From f25c5932398367dd0c3eab9dcaeacaabf9c5db97 Mon Sep 17 00:00:00 2001
From: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Fri, 24 May 2024 12:38:12 +0200
Subject: [PATCH] Add ZK BBS+-based selectively disclosable credentials (JPT)
(#1355)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* Support BBS+ and JWP (#1285)
* merge main
* Wasm bindings for Jpt credentials
* JPT presentation bindings
* docs
* jsonprooftoken payloads
* Refactor `RevocationTimeframeStatus` to align with other setups (#1340)
* refactor `RevocationTimeframeStatus` to other setups
* fix smaller typos
* binding coverage for jsonprooftoken
* Use latest releases of zkryptium/json-proof-token and add new BLS key representation (#1339)
* update zkryptium/json-proof-token deps and new BLS key representation
* minor fix
* Use zkryptium for cryptographic operations inside Memstore (#1351)
* update zkryptium/json-proof-token deps and new BLS key representation
* minor fix
* use zkryptium for crypto operations and JPT for serialization
* fix format
* Feat/jpt bbs+ sd stronghold impl (#1354)
* Implement JwkStorageExt for StrongholdStorage
* reorganize code
* persist changes to stronghold when creating bbs+ keypair, clippy, fmt
* feature gate
* zkp wasm example
* zkp_revocation wasm example
* wasm bindings
* fix docs
* rename JwkStorageExt to JwkStorageBbsPlusExt
* JwkStorageBbsPlusExt impl refactor for Stronghold, MemStore, WasmStore
* Squashed commit of the following:
commit 30c9bf2458fd2e202e7ace71c693e08a3bac8d9c
Author: Foorack / Max Faxälv
Date: Tue Apr 2 10:32:48 2024 +0200
inherit `repository` in identity_verification (#1348)
commit 1e9c9a31257a0f430cb9acd22d2911e949137453
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed Mar 27 15:35:29 2024 +0100
Release wasm-v1.2.0 (#1345)
commit 84a630dbf82376d7b6abac8acedfa99acc47bd60
Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed Mar 27 15:32:19 2024 +0100
Release v1.2.0 (#1347)
commit 1aba4b5fb575936dd59ac6fb6be0e29b866a5a51
Author: Eike Haß
Date: Wed Mar 27 13:13:27 2024 +0100
removed dev_dep version
commit 0352b840f0ef0b8f57b343151b9d6ee08c716f74
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Wed Mar 27 10:44:43 2024 +0100
Support %-encoded characters in DID method id (#1303)
commit e68538f95787a73ec9ae3d8fdf0746b61c6910db
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Tue Mar 26 11:58:35 2024 +0100
gRPC bindings (#1264)
commit e53561e3b8dabc9ec80653d21c459d8f0205ad40
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Tue Mar 26 11:18:14 2024 +0100
allow large result err variants (#1342)
commit 4a144a36990f3318e869c9192356a7ec06f10d54
Author: Eike Haß
Date: Tue Mar 19 09:51:52 2024 +0100
fix readme links (#1336)
commit 0af29fc8a630c0c698bc745f9434fab69320aa74
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Mon Mar 18 17:16:57 2024 +0100
Feat/custom verification method (#1334)
* Add support for arbitrary (custom) verification method data
* wasm bindings
* custom method type + wasm
* workaround serde's issue
* Update bindings/wasm/src/verification/wasm_method_data.rs
Co-authored-by: Abdulrahim Al Methiab <31316147+abdulmth@users.noreply.github.com>
* review comments
* fmt
* review comment
---------
Co-authored-by: Abdulrahim Al Methiab <31316147+abdulmth@users.noreply.github.com>
commit edb91501e9ec933471ea4ff9b416e19273c02082
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Tue Mar 12 14:45:04 2024 +0100
use latest release of sd-jwt-payload (#1333)
* use latest release of sd-jwt-payload
* make clippy happy
commit 0794379be3c18894745e5acad09488bdb3c773c6
Author: Abdulrahim Al Methiab <31316147+abdulmth@users.noreply.github.com>
Date: Wed Mar 6 14:16:00 2024 +0100
Wasm bindings for `BlockChainAccountId` verification method. (#1326)
commit 59d38f77e8460c1b5da55d751eec0cb88f315d9d
Author: Abdulrahim Al Methiab <31316147+abdulmth@users.noreply.github.com>
Date: Wed Mar 6 10:56:23 2024 +0100
Add constructor for VerificationMethod in TS (#1321)
* clippy
* fmt
* add stronghold bbs+ tests
* review comments
* add license header
* fix wasm bindings
* Persist Stronghold's changes only when its handle is dropped
* Fix StrongholdStorage::get_public_key
* rename stronghold_jwk_storage_ext
* Add inx-faucet profile in CI
* change stronghold crate's structure, revert persist changes on drop
* review comments
* Update identity_credential/src/presentation/jwp_presentation_builder.rs
Co-authored-by: wulfraem
* fix wasm bindings
* expose stronghold's key types
* revert last commit
* Add "Fondazione Links" to license header
* Squashed commit of the following:
commit 9abdb3868d76ccb39da2145346e201640448870a
Author: Sven
Date: Tue May 14 09:16:09 2024 +0200
Add EcDSA verifier (#1353)
* add ecdsa verifier
* add identity_ecdsa_verifier to workspace, add license headers
* Update identity_ecdsa_verifier/Cargo.toml
Co-authored-by: wulfraem
* Update identity_ecdsa_verifier/src/secp256k1.rs
Co-authored-by: wulfraem
* Update identity_ecdsa_verifier/Cargo.toml
Co-authored-by: wulfraem
* Update identity_ecdsa_verifier/src/secp256k1.rs
Co-authored-by: wulfraem
* Update identity_ecdsa_verifier/src/secp256r1.rs
Co-authored-by: wulfraem
* add feedback
* add OpenSSL installation to windows runner in CI
* update license headers and authors for ecdsa verifier
* update license template to allow multiple contributors
---------
Co-authored-by: Sebastian Wolfram
commit 149bfac98e8d9d8ca3d890e413291e384447c62b
Author: wulfraem
Date: Mon May 13 10:44:09 2024 +0200
Fix findings after clippy update (#1365)
* fix clippy findings
* fix formatting
* refactor .clone_into calls into .to_string
* fix previous edit
* disable empty_docs for wasm binding for now
* fix missing newline
* disable self update from rust setup in ci for now
* update self update skip to skip only for windows build
commit 51aedd51be086e333744b020e867c0348833a083
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Tue Apr 30 16:16:36 2024 +0200
Use STRONGHOLD_PWD_FILE env variable to pass stronghold's password (#1363)
commit edec26c18782ad75a20ca6bebd7c66959eadb91d
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Tue Apr 30 15:40:55 2024 +0200
Arbitrary data signing service (#1350)
commit f59e75a57df05971aef00549c8880b83c6600f2b
Author: Eike Haß
Date: Tue Apr 30 15:34:40 2024 +0200
Fix dockerhub workflow (#1343)
commit 993cfec8a698f668f2891f46e6c94f2584c50c05
Author: Enrico Marconi <31142849+UMR1352@users.noreply.github.com>
Date: Fri Apr 26 13:39:29 2024 +0200
add inx-faucet profile (#1356)
* update stronghold and sdk
---------
Co-authored-by: Alberto Solavagione
Co-authored-by: wulfraem
---
Cargo.toml | 2 +
bindings/grpc/Cargo.toml | 2 +-
bindings/wasm/Cargo.toml | 4 +-
bindings/wasm/docs/api-reference.md | 1664 +++++++++++++++--
.../wasm/examples/src/1_advanced/8_zkp.ts | 226 +++
.../src/1_advanced/9_zkp_revocation.ts | 281 +++
bindings/wasm/examples/src/main.ts | 6 +
bindings/wasm/examples/src/tests/8_zkp.ts | 8 +
.../examples/src/tests/9_zkp_revocation.ts | 8 +
bindings/wasm/lib/jwk_storage.ts | 23 +-
bindings/wasm/package.json | 5 +-
bindings/wasm/src/common/types.rs | 6 +
bindings/wasm/src/credential/jpt.rs | 45 +
.../decoded_jpt_credential.rs | 52 +
.../jpt_credential_validation_options.rs | 80 +
.../jpt_credential_validator.rs | 33 +
.../jpt_credential_validator_utils.rs | 102 +
.../jwp_credential_options.rs | 49 +
.../jwp_verification_options.rs | 48 +
.../jpt_credential_validator/mod.rs | 16 +
.../decoded_jpt_presentation.rs | 51 +
.../jpt_presentation_validation_options.rs | 64 +
.../jpt_presentation_validator.rs | 41 +
.../jpt_presentation_validator_utils.rs | 44 +
.../jwp_presentation_options.rs | 37 +
.../jpt_presentiation_validation/mod.rs | 14 +
bindings/wasm/src/credential/mod.rs | 6 +
.../wasm/src/credential/revocation/mod.rs | 1 +
.../revocation/validity_timeframe_2024/mod.rs | 6 +
.../validity_timeframe_2024/status.rs | 75 +
bindings/wasm/src/did/wasm_core_document.rs | 3 +
bindings/wasm/src/error.rs | 2 +
bindings/wasm/src/iota/iota_document.rs | 143 +-
bindings/wasm/src/jpt/encoding.rs | 29 +
.../wasm/src/jpt/issuer_protected_header.rs | 52 +
bindings/wasm/src/jpt/jpt_claims.rs | 31 +
bindings/wasm/src/jpt/jwp_issued.rs | 50 +
.../wasm/src/jpt/jwp_presentation_builder.rs | 83 +
bindings/wasm/src/jpt/mod.rs | 20 +
bindings/wasm/src/jpt/payload.rs | 151 ++
.../src/jpt/presentation_protected_header.rs | 86 +
bindings/wasm/src/jpt/proof_algorithm.rs | 52 +
bindings/wasm/src/lib.rs | 1 +
.../storage/jpt_timeframe_revocation_ext.rs | 69 +
bindings/wasm/src/storage/jwk_storage.rs | 3 +
.../src/storage/jwk_storage_bbs_plus_ext.rs | 132 ++
bindings/wasm/src/storage/mod.rs | 3 +
examples/0_basic/7_revoke_vc.rs | 2 +
examples/1_advanced/10_zkp_revocation.rs | 534 ++++++
examples/1_advanced/9_zkp.rs | 260 +++
examples/Cargo.toml | 13 +-
identity_credential/Cargo.toml | 10 +-
.../src/credential/credential.rs | 12 +
identity_credential/src/credential/jpt.rs | 33 +
.../src/credential/jwp_credential_options.rs | 28 +
.../src/credential/jwt_serialization.rs | 53 +
identity_credential/src/credential/mod.rs | 10 +
.../credential/revocation_bitmap_status.rs | 2 +-
identity_credential/src/error.rs | 8 +
.../presentation/jwp_presentation_builder.rs | 124 ++
.../presentation/jwp_presentation_options.rs | 33 +
identity_credential/src/presentation/mod.rs | 8 +
identity_credential/src/revocation/mod.rs | 5 +
.../revocation/validity_timeframe_2024/mod.rs | 8 +
.../revocation_timeframe_status.rs | 220 +++
.../decoded_jpt_credential.rs | 19 +
.../jpt_credential_validation_options.rs | 87 +
.../jpt_credential_validator.rs | 225 +++
.../jpt_credential_validator_utils.rs | 242 +++
.../jpt_credential_validation/mod.rs | 12 +
.../decoded_jpt_presentation.rs | 22 +
.../jpt_presentation_validation_options.rs | 40 +
.../jpt_presentation_validator.rs | 226 +++
.../jpt_presentation_validator_utils.rs | 99 +
.../jpt_presentation_validation/mod.rs | 12 +
.../jwt_credential_validation/error.rs | 12 +
identity_credential/src/validator/mod.rs | 8 +
.../src/document/core_document.rs | 2 +-
.../verifiable/jwp_verification_options.rs | 36 +
identity_document/src/verifiable/mod.rs | 2 +
identity_iota/Cargo.toml | 5 +-
identity_iota/src/lib.rs | 17 +-
identity_iota_core/Cargo.toml | 2 +-
identity_jose/Cargo.toml | 1 +
identity_jose/src/jwk/curve/bls.rs | 43 +
identity_jose/src/jwk/curve/mod.rs | 2 +
identity_jose/src/jwk/jwk_ext.rs | 162 ++
identity_jose/src/jwk/key_operation.rs | 8 +
identity_jose/src/jwk/key_params.rs | 13 +
identity_jose/src/jwk/key_use.rs | 4 +
identity_jose/src/jwk/mod.rs | 1 +
identity_resolver/Cargo.toml | 2 +-
identity_storage/Cargo.toml | 7 +-
identity_storage/src/key_storage/bls.rs | 203 ++
.../key_storage/jwk_storage_bbs_plus_ext.rs | 40 +
.../src/key_storage/key_storage_error.rs | 4 +
identity_storage/src/key_storage/memstore.rs | 155 +-
identity_storage/src/key_storage/mod.rs | 26 +-
identity_storage/src/lib.rs | 2 +-
identity_storage/src/storage/error.rs | 10 +
.../src/storage/jwk_document_ext.rs | 26 +-
.../src/storage/jwp_document_ext.rs | 362 ++++
identity_storage/src/storage/mod.rs | 11 +
.../src/storage/timeframe_revocation_ext.rs | 198 ++
identity_stronghold/Cargo.toml | 11 +-
identity_stronghold/src/lib.rs | 8 +-
identity_stronghold/src/storage/mod.rs | 163 ++
.../{ => storage}/stronghold_jwk_storage.rs | 224 +--
.../stronghold_jwk_storage_bbs_plus_ext.rs | 174 ++
.../src/{ => storage}/stronghold_key_id.rs | 2 +-
.../src/stronghold_key_type.rs | 109 ++
identity_stronghold/src/tests/mod.rs | 1 +
identity_stronghold/src/tests/test_bbs_ext.rs | 93 +
.../src/tests/test_jwk_storage.rs | 5 +-
identity_stronghold/src/utils.rs | 87 +
115 files changed, 8084 insertions(+), 413 deletions(-)
create mode 100644 bindings/wasm/examples/src/1_advanced/8_zkp.ts
create mode 100644 bindings/wasm/examples/src/1_advanced/9_zkp_revocation.ts
create mode 100644 bindings/wasm/examples/src/tests/8_zkp.ts
create mode 100644 bindings/wasm/examples/src/tests/9_zkp_revocation.ts
create mode 100644 bindings/wasm/src/credential/jpt.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/decoded_jpt_credential.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/jpt_credential_validation_options.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/jpt_credential_validator.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/jpt_credential_validator_utils.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/jwp_credential_options.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/jwp_verification_options.rs
create mode 100644 bindings/wasm/src/credential/jpt_credential_validator/mod.rs
create mode 100644 bindings/wasm/src/credential/jpt_presentiation_validation/decoded_jpt_presentation.rs
create mode 100644 bindings/wasm/src/credential/jpt_presentiation_validation/jpt_presentation_validation_options.rs
create mode 100644 bindings/wasm/src/credential/jpt_presentiation_validation/jpt_presentation_validator.rs
create mode 100644 bindings/wasm/src/credential/jpt_presentiation_validation/jpt_presentation_validator_utils.rs
create mode 100644 bindings/wasm/src/credential/jpt_presentiation_validation/jwp_presentation_options.rs
create mode 100644 bindings/wasm/src/credential/jpt_presentiation_validation/mod.rs
create mode 100644 bindings/wasm/src/credential/revocation/validity_timeframe_2024/mod.rs
create mode 100644 bindings/wasm/src/credential/revocation/validity_timeframe_2024/status.rs
create mode 100644 bindings/wasm/src/jpt/encoding.rs
create mode 100644 bindings/wasm/src/jpt/issuer_protected_header.rs
create mode 100644 bindings/wasm/src/jpt/jpt_claims.rs
create mode 100644 bindings/wasm/src/jpt/jwp_issued.rs
create mode 100644 bindings/wasm/src/jpt/jwp_presentation_builder.rs
create mode 100644 bindings/wasm/src/jpt/mod.rs
create mode 100644 bindings/wasm/src/jpt/payload.rs
create mode 100644 bindings/wasm/src/jpt/presentation_protected_header.rs
create mode 100644 bindings/wasm/src/jpt/proof_algorithm.rs
create mode 100644 bindings/wasm/src/storage/jpt_timeframe_revocation_ext.rs
create mode 100644 bindings/wasm/src/storage/jwk_storage_bbs_plus_ext.rs
create mode 100644 examples/1_advanced/10_zkp_revocation.rs
create mode 100644 examples/1_advanced/9_zkp.rs
create mode 100644 identity_credential/src/credential/jpt.rs
create mode 100644 identity_credential/src/credential/jwp_credential_options.rs
create mode 100644 identity_credential/src/presentation/jwp_presentation_builder.rs
create mode 100644 identity_credential/src/presentation/jwp_presentation_options.rs
create mode 100644 identity_credential/src/revocation/validity_timeframe_2024/mod.rs
create mode 100644 identity_credential/src/revocation/validity_timeframe_2024/revocation_timeframe_status.rs
create mode 100644 identity_credential/src/validator/jpt_credential_validation/decoded_jpt_credential.rs
create mode 100644 identity_credential/src/validator/jpt_credential_validation/jpt_credential_validation_options.rs
create mode 100644 identity_credential/src/validator/jpt_credential_validation/jpt_credential_validator.rs
create mode 100644 identity_credential/src/validator/jpt_credential_validation/jpt_credential_validator_utils.rs
create mode 100644 identity_credential/src/validator/jpt_credential_validation/mod.rs
create mode 100644 identity_credential/src/validator/jpt_presentation_validation/decoded_jpt_presentation.rs
create mode 100644 identity_credential/src/validator/jpt_presentation_validation/jpt_presentation_validation_options.rs
create mode 100644 identity_credential/src/validator/jpt_presentation_validation/jpt_presentation_validator.rs
create mode 100644 identity_credential/src/validator/jpt_presentation_validation/jpt_presentation_validator_utils.rs
create mode 100644 identity_credential/src/validator/jpt_presentation_validation/mod.rs
create mode 100644 identity_document/src/verifiable/jwp_verification_options.rs
create mode 100644 identity_jose/src/jwk/curve/bls.rs
create mode 100644 identity_jose/src/jwk/jwk_ext.rs
create mode 100644 identity_storage/src/key_storage/bls.rs
create mode 100644 identity_storage/src/key_storage/jwk_storage_bbs_plus_ext.rs
create mode 100644 identity_storage/src/storage/jwp_document_ext.rs
create mode 100644 identity_storage/src/storage/timeframe_revocation_ext.rs
create mode 100644 identity_stronghold/src/storage/mod.rs
rename identity_stronghold/src/{ => storage}/stronghold_jwk_storage.rs (50%)
create mode 100644 identity_stronghold/src/storage/stronghold_jwk_storage_bbs_plus_ext.rs
rename identity_stronghold/src/{ => storage}/stronghold_key_id.rs (98%)
create mode 100644 identity_stronghold/src/stronghold_key_type.rs
create mode 100644 identity_stronghold/src/tests/test_bbs_ext.rs
create mode 100644 identity_stronghold/src/utils.rs
diff --git a/Cargo.toml b/Cargo.toml
index 25e3491f1c..a0375aa810 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -24,6 +24,8 @@ serde = { version = "1.0", default-features = false, features = ["alloc", "deriv
thiserror = { version = "1.0", default-features = false }
strum = { version = "0.25", default-features = false, features = ["std", "derive"] }
serde_json = { version = "1.0", default-features = false }
+json-proof-token = { version = "0.3.5" }
+zkryptium = { version = "0.2.2", default-features = false, features = ["bbsplus"] }
[workspace.package]
authors = ["IOTA Stiftung"]
diff --git a/bindings/grpc/Cargo.toml b/bindings/grpc/Cargo.toml
index f594dc56d4..2b542712db 100644
--- a/bindings/grpc/Cargo.toml
+++ b/bindings/grpc/Cargo.toml
@@ -22,7 +22,7 @@ futures = { version = "0.3" }
identity_eddsa_verifier = { path = "../../identity_eddsa_verifier" }
identity_iota = { path = "../../identity_iota", features = ["resolver", "sd-jwt", "domain-linkage", "domain-linkage-fetch", "status-list-2021"] }
identity_stronghold = { path = "../../identity_stronghold", features = ["send-sync-storage"] }
-iota-sdk = { version = "1.1.2", features = ["stronghold"] }
+iota-sdk = { version = "1.1.5", features = ["stronghold"] }
openssl = { version = "0.10", features = ["vendored"] }
prost = "0.12"
rand = "0.8.5"
diff --git a/bindings/wasm/Cargo.toml b/bindings/wasm/Cargo.toml
index 259f7919a3..74bee6d945 100644
--- a/bindings/wasm/Cargo.toml
+++ b/bindings/wasm/Cargo.toml
@@ -21,6 +21,7 @@ console_error_panic_hook = { version = "0.1" }
futures = { version = "0.3" }
identity_eddsa_verifier = { path = "../../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
js-sys = { version = "0.3.61" }
+json-proof-token = "0.3.4"
proc_typescript = { version = "0.1.0", path = "./proc_typescript" }
serde = { version = "1.0", features = ["derive"] }
serde_json = { version = "1.0", default-features = false }
@@ -29,11 +30,12 @@ serde_repr = { version = "0.1", default-features = false }
tokio = { version = "1.29", default-features = false, features = ["sync"] }
wasm-bindgen = { version = "0.2.85", features = ["serde-serialize"] }
wasm-bindgen-futures = { version = "0.4", default-features = false }
+zkryptium = "0.2.2"
[dependencies.identity_iota]
path = "../../identity_iota"
default-features = false
-features = ["client", "revocation-bitmap", "resolver", "domain-linkage", "sd-jwt", "status-list-2021"]
+features = ["client", "revocation-bitmap", "resolver", "domain-linkage", "sd-jwt", "status-list-2021", "jpt-bbs-plus"]
[dev-dependencies]
rand = "0.8.5"
diff --git a/bindings/wasm/docs/api-reference.md b/bindings/wasm/docs/api-reference.md
index 2f50e4ed3d..db03dc07ec 100644
--- a/bindings/wasm/docs/api-reference.md
+++ b/bindings/wasm/docs/api-reference.md
@@ -17,6 +17,10 @@ if the object is being concurrently modified.
DIDUrl
A method agnostic DID Url.
+DecodedJptCredential
+
+DecodedJptPresentation
+
DecodedJws
A cryptographically verified decoded token from a JWS.
Contains the decoded headers and the raw claims.
@@ -67,11 +71,41 @@ if the object is being concurrently modified.
An extension interface that provides helper functions for publication
and resolution of DID documents in Alias Outputs.
+IssuerProtectedHeader
+
+Jpt
+A JSON Proof Token (JPT).
+
+JptCredentialValidationOptions
+Options to declare validation criteria for Jpt.
+
+JptCredentialValidator
+
+JptCredentialValidatorUtils
+Utility functions for validating JPT credentials.
+
+JptPresentationValidationOptions
+Options to declare validation criteria for a Jpt presentation.
+
+JptPresentationValidator
+
+JptPresentationValidatorUtils
+Utility functions for verifying JPT presentations.
+
Jwk
JwkGenOutput
The result of a key generation in JwkStorage
.
+JwpCredentialOptions
+
+JwpIssued
+
+JwpPresentationOptions
+Options to be set in the JWT claims of a verifiable presentation.
+
+JwpVerificationOptions
+
Jws
A wrapper around a JSON Web Signature (JWS).
@@ -123,8 +157,14 @@ use the methods pack
and unpack
instead.
MethodType
Supported verification method types.
+PayloadEntry
+
+Payloads
+
Presentation
+PresentationProtectedHeader
+
Proof
Represents a cryptographic proof that can be used to validate verifiable credentials and
presentations.
@@ -134,6 +174,8 @@ can be utilized to implement standards or user-defined proofs. The presence of t
Note that this proof is not related to JWT and can be used in combination or as an alternative
to it.
+ProofUpdateCtx
+
Resolver
Convenience type for resolving DID documents from different DID methods.
Also provides methods for resolving DID Documents associated with
@@ -144,6 +186,9 @@ verifiable Credentials and Pre
RevocationBitmap
A compressed bitmap for managing credential revocation.
+RevocationTimeframeStatus
+Information used to determine the current status of a Credential.
+
SdJwt
Representation of an SD-JWT of the format
<Issuer-signed JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure N>~<optional KB-JWT>
.
@@ -159,6 +204,23 @@ verifiable Credentials and Pre
with their corresponding disclosure digests.
Note: digests are created using the sha-256 algorithm.
+SelectiveDisclosurePresentation
+Used to construct a JwpPresentedBuilder and handle the selective disclosure of attributes
+
+- @context MUST NOT be blinded
+- id MUST be blinded
+- type MUST NOT be blinded
+- issuer MUST NOT be blinded
+- issuanceDate MUST be blinded (if Timeframe Revocation mechanism is used)
+- expirationDate MUST be blinded (if Timeframe Revocation mechanism is used)
+- credentialSubject (User have to choose which attribute must be blinded)
+- credentialSchema MUST NOT be blinded
+- credentialStatus MUST NOT be blinded
+- refreshService MUST NOT be blinded (probably will be used for Timeslot Revocation mechanism)
+- termsOfUse NO reason to use it in ZK VC (will be in any case blinded)
+- evidence (User have to choose which attribute must be blinded)
+
+
Service
A DID Document Service used to enable trusted interactions associated with a DID subject.
@@ -190,9 +252,31 @@ working with storage backed DID documents.
## Members
-- StatusPurpose
-Purpose of a StatusList2021.
+- PresentationProofAlgorithm
+
+- ProofAlgorithm
+
+- StatusCheck
+Controls validation behaviour when checking whether or not a credential has been revoked by its
+credentialStatus
.
+
+- Strict
+Validate the status if supported, reject any unsupported
+credentialStatus
types.
+Only RevocationBitmap2022
is currently supported.
+This is the default.
+
+- SkipUnsupported
+Validate the status if supported, skip any unsupported
+credentialStatus
types.
+
+- SkipAll
+Skip all status checks.
+- SerializationType
+
+- MethodRelationship
+
- SubjectHolderRelationship
Declares how credential subjects must relate to the presentation holder.
See also the Subject-Holder Relationship section of the specification.
@@ -207,6 +291,11 @@ This variant is the default.
- Any
The holder is not required to have any kind of relationship to any credential subject.
+- CredentialStatus
+
+- StatusPurpose
+Purpose of a StatusList2021.
+
- StateMetadataEncoding
- FailFast
@@ -218,6 +307,8 @@ This variant is the default.
- FirstError
Return after the first error occurs.
+- PayloadType
+
- MethodRelationship
- CredentialStatus
@@ -252,6 +343,9 @@ This variant is the default.
This function does not check whether alg = EdDSA
in the protected header. Callers are expected to assert this
prior to calling the function.
+- start()
+Initializes the console error panic hook for better error messages
+
- encodeB64(data) ⇒
string
Encode the given bytes in url-safe base64.
@@ -1335,6 +1429,74 @@ Deserializes an instance from a JSON object.
| --- | --- |
| json | any
|
+
+
+## DecodedJptCredential
+**Kind**: global class
+
+* [DecodedJptCredential](#DecodedJptCredential)
+ * [.clone()](#DecodedJptCredential+clone) ⇒ [DecodedJptCredential
](#DecodedJptCredential)
+ * [.credential()](#DecodedJptCredential+credential) ⇒ [Credential
](#Credential)
+ * [.customClaims()](#DecodedJptCredential+customClaims) ⇒ Map.<string, any>
+ * [.decodedJwp()](#DecodedJptCredential+decodedJwp) ⇒ [JwpIssued
](#JwpIssued)
+
+
+
+### decodedJptCredential.clone() ⇒ [DecodedJptCredential
](#DecodedJptCredential)
+Deep clones the object.
+
+**Kind**: instance method of [DecodedJptCredential
](#DecodedJptCredential)
+
+
+### decodedJptCredential.credential() ⇒ [Credential
](#Credential)
+Returns the [Credential](#Credential) embedded into this JPT.
+
+**Kind**: instance method of [DecodedJptCredential
](#DecodedJptCredential)
+
+
+### decodedJptCredential.customClaims() ⇒ Map.<string, any>
+Returns the custom claims parsed from the JPT.
+
+**Kind**: instance method of [DecodedJptCredential
](#DecodedJptCredential)
+
+
+### decodedJptCredential.decodedJwp() ⇒ [JwpIssued
](#JwpIssued)
+**Kind**: instance method of [DecodedJptCredential
](#DecodedJptCredential)
+
+
+## DecodedJptPresentation
+**Kind**: global class
+
+* [DecodedJptPresentation](#DecodedJptPresentation)
+ * [.clone()](#DecodedJptPresentation+clone) ⇒ [DecodedJptPresentation
](#DecodedJptPresentation)
+ * [.credential()](#DecodedJptPresentation+credential) ⇒ [Credential
](#Credential)
+ * [.customClaims()](#DecodedJptPresentation+customClaims) ⇒ Map.<string, any>
+ * [.aud()](#DecodedJptPresentation+aud) ⇒ string
\| undefined
+
+
+
+### decodedJptPresentation.clone() ⇒ [DecodedJptPresentation
](#DecodedJptPresentation)
+Deep clones the object.
+
+**Kind**: instance method of [DecodedJptPresentation
](#DecodedJptPresentation)
+
+
+### decodedJptPresentation.credential() ⇒ [Credential
](#Credential)
+Returns the [Credential](#Credential) embedded into this JPT.
+
+**Kind**: instance method of [DecodedJptPresentation
](#DecodedJptPresentation)
+
+
+### decodedJptPresentation.customClaims() ⇒ Map.<string, any>
+Returns the custom claims parsed from the JPT.
+
+**Kind**: instance method of [DecodedJptPresentation
](#DecodedJptPresentation)
+
+
+### decodedJptPresentation.aud() ⇒ string
\| undefined
+Returns the `aud` property parsed from the JWT claims.
+
+**Kind**: instance method of [DecodedJptPresentation
](#DecodedJptPresentation)
## DecodedJws
@@ -2058,6 +2220,11 @@ if the object is being concurrently modified.
* [.createJws(storage, fragment, payload, options)](#IotaDocument+createJws) ⇒ [Promise.<Jws>
](#Jws)
* [.createCredentialJwt(storage, fragment, credential, options, [custom_claims])](#IotaDocument+createCredentialJwt) ⇒ [Promise.<Jwt>
](#Jwt)
* [.createPresentationJwt(storage, fragment, presentation, signature_options, presentation_options)](#IotaDocument+createPresentationJwt) ⇒ [Promise.<Jwt>
](#Jwt)
+ * [.generateMethodJwp(storage, alg, fragment, scope)](#IotaDocument+generateMethodJwp) ⇒ Promise.<string>
+ * [.createIssuedJwp(storage, fragment, jpt_claims, options)](#IotaDocument+createIssuedJwp) ⇒ Promise.<string>
+ * [.createPresentedJwp(presentation, method_id, options)](#IotaDocument+createPresentedJwp) ⇒ Promise.<string>
+ * [.createCredentialJpt(credential, storage, fragment, options, [custom_claims])](#IotaDocument+createCredentialJpt) ⇒ [Promise.<Jpt>
](#Jpt)
+ * [.createPresentationJpt(presentation, method_id, options)](#IotaDocument+createPresentationJpt) ⇒ [Promise.<Jpt>
](#Jpt)
* _static_
* [.newWithId(id)](#IotaDocument.newWithId) ⇒ [IotaDocument
](#IotaDocument)
* [.unpackFromOutput(did, aliasOutput, allowEmpty)](#IotaDocument.unpackFromOutput) ⇒ [IotaDocument
](#IotaDocument)
@@ -2563,6 +2730,65 @@ private key backed by the `storage` in accordance with the passed `options`.
| signature_options | [JwsSignatureOptions
](#JwsSignatureOptions) |
| presentation_options | [JwtPresentationOptions
](#JwtPresentationOptions) |
+
+
+### iotaDocument.generateMethodJwp(storage, alg, fragment, scope) ⇒ Promise.<string>
+**Kind**: instance method of [IotaDocument
](#IotaDocument)
+
+| Param | Type |
+| --- | --- |
+| storage | [Storage
](#Storage) |
+| alg | [ProofAlgorithm
](#ProofAlgorithm) |
+| fragment | string
\| undefined
|
+| scope | [MethodScope
](#MethodScope) |
+
+
+
+### iotaDocument.createIssuedJwp(storage, fragment, jpt_claims, options) ⇒ Promise.<string>
+**Kind**: instance method of [IotaDocument
](#IotaDocument)
+
+| Param | Type |
+| --- | --- |
+| storage | [Storage
](#Storage) |
+| fragment | string
|
+| jpt_claims | JptClaims
|
+| options | [JwpCredentialOptions
](#JwpCredentialOptions) |
+
+
+
+### iotaDocument.createPresentedJwp(presentation, method_id, options) ⇒ Promise.<string>
+**Kind**: instance method of [IotaDocument
](#IotaDocument)
+
+| Param | Type |
+| --- | --- |
+| presentation | [SelectiveDisclosurePresentation
](#SelectiveDisclosurePresentation) |
+| method_id | string
|
+| options | [JwpPresentationOptions
](#JwpPresentationOptions) |
+
+
+
+### iotaDocument.createCredentialJpt(credential, storage, fragment, options, [custom_claims]) ⇒ [Promise.<Jpt>
](#Jpt)
+**Kind**: instance method of [IotaDocument
](#IotaDocument)
+
+| Param | Type |
+| --- | --- |
+| credential | [Credential
](#Credential) |
+| storage | [Storage
](#Storage) |
+| fragment | string
|
+| options | [JwpCredentialOptions
](#JwpCredentialOptions) |
+| [custom_claims] | Map.<string, any>
\| undefined
|
+
+
+
+### iotaDocument.createPresentationJpt(presentation, method_id, options) ⇒ [Promise.<Jpt>
](#Jpt)
+**Kind**: instance method of [IotaDocument
](#IotaDocument)
+
+| Param | Type |
+| --- | --- |
+| presentation | [SelectiveDisclosurePresentation
](#SelectiveDisclosurePresentation) |
+| method_id | string
|
+| options | [JwpPresentationOptions
](#JwpPresentationOptions) |
+
### IotaDocument.newWithId(id) ⇒ [IotaDocument
](#IotaDocument)
@@ -2797,175 +3023,549 @@ Fetches the `IAliasOutput` associated with the given DID.
| client | IIotaIdentityClient
|
| did | [IotaDID
](#IotaDID) |
-
+
-## Jwk
+## IssuerProtectedHeader
**Kind**: global class
-* [Jwk](#Jwk)
- * [new Jwk(jwk)](#new_Jwk_new)
- * _instance_
- * [.kty()](#Jwk+kty) ⇒ JwkType
- * [.use()](#Jwk+use) ⇒ JwkUse
\| undefined
- * [.keyOps()](#Jwk+keyOps) ⇒ Array.<JwkOperation>
- * [.alg()](#Jwk+alg) ⇒ JwsAlgorithm
\| undefined
- * [.kid()](#Jwk+kid) ⇒ string
\| undefined
- * [.x5u()](#Jwk+x5u) ⇒ string
\| undefined
- * [.x5c()](#Jwk+x5c) ⇒ Array.<string>
- * [.x5t()](#Jwk+x5t) ⇒ string
\| undefined
- * [.x5t256()](#Jwk+x5t256) ⇒ string
\| undefined
- * [.paramsEc()](#Jwk+paramsEc) ⇒ JwkParamsEc
\| undefined
- * [.paramsOkp()](#Jwk+paramsOkp) ⇒ JwkParamsOkp
\| undefined
- * [.paramsOct()](#Jwk+paramsOct) ⇒ JwkParamsOct
\| undefined
- * [.paramsRsa()](#Jwk+paramsRsa) ⇒ JwkParamsRsa
\| undefined
- * [.toPublic()](#Jwk+toPublic) ⇒ [Jwk
](#Jwk) \| undefined
- * [.isPublic()](#Jwk+isPublic) ⇒ boolean
- * [.isPrivate()](#Jwk+isPrivate) ⇒ boolean
- * [.toJSON()](#Jwk+toJSON) ⇒ any
- * [.clone()](#Jwk+clone) ⇒ [Jwk
](#Jwk)
- * _static_
- * [.fromJSON(json)](#Jwk.fromJSON) ⇒ [Jwk
](#Jwk)
+* [IssuerProtectedHeader](#IssuerProtectedHeader)
+ * [.typ](#IssuerProtectedHeader+typ) ⇒ string
\| undefined
+ * [.typ](#IssuerProtectedHeader+typ)
+ * [.alg](#IssuerProtectedHeader+alg) ⇒ [ProofAlgorithm
](#ProofAlgorithm)
+ * [.alg](#IssuerProtectedHeader+alg)
+ * [.kid](#IssuerProtectedHeader+kid) ⇒ string
\| undefined
+ * [.kid](#IssuerProtectedHeader+kid)
+ * [.cid](#IssuerProtectedHeader+cid) ⇒ string
\| undefined
+ * [.cid](#IssuerProtectedHeader+cid)
+ * [.claims()](#IssuerProtectedHeader+claims) ⇒ Array.<string>
-
+
-### new Jwk(jwk)
+### issuerProtectedHeader.typ ⇒ string
\| undefined
+JWP type (JPT).
+
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
+
+
+### issuerProtectedHeader.typ
+JWP type (JPT).
+
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
| Param | Type |
| --- | --- |
-| jwk | IJwkParams
|
+| [arg0] | string
\| undefined
|
-
+
-### jwk.kty() ⇒ JwkType
-Returns the value for the key type parameter (kty).
+### issuerProtectedHeader.alg ⇒ [ProofAlgorithm
](#ProofAlgorithm)
+Algorithm used for the JWP.
-**Kind**: instance method of [Jwk
](#Jwk)
-
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
+
-### jwk.use() ⇒ JwkUse
\| undefined
-Returns the value for the use property (use).
+### issuerProtectedHeader.alg
+Algorithm used for the JWP.
-**Kind**: instance method of [Jwk
](#Jwk)
-
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
-### jwk.keyOps() ⇒ Array.<JwkOperation>
-**Kind**: instance method of [Jwk
](#Jwk)
-
+| Param | Type |
+| --- | --- |
+| arg0 | [ProofAlgorithm
](#ProofAlgorithm) |
-### jwk.alg() ⇒ JwsAlgorithm
\| undefined
-Returns the value for the algorithm property (alg).
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+### issuerProtectedHeader.kid ⇒ string
\| undefined
+ID for the key used for the JWP.
-### jwk.kid() ⇒ string
\| undefined
-Returns the value of the key ID property (kid).
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+### issuerProtectedHeader.kid
+ID for the key used for the JWP.
-### jwk.x5u() ⇒ string
\| undefined
-Returns the value of the X.509 URL property (x5u).
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
-**Kind**: instance method of [Jwk
](#Jwk)
-
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
-### jwk.x5c() ⇒ Array.<string>
-Returns the value of the X.509 certificate chain property (x5c).
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+### issuerProtectedHeader.cid ⇒ string
\| undefined
+Not handled for now. Will be used in the future to resolve external claims
-### jwk.x5t() ⇒ string
\| undefined
-Returns the value of the X.509 certificate SHA-1 thumbprint property (x5t).
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+### issuerProtectedHeader.cid
+Not handled for now. Will be used in the future to resolve external claims
-### jwk.x5t256() ⇒ string
\| undefined
-Returns the value of the X.509 certificate SHA-256 thumbprint property (x5t#S256).
+**Kind**: instance property of [IssuerProtectedHeader
](#IssuerProtectedHeader)
-**Kind**: instance method of [Jwk
](#Jwk)
-
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
-### jwk.paramsEc() ⇒ JwkParamsEc
\| undefined
-If this JWK is of kty EC, returns those parameters.
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+### issuerProtectedHeader.claims() ⇒ Array.<string>
+**Kind**: instance method of [IssuerProtectedHeader
](#IssuerProtectedHeader)
+
-### jwk.paramsOkp() ⇒ JwkParamsOkp
\| undefined
-If this JWK is of kty OKP, returns those parameters.
+## Jpt
+A JSON Proof Token (JPT).
-**Kind**: instance method of [Jwk
](#Jwk)
-
+**Kind**: global class
-### jwk.paramsOct() ⇒ JwkParamsOct
\| undefined
-If this JWK is of kty OCT, returns those parameters.
+* [Jpt](#Jpt)
+ * [new Jpt(jpt_string)](#new_Jpt_new)
+ * [.toString()](#Jpt+toString) ⇒ string
+ * [.clone()](#Jpt+clone) ⇒ [Jpt
](#Jpt)
-**Kind**: instance method of [Jwk
](#Jwk)
-
+
-### jwk.paramsRsa() ⇒ JwkParamsRsa
\| undefined
-If this JWK is of kty RSA, returns those parameters.
+### new Jpt(jpt_string)
+Creates a new [Jpt](#Jpt).
-**Kind**: instance method of [Jwk
](#Jwk)
-
-### jwk.toPublic() ⇒ [Jwk
](#Jwk) \| undefined
-Returns a clone of the [Jwk](#Jwk) with _all_ private key components unset.
-Nothing is returned when `kty = oct` as this key type is not considered public by this library.
+| Param | Type |
+| --- | --- |
+| jpt_string | string
|
-**Kind**: instance method of [Jwk
](#Jwk)
-
+
-### jwk.isPublic() ⇒ boolean
-Returns `true` if _all_ private key components of the key are unset, `false` otherwise.
+### jpt.toString() ⇒ string
+**Kind**: instance method of [Jpt
](#Jpt)
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+### jpt.clone() ⇒ [Jpt
](#Jpt)
+Deep clones the object.
-### jwk.isPrivate() ⇒ boolean
-Returns `true` if _all_ private key components of the key are set, `false` otherwise.
+**Kind**: instance method of [Jpt
](#Jpt)
+
-**Kind**: instance method of [Jwk
](#Jwk)
-
+## JptCredentialValidationOptions
+Options to declare validation criteria for [Jpt](#Jpt).
-### jwk.toJSON() ⇒ any
-Serializes this to a JSON object.
+**Kind**: global class
-**Kind**: instance method of [Jwk
](#Jwk)
-
+* [JptCredentialValidationOptions](#JptCredentialValidationOptions)
+ * [new JptCredentialValidationOptions([opts])](#new_JptCredentialValidationOptions_new)
+ * _instance_
+ * [.clone()](#JptCredentialValidationOptions+clone) ⇒ [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
+ * [.toJSON()](#JptCredentialValidationOptions+toJSON) ⇒ any
+ * _static_
+ * [.fromJSON(json)](#JptCredentialValidationOptions.fromJSON) ⇒ [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
-### jwk.clone() ⇒ [Jwk
](#Jwk)
+
+
+### new JptCredentialValidationOptions([opts])
+Creates a new default istance.
+
+
+| Param | Type |
+| --- | --- |
+| [opts] | IJptCredentialValidationOptions
\| undefined
|
+
+
+
+### jptCredentialValidationOptions.clone() ⇒ [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
Deep clones the object.
-**Kind**: instance method of [Jwk
](#Jwk)
-
+**Kind**: instance method of [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
+
-### Jwk.fromJSON(json) ⇒ [Jwk
](#Jwk)
+### jptCredentialValidationOptions.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
+
+
+### JptCredentialValidationOptions.fromJSON(json) ⇒ [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
Deserializes an instance from a JSON object.
-**Kind**: static method of [Jwk
](#Jwk)
+**Kind**: static method of [JptCredentialValidationOptions
](#JptCredentialValidationOptions)
| Param | Type |
| --- | --- |
| json | any
|
-
-
-## JwkGenOutput
-The result of a key generation in `JwkStorage`.
+
+## JptCredentialValidator
**Kind**: global class
+
-* [JwkGenOutput](#JwkGenOutput)
- * [new JwkGenOutput(key_id, jwk)](#new_JwkGenOutput_new)
- * _instance_
- * [.jwk()](#JwkGenOutput+jwk) ⇒ [Jwk
](#Jwk)
- * [.keyId()](#JwkGenOutput+keyId) ⇒ string
- * [.toJSON()](#JwkGenOutput+toJSON) ⇒ any
- * [.clone()](#JwkGenOutput+clone) ⇒ [JwkGenOutput
](#JwkGenOutput)
+### JptCredentialValidator.validate(credential_jpt, issuer, options, fail_fast) ⇒ [DecodedJptCredential
](#DecodedJptCredential)
+**Kind**: static method of [JptCredentialValidator
](#JptCredentialValidator)
+
+| Param | Type |
+| --- | --- |
+| credential_jpt | [Jpt
](#Jpt) |
+| issuer | [CoreDocument
](#CoreDocument) \| IToCoreDocument
|
+| options | [JptCredentialValidationOptions
](#JptCredentialValidationOptions) |
+| fail_fast | [FailFast
](#FailFast) |
+
+
+
+## JptCredentialValidatorUtils
+Utility functions for validating JPT credentials.
+
+**Kind**: global class
+
+* [JptCredentialValidatorUtils](#JptCredentialValidatorUtils)
+ * [.extractIssuer(credential)](#JptCredentialValidatorUtils.extractIssuer) ⇒ [CoreDID
](#CoreDID)
+ * [.extractIssuerFromIssuedJpt(credential)](#JptCredentialValidatorUtils.extractIssuerFromIssuedJpt) ⇒ [CoreDID
](#CoreDID)
+ * [.checkTimeframesWithValidityTimeframe2024(credential, validity_timeframe, status_check)](#JptCredentialValidatorUtils.checkTimeframesWithValidityTimeframe2024)
+ * [.checkRevocationWithValidityTimeframe2024(credential, issuer, status_check)](#JptCredentialValidatorUtils.checkRevocationWithValidityTimeframe2024)
+ * [.checkTimeframesAndRevocationWithValidityTimeframe2024(credential, issuer, validity_timeframe, status_check)](#JptCredentialValidatorUtils.checkTimeframesAndRevocationWithValidityTimeframe2024)
+
+
+
+### JptCredentialValidatorUtils.extractIssuer(credential) ⇒ [CoreDID
](#CoreDID)
+Utility for extracting the issuer field of a [`Credential`](`Credential`) as a DID.
+# Errors
+Fails if the issuer field is not a valid DID.
+
+**Kind**: static method of [JptCredentialValidatorUtils
](#JptCredentialValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| credential | [Credential
](#Credential) |
+
+
+
+### JptCredentialValidatorUtils.extractIssuerFromIssuedJpt(credential) ⇒ [CoreDID
](#CoreDID)
+Utility for extracting the issuer field of a credential in JPT representation as DID.
+# Errors
+If the JPT decoding fails or the issuer field is not a valid DID.
+
+**Kind**: static method of [JptCredentialValidatorUtils
](#JptCredentialValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| credential | [Jpt
](#Jpt) |
+
+
+
+### JptCredentialValidatorUtils.checkTimeframesWithValidityTimeframe2024(credential, validity_timeframe, status_check)
+**Kind**: static method of [JptCredentialValidatorUtils
](#JptCredentialValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| credential | [Credential
](#Credential) |
+| validity_timeframe | [Timestamp
](#Timestamp) \| undefined
|
+| status_check | [StatusCheck
](#StatusCheck) |
+
+
+
+### JptCredentialValidatorUtils.checkRevocationWithValidityTimeframe2024(credential, issuer, status_check)
+Checks whether the credential status has been revoked.
+
+Only supports `RevocationTimeframe2024`.
+
+**Kind**: static method of [JptCredentialValidatorUtils
](#JptCredentialValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| credential | [Credential
](#Credential) |
+| issuer | [CoreDocument
](#CoreDocument) \| IToCoreDocument
|
+| status_check | [StatusCheck
](#StatusCheck) |
+
+
+
+### JptCredentialValidatorUtils.checkTimeframesAndRevocationWithValidityTimeframe2024(credential, issuer, validity_timeframe, status_check)
+Checks whether the credential status has been revoked or the timeframe interval is INVALID
+
+Only supports `RevocationTimeframe2024`.
+
+**Kind**: static method of [JptCredentialValidatorUtils
](#JptCredentialValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| credential | [Credential
](#Credential) |
+| issuer | [CoreDocument
](#CoreDocument) \| IToCoreDocument
|
+| validity_timeframe | [Timestamp
](#Timestamp) \| undefined
|
+| status_check | [StatusCheck
](#StatusCheck) |
+
+
+
+## JptPresentationValidationOptions
+Options to declare validation criteria for a [Jpt](#Jpt) presentation.
+
+**Kind**: global class
+
+* [JptPresentationValidationOptions](#JptPresentationValidationOptions)
+ * [new JptPresentationValidationOptions([opts])](#new_JptPresentationValidationOptions_new)
+ * _instance_
+ * [.clone()](#JptPresentationValidationOptions+clone) ⇒ [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+ * [.toJSON()](#JptPresentationValidationOptions+toJSON) ⇒ any
+ * _static_
+ * [.fromJSON(json)](#JptPresentationValidationOptions.fromJSON) ⇒ [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+
+
+
+### new JptPresentationValidationOptions([opts])
+
+| Param | Type |
+| --- | --- |
+| [opts] | IJptPresentationValidationOptions
\| undefined
|
+
+
+
+### jptPresentationValidationOptions.clone() ⇒ [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+Deep clones the object.
+
+**Kind**: instance method of [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+
+
+### jptPresentationValidationOptions.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+
+
+### JptPresentationValidationOptions.fromJSON(json) ⇒ [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [JptPresentationValidationOptions
](#JptPresentationValidationOptions)
+
+| Param | Type |
+| --- | --- |
+| json | any
|
+
+
+
+## JptPresentationValidator
+**Kind**: global class
+
+
+### JptPresentationValidator.validate(presentation_jpt, issuer, options, fail_fast) ⇒ [DecodedJptPresentation
](#DecodedJptPresentation)
+Decodes and validates a Presented [Credential](#Credential) issued as a JPT (JWP Presented Form). A
+[DecodedJptPresentation](#DecodedJptPresentation) is returned upon success.
+
+The following properties are validated according to `options`:
+- the holder's proof on the JWP,
+- the expiration date,
+- the issuance date,
+- the semantic structure.
+
+**Kind**: static method of [JptPresentationValidator
](#JptPresentationValidator)
+
+| Param | Type |
+| --- | --- |
+| presentation_jpt | [Jpt
](#Jpt) |
+| issuer | [CoreDocument
](#CoreDocument) \| IToCoreDocument
|
+| options | [JptPresentationValidationOptions
](#JptPresentationValidationOptions) |
+| fail_fast | [FailFast
](#FailFast) |
+
+
+
+## JptPresentationValidatorUtils
+Utility functions for verifying JPT presentations.
+
+**Kind**: global class
+
+* [JptPresentationValidatorUtils](#JptPresentationValidatorUtils)
+ * [.extractIssuerFromPresentedJpt(presentation)](#JptPresentationValidatorUtils.extractIssuerFromPresentedJpt) ⇒ [CoreDID
](#CoreDID)
+ * [.checkTimeframesWithValidityTimeframe2024(credential, validity_timeframe, status_check)](#JptPresentationValidatorUtils.checkTimeframesWithValidityTimeframe2024)
+
+
+
+### JptPresentationValidatorUtils.extractIssuerFromPresentedJpt(presentation) ⇒ [CoreDID
](#CoreDID)
+Utility for extracting the issuer field of a credential in JPT representation as DID.
+# Errors
+If the JPT decoding fails or the issuer field is not a valid DID.
+
+**Kind**: static method of [JptPresentationValidatorUtils
](#JptPresentationValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| presentation | [Jpt
](#Jpt) |
+
+
+
+### JptPresentationValidatorUtils.checkTimeframesWithValidityTimeframe2024(credential, validity_timeframe, status_check)
+Check timeframe interval in credentialStatus with `RevocationTimeframeStatus`.
+
+**Kind**: static method of [JptPresentationValidatorUtils
](#JptPresentationValidatorUtils)
+
+| Param | Type |
+| --- | --- |
+| credential | [Credential
](#Credential) |
+| validity_timeframe | [Timestamp
](#Timestamp) \| undefined
|
+| status_check | [StatusCheck
](#StatusCheck) |
+
+
+
+## Jwk
+**Kind**: global class
+
+* [Jwk](#Jwk)
+ * [new Jwk(jwk)](#new_Jwk_new)
+ * _instance_
+ * [.kty()](#Jwk+kty) ⇒ JwkType
+ * [.use()](#Jwk+use) ⇒ JwkUse
\| undefined
+ * [.keyOps()](#Jwk+keyOps) ⇒ Array.<JwkOperation>
+ * [.alg()](#Jwk+alg) ⇒ JwsAlgorithm
\| undefined
+ * [.kid()](#Jwk+kid) ⇒ string
\| undefined
+ * [.x5u()](#Jwk+x5u) ⇒ string
\| undefined
+ * [.x5c()](#Jwk+x5c) ⇒ Array.<string>
+ * [.x5t()](#Jwk+x5t) ⇒ string
\| undefined
+ * [.x5t256()](#Jwk+x5t256) ⇒ string
\| undefined
+ * [.paramsEc()](#Jwk+paramsEc) ⇒ JwkParamsEc
\| undefined
+ * [.paramsOkp()](#Jwk+paramsOkp) ⇒ JwkParamsOkp
\| undefined
+ * [.paramsOct()](#Jwk+paramsOct) ⇒ JwkParamsOct
\| undefined
+ * [.paramsRsa()](#Jwk+paramsRsa) ⇒ JwkParamsRsa
\| undefined
+ * [.toPublic()](#Jwk+toPublic) ⇒ [Jwk
](#Jwk) \| undefined
+ * [.isPublic()](#Jwk+isPublic) ⇒ boolean
+ * [.isPrivate()](#Jwk+isPrivate) ⇒ boolean
+ * [.toJSON()](#Jwk+toJSON) ⇒ any
+ * [.clone()](#Jwk+clone) ⇒ [Jwk
](#Jwk)
+ * _static_
+ * [.fromJSON(json)](#Jwk.fromJSON) ⇒ [Jwk
](#Jwk)
+
+
+
+### new Jwk(jwk)
+
+| Param | Type |
+| --- | --- |
+| jwk | IJwkParams
|
+
+
+
+### jwk.kty() ⇒ JwkType
+Returns the value for the key type parameter (kty).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.use() ⇒ JwkUse
\| undefined
+Returns the value for the use property (use).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.keyOps() ⇒ Array.<JwkOperation>
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.alg() ⇒ JwsAlgorithm
\| undefined
+Returns the value for the algorithm property (alg).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.kid() ⇒ string
\| undefined
+Returns the value of the key ID property (kid).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.x5u() ⇒ string
\| undefined
+Returns the value of the X.509 URL property (x5u).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.x5c() ⇒ Array.<string>
+Returns the value of the X.509 certificate chain property (x5c).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.x5t() ⇒ string
\| undefined
+Returns the value of the X.509 certificate SHA-1 thumbprint property (x5t).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.x5t256() ⇒ string
\| undefined
+Returns the value of the X.509 certificate SHA-256 thumbprint property (x5t#S256).
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.paramsEc() ⇒ JwkParamsEc
\| undefined
+If this JWK is of kty EC, returns those parameters.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.paramsOkp() ⇒ JwkParamsOkp
\| undefined
+If this JWK is of kty OKP, returns those parameters.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.paramsOct() ⇒ JwkParamsOct
\| undefined
+If this JWK is of kty OCT, returns those parameters.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.paramsRsa() ⇒ JwkParamsRsa
\| undefined
+If this JWK is of kty RSA, returns those parameters.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.toPublic() ⇒ [Jwk
](#Jwk) \| undefined
+Returns a clone of the [Jwk](#Jwk) with _all_ private key components unset.
+Nothing is returned when `kty = oct` as this key type is not considered public by this library.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.isPublic() ⇒ boolean
+Returns `true` if _all_ private key components of the key are unset, `false` otherwise.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.isPrivate() ⇒ boolean
+Returns `true` if _all_ private key components of the key are set, `false` otherwise.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### jwk.clone() ⇒ [Jwk
](#Jwk)
+Deep clones the object.
+
+**Kind**: instance method of [Jwk
](#Jwk)
+
+
+### Jwk.fromJSON(json) ⇒ [Jwk
](#Jwk)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [Jwk
](#Jwk)
+
+| Param | Type |
+| --- | --- |
+| json | any
|
+
+
+
+## JwkGenOutput
+The result of a key generation in `JwkStorage`.
+
+**Kind**: global class
+
+* [JwkGenOutput](#JwkGenOutput)
+ * [new JwkGenOutput(key_id, jwk)](#new_JwkGenOutput_new)
+ * _instance_
+ * [.jwk()](#JwkGenOutput+jwk) ⇒ [Jwk
](#Jwk)
+ * [.keyId()](#JwkGenOutput+keyId) ⇒ string
+ * [.toJSON()](#JwkGenOutput+toJSON) ⇒ any
+ * [.clone()](#JwkGenOutput+clone) ⇒ [JwkGenOutput
](#JwkGenOutput)
* _static_
* [.fromJSON(json)](#JwkGenOutput.fromJSON) ⇒ [JwkGenOutput
](#JwkGenOutput)
@@ -3013,6 +3613,217 @@ Deserializes an instance from a JSON object.
| --- | --- |
| json | any
|
+
+
+## JwpCredentialOptions
+**Kind**: global class
+
+* [JwpCredentialOptions](#JwpCredentialOptions)
+ * _instance_
+ * [.kid](#JwpCredentialOptions+kid) ⇒ string
\| undefined
+ * [.kid](#JwpCredentialOptions+kid)
+ * [.toJSON()](#JwpCredentialOptions+toJSON) ⇒ any
+ * _static_
+ * [.fromJSON(value)](#JwpCredentialOptions.fromJSON) ⇒ [JwpCredentialOptions
](#JwpCredentialOptions)
+
+
+
+### jwpCredentialOptions.kid ⇒ string
\| undefined
+**Kind**: instance property of [JwpCredentialOptions
](#JwpCredentialOptions)
+
+
+### jwpCredentialOptions.kid
+**Kind**: instance property of [JwpCredentialOptions
](#JwpCredentialOptions)
+
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
+
+
+
+### jwpCredentialOptions.toJSON() ⇒ any
+**Kind**: instance method of [JwpCredentialOptions
](#JwpCredentialOptions)
+
+
+### JwpCredentialOptions.fromJSON(value) ⇒ [JwpCredentialOptions
](#JwpCredentialOptions)
+**Kind**: static method of [JwpCredentialOptions
](#JwpCredentialOptions)
+
+| Param | Type |
+| --- | --- |
+| value | any
|
+
+
+
+## JwpIssued
+**Kind**: global class
+
+* [JwpIssued](#JwpIssued)
+ * _instance_
+ * [.toJSON()](#JwpIssued+toJSON) ⇒ any
+ * [.clone()](#JwpIssued+clone) ⇒ [JwpIssued
](#JwpIssued)
+ * [.encode(serialization)](#JwpIssued+encode) ⇒ string
+ * [.setProof(proof)](#JwpIssued+setProof)
+ * [.getProof()](#JwpIssued+getProof) ⇒ Uint8Array
+ * [.getPayloads()](#JwpIssued+getPayloads) ⇒ [Payloads
](#Payloads)
+ * [.setPayloads(payloads)](#JwpIssued+setPayloads)
+ * [.getIssuerProtectedHeader()](#JwpIssued+getIssuerProtectedHeader) ⇒ [IssuerProtectedHeader
](#IssuerProtectedHeader)
+ * _static_
+ * [.fromJSON(json)](#JwpIssued.fromJSON) ⇒ [JwpIssued
](#JwpIssued)
+
+
+
+### jwpIssued.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+
+### jwpIssued.clone() ⇒ [JwpIssued
](#JwpIssued)
+Deep clones the object.
+
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+
+### jwpIssued.encode(serialization) ⇒ string
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+| Param | Type |
+| --- | --- |
+| serialization | [SerializationType
](#SerializationType) |
+
+
+
+### jwpIssued.setProof(proof)
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+| Param | Type |
+| --- | --- |
+| proof | Uint8Array
|
+
+
+
+### jwpIssued.getProof() ⇒ Uint8Array
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+
+### jwpIssued.getPayloads() ⇒ [Payloads
](#Payloads)
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+
+### jwpIssued.setPayloads(payloads)
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+| Param | Type |
+| --- | --- |
+| payloads | [Payloads
](#Payloads) |
+
+
+
+### jwpIssued.getIssuerProtectedHeader() ⇒ [IssuerProtectedHeader
](#IssuerProtectedHeader)
+**Kind**: instance method of [JwpIssued
](#JwpIssued)
+
+
+### JwpIssued.fromJSON(json) ⇒ [JwpIssued
](#JwpIssued)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [JwpIssued
](#JwpIssued)
+
+| Param | Type |
+| --- | --- |
+| json | any
|
+
+
+
+## JwpPresentationOptions
+Options to be set in the JWT claims of a verifiable presentation.
+
+**Kind**: global class
+
+* [JwpPresentationOptions](#JwpPresentationOptions)
+ * [.audience](#JwpPresentationOptions+audience) ⇒ string
\| undefined
+ * [.audience](#JwpPresentationOptions+audience)
+ * [.nonce](#JwpPresentationOptions+nonce) ⇒ string
\| undefined
+ * [.nonce](#JwpPresentationOptions+nonce)
+
+
+
+### jwpPresentationOptions.audience ⇒ string
\| undefined
+Sets the audience for presentation (`aud` property in JWP Presentation Header).
+
+**Kind**: instance property of [JwpPresentationOptions
](#JwpPresentationOptions)
+
+
+### jwpPresentationOptions.audience
+Sets the audience for presentation (`aud` property in JWP Presentation Header).
+
+**Kind**: instance property of [JwpPresentationOptions
](#JwpPresentationOptions)
+
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
+
+
+
+### jwpPresentationOptions.nonce ⇒ string
\| undefined
+The nonce to be placed in the Presentation Protected Header.
+
+**Kind**: instance property of [JwpPresentationOptions
](#JwpPresentationOptions)
+
+
+### jwpPresentationOptions.nonce
+The nonce to be placed in the Presentation Protected Header.
+
+**Kind**: instance property of [JwpPresentationOptions
](#JwpPresentationOptions)
+
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
+
+
+
+## JwpVerificationOptions
+**Kind**: global class
+
+* [JwpVerificationOptions](#JwpVerificationOptions)
+ * _instance_
+ * [.clone()](#JwpVerificationOptions+clone) ⇒ [JwpVerificationOptions
](#JwpVerificationOptions)
+ * [.toJSON()](#JwpVerificationOptions+toJSON) ⇒ any
+ * _static_
+ * [.fromJSON(json)](#JwpVerificationOptions.fromJSON) ⇒ [JwpVerificationOptions
](#JwpVerificationOptions)
+ * [.new([opts])](#JwpVerificationOptions.new) ⇒ [JwpVerificationOptions
](#JwpVerificationOptions)
+
+
+
+### jwpVerificationOptions.clone() ⇒ [JwpVerificationOptions
](#JwpVerificationOptions)
+Deep clones the object.
+
+**Kind**: instance method of [JwpVerificationOptions
](#JwpVerificationOptions)
+
+
+### jwpVerificationOptions.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [JwpVerificationOptions
](#JwpVerificationOptions)
+
+
+### JwpVerificationOptions.fromJSON(json) ⇒ [JwpVerificationOptions
](#JwpVerificationOptions)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [JwpVerificationOptions
](#JwpVerificationOptions)
+
+| Param | Type |
+| --- | --- |
+| json | any
|
+
+
+
+### JwpVerificationOptions.new([opts]) ⇒ [JwpVerificationOptions
](#JwpVerificationOptions)
+**Kind**: static method of [JwpVerificationOptions
](#JwpVerificationOptions)
+
+| Param | Type |
+| --- | --- |
+| [opts] | IJwpVerificationOptions
\| undefined
|
+
## Jws
@@ -4681,22 +5492,159 @@ in the `publicKeyJwk` entry.
### MethodType.custom(type_) ⇒ [MethodType
](#MethodType)
A custom method.
-**Kind**: static method of [MethodType
](#MethodType)
+**Kind**: static method of [MethodType
](#MethodType)
+
+| Param | Type |
+| --- | --- |
+| type_ | string
|
+
+
+
+### MethodType.fromJSON(json) ⇒ [MethodType
](#MethodType)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [MethodType
](#MethodType)
+
+| Param | Type |
+| --- | --- |
+| json | any
|
+
+
+
+## PayloadEntry
+**Kind**: global class
+
+* [PayloadEntry](#PayloadEntry)
+ * [.1](#PayloadEntry+1) ⇒ [PayloadType
](#PayloadType)
+ * [.1](#PayloadEntry+1)
+ * [.value](#PayloadEntry+value)
+ * [.value](#PayloadEntry+value) ⇒ any
+
+
+
+### payloadEntry.1 ⇒ [PayloadType
](#PayloadType)
+**Kind**: instance property of [PayloadEntry
](#PayloadEntry)
+
+
+### payloadEntry.1
+**Kind**: instance property of [PayloadEntry
](#PayloadEntry)
+
+| Param | Type |
+| --- | --- |
+| arg0 | [PayloadType
](#PayloadType) |
+
+
+
+### payloadEntry.value
+**Kind**: instance property of [PayloadEntry
](#PayloadEntry)
+
+| Param | Type |
+| --- | --- |
+| value | any
|
+
+
+
+### payloadEntry.value ⇒ any
+**Kind**: instance property of [PayloadEntry
](#PayloadEntry)
+
+
+## Payloads
+**Kind**: global class
+
+* [Payloads](#Payloads)
+ * [new Payloads(entries)](#new_Payloads_new)
+ * _instance_
+ * [.toJSON()](#Payloads+toJSON) ⇒ any
+ * [.clone()](#Payloads+clone) ⇒ [Payloads
](#Payloads)
+ * [.getValues()](#Payloads+getValues) ⇒ Array.<any>
+ * [.getUndisclosedIndexes()](#Payloads+getUndisclosedIndexes) ⇒ Uint32Array
+ * [.getDisclosedIndexes()](#Payloads+getDisclosedIndexes) ⇒ Uint32Array
+ * [.getUndisclosedPayloads()](#Payloads+getUndisclosedPayloads) ⇒ Array.<any>
+ * [.getDisclosedPayloads()](#Payloads+getDisclosedPayloads) ⇒ [Payloads
](#Payloads)
+ * [.setUndisclosed(index)](#Payloads+setUndisclosed)
+ * [.replacePayloadAtIndex(index, value)](#Payloads+replacePayloadAtIndex) ⇒ any
+ * _static_
+ * [.fromJSON(json)](#Payloads.fromJSON) ⇒ [Payloads
](#Payloads)
+ * [.newFromValues(values)](#Payloads.newFromValues) ⇒ [Payloads
](#Payloads)
+
+
+
+### new Payloads(entries)
+
+| Param | Type |
+| --- | --- |
+| entries | [Array.<PayloadEntry>
](#PayloadEntry) |
+
+
+
+### payloads.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.clone() ⇒ [Payloads
](#Payloads)
+Deep clones the object.
+
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.getValues() ⇒ Array.<any>
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.getUndisclosedIndexes() ⇒ Uint32Array
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.getDisclosedIndexes() ⇒ Uint32Array
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.getUndisclosedPayloads() ⇒ Array.<any>
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.getDisclosedPayloads() ⇒ [Payloads
](#Payloads)
+**Kind**: instance method of [Payloads
](#Payloads)
+
+
+### payloads.setUndisclosed(index)
+**Kind**: instance method of [Payloads
](#Payloads)
+
+| Param | Type |
+| --- | --- |
+| index | number
|
+
+
+
+### payloads.replacePayloadAtIndex(index, value) ⇒ any
+**Kind**: instance method of [Payloads
](#Payloads)
+
+| Param | Type |
+| --- | --- |
+| index | number
|
+| value | any
|
+
+
+
+### Payloads.fromJSON(json) ⇒ [Payloads
](#Payloads)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [Payloads
](#Payloads)
| Param | Type |
| --- | --- |
-| type_ | string
|
-
-
+| json | any
|
-### MethodType.fromJSON(json) ⇒ [MethodType
](#MethodType)
-Deserializes an instance from a JSON object.
+
-**Kind**: static method of [MethodType
](#MethodType)
+### Payloads.newFromValues(values) ⇒ [Payloads
](#Payloads)
+**Kind**: static method of [Payloads
](#Payloads)
| Param | Type |
| --- | --- |
-| json | any
|
+| values | Array.<any>
|
@@ -4835,6 +5783,85 @@ Deserializes an instance from a JSON object.
| --- | --- |
| json | any
|
+
+
+## PresentationProtectedHeader
+**Kind**: global class
+
+* [PresentationProtectedHeader](#PresentationProtectedHeader)
+ * [.alg](#PresentationProtectedHeader+alg) ⇒ [PresentationProofAlgorithm
](#PresentationProofAlgorithm)
+ * [.alg](#PresentationProtectedHeader+alg)
+ * [.kid](#PresentationProtectedHeader+kid) ⇒ string
\| undefined
+ * [.kid](#PresentationProtectedHeader+kid)
+ * [.aud](#PresentationProtectedHeader+aud) ⇒ string
\| undefined
+ * [.aud](#PresentationProtectedHeader+aud)
+ * [.nonce](#PresentationProtectedHeader+nonce) ⇒ string
\| undefined
+ * [.nonce](#PresentationProtectedHeader+nonce)
+
+
+
+### presentationProtectedHeader.alg ⇒ [PresentationProofAlgorithm
](#PresentationProofAlgorithm)
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+
+### presentationProtectedHeader.alg
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+| Param | Type |
+| --- | --- |
+| arg0 | [PresentationProofAlgorithm
](#PresentationProofAlgorithm) |
+
+
+
+### presentationProtectedHeader.kid ⇒ string
\| undefined
+ID for the key used for the JWP.
+
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+
+### presentationProtectedHeader.kid
+ID for the key used for the JWP.
+
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
+
+
+
+### presentationProtectedHeader.aud ⇒ string
\| undefined
+Who have received the JPT.
+
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+
+### presentationProtectedHeader.aud
+Who have received the JPT.
+
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
+
+
+
+### presentationProtectedHeader.nonce ⇒ string
\| undefined
+For replay attacks.
+
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+
+### presentationProtectedHeader.nonce
+For replay attacks.
+
+**Kind**: instance property of [PresentationProtectedHeader
](#PresentationProtectedHeader)
+
+| Param | Type |
+| --- | --- |
+| [arg0] | string
\| undefined
|
+
## Proof
@@ -4904,6 +5931,146 @@ Deserializes an instance from a JSON object.
| --- | --- |
| json | any
|
+
+
+## ProofUpdateCtx
+**Kind**: global class
+
+* [ProofUpdateCtx](#ProofUpdateCtx)
+ * [.old_start_validity_timeframe](#ProofUpdateCtx+old_start_validity_timeframe) ⇒ Uint8Array
+ * [.old_start_validity_timeframe](#ProofUpdateCtx+old_start_validity_timeframe)
+ * [.new_start_validity_timeframe](#ProofUpdateCtx+new_start_validity_timeframe) ⇒ Uint8Array
+ * [.new_start_validity_timeframe](#ProofUpdateCtx+new_start_validity_timeframe)
+ * [.old_end_validity_timeframe](#ProofUpdateCtx+old_end_validity_timeframe) ⇒ Uint8Array
+ * [.old_end_validity_timeframe](#ProofUpdateCtx+old_end_validity_timeframe)
+ * [.new_end_validity_timeframe](#ProofUpdateCtx+new_end_validity_timeframe) ⇒ Uint8Array
+ * [.new_end_validity_timeframe](#ProofUpdateCtx+new_end_validity_timeframe)
+ * [.index_start_validity_timeframe](#ProofUpdateCtx+index_start_validity_timeframe) ⇒ number
+ * [.index_start_validity_timeframe](#ProofUpdateCtx+index_start_validity_timeframe)
+ * [.index_end_validity_timeframe](#ProofUpdateCtx+index_end_validity_timeframe) ⇒ number
+ * [.index_end_validity_timeframe](#ProofUpdateCtx+index_end_validity_timeframe)
+ * [.number_of_signed_messages](#ProofUpdateCtx+number_of_signed_messages) ⇒ number
+ * [.number_of_signed_messages](#ProofUpdateCtx+number_of_signed_messages)
+
+
+
+### proofUpdateCtx.old\_start\_validity\_timeframe ⇒ Uint8Array
+Old `startValidityTimeframe` value
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.old\_start\_validity\_timeframe
+Old `startValidityTimeframe` value
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | Uint8Array
|
+
+
+
+### proofUpdateCtx.new\_start\_validity\_timeframe ⇒ Uint8Array
+New `startValidityTimeframe` value to be signed
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.new\_start\_validity\_timeframe
+New `startValidityTimeframe` value to be signed
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | Uint8Array
|
+
+
+
+### proofUpdateCtx.old\_end\_validity\_timeframe ⇒ Uint8Array
+Old `endValidityTimeframe` value
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.old\_end\_validity\_timeframe
+Old `endValidityTimeframe` value
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | Uint8Array
|
+
+
+
+### proofUpdateCtx.new\_end\_validity\_timeframe ⇒ Uint8Array
+New `endValidityTimeframe` value to be signed
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.new\_end\_validity\_timeframe
+New `endValidityTimeframe` value to be signed
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | Uint8Array
|
+
+
+
+### proofUpdateCtx.index\_start\_validity\_timeframe ⇒ number
+Index of `startValidityTimeframe` claim inside the array of Claims
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.index\_start\_validity\_timeframe
+Index of `startValidityTimeframe` claim inside the array of Claims
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | number
|
+
+
+
+### proofUpdateCtx.index\_end\_validity\_timeframe ⇒ number
+Index of `endValidityTimeframe` claim inside the array of Claims
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.index\_end\_validity\_timeframe
+Index of `endValidityTimeframe` claim inside the array of Claims
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | number
|
+
+
+
+### proofUpdateCtx.number\_of\_signed\_messages ⇒ number
+Number of signed messages, number of payloads in a JWP
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+
+### proofUpdateCtx.number\_of\_signed\_messages
+Number of signed messages, number of payloads in a JWP
+
+**Kind**: instance property of [ProofUpdateCtx
](#ProofUpdateCtx)
+
+| Param | Type |
+| --- | --- |
+| arg0 | number
|
+
## Resolver
@@ -5072,6 +6239,85 @@ if it is a valid Revocation Bitmap Service.
| --- | --- |
| service | [Service
](#Service) |
+
+
+## RevocationTimeframeStatus
+Information used to determine the current status of a [Credential](#Credential).
+
+**Kind**: global class
+
+* [RevocationTimeframeStatus](#RevocationTimeframeStatus)
+ * [new RevocationTimeframeStatus(id, index, duration, [start_validity])](#new_RevocationTimeframeStatus_new)
+ * _instance_
+ * [.clone()](#RevocationTimeframeStatus+clone) ⇒ [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+ * [.toJSON()](#RevocationTimeframeStatus+toJSON) ⇒ any
+ * [.startValidityTimeframe()](#RevocationTimeframeStatus+startValidityTimeframe) ⇒ [Timestamp
](#Timestamp)
+ * [.endValidityTimeframe()](#RevocationTimeframeStatus+endValidityTimeframe) ⇒ [Timestamp
](#Timestamp)
+ * [.id()](#RevocationTimeframeStatus+id) ⇒ string
+ * [.index()](#RevocationTimeframeStatus+index) ⇒ number
\| undefined
+ * _static_
+ * [.fromJSON(json)](#RevocationTimeframeStatus.fromJSON) ⇒ [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+
+### new RevocationTimeframeStatus(id, index, duration, [start_validity])
+Creates a new `RevocationTimeframeStatus`.
+
+
+| Param | Type |
+| --- | --- |
+| id | string
|
+| index | number
|
+| duration | [Duration
](#Duration) |
+| [start_validity] | [Timestamp
](#Timestamp) \| undefined
|
+
+
+
+### revocationTimeframeStatus.clone() ⇒ [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+Deep clones the object.
+
+**Kind**: instance method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+### revocationTimeframeStatus.toJSON() ⇒ any
+Serializes this to a JSON object.
+
+**Kind**: instance method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+### revocationTimeframeStatus.startValidityTimeframe() ⇒ [Timestamp
](#Timestamp)
+Get startValidityTimeframe value.
+
+**Kind**: instance method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+### revocationTimeframeStatus.endValidityTimeframe() ⇒ [Timestamp
](#Timestamp)
+Get endValidityTimeframe value.
+
+**Kind**: instance method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+### revocationTimeframeStatus.id() ⇒ string
+Return the URL fo the `RevocationBitmapStatus`.
+
+**Kind**: instance method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+### revocationTimeframeStatus.index() ⇒ number
\| undefined
+Return the index of the credential in the issuer's revocation bitmap
+
+**Kind**: instance method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+
+### RevocationTimeframeStatus.fromJSON(json) ⇒ [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+Deserializes an instance from a JSON object.
+
+**Kind**: static method of [RevocationTimeframeStatus
](#RevocationTimeframeStatus)
+
+| Param | Type |
+| --- | --- |
+| json | any
|
+
## SdJwt
@@ -5409,6 +6655,93 @@ If path is an empty slice, decoys will be added to the top level.
| path | string
|
| number_of_decoys | number
|
+
+
+## SelectiveDisclosurePresentation
+Used to construct a JwpPresentedBuilder and handle the selective disclosure of attributes
+- @context MUST NOT be blinded
+- id MUST be blinded
+- type MUST NOT be blinded
+- issuer MUST NOT be blinded
+- issuanceDate MUST be blinded (if Timeframe Revocation mechanism is used)
+- expirationDate MUST be blinded (if Timeframe Revocation mechanism is used)
+- credentialSubject (User have to choose which attribute must be blinded)
+- credentialSchema MUST NOT be blinded
+- credentialStatus MUST NOT be blinded
+- refreshService MUST NOT be blinded (probably will be used for Timeslot Revocation mechanism)
+- termsOfUse NO reason to use it in ZK VC (will be in any case blinded)
+- evidence (User have to choose which attribute must be blinded)
+
+**Kind**: global class
+
+* [SelectiveDisclosurePresentation](#SelectiveDisclosurePresentation)
+ * [new SelectiveDisclosurePresentation(issued_jwp)](#new_SelectiveDisclosurePresentation_new)
+ * [.concealInSubject(path)](#SelectiveDisclosurePresentation+concealInSubject)
+ * [.concealInEvidence(path)](#SelectiveDisclosurePresentation+concealInEvidence)
+ * [.setPresentationHeader(header)](#SelectiveDisclosurePresentation+setPresentationHeader)
+
+
+
+### new SelectiveDisclosurePresentation(issued_jwp)
+Initialize a presentation starting from an Issued JWP.
+The properties `jti`, `nbf`, `issuanceDate`, `expirationDate` and `termsOfUse` are concealed by default.
+
+
+| Param | Type |
+| --- | --- |
+| issued_jwp | [JwpIssued
](#JwpIssued) |
+
+
+
+### selectiveDisclosurePresentation.concealInSubject(path)
+Selectively disclose "credentialSubject" attributes.
+# Example
+```
+{
+ "id": 1234,
+ "name": "Alice",
+ "mainCourses": ["Object-oriented Programming", "Mathematics"],
+ "degree": {
+ "type": "BachelorDegree",
+ "name": "Bachelor of Science and Arts",
+ },
+ "GPA": "4.0",
+}
+```
+If you want to undisclose for example the Mathematics course and the name of the degree:
+```
+undisclose_subject("mainCourses[1]");
+undisclose_subject("degree.name");
+```
+
+**Kind**: instance method of [SelectiveDisclosurePresentation
](#SelectiveDisclosurePresentation)
+
+| Param | Type |
+| --- | --- |
+| path | string
|
+
+
+
+### selectiveDisclosurePresentation.concealInEvidence(path)
+Undiscloses "evidence" attributes.
+
+**Kind**: instance method of [SelectiveDisclosurePresentation
](#SelectiveDisclosurePresentation)
+
+| Param | Type |
+| --- | --- |
+| path | string
|
+
+
+
+### selectiveDisclosurePresentation.setPresentationHeader(header)
+Sets presentation protected header.
+
+**Kind**: instance method of [SelectiveDisclosurePresentation
](#SelectiveDisclosurePresentation)
+
+| Param | Type |
+| --- | --- |
+| header | [PresentationProtectedHeader
](#PresentationProtectedHeader) |
+
## Service
@@ -6196,11 +7529,46 @@ Deserializes an instance from a JSON object.
| --- | --- |
| json | any
|
-
-## StatusPurpose
-Purpose of a [StatusList2021](#StatusList2021).
+**Kind**: global variable
+
+
+## StatusCheck
+Controls validation behaviour when checking whether or not a credential has been revoked by its
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+
+**Kind**: global variable
+
+
+## Strict
+Validate the status if supported, reject any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+Only `RevocationBitmap2022` is currently supported.
+
+This is the default.
+
+**Kind**: global variable
+
+
+## SkipUnsupported
+Validate the status if supported, skip any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+**Kind**: global variable
+
+
+## SkipAll
+Skip all status checks.
+
+**Kind**: global variable
+
+
+## SerializationType
+**Kind**: global variable
+
+## MethodRelationship
**Kind**: global variable
@@ -6228,6 +7596,7 @@ The holder must match the subject only for credentials where the [`nonTransferab
## Any
The holder is not required to have any kind of relationship to any credential subject.
+## StateMetadataEncoding
**Kind**: global variable
@@ -6251,43 +7620,6 @@ Return all errors that occur during validation.
Return after the first error occurs.
**Kind**: global variable
-
-
-## MethodRelationship
-**Kind**: global variable
-
-
-## CredentialStatus
-**Kind**: global variable
-
-
-## StatusCheck
-Controls validation behaviour when checking whether or not a credential has been revoked by its
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
-
-**Kind**: global variable
-
-
-## Strict
-Validate the status if supported, reject any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-Only `RevocationBitmap2022` is currently supported.
-
-This is the default.
-
-**Kind**: global variable
-
-
-## SkipUnsupported
-Validate the status if supported, skip any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-**Kind**: global variable
-
-
-## SkipAll
-Skip all status checks.
**Kind**: global variable
@@ -6312,6 +7644,12 @@ prior to calling the function.
| decodedSignature | Uint8Array
|
| publicKey | [Jwk
](#Jwk) |
+
+
+## start()
+Initializes the console error panic hook for better error messages
+
+**Kind**: global function
## encodeB64(data) ⇒ string
diff --git a/bindings/wasm/examples/src/1_advanced/8_zkp.ts b/bindings/wasm/examples/src/1_advanced/8_zkp.ts
new file mode 100644
index 0000000000..55d0c82fca
--- /dev/null
+++ b/bindings/wasm/examples/src/1_advanced/8_zkp.ts
@@ -0,0 +1,226 @@
+import {
+ Credential,
+ FailFast,
+ IotaDID,
+ IotaDocument,
+ IotaIdentityClient,
+ JptCredentialValidationOptions,
+ JptCredentialValidator,
+ JptCredentialValidatorUtils,
+ JptPresentationValidationOptions,
+ JptPresentationValidator,
+ JptPresentationValidatorUtils,
+ JwkMemStore,
+ JwpCredentialOptions,
+ JwpPresentationOptions,
+ KeyIdMemStore,
+ MethodScope,
+ ProofAlgorithm,
+ SelectiveDisclosurePresentation,
+ Storage,
+} from "@iota/identity-wasm/node";
+import {
+ type Address,
+ AliasOutput,
+ Client,
+ MnemonicSecretManager,
+ SecretManager,
+ SecretManagerType,
+ Utils,
+} from "@iota/sdk-wasm/node";
+import { API_ENDPOINT, ensureAddressHasFunds } from "../util";
+
+/** Creates a DID Document and publishes it in a new Alias Output.
+
+Its functionality is equivalent to the "create DID" example
+and exists for convenient calling from the other examples. */
+export async function createDid(client: Client, secretManager: SecretManagerType, storage: Storage): Promise<{
+ address: Address;
+ document: IotaDocument;
+ fragment: string;
+}> {
+ const didClient = new IotaIdentityClient(client);
+ const networkHrp: string = await didClient.getNetworkHrp();
+
+ const secretManagerInstance = new SecretManager(secretManager);
+ const walletAddressBech32 = (await secretManagerInstance.generateEd25519Addresses({
+ accountIndex: 0,
+ range: {
+ start: 0,
+ end: 1,
+ },
+ bech32Hrp: networkHrp,
+ }))[0];
+
+ console.log("Wallet address Bech32:", walletAddressBech32);
+
+ await ensureAddressHasFunds(client, walletAddressBech32);
+
+ const address: Address = Utils.parseBech32Address(walletAddressBech32);
+
+ // Create a new DID document with a placeholder DID.
+ // The DID will be derived from the Alias Id of the Alias Output after publishing.
+ const document = new IotaDocument(networkHrp);
+
+ const fragment = await document.generateMethodJwp(
+ storage,
+ ProofAlgorithm.BLS12381_SHA256,
+ undefined,
+ MethodScope.VerificationMethod(),
+ );
+ // Construct an Alias Output containing the DID document, with the wallet address
+ // set as both the state controller and governor.
+ const aliasOutput: AliasOutput = await didClient.newDidOutput(address, document);
+
+ // Publish the Alias Output and get the published DID document.
+ const published = await didClient.publishDidOutput(secretManager, aliasOutput);
+
+ return { address, document: published, fragment };
+}
+export async function zkp() {
+ // ===========================================================================
+ // Step 1: Create identity for the issuer.
+ // ===========================================================================
+
+ // Create a new client to interact with the IOTA ledger.
+ const client = new Client({
+ primaryNode: API_ENDPOINT,
+ localPow: true,
+ });
+
+ // Creates a new wallet and identity (see "0_create_did" example).
+ const issuerSecretManager: MnemonicSecretManager = {
+ mnemonic: Utils.generateMnemonic(),
+ };
+ const issuerStorage: Storage = new Storage(
+ new JwkMemStore(),
+ new KeyIdMemStore(),
+ );
+ let { document: issuerDocument, fragment: issuerFragment } = await createDid(
+ client,
+ issuerSecretManager,
+ issuerStorage,
+ );
+
+ // ===========================================================================
+ // Step 2: Issuer creates and signs a Verifiable Credential with BBS algorithm.
+ // ===========================================================================
+
+ // Create a credential subject indicating the degree earned by Alice.
+ const subject = {
+ name: "Alice",
+ mainCourses: ["Object-oriented Programming", "Mathematics"],
+ degree: {
+ type: "BachelorDegree",
+ name: "Bachelor of Science and Arts",
+ },
+ GPA: 4.0,
+ };
+
+ // Build credential using the above subject and issuer.
+ const credential = new Credential({
+ id: "https:/example.edu/credentials/3732",
+ issuer: issuerDocument.id(),
+ type: "UniversityDegreeCredential",
+ credentialSubject: subject,
+ });
+ const credentialJpt = await issuerDocument
+ .createCredentialJpt(
+ credential,
+ issuerStorage,
+ issuerFragment,
+ new JwpCredentialOptions(),
+ );
+ // Validate the credential's proof using the issuer's DID Document, the credential's semantic structure,
+ // that the issuance date is not in the future and that the expiration date is not in the past:
+ const decodedJpt = JptCredentialValidator.validate(
+ credentialJpt,
+ issuerDocument,
+ new JptCredentialValidationOptions(),
+ FailFast.FirstError,
+ );
+
+ // ===========================================================================
+ // Step 3: Issuer sends the Verifiable Credential to the holder.
+ // ===========================================================================
+ console.log("Sending credential (as JPT) to the holder: " + credentialJpt.toString());
+
+ // ============================================================================================
+ // Step 4: Holder resolve Issuer's DID, retrieve Issuer's document and validate the Credential
+ // ============================================================================================
+ const identityClient = new IotaIdentityClient(client);
+
+ // Holder resolves issuer's DID.
+ let issuerDid = IotaDID.parse(JptCredentialValidatorUtils.extractIssuerFromIssuedJpt(credentialJpt).toString());
+ let issuerDoc = await identityClient.resolveDid(issuerDid);
+
+ // Holder validates the credential and retrieve the JwpIssued, needed to construct the JwpPresented
+ let decodedCredential = JptCredentialValidator.validate(
+ credentialJpt,
+ issuerDoc,
+ new JptCredentialValidationOptions(),
+ FailFast.FirstError,
+ );
+
+ // ===========================================================================
+ // Step 5: Verifier sends the holder a challenge and requests a Presentation.
+ //
+ // Please be aware that when we mention "Presentation," we are not alluding to the Verifiable Presentation standard as defined by W3C (https://www.w3.org/TR/vc-data-model/#presentations).
+ // Instead, our reference is to a JWP Presentation (https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-proof#name-presented-form), which differs from the W3C standard.
+ // ===========================================================================
+
+ // A unique random challenge generated by the requester per presentation can mitigate replay attacks.
+ const challenge = "475a7984-1bb5-4c4c-a56f-822bccd46440";
+
+ // =========================================================================================================
+ // Step 6: Holder engages in the Selective Disclosure of credential's attributes.
+ // =========================================================================================================
+ const methodId = decodedCredential
+ .decodedJwp()
+ .getIssuerProtectedHeader()
+ .kid!;
+ const selectiveDisclosurePresentation = new SelectiveDisclosurePresentation(decodedCredential.decodedJwp());
+ selectiveDisclosurePresentation.concealInSubject("mainCourses[1]");
+ selectiveDisclosurePresentation.concealInSubject("degree.name");
+
+ // =======================================================================================================================================
+ // Step 7: Holder needs Issuer's Public Key to compute the Signature Proof of Knowledge and construct the Presentation
+ // JPT.
+ // =======================================================================================================================================
+
+ // Construct a JPT(JWP in the Presentation form) representing the Selectively Disclosed Verifiable Credential
+ const presentationOptions = new JwpPresentationOptions();
+ presentationOptions.nonce = challenge;
+ const presentationJpt = await issuerDoc
+ .createPresentationJpt(
+ selectiveDisclosurePresentation,
+ methodId,
+ presentationOptions,
+ );
+
+ // ===========================================================================
+ // Step 8: Holder sends a Presentation JPT to the Verifier.
+ // ===========================================================================
+
+ console.log("Sending presentation (as JPT) to the verifier: " + presentationJpt.toString());
+
+ // ===========================================================================
+ // Step 9: Verifier receives the Presentation and verifies it.
+ // ===========================================================================
+
+ // Verifier resolve Issuer DID
+ const issuerDidV = IotaDID.parse(
+ JptPresentationValidatorUtils.extractIssuerFromPresentedJpt(presentationJpt).toString(),
+ );
+ const issuerDocV = await identityClient.resolveDid(issuerDidV);
+
+ const presentationValidationOptions = new JptPresentationValidationOptions({ nonce: challenge });
+ const decodedPresentedCredential = JptPresentationValidator.validate(
+ presentationJpt,
+ issuerDocV,
+ presentationValidationOptions,
+ FailFast.FirstError,
+ );
+
+ console.log("Presented credential successfully validated: " + decodedPresentedCredential.credential());
+}
diff --git a/bindings/wasm/examples/src/1_advanced/9_zkp_revocation.ts b/bindings/wasm/examples/src/1_advanced/9_zkp_revocation.ts
new file mode 100644
index 0000000000..e8c3d586a1
--- /dev/null
+++ b/bindings/wasm/examples/src/1_advanced/9_zkp_revocation.ts
@@ -0,0 +1,281 @@
+import {
+ Credential,
+ Duration,
+ FailFast,
+ IotaDID,
+ IotaDocument,
+ IotaIdentityClient,
+ JptCredentialValidationOptions,
+ JptCredentialValidator,
+ JptCredentialValidatorUtils,
+ JptPresentationValidationOptions,
+ JptPresentationValidator,
+ JptPresentationValidatorUtils,
+ JwkMemStore,
+ JwpCredentialOptions,
+ JwpPresentationOptions,
+ KeyIdMemStore,
+ MethodScope,
+ ProofAlgorithm,
+ RevocationBitmap,
+ RevocationTimeframeStatus,
+ SelectiveDisclosurePresentation,
+ Status,
+ StatusCheck,
+ Storage,
+ Timestamp,
+} from "@iota/identity-wasm/node";
+import {
+ type Address,
+ AliasOutput,
+ Client,
+ MnemonicSecretManager,
+ SecretManager,
+ SecretManagerType,
+ Utils,
+} from "@iota/sdk-wasm/node";
+import { API_ENDPOINT, ensureAddressHasFunds } from "../util";
+
+/** Creates a DID Document and publishes it in a new Alias Output.
+
+Its functionality is equivalent to the "create DID" example
+and exists for convenient calling from the other examples. */
+export async function createDid(client: Client, secretManager: SecretManagerType, storage: Storage): Promise<{
+ address: Address;
+ document: IotaDocument;
+ fragment: string;
+}> {
+ const didClient = new IotaIdentityClient(client);
+ const networkHrp: string = await didClient.getNetworkHrp();
+
+ const secretManagerInstance = new SecretManager(secretManager);
+ const walletAddressBech32 = (await secretManagerInstance.generateEd25519Addresses({
+ accountIndex: 0,
+ range: {
+ start: 0,
+ end: 1,
+ },
+ bech32Hrp: networkHrp,
+ }))[0];
+
+ console.log("Wallet address Bech32:", walletAddressBech32);
+
+ await ensureAddressHasFunds(client, walletAddressBech32);
+
+ const address: Address = Utils.parseBech32Address(walletAddressBech32);
+
+ // Create a new DID document with a placeholder DID.
+ // The DID will be derived from the Alias Id of the Alias Output after publishing.
+ const document = new IotaDocument(networkHrp);
+
+ const fragment = await document.generateMethodJwp(
+ storage,
+ ProofAlgorithm.BLS12381_SHA256,
+ undefined,
+ MethodScope.VerificationMethod(),
+ );
+ const revocationBitmap = new RevocationBitmap();
+ const serviceId = document.id().toUrl().join("#my-revocation-service");
+ const service = revocationBitmap.toService(serviceId);
+
+ document.insertService(service);
+ // Construct an Alias Output containing the DID document, with the wallet address
+ // set as both the state controller and governor.
+ const aliasOutput: AliasOutput = await didClient.newDidOutput(address, document);
+
+ // Publish the Alias Output and get the published DID document.
+ const published = await didClient.publishDidOutput(secretManager, aliasOutput);
+
+ return { address, document: published, fragment };
+}
+export async function zkp_revocation() {
+ // Create a new client to interact with the IOTA ledger.
+ const client = new Client({
+ primaryNode: API_ENDPOINT,
+ localPow: true,
+ });
+
+ // Creates a new wallet and identity (see "0_create_did" example).
+ const issuerSecretManager: MnemonicSecretManager = {
+ mnemonic: Utils.generateMnemonic(),
+ };
+ const issuerStorage: Storage = new Storage(
+ new JwkMemStore(),
+ new KeyIdMemStore(),
+ );
+ let { document: issuerDocument, fragment: issuerFragment } = await createDid(
+ client,
+ issuerSecretManager,
+ issuerStorage,
+ );
+ const holderSecretManager: MnemonicSecretManager = {
+ mnemonic: Utils.generateMnemonic(),
+ };
+ const holderStorage: Storage = new Storage(
+ new JwkMemStore(),
+ new KeyIdMemStore(),
+ );
+ let { document: holderDocument, fragment: holderFragment } = await createDid(
+ client,
+ holderSecretManager,
+ holderStorage,
+ );
+ // =========================================================================================
+ // Step 1: Create a new RevocationTimeframeStatus containing the current validityTimeframe
+ // =======================================================================================
+
+ const timeframeId = issuerDocument.id().toUrl().join("#my-revocation-service");
+ let revocationTimeframeStatus = new RevocationTimeframeStatus(
+ timeframeId.toString(),
+ 5,
+ Duration.minutes(1),
+ Timestamp.nowUTC(),
+ );
+
+ // Create a credential subject indicating the degree earned by Alice.
+ const subject = {
+ name: "Alice",
+ mainCourses: ["Object-oriented Programming", "Mathematics"],
+ degree: {
+ type: "BachelorDegree",
+ name: "Bachelor of Science and Arts",
+ },
+ GPA: 4.0,
+ };
+
+ // Build credential using the above subject and issuer.
+ const credential = new Credential({
+ id: "https:/example.edu/credentials/3732",
+ issuer: issuerDocument.id(),
+ type: "UniversityDegreeCredential",
+ credentialSubject: subject,
+ credentialStatus: revocationTimeframeStatus as any as Status,
+ });
+ const credentialJpt = await issuerDocument
+ .createCredentialJpt(
+ credential,
+ issuerStorage,
+ issuerFragment,
+ new JwpCredentialOptions(),
+ );
+ // Validate the credential's proof using the issuer's DID Document, the credential's semantic structure,
+ // that the issuance date is not in the future and that the expiration date is not in the past:
+ const decodedJpt = JptCredentialValidator.validate(
+ credentialJpt,
+ issuerDocument,
+ new JptCredentialValidationOptions(),
+ FailFast.FirstError,
+ );
+
+ console.log("Sending credential (as JPT) to the holder: " + credentialJpt.toString());
+
+ // Holder validates the credential and retrieve the JwpIssued, needed to construct the JwpPresented
+ let decodedCredential = JptCredentialValidator.validate(
+ credentialJpt,
+ issuerDocument,
+ new JptCredentialValidationOptions(),
+ FailFast.FirstError,
+ );
+
+ // ===========================================================================
+ // Credential's Status check
+ // ===========================================================================
+ JptCredentialValidatorUtils.checkTimeframesAndRevocationWithValidityTimeframe2024(
+ decodedCredential.credential(),
+ issuerDocument,
+ undefined,
+ StatusCheck.Strict,
+ );
+
+ // A unique random challenge generated by the requester per presentation can mitigate replay attacks.
+ const challenge = "475a7984-1bb5-4c4c-a56f-822bccd46440";
+
+ const methodId = decodedCredential
+ .decodedJwp()
+ .getIssuerProtectedHeader()
+ .kid!;
+
+ const selectiveDisclosurePresentation = new SelectiveDisclosurePresentation(decodedCredential.decodedJwp());
+ selectiveDisclosurePresentation.concealInSubject("mainCourses[1]");
+ selectiveDisclosurePresentation.concealInSubject("degree.name");
+
+ // Construct a JPT(JWP in the Presentation form) representing the Selectively Disclosed Verifiable Credential
+ const presentationOptions = new JwpPresentationOptions();
+ presentationOptions.nonce = challenge;
+ const presentationJpt = await issuerDocument
+ .createPresentationJpt(
+ selectiveDisclosurePresentation,
+ methodId,
+ presentationOptions,
+ );
+
+ console.log("Sending presentation (as JPT) to the verifier: " + presentationJpt.toString());
+
+ // ===========================================================================
+ // Step 2: Verifier receives the Presentation and verifies it.
+ // ===========================================================================
+
+ const presentationValidationOptions = new JptPresentationValidationOptions({ nonce: challenge });
+ const decodedPresentedCredential = JptPresentationValidator.validate(
+ presentationJpt,
+ issuerDocument,
+ presentationValidationOptions,
+ FailFast.FirstError,
+ );
+
+ JptPresentationValidatorUtils.checkTimeframesWithValidityTimeframe2024(
+ decodedPresentedCredential.credential(),
+ undefined,
+ StatusCheck.Strict,
+ );
+
+ console.log("Presented credential successfully validated: " + decodedPresentedCredential.credential());
+
+ // ===========================================================================
+ // Step 2b: Waiting for the next validityTimeframe, will result in the Credential timeframe interval NOT valid
+ // ===========================================================================
+
+ try {
+ const now = new Date();
+ const timeInTwoMinutes = new Date(now.setMinutes(now.getMinutes() + 2));
+ JptPresentationValidatorUtils.checkTimeframesWithValidityTimeframe2024(
+ decodedPresentedCredential.credential(),
+ Timestamp.parse(timeInTwoMinutes.toISOString()),
+ StatusCheck.Strict,
+ );
+ } catch (_) {
+ console.log("successfully expired!");
+ }
+
+ // ===========================================================================
+ // Issuer decides to Revoke Holder's Credential
+ // ===========================================================================
+
+ console.log("Issuer decides to revoke the Credential");
+
+ const identityClient = new IotaIdentityClient(client);
+
+ // Update the RevocationBitmap service in the issuer's DID Document.
+ // This revokes the credential's unique index.
+ issuerDocument.revokeCredentials("my-revocation-service", 5);
+ let aliasOutput = await identityClient.updateDidOutput(issuerDocument);
+ const rent = await identityClient.getRentStructure();
+ aliasOutput = await client.buildAliasOutput({
+ ...aliasOutput,
+ amount: Utils.computeStorageDeposit(aliasOutput, rent),
+ aliasId: aliasOutput.getAliasId(),
+ unlockConditions: aliasOutput.getUnlockConditions(),
+ });
+ issuerDocument = await identityClient.publishDidOutput(issuerSecretManager, aliasOutput);
+
+ // Holder checks if his credential has been revoked by the Issuer
+ try {
+ JptCredentialValidatorUtils.checkRevocationWithValidityTimeframe2024(
+ decodedCredential.credential(),
+ issuerDocument,
+ StatusCheck.Strict,
+ );
+ } catch (_) {
+ console.log("Credential revoked!");
+ }
+}
diff --git a/bindings/wasm/examples/src/main.ts b/bindings/wasm/examples/src/main.ts
index 145980e649..0a074d3fd2 100644
--- a/bindings/wasm/examples/src/main.ts
+++ b/bindings/wasm/examples/src/main.ts
@@ -17,6 +17,8 @@ import { customResolution } from "./1_advanced/4_custom_resolution";
import { domainLinkage } from "./1_advanced/5_domain_linkage";
import { sdJwt } from "./1_advanced/6_sd_jwt";
import { statusList2021 } from "./1_advanced/7_status_list_2021";
+import { zkp } from "./1_advanced/8_zkp";
+import { zkp_revocation } from "./1_advanced/9_zkp_revocation";
async function main() {
// Extract example name.
@@ -58,6 +60,10 @@ async function main() {
return await sdJwt();
case "7_status_list_2021":
return await statusList2021();
+ case "8_zkp":
+ return await zkp();
+ case "9_zkp_revocation":
+ return await zkp_revocation();
default:
throw "Unknown example name: '" + argument + "'";
}
diff --git a/bindings/wasm/examples/src/tests/8_zkp.ts b/bindings/wasm/examples/src/tests/8_zkp.ts
new file mode 100644
index 0000000000..52d5b72bc4
--- /dev/null
+++ b/bindings/wasm/examples/src/tests/8_zkp.ts
@@ -0,0 +1,8 @@
+import { zkp } from "../1_advanced/8_zkp";
+
+// Only verifies that no uncaught exceptions are thrown, including syntax errors etc.
+describe("Test node examples", function() {
+ it("zkp", async () => {
+ await zkp();
+ });
+});
diff --git a/bindings/wasm/examples/src/tests/9_zkp_revocation.ts b/bindings/wasm/examples/src/tests/9_zkp_revocation.ts
new file mode 100644
index 0000000000..96075765f3
--- /dev/null
+++ b/bindings/wasm/examples/src/tests/9_zkp_revocation.ts
@@ -0,0 +1,8 @@
+import { zkp_revocation } from "../1_advanced/9_zkp_revocation";
+
+// Only verifies that no uncaught exceptions are thrown, including syntax errors etc.
+describe("Test node examples", function() {
+ it("zkp_revocation", async () => {
+ await zkp_revocation();
+ });
+});
diff --git a/bindings/wasm/lib/jwk_storage.ts b/bindings/wasm/lib/jwk_storage.ts
index 2c1156e5ac..235abcc8ce 100644
--- a/bindings/wasm/lib/jwk_storage.ts
+++ b/bindings/wasm/lib/jwk_storage.ts
@@ -1,5 +1,5 @@
import * as ed from "@noble/ed25519";
-import { decodeB64, encodeB64, Jwk, JwkGenOutput, JwkStorage } from "~identity_wasm";
+import { decodeB64, encodeB64, Jwk, JwkGenOutput, JwkStorage, ProofAlgorithm, ProofUpdateCtx } from "~identity_wasm";
import { EdCurve, JwkType, JwsAlgorithm } from "./jose";
type Ed25519PrivateKey = Uint8Array;
@@ -18,6 +18,10 @@ export class JwkMemStore implements JwkStorage {
return "Ed25519";
}
+ private _get_key(keyId: string): Jwk | undefined {
+ return this._keys.get(keyId);
+ }
+
public async generate(keyType: string, algorithm: JwsAlgorithm): Promise {
if (keyType !== JwkMemStore.ed25519KeyType()) {
throw new Error(`unsupported key type ${keyType}`);
@@ -126,6 +130,23 @@ function decodeJwk(jwk: Jwk): [Ed25519PrivateKey, Ed25519PublicKey] {
}
}
+export interface JwkStorageBBSPlusExt {
+ // Generate a new BLS12381 key represented as a JSON Web Key.
+ generateBBS: (algorithm: ProofAlgorithm) => Promise;
+ /** Signs a chunk of data together with an optional header
+ * using the private key corresponding to the given `keyId` and according
+ * to `publicKey`'s requirements.
+ */
+ signBBS: (keyId: string, data: Uint8Array[], publicKey: Jwk, header?: Uint8Array) => Promise;
+ // Updates the timeframe validity period information of a given signature.
+ updateBBSSignature: (
+ keyId: string,
+ publicKey: Jwk,
+ signature: Uint8Array,
+ proofCtx: ProofUpdateCtx,
+ ) => Promise;
+}
+
// Returns a random number between `min` and `max` (inclusive).
// SAFETY NOTE: This is not cryptographically secure randomness and thus not suitable for production use.
// It suffices for our testing implementation however and avoids an external dependency.
diff --git a/bindings/wasm/package.json b/bindings/wasm/package.json
index 193e761136..b9f3404439 100644
--- a/bindings/wasm/package.json
+++ b/bindings/wasm/package.json
@@ -15,7 +15,7 @@
"bundle:web": "wasm-bindgen target/wasm32-unknown-unknown/release/identity_wasm.wasm --typescript --weak-refs --target web --out-dir web && node ./build/web && tsc --project ./lib/tsconfig.web.json && node ./build/replace_paths ./lib/tsconfig.web.json web",
"build:nodejs": "npm run build:src && npm run bundle:nodejs && wasm-opt -O node/identity_wasm_bg.wasm -o node/identity_wasm_bg.wasm",
"build:web": "npm run build:src && npm run bundle:web && wasm-opt -O web/identity_wasm_bg.wasm -o web/identity_wasm_bg.wasm",
- "build:docs": "node ./build/docs",
+ "build:docs": "npm run fix_js_doc && node ./build/docs",
"build:examples:web": "tsc --project ./examples/tsconfig.web.json && node ./build/replace_paths ./examples/tsconfig.web.json ./examples/dist resolve",
"build": "npm run build:web && npm run build:nodejs && npm run build:docs",
"example:node": "ts-node --project tsconfig.node.json -r tsconfig-paths/register ./examples/src/main.ts",
@@ -28,7 +28,8 @@
"test:readme:rust": "mocha ./tests/txm_readme_rust.js --retries 3 --timeout 360000 --exit",
"test:unit:node": "ts-mocha -p tsconfig.node.json ./tests/*.ts --parallel --exit",
"cypress": "cypress open",
- "fmt": "dprint fmt"
+ "fmt": "dprint fmt",
+ "fix_js_doc": "sed -Ei 's/\\((.*)\\)\\[\\]/\\1\\[\\]/' ./node/identity_wasm.js"
},
"config": {
"CYPRESS_VERIFY_TIMEOUT": 100000
diff --git a/bindings/wasm/src/common/types.rs b/bindings/wasm/src/common/types.rs
index 295e0ea447..8264e923ce 100644
--- a/bindings/wasm/src/common/types.rs
+++ b/bindings/wasm/src/common/types.rs
@@ -75,3 +75,9 @@ impl TryFrom<&Object> for MapStringAny {
Ok(map.unchecked_into::())
}
}
+
+impl Default for MapStringAny {
+ fn default() -> Self {
+ js_sys::Map::new().unchecked_into()
+ }
+}
diff --git a/bindings/wasm/src/credential/jpt.rs b/bindings/wasm/src/credential/jpt.rs
new file mode 100644
index 0000000000..e3e3daab2b
--- /dev/null
+++ b/bindings/wasm/src/credential/jpt.rs
@@ -0,0 +1,45 @@
+// Copyright 2020-2024 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
+use identity_iota::credential::Jpt;
+use wasm_bindgen::prelude::*;
+
+/// A JSON Proof Token (JPT).
+#[wasm_bindgen(js_name = Jpt)]
+pub struct WasmJpt(pub(crate) Jpt);
+
+#[wasm_bindgen(js_class = Jpt)]
+impl WasmJpt {
+ /// Creates a new {@link Jpt}.
+ #[wasm_bindgen(constructor)]
+ pub fn new(jpt_string: String) -> Self {
+ WasmJpt(Jpt::new(jpt_string))
+ }
+
+ // Returns the string representation for this {@link Jpt}.
+ #[allow(clippy::inherent_to_string)]
+ #[wasm_bindgen(js_name = "toString")]
+ pub fn to_string(&self) -> String {
+ self.0.as_str().to_owned()
+ }
+}
+
+impl_wasm_clone!(WasmJpt, Jpt);
+
+impl From for WasmJpt {
+ fn from(value: Jpt) -> Self {
+ WasmJpt(value)
+ }
+}
+
+impl From for Jpt {
+ fn from(value: WasmJpt) -> Self {
+ value.0
+ }
+}
+
+#[wasm_bindgen]
+extern "C" {
+ #[wasm_bindgen(typescript_type = "Promise")]
+ pub type PromiseJpt;
+}
diff --git a/bindings/wasm/src/credential/jpt_credential_validator/decoded_jpt_credential.rs b/bindings/wasm/src/credential/jpt_credential_validator/decoded_jpt_credential.rs
new file mode 100644
index 0000000000..46c999a40f
--- /dev/null
+++ b/bindings/wasm/src/credential/jpt_credential_validator/decoded_jpt_credential.rs
@@ -0,0 +1,52 @@
+// Copyright 2020-2024 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
+use identity_iota::core::Object;
+use identity_iota::credential::DecodedJptCredential;
+use wasm_bindgen::prelude::*;
+
+use crate::common::MapStringAny;
+use crate::credential::WasmCredential;
+use crate::error::Result;
+use crate::jpt::WasmJwpIssued;
+
+#[wasm_bindgen(js_name = DecodedJptCredential)]
+pub struct WasmDecodedJptCredential(pub(crate) DecodedJptCredential