npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@i3m/conflict-resolver-service

v1.3.0

Published

The Conflict-Resolver Service (CSR) can be queried to provide a signed resolution about the non-repudiation protocol associated to an invoice being valid or invalid. It could be invoked by either the consumer or the provider. It is a core element of the C

Downloads

14

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

rish2497rish2497ferogarferogarjuanelasismejuanelasisme

Keywords

crsconflict resolutionconflictnon-repudiationi3-MARKETi3m

Readme

License: EUPL-1.2 Contributor Covenant JavaScript Style Guide

Conflict Resolver Service

The Conflict-Resolver Service (CRS) can be queried to provide a signed resolution about the non-repudiation protocol associated to an invoice being valid or invalid. It could be invoked by either the consumer or the provider.

Just download the OpenAPI specification at CRS OAS or visualize it online at editor.swagger.io.

It is a core element of the Conflict Resolution system in i3-MARKET. Read more here.

1. Endpoints

The CRS provides two endpoints: one for checking that the protocol was executed properly, and other one to initiate a dispute when a Consumer B claims that he cannot decrypt the cipherblock he has been invoiced for.

Check the OpenAPI specification at CRS OAS or visualize it online at editor.swagger.io for more details.

The endpoints require JWT bearer authentication. The JWT can be obtained after performing a login with OIDC and presenting valid i3-MARKET credentials.

1.1. POST /verification

The CRS can be queried to provide a signed resolution about a data exchanged successfully performed or not. It could be invoked by either the consumer or the provider. The provider should query this endpoint and send it along with the invoice to the consumer.

This endpoint can be accessed at POST /verification and is requires valid i3-MARKET Consumer or Provider's credentials.

1.1.1. Input

A verification request as a compact JSON Web Signature (JWS). For the request to be accepted, it MUST be signed with the same key it was used during the data exchange for this verification.

{
  verificationRequest: string // the verification request in compact JWS format
}

A verification request is a JWS signed by either the consumer or the provider using the same key he/she used for the data exchange. The verification request payload holds a valid PoR:

{
  type: 'verificationRequest'
  proofType: 'request'
  iss: 'orig' | 'dest'
  iat: number // unix timestamp for issued at
  por: string // a compact JWS holding a PoR. The proof MUST be signed with the same key as either 'orig' or 'dest' of the payload proof.
  dataExchangeId: string // the unique id of this data exchange
}

1.1.2. Output

It returns a signed resolution as a compact JWS with payload:

{
  proofType: 'resolution'
  type: 'verification'
  resolution: 'completed' | 'not completed' // whether the data exchange has been verified to be complete
  dataExchangeId: string // the unique id of this data exchange
  iat: number // unix timestamp stating when it was resolved
  iss: string // the public key of the CRS in JWK
  sub: string // the public key (JWK) of the entity that requested a resolution
}

1.2. POST /dispute

Notice that the signed resolution obtained from POST /verification does not ensure that the published secret could be used to decrypt the encrypted block of data. If the consumer B is not able to decrypt the cipherblock, he could initiate a dispute on the CRS. The CRS will also provide signed resolution of whether B is right or not.

All this is handled in this endpoint, which can only be queried if in possession of valid i3-MARKET Consumer's credentials.

1.2.1. Input

{
  disputeRequest: string // the dispute request in compact JWS format
}

A dispute request as a compact JSON Web Signature (JWS). For the request to be accepted, it MUST be signed with the same key it was used during the data exchange for this verification.

The payload of a decoded disputeRequest holds a valid PoR, and the received cipherblock:

{
  proofType: 'request'
  type: 'disputeRequest'
  iss: 'dest'
  cipherblock: string // the cipherblock as a JWE string
  iat: number // unix timestamp for issued at
  por: string // a compact JWS holding a PoR. The proof MUST be signed with the same key as either 'orig' or 'dest' of the payload proof.
  dataExchangeId: string // the unique id of this data exchange
}

1.2.2. Output

It returns a signed resolution as a compact JWS with payload:

{
  proofType: 'resolution'
  type: 'dispute'
  resolution: 'accepted' | 'denied' // resolution is 'denied' if the cipherblock can be properly decrypted; otherwise is 'accepted'
  dataExchangeId: string // the unique id of this data exchange
  iat: number // unix timestamp stating when it was resolved
  iss: string // the public key of the CRS in JWK
  sub: string // the public key (JWK) of the entity that requested a resolution
}

2. Local setup

You can get a local instance (for development) up and running with NPM or Docker

2.1. NPM

Install the service as:

npm install @i3m/conflict-resolver-service

Copy template.env into that directory and name it .env.

Fill in the required variables (it is self-explanatory).

You need a pair of private/public keys in JWK format. You have two options: 1) to let the server generate them when it is first started (leave the CRS_PRIVATE_JWK and CRS_PUBLIC_JWK empty); 2) create them as follows and adding the to your .env file.

  • [new keys] npx generateJwks ES256
  • [using a privatekey in hex] node generateJwks ES256 <your private key in hex>

Just call npx generateJwks -h for further help.

You must also state an RPC endpoint for accessing the ledger RPC_PROVIDER_URL

Run your CRS as:

npx crs

2.2. Docker

Download Dockerfile to a directory. From that directory, built it as:

docker build -t crs .

Copy template.env into that directory and name it .env.

Fill in the required variables (it is self-explanatory).

You need a pair of private/public keys in JWK format. You have two options: 1) to let the server generate them when it is first started (leave the CRS_PRIVATE_JWK and CRS_PUBLIC_JWK empty); 2) create them as follows and adding the to your .env file.

  • [new keys] docker run -it --init crs generateJwks ES256
  • [using a privatekey in hex] docker run -it --init crs generateJwks ES256 <your private key in hex>

Just call docker run -it --init crs generateJwks -h for further help.

Run your CRS as:

  • If you are using env variables for you JWKs:

    docker run -it --init -p 127.0.0.1:3000:3000 --env-file .env crs

  • Otherwise, for your keys to persist you also need to mount a volume in the container's /app/.keys:

    docker run -it --init -p 127.0.0.1:3000:3000 --env-file .env -v keys:/app/.keys crs

Notice that we are just exposing localhost at tcp port 3000. Use the configuration you need. In production, you will likely have it behind a reverse proxy providing TLS.