WASM API Reference
Classes
- CoreDID
A method-agnostic Decentralized Identifier (DID).
- CoreDocument
A method-agnostic DID Document.
- Credential
- CredentialValidationOptions
Options to declare validation criteria when validating credentials.
- CredentialValidator
- DIDUrl
A method agnostic DID Url.
- DecodedJws
A cryptographically verified decoded token from a JWS.
Contains the decoded headers and the raw claims.
- DecodedJwtCredential
A cryptographically verified and decoded Credential.
Note that having an instance of this type only means the JWS it was constructed from was verified. It does not imply anything about a potentially present proof property on the credential itself.
- DecodedJwtPresentation
A cryptographically verified and decoded presentation.
Note that having an instance of this type only means the JWS it was constructed from was verified. It does not imply anything about a potentially present proof property on the presentation itself.
- DomainLinkageConfiguration
DID Configuration Resource which contains Domain Linkage Credentials. It can be placed in an origin's
.well-known
directory to prove linkage between the origin and a DID. See: https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resourceNote:
- Only the JSON Web Token Proof Format
- DomainLinkageValidator
A validator for a Domain Linkage Configuration and Credentials.
- Duration
A span of time.
- Ed25519
- IotaDID
A DID conforming to the IOTA DID method specification.
- IotaDocument
- IotaDocumentMetadata
Additional attributes related to an IOTA DID Document.
- IotaIdentityClientExt
An extension interface that provides helper functions for publication and resolution of DID documents in Alias Outputs.
- Jwk
- JwkGenOutput
The result of a key generation in
JwkStorage
.- Jws
A wrapper around a JSON Web Signature (JWS).
- JwsHeader
- JwsSignatureOptions
- JwsVerificationOptions
- Jwt
A wrapper around a JSON Web Token (JWK).
- JwtCredentialValidationOptions
Options to declare validation criteria when validating credentials.
- JwtCredentialValidator
A type for decoding and validating
Credentials
.- JwtPresentation
- JwtPresentationOptions
- JwtPresentationValidationOptions
Options to declare validation criteria when validating presentation.
- JwtPresentationValidator
- KeyPair
- LinkedDomainService
- MethodData
Supported verification method data formats.
- MethodDigest
Unique identifier of a [
VerificationMethod
].NOTE: This class does not have a JSON representation, use the methods
pack
andunpack
instead.- MethodScope
Supported verification method types.
- MethodType
Supported verification method types.
- Presentation
- PresentationValidationOptions
Options to declare validation criteria when validating presentation.
- PresentationValidator
- Proof
A digital signature.
For field definitions see: https://w3c-ccg.github.io/security-vocab/
- ProofOptions
Holds additional options for creating signatures. See
IProofOptions
.- ProofPurpose
Associates a purpose with a Proof.
- Resolver
Convenience type for resolving DID documents from different DID methods.
Also provides methods for resolving DID Documents associated with verifiable
Credentials
andPresentations
.Configuration
The resolver will only be able to resolve DID documents for methods it has been configured for in the constructor.
- RevocationBitmap
A compressed bitmap for managing credential revocation.
- Service
A DID Document Service used to enable trusted interactions associated with a DID subject.
- Storage
A type wrapping a
JwkStorage
andKeyIdStorage
that should always be used together when working with storage backed DID documents.- Timestamp
- VerificationMethod
A DID Document Verification Method.
- VerifierOptions
Holds additional proof verification options. See
IVerifierOptions
.- X25519
An implementation of
X25519
Elliptic-curve Diffie-Hellman (ECDH) cryptographic key exchange.
Members
- StateMetadataEncoding
- StatusCheck
Controls validation behaviour when checking whether or not a credential has been revoked by its
credentialStatus
.- Strict
Validate the status if supported, reject any unsupported
credentialStatus
types.Only
RevocationBitmap2022
is currently supported.This is the default.
- SkipUnsupported
Validate the status if supported, skip any unsupported
credentialStatus
types.- SkipAll
Skip all status checks.
- SubjectHolderRelationship
Declares how credential subjects must relate to the presentation holder during validation. See
PresentationValidationOptions::subject_holder_relationship
.See also the Subject-Holder Relationship section of the specification.
- AlwaysSubject
The holder must always match the subject on all credentials, regardless of their
nonTransferable
property. This variant is the default used if no other variant is specified when constructing a newPresentationValidationOptions
.- SubjectOnNonTransferable
The holder must match the subject only for credentials where the
nonTransferable
property istrue
.- Any
The holder is not required to have any kind of relationship to any credential subject.
- FailFast
Declares when validation should return if an error occurs.
- AllErrors
Return all errors that occur during validation.
- FirstError
Return after the first error occurs.
- KeyType
- MethodRelationship
Functions
- verifyEdDSA(alg, signingInput, decodedSignature, publicKey)
Verify a JWS signature secured with the
JwsAlgorithm::EdDSA
algorithm. Only theEdCurve::Ed25519
variant is supported for now.This function is useful when one is building an
IJwsVerifier
that extends the default provided by the IOTA Identity Framework.Warning
This function does not check whether
alg = EdDSA
in the protected header. Callers are expected to assert this prior to calling the function.- encodeB64(data) ⇒
string
Encode the given bytes in url-safe base64.
- decodeB64(data) ⇒
Uint8Array
Decode the given url-safe base64-encoded slice into its raw bytes.
- start()
Initializes the console error panic hook for better error messages
CoreDID
A method-agnostic Decentralized Identifier (DID).
Kind: global class
- CoreDID
- instance
- .setMethodName(value)
- .setMethodId(value)
- .scheme() ⇒
string
- .authority() ⇒
string
- .method() ⇒
string
- .methodId() ⇒
string
- .join(segment) ⇒
DIDUrl
- .toUrl() ⇒
DIDUrl
- .intoUrl() ⇒
DIDUrl
- .toString() ⇒
string
- .toCoreDid() ⇒
CoreDID
- .toJSON() ⇒
any
- .clone() ⇒
CoreDID
- static
- .parse(input) ⇒
CoreDID
- .validMethodName(value) ⇒
boolean
- .validMethodId(value) ⇒
boolean
- .fromJSON(json) ⇒
CoreDID
coreDID.setMethodName(value)
Set the method name of the CoreDID
.
Kind: instance method of CoreDID
Param | Type |
---|---|
value | string |
coreDID.setMethodId(value)
Set the method-specific-id of the DID
.
Kind: instance method of CoreDID
Param | Type |
---|---|
value | string |
coreDID.scheme() ⇒ string
Returns the CoreDID
scheme.
E.g.
"did:example:12345678" -> "did"
"did:iota:smr:12345678" -> "did"
Kind: instance method of CoreDID
coreDID.authority() ⇒ string
Returns the CoreDID
authority: the method name and method-id.
E.g.
"did:example:12345678" -> "example:12345678"
"did:iota:smr:12345678" -> "iota:smr:12345678"
Kind: instance method of CoreDID
coreDID.method() ⇒ string
Returns the CoreDID
method name.
E.g.
"did:example:12345678" -> "example"
"did:iota:smr:12345678" -> "iota"
Kind: instance method of CoreDID
coreDID.methodId() ⇒ string
Returns the CoreDID
method-specific ID.
E.g.
"did:example:12345678" -> "12345678"
"did:iota:smr:12345678" -> "smr:12345678"
Kind: instance method of CoreDID
coreDID.join(segment) ⇒ DIDUrl
Construct a new DIDUrl
by joining with a relative DID Url string.
Kind: instance method of CoreDID
Param | Type |
---|---|
segment | string |
coreDID.toUrl() ⇒ DIDUrl
Clones the CoreDID
into a DIDUrl
.
Kind: instance method of CoreDID
coreDID.intoUrl() ⇒ DIDUrl
Converts the CoreDID
into a DIDUrl
, consuming it.
Kind: instance method of CoreDID
coreDID.toString() ⇒ string
Returns the CoreDID
as a string.
Kind: instance method of CoreDID
coreDID.toCoreDid() ⇒ CoreDID
Kind: instance method of CoreDID
coreDID.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of CoreDID
coreDID.clone() ⇒ CoreDID
Deep clones the object.
Kind: instance method of CoreDID
CoreDID.parse(input) ⇒ CoreDID
Parses a CoreDID
from the given input
.
Errors
Throws an error if the input is not a valid CoreDID
.
Kind: static method of CoreDID
Param | Type |
---|---|
input | string |
CoreDID.validMethodName(value) ⇒ boolean
Validates whether a string is a valid DID method name.
Kind: static method of CoreDID
Param | Type |
---|---|
value | string |
CoreDID.validMethodId(value) ⇒ boolean
Validates whether a string is a valid DID
method-id.
Kind: static method of CoreDID
Param | Type |
---|---|
value | string |
CoreDID.fromJSON(json) ⇒ CoreDID
Deserializes an instance from a JSON object.
Kind: static method of CoreDID
Param | Type |
---|---|
json | any |
CoreDocument
A method-agnostic DID Document.
Kind: global class
- CoreDocument
- new CoreDocument(values)
- instance
- .id() ⇒
CoreDID
- .setId(id)
- .controller() ⇒
Array.<CoreDID>
- .setController(controllers)
- .alsoKnownAs() ⇒
Array.<string>
- .setAlsoKnownAs(urls)
- .verificationMethod() ⇒
Array.<VerificationMethod>
- .authentication() ⇒
Array.<(DIDUrl|VerificationMethod)>
- .assertionMethod() ⇒
Array.<(DIDUrl|VerificationMethod)>
- .keyAgreement() ⇒
Array.<(DIDUrl|VerificationMethod)>
- .capabilityDelegation() ⇒
Array.<(DIDUrl|VerificationMethod)>
- .capabilityInvocation() ⇒
Array.<(DIDUrl|VerificationMethod)>
- .properties() ⇒
Map.<string, any>
- .setPropertyUnchecked(key, value)
- .service() ⇒
Array.<Service>
- .insertService(service)
- .removeService(didUrl) ⇒
Service
|undefined
- .resolveService(query) ⇒
Service
|undefined
- .methods(scope) ⇒
Array.<VerificationMethod>
- .verificationRelationships() ⇒
Array.<(DIDUrl|VerificationMethod)>
- .insertMethod(method, scope)
- .removeMethod(did) ⇒
VerificationMethod
|undefined
- .resolveMethod(query, scope) ⇒
VerificationMethod
|undefined
- .attachMethodRelationship(didUrl, relationship) ⇒
boolean
- .detachMethodRelationship(didUrl, relationship) ⇒
boolean
- .verifyData(data, options) ⇒
boolean
- .verifyJws(jws, options, signatureVerifier, detachedPayload) ⇒
DecodedJws
- .revokeCredentials(serviceQuery, indices)
- .unrevokeCredentials(serviceQuery, indices)
- .signData(data, privateKey, methodQuery, options) ⇒
any
- .clone() ⇒
CoreDocument
- ._shallowCloneInternal() ⇒
CoreDocument
- ._strongCountInternal() ⇒
number
- .toJSON() ⇒
any
- .generateMethod(storage, keyType, alg, fragment, scope) ⇒
Promise.<string>
- .purgeMethod(storage, id) ⇒
Promise.<void>
- .createJws(storage, fragment, payload, options) ⇒
Promise.<Jws>
- .createCredentialJwt(storage, fragment, credential, options) ⇒
Promise.<Jwt>
- .createPresentationJwt(storage, fragment, presentation, signature_options, presentation_options) ⇒
Promise.<Jwt>
- static
- .fromJSON(json) ⇒
CoreDocument
new CoreDocument(values)
Creates a new CoreDocument
with the given properties.
Param | Type |
---|---|
values | ICoreDocument |
coreDocument.id() ⇒ CoreDID
Returns a copy of the DID Document id
.
Kind: instance method of CoreDocument
coreDocument.setId(id)
Sets the DID of the document.
Warning
Changing the identifier can drastically alter the results of
Self::resolve_method
,
Self::resolve_service
and the related DID URL dereferencing algorithm.
Kind: instance method of CoreDocument
Param | Type |
---|---|
id | CoreDID |
coreDocument.controller() ⇒ Array.<CoreDID>
Returns a copy of the document controllers.
Kind: instance method of CoreDocument
coreDocument.setController(controllers)
Sets the controllers of the DID Document.
Note: Duplicates will be ignored.
Use null
to remove all controllers.
Kind: instance method of CoreDocument
Param | Type |
---|---|
controllers | CoreDID | Array.<CoreDID> | null |
coreDocument.alsoKnownAs() ⇒ Array.<string>
Returns a copy of the document's alsoKnownAs
set.
Kind: instance method of CoreDocument
coreDocument.setAlsoKnownAs(urls)
Sets the alsoKnownAs
property in the DID document.
Kind: instance method of CoreDocument
Param | Type |
---|---|
urls | string | Array.<string> | null |
coreDocument.verificationMethod() ⇒ Array.<VerificationMethod>
Returns a copy of the document's verificationMethod
set.
Kind: instance method of CoreDocument
coreDocument.authentication() ⇒ Array.<(DIDUrl|VerificationMethod)>
Returns a copy of the document's authentication
set.
Kind: instance method of CoreDocument
coreDocument.assertionMethod() ⇒ Array.<(DIDUrl|VerificationMethod)>
Returns a copy of the document's assertionMethod
set.
Kind: instance method of CoreDocument
coreDocument.keyAgreement() ⇒ Array.<(DIDUrl|VerificationMethod)>
Returns a copy of the document's keyAgreement
set.
Kind: instance method of CoreDocument
coreDocument.capabilityDelegation() ⇒ Array.<(DIDUrl|VerificationMethod)>
Returns a copy of the document's capabilityDelegation
set.
Kind: instance method of CoreDocument
coreDocument.capabilityInvocation() ⇒ Array.<(DIDUrl|VerificationMethod)>
Returns a copy of the document's capabilityInvocation
set.
Kind: instance method of CoreDocument
coreDocument.properties() ⇒ Map.<string, any>
Returns a copy of the custom DID Document properties.
Kind: instance method of CoreDocument
coreDocument.setPropertyUnchecked(key, value)
Sets a custom property in the DID Document.
If the value is set to null
, the custom property will be removed.
WARNING
This method can overwrite existing properties like id
and result in an invalid document.
Kind: instance method of CoreDocument
Param | Type |
---|---|
key | string |
value | any |
coreDocument.service() ⇒ Array.<Service>
Returns a set of all Service in the document.
Kind: instance method of CoreDocument
coreDocument.insertService(service)
Add a new Service to the document.
Errors if there already exists a service or verification method with the same id.
Kind: instance method of CoreDocument
Param | Type |
---|---|
service | Service |
coreDocument.removeService(didUrl) ⇒ Service
| undefined
Remove a Service identified by the given DIDUrl from the document.
Returns true
if the service was removed.
Kind: instance method of CoreDocument
Param | Type |
---|---|
didUrl | DIDUrl |
coreDocument.resolveService(query) ⇒ Service
| undefined
Returns the first Service with an id
property matching the provided query
,
if present.
Kind: instance method of CoreDocument
Param | Type |
---|---|
query | DIDUrl | string |
coreDocument.methods(scope) ⇒ Array.<VerificationMethod>
Returns a list of all VerificationMethod in the DID Document,
whose verification relationship matches scope
.
If scope
is not set, a list over the embedded methods is returned.
Kind: instance method of CoreDocument
Param | Type |
---|---|
scope | MethodScope | undefined |
coreDocument.verificationRelationships() ⇒ Array.<(DIDUrl|VerificationMethod)>
Returns an array of all verification relationships.
Kind: instance method of CoreDocument
coreDocument.insertMethod(method, scope)
Adds a new method
to the document in the given scope
.
Kind: instance method of CoreDocument
Param | Type |
---|---|
method | VerificationMethod |
scope | MethodScope |
coreDocument.removeMethod(did) ⇒ VerificationMethod
| undefined
Removes all references to the specified Verification Method.
Kind: instance method of CoreDocument
Param | Type |
---|---|
did | DIDUrl |
coreDocument.resolveMethod(query, scope) ⇒ VerificationMethod
| undefined
Returns a copy of the first verification method with an id
property
matching the provided query
and the verification relationship
specified by scope
, if present.
Kind: instance method of CoreDocument
Param | Type |
---|---|
query | DIDUrl | string |
scope | MethodScope | undefined |
coreDocument.attachMethodRelationship(didUrl, relationship) ⇒ boolean
Attaches the relationship to the given method, if the method exists.
Note: The method needs to be in the set of verification methods, so it cannot be an embedded one.
Kind: instance method of CoreDocument
Param | Type |
---|---|
didUrl | DIDUrl |
relationship | number |
coreDocument.detachMethodRelationship(didUrl, relationship) ⇒ boolean
Detaches the given relationship from the given method, if the method exists.
Kind: instance method of CoreDocument
Param | Type |
---|---|
didUrl | DIDUrl |
relationship | number |
coreDocument.verifyData(data, options) ⇒ boolean
Verifies the authenticity of data
using the target verification method.
Kind: instance method of CoreDocument
Param | Type |
---|---|
data | any |
options | VerifierOptions |
coreDocument.verifyJws(jws, options, signatureVerifier, detachedPayload) ⇒ DecodedJws
Decodes and verifies the provided JWS according to the passed options
and signatureVerifier
.
If no signatureVerifier
argument is provided a default verifier will be used that is (only) capable of
verifying EdDSA signatures.
Regardless of which options are passed the following conditions must be met in order for a verification attempt to take place.
- The JWS must be encoded according to the JWS compact serialization.
- The
kid
value in the protected header must be an identifier of a verification method in this DID document.
Kind: instance method of CoreDocument
Param | Type |
---|---|
jws | Jws |
options | JwsVerificationOptions |
signatureVerifier | IJwsVerifier | undefined |
detachedPayload | string | undefined |
coreDocument.revokeCredentials(serviceQuery, indices)
If the document has a RevocationBitmap
service identified by serviceQuery
,
revoke all specified indices
.
Kind: instance method of CoreDocument
Param | Type |
---|---|
serviceQuery | DIDUrl | string |
indices | number | Array.<number> |
coreDocument.unrevokeCredentials(serviceQuery, indices)
If the document has a RevocationBitmap
service identified by serviceQuery
,
unrevoke all specified indices
.
Kind: instance method of CoreDocument
Param | Type |
---|---|
serviceQuery | DIDUrl | string |
indices | number | Array.<number> |
coreDocument.signData(data, privateKey, methodQuery, options) ⇒ any
Creates a signature for the given data
with the specified DID Document
Verification Method.
NOTE: use signSelf
or signDocument
for DID Documents.
Kind: instance method of CoreDocument
Param | Type |
---|---|
data | any |
privateKey | Uint8Array |
methodQuery | DIDUrl | string |
options | ProofOptions |
coreDocument.clone() ⇒ CoreDocument
Deep clones the CoreDocument
.
Kind: instance method of CoreDocument
coreDocument._shallowCloneInternal() ⇒ CoreDocument
Warning
This is for internal use only. Do not rely on or call this method.
Kind: instance method of CoreDocument
coreDocument._strongCountInternal() ⇒ number
Warning
This is for internal use only. Do not rely on or call this method.
Kind: instance method of CoreDocument
coreDocument.toJSON() ⇒ any
Serializes to a plain JS representation.
Kind: instance method of CoreDocument
coreDocument.generateMethod(storage, keyType, alg, fragment, scope) ⇒ Promise.<string>
Generate new key material in the given storage
and insert a new verification method with the corresponding
public key material into the DID document.
- If no fragment is given the
kid
of the generated JWK is used, if it is set, otherwise an error is returned. - The
keyType
must be compatible with the givenstorage
.Storage
s are expected to export key type constants for that use case.
The fragment of the generated method is returned.
Kind: instance method of CoreDocument
Param | Type |
---|---|
storage | Storage |
keyType | string |
alg | JwsAlgorithm |
fragment | string | undefined |
scope | MethodScope |
coreDocument.purgeMethod(storage, id) ⇒ Promise.<void>
Remove the method identified by the fragment
from the document and delete the corresponding key material in
the storage
.
Kind: instance method of CoreDocument
Param | Type |
---|---|
storage | Storage |
id | DIDUrl |
coreDocument.createJws(storage, fragment, payload, options) ⇒ Promise.<Jws>
Sign the payload
according to options
with the storage backed private key corresponding to the public key
material in the verification method identified by the given `fragment.
Upon success a string representing a JWS encoded according to the Compact JWS Serialization format is returned. See RFC7515 section 3.1.
Kind: instance method of CoreDocument
Param | Type |
---|---|
storage | Storage |
fragment | string |
payload | string |
options | JwsSignatureOptions |
coreDocument.createCredentialJwt(storage, fragment, credential, options) ⇒ Promise.<Jwt>
Produces a JWT where the payload is produced from the given credential
in accordance with VC-JWT version 1.1..
The kid
in the protected header is the id
of the method identified by fragment
and the JWS signature will be
produced by the corresponding private key backed by the storage
in accordance with the passed options
.
Kind: instance method of CoreDocument
Param | Type |
---|---|
storage | Storage |
fragment | string |
credential | Credential |
options | JwsSignatureOptions |
coreDocument.createPresentationJwt(storage, fragment, presentation, signature_options, presentation_options) ⇒ Promise.<Jwt>
Produces a JWT where the payload is produced from the given presentation. in accordance with VC-JWT version 1.1.
The kid
in the protected header is the id
of the method identified by fragment
and the JWS signature will be
produced by the corresponding private key backed by the storage
in accordance with the passed options
.
Kind: instance method of CoreDocument
Param | Type |
---|---|
storage | Storage |
fragment | string |
presentation | JwtPresentation |
signature_options | JwsSignatureOptions |
presentation_options | JwtPresentationOptions |
CoreDocument.fromJSON(json) ⇒ CoreDocument
Deserializes an instance from a plain JS representation.
Kind: static method of CoreDocument
Param | Type |
---|---|
json | any |
Credential
Kind: global class
- Credential
- new Credential(values)
- instance
- .context() ⇒
Array.<(string|Record.<string, any>)>
- .id() ⇒
string
|undefined
- .type() ⇒
Array.<string>
- .credentialSubject() ⇒
Array.<Subject>
- .issuer() ⇒
string
|Issuer
- .issuanceDate() ⇒
Timestamp
- .expirationDate() ⇒
Timestamp
|undefined
- .credentialStatus() ⇒
Array.<Status>
- .credentialSchema() ⇒
Array.<Schema>
- .refreshService() ⇒
Array.<RefreshService>
- .termsOfUse() ⇒
Array.<Policy>
- .evidence() ⇒
Array.<Evidence>
- .nonTransferable() ⇒
boolean
|undefined
- .proof() ⇒
Proof
|undefined
- .properties() ⇒
Map.<string, any>
- .toJSON() ⇒
any
- .clone() ⇒
Credential
- static
- .BaseContext() ⇒
string
- .BaseType() ⇒
string
- .createDomainLinkageCredential(values) ⇒
Credential
- .fromJSON(json) ⇒
Credential
new Credential(values)
Constructs a new Credential
.
Param | Type |
---|---|
values | ICredential |
credential.context() ⇒ Array.<(string|Record.<string, any>)>
Returns a copy of the JSON-LD context(s) applicable to the Credential
.
Kind: instance method of Credential
credential.id() ⇒ string
| undefined
Returns a copy of the unique URI
identifying the Credential
.
Kind: instance method of Credential
credential.type() ⇒ Array.<string>
Returns a copy of the URIs defining the type of the Credential
.
Kind: instance method of Credential
credential.credentialSubject() ⇒ Array.<Subject>
Returns a copy of the Credential
subject(s).
Kind: instance method of Credential
credential.issuer() ⇒ string
| Issuer
Returns a copy of the issuer of the Credential
.
Kind: instance method of Credential
credential.issuanceDate() ⇒ Timestamp
Returns a copy of the timestamp of when the Credential
becomes valid.
Kind: instance method of Credential
credential.expirationDate() ⇒ Timestamp
| undefined
Returns a copy of the timestamp of when the Credential
should no longer be considered valid.
Kind: instance method of Credential
credential.credentialStatus() ⇒ Array.<Status>
Returns a copy of the information used to determine the current status of the Credential
.
Kind: instance method of Credential
credential.credentialSchema() ⇒ Array.<Schema>
Returns a copy of the information used to assist in the enforcement of a specific Credential
structure.
Kind: instance method of Credential
credential.refreshService() ⇒ Array.<RefreshService>
Returns a copy of the service(s) used to refresh an expired Credential
.
Kind: instance method of Credential
credential.termsOfUse() ⇒ Array.<Policy>
Returns a copy of the terms-of-use specified by the Credential
issuer.
Kind: instance method of Credential
credential.evidence() ⇒ Array.<Evidence>
Returns a copy of the human-readable evidence used to support the claims within the Credential
.
Kind: instance method of Credential
credential.nonTransferable() ⇒ boolean
| undefined
Returns whether or not the Credential
must only be contained within a Presentation
with a proof issued from the Credential
subject.
Kind: instance method of Credential
credential.proof() ⇒ Proof
| undefined
Returns a copy of the proof used to verify the Credential
.
Kind: instance method of Credential
credential.properties() ⇒ Map.<string, any>
Returns a copy of the miscellaneous properties on the Credential
.
Kind: instance method of Credential
credential.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Credential
credential.clone() ⇒ Credential
Deep clones the object.
Kind: instance method of Credential
Credential.BaseContext() ⇒ string
Returns the base JSON-LD context.
Kind: static method of Credential
Credential.BaseType() ⇒ string
Returns the base type.
Kind: static method of Credential
Credential.createDomainLinkageCredential(values) ⇒ Credential
Kind: static method of Credential
Param | Type |
---|---|
values | IDomainLinkageCredential |
Credential.fromJSON(json) ⇒ Credential
Deserializes an instance from a JSON object.
Kind: static method of Credential
Param | Type |
---|---|
json | any |
CredentialValidationOptions
Options to declare validation criteria when validating credentials.
Kind: global class
new CredentialValidationOptions(options)
Creates a new CredentialValidationOptions
from the given fields.
Throws an error if any of the options are invalid.
Param | Type |
---|---|
options | ICredentialValidationOptions |
credentialValidationOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of CredentialValidationOptions
credentialValidationOptions.clone() ⇒ CredentialValidationOptions
Deep clones the object.
Kind: instance method of CredentialValidationOptions
CredentialValidationOptions.default() ⇒ CredentialValidationOptions
Creates a new CredentialValidationOptions
with defaults.
Kind: static method of CredentialValidationOptions
CredentialValidationOptions.fromJSON(json) ⇒ CredentialValidationOptions
Deserializes an instance from a JSON object.
Kind: static method of CredentialValidationOptions
Param | Type |
---|---|
json | any |
CredentialValidator
Kind: global class
- CredentialValidator
- .validate(credential, issuer, options, fail_fast)
- .checkStructure(credential)
- .checkExpiresOnOrAfter(credential, timestamp)
- .checkIssuedOnOrBefore(credential, timestamp)
- .verifySignature(credential, trustedIssuers, options)
- .checkSubjectHolderRelationship(credential, holder, relationship)
- .checkStatus(credential, trustedIssuers, statusCheck)
- .extractIssuer(credential) ⇒
CoreDID
CredentialValidator.validate(credential, issuer, options, fail_fast)
Validates a Credential
.
The following properties are validated according to options
:
- the issuer's signature,
- the expiration date,
- the issuance date,
- the semantic structure.
Warning
The lack of an error returned from this method is in of itself not enough to conclude that the credential can be trusted. This section contains more information on additional checks that should be carried out before and after calling this method.
The state of the issuer's DID Document
The caller must ensure that issuer
represents an up-to-date DID Document. The convenience method
Resolver::resolveCredentialIssuer
can help extract the latest available state of the issuer's DID Document.
Properties that are not validated
There are many properties defined in The Verifiable Credentials Data Model that are not validated, such as:
credentialStatus
, type
, credentialSchema
, refreshService
, and more.
These should be manually checked after validation, according to your requirements.
Errors
An error is returned whenever a validated condition is not satisfied.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
issuer | CoreDocument | IToCoreDocument |
options | CredentialValidationOptions |
fail_fast | number |
CredentialValidator.checkStructure(credential)
Validates the semantic structure of the Credential
.
Warning
This does not validate against the credential's schema nor the structure of the subject claims.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
CredentialValidator.checkExpiresOnOrAfter(credential, timestamp)
Validate that the credential expires on or after the specified timestamp.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
timestamp | Timestamp |
CredentialValidator.checkIssuedOnOrBefore(credential, timestamp)
Validate that the credential is issued on or before the specified timestamp.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
timestamp | Timestamp |
CredentialValidator.verifySignature(credential, trustedIssuers, options)
Verify the signature using the DID Document of a trusted issuer.
Warning
The caller must ensure that the DID Documents of the trusted issuers are up-to-date.
Errors
This method immediately returns an error if the credential issuer' url cannot be parsed to a DID belonging to one of the trusted issuers. Otherwise an attempt to verify the credential's signature will be made and an error is returned upon failure.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
trustedIssuers | Array.<(CoreDocument|IToCoreDocument)> |
options | VerifierOptions |
CredentialValidator.checkSubjectHolderRelationship(credential, holder, relationship)
Validate that the relationship between the holder
and the credential subjects is in accordance with
relationship
. The holder
parameter is expected to be the URL of the holder.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
holder | string |
relationship | number |
CredentialValidator.checkStatus(credential, trustedIssuers, statusCheck)
Checks whether the credential status has been revoked.
Only supports BitmapRevocation2022
.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
trustedIssuers | Array.<(CoreDocument|IToCoreDocument)> |
statusCheck | number |
CredentialValidator.extractIssuer(credential) ⇒ CoreDID
Utility for extracting the issuer field of a Credential
as a DID.
Errors
Fails if the issuer field is not a valid DID.
Kind: static method of CredentialValidator
Param | Type |
---|---|
credential | Credential |
DIDUrl
A method agnostic DID Url.
Kind: global class
- DIDUrl
- instance
- .did() ⇒
CoreDID
- .urlStr() ⇒
string
- .fragment() ⇒
string
|undefined
- .setFragment(value)
- .path() ⇒
string
|undefined
- .setPath(value)
- .query() ⇒
string
|undefined
- .setQuery(value)
- .join(segment) ⇒
DIDUrl
- .toString() ⇒
string
- .toJSON() ⇒
any
- .clone() ⇒
DIDUrl
- static
- .parse(input) ⇒
DIDUrl
- .fromJSON(json) ⇒
DIDUrl
didUrl.did() ⇒ CoreDID
Return a copy of the CoreDID
section of the DIDUrl
.
Kind: instance method of DIDUrl
didUrl.urlStr() ⇒ string
Return a copy of the relative DID Url as a string, including only the path, query, and fragment.
Kind: instance method of DIDUrl
didUrl.fragment() ⇒ string
| undefined
Returns a copy of the DIDUrl
method fragment, if any. Excludes the leading '#'.
Kind: instance method of DIDUrl
didUrl.setFragment(value)
Sets the fragment
component of the DIDUrl
.
Kind: instance method of DIDUrl
Param | Type |
---|---|
value | string | undefined |
didUrl.path() ⇒ string
| undefined
Returns a copy of the DIDUrl
path.
Kind: instance method of DIDUrl
didUrl.setPath(value)
Sets the path
component of the DIDUrl
.
Kind: instance method of DIDUrl
Param | Type |
---|---|
value | string | undefined |
didUrl.query() ⇒ string
| undefined
Returns a copy of the DIDUrl
method query, if any. Excludes the leading '?'.
Kind: instance method of DIDUrl
didUrl.setQuery(value)
Sets the query
component of the DIDUrl
.
Kind: instance method of DIDUrl
Param | Type |
---|---|
value | string | undefined |
didUrl.join(segment) ⇒ DIDUrl
Append a string representing a path, query, and/or fragment, returning a new DIDUrl
.
Must begin with a valid delimiter character: '/', '?', '#'. Overwrites the existing URL segment and any following segments in order of path, query, then fragment.
I.e.
- joining a path will clear the query and fragment.
- joining a query will clear the fragment.
- joining a fragment will only overwrite the fragment.
Kind: instance method of DIDUrl
Param | Type |
---|---|
segment | string |
didUrl.toString() ⇒ string
Returns the DIDUrl
as a string.
Kind: instance method of DIDUrl
didUrl.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of DIDUrl
didUrl.clone() ⇒ DIDUrl
Deep clones the object.
Kind: instance method of DIDUrl
DIDUrl.parse(input) ⇒ DIDUrl
Parses a DIDUrl
from the input string.
Kind: static method of DIDUrl
Param | Type |
---|---|
input | string |
DIDUrl.fromJSON(json) ⇒ DIDUrl
Deserializes an instance from a JSON object.
Kind: static method of DIDUrl
Param | Type |
---|---|
json | any |
DecodedJws
A cryptographically verified decoded token from a JWS.
Contains the decoded headers and the raw claims.
Kind: global class
- DecodedJws
- .claims() ⇒
string
- .claimsBytes() ⇒
Uint8Array
- .protectedHeader() ⇒
JwsHeader
- .clone() ⇒
DecodedJws
- .toJSON() ⇒
any
- .claims() ⇒
decodedJws.claims() ⇒ string
Returns a copy of the parsed claims represented as a string.
Errors
An error is thrown if the claims cannot be represented as a string.
This error can only occur if the Token was decoded from a detached payload.
Kind: instance method of DecodedJws
decodedJws.claimsBytes() ⇒ Uint8Array
Return a copy of the parsed claims represented as an array of bytes.
Kind: instance method of DecodedJws
decodedJws.protectedHeader() ⇒ JwsHeader
Returns a copy of the protected header.
Kind: instance method of DecodedJws
decodedJws.clone() ⇒ DecodedJws
Deep clones the object.
Kind: instance method of DecodedJws
decodedJws.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of DecodedJws
DecodedJwtCredential
A cryptographically verified and decoded Credential.
Note that having an instance of this type only means the JWS it was constructed from was verified. It does not imply anything about a potentially present proof property on the credential itself.
Kind: global class
decodedJwtCredential.credential() ⇒ Credential
Returns a copy of the credential parsed to the Verifiable Credentials Data model.
Kind: instance method of DecodedJwtCredential
decodedJwtCredential.protectedHeader() ⇒ JwsHeader
Returns a copy of the protected header parsed from the decoded JWS.
Kind: instance method of DecodedJwtCredential
decodedJwtCredential.intoCredential() ⇒ Credential
Consumes the object and returns the decoded credential.
Warning
This destroys the DecodedCredential
object.
Kind: instance method of DecodedJwtCredential
DecodedJwtPresentation
A cryptographically verified and decoded presentation.
Note that having an instance of this type only means the JWS it was constructed from was verified. It does not imply anything about a potentially present proof property on the presentation itself.
Kind: global class
- DecodedJwtPresentation
- .presentation() ⇒
JwtPresentation
- .protectedHeader() ⇒
JwsHeader
- .intoPresentation() ⇒
JwtPresentation
- .expirationDate() ⇒
Timestamp
|undefined
- .issuanceDate() ⇒
Timestamp
|undefined
- .audience() ⇒
string
|undefined
- .credentials() ⇒
Array.<DecodedJwtCredential>
- .presentation() ⇒
decodedJwtPresentation.presentation() ⇒ JwtPresentation
Kind: instance method of DecodedJwtPresentation
decodedJwtPresentation.protectedHeader() ⇒ JwsHeader
Returns a copy of the protected header parsed from the decoded JWS.
Kind: instance method of DecodedJwtPresentation
decodedJwtPresentation.intoPresentation() ⇒ JwtPresentation
Consumes the object and returns the decoded presentation.
Warning
This destroys the DecodedJwtPresentation
object.
Kind: instance method of DecodedJwtPresentation
decodedJwtPresentation.expirationDate() ⇒ Timestamp
| undefined
The expiration date parsed from the JWT claims.
Kind: instance method of DecodedJwtPresentation
decodedJwtPresentation.issuanceDate() ⇒ Timestamp
| undefined
The issuance date parsed from the JWT claims.
Kind: instance method of DecodedJwtPresentation
decodedJwtPresentation.audience() ⇒ string
| undefined
The aud
property parsed from JWT claims.
Kind: instance method of DecodedJwtPresentation
decodedJwtPresentation.credentials() ⇒ Array.<DecodedJwtCredential>
The credentials included in the presentation (decoded).
Kind: instance method of DecodedJwtPresentation
DomainLinkageConfiguration
DID Configuration Resource which contains Domain Linkage Credentials.
It can be placed in an origin's .well-known
directory to prove linkage between the origin and a DID.
See: https://identity.foundation/.well-known/resources/did-configuration/#did-configuration-resource
Note:
- Only the JSON Web Token Proof Format
Kind: global class
new DomainLinkageConfiguration(linked_dids)
Constructs a new DomainLinkageConfiguration
.
Param | Type |
---|---|
linked_dids | Array.<Jwt> |
domainLinkageConfiguration.linkedDids() ⇒ Array.<Jwt>
List of the Domain Linkage Credentials.
Kind: instance method of DomainLinkageConfiguration
domainLinkageConfiguration.issuers() ⇒ Array.<CoreDID>
List of the issuers of the Domain Linkage Credentials.
Kind: instance method of DomainLinkageConfiguration
domainLinkageConfiguration.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of DomainLinkageConfiguration
domainLinkageConfiguration.clone() ⇒ DomainLinkageConfiguration
Deep clones the object.
Kind: instance method of DomainLinkageConfiguration
DomainLinkageConfiguration.fromJSON(json) ⇒ DomainLinkageConfiguration
Deserializes an instance from a JSON object.
Kind: static method of DomainLinkageConfiguration
Param | Type |
---|---|
json | any |
DomainLinkageValidator
A validator for a Domain Linkage Configuration and Credentials.
Kind: global class
new DomainLinkageValidator(signatureVerifier)
Creates a new DomainLinkageValidator
. If a signatureVerifier
is provided it will be used when
verifying decoded JWS signatures, otherwise the default which is only capable of handling the EdDSA
algorithm will be used.
Param | Type |
---|---|
signatureVerifier | IJwsVerifier | undefined |
domainLinkageValidator.validateLinkage(issuer, configuration, domain, options)
Validates the linkage between a domain and a DID.
[DomainLinkageConfiguration
] is validated according to DID Configuration Resource Verification.
Linkage is valid if no error is thrown.
Note:
- Only the JSON Web Token Proof Format
- Only the Credential issued by
issuer
is verified.
Errors
- Semantic structure of
configuration
is invalid. configuration
includes multiple credentials issued byissuer
.- Validation of the matched Domain Linkage Credential fails.
Kind: instance method of DomainLinkageValidator
Param | Type |
---|---|
issuer | CoreDocument | IToCoreDocument |
configuration | DomainLinkageConfiguration |
domain | string |
options | JwtCredentialValidationOptions |
domainLinkageValidator.validateCredential(issuer, credentialJwt, domain, options)
Validates a Domain Linkage Credential. Error will be thrown in case the validation fails.
Kind: instance method of DomainLinkageValidator
Param | Type |
---|---|
issuer | CoreDocument | IToCoreDocument |
credentialJwt | Jwt |
domain | string |
options | JwtCredentialValidationOptions |
Duration
A span of time.
Kind: global class
- Duration
- instance
- .toJSON() ⇒
any
- static
- .seconds(seconds) ⇒
Duration
- .minutes(minutes) ⇒
Duration
- .hours(hours) ⇒
Duration
- .days(days) ⇒
Duration
- .weeks(weeks) ⇒
Duration
- .fromJSON(json) ⇒
Duration
duration.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Duration
Duration.seconds(seconds) ⇒ Duration
Create a new Duration
with the given number of seconds.
Kind: static method of Duration
Param | Type |
---|---|
seconds | number |
Duration.minutes(minutes) ⇒ Duration
Create a new Duration
with the given number of minutes.
Kind: static method of Duration
Param | Type |
---|---|
minutes | number |
Duration.hours(hours) ⇒ Duration
Create a new Duration
with the given number of hours.
Kind: static method of Duration
Param | Type |
---|---|
hours | number |
Duration.days(days) ⇒ Duration
Create a new Duration
with the given number of days.
Kind: static method of Duration
Param | Type |
---|---|
days | number |
Duration.weeks(weeks) ⇒ Duration
Create a new Duration
with the given number of weeks.
Kind: static method of Duration
Param | Type |
---|---|
weeks | number |
Duration.fromJSON(json) ⇒ Duration
Deserializes an instance from a JSON object.
Kind: static method of Duration
Param | Type |
---|---|
json | any |
Ed25519
Kind: global class
- Ed25519
- .PRIVATE_KEY_LENGTH() ⇒
number
- .PUBLIC_KEY_LENGTH() ⇒
number
- .SIGNATURE_LENGTH() ⇒
number
- .sign(message, privateKey) ⇒
Uint8Array
- .verify(message, signature, publicKey)
- .PRIVATE_KEY_LENGTH() ⇒
Ed25519.PRIVATE_KEY_LENGTH() ⇒ number
Length in bytes of an Ed25519 private key.
Kind: static method of Ed25519
Ed25519.PUBLIC_KEY_LENGTH() ⇒ number
Length in bytes of an Ed25519 public key.
Kind: static method of Ed25519
Ed25519.SIGNATURE_LENGTH() ⇒ number
Length in bytes of an Ed25519 signature.
Kind: static method of Ed25519
Ed25519.sign(message, privateKey) ⇒ Uint8Array
Computes an EdDSA signature using an Ed25519 private key.
NOTE: this differs from Document.signData which uses JCS to canonicalize JSON messages.
The private key must be a 32-byte seed in compliance with RFC 8032. Other implementations often use another format. See this blog post for further explanation.
Kind: static method of Ed25519
Param | Type |
---|---|
message | Uint8Array |
privateKey | Uint8Array |
Ed25519.verify(message, signature, publicKey)
Verifies an EdDSA signature against an Ed25519 public key.
NOTE: this differs from Document.verifyData which uses JCS to canonicalize JSON messages.
Kind: static method of Ed25519
Param | Type |
---|---|
message | Uint8Array |
signature | Uint8Array |
publicKey | Uint8Array |
IotaDID
A DID conforming to the IOTA DID method specification.
Kind: global class
- IotaDID
- new IotaDID(bytes, network)
- instance
- .networkStr() ⇒
string
- .tag() ⇒
string
- .toCoreDid() ⇒
CoreDID
- .scheme() ⇒
string
- .authority() ⇒
string
- .method() ⇒
string
- .methodId() ⇒
string
- .join(segment) ⇒
DIDUrl
- .toUrl() ⇒
DIDUrl
- .toAliasId() ⇒
string
- .intoUrl() ⇒
DIDUrl
- .toString() ⇒
string
- .toJSON() ⇒
any
- .clone() ⇒
IotaDID
- static
- .METHOD ⇒
string
- .DEFAULT_NETWORK ⇒
string
- .fromAliasId(aliasId, network) ⇒
IotaDID
- .placeholder(network) ⇒
IotaDID
- .parse(input) ⇒
IotaDID
- .fromJSON(json) ⇒
IotaDID
new IotaDID(bytes, network)
Constructs a new IotaDID
from a byte representation of the tag and the given
network name.
See also placeholder.
Param | Type |
---|---|
bytes | Uint8Array |
network | string |
did.networkStr() ⇒ string
Returns the Tangle network name of the IotaDID
.
Kind: instance method of IotaDID
did.tag() ⇒ string
Returns a copy of the unique tag of the IotaDID
.
Kind: instance method of IotaDID
did.toCoreDid() ⇒ CoreDID
Returns the DID represented as a CoreDID
.
Kind: instance method of IotaDID
did.scheme() ⇒ string
Returns the DID
scheme.
E.g.
"did:example:12345678" -> "did"
"did:iota:main:12345678" -> "did"
Kind: instance method of IotaDID
did.authority() ⇒ string
Returns the DID
authority: the method name and method-id.
E.g.
"did:example:12345678" -> "example:12345678"
"did:iota:main:12345678" -> "iota:main:12345678"
Kind: instance method of IotaDID
did.method() ⇒ string
Returns the DID
method name.
E.g.
"did:example:12345678" -> "example"
"did:iota:main:12345678" -> "iota"
Kind: instance method of IotaDID
did.methodId() ⇒ string
Returns the DID
method-specific ID.
E.g.
"did:example:12345678" -> "12345678"
"did:iota:main:12345678" -> "main:12345678"
Kind: instance method of IotaDID
did.join(segment) ⇒ DIDUrl
Construct a new DIDUrl
by joining with a relative DID Url string.
Kind: instance method of IotaDID
Param | Type |
---|---|
segment | string |
did.toUrl() ⇒ DIDUrl
Clones the DID
into a DIDUrl
.
Kind: instance method of IotaDID
did.toAliasId() ⇒ string
Returns the hex-encoded AliasId with a '0x' prefix, from the DID tag.
Kind: instance method of IotaDID
did.intoUrl() ⇒ DIDUrl
Converts the DID
into a DIDUrl
, consuming it.
Kind: instance method of IotaDID
did.toString() ⇒ string
Returns the DID
as a string.
Kind: instance method of IotaDID
did.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of IotaDID
did.clone() ⇒ IotaDID
Deep clones the object.
Kind: instance method of IotaDID
IotaDID.METHOD ⇒ string
The IOTA DID method name ("iota"
).
Kind: static property of IotaDID
IotaDID.DEFAULT_NETWORK ⇒ string
The default Tangle network ("iota"
).
Kind: static property of IotaDID
IotaDID.fromAliasId(aliasId, network) ⇒ IotaDID
Constructs a new IotaDID
from a hex representation of an Alias Id and the given
network name.
Kind: static method of IotaDID
Param | Type |
---|---|
aliasId | string |
network | string |
IotaDID.placeholder(network) ⇒ IotaDID
Creates a new placeholder [IotaDID
] with the given network name.
E.g. did:iota:smr:0x0000000000000000000000000000000000000000000000000000000000000000
.
Kind: static method of IotaDID
Param | Type |
---|---|
network | string |
IotaDID.parse(input) ⇒ IotaDID
Parses a IotaDID
from the input string.
Kind: static method of IotaDID
Param | Type |
---|---|
input | string |
IotaDID.fromJSON(json) ⇒ IotaDID
Deserializes an instance from a JSON object.
Kind: static method of IotaDID
Param | Type |
---|---|
json | any |
IotaDocument
Kind: global class
- IotaDocument
- new IotaDocument(network)
- instance
- .id() ⇒
IotaDID
- .controller() ⇒
Array.<IotaDID>
- .alsoKnownAs() ⇒
Array.<string>
- .setAlsoKnownAs(urls)
- .properties() ⇒
Map.<string, any>
- .setPropertyUnchecked(key, value)
- .service() ⇒
Array.<Service>
- .insertService(service)
- .removeService(did) ⇒
Service
|undefined
- .resolveService(query) ⇒
Service
|undefined
- .methods(scope) ⇒
Array.<VerificationMethod>
- .insertMethod(method, scope)
- .removeMethod(did) ⇒
VerificationMethod
|undefined
- .resolveMethod(query, scope) ⇒
VerificationMethod
|undefined
- .attachMethodRelationship(didUrl, relationship) ⇒
boolean
- .detachMethodRelationship(didUrl, relationship) ⇒
boolean
- .signCredential(credential, privateKey, methodQuery, options) ⇒
Credential
- .signPresentation(presentation, privateKey, methodQuery, options) ⇒
Presentation
- .signData(data, privateKey, methodQuery, options) ⇒
any
- .verifyData(data, options) ⇒
boolean
- .verifyJws(jws, options, signatureVerifier, detachedPayload) ⇒
DecodedJws
- .pack() ⇒
Uint8Array
- .packWithEncoding(encoding) ⇒
Uint8Array
- .metadata() ⇒
IotaDocumentMetadata
- .metadataCreated() ⇒
Timestamp
|undefined
- .setMetadataCreated(timestamp)
- .metadataUpdated() ⇒
Timestamp
|undefined
- .setMetadataUpdated(timestamp)
- .metadataDeactivated() ⇒
boolean
|undefined
- .setMetadataDeactivated(deactivated)
- .metadataStateControllerAddress() ⇒
string
|undefined
- .metadataGovernorAddress() ⇒
string
|undefined
- .setMetadataPropertyUnchecked(key, value)
- .revokeCredentials(serviceQuery, indices)
- .unrevokeCredentials(serviceQuery, indices)
- .clone() ⇒
IotaDocument
- ._shallowCloneInternal() ⇒
IotaDocument
- ._strongCountInternal() ⇒
number
- .toJSON() ⇒
any
- .toCoreDocument() ⇒
CoreDocument
- .generateMethod(storage, keyType, alg, fragment, scope) ⇒
Promise.<string>
- .purgeMethod(storage, id) ⇒
Promise.<void>
- .createJwt(storage, fragment, payload, options) ⇒
Promise.<Jws>
- .createCredentialJwt(storage, fragment, credential, options) ⇒
Promise.<Jwt>
- .createPresentationJwt(storage, fragment, presentation, signature_options, presentation_options) ⇒
Promise.<Jwt>
- static
- .newWithId(id) ⇒
IotaDocument
- .unpackFromOutput(did, aliasOutput, allowEmpty, tokenSupply) ⇒
IotaDocument
- .unpackFromBlock(network, block, protocol_parameters) ⇒
Array.<IotaDocument>
- .fromJSON(json) ⇒
IotaDocument
new IotaDocument(network)
Constructs an empty DID Document with a placeholder identifier
for the given network
.
Param | Type |
---|---|
network | string |
iotaDocument.id() ⇒ IotaDID
Returns a copy of the DID Document id
.
Kind: instance method of IotaDocument
iotaDocument.controller() ⇒ Array.<IotaDID>
Returns a copy of the list of document controllers.
NOTE: controllers are determined by the state_controller
unlock condition of the output
during resolution and are omitted when publishing.
Kind: instance method of IotaDocument
iotaDocument.alsoKnownAs() ⇒ Array.<string>
Returns a copy of the document's alsoKnownAs
set.
Kind: instance method of IotaDocument
iotaDocument.setAlsoKnownAs(urls)
Sets the alsoKnownAs
property in the DID document.
Kind: instance method of IotaDocument
Param | Type |
---|---|
urls | string | Array.<string> | null |
iotaDocument.properties() ⇒ Map.<string, any>
Returns a copy of the custom DID Document properties.
Kind: instance method of IotaDocument
iotaDocument.setPropertyUnchecked(key, value)
Sets a custom property in the DID Document.
If the value is set to null
, the custom property will be removed.
WARNING
This method can overwrite existing properties like id
and result in an invalid document.
Kind: instance method of IotaDocument
Param | Type |
---|---|
key | string |
value | any |
iotaDocument.service() ⇒ Array.<Service>
Return a set of all Service in the document.
Kind: instance method of IotaDocument
iotaDocument.insertService(service)
Add a new Service to the document.
Returns true
if the service was added.
Kind: instance method of IotaDocument
Param | Type |
---|---|
service | Service |
iotaDocument.removeService(did) ⇒ Service
| undefined
Remove a Service identified by the given DIDUrl from the document.
Returns true
if a service was removed.
Kind: instance method of IotaDocument
Param | Type |
---|---|
did | DIDUrl |
iotaDocument.resolveService(query) ⇒ Service
| undefined
Returns the first Service with an id
property matching the provided query
,
if present.
Kind: instance method of IotaDocument
Param | Type |
---|---|
query | DIDUrl | string |
iotaDocument.methods(scope) ⇒ Array.<VerificationMethod>
Returns a list of all VerificationMethod in the DID Document,
whose verification relationship matches scope
.
If scope
is not set, a list over the embedded methods is returned.
Kind: instance method of IotaDocument
Param | Type |
---|---|
scope | MethodScope | undefined |
iotaDocument.insertMethod(method, scope)
Adds a new method
to the document in the given scope
.
Kind: instance method of IotaDocument
Param | Type |
---|---|
method | VerificationMethod |
scope | MethodScope |
iotaDocument.removeMethod(did) ⇒ VerificationMethod
| undefined
Removes all references to the specified Verification Method.
Kind: instance method of IotaDocument
Param | Type |
---|---|
did | DIDUrl |
iotaDocument.resolveMethod(query, scope) ⇒ VerificationMethod
| undefined
Returns a copy of the first verification method with an id
property
matching the provided query
and the verification relationship
specified by scope
, if present.
Kind: instance method of IotaDocument
Param | Type |
---|---|
query | DIDUrl | string |
scope | MethodScope | undefined |
iotaDocument.attachMethodRelationship(didUrl, relationship) ⇒ boolean
Attaches the relationship to the given method, if the method exists.
Note: The method needs to be in the set of verification methods, so it cannot be an embedded one.
Kind: instance method of IotaDocument
Param | Type |
---|---|
didUrl | DIDUrl |
relationship | number |
iotaDocument.detachMethodRelationship(didUrl, relationship) ⇒ boolean
Detaches the given relationship from the given method, if the method exists.
Kind: instance method of IotaDocument
Param | Type |
---|---|
didUrl | DIDUrl |
relationship | number |
iotaDocument.signCredential(credential, privateKey, methodQuery, options) ⇒ Credential
Creates a signature for the given Credential
with the specified DID Document
Verification Method.
Kind: instance method of IotaDocument
Param | Type |
---|---|
credential | Credential |
privateKey | Uint8Array |
methodQuery | DIDUrl | string |
options | ProofOptions |
iotaDocument.signPresentation(presentation, privateKey, methodQuery, options) ⇒ Presentation
Creates a signature for the given Presentation
with the specified DID Document
Verification Method.
Kind: instance method of IotaDocument
Param | Type |
---|---|
presentation | Presentation |
privateKey | Uint8Array |
methodQuery | DIDUrl | string |
options | ProofOptions |
iotaDocument.signData(data, privateKey, methodQuery, options) ⇒ any
Creates a signature for the given data
with the specified DID Document
Verification Method.
NOTE: use signSelf
or signDocument
for DID Documents.
Kind: instance method of IotaDocument
Param | Type |
---|---|
data | any |
privateKey | Uint8Array |
methodQuery | DIDUrl | string |
options | ProofOptions |
iotaDocument.verifyData(data, options) ⇒ boolean
Verifies the authenticity of data
using the target verification method.
Kind: instance method of IotaDocument
Param | Type |
---|---|
data | any |
options | VerifierOptions |
iotaDocument.verifyJws(jws, options, signatureVerifier, detachedPayload) ⇒ DecodedJws
Decodes and verifies the provided JWS according to the passed options
and signatureVerifier
.
If no signatureVerifier
argument is provided a default verifier will be used that is (only) capable of
verifying EdDSA signatures.
Regardless of which options are passed the following conditions must be met in order for a verification attempt to take place.
- The JWS must be encoded according to the JWS compact serialization.
- The
kid
value in the protected header must be an identifier of a verification method in this DID document.
Kind: instance method of IotaDocument
Param | Type |
---|---|
jws | Jws |
options | JwsVerificationOptions |
signatureVerifier | IJwsVerifier | undefined |
detachedPayload | string | undefined |
iotaDocument.pack() ⇒ Uint8Array
Serializes the document for inclusion in an Alias Output's state metadata with the default StateMetadataEncoding.
Kind: instance method of IotaDocument
iotaDocument.packWithEncoding(encoding) ⇒ Uint8Array
Serializes the document for inclusion in an Alias Output's state metadata.
Kind: instance method of IotaDocument
Param | Type |
---|---|
encoding | number |
iotaDocument.metadata() ⇒ IotaDocumentMetadata
Returns a copy of the metadata associated with this document.
NOTE: Copies all the metadata. See also metadataCreated
, metadataUpdated
,
metadataPreviousMessageId
, metadataProof
if only a subset of the metadata required.
Kind: instance method of IotaDocument
iotaDocument.metadataCreated() ⇒ Timestamp
| undefined
Returns a copy of the timestamp of when the DID document was created.
Kind: instance method of IotaDocument
iotaDocument.setMetadataCreated(timestamp)
Sets the timestamp of when the DID document was created.
Kind: instance method of IotaDocument
Param | Type |
---|---|
timestamp | Timestamp | undefined |
iotaDocument.metadataUpdated() ⇒ Timestamp
| undefined
Returns a copy of the timestamp of the last DID document update.
Kind: instance method of IotaDocument
iotaDocument.setMetadataUpdated(timestamp)
Sets the timestamp of the last DID document update.
Kind: instance method of IotaDocument
Param | Type |
---|---|
timestamp | Timestamp | undefined |
iotaDocument.metadataDeactivated() ⇒ boolean
| undefined
Returns a copy of the deactivated status of the DID document.
Kind: instance method of IotaDocument
iotaDocument.setMetadataDeactivated(deactivated)
Sets the deactivated status of the DID document.
Kind: instance method of IotaDocument
Param | Type |
---|---|
deactivated | boolean | undefined |
iotaDocument.metadataStateControllerAddress() ⇒ string
| undefined
Returns a copy of the Bech32-encoded state controller address, if present.
Kind: instance method of IotaDocument
iotaDocument.metadataGovernorAddress() ⇒ string
| undefined
Returns a copy of the Bech32-encoded governor address, if present.
Kind: instance method of IotaDocument
iotaDocument.setMetadataPropertyUnchecked(key, value)
Sets a custom property in the document metadata.
If the value is set to null
, the custom property will be removed.
Kind: instance method of IotaDocument
Param | Type |
---|---|
key | string |
value | any |
iotaDocument.revokeCredentials(serviceQuery, indices)
If the document has a RevocationBitmap
service identified by serviceQuery
,
revoke all specified indices
.
Kind: instance method of IotaDocument
Param | Type |
---|---|
serviceQuery | DIDUrl | string |
indices | number | Array.<number> |
iotaDocument.unrevokeCredentials(serviceQuery, indices)
If the document has a RevocationBitmap
service identified by serviceQuery
,
unrevoke all specified indices
.
Kind: instance method of IotaDocument
Param | Type |
---|---|
serviceQuery | DIDUrl | string |
indices | number | Array.<number> |
iotaDocument.clone() ⇒ IotaDocument
Returns a deep clone of the IotaDocument
.
Kind: instance method of IotaDocument
iotaDocument._shallowCloneInternal() ⇒ IotaDocument
Warning
This is for internal use only. Do not rely on or call this method.
Kind: instance method of IotaDocument
iotaDocument._strongCountInternal() ⇒ number
Warning
This is for internal use only. Do not rely on or call this method.
Kind: instance method of IotaDocument
iotaDocument.toJSON() ⇒ any
Serializes to a plain JS representation.
Kind: instance method of IotaDocument
iotaDocument.toCoreDocument() ⇒ CoreDocument
Transforms the IotaDocument
to its CoreDocument
representation.
Kind: instance method of IotaDocument
iotaDocument.generateMethod(storage, keyType, alg, fragment, scope) ⇒ Promise.<string>
Generate new key material in the given storage
and insert a new verification method with the corresponding
public key material into the DID document.
- If no fragment is given the
kid
of the generated JWK is used, if it is set, otherwise an error is returned. - The
keyType
must be compatible with the givenstorage
.Storage
s are expected to export key type constants for that use case.
The fragment of the generated method is returned.
Kind: instance method of IotaDocument
Param | Type |
---|---|
storage | Storage |
keyType | string |
alg | JwsAlgorithm |
fragment | string | undefined |
scope | MethodScope |
iotaDocument.purgeMethod(storage, id) ⇒ Promise.<void>
Remove the method identified by the given fragment from the document and delete the corresponding key material in
the given storage
.
Kind: instance method of IotaDocument
Param | Type |
---|---|
storage | Storage |
id | DIDUrl |
iotaDocument.createJwt(storage, fragment, payload, options) ⇒ Promise.<Jws>
Sign the payload
according to options
with the storage backed private key corresponding to the public key
material in the verification method identified by the given `fragment.
Upon success a string representing a JWS encoded according to the Compact JWS Serialization format is returned. See RFC7515 section 3.1.
Kind: instance method of IotaDocument
Param | Type |
---|---|
storage | Storage |
fragment | string |
payload | string |
options | JwsSignatureOptions |
iotaDocument.createCredentialJwt(storage, fragment, credential, options) ⇒ Promise.<Jwt>
Produces a JWS where the payload is produced from the given credential
in accordance with VC-JWT version 1.1..
The kid
in the protected header is the id
of the method identified by fragment
and the JWS signature will be
produced by the corresponding private key backed by the storage
in accordance with the passed options
.
Kind: instance method of IotaDocument
Param | Type |
---|---|
storage | Storage |
fragment | string |
credential | Credential |
options | JwsSignatureOptions |
iotaDocument.createPresentationJwt(storage, fragment, presentation, signature_options, presentation_options) ⇒ Promise.<Jwt>
Produces a JWT where the payload is produced from the given presentation. in accordance with VC-JWT version 1.1.
The kid
in the protected header is the id
of the method identified by fragment
and the JWS signature will be
produced by the corresponding private key backed by the storage
in accordance with the passed options
.
Kind: instance method of IotaDocument
Param | Type |
---|---|
storage | Storage |
fragment | string |
presentation | JwtPresentation |
signature_options | JwsSignatureOptions |
presentation_options | JwtPresentationOptions |
IotaDocument.newWithId(id) ⇒ IotaDocument
Constructs an empty DID Document with the given identifier.
Kind: static method of IotaDocument
Param | Type |
---|---|
id | IotaDID |
IotaDocument.unpackFromOutput(did, aliasOutput, allowEmpty, tokenSupply) ⇒ IotaDocument
Deserializes the document from an Alias Output.
If allowEmpty
is true, this will return an empty DID document marked as deactivated
if stateMetadata
is empty.
The tokenSupply
must be equal to the token supply of the network the DID is associated with.
NOTE: did
is required since it is omitted from the serialized DID Document and
cannot be inferred from the state metadata. It also indicates the network, which is not
encoded in the AliasId
alone.
Kind: static method of IotaDocument
Param | Type |
---|---|
did | IotaDID |
aliasOutput | IAliasOutput |
allowEmpty | boolean |
tokenSupply | bigint |
IotaDocument.unpackFromBlock(network, block, protocol_parameters) ⇒ Array.<IotaDocument>
Returns all DID documents of the Alias Outputs contained in the block's transaction payload outputs, if any.
Errors if any Alias Output does not contain a valid or empty DID Document.
protocolResponseJson
can be obtained from a Client
.
Kind: static method of IotaDocument
Param | Type |
---|---|
network | string |
block | IBlock |
protocol_parameters | INodeInfoProtocol |
IotaDocument.fromJSON(json) ⇒ IotaDocument
Deserializes an instance from a plain JS representation.
Kind: static method of IotaDocument
Param | Type |
---|---|
json | any |
IotaDocumentMetadata
Additional attributes related to an IOTA DID Document.
Kind: global class
- IotaDocumentMetadata
- instance
- .created() ⇒
Timestamp
|undefined
- .updated() ⇒
Timestamp
|undefined
- .deactivated() ⇒
boolean
|undefined
- .stateControllerAddress() ⇒
string
|undefined
- .governorAddress() ⇒
string
|undefined
- .properties() ⇒
Map.<string, any>
- .toJSON() ⇒
any
- .clone() ⇒
IotaDocumentMetadata
- static
- .fromJSON(json) ⇒
IotaDocumentMetadata
iotaDocumentMetadata.created() ⇒ Timestamp
| undefined
Returns a copy of the timestamp of when the DID document was created.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.updated() ⇒ Timestamp
| undefined
Returns a copy of the timestamp of the last DID document update.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.deactivated() ⇒ boolean
| undefined
Returns a copy of the deactivated status of the DID document.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.stateControllerAddress() ⇒ string
| undefined
Returns a copy of the Bech32-encoded state controller address, if present.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.governorAddress() ⇒ string
| undefined
Returns a copy of the Bech32-encoded governor address, if present.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.properties() ⇒ Map.<string, any>
Returns a copy of the custom metadata properties.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of IotaDocumentMetadata
iotaDocumentMetadata.clone() ⇒ IotaDocumentMetadata
Deep clones the object.
Kind: instance method of IotaDocumentMetadata
IotaDocumentMetadata.fromJSON(json) ⇒ IotaDocumentMetadata
Deserializes an instance from a JSON object.
Kind: static method of IotaDocumentMetadata
Param | Type |
---|---|
json | any |
IotaIdentityClientExt
An extension interface that provides helper functions for publication and resolution of DID documents in Alias Outputs.
Kind: global class
- IotaIdentityClientExt
- .newDidOutput(client, address, document, rentStructure) ⇒
Promise.<IAliasOutput>
- .updateDidOutput(client, document) ⇒
Promise.<IAliasOutput>
- .deactivateDidOutput(client, did) ⇒
Promise.<IAliasOutput>
- .resolveDid(client, did) ⇒
Promise.<IotaDocument>
- .resolveDidOutput(client, did) ⇒
Promise.<IAliasOutput>
- .newDidOutput(client, address, document, rentStructure) ⇒
IotaIdentityClientExt.newDidOutput(client, address, document, rentStructure) ⇒ Promise.<IAliasOutput>
Create a DID with a new Alias Output containing the given document
.
The address
will be set as the state controller and governor unlock conditions.
The minimum required token deposit amount will be set according to the given
rent_structure
, which will be fetched from the node if not provided.
The returned Alias Output can be further customised before publication, if desired.
NOTE: this does not publish the Alias Output.
Kind: static method of IotaIdentityClientExt
Param | Type |
---|---|
client | IIotaIdentityClient |
address | AddressTypes |
document | IotaDocument |
rentStructure | IRent | undefined |
IotaIdentityClientExt.updateDidOutput(client, document) ⇒ Promise.<IAliasOutput>
Fetches the associated Alias Output and updates it with document
in its state metadata.
The storage deposit on the output is left unchanged. If the size of the document increased,
the amount should be increased manually.
NOTE: this does not publish the updated Alias Output.
Kind: static method of IotaIdentityClientExt
Param | Type |
---|---|
client | IIotaIdentityClient |
document | IotaDocument |
IotaIdentityClientExt.deactivateDidOutput(client, did) ⇒ Promise.<IAliasOutput>
Removes the DID document from the state metadata of its Alias Output, effectively deactivating it. The storage deposit on the output is left unchanged, and should be reallocated manually.
Deactivating does not destroy the output. Hence, it can be re-activated by publishing an update containing a DID document.
NOTE: this does not publish the updated Alias Output.
Kind: static method of IotaIdentityClientExt
Param | Type |
---|---|
client | IIotaIdentityClient |
did | IotaDID |
IotaIdentityClientExt.resolveDid(client, did) ⇒ Promise.<IotaDocument>
Resolve a IotaDocument. Returns an empty, deactivated document if the state metadata of the Alias Output is empty.
Kind: static method of IotaIdentityClientExt
Param | Type |
---|---|
client | IIotaIdentityClient |
did | IotaDID |
IotaIdentityClientExt.resolveDidOutput(client, did) ⇒ Promise.<IAliasOutput>
Fetches the IAliasOutput
associated with the given DID.
Kind: static method of IotaIdentityClientExt
Param | Type |
---|---|
client | IIotaIdentityClient |
did | IotaDID |
Jwk
Kind: global class
- Jwk
- new Jwk(jwk)
- instance
- .kty() ⇒
JwkType
- .use() ⇒
JwkUse
|undefined
- .keyOps() ⇒
Array.<JwkOperation>
- .alg() ⇒
JwsAlgorithm
|undefined
- .kid() ⇒
string
|undefined
- .x5u() ⇒
string
|undefined
- .x5c() ⇒
Array.<string>
- .x5t() ⇒
string
|undefined
- .x5t256() ⇒
string
|undefined
- .paramsEc() ⇒
JwkParamsEc
|undefined
- .paramsOkp() ⇒
JwkParamsOkp
|undefined
- .paramsOct() ⇒
JwkParamsOct
|undefined
- .paramsRsa() ⇒
JwkParamsRsa
|undefined
- .toPublic() ⇒
Jwk
|undefined
- .isPublic() ⇒
boolean
- .isPrivate() ⇒
boolean
- .toJSON() ⇒
any
- .clone() ⇒
Jwk
- static
- .fromJSON(json) ⇒
Jwk
new Jwk(jwk)
Param | Type |
---|---|
jwk | IJwkParams |
jwk.kty() ⇒ JwkType
Returns the value for the key type parameter (kty).
Kind: instance method of Jwk
jwk.use() ⇒ JwkUse
| undefined
Returns the value for the use property (use).
Kind: instance method of Jwk
jwk.keyOps() ⇒ Array.<JwkOperation>
Kind: instance method of Jwk
jwk.alg() ⇒ JwsAlgorithm
| undefined
Returns the value for the algorithm property (alg).
Kind: instance method of Jwk
jwk.kid() ⇒ string
| undefined
Returns the value of the key ID property (kid).
Kind: instance method of Jwk
jwk.x5u() ⇒ string
| undefined
Returns the value of the X.509 URL property (x5u).
Kind: instance method of Jwk
jwk.x5c() ⇒ Array.<string>
Returns the value of the X.509 certificate chain property (x5c).
Kind: instance method of Jwk
jwk.x5t() ⇒ string
| undefined
Returns the value of the X.509 certificate SHA-1 thumbprint property (x5t).
Kind: instance method of Jwk
jwk.x5t256() ⇒ string
| undefined
Returns the value of the X.509 certificate SHA-256 thumbprint property (x5t#S256).
Kind: instance method of Jwk
jwk.paramsEc() ⇒ JwkParamsEc
| undefined
If this JWK is of kty EC, returns those parameters.
Kind: instance method of Jwk
jwk.paramsOkp() ⇒ JwkParamsOkp
| undefined
If this JWK is of kty OKP, returns those parameters.
Kind: instance method of Jwk
jwk.paramsOct() ⇒ JwkParamsOct
| undefined
If this JWK is of kty OCT, returns those parameters.
Kind: instance method of Jwk
jwk.paramsRsa() ⇒ JwkParamsRsa
| undefined
If this JWK is of kty RSA, returns those parameters.
Kind: instance method of Jwk
jwk.toPublic() ⇒ Jwk
| undefined
Returns a clone of the Jwk with all private key components unset.
Nothing is returned when kty = oct
as this key type is not considered public by this library.
Kind: instance method of Jwk
jwk.isPublic() ⇒ boolean
Returns true
if all private key components of the key are unset, false
otherwise.
Kind: instance method of Jwk
jwk.isPrivate() ⇒ boolean
Returns true
if all private key components of the key are set, false
otherwise.
Kind: instance method of Jwk
jwk.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Jwk
jwk.clone() ⇒ Jwk
Deep clones the object.
Kind: instance method of Jwk
Jwk.fromJSON(json) ⇒ Jwk
Deserializes an instance from a JSON object.
Kind: static method of Jwk
Param | Type |
---|---|
json | any |
JwkGenOutput
The result of a key generation in JwkStorage
.
Kind: global class
- JwkGenOutput
- new JwkGenOutput(key_id, jwk)
- instance
- .jwk() ⇒
Jwk
- .keyId() ⇒
string
- .toJSON() ⇒
any
- .clone() ⇒
JwkGenOutput
- static
- .fromJSON(json) ⇒
JwkGenOutput
new JwkGenOutput(key_id, jwk)
Param | Type |
---|---|
key_id | string |
jwk | Jwk |
jwkGenOutput.jwk() ⇒ Jwk
Returns the generated public JWK.
Kind: instance method of JwkGenOutput
jwkGenOutput.keyId() ⇒ string
Returns the key id of the generated jwk.
Kind: instance method of JwkGenOutput
jwkGenOutput.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwkGenOutput
jwkGenOutput.clone() ⇒ JwkGenOutput
Deep clones the object.
Kind: instance method of JwkGenOutput
JwkGenOutput.fromJSON(json) ⇒ JwkGenOutput
Deserializes an instance from a JSON object.
Kind: static method of JwkGenOutput
Param | Type |
---|---|
json | any |
Jws
A wrapper around a JSON Web Signature (JWS).
Kind: global class
- Jws
- new Jws(jws_string)
- .toString() ⇒
string
new Jws(jws_string)
Creates a new Jws
from the given string.
Param | Type |
---|---|
jws_string | string |
jws.toString() ⇒ string
Returns a clone of the JWS string.
Kind: instance method of Jws
JwsHeader
Kind: global class
- JwsHeader
- new JwsHeader()
- instance
- .alg() ⇒
JwsAlgorithm
|undefined
- .setAlg(value)
- .b64() ⇒
boolean
|undefined
- .setB64(value)
- .has(claim) ⇒
boolean
- .isDisjoint(other) ⇒
boolean
- .jku() ⇒
string
|undefined
- .setJku(value)
- .jwk() ⇒
Jwk
|undefined
- .setJwk(value)
- .kid() ⇒
string
|undefined
- .setKid(value)
- .x5u() ⇒
string
|undefined
- .setX5u(value)
- .x5c() ⇒
Array.<string>
- .setX5c(value)
- .x5t() ⇒
string
|undefined
- .setX5t(value)
- .x5tS256() ⇒
string
|undefined
- .setX5tS256(value)
- .typ() ⇒
string
|undefined
- .setTyp(value)
- .cty() ⇒
string
|undefined
- .setCty(value)
- .crit() ⇒
Array.<string>
- .setCrit(value)
- .url() ⇒
string
|undefined
- .setUrl(value)
- .nonce() ⇒
string
|undefined
- .setNonce(value)
- .toJSON() ⇒
any
- .clone() ⇒
JwsHeader
- static
- .fromJSON(json) ⇒
JwsHeader
new JwsHeader()
Create a new empty JwsHeader
.
jwsHeader.alg() ⇒ JwsAlgorithm
| undefined
Returns the value for the algorithm claim (alg).
Kind: instance method of JwsHeader
jwsHeader.setAlg(value)
Sets a value for the algorithm claim (alg).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | JwsAlgorithm |
jwsHeader.b64() ⇒ boolean
| undefined
Returns the value of the base64url-encode payload claim (b64).
Kind: instance method of JwsHeader
jwsHeader.setB64(value)
Sets a value for the base64url-encode payload claim (b64).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | boolean |
jwsHeader.has(claim) ⇒ boolean
Kind: instance method of JwsHeader
Param | Type |
---|---|
claim | string |
jwsHeader.isDisjoint(other) ⇒ boolean
Returns true
if none of the fields are set in both self
and other
.
Kind: instance method of JwsHeader
Param | Type |
---|---|
other | JwsHeader |
jwsHeader.jku() ⇒ string
| undefined
Returns the value of the JWK Set URL claim (jku).
Kind: instance method of JwsHeader
jwsHeader.setJku(value)
Sets a value for the JWK Set URL claim (jku).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.jwk() ⇒ Jwk
| undefined
Returns the value of the JWK claim (jwk).
Kind: instance method of JwsHeader
jwsHeader.setJwk(value)
Sets a value for the JWK claim (jwk).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | Jwk |
jwsHeader.kid() ⇒ string
| undefined
Returns the value of the key ID claim (kid).
Kind: instance method of JwsHeader
jwsHeader.setKid(value)
Sets a value for the key ID claim (kid).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.x5u() ⇒ string
| undefined
Returns the value of the X.509 URL claim (x5u).
Kind: instance method of JwsHeader
jwsHeader.setX5u(value)
Sets a value for the X.509 URL claim (x5u).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.x5c() ⇒ Array.<string>
Returns the value of the X.509 certificate chain claim (x5c).
Kind: instance method of JwsHeader
jwsHeader.setX5c(value)
Sets values for the X.509 certificate chain claim (x5c).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | Array.<string> |
jwsHeader.x5t() ⇒ string
| undefined
Returns the value of the X.509 certificate SHA-1 thumbprint claim (x5t).
Kind: instance method of JwsHeader
jwsHeader.setX5t(value)
Sets a value for the X.509 certificate SHA-1 thumbprint claim (x5t).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.x5tS256() ⇒ string
| undefined
Returns the value of the X.509 certificate SHA-256 thumbprint claim (x5t#S256).
Kind: instance method of JwsHeader
jwsHeader.setX5tS256(value)
Sets a value for the X.509 certificate SHA-256 thumbprint claim (x5t#S256).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.typ() ⇒ string
| undefined
Returns the value of the token type claim (typ).
Kind: instance method of JwsHeader
jwsHeader.setTyp(value)
Sets a value for the token type claim (typ).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.cty() ⇒ string
| undefined
Returns the value of the content type claim (cty).
Kind: instance method of JwsHeader
jwsHeader.setCty(value)
Sets a value for the content type claim (cty).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.crit() ⇒ Array.<string>
Returns the value of the critical claim (crit).
Kind: instance method of JwsHeader
jwsHeader.setCrit(value)
Sets values for the critical claim (crit).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | Array.<string> |
jwsHeader.url() ⇒ string
| undefined
Returns the value of the url claim (url).
Kind: instance method of JwsHeader
jwsHeader.setUrl(value)
Sets a value for the url claim (url).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.nonce() ⇒ string
| undefined
Returns the value of the nonce claim (nonce).
Kind: instance method of JwsHeader
jwsHeader.setNonce(value)
Sets a value for the nonce claim (nonce).
Kind: instance method of JwsHeader
Param | Type |
---|---|
value | string |
jwsHeader.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwsHeader
jwsHeader.clone() ⇒ JwsHeader
Deep clones the object.
Kind: instance method of JwsHeader
JwsHeader.fromJSON(json) ⇒ JwsHeader
Deserializes an instance from a JSON object.
Kind: static method of JwsHeader
Param | Type |
---|---|
json | any |
JwsSignatureOptions
Kind: global class
new JwsSignatureOptions(options)
Param | Type |
---|---|
options | IJwsSignatureOptions | undefined |
jwsSignatureOptions.setAttachJwk(value)
Replace the value of the attachJwk
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | boolean |
jwsSignatureOptions.setB64(value)
Replace the value of the b64
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | boolean |
jwsSignatureOptions.setTyp(value)
Replace the value of the typ
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | string |
jwsSignatureOptions.setCty(value)
Replace the value of the cty
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | string |
jwsSignatureOptions.serUrl(value)
Replace the value of the url
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | string |
jwsSignatureOptions.setNonce(value)
Replace the value of the nonce
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | string |
jwsSignatureOptions.setDetachedPayload(value)
Replace the value of the detached_payload
field.
Kind: instance method of JwsSignatureOptions
Param | Type |
---|---|
value | boolean |
jwsSignatureOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwsSignatureOptions
jwsSignatureOptions.clone() ⇒ JwsSignatureOptions
Deep clones the object.
Kind: instance method of JwsSignatureOptions
JwsSignatureOptions.fromJSON(json) ⇒ JwsSignatureOptions
Deserializes an instance from a JSON object.
Kind: static method of JwsSignatureOptions
Param | Type |
---|---|
json | any |
JwsVerificationOptions
Kind: global class
new JwsVerificationOptions(options)
Param | Type |
---|---|
options | IJwsVerificationOptions | undefined |
jwsVerificationOptions.setNonce(value)
Set the expected value for the nonce
parameter of the protected header.
Kind: instance method of JwsVerificationOptions
Param | Type |
---|---|
value | string |
jwsVerificationOptions.setScope(value)
Set the scope of the verification methods that may be used to verify the given JWS.
Kind: instance method of JwsVerificationOptions
Param | Type |
---|---|
value | MethodScope |
jwsVerificationOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwsVerificationOptions
jwsVerificationOptions.clone() ⇒ JwsVerificationOptions
Deep clones the object.
Kind: instance method of JwsVerificationOptions
JwsVerificationOptions.fromJSON(json) ⇒ JwsVerificationOptions
Deserializes an instance from a JSON object.
Kind: static method of JwsVerificationOptions
Param | Type |
---|---|
json | any |
Jwt
A wrapper around a JSON Web Token (JWK).
Kind: global class
- Jwt
- new Jwt(jwt_string)
- instance
- .toString() ⇒
string
- .toJSON() ⇒
any
- .clone() ⇒
Jwt
- static
- .fromJSON(json) ⇒
Jwt
new Jwt(jwt_string)
Creates a new Jwt
from the given string.
Param | Type |
---|---|
jwt_string | string |
jwt.toString() ⇒ string
Returns a clone of the JWT string.
Kind: instance method of Jwt
jwt.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Jwt
jwt.clone() ⇒ Jwt
Deep clones the object.
Kind: instance method of Jwt
Jwt.fromJSON(json) ⇒ Jwt
Deserializes an instance from a JSON object.
Kind: static method of Jwt
Param | Type |
---|---|
json | any |
JwtCredentialValidationOptions
Options to declare validation criteria when validating credentials.
Kind: global class
new JwtCredentialValidationOptions(options)
Param | Type |
---|---|
options | IJwtCredentialValidationOptions |
jwtCredentialValidationOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwtCredentialValidationOptions
jwtCredentialValidationOptions.clone() ⇒ JwtCredentialValidationOptions
Deep clones the object.
Kind: instance method of JwtCredentialValidationOptions
JwtCredentialValidationOptions.default() ⇒ JwtCredentialValidationOptions
Creates a new JwtCredentialValidationOptions
with defaults.
Kind: static method of JwtCredentialValidationOptions
JwtCredentialValidationOptions.fromJSON(json) ⇒ JwtCredentialValidationOptions
Deserializes an instance from a JSON object.
Kind: static method of JwtCredentialValidationOptions
Param | Type |
---|---|
json | any |
JwtCredentialValidator
A type for decoding and validating Credentials
.
Kind: global class
- JwtCredentialValidator
- new JwtCredentialValidator(signatureVerifier)
- instance
- .validate(credential_jwt, issuer, options, fail_fast) ⇒
DecodedJwtCredential
- .verifySignature(credential, trustedIssuers, options) ⇒
DecodedJwtCredential
- static
- .checkExpiresOnOrAfter(credential, timestamp)
- .checkIssuedOnOrBefore(credential, timestamp)
- .checkSubjectHolderRelationship(credential, holder, relationship)
- .checkStatus(credential, trustedIssuers, statusCheck)
- .extractIssuer(credential) ⇒
CoreDID
new JwtCredentialValidator(signatureVerifier)
Creates a new JwtCredentialValidator
. If a signatureVerifier
is provided it will be used when
verifying decoded JWS signatures, otherwise the default which is only capable of handling the EdDSA
algorithm will be used.
Param | Type |
---|---|
signatureVerifier | IJwsVerifier | undefined |
jwtCredentialValidator.validate(credential_jwt, issuer, options, fail_fast) ⇒ DecodedJwtCredential
Decodes and validates a Credential
issued as a JWS. A DecodedJwtCredential
is returned upon success.
The following properties are validated according to options
:
- the issuer's signature on the JWS,
- the expiration date,
- the issuance date,
- the semantic structure.
Warning
The lack of an error returned from this method is in of itself not enough to conclude that the credential can be trusted. This section contains more information on additional checks that should be carried out before and after calling this method.
The state of the issuer's DID Document
The caller must ensure that issuer
represents an up-to-date DID Document.
Properties that are not validated
There are many properties defined in The Verifiable Credentials Data Model that are not validated, such as:
proof
, credentialStatus
, type
, credentialSchema
, refreshService
and more.
These should be manually checked after validation, according to your requirements.
Errors
An error is returned whenever a validated condition is not satisfied.
Kind: instance method of JwtCredentialValidator
Param | Type |
---|---|
credential_jwt | Jwt |
issuer | CoreDocument | IToCoreDocument |
options | JwtCredentialValidationOptions |
fail_fast | number |
jwtCredentialValidator.verifySignature(credential, trustedIssuers, options) ⇒ DecodedJwtCredential
Decode and verify the JWS signature of a Credential
issued as a JWT using the DID Document of a trusted
issuer.
A DecodedJwtCredential
is returned upon success.
Warning
The caller must ensure that the DID Documents of the trusted issuers are up-to-date.
Proofs
Only the JWS signature is verified. If the Credential
contains a proof
property this will not be verified
by this method.
Errors
This method immediately returns an error if the credential issuer' url cannot be parsed to a DID belonging to one of the trusted issuers. Otherwise an attempt to verify the credential's signature will be made and an error is returned upon failure.
Kind: instance method of JwtCredentialValidator
Param | Type |
---|---|
credential | Jwt |
trustedIssuers | Array.<(CoreDocument|IToCoreDocument)> |
options | JwsVerificationOptions |
JwtCredentialValidator.checkExpiresOnOrAfter(credential, timestamp)
Validate that the credential expires on or after the specified timestamp.
Kind: static method of JwtCredentialValidator
Param | Type |
---|---|
credential | Credential |
timestamp | Timestamp |
JwtCredentialValidator.checkIssuedOnOrBefore(credential, timestamp)
Validate that the credential is issued on or before the specified timestamp.
Kind: static method of JwtCredentialValidator
Param | Type |
---|---|
credential | Credential |
timestamp | Timestamp |
JwtCredentialValidator.checkSubjectHolderRelationship(credential, holder, relationship)
Validate that the relationship between the holder
and the credential subjects is in accordance with
relationship
. The holder
parameter is expected to be the URL of the holder.
Kind: static method of JwtCredentialValidator
Param | Type |
---|---|
credential | Credential |
holder | string |
relationship | number |
JwtCredentialValidator.checkStatus(credential, trustedIssuers, statusCheck)
Checks whether the credential status has been revoked.
Only supports BitmapRevocation2022
.
Kind: static method of JwtCredentialValidator
Param | Type |
---|---|
credential | Credential |
trustedIssuers | Array.<(CoreDocument|IToCoreDocument)> |
statusCheck | number |
JwtCredentialValidator.extractIssuer(credential) ⇒ CoreDID
Utility for extracting the issuer field of a Credential
as a DID.
Errors
Fails if the issuer field is not a valid DID.
Kind: static method of JwtCredentialValidator
Param | Type |
---|---|
credential | Credential |
JwtPresentation
Kind: global class
- JwtPresentation
- new JwtPresentation(values)
- instance
- .context() ⇒
Array.<(string|Record.<string, any>)>
- .id() ⇒
string
|undefined
- .type() ⇒
Array.<string>
- .verifiableCredential() ⇒
Array.<Jwt>
- .holder() ⇒
string
- .refreshService() ⇒
Array.<RefreshService>
- .termsOfUse() ⇒
Array.<Policy>
- .proof() ⇒
Map.<string, any>
|undefined
- .properties() ⇒
Map.<string, any>
- .toJSON() ⇒
any
- .clone() ⇒
JwtPresentation
- static
- .BaseContext() ⇒
string
- .BaseType() ⇒
string
- .fromJSON(json) ⇒
JwtPresentation
new JwtPresentation(values)
Constructs a new presentation.
Param | Type |
---|---|
values | IJwtPresentation |
jwtPresentation.context() ⇒ Array.<(string|Record.<string, any>)>
Returns a copy of the JSON-LD context(s) applicable to the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.id() ⇒ string
| undefined
Returns a copy of the unique URI
identifying the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.type() ⇒ Array.<string>
Returns a copy of the URIs defining the type of the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.verifiableCredential() ⇒ Array.<Jwt>
Returns the JWT credentials expressing the claims of the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.holder() ⇒ string
Returns a copy of the URI of the entity that generated the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.refreshService() ⇒ Array.<RefreshService>
Returns a copy of the service(s) used to refresh an expired Credential in the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.termsOfUse() ⇒ Array.<Policy>
Returns a copy of the terms-of-use specified by the presentation holder
Kind: instance method of JwtPresentation
jwtPresentation.proof() ⇒ Map.<string, any>
| undefined
Optional proof that can be verified by users in addition to JWS.
Kind: instance method of JwtPresentation
jwtPresentation.properties() ⇒ Map.<string, any>
Returns a copy of the miscellaneous properties on the presentation.
Kind: instance method of JwtPresentation
jwtPresentation.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwtPresentation
jwtPresentation.clone() ⇒ JwtPresentation
Deep clones the object.
Kind: instance method of JwtPresentation
JwtPresentation.BaseContext() ⇒ string
Returns the base JSON-LD context.
Kind: static method of JwtPresentation
JwtPresentation.BaseType() ⇒ string
Returns the base type.
Kind: static method of JwtPresentation
JwtPresentation.fromJSON(json) ⇒ JwtPresentation
Deserializes an instance from a JSON object.
Kind: static method of JwtPresentation
Param | Type |
---|---|
json | any |
JwtPresentationOptions
Kind: global class
new JwtPresentationOptions(options)
Creates a new JwtPresentationOptions
from the given fields.
Throws an error if any of the options are invalid.
Param | Type |
---|---|
options | IJwtPresentationOptions | undefined |
jwtPresentationOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwtPresentationOptions
jwtPresentationOptions.clone() ⇒ JwtPresentationOptions
Deep clones the object.
Kind: instance method of JwtPresentationOptions
JwtPresentationOptions.default() ⇒ JwtPresentationOptions
Creates a new JwtPresentationOptions
with defaults.
Kind: static method of JwtPresentationOptions
JwtPresentationOptions.fromJSON(json) ⇒ JwtPresentationOptions
Deserializes an instance from a JSON object.
Kind: static method of JwtPresentationOptions
Param | Type |
---|---|
json | any |
JwtPresentationValidationOptions
Options to declare validation criteria when validating presentation.
Kind: global class
new JwtPresentationValidationOptions(options)
Creates a new JwtPresentationValidationOptions
from the given fields.
Throws an error if any of the options are invalid.
Param | Type |
---|---|
options | IJwtPresentationValidationOptions |
jwtPresentationValidationOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of JwtPresentationValidationOptions
jwtPresentationValidationOptions.clone() ⇒ JwtPresentationValidationOptions
Deep clones the object.
Kind: instance method of JwtPresentationValidationOptions
JwtPresentationValidationOptions.default() ⇒ JwtPresentationValidationOptions
Creates a new JwtPresentationValidationOptions
with defaults.
Kind: static method of JwtPresentationValidationOptions
JwtPresentationValidationOptions.fromJSON(json) ⇒ JwtPresentationValidationOptions
Deserializes an instance from a JSON object.
Kind: static method of JwtPresentationValidationOptions
Param | Type |
---|---|
json | any |
JwtPresentationValidator
Kind: global class
new JwtPresentationValidator(signature_verifier)
Creates a new JwtPresentationValidator
. If a signature_verifier
is provided it will be used when
verifying decoded JWS signatures, otherwise the default which is only capable of handling the EdDSA
algorithm will be used.
Param | Type |
---|---|
signature_verifier | IJwsVerifier | undefined |
jwtPresentationValidator.validate(presentation_jwt, holder, issuers, validation_options, fail_fast) ⇒ DecodedJwtPresentation
Validates a JwtPresentation
.
The following properties are validated according to options
:
- the JWT can be decoded into semantically valid presentation.
- the expiration and issuance date contained in the JWT claims.
- the holder's signature.
- the relationship between the holder and the credential subjects.
- the signatures and some properties of the constituent credentials (see
CredentialValidator
).
Validation is done with respect to the properties set in options
.
Warning
The lack of an error returned from this method is in of itself not enough to conclude that the presentation can be trusted. This section contains more information on additional checks that should be carried out before and after calling this method.
The state of the supplied DID Documents.
The caller must ensure that the DID Documents in holder
and issuers
are up-to-date.
Properties that are not validated
There are many properties defined in The Verifiable Credentials Data Model that are not validated, such as:
credentialStatus
, type
, credentialSchema
, refreshService
, and more.
These should be manually checked after validation, according to your requirements.
Errors
An error is returned whenever a validated condition is not satisfied or when decoding fails.
Kind: instance method of JwtPresentationValidator
Param | Type |
---|---|
presentation_jwt | Jwt |
holder | CoreDocument | IToCoreDocument |
issuers | Array.<(CoreDocument|IToCoreDocument)> |
validation_options | JwtPresentationValidationOptions |
fail_fast | number |
JwtPresentationValidator.checkStructure(presentation)
Validates the semantic structure of the JwtPresentation
.
Kind: static method of JwtPresentationValidator
Param | Type |
---|---|
presentation | JwtPresentation |
JwtPresentationValidator.extractDids(presentation) ⇒ JwtPresentationDids
Attempt to extract the holder of the presentation and the issuers of the included credentials.
Errors:
- If deserialization/decoding of the presentation or any of the constituent credentials fails.
- If the holder or any of the issuers can't be parsed as DIDs.
Kind: static method of JwtPresentationValidator
Param | Type |
---|---|
presentation | Jwt |
KeyPair
Kind: global class
- KeyPair
- new KeyPair(type_)
- instance
- .type() ⇒
number
- .public() ⇒
Uint8Array
- .private() ⇒
Uint8Array
- .toJSON() ⇒
any
- .clone() ⇒
KeyPair
- static
- .fromKeys(type_, public_key, private_key) ⇒
KeyPair
- .tryFromPrivateKeyBytes(keyType, privateKeyBytes) ⇒
KeyPair
- .fromJSON(json) ⇒
KeyPair
new KeyPair(type_)
Generates a new KeyPair
object.
Param | Type |
---|---|
type_ | number |
keyPair.type() ⇒ number
Returns the KeyType
of the KeyPair
object.
Kind: instance method of KeyPair
keyPair.public() ⇒ Uint8Array
Returns a copy of the public key as a Uint8Array
.
Kind: instance method of KeyPair
keyPair.private() ⇒ Uint8Array
Returns a copy of the private key as a Uint8Array
.
Kind: instance method of KeyPair
keyPair.toJSON() ⇒ any
Serializes a KeyPair
object as a JSON object.
Kind: instance method of KeyPair
keyPair.clone() ⇒ KeyPair
Deep clones the object.
Kind: instance method of KeyPair
KeyPair.fromKeys(type_, public_key, private_key) ⇒ KeyPair
Parses a KeyPair
object from the public/private keys.
Kind: static method of KeyPair
Param | Type |
---|---|
type_ | number |
public_key | Uint8Array |
private_key | Uint8Array |
KeyPair.tryFromPrivateKeyBytes(keyType, privateKeyBytes) ⇒ KeyPair
Reconstructs a KeyPair
from the bytes of a private key.
The private key for Ed25519
must be a 32-byte seed in compliance
with RFC 8032.
Other implementations often use another format. See this blog post for further explanation.
Kind: static method of KeyPair
Param | Type |
---|---|
keyType | number |
privateKeyBytes | Uint8Array |
KeyPair.fromJSON(json) ⇒ KeyPair
Deserializes a KeyPair
object from a JSON object.
Kind: static method of KeyPair
Param | Type |
---|---|
json | any |
LinkedDomainService
Kind: global class
- LinkedDomainService
- new LinkedDomainService(options)
- instance
- .domains() ⇒
Array.<string>
- .toService() ⇒
Service
- .clone() ⇒
LinkedDomainService
- static
- .fromService(service) ⇒
LinkedDomainService
- .isValid(service) ⇒
boolean
new LinkedDomainService(options)
Constructs a new LinkedDomainService
that wraps a spec compliant Linked Domain Service Endpoint
Domain URLs must include the https
scheme in order to pass the domain linkage validation.
Param | Type |
---|---|
options | ILinkedDomainService |
linkedDomainService.domains() ⇒ Array.<string>
Returns the domains contained in the Linked Domain Service.
Kind: instance method of LinkedDomainService
linkedDomainService.toService() ⇒ Service
Returns the inner service which can be added to a DID Document.
Kind: instance method of LinkedDomainService
linkedDomainService.clone() ⇒ LinkedDomainService
Deep clones the object.
Kind: instance method of LinkedDomainService
LinkedDomainService.fromService(service) ⇒ LinkedDomainService
Creates a new @link{LinkedDomainService} from a @link{Service}.
Error
Errors if service
is not a valid Linked Domain Service.
Kind: static method of LinkedDomainService
Param | Type |
---|---|
service | Service |
LinkedDomainService.isValid(service) ⇒ boolean
Returns true
if a @link{Service} is a valid Linked Domain Service.
Kind: static method of LinkedDomainService
Param | Type |
---|---|
service | Service |
MethodData
Supported verification method data formats.
Kind: global class
- MethodData
- instance
- .tryDecode() ⇒
Uint8Array
- .toJSON() ⇒
any
- .clone() ⇒
MethodData
- static
- .newBase58(data) ⇒
MethodData
- .newMultibase(data) ⇒
MethodData
- .newJwk(key) ⇒
MethodData
- .fromJSON(json) ⇒
MethodData
methodData.tryDecode() ⇒ Uint8Array
Returns a Uint8Array
containing the decoded bytes of the MethodData
.
This is generally a public key identified by a MethodData
value.
Errors
Decoding can fail if MethodData
has invalid content or cannot be
represented as a vector of bytes.
Kind: instance method of MethodData
methodData.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of MethodData
methodData.clone() ⇒ MethodData
Deep clones the object.
Kind: instance method of MethodData
MethodData.newBase58(data) ⇒ MethodData
Creates a new MethodData
variant with Base58-BTC encoded content.
Kind: static method of MethodData
Param | Type |
---|---|
data | Uint8Array |
MethodData.newMultibase(data) ⇒ MethodData
Creates a new MethodData
variant with Multibase-encoded content.
Kind: static method of MethodData
Param | Type |
---|---|
data | Uint8Array |
MethodData.newJwk(key) ⇒ MethodData
Creates a new MethodData
variant consisting of the given key
.
Errors
An error is thrown if the given key
contains any private components.
Kind: static method of MethodData
Param | Type |
---|---|
key | Jwk |
MethodData.fromJSON(json) ⇒ MethodData
Deserializes an instance from a JSON object.
Kind: static method of MethodData
Param | Type |
---|---|
json | any |
MethodDigest
Unique identifier of a [VerificationMethod
].
NOTE:
This class does not have a JSON representation,
use the methods pack
and unpack
instead.
Kind: global class
- MethodDigest
- new MethodDigest(verification_method)
- instance
- .pack() ⇒
Uint8Array
- .clone() ⇒
MethodDigest
- static
- .unpack(bytes) ⇒
MethodDigest
new MethodDigest(verification_method)
Param | Type |
---|---|
verification_method | VerificationMethod |
methodDigest.pack() ⇒ Uint8Array
Packs MethodDigest
into bytes.
Kind: instance method of MethodDigest
methodDigest.clone() ⇒ MethodDigest
Deep clones the object.
Kind: instance method of MethodDigest
MethodDigest.unpack(bytes) ⇒ MethodDigest
Unpacks bytes into [MethodDigest
].
Kind: static method of MethodDigest
Param | Type |
---|---|
bytes | Uint8Array |
MethodScope
Supported verification method types.
Kind: global class
- MethodScope
- instance
- .toString() ⇒
string
- .toJSON() ⇒
any
- .clone() ⇒
MethodScope
- static
- .VerificationMethod() ⇒
MethodScope
- .Authentication() ⇒
MethodScope
- .AssertionMethod() ⇒
MethodScope
- .KeyAgreement() ⇒
MethodScope
- .CapabilityDelegation() ⇒
MethodScope
- .CapabilityInvocation() ⇒
MethodScope
- .fromJSON(json) ⇒
MethodScope
methodScope.toString() ⇒ string
Returns the MethodScope
as a string.
Kind: instance method of MethodScope
methodScope.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of MethodScope
methodScope.clone() ⇒ MethodScope
Deep clones the object.
Kind: instance method of MethodScope
MethodScope.VerificationMethod() ⇒ MethodScope
Kind: static method of MethodScope
MethodScope.Authentication() ⇒ MethodScope
Kind: static method of MethodScope
MethodScope.AssertionMethod() ⇒ MethodScope
Kind: static method of MethodScope
MethodScope.KeyAgreement() ⇒ MethodScope
Kind: static method of MethodScope
MethodScope.CapabilityDelegation() ⇒ MethodScope
Kind: static method of MethodScope
MethodScope.CapabilityInvocation() ⇒ MethodScope
Kind: static method of MethodScope
MethodScope.fromJSON(json) ⇒ MethodScope
Deserializes an instance from a JSON object.
Kind: static method of MethodScope
Param | Type |
---|---|
json | any |
MethodType
Supported verification method types.
Kind: global class
- MethodType
- instance
- .toString() ⇒
string
- .toJSON() ⇒
any
- .clone() ⇒
MethodType
- static
- .Ed25519VerificationKey2018() ⇒
MethodType
- .X25519KeyAgreementKey2019() ⇒
MethodType
- .JwkMethodType() ⇒
MethodType
- .fromJSON(json) ⇒
MethodType
methodType.toString() ⇒ string
Returns the MethodType
as a string.
Kind: instance method of MethodType
methodType.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of MethodType
methodType.clone() ⇒ MethodType
Deep clones the object.
Kind: instance method of MethodType
MethodType.Ed25519VerificationKey2018() ⇒ MethodType
Kind: static method of MethodType
MethodType.X25519KeyAgreementKey2019() ⇒ MethodType
Kind: static method of MethodType
MethodType.JwkMethodType() ⇒ MethodType
A verification method for use with JWT verification as prescribed by the Jwk
in the publicKeyJwk
entry.
Kind: static method of MethodType
MethodType.fromJSON(json) ⇒ MethodType
Deserializes an instance from a JSON object.
Kind: static method of MethodType
Param | Type |
---|---|
json | any |
Presentation
Kind: global class
- Presentation
- new Presentation(values)
- instance
- .context() ⇒
Array.<(string|Record.<string, any>)>
- .id() ⇒
string
|undefined
- .type() ⇒
Array.<string>
- .verifiableCredential() ⇒
Array.<Credential>
- .holder() ⇒
string
|undefined
- .refreshService() ⇒
Array.<RefreshService>
- .termsOfUse() ⇒
Array.<Policy>
- .proof() ⇒
Proof
|undefined
- .properties() ⇒
Map.<string, any>
- .toJSON() ⇒
any
- .clone() ⇒
Presentation
- static
- .BaseContext() ⇒
string
- .BaseType() ⇒
string
- .fromJSON(json) ⇒
Presentation
new Presentation(values)
Constructs a new Presentation
.
Param | Type |
---|---|
values | IPresentation |
presentation.context() ⇒ Array.<(string|Record.<string, any>)>
Returns a copy of the JSON-LD context(s) applicable to the Presentation
.
Kind: instance method of Presentation
presentation.id() ⇒ string
| undefined
Returns a copy of the unique URI
identifying the Presentation
.
Kind: instance method of Presentation
presentation.type() ⇒ Array.<string>
Returns a copy of the URIs defining the type of the Presentation
.
Kind: instance method of Presentation
presentation.verifiableCredential() ⇒ Array.<Credential>
Returns a copy of the Credential(s) expressing the claims of the Presentation
.
Kind: instance method of Presentation
presentation.holder() ⇒ string
| undefined
Returns a copy of the URI of the entity that generated the Presentation
.
Kind: instance method of Presentation
presentation.refreshService() ⇒ Array.<RefreshService>
Returns a copy of the service(s) used to refresh an expired Credential in the Presentation
.
Kind: instance method of Presentation
presentation.termsOfUse() ⇒ Array.<Policy>
Returns a copy of the terms-of-use specified by the Presentation
holder
Kind: instance method of Presentation
presentation.proof() ⇒ Proof
| undefined
Returns a copy of the proof used to verify the Presentation
.
Kind: instance method of Presentation
presentation.properties() ⇒ Map.<string, any>
Returns a copy of the miscellaneous properties on the Presentation
.
Kind: instance method of Presentation
presentation.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Presentation
presentation.clone() ⇒ Presentation
Deep clones the object.
Kind: instance method of Presentation
Presentation.BaseContext() ⇒ string
Returns the base JSON-LD context.
Kind: static method of Presentation
Presentation.BaseType() ⇒ string
Returns the base type.
Kind: static method of Presentation
Presentation.fromJSON(json) ⇒ Presentation
Deserializes an instance from a JSON object.
Kind: static method of Presentation
Param | Type |
---|---|
json | any |
PresentationValidationOptions
Options to declare validation criteria when validating presentation.
Kind: global class
new PresentationValidationOptions(options)
Creates a new PresentationValidationOptions
from the given fields.
Throws an error if any of the options are invalid.
Param | Type |
---|---|
options | IPresentationValidationOptions |
presentationValidationOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of PresentationValidationOptions
presentationValidationOptions.clone() ⇒ PresentationValidationOptions
Deep clones the object.
Kind: instance method of PresentationValidationOptions
PresentationValidationOptions.default() ⇒ PresentationValidationOptions
Creates a new PresentationValidationOptions
with defaults.
Kind: static method of PresentationValidationOptions
PresentationValidationOptions.fromJSON(json) ⇒ PresentationValidationOptions
Deserializes an instance from a JSON object.
Kind: static method of PresentationValidationOptions
Param | Type |
---|---|
json | any |
PresentationValidator
Kind: global class
PresentationValidator.validate(presentation, holder, issuers, options, fail_fast)
Validate a Presentation
.
The following properties are validated according to options
:
- the semantic structure of the presentation,
- the holder's signature,
- the relationship between the holder and the credential subjects,
- the signatures and some properties of the constituent credentials (see
CredentialValidator::validate
).
Warning
The lack of an error returned from this method is in of itself not enough to conclude that the presentation can be trusted. This section contains more information on additional checks that should be carried out before and after calling this method.
The state of the supplied DID Documents.
The caller must ensure that the DID Documents in holder
and issuers
are up-to-date. The convenience methods
Resolver::resolve_presentation_holder
and Resolver::resolve_presentation_issuers
can help extract the latest available states of these DID Documents.
Properties that are not validated
There are many properties defined in The Verifiable Credentials Data Model that are not validated, such as:
credentialStatus
, type
, credentialSchema
, refreshService
, and more.
These should be manually checked after validation, according to your requirements.
Errors
An error is returned whenever a validated condition is not satisfied.
Kind: static method of PresentationValidator
Param | Type |
---|---|
presentation | Presentation |
holder | CoreDocument | IToCoreDocument |
issuers | Array.<(CoreDocument|IToCoreDocument)> |
options | PresentationValidationOptions |
fail_fast | number |
PresentationValidator.verifyPresentationSignature(presentation, holder, options)
Verify the presentation's signature using the resolved document of the holder.
Warning
The caller must ensure that the DID Document of the holder is up-to-date.
Errors
Fails if the holder
does not match the presentation
's holder property.
Fails if signature verification against the holder document fails.
Kind: static method of PresentationValidator
Param | Type |
---|---|
presentation | Presentation |
holder | CoreDocument | IToCoreDocument |
options | VerifierOptions |
PresentationValidator.checkStructure(presentation)
Validates the semantic structure of the Presentation
.
Kind: static method of PresentationValidator
Param | Type |
---|---|
presentation | Presentation |
PresentationValidator.extractHolder(presentation) ⇒ CoreDID
Utility for extracting the holder field of a Presentation
as a DID.
Errors
Fails if the holder field is missing or not a valid DID.
Kind: static method of PresentationValidator
Param | Type |
---|---|
presentation | Presentation |
Proof
A digital signature.
For field definitions see: https://w3c-ccg.github.io/security-vocab/
Kind: global class
- Proof
- instance
- .type() ⇒
string
- .value() ⇒
string
- .verificationMethod() ⇒
string
- .created() ⇒
Timestamp
|undefined
- .expires() ⇒
Timestamp
|undefined
- .challenge() ⇒
string
|undefined
- .domain() ⇒
string
|undefined
- .purpose() ⇒
ProofPurpose
|undefined
- .toJSON() ⇒
any
- .clone() ⇒
Proof
- static
- .fromJSON(json) ⇒
Proof
proof.type() ⇒ string
Returns a copy of the proof type.
Kind: instance method of Proof
proof.value() ⇒ string
Returns a copy of the proof value string.
Kind: instance method of Proof
proof.verificationMethod() ⇒ string
Returns a copy of the identifier of the DID method used to create this proof.
Kind: instance method of Proof
proof.created() ⇒ Timestamp
| undefined
When the proof was generated.
Kind: instance method of Proof
proof.expires() ⇒ Timestamp
| undefined
When the proof expires.
Kind: instance method of Proof
proof.challenge() ⇒ string
| undefined
Challenge from a proof requester to mitigate replay attacks.
Kind: instance method of Proof
proof.domain() ⇒ string
| undefined
Domain for which a proof is valid to mitigate replay attacks.
Kind: instance method of Proof
proof.purpose() ⇒ ProofPurpose
| undefined
Purpose for which the proof was generated.
Kind: instance method of Proof
proof.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Proof
proof.clone() ⇒ Proof
Deep clones the object.
Kind: instance method of Proof
Proof.fromJSON(json) ⇒ Proof
Deserializes an instance from a JSON object.
Kind: static method of Proof
Param | Type |
---|---|
json | any |
ProofOptions
Holds additional options for creating signatures.
See IProofOptions
.
Kind: global class
- ProofOptions
- new ProofOptions(options)
- instance
- .toJSON() ⇒
any
- .clone() ⇒
ProofOptions
- static
- .default() ⇒
ProofOptions
- .fromJSON(json) ⇒
ProofOptions
new ProofOptions(options)
Creates a new ProofOptions
from the given fields.
Throws an error if any of the options are invalid.
Param | Type |
---|---|
options | IProofOptions |
proofOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of ProofOptions
proofOptions.clone() ⇒ ProofOptions
Deep clones the object.
Kind: instance method of ProofOptions
ProofOptions.default() ⇒ ProofOptions
Creates a new ProofOptions
with default options.
Kind: static method of ProofOptions
ProofOptions.fromJSON(json) ⇒ ProofOptions
Deserializes an instance from a JSON object.
Kind: static method of ProofOptions
Param | Type |
---|---|
json | any |
ProofPurpose
Associates a purpose with a Proof.
See https://w3c-ccg.github.io/security-vocab/#proofPurpose
Kind: global class
- ProofPurpose
- instance
- .toJSON() ⇒
any
- .clone() ⇒
ProofPurpose
- static
- .assertionMethod() ⇒
ProofPurpose
- .authentication() ⇒
ProofPurpose
- .fromJSON(json) ⇒
ProofPurpose
proofPurpose.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of ProofPurpose
proofPurpose.clone() ⇒ ProofPurpose
Deep clones the object.
Kind: instance method of ProofPurpose
ProofPurpose.assertionMethod() ⇒ ProofPurpose
Purpose is to assert a claim. See https://www.w3.org/TR/did-core/#assertion
Kind: static method of ProofPurpose
ProofPurpose.authentication() ⇒ ProofPurpose
Purpose is to authenticate the signer. See https://www.w3.org/TR/did-core/#authentication
Kind: static method of ProofPurpose
ProofPurpose.fromJSON(json) ⇒ ProofPurpose
Deserializes an instance from a JSON object.
Kind: static method of ProofPurpose
Param | Type |
---|---|
json | any |
Resolver
Convenience type for resolving DID documents from different DID methods.
Also provides methods for resolving DID Documents associated with
verifiable Credentials
and Presentations
.
Configuration
The resolver will only be able to resolve DID documents for methods it has been configured for in the constructor.
Kind: global class
- Resolver
- new Resolver(config)
- .resolve(did) ⇒
Promise.<(CoreDocument|IToCoreDocument)>
new Resolver(config)
Constructs a new Resolver
.
Errors
If both a client
is given and the handlers
map contains the "iota" key the construction process
will throw an error because the handler for the "iota" method then becomes ambiguous.
Param | Type |
---|---|
config | ResolverConfig |
resolver.resolve(did) ⇒ Promise.<(CoreDocument|IToCoreDocument)>
Fetches the DID Document of the given DID.
Errors
Errors if the resolver has not been configured to handle the method corresponding to the given DID or the resolution process itself fails.
Kind: instance method of Resolver
Param | Type |
---|---|
did | string |
RevocationBitmap
A compressed bitmap for managing credential revocation.
Kind: global class
- RevocationBitmap
- new RevocationBitmap()
- instance
- .isRevoked(index) ⇒
boolean
- .revoke(index) ⇒
boolean
- .unrevoke(index) ⇒
boolean
- .len() ⇒
number
- .toEndpoint() ⇒
string
|Array.<string>
|Map.<string, Array.<string>>
- static
- .type() ⇒
string
- .fromEndpoint(endpoint) ⇒
RevocationBitmap
new RevocationBitmap()
Creates a new RevocationBitmap
instance.
revocationBitmap.isRevoked(index) ⇒ boolean
Returns true
if the credential at the given index
is revoked.
Kind: instance method of RevocationBitmap
Param | Type |
---|---|
index | number |
revocationBitmap.revoke(index) ⇒ boolean
Mark the given index as revoked.
Returns true if the index was absent from the set.
Kind: instance method of RevocationBitmap
Param | Type |
---|---|
index | number |
revocationBitmap.unrevoke(index) ⇒ boolean
Mark the index as not revoked.
Returns true if the index was present in the set.
Kind: instance method of RevocationBitmap
Param | Type |
---|---|
index | number |
revocationBitmap.len() ⇒ number
Returns the number of revoked credentials.
Kind: instance method of RevocationBitmap
revocationBitmap.toEndpoint() ⇒ string
| Array.<string>
| Map.<string, Array.<string>>
Return the bitmap as a data url embedded in a service endpoint.
Kind: instance method of RevocationBitmap
RevocationBitmap.type() ⇒ string
The name of the service type.
Kind: static method of RevocationBitmap
RevocationBitmap.fromEndpoint(endpoint) ⇒ RevocationBitmap
Construct a RevocationBitmap
from a data url
.
Kind: static method of RevocationBitmap
Param | Type |
---|---|
endpoint | string | Array.<string> | Map.<string, Array.<string>> |
Service
A DID Document Service used to enable trusted interactions associated with a DID subject.
Kind: global class
- Service
- new Service(service)
- instance
- .id() ⇒
DIDUrl
- .type() ⇒
Array.<string>
- .serviceEndpoint() ⇒
string
|Array.<string>
|Map.<string, Array.<string>>
- .properties() ⇒
Map.<string, any>
- .toJSON() ⇒
any
- .clone() ⇒
Service
- static
- .fromJSON(json) ⇒
Service
new Service(service)
Param | Type |
---|---|
service | IService |
service.id() ⇒ DIDUrl
Returns a copy of the Service
id.
Kind: instance method of Service
service.type() ⇒ Array.<string>
Returns a copy of the Service
type.
Kind: instance method of Service
service.serviceEndpoint() ⇒ string
| Array.<string>
| Map.<string, Array.<string>>
Returns a copy of the Service
endpoint.
Kind: instance method of Service
service.properties() ⇒ Map.<string, any>
Returns a copy of the custom properties on the Service
.
Kind: instance method of Service
service.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Service
service.clone() ⇒ Service
Deep clones the object.
Kind: instance method of Service
Service.fromJSON(json) ⇒ Service
Deserializes an instance from a JSON object.
Kind: static method of Service
Param | Type |
---|---|
json | any |
Storage
A type wrapping a JwkStorage
and KeyIdStorage
that should always be used together when
working with storage backed DID documents.
Kind: global class
- Storage
- new Storage(jwkStorage, keyIdStorage)
- .keyIdStorage() ⇒
KeyIdStorage
- .keyStorage() ⇒
JwkStorage
new Storage(jwkStorage, keyIdStorage)
Constructs a new Storage
.
Param | Type |
---|---|
jwkStorage | JwkStorage |
keyIdStorage | KeyIdStorage |
storage.keyIdStorage() ⇒ KeyIdStorage
Obtain the wrapped KeyIdStorage
.
Kind: instance method of Storage
storage.keyStorage() ⇒ JwkStorage
Obtain the wrapped JwkStorage
.
Kind: instance method of Storage
Timestamp
Kind: global class
- Timestamp
- instance
- .toRFC3339() ⇒
string
- .checkedAdd(duration) ⇒
Timestamp
|undefined
- .checkedSub(duration) ⇒
Timestamp
|undefined
- .toJSON() ⇒
any
- static
- .parse(input) ⇒
Timestamp
- .nowUTC() ⇒
Timestamp
- .fromJSON(json) ⇒
Timestamp
timestamp.toRFC3339() ⇒ string
Returns the Timestamp
as an RFC 3339 String
.
Kind: instance method of Timestamp
timestamp.checkedAdd(duration) ⇒ Timestamp
| undefined
Computes self + duration
Returns null
if the operation leads to a timestamp not in the valid range for RFC 3339.
Kind: instance method of Timestamp
Param | Type |
---|---|
duration | Duration |
timestamp.checkedSub(duration) ⇒ Timestamp
| undefined
Computes self - duration
Returns null
if the operation leads to a timestamp not in the valid range for RFC 3339.
Kind: instance method of Timestamp
Param | Type |
---|---|
duration | Duration |
timestamp.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of Timestamp
Timestamp.parse(input) ⇒ Timestamp
Parses a Timestamp
from the provided input string.
Kind: static method of Timestamp
Param | Type |
---|---|
input | string |
Timestamp.nowUTC() ⇒ Timestamp
Creates a new Timestamp
with the current date and time.
Kind: static method of Timestamp
Timestamp.fromJSON(json) ⇒ Timestamp
Deserializes an instance from a JSON object.
Kind: static method of Timestamp
Param | Type |
---|---|
json | any |
VerificationMethod
A DID Document Verification Method.
Kind: global class
- VerificationMethod
- new VerificationMethod(did, keyType, publicKey, fragment)
- instance
- .id() ⇒
DIDUrl
- .setId(id)
- .controller() ⇒
CoreDID
- .setController(did)
- .type() ⇒
MethodType
- .setType(type_)
- .data() ⇒
MethodData
- .setData(data)
- .properties() ⇒
Map.<string, any>
- .setPropertyUnchecked(key, value)
- .toJSON() ⇒
any
- .clone() ⇒
VerificationMethod
- static
- .newFromJwk(did, key, fragment) ⇒
VerificationMethod
- .fromJSON(json) ⇒
VerificationMethod
new VerificationMethod(did, keyType, publicKey, fragment)
Creates a new VerificationMethod
from the given did
and public key.
Param | Type |
---|---|
did | CoreDID | IToCoreDID |
keyType | number |
publicKey | Uint8Array |
fragment | string |
verificationMethod.id() ⇒ DIDUrl
Returns a copy of the DIDUrl
of the VerificationMethod
's id
.
Kind: instance method of VerificationMethod
verificationMethod.setId(id)
Sets the id of the VerificationMethod
.
Kind: instance method of VerificationMethod
Param | Type |
---|---|
id | DIDUrl |
verificationMethod.controller() ⇒ CoreDID
Returns a copy of the controller
DID
of the VerificationMethod
.
Kind: instance method of VerificationMethod
verificationMethod.setController(did)
Sets the controller
DID
of the VerificationMethod
object.
Kind: instance method of VerificationMethod
Param | Type |
---|---|
did | CoreDID |
verificationMethod.type() ⇒ MethodType
Returns a copy of the VerificationMethod
type.
Kind: instance method of VerificationMethod
verificationMethod.setType(type_)
Sets the VerificationMethod
type.
Kind: instance method of VerificationMethod
Param | Type |
---|---|
type_ | MethodType |
verificationMethod.data() ⇒ MethodData
Returns a copy of the VerificationMethod
public key data.
Kind: instance method of VerificationMethod
verificationMethod.setData(data)
Sets VerificationMethod
public key data.
Kind: instance method of VerificationMethod
Param | Type |
---|---|
data | MethodData |
verificationMethod.properties() ⇒ Map.<string, any>
Get custom properties of the Verification Method.
Kind: instance method of VerificationMethod
verificationMethod.setPropertyUnchecked(key, value)
Adds a custom property to the Verification Method.
If the value is set to null
, the custom property will be removed.
WARNING
This method can overwrite existing properties like id
and result
in an invalid Verification Method.
Kind: instance method of VerificationMethod
Param | Type |
---|---|
key | string |
value | any |
verificationMethod.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of VerificationMethod
verificationMethod.clone() ⇒ VerificationMethod
Deep clones the object.
Kind: instance method of VerificationMethod
VerificationMethod.newFromJwk(did, key, fragment) ⇒ VerificationMethod
Creates a new VerificationMethod
from the given did
and Jwk
. If fragment
is not given
the kid
value of the given key
will be used, if present, otherwise an error is returned.
Recommendations
The following recommendations are essentially taken from the publicKeyJwk
description from the DID specification:
- It is recommended that verification methods that use
Jwks
to represent their public keys use the value ofkid
as their fragment identifier. This is done automatically ifNone
is passed in as the fragment. - It is recommended that
Jwk
kid values are set to the public key fingerprint.
Kind: static method of VerificationMethod
Param | Type |
---|---|
did | CoreDID | IToCoreDID |
key | Jwk |
fragment | string | undefined |
VerificationMethod.fromJSON(json) ⇒ VerificationMethod
Deserializes an instance from a JSON object.
Kind: static method of VerificationMethod
Param | Type |
---|---|
json | any |
VerifierOptions
Holds additional proof verification options.
See IVerifierOptions
.
Kind: global class
- VerifierOptions
- new VerifierOptions(options)
- instance
- .toJSON() ⇒
any
- .clone() ⇒
VerifierOptions
- static
- .default() ⇒
VerifierOptions
- .fromJSON(json) ⇒
VerifierOptions
new VerifierOptions(options)
Creates a new VerifierOptions
from the given fields.
Throws an error if any of the options are invalid.
Param | Type |
---|---|
options | IVerifierOptions |
verifierOptions.toJSON() ⇒ any
Serializes this to a JSON object.
Kind: instance method of VerifierOptions
verifierOptions.clone() ⇒ VerifierOptions
Deep clones the object.
Kind: instance method of VerifierOptions
VerifierOptions.default() ⇒ VerifierOptions
Creates a new VerifierOptions
with default options.
Kind: static method of VerifierOptions
VerifierOptions.fromJSON(json) ⇒ VerifierOptions
Deserializes an instance from a JSON object.
Kind: static method of VerifierOptions
Param | Type |
---|---|
json | any |
X25519
An implementation of X25519
Elliptic-curve Diffie-Hellman (ECDH) cryptographic key exchange.
Kind: global class
- X25519
- .PRIVATE_KEY_LENGTH() ⇒
number
- .PUBLIC_KEY_LENGTH() ⇒
number
- .keyExchange(privateKey, publicKey) ⇒
Uint8Array
- .Ed25519toX25519Private(privateKey) ⇒
Uint8Array
- .Ed25519toX25519Public(publicKey) ⇒
Uint8Array
- .PRIVATE_KEY_LENGTH() ⇒
X25519.PRIVATE_KEY_LENGTH() ⇒ number
Length in bytes of an X25519 private key.
Kind: static method of X25519
X25519.PUBLIC_KEY_LENGTH() ⇒ number
Length in bytes of an X25519 public key.
Kind: static method of X25519
X25519.keyExchange(privateKey, publicKey) ⇒ Uint8Array
Performs Diffie-Hellman key exchange using the private key of the first party with the public key of the second party, resulting in a shared secret.
Kind: static method of X25519
Param | Type |
---|---|
privateKey | Uint8Array |
publicKey | Uint8Array |
X25519.Ed25519toX25519Private(privateKey) ⇒ Uint8Array
Transforms an Ed25519
private key to an X25519
private key.
This is possible because Ed25519 is birationally equivalent to Curve25519 used by X25519.
Kind: static method of X25519
Param | Type |
---|---|
privateKey | Uint8Array |
X25519.Ed25519toX25519Public(publicKey) ⇒ Uint8Array
Transforms an Ed25519
public key to an X25519
public key.
This is possible because Ed25519 is birationally equivalent to Curve25519 used by X25519.
Kind: static method of X25519
Param | Type |
---|---|
publicKey | Uint8Array |
StateMetadataEncoding
Kind: global variable
StatusCheck
Controls validation behaviour when checking whether or not a credential has been revoked by its
credentialStatus
.
Kind: global variable
Strict
Validate the status if supported, reject any unsupported
credentialStatus
types.
Only RevocationBitmap2022
is currently supported.
This is the default.
Kind: global variable
SkipUnsupported
Validate the status if supported, skip any unsupported
credentialStatus
types.
Kind: global variable
SkipAll
Skip all status checks.
Kind: global variable
SubjectHolderRelationship
Declares how credential subjects must relate to the presentation holder during validation.
See PresentationValidationOptions::subject_holder_relationship
.
See also the Subject-Holder Relationship section of the specification.
Kind: global variable
AlwaysSubject
The holder must always match the subject on all credentials, regardless of their nonTransferable
property.
This variant is the default used if no other variant is specified when constructing a new
PresentationValidationOptions
.
Kind: global variable
SubjectOnNonTransferable
The holder must match the subject only for credentials where the nonTransferable
property is true
.
Kind: global variable
Any
The holder is not required to have any kind of relationship to any credential subject.
Kind: global variable
FailFast
Declares when validation should return if an error occurs.
Kind: global variable
AllErrors
Return all errors that occur during validation.
Kind: global variable
FirstError
Return after the first error occurs.
Kind: global variable
KeyType
Kind: global variable
MethodRelationship
Kind: global variable
verifyEdDSA(alg, signingInput, decodedSignature, publicKey)
Verify a JWS signature secured with the JwsAlgorithm::EdDSA
algorithm.
Only the EdCurve::Ed25519
variant is supported for now.
This function is useful when one is building an IJwsVerifier
that extends the default provided by
the IOTA Identity Framework.
Warning
This function does not check whether alg = EdDSA
in the protected header. Callers are expected to assert this
prior to calling the function.
Kind: global function
Param | Type |
---|---|
alg | JwsAlgorithm |
signingInput | Uint8Array |
decodedSignature | Uint8Array |
publicKey | Jwk |
encodeB64(data) ⇒ string
Encode the given bytes in url-safe base64.
Kind: global function
Param | Type |
---|---|
data | Uint8Array |
decodeB64(data) ⇒ Uint8Array
Decode the given url-safe base64-encoded slice into its raw bytes.
Kind: global function
Param | Type |
---|---|
data | Uint8Array |
start()
Initializes the console error panic hook for better error messages
Kind: global function