@eudiplo/backend documentation
  1. Miscellaneous
  2. Functions

Index

src/shared/trust/types.ts

_getIssuanceCert
_getIssuanceCert(entity: TrustedEntity)

Get the issuance certificate from a TrustedEntity.

Parameters :
Name Type Optional
entity TrustedEntity No
Returns : TrustedEntityServiceCert | undefined
findServiceByType
findServiceByType(entity: TrustedEntity, serviceType: ServiceTypeIdentifier)

Helper to find a specific service type within a TrustedEntity.

Parameters :
Name Type Optional
entity TrustedEntity No
serviceType ServiceTypeIdentifier No
Returns : TrustedEntityServiceCert | undefined
getRevocationCert
getRevocationCert(entity: TrustedEntity)

Get the revocation certificate from a TrustedEntity.

Parameters :
Name Type Optional
entity TrustedEntity No
Returns : TrustedEntityServiceCert | undefined

src/issuer/configuration/credentials/types/credential-config-types.ts

_isMsoMdocConfig
_isMsoMdocConfig(config)

Type guard to check if a config is for mso_mdoc format

Parameters :
Name Optional
config No
Returns : MsoMdocCredentialConfig
_isSdJwtDcConfig
_isSdJwtDcConfig(config)

Type guard to check if a config is for dc+sd-jwt format

Parameters :
Name Optional
config No
Returns : SdJwtDcCredentialConfig
buildMsoMdocConfig
buildMsoMdocConfig(doctype: string, options: BuildCredentialConfigOptions, metadata?: CredentialMetadataInput, scope?: string)

Build an mso_mdoc credential configuration

Parameters :
Name Type Optional
doctype string No
options BuildCredentialConfigOptions No
metadata CredentialMetadataInput Yes
scope string Yes
Returns : MsoMdocCredentialConfig
buildSdJwtDcConfig
buildSdJwtDcConfig(vct: string, options: BuildCredentialConfigOptions, metadata?: CredentialMetadataInput, scope?: string)

Build a dc+sd-jwt credential configuration

Parameters :
Name Type Optional
vct string No
options BuildCredentialConfigOptions No
metadata CredentialMetadataInput Yes
scope string Yes
Returns : SdJwtDcCredentialConfig
toCredentialConfigurationSupported
toCredentialConfigurationSupported(config: TypedCredentialConfig)

Converts a TypedCredentialConfig to CredentialConfigurationSupported This is a type assertion helper since our types are derived from the SDK

Parameters :
Name Type Optional
config TypedCredentialConfig No
Returns : CredentialConfigurationSupportedWithFormats

src/issuer/configuration/credentials/entities/iae-action.dto.ts

_transformIaeActions
_transformIaeActions()

Helper function to validate and transform IAE actions array.

Returns : ReturnType<unknown>

src/shared/trust/x509-validation.service.ts

arrayBufferToHex
arrayBufferToHex(buffer: ArrayBuffer)
Parameters :
Name Type Optional
buffer ArrayBuffer No
Returns : string
certFromBase64Der
certFromBase64Der(val: string)

Parse a certificate from a Base64-encoded DER string (as used in LoTE trust lists). Converts to PEM format which is more reliably parsed by

Parameters :
Name Type Optional
val string No
Returns : x509.X509Certificate

src/crypto/key/key-chain-signing.service.ts

base64url
base64url(input: string)
Parameters :
Name Type Optional
input string No
Returns : string

src/crypto/key/kms/adapters/vault-kms.adapter.ts

base64UrlOrBase64ToBytes
base64UrlOrBase64ToBytes(s: string)
Parameters :
Name Type Optional
s string No
Returns : Uint8Array
pemToDer
pemToDer(pem: string)
Parameters :
Name Type Optional
pem string No
Returns : ArrayBuffer
stripPrivateComponents
stripPrivateComponents(jwk: JWK)
Parameters :
Name Type Optional
jwk JWK No
Returns : JWK
vaultKeyType
vaultKeyType(alg: KmsSigningAlg)
Parameters :
Name Type Optional
alg KmsSigningAlg No
Returns : string

src/crypto/key/kms/adapters/http-kms.adapter.ts

base64UrlToBytes
base64UrlToBytes(encoded: string)

Convert base64url or base64 string to Uint8Array.

Parameters :
Name Type Optional
encoded string No
Returns : Uint8Array

src/main.ts

bootstrap
bootstrap()

Bootstrap function to initialize the NestJS application.
loadTlsOptions
loadTlsOptions()

Load TLS options from certificate and key files. Returns undefined if TLS is not enabled or files are not found.

Returns : TlsOptions | undefined

src/issuer/configuration/credentials/utils/derive.ts

buildClaims
buildClaims(fields)
Parameters :
Name Optional
fields No
Returns : Record<string, unknown>
buildClaimsByNamespace
buildClaimsByNamespace(fields)
Parameters :
Name Optional
fields No
Returns : Record<string, Record<string, unknown>>
buildClaimsMetadata
buildClaimsMetadata(fields)
Parameters :
Name Optional
fields No
Returns : ClaimMetadata[]
buildDisclosureFrame
buildDisclosureFrame(fields)
Parameters :
Name Optional
fields No
Returns : Record | undefined
buildJsonSchema
buildJsonSchema(fields)
Parameters :
Name Optional
fields No
Returns : JsonSchema
ensureFrameNode
ensureFrameNode(root: Record, path)
Parameters :
Name Type Optional
root Record No
path No
Returns : Record<string, unknown>
ensureSchemaNode
ensureSchemaNode(root: JsonSchema, path: Array)
Parameters :
Name Type Optional
root JsonSchema No
path Array No
Returns : JsonSchema
getDisplayTitle
getDisplayTitle(display)
Parameters :
Name Optional
display No
Returns : string | undefined
getOrCreateChild
getOrCreateChild(target: Record, key: string, nextIsArray: boolean)
Parameters :
Name Type Optional
target Record No
key string No
nextIsArray boolean No
Returns : Record | []
normalizeDisplayInfo
normalizeDisplayInfo(display)
Parameters :
Name Optional
display No
Returns : [] | undefined
segmentToKey
segmentToKey(segment: Segment)
Parameters :
Name Type Optional
segment Segment No
Returns : string
setValueAtPath
setValueAtPath(target: Record, path, value)
Parameters :
Name Type Optional
target Record No
path No
value No
Returns : void

src/crypto/key/kms/adapters/pkcs11-kms.adapter.ts

buildP256Spki
buildP256Spki(x: Buffer, y: Buffer)

Build a P-256 SubjectPublicKeyInfo around the raw uncompressed EC point so we can hand it to WebCrypto's SPKI importer.

Layout (DER): SEQUENCE { AlgorithmIdentifier, BIT STRING { 04 || x || y } } where AlgorithmIdentifier = SEQUENCE { id-ecPublicKey, prime256v1 OID }.

Parameters :
Name Type Optional
x Buffer No
y Buffer No
Returns : Buffer
loadPkcs11
loadPkcs11()
Returns : Promise<Pkcs11Module>
toConstants
toConstants(mod: Pkcs11Module)
Parameters :
Name Type Optional
mod Pkcs11Module No
Returns : Pkcs11Constants
unwrapEcPoint
unwrapEcPoint(raw: Buffer)

CKA_EC_POINT is specified as a DER-encoded OCTET STRING wrapping the raw ECPoint. Some HSM vendors return the unwrapped ECPoint directly, so we accept both.

Parameters :
Name Type Optional
raw Buffer No
Returns : Buffer

src/database/postgres-ssl-options.ts

buildPostgresSslOptions
buildPostgresSslOptions(readValue)

Build PostgreSQL SSL settings from environment/config values.

Supported variables:

  • DB_SSL=true|false
  • DB_SSL_REJECT_UNAUTHORIZED=true|false
  • DB_SSL_CA_PATH=/path/to/ca.crt
  • DB_SSL_CERT_PATH=/path/to/client.crt
  • DB_SSL_KEY_PATH=/path/to/client.key
  • DB_SSL_KEY_PASSPHRASE=secret
Parameters :
Name Optional
readValue No
Returns : boolean | TlsOptions
parseBoolean
parseBoolean(value)
Parameters :
Name Optional
value No
Returns : boolean | undefined
parseOptionalString
parseOptionalString(value)
Parameters :
Name Optional
value No
Returns : string | undefined
readOptionalFile
readOptionalFile(path: string, variableName: string)
Parameters :
Name Type Optional
path string No
variableName string No
Returns : Buffer

src/verifier/presentations/mdoc-context.ts

bytesEqual
bytesEqual(a: Uint8Array, b: Uint8Array)
Parameters :
Name Type Optional
a Uint8Array No
b Uint8Array No
Returns : boolean

src/crypto/key/kms/kms-config.service.ts

defaultConfig
defaultConfig()
Returns : KmsConfigDto
resolveEnvPlaceholders
resolveEnvPlaceholders(value: T)
Parameters :
Name Type Optional
value T No
Returns : T

src/crypto/key/kms/adapters/aws-kms.adapter.ts

derEcdsaToRaw
derEcdsaToRaw(der: Uint8Array, coordLength: number)

Convert an ASN.1 DER-encoded ECDSA-Sig-Value (SEQUENCE { r, s }) to the raw r || s representation used by JOSE/COSE. coordLength is the curve coordinate size in bytes (32 for P-256).

Parameters :
Name Type Optional
der Uint8Array No
coordLength number No
Returns : Uint8Array

src/issuer/issuance/oid4vci/chained-as/chained-as.service.ts

extractDpopJkt
extractDpopJkt(dpopJwt?: string)

Extract DPoP JWK thumbprint from DPoP JWT. Returns undefined if parsing fails or DPoP is not provided.

Parameters :
Name Type Optional
dpopJwt string Yes
Returns : string | undefined

src/shared/utils/webhook/webhook.utils.ts

extractRawTokenFromSubmission
extractRawTokenFromSubmission(id: string, payload)

Extracts the raw cryptographic token from the presentation payload. Supporting Multi-Credential-Flows by evaluating the descriptor_map or falling back to ID-mapping.

Parameters :
Name Type Optional
id string No
payload No
Returns : string | undefined

src/shared/utils/audit-log-context.util.ts

extractRequestMeta
extractRequestMeta(req?: Request)
Parameters :
Name Type Optional
req Request Yes
getChangedFields
getChangedFields(before?: Record, after?: Record)
Parameters :
Name Type Optional
before Record Yes
after Record Yes
Returns : string[]
getChangedFieldsForKeys
getChangedFieldsForKeys(before: T, after: T, keys: Array)
Parameters :
Name Type Optional
before T No
after T No
keys Array No
Returns : string[]
resolveAuditActor
resolveAuditActor(token: TokenPayload)
Parameters :
Name Type Optional
token TokenPayload No
Returns : AuditLogActor

src/main.helpers.ts

filterOpenApiPaths
filterOpenApiPaths(document: OpenAPIObject, predicate)

Filter an OpenAPI document to only include paths matching (or not matching) a given predicate. Also prunes the tag list to only include tags that are actually referenced by the remaining paths.

Parameters :
Name Type Optional
document OpenAPIObject No
predicate No
Returns : OpenAPIObject

src/shared/utils/encryption/encrypted-column.transformer.ts

getEncryptionService
getEncryptionService()

Get the encryption service instance. Throws if not initialized.

Returns : EncryptionService
initializeEncryptionTransformer
initializeEncryptionTransformer(service: EncryptionService)

Initialize the encryption transformer with an EncryptionService instance. Must be called during application bootstrap before any database operations.

Parameters :
Name Type Optional
service EncryptionService No
Returns : void

src/issuer/issuance/oid4vci/util.ts

getHeadersFromRequest
getHeadersFromRequest(req: Request)

Utility function to extract headers from an Express request

Parameters :
Name Type Optional
req Request No
Returns : globalThis.Headers

src/crypto/key/kms/kms-crypto-provider.ts

importPublicCryptoKey
importPublicCryptoKey(publicJwk: JWK, alg: KmsSigningAlg)

Convenience: derive a real WebCrypto public CryptoKey from a public JWK. Used by the cert builder to populate SubjectPublicKeyInfo / compute Subject- and AuthorityKeyIdentifier extensions.

Parameters :
Name Type Optional Default value
publicJwk JWK No
alg KmsSigningAlg No "ES256"
Returns : Promise<CryptoKey>
isKmsKey
isKmsKey(key: CryptoKey)
Parameters :
Name Type Optional
key CryptoKey No
Returns : unknown
makeKmsSigningKey
makeKmsSigningKey(adapter: KmsAdapter, ref: KmsKeyRef, alg: KmsSigningAlg)

Build an opaque CryptoKey-shaped value that routes WebCrypto sign operations through a KmsAdapter.

The returned object is NEVER usable for export, verify or any other native subtle operation — only for signing, and only when the KmsCryptoProvider is active (which is the default once the KmsProviderRegistry boots).

Parameters :
Name Type Optional Default value
adapter KmsAdapter No
ref KmsKeyRef No
alg KmsSigningAlg No "ES256"
Returns : CryptoKey

src/verifier/presentations/validators/transaction-data.validator.ts

IsTransactionData
IsTransactionData(validationOptions?: ValidationOptions)
Parameters :
Name Type Optional
validationOptions ValidationOptions Yes

src/shared/utils/config-file-loader.util.ts

loadConfigDto
loadConfigDto(filePath: string, validationClass: ClassConstructor)
Parameters :
Name Type Optional
filePath string No
validationClass ClassConstructor No
Returns : T
loadJsonFile
loadJsonFile(filePath: string)
Parameters :
Name Type Optional
filePath string No
Returns : T

src/auth/tenant-context.util.ts

requireTenantContext
requireTenantContext(user: TokenPayload)
Parameters :
Name Type Optional
user TokenPayload No
Returns : string

src/auth/secure.decorator.ts

Secured
Secured(roles)
Parameters :
Name Optional
roles No

src/crypto/key/cert/certificate-builder.service.ts

signatureAlgFor
signatureAlgFor(alg: KmsSigningAlg)
Parameters :
Name Type Optional
alg KmsSigningAlg No

src/crypto/key/kms/adapters/db-kms.adapter.ts

stripPrivateComponents
stripPrivateComponents(jwk: JWK)
Parameters :
Name Type Optional
jwk JWK No
Returns : JWK

results matching ""

    No results matching ""