jpmorganchase · alexmylonas · Mar 6, 2024 · Apr 11, 2024 · Apr 11, 2024 · alexmylonas
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -4,34 +4,25 @@
   "description": "SSI SDK for Onyx W3C Verifiable Credentials",
   "license": "Apache-2.0",
   "source": "src/index.ts",
-  "types": "./lib/cjs/types/index.d.ts",
   "main": "./lib/cjs/index.js",
+  "module": "./lib/esm/index.mjs",
+  "esnext": "./lib/esm/index.mjs",
+  "types": "./lib/esm/types/index.d.ts",
+  "type": "commonjs",
   "files": [
     "dist",
     "lib",
     "src",
     "LICENSE"
   ],
-  "exports": {
-    ".": {
-      "import": {
-        "types": "./lib/esm/types/index.d.ts",
-        "default": "./lib/esm/index.mjs"
-      },
-      "require": {
-        "types": "./lib/cjs/types/index.d.ts",
-        "default": "./lib/cjs/index.js"
-      }
-    }
-  },
   "repository": {
     "type": "git",
     "url": "https://github.com/jpmorganchase/onyx-ssi-sdk"
   },
   "scripts": {
     "clean": "rm -rf ./lib",
     "build": "npm run clean && npm run build:esm && npm run build:cjs",
-    "build:esm": "tsc -p ./configs/tsconfig.esm.json && mv lib/esm/index.js lib/esm/index.mjs",
+    "build:esm": "tsc -p ./configs/tsconfig.esm.json",
     "build:cjs": "tsc -p ./configs/tsconfig.cjs.json",
     "prepack": "npm run build",
     "lint": "eslint .",
@@ -40,6 +31,7 @@
   "keywords": [],
   "author": "",
   "devDependencies": {
+    "@nomicfoundation/hardhat-toolbox": "^2.0.2",
     "@types/jest": "^29.5.1",
     "@types/jsonwebtoken": "^9.0.2",
     "@types/mocha": "^10.0.1",
@@ -56,7 +48,6 @@
     "@ethersproject/providers": "^5.6.8",
     "@nomicfoundation/hardhat-chai-matchers": "^1.0.3",
     "@nomicfoundation/hardhat-network-helpers": "^1.0.4",
-    "@nomicfoundation/hardhat-toolbox": "^2.0.2",
     "@nomiclabs/hardhat-ethers": "^2.1.1",
     "@nomiclabs/hardhat-etherscan": "^3.1.0",
     "@nomiclabs/hardhat-solhint": "^2.0.1",
@@ -65,6 +56,8 @@
     "@typechain/hardhat": "^6.1.2",
     "@types/chai": "^4.3.5",
     "@types/lodash": "^4.14.194",
+    "ajv": "^8.12.0",
+    "ajv-formats": "^3.0.1",
     "axios": "^1.3.5",
     "chai": "^4.3.7",
     "did-jwt": "6.11.6",
@@ -74,9 +67,8 @@
     "ethr-did-resolver": "^8.0.0",
     "hardhat": "^2.14.0",
     "hardhat-gas-reporter": "^1.0.9",
-    "jsonschema": "^1.4.1",
-    "jsonwebtoken": "^9.0.0",
-    "key-did-resolver": "1.4.0",
+    "jose": "^5.2.4",
+    "key-did-resolver": "^1.4.0",
     "lodash": "^4.17.21",
     "loglevel": "^1.8.1",
     "solidity-coverage": "^0.8.2",
@@ -86,5 +78,8 @@
   "overrides": {
     "flat": ">=5.0.1",
     "minimatch": ">=3.0.5"
+  },
+  "browser": {
+    "fs": false
   }
 }
diff --git a/src/services/common/did/did-key.ts b/src/services/common/did/did-key.ts
@@ -1,5 +1,5 @@
 import { DIDResolutionResult, DIDResolver, Resolver } from "did-resolver";
-import {randomBytes} from "crypto"
+import { utils } from 'ethers';
 import { DID, DIDMethod, DIDWithKeys } from "./did";
 import { KeyUtils, KEY_ALG } from "../../../utils";
 import { getResolver } from "key-did-resolver";
@@ -15,7 +15,7 @@ export class KeyDIDMethod implements DIDMethod {
       */
     async create(): Promise<DIDWithKeys> {
         const seed = () => {
-            return randomBytes(32)
+            return utils.randomBytes(32)
         }
 
         const key = await Ed25519KeyPair.generate({

diff --git a/src/services/common/schemas/schemas.ts b/src/services/common/schemas/schemas.ts
@@ -1,15 +1,16 @@
-
-import { validate } from 'jsonschema'
+import Ajv from 'ajv'
+import addFormats from "ajv-formats"
 import { SchemaValidationFailureError } from '../../../errors'
 import { HelperUtils } from '../../../utils/HelperUtils'
+// import jsonSchemaDraft07 from 'ajv/dist/refs/json-schema-draft-07.json'
 
 export class SchemaManager {
 
     /**
      * Reads in a [JSON schema](https://json-schema.org/specification-links.html#draft-7) 
      * for a Verifiable Credential from a remote location
      * 
-     * Once retrieved from the remote location, the schema will be validated using `jsonschema`
+     * Once retrieved from the remote location, the schema will be validated using `ajv`
      * 
      * @param schemaLocation - the remote location of the schema file
      * @returns a `Promise` that resolves to a Verifiable Credential {@link JsonSchema} object.
@@ -29,7 +30,7 @@ export class SchemaManager {
      * Reads in a [JSON schema](https://json-schema.org/specification-links.html#draft-7) 
      * for a Verifiable Credential from a local file location
      * 
-     * Once retrieved from the location, the schema will be validated using jsonschema
+     * Once retrieved from the location, the schema will be validated using 'ajv'
      * 
      * @param schemaLocation - the file path of the schema file
      * @returns a `Promise` that resolves to a Verifiable Credential {@link JsonSchema} object.
@@ -66,9 +67,9 @@ export class SchemaManager {
         }
         const spec = await HelperUtils.axiosHelper(schemaUrl)
         if(typeof spec === 'object') {
-            return spec
+            return spec.data ? spec.data : spec
         }
-        return HelperUtils.parseJSON(spec)          
+        return HelperUtils.parseJSON(spec)         
     }
 
     /**
@@ -82,7 +83,10 @@ export class SchemaManager {
      */
     static async validateSchema(schema: JsonSchema): Promise<boolean> {
         const schemaSpec = await this.getSchemaSpec(schema)
-        return validate(schema, schemaSpec, {throwError: true}).valid
+        const ajv = new Ajv({ meta: false })
+        addFormats(ajv)
+        const validate = ajv.compile(schemaSpec)
+        return validate(schema)
     }
 
     /**
@@ -91,19 +95,20 @@ export class SchemaManager {
      * [`credentialSchema`](https://www.w3.org/TR/vc-data-model/#data-schemas) defined 
      * in the Verifiable Credential
      * 
-     * `validate` from jsonschema is used to do the schema validation
+     * `validate` from ajv is used to do the schema validation
      * 
      * Verifying the `credentialSubject` structure is a check the Verifier can perform
      * to validate a Verifiable Credential
      * 
      * 
      * @param credentialSubject the data object to be validated
      * @param schema the `JsonSchema` that the `credentialSubject` should conform to
-     * @returns a `Promise` that resolves to if the validation succeeded. 
-     * Throws jsonschema ValidationError if something goes wrong
+     * @returns `boolean` that indicates if the validation succeeded. 
      */
     static validateCredentialSubject(credentialSubject: object, schema: JsonSchema): boolean {
-        return validate(credentialSubject, schema, {throwError: true}).valid
+        const ajv = new Ajv()
+        const validate = ajv.compile(schema)
+        return validate(credentialSubject)
     }
 }
 

diff --git a/src/services/common/signatures/jwt.ts b/src/services/common/signatures/jwt.ts
@@ -4,7 +4,7 @@ import { CredentialPayload, PresentationPayload, createVerifiableCredentialJwt,
 import { ES256KSigner, hexToBytes, EdDSASigner } from 'did-jwt'
 import { KEY_ALG } from "../../../utils";
 import { isString } from 'lodash'
-import {decode} from 'jsonwebtoken';
+import { decodeJwt, decodeProtectedHeader } from 'jose';
 
 export class JWTService implements SignatureService {
     name = 'JWT'
@@ -97,7 +97,10 @@ export class JWTService implements SignatureService {
      * @return decoded JWT object {header, payload, signature}
      */
     decodeJWT(token: JWT) {
-        return decode(token, {complete:true})
+        const header = decodeProtectedHeader(token)
+        const payload = decodeJwt(token);
+        const signature = token.split('.')[2]
+        return { header, payload, signature }
     }
 }
 

diff --git a/src/services/issuer/credential.ts b/src/services/issuer/credential.ts
@@ -154,8 +154,8 @@ export async function revokeCredential(vcDID: DIDWithKeys, didMethod: DIDMethod)
 export function getIssuerFromVC(vc: VerifiableCredential): DID | undefined {
     const jwtService = new JWTService()
     if(typeof vc === 'string') {
-        const credential = jwtService.decodeJWT(vc)?.payload as JWTPayload
-        return credential.iss
+        const { payload } = jwtService.decodeJWT(vc)
+        return payload.iss
     } else {
         return vc.issuer.id
     }
@@ -170,7 +170,7 @@ export function getIssuerFromVC(vc: VerifiableCredential): DID | undefined {
 export function getSubjectFromVP(vc: VerifiableCredential): DID | undefined {
     const jwtService = new JWTService()
     if(typeof vc === 'string') {
-        const credential = jwtService.decodeJWT(vc)?.payload as JWTPayload
+        const credential = jwtService.decodeJWT(vc) as JWTPayload
         return credential.sub as string
     } else {
         return vc.credentialSubject.id

diff --git a/src/utils/HelperUtils.ts b/src/utils/HelperUtils.ts
@@ -29,6 +29,10 @@ export class HelperUtils {
      * Throws `ReadFileJsonFailureError` if reading or parsing fails
      */
     static async fileReaderJSON(location: string) {
+        if (typeof window !== 'undefined') {
+            // Check if we are in a browser env
+            throw Error(`Operation 'fileReaderJSON' not supported in browser enviroment`)
+        }
         try {
             const fileText = fs.readFileSync(location, 'utf-8');
             return HelperUtils.parseJSON(fileText)

diff --git a/tests/unit/schemas/schemas.test.ts b/tests/unit/schemas/schemas.test.ts
@@ -1,4 +1,3 @@
-import { ValidationError } from "jsonschema";
 import { AxiosRequestFailureError, JsonParseError, ReadFileJsonFailureError, SchemaValidationFailureError } from "../../../src/errors";
 import { SchemaManager } from "../../../src/services/common";
 import { HelperUtils } from "../../../src/utils";
@@ -110,10 +109,8 @@ describe('schema utilities', () => {
     })
 
     it('Rejects a credential subject with additional properties', async () => {
-
-        expect(() => SchemaManager.validateCredentialSubject(
-            {...nameCredentialSubject, id: "did:key:123"}, nameSchema))
-            .toThrowError(ValidationError)
+        const result = await SchemaManager.validateCredentialSubject({...nameCredentialSubject, id: "did:key:123"}, nameSchema)
+        expect(result).toEqual(false);
     })
 
     //can we test mixing schema draft specs??
@@ -175,15 +172,15 @@ describe('schema utilities', () => {
             minProperties: { '$ref': '#/definitions/nonNegativeIntegerDefault0' },
             required: { '$ref': '#/definitions/stringArray' },
             additionalProperties: { '$ref': '#' },
-            definitions: { type: 'object', additionalProperties: [Object], default: {} },
-            properties: { type: 'object', additionalProperties: [Object], default: {} },
+            definitions: { type: 'object', additionalProperties: { '$ref': '#' }, default: {} },
+            properties: { type: 'object', additionalProperties: { '$ref': '#' }, default: {} },
             patternProperties: {
                 type: 'object',
-                additionalProperties: [Object],
-                propertyNames: [Object],
+                additionalProperties: { '$ref': '#' },
+                propertyNames: { '$ref': '#' },
                 default: {}
             },
-            dependencies: { type: 'object', additionalProperties: [Object] },
+            dependencies: { type: 'object', additionalProperties: { '$ref': '#' } },
             propertyNames: { '$ref': '#' },
             const: true,
             enum: { type: 'array', items: true, minItems: 1, uniqueItems: true },