{"version":3,"file":"CredentialIssuancePurpose.mjs","names":[],"sources":["../../../../../src/modules/vc/data-integrity/proof-purposes/CredentialIssuancePurpose.ts"],"sourcesContent":["import type { JsonObject } from '../../../../types'\nimport type { DocumentLoader, Proof } from '../jsonldUtil'\n\nimport { purposes, suites } from '../libraries/jsonld-signatures'\n\nconst AssertionProofPurpose = purposes.AssertionProofPurpose\nconst LinkedDataProof = suites.LinkedDataProof\n/**\n * Creates a proof purpose that will validate whether or not the verification\n * method in a proof was authorized by its declared controller for the\n * proof's purpose.\n */\nexport class CredentialIssuancePurpose extends AssertionProofPurpose {\n /**\n * @param {object} options - The options to use.\n * @param {object} [options.controller] - The description of the controller,\n * if it is not to be dereferenced via a `documentLoader`.\n * @param {string|Date|number} [options.date] - The expected date for\n * the creation of the proof.\n * @param {number} [options.maxTimestampDelta=Infinity] - A maximum number\n * of seconds that the date on the signature can deviate from.\n */\n public constructor(options: { controller?: Record; date: string; maxTimestampDelta?: number }) {\n options.maxTimestampDelta = options.maxTimestampDelta || Number.POSITIVE_INFINITY\n super(options)\n }\n\n /**\n * Validates the purpose of a proof. This method is called during\n * proof verification, after the proof value has been checked against the\n * given verification method (in the case of a digital signature, the\n * signature has been cryptographically verified against the public key).\n *\n * @param {object} proof - The proof to validate.\n * @param {object} options - The options to use.\n * @param {object} options.document - The document whose signature is\n * being verified.\n * @param {object} options.suite - Signature suite used in\n * the proof.\n * @param {string} options.verificationMethod - Key id URL to the paired\n * public key.\n * @param {object} [options.documentLoader] - A document loader.\n *\n * @throws {Error} If verification method not authorized by controller.\n * @throws {Error} If proof's created timestamp is out of range.\n *\n * @returns {Promise<{valid: boolean, error: Error}>} Resolves on completion.\n */\n public async validate(\n proof: Proof,\n options?: {\n document: JsonObject\n suite: typeof LinkedDataProof\n verificationMethod: string\n documentLoader?: DocumentLoader\n }\n // biome-ignore lint/suspicious/noExplicitAny: no explanation\n ): Promise<{ valid: boolean; error?: any }> {\n try {\n const result = await super.validate(proof, options)\n\n if (!result.valid) {\n throw result.error\n }\n\n // This @ts-expect-error is necessary because the .getValues() method is not part of the public API.\n //@ts-expect-error\n const issuer = jsonld.util.getValues(options.document, 'issuer')\n\n if (!issuer || issuer.length === 0) {\n throw new Error('Credential issuer is required.')\n }\n\n const issuerId = typeof issuer[0] === 'string' ? issuer[0] : issuer[0].id\n\n if (result.controller.id !== issuerId) {\n throw new Error('Credential issuer must match the verification method controller.')\n }\n\n return { valid: true }\n } catch (error) {\n return { valid: false, error }\n }\n }\n}\n"],"mappings":";;;;;AAKA,MAAM,wBAAwB,SAAS;AACf,OAAO;;;;;;AAM/B,IAAa,4BAAb,cAA+C,sBAAsB;;;;;;;;;;CAUnE,AAAO,YAAY,SAA6F;AAC9G,UAAQ,oBAAoB,QAAQ,qBAAqB,OAAO;AAChE,QAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;CAwBhB,MAAa,SACX,OACA,SAO0C;AAC1C,MAAI;GACF,MAAM,SAAS,MAAM,MAAM,SAAS,OAAO,QAAQ;AAEnD,OAAI,CAAC,OAAO,MACV,OAAM,OAAO;GAKf,MAAM,SAAS,OAAO,KAAK,UAAU,QAAQ,UAAU,SAAS;AAEhE,OAAI,CAAC,UAAU,OAAO,WAAW,EAC/B,OAAM,IAAI,MAAM,iCAAiC;GAGnD,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,OAAO,KAAK,OAAO,GAAG;AAEvE,OAAI,OAAO,WAAW,OAAO,SAC3B,OAAM,IAAI,MAAM,mEAAmE;AAGrF,UAAO,EAAE,OAAO,MAAM;WACf,OAAO;AACd,UAAO;IAAE,OAAO;IAAO;IAAO"}