Develop -> Main

.gitignore

@@ -6,18 +6,18 @@ dist
 cli/bin
 cli/out
 
-employee-vci/.env
-employee-vci/TEST_DB
-employee-vci/database.sqlite
-employee-vci/dist
+demos/employee-vci/.env
+demos/employee-vci/TEST_DB
+demos/employee-vci/database.sqlite
+demos/employee-vci/dist
 
-proxy-vci/.env
-proxy-vci/TEST_DB
-proxy-vci/database.sqlite
-proxy-vci/dist
+demos/proxy-vci/.env
+demos/proxy-vci/TEST_DB
+demos/proxy-vci/database.sqlite
+demos/proxy-vci/dist
 
-participation-cert-vci/.env
-participation-cert-vci/TEST_DB
-participation-cert-vci/database.sqlite
-participation-cert-vci/dist
+demos/participation-cert-vci/.env
+demos/participation-cert-vci/TEST_DB
+demos/participation-cert-vci/database.sqlite
+demos/participation-cert-vci/dist
 

.prettierignore

@@ -0,0 +1 @@
+src/oid4vci/types/protocolSchema/*.json

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2024 OWNED Project
+Copyright (c) 2024 OWND Project
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

codedeploy/scripts/after_install.sh

@@ -2,23 +2,25 @@
 source /root/.bashrc
 nvm use 18
 
-cd /srv/common
-yarn install
-yarn build
-
 if [[ "$DEPLOYMENT_GROUP_NAME" =~ ^identity ]]; then
-cd /srv/proxy-vci/
+cd /srv/demos/proxy-vci/ || exit
 pwd
 fi
 
 # Todo event用vciのディレクトリが決まったらパスを変える
 if [[ "$DEPLOYMENT_GROUP_NAME" =~ ^event ]]; then
-cd /srv/participation-cert-vci/
+cd /srv/demos/event-certificate-manager/backend|| exit
+git clone https://github.com/OWND-Project/OWND-Project-VCI.git
+cd ./OWND-Project-VCI || exit
+yarn
+yarn build
+cd /srv/backend || exit
+yarn
 pwd
 fi
 
 if [[ "$DEPLOYMENT_GROUP_NAME" =~ ^employee ]]; then
-cd /srv/employee-vci/
+cd /srv/demos/employee-vci/ || exit
 pwd
 fi
 

codedeploy/scripts/application_start.sh

@@ -3,16 +3,16 @@ source /root/.bashrc
 nvm use 18
 
 if [[ "$DEPLOYMENT_GROUP_NAME" =~ ^identity ]]; then
-cd /srv/proxy-vci/
-pm2 start "yarn start" --name identity-vci
+cd /srv/demos/proxy-vci/ || exit
+pm2 start "yarn start" --name backend
 fi
 
 if [[ "$DEPLOYMENT_GROUP_NAME" =~ ^event ]]; then
-cd /srv/participation-cert-vci/
-pm2 start "yarn start" --name event-vci
+cd /srv/demos/event-certificate-manager/ || exit
+pm2 start "yarn start" --name backend
 fi
 
 if [[ "$DEPLOYMENT_GROUP_NAME" =~ ^employee ]]; then
-cd /srv/employee-vci/
-pm2 start "yarn start" --name employee-vci
+cd /srv/demos/employee-vci/ || exit
+pm2 start "yarn start" --name backend
 fi

codedeploy/scripts/application_stop.sh

@@ -2,4 +2,7 @@
 source /root/.bashrc
 . ~/.nvm/nvm.sh
 nvm use 18
-pm2 delete all
+# pm2のプロセスが存在するか確認
+if pm2 list | grep -qE "backend"; then
+    pm2 delete all
+fi

demos/employee-vci/.env.template

@@ -9,3 +9,4 @@ CREDENTIAL_OFFER_ENDPOINT=openid-credential-offer://
 VCI_PRE_AUTH_CODE_EXPIRES_IN=86400
 VCI_ACCESS_TOKEN_EXPIRES_IN=86400
 VCI_ACCESS_TOKEN_C_NONCE_EXPIRES_IN=30
+RESOLVE_ACCEPT_LANGUAGE=false

demos/employee-vci/.mocharc.cjs

@@ -2,7 +2,7 @@ process.env.DATABASE_FILEPATH = "./TEST_DB";
 process.env.BASIC_AUTH_USERNAME="username"
 process.env.BASIC_AUTH_PASSWORD="password"
 process.env.OAUTH2_TOKEN_ENDPOINT="https://example.com/oauth2/token"
-process.env.CREDENTIAL_ISSUER="https://datasign-vci.tunnelto.dev"
+process.env.CREDENTIAL_ISSUER="https://example.com"
 process.env.CREDENTIAL_OFFER_ENDPOINT="openid-credential-offer://"
 process.env.VCI_ACCESS_TOKEN_EXPIRES_IN="86400"
 process.env.VCI_ACCESS_TOKEN_C_NONCE_EXPIRES_IN="30"

demos/employee-vci/READM.md

@@ -3,7 +3,7 @@
 ## Employee VCI API Summary
 
 ### Common API
-For details on the common API, please see [README.md](../common/README.md).
+For details on the common API, please see [README.md](../../src/README.md).
 
 - POST `/admin/keys/new`
 - POST `/admin/keys/:kid/revoke`
@@ -38,6 +38,11 @@ Create the `.env` file based on the `.env.template`. Please adjust the content a
 | VCI_ACCESS_TOKEN_EXPIRES_IN         | 86400                        | 
 | VCI_ACCESS_TOKEN_C_NONCE_EXPIRES_IN | 86400                        | 
 
+## Configuring Credential Issuer Metadata
+
+Please modify the JSON file that exists under the `metadata` directory to match your operating environment. 
+In particular, the `REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM` in the JSON file should be the actual domain that can communicate with the wallet.
+
 ## Specific API
 
 ### POST `/admin/employees/new`
@@ -127,7 +132,7 @@ Example Response
   "subject": {
     "employeeNo": "1"
   },
-  "credentialOffer": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fdatasign-vci.tunnelto.dev%22%2C%22credentials%22%3A%5B%22EmployeeCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22tH5yamPFHZ8pVr95Fhp26GCnzwAvgCfQ%22%2C%22user_pin_required%22%3Atrue%7D%7D%7D",
+  "credentialOffer": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fissuer.example.com%22%2C%22credentials%22%3A%5B%22EmployeeCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22tH5yamPFHZ8pVr95Fhp26GCnzwAvgCfQ%22%2C%22user_pin_required%22%3Atrue%7D%7D%7D",
   "userPin": "28092571"
 }
 ```

demos/employee-vci/READM_JP.md

@@ -125,7 +125,7 @@ http://localhost:3003/admin/employees/1/credential-offer \
   "subject": {
     "employeeNo": "1"
   },
-  "credentialOffer": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fdatasign-vci.tunnelto.dev%22%2C%22credentials%22%3A%5B%22EmployeeCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22tH5yamPFHZ8pVr95Fhp26GCnzwAvgCfQ%22%2C%22user_pin_required%22%3Atrue%7D%7D%7D",
+  "credentialOffer": "openid-credential-offer://?credential_offer=%7B%22credential_issuer%22%3A%22https%3A%2F%2Fissuer.example.com%22%2C%22credentials%22%3A%5B%22EmployeeCredential%22%5D%2C%22grants%22%3A%7B%22urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Apre-authorized_code%22%3A%7B%22pre-authorized_code%22%3A%22tH5yamPFHZ8pVr95Fhp26GCnzwAvgCfQ%22%2C%22user_pin_required%22%3Atrue%7D%7D%7D",
   "userPin": "28092571"
 }
 ```

demos/employee-vci/metadata/dev/authorization_server.json

@@ -1,7 +1,7 @@
 {
-  "issuer": "https://datasign-demo-vci.tunnelto.dev",
-  "authorization_endpoint": "https://datasign-demo-vci.tunnelto.dev/authorize",
-  "token_endpoint": "https://datasign-demo-vci.tunnelto.dev/token",
+  "issuer": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM",
+  "authorization_endpoint": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/authorize",
+  "token_endpoint": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/token",
   "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"],
   "token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"],
   "jwks_uri": "https://server.example.com/jwks.json",

demos/employee-vci/metadata/dev/credential_issuer_metadata.json

@@ -1,67 +1,75 @@
 {
-  "credential_issuer": "https://datasign-demo-vci.tunnelto.dev",
-  "authorization_servers": ["https://datasign-demo-vci.tunnelto.dev"],
-  "credential_endpoint": "https://datasign-demo-vci.tunnelto.dev/credentials",
+  "credential_issuer": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM",
+  "authorization_servers": ["https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM"],
+  "credential_endpoint": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/credentials",
   "display": [
     {
-      "name": "株式会社DataSign",
-      "locale": "ja_JP",
+      "name": "株式会社Example",
+      "locale": "ja-JP",
       "logo": {
-        "url": "https://datasign-demo-vci.tunnelto.dev/public/datasign-inc-logo.png",
-        "alt_text": "株式会社DataSignのロゴ"
+        "uri": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/images/company-logo.png",
+        "alt_text": "株式会社Exampleのロゴ"
       },
       "background_color": "#003289",
       "text_color": "#FFFFFF"
     },
     {
-      "name": "DataSign Inc.",
+      "name": "Example Inc.",
       "locale": "en-US",
       "logo": {
-        "url": "https://datasign-demo-vci.tunnelto.dev/public/datasign-inc-logo.png",
-        "alt_text": "a square logo of a DataSign Inc."
+        "uri": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/images/company-logo.png",
+        "alt_text": "a square logo of a Example Inc."
       },
       "background_color": "#003289",
       "text_color": "#FFFFFF"
     }
   ],
-  "credentials_supported": {
+  "credential_configurations_supported": {
     "EmployeeIdentificationCredential": {
       "format": "vc+sd-jwt",
       "scope": "EmployeeIdentification",
       "cryptographic_binding_methods_supported": [
         "jwk"
       ],
-      "cryptographic_suites_supported": [
+      "credential_signing_alg_values_supported": [
         "ES256K"
       ],
-      "proof_types_supported": [
-        "jwt"
-      ],
+      "proof_types_supported": {
+        "jwt": {
+          "proof_signing_alg_values_supported": [
+            "ES256",
+            "ES256K"
+          ]
+        }
+      },
       "display": [
         {
           "name": "社員証",
-          "locale": "ja",
+          "locale": "ja-JP",
           "logo": {
-            "url": "https://datasign-demo-vci.tunnelto.dev/public/employee-identification-credential-logo.png",
+            "uri": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/images/credential-logo.png",
             "alt_text": "社員証のロゴ"
           },
           "background_color": "#003289",
-          "background_image": "https://datasign-demo-vci.tunnelto.dev/images/DataSign.png",
+          "background_image": {
+            "uri": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/images/credential-background.png"
+          },
           "text_color": "#FFFFFF"
         },
         {
           "name": "Employee Identification Credential",
           "locale": "en-US",
           "logo": {
-            "url": "https://datasign-demo-vci.tunnelto.dev/public/employee-identification-credential-logo.png",
+            "uri": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/images/credential-logo.png",
             "alt_text": "a square logo of a Employee Identification Credential"
           },
           "background_color": "#003289",
-          "background_image": "https://datasign-demo-vci.tunnelto.dev/images/DataSign.png",
+          "background_image": {
+            "uri": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/images/credential-background.png"
+          },
           "text_color": "#FFFFFF"
         }
       ],
-      "credential_definition": {
         "vct": "EmployeeIdentificationCredential",
         "claims": {
           "companyName": {
@@ -137,7 +145,6 @@
            ]
          }
         }
-      }
     }
   }
 }

demos/employee-vci/metadata/dev/credentials_supported/identity-credential.json

@@ -7,9 +7,14 @@
     "cryptographic_suites_supported": [
       "ES256K"
     ],
-    "proof_types_supported": [
-      "jwt"
-    ],
+    "proof_types_supported": {
+      "jwt": {
+        "proof_signing_alg_values_supported": [
+          "ES256",
+          "ES256K"
+        ]
+      }
+    },
     "display": [
       {
         "name": "Identity Credential",

demos/employee-vci/metadata/prod/authorization_server.json

@@ -1,7 +1,7 @@
 {
-  "issuer": "https://datasign.jp:8443",
-  "authorization_endpoint": "https://datasign.jp:8443/authorize",
-  "token_endpoint": "https://datasign.jp:8443/token",
+  "issuer": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM",
+  "authorization_endpoint": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/authorize",
+  "token_endpoint": "https://REPLACE-WITH-ISSUERS-DOMAIN.EXAMPLE.COM/token",
   "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"],
   "token_endpoint_auth_signing_alg_values_supported": ["RS256", "ES256"],
   "jwks_uri": "https://server.example.com/jwks.json",