Revert "Remove web3 ID from VPV1 implementation"

This reverts commit 0902f1e.

Author: soerenbf

docs/pages/verifiable-presentations.md

@@ -6,6 +6,7 @@ This document describes how to create v1 verifiable presentations and how to ver
 <!--toc:start-->
 - [Build Statement](#build-statement)
   - [Identity/account credential statements](#identityaccount-credential-statements)
+  - [Web3 ID credential statements](#web3-id-credential-statements)
 - [JSON representation](#json-representation)
 - [Verifiable Presentation Request (proof request)](#verifiable-presentation-request-proof-request)
 - [Verifiable Presentation (proof)](#verifiable-presentation-proof)
@@ -129,6 +130,51 @@ Note that this type of statement is only allowed for the following attributes:
 - IdDocIssuer
 - IdDocType
 
+### Web3 ID credential statements
+
+To build a statement against a Web3 ID, the builder has exposes an entrypoint `addWeb3IdStatement`,
+which has a function signature similar to those used for [identity/account statements](#identityaccount-credential-statements)
+
+1. A list smart contract addresses the Web3 ID must be created from
+2. A callback function which should be used to add statements for the credential
+
+#### Reveal statement
+
+State that a given attribute should be revealed as part of the proof.
+
+Example: reveal the education degree of an education ID.
+
+```ts
+    build.revealAttribute('degree');
+```
+
+#### Range statement
+
+State that a given attribute should be between 2 given values.
+
+Example: add the statement that the prover must be hired between January 1,
+2015 and Februar 2, 2005.
+
+```ts
+    build.addRange('hired', 20150101, 20050202);
+```
+
+#### Membership statement
+
+Example: add the statement that the prover's position in a company is either "engineer" or "designer"
+
+```ts
+    build.addMembership('position', ['engineer', 'designer']);
+```
+
+#### Non membership statement
+
+Example: add the statement that the prover's position in a company is _not_ "manager":
+
+```ts
+    build.addNonMembership('position', ['manager']);
+```
+
 ## JSON representation
 
 The `VerifiablePresentationRequestV1`, `VerifiablePresentationV1`, and `VerifiableAuditRecordV1` can be represented as
@@ -217,6 +263,9 @@ const contextValues: GivenContext[] = [{label: 'ResourceID', context: ...}];
 // used as input to the presentation. The difference between the two statement types boil down to the presence of an ID
 // qualifier vs. an ID (selected by the application based on the id qualifier).
 const statements: VerifiablePresentationV1.Statement[] = presentationRequest.credentialStatements.map((entry) => {
+    if (entry.type === 'web3Id')
+        return {id: createWeb3IdDID(...), statement: entry.statement};
+
     // prioritize creating identity based proofs, as these are more privacy-preserving
     if (entry.source.includes('identity'))
         return {id: createIdentityStatementDID(...), statement: entry.statement};
@@ -228,6 +277,7 @@ const statements: VerifiablePresentationV1.Statement[] = presentationRequest.cre
 const inputs: CommitmentInput[] = [
     createIdentityCommitmentInputWithHdWallet(...),
     createAccountCommitmentInputWithHdWallet(...),
+    createWeb3CommitmentInputWithHdWallet(...)
 ];
 
 const presentation = await VerifiablePresentationV1.createFromAnchor(

examples/nodejs/common/verifiable-credential-statements.ts

@@ -1,8 +1,18 @@
-import { IdentityProviderDID, VerifiablePresentationRequestV1 } from '@concordium/web-sdk';
+import {
+    ContractAddress,
+    ContractInstanceDID,
+    IdentityProviderDID,
+    VerifiablePresentationRequestV1,
+} from '@concordium/web-sdk';
 
 // #region documentation-snippet
 let builder = VerifiablePresentationRequestV1.statementBuilder();
 
+// Add a web3 ID credential statements
+builder = builder.addWeb3IdStatement([new ContractInstanceDID('Testnet', ContractAddress.create(123))], (b) =>
+    b.addMembership('position', ['engineer'])
+);
+
 // Add an identity credential statement. Alternatively, if the proof produced from the
 // statement should be tied to an account, use `builder.addAccountStatement`.
 // A third option `builder.addAccountOrIdentityStatement`exists where it's up to the

packages/sdk/src/wasm/VerifiablePresentationV1/proof.ts

@@ -24,10 +24,12 @@ import {
     AtomicStatementV2,
     CredentialsInputsAccount,
     CredentialsInputsIdentity,
+    CredentialsInputsWeb3,
     DIDString,
     IdentityCommitmentInput,
     CommitmentInput as OldCommitmentInputs,
     Web3IdProofRequest,
+    Web3IssuerCommitmentInput,
 } from '../../web3-id/index.js';
 import { getVerifiablePresentation } from '../VerifiablePresentation.js';
 import { GivenContextJSON, givenContextFromJSON, givenContextToJSON } from './internal.js';
@@ -60,11 +62,17 @@ export type AccountStatement = { id: DIDString; statement: AtomicStatementV2<Att
  */
 export type IdentityStatement = { id: DIDString; statement: AtomicStatementV2<AttributeKey>[] };
 
+/**
+ * Statement proving attributes from a Web3 ID credential.
+ * Contains the Web3 ID DID, atomic statements about Web3 attributes, and credential type information.
+ */
+export type Web3IdStatement = { id: DIDString; statement: AtomicStatementV2<string>[]; type: string[] };
+
 /**
  * Union type representing all supported statement types in a verifiable presentation.
  * Each statement contains proofs about specific credential attributes.
  */
-export type Statement = IdentityStatement | AccountStatement;
+export type Statement = IdentityStatement | Web3IdStatement | AccountStatement;
 
 function isSpecifiedAccountCredentialStatement(statement: Statement): statement is AccountStatement {
     return statement.id.includes(':cred:');
@@ -160,13 +168,34 @@ export type AccountBasedCredential = {
     issuer: DIDString;
 };
 
+/**
+ * A verifiable credential based on Web3 ID smart contract information.
+ * This credential type contains zero-knowledge proofs about smart contract
+ * issued credentials and their attributes.
+ */
+export type Web3BasedCredential = {
+    /** Type identifiers for this credential format */
+    type: ['VerifiableCredential', 'ConcordiumVerifiableCredentialV1', 'ConcordiumWeb3BasedCredential'];
+    /** The credential subject containing Web3 ID statements */
+    credentialSubject: {
+        /** The account credential identifier as a DID */
+        id: DIDString;
+        /** Statements about Web3 ID attributes (should match request) */
+        statement: AtomicStatementV2<string>[];
+    };
+    /** The zero-knowledge proof for attestation */
+    proof: ZKProofV4;
+    /** The issuer of the ID credential used to open the account credential */
+    issuer: DIDString;
+};
+
 /**
  * Union type representing all supported verifiable credential formats
  * in Concordium verifiable presentations.
  *
  * The structure is reminiscent of a w3c verifiable credential
  */
-export type Credential = IdentityBasedCredential | AccountBasedCredential;
+export type Credential = IdentityBasedCredential | AccountBasedCredential | Web3BasedCredential;
 
 /**
  * A verifiable presentation containing zero-knowledge proofs of credential statements.
@@ -251,7 +280,7 @@ export function fromJSON(value: JSON): VerifiablePresentationV1 {
  * These inputs contain the secret information needed to create proofs without revealing
  * the actual credential data.
  */
-export type CommitmentInput = IdentityCommitmentInput | AccountCommitmentInput;
+export type CommitmentInput = IdentityCommitmentInput | Web3IssuerCommitmentInput | AccountCommitmentInput;
 
 /**
  * Creates a verifiable presentation from an anchored presentation request.
@@ -312,7 +341,7 @@ export async function createFromAnchor(
  *
  * This function generates zero-knowledge proofs for the requested credential statements
  * using the provided commitment inputs and proof context. It handles different types
- * of credentials (identity-based, account-based) and creates appropriate
+ * of credentials (identity-based, account-based, Web3-based) and creates appropriate
  * proofs for each.
  *
  * @param requestStatements - The credential statements to prove
@@ -355,18 +384,21 @@ export function create(
         request,
     });
     // Map the output to match the format of the V1 protocol.
-    const compatibleCredentials: Credential[] = verifiableCredential.map<Credential>((c) => {
-        const { proof, id, statement } = c.credentialSubject;
+    const compatibleCredentials: Credential[] = verifiableCredential.map<Credential>((c, i) => {
+        const { proof, ...credentialSubject } = c.credentialSubject;
         const { created, type: _type, ...proofValues } = proof;
+        const type = isSpecifiedAccountCredentialStatement(compatibleStatements[i])
+            ? 'ConcordiumAccountBasedCredential'
+            : 'ConcordiumWeb3BasedCredential';
         return {
             proof: {
                 createdAt: created,
                 type: 'ConcordiumZKProofV4',
                 proofValue: Buffer.from(cborEncode(proofValues)).toString('hex'),
             },
             issuer: c.issuer,
-            type: ['VerifiableCredential', 'ConcordiumVerifiableCredentialV1', 'ConcordiumAccountBasedCredential'],
-            credentialSubject: { id, statement: statement as unknown as AtomicStatementV2<AttributeKey>[] },
+            type: ['VerifiableCredential', 'ConcordiumVerifiableCredentialV1', type] as any,
+            credentialSubject,
         };
     });
     // and add stubbed ID credentials in
@@ -400,7 +432,7 @@ export type VerificationResult = { type: 'success' } | { type: 'failed'; error:
  * Union type of all credential input types used for verification.
  * These inputs contain the public credential data needed to verify proofs.
  */
-export type CredentialsInputs = CredentialsInputsAccount | CredentialsInputsIdentity;
+export type CredentialsInputs = CredentialsInputsWeb3 | CredentialsInputsAccount | CredentialsInputsIdentity;
 
 /**
  * Verifies a verifiable presentation against its corresponding request.

packages/sdk/src/wasm/VerifiablePresentationV1/request.ts

@@ -14,8 +14,15 @@ import {
     signTransaction,
 } from '../../index.js';
 import { DataBlob, TransactionExpiry, TransactionHash } from '../../types/index.js';
-import { AccountStatementBuild } from '../../web3-id/proofs.js';
-import { AtomicStatementV2, DIDString, IDENTITY_SUBJECT_SCHEMA, IdentityProviderDID } from '../../web3-id/types.js';
+import { AccountStatementBuild, AtomicStatementBuilder } from '../../web3-id/proofs.js';
+import {
+    AtomicStatementV2,
+    ContractInstanceDID,
+    CredentialSchemaSubject,
+    DIDString,
+    IDENTITY_SUBJECT_SCHEMA,
+    IdentityProviderDID,
+} from '../../web3-id/types.js';
 import { GivenContextJSON, givenContextFromJSON, givenContextToJSON } from './internal.js';
 import { CredentialContextLabel, GivenContext } from './types.js';
 
@@ -199,15 +206,27 @@ export type IdentityStatement = {
     issuers: IdentityProviderDID[];
 };
 
+/**
+ * Statement requesting proofs from Web3 ID credentials issued by smart contracts.
+ */
+export type Web3IdStatement = {
+    /** Type discriminator for Web3 ID statements */
+    type: 'web3Id';
+    /** Atomic statements about Web3 ID attributes to prove */
+    statement: AtomicStatementV2<string>[];
+    /** Valid smart contract issuers for this statement */
+    issuers: ContractInstanceDID[];
+};
+
 /**
  * Union type representing all supported statement types in a verifiable presentation request.
  */
-export type Statement = IdentityStatement;
+export type Statement = IdentityStatement | Web3IdStatement;
 
 /**
  * JSON representation of statements with issuer DIDs serialized as strings.
  */
-type StatementJSON = Omit<IdentityStatement, 'issuers'> & {
+type StatementJSON = (Omit<IdentityStatement, 'issuers'> | Omit<Web3IdStatement, 'issuers'>) & {
     issuers: DIDString[];
 };
 
@@ -219,6 +238,30 @@ class StatementBuilder {
     /** Array of credential statements being built. */
     private statements: Statement[] = [];
 
+    /**
+     * Add statements for Web3 ID credentials.
+     *
+     * @param validContracts Array of smart contract identifiers that are valid issuers
+     * @param builderCallback Callback function to build the statements using the provided builder
+     * @param schema Optional credential schema for validation
+     *
+     * @returns The updated builder instance
+     */
+    addWeb3IdStatement(
+        validContracts: ContractInstanceDID[],
+        builderCallback: (builder: AtomicStatementBuilder<string>) => void,
+        schema?: CredentialSchemaSubject
+    ): StatementBuilder {
+        const builder = new AtomicStatementBuilder<string>(schema);
+        builderCallback(builder);
+        this.statements.push({
+            type: 'web3Id',
+            issuers: validContracts,
+            statement: builder.getStatement(),
+        });
+        return this;
+    }
+
     /**
      * Add statements for identity credentials.
      *
@@ -366,6 +409,11 @@ export function fromJSON(json: JSON): VerifiablePresentationRequestV1 {
     const requestContext = { ...json.requestContext, given: json.requestContext.given.map(givenContextFromJSON) };
     const statements: Statement[] = json.credentialStatements.map((statement) => {
         switch (statement.type) {
+            case 'web3Id':
+                return {
+                    ...statement,
+                    issuers: statement.issuers.map(ContractInstanceDID.fromJSON),
+                };
             case 'identity':
                 return {
                     ...statement,

packages/sdk/test/ci/wasm/VerifiablePresentationRequestV1.test.ts

@@ -1,8 +1,8 @@
 import _JB from 'json-bigint';
 
-import { AttributeKeyString, TransactionHash } from '../../../src/pub/types.ts';
+import { AttributeKeyString, ContractAddress, TransactionHash } from '../../../src/pub/types.ts';
 import { VerifiablePresentationRequestV1 } from '../../../src/pub/wasm.ts';
-import { IdentityProviderDID } from '../../../src/pub/web3-id.ts';
+import { ContractInstanceDID, IdentityProviderDID } from '../../../src/pub/web3-id.ts';
 
 const JSONBig = _JB({ alwaysParseAsBig: true, useNativeBigInt: true });
 
@@ -14,6 +14,12 @@ describe('VerifiablePresentationRequestV1', () => {
             'Wine payment'
         );
         const statement = VerifiablePresentationRequestV1.statementBuilder()
+            .addWeb3IdStatement(
+                [ContractAddress.create(2101), ContractAddress.create(1337, 42)].map(
+                    (c) => new ContractInstanceDID('Testnet', c)
+                ),
+                (b) => b.addRange('b', 80n, 1237n).addMembership('c', ['aa', 'ff', 'zz'])
+            )
             .addIdentityStatement(
                 [0, 1, 2].map((i) => new IdentityProviderDID('Testnet', i)),
                 (b) => b.revealAttribute(AttributeKeyString.firstName)
@@ -34,6 +40,12 @@ describe('VerifiablePresentationRequestV1', () => {
             'Wine payment'
         );
         const statement = VerifiablePresentationRequestV1.statementBuilder()
+            .addWeb3IdStatement(
+                [ContractAddress.create(2101), ContractAddress.create(1337, 42)].map(
+                    (c) => new ContractInstanceDID('Testnet', c)
+                ),
+                (b) => b.addRange('b', 80n, 1237n).addMembership('c', ['aa', 'ff', 'zz'])
+            )
             .addIdentityStatement(
                 [0, 1, 2].map((i) => new IdentityProviderDID('Testnet', i)),
                 (b) => b.revealAttribute(AttributeKeyString.firstName)
@@ -43,7 +55,7 @@ describe('VerifiablePresentationRequestV1', () => {
             somePulicInfo: 'public info',
         });
         const expectedAnchor =
-            'a464686173685820acd94ad63951d7c1c48655ddfcf3dbc23a6e11ff20728be1c7f5e6a8b991349d647479706566434344565241667075626c6963a16d736f6d6550756c6963496e666f6b7075626c696320696e666f6776657273696f6e01';
+            'a4646861736858200e601a47ce5f0b34154959e39ab717d51386cda140eb4f6ef12c53aa0a33b3cf647479706566434344565241667075626c6963a16d736f6d6550756c6963496e666f6b7075626c696320696e666f6776657273696f6e01';
         expect(Buffer.from(anchor).toString('hex')).toEqual(expectedAnchor);
 
         const roundtrip = VerifiablePresentationRequestV1.decodeAnchor(anchor);