Library to verify any Opencerts document. This library extends @govtechsg/oa-verify.
npm install @govtechsg/opencerts-verify
import { documentMainnetValidWithCertificateStore } from "./test/fixtures/v2/document";
import { verify, isValid } from "@govtechsg/opencerts-verify";
const fragments = await verify(documentMainnetValidWithCertificateStore, { network: "goerli" });
console.log(fragments); // see below
console.log(isValid(fragments)); // display true
[
{
"data": true,
"status": "VALID",
"name": "OpenAttestationHash",
"type": "DOCUMENT_INTEGRITY"
},
{
"data": {
"details": [
{
"address": "0x007d40224f6562461633ccfbaffd359ebb2fc9ba",
"issued": true
}
],
"issuedOnAll": true
},
"status": "VALID",
"name": "OpenAttestationEthereumDocumentStoreIssued",
"type": "DOCUMENT_STATUS"
},
{
"message": "Document issuers doesn't have \"tokenRegistry\" property or TOKEN_REGISTRY method",
"name": "OpenAttestationEthereumTokenRegistryMinted",
"status": "SKIPPED",
"type": "DOCUMENT_STATUS"
},
{
"data": {
"details": [
{
"address": "0x007d40224f6562461633ccfbaffd359ebb2fc9ba",
"revoked": false
}
],
"revokedOnAny": false
},
"status": "VALID",
"name": "OpenAttestationEthereumDocumentStoreRevoked",
"type": "DOCUMENT_STATUS"
},
{
"message": "Document issuers doesn't have \"documentStore\" / \"tokenRegistry\" property or doesn't use DNS-TXT type",
"status": "SKIPPED",
"name": "OpenAttestationDnsTxt",
"type": "ISSUER_IDENTITY"
},
{
"data": [
{
"status": "VALID",
"value": "0x007d40224f6562461633ccfbaffd359ebb2fc9ba",
"name": "Government Technology Agency of Singapore (GovTech)",
"displayCard": true,
"website": "https://www.tech.gov.sg",
"email": "[email protected]",
"phone": "+65 6211 2100",
"logo": "/static/images/GOVTECH_logo.png",
"id": "govtech-registry"
}
],
"name": "OpencertsRegistryVerifier",
"status": "VALID",
"type": "ISSUER_IDENTITY"
}
]
OpencertsRegistryVerifier
is a new verifier specific to Opencerts documents:
- it ensures document
ISSUER_IDENTITY
and works closely withOpenAttestationDnsTxt
verifier (seeisValid
below) - it returns a
VALID
fragment if at least one of the issuer is in Opencerts registry - it returns a
SKIPPED
fragment if none of the issuers is in the registry.
With the addition of OpencertsRegistryVerifier
verifier, different rules apply for ISSUER_IDENTITY
type verifiers:
ISSUER_IDENTITY
is valid if at least one issuer is in the registry, i.e. ifOpencertsRegistryVerifier
has statusVALID
- if
OpencertsRegistryVerifier
doesn't haveVALID
status then all issuers must have valid DNS-TXT record.