 11.1.0 to 11.2.0

lib/constants.js

 /*!
- * Copyright (c) 2017-2018 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2017-2023 Digital Bazaar, Inc. All rights reserved.
  */
 'use strict';
 
-const {constants: securityConstants} = require('security-context');
+const {
+  constants: securityConstants
+} = require('@digitalbazaar/security-context');
 
@@ -8,0 +10,0 @@ module.exports = {

lib/contexts.js

@@ -1,3 +0,3 @@
-/*
- * Copyright (c) 2017-2021 Digital Bazaar, Inc. All rights reserved.
+/*!
+ * Copyright (c) 2017-2023 Digital Bazaar, Inc. All rights reserved.
  */
@@ -7,3 +7,3 @@ 'use strict';
 const constants = require('./constants');
-const {contexts: securityContexts} = require('security-context');
+const {contexts: securityContexts} = require('@digitalbazaar/security-context');
 
@@ -10,0 +10,0 @@ module.exports = new Map([

lib/jsonld-signatures.js

 /*!
- * Copyright (c) 2010-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2010-2023 Digital Bazaar, Inc. All rights reserved.
  */
@@ -19,2 +19,59 @@ 'use strict';
 /**
+ * Derives a proof from the provided document, resulting in a new document
+ * with a new `proof` on it as generated by the given cryptographic suite.
+ *
+ * @param {object} document - The JSON-LD document from which to derive a
+ *   new proof.
+ *
+ * @param {object} options - Options hashmap.
+ * @param {LinkedDataSignature} options.suite - The linked data signature
+ *   cryptographic suite, containing private key material, with which to sign
+ *   the document.
+ *
+ * @param {ProofPurpose} purpose - A proof purpose instance that will
+ *   match proofs to be verified and ensure they were created according to
+ *   the appropriate purpose.
+ *
+ * @param {function} documentLoader  - A secure document loader (it is
+ *   recommended to use one that provides static known documents, instead of
+ *   fetching from the web) for returning contexts, controller documents, keys,
+ *   and other relevant URLs needed for the proof.
+ *
+ * Advanced optional parameters and overrides:
+ *
+ * @param {function} [options.expansionMap] - NOT SUPPORTED; do not use.
+ * @param {boolean} [options.addSuiteContext=true] - Toggles the default
+ *   behavior of each signature suite enforcing the presence of its own
+ *   `@context` (if it is not present, it's added to the context list).
+ *
+ * @returns {Promise<object>} Resolves with signed document.
+ */
+api.derive = async function derive(document, {
+  suite, purpose, documentLoader, addSuiteContext = true
+} = {}) {
+  if(typeof document !== 'object') {
+    throw new TypeError('The "document" parameter must be an object.');
+  }
+  // Ensure document contains the signature suite specific context URL
+  // or throw an error (in case an advanced user overrides the
+  // `addSuiteContext` flag to false).
+  suite.ensureSuiteContext({document, addSuiteContext});
+
+  try {
+    return await new ProofSet().derive(
+      document, {suite, purpose, documentLoader});
+  } catch(e) {
+    if(!documentLoader && e.name === 'jsonld.InvalidUrl') {
+      const {details: {url}} = e;
+      const err = new Error(
+        `A URL "${url}" could not be fetched; you need to pass ` +
+        '"documentLoader" or resolve the URL before calling "derive".');
+      err.cause = e;
+      throw err;
+    }
+    throw e;
+  }
+};
+
+/**
  * Cryptographically signs the provided document by adding a `proof` section,
@@ -27,4 +84,3 @@ * based on the provided suite and proof purpose.
  * @param {LinkedDataSignature} options.suite - The linked data signature
- *   cryptographic suite, containing private key material, with which to sign
- *   the document.
+ *   cryptographic suite with which to sign the document.
  *
@@ -31,0 +87,0 @@ * @param {ProofPurpose} purpose - A proof purpose instance that will

lib/ProofSet.js

@@ -55,13 +55,12 @@ /*!
 
-    // preprocess document to prepare to remove existing proofs
-    // let input;
     // shallow copy document to allow removal of existing proofs
     const input = {...document};
-
     delete input.proof;
 
-    // create the new proof (suites MUST output a proof using the security-v2
-    // `@context`)
+    // get existing proof set, if any
+    const proofSet = _getProofs({document});
+
+    // create the new proof
     const proof = await suite.createProof({
-      document: input, purpose, documentLoader
+      document: input, purpose, proofSet, documentLoader
     });
@@ -75,2 +74,60 @@
   /**
+   * Derives a new Linked Data document with a new `proof` from an existing
+   * document with an existing proof set.
+   *
+   * Important note: This method assumes that the term `proof` in the given
+   * document has the same definition as the `https://w3id.org/security/v2`
+   * JSON-LD @context.
+   *
+   * @param document {object} - JSON-LD Document from which to derive a proof.
+   * @param options {object} Options hashmap.
+   *
+   * A `suite` option is required:
+   *
+   * @param options.suite {LinkedDataSignature} a signature suite instance
+   *   that will derive the new document and new `proof`.
+   *
+   * A `purpose` option is required:
+   *
+   * @param options.purpose {ProofPurpose} a proof purpose instance that will
+   *   augment the proof with information describing its intended purpose.
+   *
+   * Advanced optional parameters and overrides:
+   *
+   * @param [documentLoader] {function} a custom document loader,
+   *   `Promise<RemoteDocument> documentLoader(url)`.
+   *
+   * @return {Promise<object>} resolves with the new document, with a new
+   *   top-level `proof` property.
+   */
+  async derive(document, {suite, purpose, documentLoader} = {}) {
+    if(!suite) {
+      throw new TypeError('"options.suite" is required.');
+    }
+    if(!purpose) {
+      throw new TypeError('"options.purpose" is required.');
+    }
+
+    if(documentLoader) {
+      documentLoader = extendContextLoader(documentLoader);
+    } else {
+      documentLoader = strictDocumentLoader;
+    }
+
+    // shallow copy document to allow removal of existing proofs
+    const input = {...document};
+    delete input.proof;
+
+    // get existing proof set, if any
+    const proofSet = _getProofs({document});
+
+    // create the new document and proof
+    const newDocument = await suite.derive({
+      document: input, purpose, proofSet, documentLoader
+    });
+
+    return newDocument;
+  }
+
+  /**
    * Verifies Linked Data proof(s) on a document. The proofs to be verified
@@ -127,5 +184,9 @@ * must match the given proof purpose.
       // get proofs from document
-      const {proofSet, document: doc} = await _getProofs(
-        {document, documentLoader});
-      document = doc;
+      const proofSet = await _getProofs({document});
+      if(proofSet.length === 0) {
+        // no possible matches
+        throw new Error('No matching proofs found in the given document.');
+      }
+      // clear proofs from shallow copy
+      delete document.proof;
 
@@ -166,9 +227,3 @@ // verify proofs
   proofSet = jsonld.getValues(document, 'proof');
-  delete document.proof;
 
-  if(proofSet.length === 0) {
-    // no possible matches
-    throw new Error('No matching proofs found in the given document.');
-  }
-
   // shallow copy proofs and add document context or SECURITY_CONTEXT_URL
@@ -181,3 +236,3 @@ const context = document['@context'] || constants.SECURITY_CONTEXT_URL;
 
-  return {proofSet, document};
+  return proofSet;
 }
@@ -219,3 +274,3 @@
       const {verified, verificationMethod, error} = await suite.verifyProof(
-        {proof, document, purpose, documentLoader});
+        {proof, document, purpose, proofSet, documentLoader});
       if(!vm) {
@@ -222,0 +277,0 @@ vm = verificationMethod;

lib/suites/LinkedDataProof.js

 /*!
- * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
+ * Copyright (c) 2018-2023 Digital Bazaar, Inc. All rights reserved.
  */
@@ -18,2 +18,3 @@ 'use strict';
    * @param {ProofPurpose} options.purpose - The proof purpose instance.
+   * @param {Array} options.proofSet - Any existing proof set.
    * @param {function} options.documentLoader - The document loader to use.
@@ -25,3 +26,3 @@ * @param {function} options.expansionMap - NOT SUPPORTED; do not use.
   async createProof({
-    /* document, purpose, documentLoader, expansionMap */
+    /* document, purpose, proofSet, documentLoader, expansionMap */
   }) {
@@ -33,5 +34,23 @@ throw new Error('"createProof" must be implemented in a derived class.');
    * @param {object} options - The options to use.
+   * @param {object} options.document - The document from which to derive
+   *   a new document and proof.
+   * @param {ProofPurpose} options.purpose - The proof purpose instance.
+   * @param {Array} options.proofSet - Any existing proof set.
+   * @param {function} options.documentLoader - The document loader to use.
+   *
+   * @returns {Promise<object>} Resolves with the new document with a new
+   *   `proof` field.
+   */
+  async derive({
+    /* document, purpose, proofSet, documentLoader */
+  }) {
+    throw new Error('"deriveProof" must be implemented in a derived class.');
+  }
+
+  /**
+   * @param {object} options - The options to use.
    * @param {object} options.proof - The proof to be verified.
    * @param {object} options.document - The document the proof applies to.
    * @param {ProofPurpose} options.purpose - The proof purpose instance.
+   * @param {Array} options.proofSet - Any existing proof set.
    * @param {function} options.documentLoader - The document loader to use.
@@ -43,3 +62,3 @@ * @param {function} options.expansionMap - NOT SUPPORTED; do not use.
   async verifyProof({
-    /* proof, document, purpose, documentLoader, expansionMap */
+    /* proof, document, purpose, proofSet, documentLoader, expansionMap */
   }) {
@@ -46,0 +65,0 @@ throw new Error('"verifyProof" must be implemented in a derived class.');

lib/suites/LinkedDataSignature.js

@@ -92,2 +92,3 @@ /*!
    * @param {ProofPurpose} options.purpose - The proof purpose instance.
+   * @param {Array} options.proofSet - Any existing proof set.
    * @param {function} options.documentLoader - The document loader to use.
@@ -98,3 +99,5 @@ * @param {function} options.expansionMap - NOT SUPPORTED; do not use.
    */
-  async createProof({document, purpose, documentLoader, expansionMap}) {
+  async createProof({
+    document, purpose, proofSet, documentLoader, expansionMap
+  }) {
     if(expansionMap) {
@@ -136,3 +139,4 @@ throw new Error('"expansionMap" not supported.');
     // add any extensions to proof (mostly for legacy support)
-    proof = await this.updateProof({document, proof, purpose, documentLoader});
+    proof = await this.updateProof(
+      {document, proof, proofSet, purpose, documentLoader});
 
@@ -147,3 +151,3 @@ // allow purpose to update the proof; the `proof` is in the
     const verifyData = await this.createVerifyData(
-      {document, proof, documentLoader});
+      {document, proof, proofSet, documentLoader});
 
@@ -159,2 +163,3 @@ // sign data
    * @param {object} options.proof - The proof to be updated.
+   * @param {Array} options.proofSet - Any existing proof set.
    * @param {function} options.expansionMap - NOT SUPPORTED; do not use.
@@ -177,2 +182,3 @@ *
    * @param {ProofPurpose} options.purpose - The proof purpose instance.
+   * @param {Array} options.proofSet - Any existing proof set.
    * @param {function} options.documentLoader - The document loader to use.
@@ -183,3 +189,3 @@ * @param {function} options.expansionMap - NOT SUPPORTED; do not use.
    */
-  async verifyProof({proof, document, documentLoader, expansionMap}) {
+  async verifyProof({proof, document, proofSet, documentLoader, expansionMap}) {
     if(expansionMap) {
@@ -192,3 +198,3 @@ throw new Error('"expansionMap" not supported.');
       const verifyData = await this.createVerifyData(
-        {document, proof, documentLoader, expansionMap});
+        {document, proof, proofSet, documentLoader, expansionMap});
 
@@ -257,2 +263,3 @@ // fetch verification method
    * @param {object} options.proof - The proof to be verified.
+   * @param {Array} options.proofSet - Any existing proof set.
    * @param {function} options.documentLoader - The document loader to use.
@@ -296,2 +303,16 @@ * @param {function} options.expansionMap - NOT SUPPORTED; do not use.
   /**
+   * @param verifyData {Uint8Array}.
+   * @param document {object} document from which to derive a new document
+   *   and proof.
+   * @param proof {object}
+   * @param proofSet {Array}
+   * @param documentLoader {function}
+   *
+   * @returns {Promise<{object}>} The new document with `proof`.
+   */
+  async derive() {
+    throw new Error('Must be implemented by a derived class.');
+  }
+
+  /**
    * @param document {object} to be signed.
@@ -298,0 +319,0 @@ * @param proof {object}

package.json

 {
   "name": "jsonld-signatures",
-  "version": "11.1.0",
+  "version": "11.2.0",
   "description": "An implementation of the Linked Data Signatures specifications for JSON-LD in JavaScript.",
@@ -31,4 +31,4 @@ "homepage": "https://github.com/digitalbazaar/jsonld-signatures",
   "dependencies": {
+    "@digitalbazaar/security-context": "^1.0.0",
     "jsonld": "^8.0.0",
-    "security-context": "^4.0.0",
     "serialize-error": "^8.1.0"
@@ -35,0 +35,0 @@ },

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

67461

increased by9%

Lines of code

1526

increased by10.42%

Dependency changes

• + Added@digitalbazaar/security-context@^1.0.0

• + Added@digitalbazaar/security-context@1.0.1(transitive)

• - Removedsecurity-context@^4.0.0

• - Removedsecurity-context@4.0.0(transitive)