update to use new issuer-registry-client

Author: jchartrand

README.md

@@ -34,28 +34,20 @@ The verification checks that the credential:
 
 The verification will also tell us if any of the registries listed in the trusted registry list couldn't be loaded (say because of a network error), which is important because those missing registries might be the very registries that affirm the trustworthiness of the issuer of a given credential.
 
-As of March 2025 issuers are trusted if they are listed in one of the Digital Credentials Issuer Registries:
+As of May 2025 we've published a list of known DCC registries:
 
 ```
-{
-    name: 'DCC Pilot Registry',
-    url: 'https://digitalcredentials.github.io/issuer-registry/registry.json'
-  },
-  {
-    name: 'DCC Sandbox Registry',
-    url: 'https://digitalcredentials.github.io/sandbox-registry/registry.json'
-  },
-  {
-    name: 'DCC Community Registry',
-    url: 'https://digitalcredentials.github.io/community-registry/registry.json'
-  },
-  {
-    name: 'DCC Registry',
-    url: 'https://digitalcredentials.github.io/dcc-registry/registry.json'
-  }
+https://digitalcredentials.github.io/dcc-known-registries/known-did-registries.json
   ```
 
-  The DCC is working on a new trust registry model that will extend the registry scope.
+ that you would retrieve something like so:
+
+```
+const response = await fetch("https://digitalcredentials.github.io/dcc-known-registries/known-did-registries.json");
+const knownRegistries = await response.json();
+  ```
+
+and then pass that knownRegistries variable into the call to verifyCredential, as explained below.
 
 ## API
 
@@ -72,7 +64,7 @@ This package exports two methods:
 
 * credential - The W3C Verifiable Credential to be verified.
 * knownDidRegistries - a list of trusted registries.
-* reloadIssuerRegistry - A boolean (true/false) indication whether or not to refresh the cached copy of the registries.
+
 
 #### result
 
@@ -102,11 +94,33 @@ Four steps are checked, returning a result per step in a log like so:
     {
       "id": "registered_issuer",
       "valid": true/false,
-      "foundInRegistries": [
-        "DCC Sandbox Registry"
+      "matchingIssuers": [
+        {
+          "issuer": {
+            "federation_entity": {
+              "organization_name": "DCC did:web test",
+              "homepage_uri": "https://digitalcredentials.mit.edu",
+              "location": "Cambridge, MA, USA"
+            }
+          },
+          "registry": {
+            "name": "DCC Sandbox Registry",
+            "type": "dcc-legacy",
+            "url": "https://digitalcredentials.github.io/sandbox-registry/registry.json"
+          }
+        }
       ],
-      "registriesNotLoaded":[
-        "DCC Issuer Registry"
+      "uncheckedRegistries": [
+            {
+             "name": "DCC Community Registry",
+             "type": "dcc-legacy",
+             "url": "https://onldynoyrrrt.com/registry.json"
+           },
+           {
+              "name": "DCC Pilot Registry",
+              "type": "dcc-legacy",
+              "url": "https://onldynoyrt.com/registry.json"
+            }
       ]
     }
   ]
@@ -142,10 +156,23 @@ A conclusive verification might look like this example where all steps returned
     {
       "id": "registered_issuer",
       "valid": true,
-      "foundInRegistries": [
-        "DCC Sandbox Registry"
+      "matchingIssuers": [
+        {
+          "issuer": {
+            "federation_entity": {
+              "organization_name": "DCC did:web test",
+              "homepage_uri": "https://digitalcredentials.mit.edu",
+              "location": "Cambridge, MA, USA"
+            }
+          },
+          "registry": {
+            "name": "DCC Sandbox Registry",
+            "type": "dcc-legacy",
+            "url": "https://digitalcredentials.github.io/sandbox-registry/registry.json"
+          }
+        }
       ],
-      "registriesNotLoaded":[]
+      "uncheckedRegistries": []
     }
   ]
 }
@@ -173,10 +200,23 @@ And here is a slightly different verification result where we have still made co
     {
       "id": "registered_issuer",
       "valid": true,
-      "foundInRegistries": [
-        "DCC Sandbox Registry"
+      "matchingIssuers": [
+        {
+          "issuer": {
+            "federation_entity": {
+              "organization_name": "DCC did:web test",
+              "homepage_uri": "https://digitalcredentials.mit.edu",
+              "location": "Cambridge, MA, USA"
+            }
+          },
+          "registry": {
+            "name": "DCC Sandbox Registry",
+            "type": "dcc-legacy",
+            "url": "https://digitalcredentials.github.io/sandbox-registry/registry.json"
+          }
+        }
       ],
-      "registriesNotLoaded":[]
+      "uncheckedRegistries": []
     }
   ]
 }
@@ -225,12 +265,33 @@ A partially successful verification might look like this example, where we could
     {
       "id": "registered_issuer",
       "valid": false,
-      "foundInRegistries": [],
-      "registriesNotLoaded": [
+      "matchingIssuers": [
         {
-          "name": "DCC Sandbox Registry",
-          "url": "https://onlynoyrt.com/registry.json"
+          "issuer": {
+            "federation_entity": {
+              "organization_name": "DCC did:web test",
+              "homepage_uri": "https://digitalcredentials.mit.edu",
+              "location": "Cambridge, MA, USA"
+            }
+          },
+          "registry": {
+            "name": "DCC Sandbox Registry",
+            "type": "dcc-legacy",
+            "url": "https://digitalcredentials.github.io/sandbox-registry/registry.json"
+          }
         }
+      ],
+      "uncheckedRegistries": [
+            {
+             "name": "DCC Community Registry",
+             "type": "dcc-legacy",
+             "url": "https://onldynoyrrrt.com/registry.json"
+           },
+           {
+              "name": "DCC Pilot Registry",
+              "type": "dcc-legacy",
+              "url": "https://onldynoyrt.com/registry.json"
+            }
       ]
     }
   ]
@@ -633,10 +694,23 @@ A successful signed VP result with two packaged VCs might look like so:
         {
           "id": "registered_issuer",
           "valid": true,
-          "foundInRegistries": [
-            "DCC Sandbox Registry"
-          ],
-          "registriesNotLoaded": []
+          "matchingIssuers": [
+        {
+          "issuer": {
+            "federation_entity": {
+              "organization_name": "DCC did:web test",
+              "homepage_uri": "https://digitalcredentials.mit.edu",
+              "location": "Cambridge, MA, USA"
+            }
+          },
+          "registry": {
+            "name": "DCC Sandbox Registry",
+            "type": "dcc-legacy",
+            "url": "https://digitalcredentials.github.io/sandbox-registry/registry.json"
+          }
+        }
+      ],
+          "uncheckedRegistries": []
         }
       ],
       "credential": {vc omitted for brevity/clarity}

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@digitalcredentials/verifier-core",
   "description": "For verifying Verifiable Credentials in the browser, Node.js, and React Native.",
-  "version": "1.0.0-beta.2",
+  "version": "1.0.0-beta.3",
   "scripts": {
     "build-esm": "tsc -p tsconfig.esm.json",
     "build-types": "tsc -p tsconfig.types.json",
@@ -16,7 +16,7 @@
     "test": "npm run lint && npm run test-node",
     "test-karma": "karma start karma.conf.cjs",
     "test-node-no-cov": "npm run build-test && mocha dist/test/*.spec.js && rimraf dist/test",
-    "test-node": "npm run build-test && npx c8 --exclude 'dist/test/**' mocha dist/test/*.spec.js && rm -rf dist/test || true",
+    "test-node": "npm run build-test && npx c8 --exclude 'dist/test/**' mocha --timeout 20000 dist/test/*.spec.js && rm -rf dist/test || true",
     "coveralls": "npm run test; npx c8 --exclude 'dist/test/**' report --reporter=text-lcov > ./coverage/lcov.info"
   },
   "type": "module",
@@ -29,7 +29,7 @@
     "@digitalcredentials/data-integrity": "^2.6.0",
     "@digitalcredentials/ed25519-signature-2020": "^7.0.0",
     "@digitalcredentials/eddsa-rdfc-2022-cryptosuite": "^1.3.0",
-    "@digitalcredentials/issuer-registry-client": "file:../issuer-registry-client",
+    "@digitalcredentials/issuer-registry-client": "^3.2.0-beta.2",
     "@digitalcredentials/jsonld-signatures": "^12.0.1",
     "@digitalcredentials/security-document-loader": "^7.0.0",
     "@digitalcredentials/vc": "^10.0.0",

src/Verify.ts

@@ -34,7 +34,7 @@ const ed25519Suite = new Ed25519Signature2020();
 // add both suites - the vc lib will use whichever is appropriate
 const suite = [ed25519Suite, eddsaSuite]
 
-export async function verifyPresentation({ presentation, challenge = 'meaningless', unsignedPresentation = false, knownDIDRegistries, reloadIssuerRegistry = true }:
+export async function verifyPresentation({ presentation, challenge = 'meaningless', unsignedPresentation = false, knownDIDRegistries }:
   {
     presentation: VerifiablePresentation,
     challenge?: string | null,
@@ -59,7 +59,7 @@ export async function verifyPresentation({ presentation, challenge = 'meaningles
     });
 
     const transformedCredentialResults = await Promise.all(result.credentialResults.map(async (credentialResult: any) => {
-      return transformResponse(credentialResult, credentialResult.credential, knownDIDRegistries, reloadIssuerRegistry)
+      return transformResponse(credentialResult, credentialResult.credential, knownDIDRegistries)
     }));
 
     // take what we need from the presentation part of the result
@@ -79,7 +79,7 @@ export async function verifyPresentation({ presentation, challenge = 'meaningles
 }
 
 
-export async function verifyCredential({ credential, knownDIDRegistries, reloadIssuerRegistry = true }: { credential: Credential, knownDIDRegistries: object, reloadIssuerRegistry: boolean }): Promise<VerificationResponse> {
+export async function verifyCredential({ credential, knownDIDRegistries}: { credential: Credential, knownDIDRegistries: object}): Promise<VerificationResponse> {
   try {
     // null unless credential has a status
     const statusChecker = getCredentialStatusChecker(credential)
@@ -92,14 +92,14 @@ export async function verifyCredential({ credential, knownDIDRegistries, reloadI
       verifyMatchingIssuers: false
     });
 
-    const adjustedResponse = await transformResponse(verificationResponse, credential, knownDIDRegistries, reloadIssuerRegistry)
+    const adjustedResponse = await transformResponse(verificationResponse, credential, knownDIDRegistries)
     return adjustedResponse;
   } catch (error) {
     return { errors: [{ message: 'Could not verify credential.', name: UNKNOWN_ERROR, stackTrace: error }] }
   }
 }
 
-async function transformResponse(verificationResponse: any, credential: Credential, knownDIDRegistries: object, reloadIssuerRegistry: boolean): Promise<VerificationResponse> {
+async function transformResponse(verificationResponse: any, credential: Credential, knownDIDRegistries: object): Promise<VerificationResponse> {
 
   const fatalCredentialError = handleAnyFatalCredentialErrors(credential)
 
@@ -115,7 +115,7 @@ async function transformResponse(verificationResponse: any, credential: Credenti
   }
 
   const { issuer } = credential
-  await addTrustedIssuersToVerificationResponse({ verificationResponse, knownDIDRegistries, reloadIssuerRegistry, issuer })
+  await addTrustedIssuersToVerificationResponse({ verificationResponse, knownDIDRegistries, issuer })
 
   // remove things we don't need from the result or that are duplicated elsewhere
   delete verificationResponse.results

src/issuerRegistries.ts

@@ -1,8 +1,7 @@
-import {RegistryClient, LoadResult} from '@digitalcredentials/issuer-registry-client';
+import {RegistryClient, LookupResult} from '@digitalcredentials/issuer-registry-client';
 import { VerificationResponse, RegistryListResult } from './types/result.js';
 import { REGISTERED_ISSUER_STEP_ID } from './constants/verificationSteps.js';
-const registries = new RegistryClient()
-const registryNotYetLoaded = true;
+const registryClient = new RegistryClient()
 
 /**
  * Checks to see if a VC's issuer appears in any of the known DID registries.
@@ -11,44 +10,31 @@ const registryNotYetLoaded = true;
  * which the issuer appears and a list of registries that couldn't be loaded
  */
 
-export async function getTrustedRegistryListForIssuer({ issuer, knownDIDRegistries, reloadIssuerRegistry = false }: {
+export async function getTrustedRegistryListForIssuer({ issuer, knownDIDRegistries}: {
   issuer: string | any,
-  knownDIDRegistries: object,
-  reloadIssuerRegistry: boolean | null
-}): Promise<RegistryListResult> {
-
-  let registryLoadResult:LoadResult[] = []
-  // eslint-disable-next-line no-use-before-define
-  if (reloadIssuerRegistry || registryNotYetLoaded) {
-     registryLoadResult = await registries.load({ config: knownDIDRegistries })
-  }
-  const registriesNotLoaded : Array<{name: string, url: string}> = registryLoadResult.filter((registry:LoadResult)=>!registry.loaded).map(entry=>{return {name:entry.name, url:entry.url}})
-  const issuerDid = typeof issuer === 'string' ? issuer : issuer.id;
-  const issuerInfo = registries.didEntry(issuerDid);
-  // See if the issuer DID appears in any of the known registries
-  // If yes, assemble a list of registries in which it appears
-  const foundInRegistries = issuerInfo?.inRegistries
-    ? Array.from(issuerInfo.inRegistries).map(r => r.name)
-    : []
+  knownDIDRegistries: object
+}): Promise<LookupResult> {
 
-  return {foundInRegistries, registriesNotLoaded}
+  const issuerDid = typeof issuer === 'string' ? issuer : issuer.id;
+  await registryClient.use({ registries: knownDIDRegistries })
+  const results = await registryClient.lookupIssuersFor(issuerDid);
+  return results 
 
 }
 
-export async function addTrustedIssuersToVerificationResponse( {issuer, knownDIDRegistries, reloadIssuerRegistry = false, verificationResponse} :{
+export async function addTrustedIssuersToVerificationResponse( {issuer, knownDIDRegistries, verificationResponse} :{
   issuer: string | any,
-  reloadIssuerRegistry: boolean | null,
   knownDIDRegistries: object,
   verificationResponse: VerificationResponse
 }) : Promise<void>
  {
-    const {foundInRegistries,registriesNotLoaded}  = await getTrustedRegistryListForIssuer( {issuer, knownDIDRegistries, reloadIssuerRegistry});
+    const {matchingIssuers,uncheckedRegistries}  = await getTrustedRegistryListForIssuer( {issuer, knownDIDRegistries});
 
     const registryStep = {
       "id": REGISTERED_ISSUER_STEP_ID,
-      "valid": !!foundInRegistries.length,
-      foundInRegistries,
-      registriesNotLoaded
+      "valid": !!matchingIssuers.length,
+      matchingIssuers,
+      uncheckedRegistries
   };
 
     (verificationResponse.log ??= []).push(registryStep)

src/test-fixtures/expectedResults.ts

@@ -19,10 +19,23 @@ const expectedResult = {
       {
         "id": "registered_issuer",
         "valid": true,
-        "foundInRegistries": [
-          "DCC Sandbox Registry"
+        "matchingIssuers": [
+          {
+            "issuer": {
+              "federation_entity": {
+                "organization_name": "Public Test Issuer",
+                "homepage_uri": "https://dcconsortium.org",
+                "location": "Everywhere"
+              }
+            },
+            "registry": {
+              "name": "DCC Sandbox Registry",
+              "type": "dcc-legacy",
+              "url": "https://digitalcredentials.github.io/sandbox-registry/registry.json"
+            }
+          }
         ],
-        "registriesNotLoaded": []
+        "uncheckedRegistries": []
       }
     ]
   }