feat: enveloping proof

packages/cli/default/agent.template.yml

@@ -18,6 +18,7 @@ constants:
     - keyManagerSharedSecret
     - keyManagerSignJWT
     - keyManagerSignEthTX
+    - keyManagerSignJOSE
     - didManagerGetProviders
     - didManagerFind
     - didManagerGet
@@ -175,9 +176,9 @@ server:
 
     # DID Documents
     - - $require: '@vckit/remote-server?t=function#WebDidDocRouter'
-        $args:
-          - keyMapping:
-              Ed25519: JsonWebKey2020 # Ed25519VerificationKey2020 | JsonWebKey2020
+        # $args:
+        #   - keyMapping:
+        #       Ed25519: # Ed25519VerificationKey2020 # JsonWebKey2020 # JsonWebKey
 
     # VC API v1
     - - /v1

packages/cli/default/client.yml

@@ -22,6 +22,7 @@ agent:
                 - keyManagerSharedSecret
                 - keyManagerSignJWT
                 - keyManagerSignEthTX
+                - keyManagerSignJOSE
                 - didManagerGetProviders
                 - didManagerFind
                 - didManagerGet

packages/cli/default/default-dev.yml

@@ -19,6 +19,7 @@ constants:
     - keyManagerSharedSecret
     - keyManagerSignJWT
     - keyManagerSignEthTX
+    - keyManagerSignJOSE
     - didManagerGetProviders
     - didManagerFind
     - didManagerGet
@@ -149,9 +150,9 @@ server:
 
     # DID Documents
     - - $require: '@vckit/remote-server?t=function#WebDidDocRouter'
-        $args:
-          - keyMapping:
-              Ed25519: JsonWebKey2020 # Ed25519VerificationKey2020 | JsonWebKey2020
+        # $args:
+        #   - keyMapping:
+        #       Ed25519: JsonWebKey # Ed25519VerificationKey2020 # JsonWebKey2020 # JsonWebKey
 
     # VC API v1
     - - /v1

packages/cli/default/default.yml

@@ -19,6 +19,7 @@ constants:
     - keyManagerSharedSecret
     - keyManagerSignJWT
     - keyManagerSignEthTX
+    - keyManagerSignJOSE
     - didManagerGetProviders
     - didManagerFind
     - didManagerGet
@@ -149,9 +150,9 @@ server:
 
     # DID Documents
     - - $require: '@vckit/remote-server?t=function#WebDidDocRouter'
-        $args:
-          - keyMapping:
-              Ed25519: JsonWebKey2020 # Ed25519VerificationKey2020 | JsonWebKey2020
+        # $args:
+        #   - keyMapping:
+        #       Ed25519:  #JsonWebKey2020 # Ed25519VerificationKey2020 # JsonWebKey
 
     # VC API v1
     - - /v1
@@ -365,6 +366,7 @@ credentialIssuerLD:
         # - $require: '@veramo/credential-ld#VeramoEd25519Signature2020'
         - $require: '@veramo/credential-ld#VeramoJsonWebSignature2020'
         # - $require: '@veramo/credential-ld#VeramoEcdsaSecp256k1RecoverySignature2020'
+
       contextMaps:
         # The LdDefaultContext is a "catch-all" for now.
         - $require: '@veramo/credential-ld?t=object#LdDefaultContexts'

packages/cli/package.json

@@ -49,10 +49,10 @@
     "@vckit/remote-server": "workspace:1.0.0-beta.7",
     "@vckit/renderer": "workspace:1.0.0-beta.7",
     "@vckit/revocationlist": "workspace:^",
+    "@vckit/tools": "workspace:^",
     "@vckit/utils": "workspace:^",
     "@vckit/vc-api": "workspace:1.0.0-beta.7",
-    "@vckit/tools": "workspace:^",
-    "@veramo/core": "5.5.3",
+    "@veramo/core": "link:../../.tmp_npm/veramo/packages/core",
     "@veramo/credential-eip712": "5.5.3",
     "@veramo/credential-ld": "link:../../.tmp_npm/veramo/packages/credential-ld",
     "@veramo/credential-status": "link:../../.tmp_npm/veramo/packages/credential-status",
@@ -67,10 +67,10 @@
     "@veramo/did-provider-pkh": "5.5.3",
     "@veramo/did-provider-web": "5.5.3",
     "@veramo/did-resolver": "5.5.3",
-    "@veramo/key-manager": "5.5.3",
-    "@veramo/kms-local": "5.5.3",
+    "@veramo/key-manager": "link:../../.tmp_npm/veramo/packages/key-manager",
+    "@veramo/kms-local": "link:../../.tmp_npm/veramo/packages/kms-local",
     "@veramo/message-handler": "5.5.3",
-    "@veramo/remote-client": "5.5.3",
+    "@veramo/remote-client": "link:../../.tmp_npm/veramo/packages/remote-client",
     "@veramo/selective-disclosure": "5.5.3",
     "@veramo/url-handler": "5.5.3",
     "@veramo/utils": "5.5.3",

packages/core-types/src/plugin.schema.json

@@ -861,6 +861,24 @@
           ],
           "description": "Input arguments for  {@link IKeyManager.keyManagerSignEthTX | keyManagerSignEthTX }"
         },
+        "IKeyManagerSignJOSE": {
+          "type": "object",
+          "properties": {
+            "kid": {
+              "type": "string",
+              "description": "Key ID"
+            },
+            "data": {
+              "type": "string",
+              "description": "Data to sign"
+            }
+          },
+          "required": [
+            "kid",
+            "data"
+          ],
+          "description": "Input arguments for  {@link IKeyManager.IKeyManagerSignJOSE | IKeyManagerSignJOSE }"
+        },
         "IKeyManagerSignJWTArgs": {
           "type": "object",
           "properties": {
@@ -1021,6 +1039,15 @@
             "type": "string"
           }
         },
+        "keyManagerSignJOSE": {
+          "description": "Signs JOSE object",
+          "arguments": {
+            "$ref": "#/components/schemas/IKeyManagerSignJOSE"
+          },
+          "returnType": {
+            "type": "string"
+          }
+        },
         "keyManagerSignJWT": {
           "description": "Signs JWT",
           "arguments": {
@@ -4338,7 +4365,8 @@
             "lds",
             "EthereumEip712Signature2021",
             "OpenAttestationMerkleProofSignature2018",
-            "MerkleDisclosureProof2021"
+            "MerkleDisclosureProof2021",
+            "EnvelopingProofJose"
           ],
           "description": "The type of encoding to be used for the Verifiable Credential or Presentation to be generated.\n\nOnly `jwt` , `lds` and `OpenAttestationMerkleProofSignature2018` are supported at the moment."
         },
@@ -5095,7 +5123,8 @@
             "lds",
             "EthereumEip712Signature2021",
             "OpenAttestationMerkleProofSignature2018",
-            "MerkleDisclosureProof2021"
+            "MerkleDisclosureProof2021",
+            "EnvelopingProofJose"
           ],
           "description": "The type of encoding to be used for the Verifiable Credential or Presentation to be generated.\n\nOnly `jwt` , `lds` and `OpenAttestationMerkleProofSignature2018` are supported at the moment."
         },
@@ -6596,7 +6625,8 @@
             "lds",
             "EthereumEip712Signature2021",
             "OpenAttestationMerkleProofSignature2018",
-            "MerkleDisclosureProof2021"
+            "MerkleDisclosureProof2021",
+            "EnvelopingProofJose"
           ],
           "description": "The type of encoding to be used for the Verifiable Credential or Presentation to be generated.\n\nOnly `jwt` , `lds` and `OpenAttestationMerkleProofSignature2018` are supported at the moment."
         },

packages/core-types/src/types/ICredentialIssuer.ts

@@ -22,7 +22,8 @@ export type ProofFormat =
   | 'lds'
   | 'EthereumEip712Signature2021'
   | 'OpenAttestationMerkleProofSignature2018'
-  | 'MerkleDisclosureProof2021';
+  | 'MerkleDisclosureProof2021'
+  | 'EnvelopingProofJose';
 
 /**
  * Encapsulates the parameters required to create a

packages/core-types/src/types/IKeyManager.ts

@@ -188,6 +188,22 @@ export interface IKeyManagerSignEthTXArgs {
   transaction: object;
 }
 
+/**
+ * Input arguments for {@link IKeyManager.IKeyManagerSignJOSE | IKeyManagerSignJOSE}
+ * @public
+ */
+export interface IKeyManagerSignJOSE {
+  /**
+   * Key ID
+   */
+  kid: string;
+
+  /**
+   * Data to sign
+   */
+  data: string;
+}
+
 /**
  * Key manager interface.
  *
@@ -267,4 +283,7 @@ export interface IKeyManager extends IPluginMethodMap {
 
   /** Signs Ethereum transaction */
   keyManagerSignEthTX(args: IKeyManagerSignEthTXArgs): Promise<string>;
+
+  /** Signs JOSE object */
+  keyManagerSignJOSE(args: IKeyManagerSignJOSE): Promise<string>;
 }

packages/credential-router/__tests__/action-handler.test.ts

@@ -7,6 +7,7 @@ import {
 
 import { CredentialRouter } from '../src/action-handler';
 import {
+  ENVELOPING_PROOF_JOSE,
   RAW_CREDENTIAL,
   SIGNED_WRAPPED_DOCUMENT_JWT,
   SIGNED_WRAPPED_DOCUMENT_MERKLE_DISCLOSURE,
@@ -91,6 +92,54 @@ describe('CredentialRouter', () => {
       expect(result).toEqual(SIGNED_WRAPPED_DOCUMENT_JWT);
     });
 
+    it('should call createVerifiableCredential function when proofFormat is EnvelopingProofJose', async () => {
+      const mockIssuerAgentContext = {
+        agent: {
+          createVerifiableCredential: jest
+            .fn()
+            .mockReturnValue(ENVELOPING_PROOF_JOSE),
+        },
+      } as unknown as IssuerAgentContext;
+
+      const credentialPlugin = new CredentialRouter();
+      const args: ICreateVerifiableCredentialArgs = {
+        credential: RAW_CREDENTIAL,
+        proofFormat: 'EnvelopingProofJose',
+      };
+
+      const result = await credentialPlugin.routeCreationVerifiableCredential(
+        args,
+        mockIssuerAgentContext,
+      );
+
+      expect(result).not.toBeNull();
+      expect(result).toEqual(ENVELOPING_PROOF_JOSE);
+    });
+
+    it('should throw error when create a credential router with proofFormat is EnvelopingProofJose', async () => {
+      const mockIssuerAgentContext = {
+        agent: {
+          createVerifiableCredential: jest
+            .fn()
+            .mockReturnValue(ENVELOPING_PROOF_JOSE),
+        },
+      } as unknown as IssuerAgentContext;
+
+      const credentialPlugin = new CredentialRouter();
+      const args: ICreateVerifiableCredentialArgs = {
+        credential: RAW_CREDENTIAL,
+        proofFormat: 'EnvelopingProofJose',
+      };
+
+      const result = await credentialPlugin.routeCreationVerifiableCredential(
+        args,
+        mockIssuerAgentContext,
+      );
+
+      expect(result).not.toBeNull();
+      expect(result).toEqual(ENVELOPING_PROOF_JOSE);
+    });
+
     it(`should throw error when create a credential router with proofFormat is OpenAttestationMerkleProofSignature2018`, async () => {
       const mockIssuerAgentContext = {
         agent: {
@@ -159,6 +208,29 @@ describe('CredentialRouter', () => {
         'invalid_setup: your agent does not seem to have CredentialW3c plugin installed',
       );
     });
+
+    it(`should throw error when create a credential router with proofFormat is EnvelopingProofJose`, async () => {
+      const mockIssuerAgentContext = {
+        agent: {
+          createVerifiableCredential: undefined,
+        },
+      } as unknown as IssuerAgentContext;
+
+      const credentialPlugin = new CredentialRouter();
+      const args: ICreateVerifiableCredentialArgs = {
+        credential: RAW_CREDENTIAL,
+        proofFormat: 'EnvelopingProofJose',
+      };
+
+      await expect(
+        credentialPlugin.routeCreationVerifiableCredential(
+          args,
+          mockIssuerAgentContext,
+        ),
+      ).rejects.toThrow(
+        'invalid_setup: your agent does not seem to have CredentialW3c plugin installed',
+      );
+    });
   });
 
   describe('routeVerifyCredential', () => {

packages/credential-router/__tests__/mocks/constants.ts

@@ -98,3 +98,6 @@ export const SIGNED_WRAPPED_DOCUMENT_JWT = {
   ...RAW_CREDENTIAL,
   ...JWT_PROOF,
 };
+
+export const ENVELOPING_PROOF_JOSE =
+  'eyJhbGciOiJFZERTQSIsImlzcyI6ImRpZDp3ZWI6N2Y1Mi0yNDAyLTgwMC02MzE1LWZlYjQtZDVlOC0xMzg3LTc2ODUtZThhNi5uZ3Jvay1mcmVlLmFwcCIsInR5cCI6InZjLWxkK2p3dCJ9.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwOi8vdW5pdmVyc2l0eS5leGFtcGxlL2NyZWRlbnRpYWxzLzE4NzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRXhhbXBsZUFsdW1uaUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjo3ZjUyLTI0MDItODAwLTYzMTUtZmViNC1kNWU4LTEzODctNzY4NS1lOGE2Lm5ncm9rLWZyZWUuYXBwIiwidmFsaWRGcm9tIjoiMjAxMC0wMS0wMVQxOToyMzoyNFoiLCJjcmVkZW50aWFsU2NoZW1hIjp7ImlkIjoiaHR0cHM6Ly9leGFtcGxlLm9yZy9leGFtcGxlcy9kZWdyZWUuanNvbiIsInR5cGUiOiJKc29uU2NoZW1hIn0sImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmV4YW1wbGU6MTIzIiwiZGVncmVlIjp7InR5cGUiOiJCYWNoZWxvckRlZ3JlZSIsIm5hbWUiOiJCYWNoZWxvciBvZiBTY2llbmNlIGFuZCBBcnRzIn19LCJjcmVkZW50aWFsU3RhdHVzIjp7ImlkIjoiaHR0cDovL2xvY2FsaG9zdDozMzMyL2NyZWRlbnRpYWxzL3N0YXR1cy9iaXRzdHJpbmctc3RhdHVzLWxpc3QvNCMyIiwidHlwZSI6IkJpdHN0cmluZ1N0YXR1c0xpc3RFbnRyeSIsInN0YXR1c1B1cnBvc2UiOiJyZXZvY2F0aW9uIiwic3RhdHVzTGlzdEluZGV4IjoiMCIsInN0YXR1c0xpc3RDcmVkZW50aWFsIjoiaHR0cDovL2xvY2FsaG9zdDozMzMyL2NyZWRlbnRpYWxzL3N0YXR1cy9iaXRzdHJpbmctc3RhdHVzLWxpc3QvNCJ9LCJpc3N1YW5jZURhdGUiOiIyMDI0LTA3LTMwVDA4OjQ5OjI3LjA1MloifQ.mLTspyqHvcQ7IJuoQ5C7Hr5U4DNAPRJ7_G6GD1XhXZWj7s613lJZ6uAniKqHm6OQur3BKLn5-995Qf_iVkK5CQ';