@credo-ts/anoncreds 0.6.1-pr-2091-20241119140918 → 0.6.1

package/build/anoncreds-rs/AnonCredsDataIntegrityService.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnonCredsDataIntegrityService.mjs","names":["AnonCredsDataIntegrityService","credentialsProve: AnonCredsCredentialProve[]","credentialsWithMetadata: CredentialWithRevocationMetadata[]","anonCredsProofRequest: AnonCredsProofRequest","descriptor: InputDescriptorV1 | InputDescriptorV2 | undefined","descriptor","proof","result: { value: unknown; path: PathComponent[] }[]","predicates: {\n      predicateType: AnonCredsRequestedPredicate['p_type']\n      predicateValue: AnonCredsRequestedPredicate['p_value']\n    }[]","supportedJsonSchemaNumericRangeProperties: Record<string, AnonCredsRequestedPredicate['p_type']>","linkSecretId","createPresentationOptions: CreateW3cPresentationOptions"],"sources":["../../src/anoncreds-rs/AnonCredsDataIntegrityService.ts"],"sourcesContent":["import { JSONPath } from '@astronautlabs/jsonpath'\nimport type {\n  AgentContext,\n  AnoncredsDataIntegrityVerifyPresentation,\n  DifPresentationExchangeDefinition,\n  DifPresentationExchangeSubmission,\n  IAnonCredsDataIntegrityService,\n  W3cCredentialRecord,\n  W3cJsonLdVerifiableCredential,\n} from '@credo-ts/core'\nimport {\n  ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE,\n  ClaimFormat,\n  CredoError,\n  deepEquality,\n  Hasher,\n  injectable,\n  JsonTransformer,\n  TypedArrayEncoder,\n} from '@credo-ts/core'\nimport type { Descriptor, FieldV2, InputDescriptorV1, InputDescriptorV2 } from '@sphereon/pex-models'\nimport type { AnonCredsProofRequest, AnonCredsRequestedPredicate } from '../models'\nimport type { CredentialWithRevocationMetadata } from '../models/utils'\nimport type { AnonCredsCredentialProve, AnonCredsHolderService, CreateW3cPresentationOptions } from '../services'\nimport { AnonCredsHolderServiceSymbol, AnonCredsVerifierServiceSymbol } from '../services'\nimport { fetchCredentialDefinitions, fetchSchemas } from '../utils/anonCredsObjects'\nimport { bytesToBigint } from '../utils/bytesToBigint'\nimport { assertLinkSecretsMatch } from '../utils/linkSecret'\nimport { getAnonCredsTagsFromRecord } from '../utils/w3cAnonCredsUtils'\nimport type { AnonCredsRsVerifierService } from './AnonCredsRsVerifierService'\n\nimport { getW3cAnonCredsCredentialMetadata } from './utils'\n\nexport type PathComponent = string | number\n\n@injectable()\nexport class AnonCredsDataIntegrityService implements IAnonCredsDataIntegrityService {\n  private getDataIntegrityProof(credential: W3cJsonLdVerifiableCredential) {\n    const cryptosuite = ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE\n    if (Array.isArray(credential.proof)) {\n      const proof = credential.proof.find(\n        (proof) => proof.type === 'DataIntegrityProof' && 'cryptosuite' in proof && proof.cryptosuite === cryptosuite\n      )\n      if (!proof) throw new CredoError(`Could not find ${ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE} proof`)\n      return proof\n    }\n\n    if (\n      credential.proof.type !== 'DataIntegrityProof' ||\n      !('cryptosuite' in credential.proof && credential.proof.cryptosuite === cryptosuite)\n    ) {\n      throw new CredoError(`Could not find ${ANONCREDS_DATA_INTEGRITY_CRYPTOSUITE} proof`)\n    }\n\n    return credential.proof\n  }\n  private extractPathNodes(obj: unknown, paths: string[]): { value: unknown; path: PathComponent[] }[] {\n    let result: { value: unknown; path: PathComponent[] }[] = []\n    if (paths) {\n      for (const path of paths) {\n        result = JSONPath.nodes(obj, path)\n        if (result.length) break\n      }\n    }\n    return result\n  }\n\n  private async getCredentialMetadataForDescriptor(\n    _agentContext: AgentContext,\n    descriptorMapObject: Descriptor,\n    selectedCredentials: W3cJsonLdVerifiableCredential[]\n  ) {\n    const credentialExtractionResult = this.extractPathNodes({ verifiableCredential: selectedCredentials }, [\n      descriptorMapObject.path,\n    ])\n\n    if (credentialExtractionResult.length === 0 || credentialExtractionResult.length > 1) {\n      throw new Error('Could not extract credential from presentation submission')\n    }\n\n    const w3cJsonLdVerifiableCredential = credentialExtractionResult[0].value as W3cJsonLdVerifiableCredential\n    const w3cJsonLdVerifiableCredentialJson = JsonTransformer.toJSON(w3cJsonLdVerifiableCredential)\n\n    const entryIndex = selectedCredentials.findIndex((credential) =>\n      deepEquality(JsonTransformer.toJSON(credential), w3cJsonLdVerifiableCredentialJson)\n    )\n    if (entryIndex === -1) throw new CredoError('Could not find selected credential')\n\n    return {\n      entryIndex,\n      credential: selectedCredentials[entryIndex],\n      ...getW3cAnonCredsCredentialMetadata(w3cJsonLdVerifiableCredential),\n    }\n  }\n\n  private descriptorRequiresRevocationStatus(descriptor: InputDescriptorV1 | InputDescriptorV2) {\n    const statuses = descriptor.constraints?.statuses\n    if (!statuses) return false\n    if (\n      statuses?.active?.directive &&\n      (statuses.active.directive === 'allowed' || statuses.active.directive === 'required')\n    ) {\n      return true\n    }\n    throw new CredoError('Unsupported status directive')\n  }\n\n  private getPredicateTypeAndValues(predicateFilter: NonNullable<FieldV2['filter']>) {\n    const predicates: {\n      predicateType: AnonCredsRequestedPredicate['p_type']\n      predicateValue: AnonCredsRequestedPredicate['p_value']\n    }[] = []\n\n    const supportedJsonSchemaNumericRangeProperties: Record<string, AnonCredsRequestedPredicate['p_type']> = {\n      exclusiveMinimum: '>',\n      exclusiveMaximum: '<',\n      minimum: '>=',\n      maximum: '<=',\n    }\n\n    for (const [key, value] of Object.entries(predicateFilter)) {\n      if (key === 'type') continue\n\n      const predicateType = supportedJsonSchemaNumericRangeProperties[key]\n      if (!predicateType) throw new CredoError(`Unsupported predicate filter property '${key}'`)\n      predicates.push({\n        predicateType,\n        predicateValue: value,\n      })\n    }\n\n    return predicates\n  }\n\n  private getClaimNameForField(field: FieldV2) {\n    if (!field.path) throw new CredoError('Field path is required')\n    // fixme: could the path start otherwise?\n    const baseClaimPath = '$.credentialSubject.'\n    const claimPaths = field.path.filter((path) => path.startsWith(baseClaimPath))\n    if (claimPaths.length === 0) return undefined\n\n    // FIXME: we should iterate over all attributes of the schema here and check if the path is valid\n    // see https://identity.foundation/presentation-exchange/#presentation-definition\n    const claimNames = claimPaths.map((path) => path.slice(baseClaimPath.length))\n    const propertyName = claimNames[0]\n\n    return propertyName\n  }\n\n  public createAnonCredsProofRequestAndMetadata = async (\n    agentContext: AgentContext,\n    presentationDefinition: DifPresentationExchangeDefinition,\n    presentationSubmission: DifPresentationExchangeSubmission,\n    credentials: W3cJsonLdVerifiableCredential[],\n    challenge: string\n  ) => {\n    const credentialsProve: AnonCredsCredentialProve[] = []\n    const schemaIds = new Set<string>()\n    const credentialDefinitionIds = new Set<string>()\n    const credentialsWithMetadata: CredentialWithRevocationMetadata[] = []\n\n    const hash = Hasher.hash(TypedArrayEncoder.fromString(challenge), 'sha-256')\n    const nonce = bytesToBigint(hash).toString().slice(0, 20)\n\n    const anonCredsProofRequest: AnonCredsProofRequest = {\n      version: '1.0',\n      name: presentationDefinition.name ?? 'Proof request',\n      nonce,\n      requested_attributes: {},\n      requested_predicates: {},\n    }\n\n    const nonRevoked = Math.floor(Date.now() / 1000)\n    const nonRevokedInterval = { from: nonRevoked, to: nonRevoked }\n\n    for (const descriptorMapObject of presentationSubmission.descriptor_map) {\n      const descriptor: InputDescriptorV1 | InputDescriptorV2 | undefined = (\n        presentationDefinition.input_descriptors as InputDescriptorV2[]\n      ).find((descriptor) => descriptor.id === descriptorMapObject.id)\n\n      if (!descriptor) {\n        throw new Error(`Descriptor with id ${descriptorMapObject.id} not found in presentation definition`)\n      }\n\n      const referent = descriptorMapObject.id\n      const attributeReferent = `${referent}_attribute`\n      const predicateReferentBase = `${referent}_predicate`\n      let predicateReferentIndex = 0\n\n      const fields = descriptor.constraints?.fields\n      if (!fields) throw new CredoError('Unclear mapping of constraint with no fields.')\n\n      const { entryIndex, schemaId, credentialDefinitionId, revocationRegistryId, credential } =\n        await this.getCredentialMetadataForDescriptor(agentContext, descriptorMapObject, credentials)\n\n      schemaIds.add(schemaId)\n      credentialDefinitionIds.add(credentialDefinitionId)\n\n      const requiresRevocationStatus = this.descriptorRequiresRevocationStatus(descriptor)\n      if (requiresRevocationStatus && !revocationRegistryId) {\n        throw new CredoError('Selected credentials must be revocable but are not')\n      }\n\n      credentialsWithMetadata.push({\n        credential,\n        nonRevoked: requiresRevocationStatus ? nonRevokedInterval : undefined,\n      })\n\n      for (const field of fields) {\n        const propertyName = this.getClaimNameForField(field)\n        if (!propertyName) continue\n\n        if (field.predicate) {\n          if (!field.filter) throw new CredoError('Missing required predicate filter property.')\n          const predicateTypeAndValues = this.getPredicateTypeAndValues(field.filter)\n          for (const { predicateType, predicateValue } of predicateTypeAndValues) {\n            const predicateReferent = `${predicateReferentBase}_${predicateReferentIndex++}`\n            anonCredsProofRequest.requested_predicates[predicateReferent] = {\n              name: propertyName,\n              p_type: predicateType,\n              p_value: predicateValue,\n              restrictions: [{ cred_def_id: credentialDefinitionId }],\n              non_revoked: requiresRevocationStatus ? nonRevokedInterval : undefined,\n            }\n\n            credentialsProve.push({ entryIndex, referent: predicateReferent, isPredicate: true, reveal: true })\n          }\n        } else {\n          if (!anonCredsProofRequest.requested_attributes[attributeReferent]) {\n            anonCredsProofRequest.requested_attributes[attributeReferent] = {\n              names: [propertyName],\n              restrictions: [{ cred_def_id: credentialDefinitionId }],\n              non_revoked: requiresRevocationStatus ? nonRevokedInterval : undefined,\n            }\n          } else {\n            const names = anonCredsProofRequest.requested_attributes[attributeReferent].names ?? []\n            anonCredsProofRequest.requested_attributes[attributeReferent].names = [...names, propertyName]\n          }\n\n          credentialsProve.push({ entryIndex, referent: attributeReferent, isPredicate: false, reveal: true })\n        }\n      }\n    }\n\n    return { anonCredsProofRequest, credentialsWithMetadata, credentialsProve, schemaIds, credentialDefinitionIds }\n  }\n\n  public async createPresentation(\n    agentContext: AgentContext,\n    options: {\n      presentationDefinition: DifPresentationExchangeDefinition\n      presentationSubmission: DifPresentationExchangeSubmission\n      selectedCredentialRecords: W3cCredentialRecord[]\n      challenge: string\n    }\n  ) {\n    const { presentationDefinition, presentationSubmission, selectedCredentialRecords, challenge } = options\n\n    const linkSecrets = selectedCredentialRecords\n      .map((record) => getAnonCredsTagsFromRecord(record)?.anonCredsLinkSecretId)\n      .filter((linkSecretId): linkSecretId is string => linkSecretId !== undefined)\n\n    const linkSecretId = assertLinkSecretsMatch(agentContext, linkSecrets)\n\n    const { anonCredsProofRequest, credentialDefinitionIds, schemaIds, credentialsProve, credentialsWithMetadata } =\n      await this.createAnonCredsProofRequestAndMetadata(\n        agentContext,\n        presentationDefinition,\n        presentationSubmission,\n        selectedCredentialRecords.map((record) => record.firstCredential) as W3cJsonLdVerifiableCredential[],\n        challenge\n      )\n\n    const createPresentationOptions: CreateW3cPresentationOptions = {\n      linkSecretId,\n      proofRequest: anonCredsProofRequest,\n      credentialsProve,\n      credentialsWithRevocationMetadata: credentialsWithMetadata,\n      schemas: await fetchSchemas(agentContext, schemaIds),\n      credentialDefinitions: await fetchCredentialDefinitions(agentContext, credentialDefinitionIds),\n    }\n\n    const anonCredsHolderService =\n      agentContext.dependencyManager.resolve<AnonCredsHolderService>(AnonCredsHolderServiceSymbol)\n    const w3cPresentation = await anonCredsHolderService.createW3cPresentation(agentContext, createPresentationOptions)\n    return w3cPresentation\n  }\n\n  public async verifyPresentation(agentContext: AgentContext, options: AnoncredsDataIntegrityVerifyPresentation) {\n    const { presentation, presentationDefinition, presentationSubmission, challenge } = options\n\n    const credentialDefinitionIds = new Set<string>()\n\n    const verifiableCredentials = Array.isArray(presentation.verifiableCredential)\n      ? presentation.verifiableCredential\n      : [presentation.verifiableCredential]\n\n    for (const verifiableCredential of verifiableCredentials) {\n      if (verifiableCredential.claimFormat === ClaimFormat.LdpVc) {\n        const proof = this.getDataIntegrityProof(verifiableCredential)\n        credentialDefinitionIds.add(proof.verificationMethod)\n      } else {\n        throw new CredoError('Unsupported credential type')\n      }\n    }\n\n    const { anonCredsProofRequest, credentialsWithMetadata } = await this.createAnonCredsProofRequestAndMetadata(\n      agentContext,\n      presentationDefinition,\n      presentationSubmission,\n      verifiableCredentials as W3cJsonLdVerifiableCredential[],\n      challenge\n    )\n\n    const credentialDefinitions = await fetchCredentialDefinitions(agentContext, credentialDefinitionIds)\n    const schemaIds = new Set(Object.values(credentialDefinitions).map((cd) => cd.schemaId))\n    const schemas = await fetchSchemas(agentContext, schemaIds)\n\n    const anonCredsVerifierService =\n      agentContext.dependencyManager.resolve<AnonCredsRsVerifierService>(AnonCredsVerifierServiceSymbol)\n\n    return await anonCredsVerifierService.verifyW3cPresentation(agentContext, {\n      credentialsWithRevocationMetadata: credentialsWithMetadata,\n      presentation,\n      proofRequest: anonCredsProofRequest,\n      schemas,\n      credentialDefinitions,\n    })\n  }\n}\n"],"mappings":";;;;;;;;;;;;;AAoCO,0CAAMA,gCAAwE;;OAiH5E,yCAAyC,OAC9C,cACA,wBACA,wBACA,aACA,cACG;GACH,MAAMC,mBAA+C,EAAE;GACvD,MAAM,4BAAY,IAAI,KAAa;GACnC,MAAM,0CAA0B,IAAI,KAAa;GACjD,MAAMC,0BAA8D,EAAE;GAGtE,MAAM,QAAQ,cADD,OAAO,KAAK,kBAAkB,WAAW,UAAU,EAAE,UAAU,CAC3C,CAAC,UAAU,CAAC,MAAM,GAAG,GAAG;GAEzD,MAAMC,wBAA+C;IACnD,SAAS;IACT,MAAM,uBAAuB,QAAQ;IACrC;IACA,sBAAsB,EAAE;IACxB,sBAAsB,EAAE;IACzB;GAED,MAAM,aAAa,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;GAChD,MAAM,qBAAqB;IAAE,MAAM;IAAY,IAAI;IAAY;AAE/D,QAAK,MAAM,uBAAuB,uBAAuB,gBAAgB;IACvE,MAAMC,aACJ,uBAAuB,kBACvB,MAAM,iBAAeC,aAAW,OAAO,oBAAoB,GAAG;AAEhE,QAAI,CAAC,WACH,OAAM,IAAI,MAAM,sBAAsB,oBAAoB,GAAG,uCAAuC;IAGtG,MAAM,WAAW,oBAAoB;IACrC,MAAM,oBAAoB,GAAG,SAAS;IACtC,MAAM,wBAAwB,GAAG,SAAS;IAC1C,IAAI,yBAAyB;IAE7B,MAAM,SAAS,WAAW,aAAa;AACvC,QAAI,CAAC,OAAQ,OAAM,IAAI,WAAW,gDAAgD;IAElF,MAAM,EAAE,YAAY,UAAU,wBAAwB,sBAAsB,eAC1E,MAAM,KAAK,mCAAmC,cAAc,qBAAqB,YAAY;AAE/F,cAAU,IAAI,SAAS;AACvB,4BAAwB,IAAI,uBAAuB;IAEnD,MAAM,2BAA2B,KAAK,mCAAmC,WAAW;AACpF,QAAI,4BAA4B,CAAC,qBAC/B,OAAM,IAAI,WAAW,qDAAqD;AAG5E,4BAAwB,KAAK;KAC3B;KACA,YAAY,2BAA2B,qBAAqB;KAC7D,CAAC;AAEF,SAAK,MAAM,SAAS,QAAQ;KAC1B,MAAM,eAAe,KAAK,qBAAqB,MAAM;AACrD,SAAI,CAAC,aAAc;AAEnB,SAAI,MAAM,WAAW;AACnB,UAAI,CAAC,MAAM,OAAQ,OAAM,IAAI,WAAW,8CAA8C;MACtF,MAAM,yBAAyB,KAAK,0BAA0B,MAAM,OAAO;AAC3E,WAAK,MAAM,EAAE,eAAe,oBAAoB,wBAAwB;OACtE,MAAM,oBAAoB,GAAG,sBAAsB,GAAG;AACtD,6BAAsB,qBAAqB,qBAAqB;QAC9D,MAAM;QACN,QAAQ;QACR,SAAS;QACT,cAAc,CAAC,EAAE,aAAa,wBAAwB,CAAC;QACvD,aAAa,2BAA2B,qBAAqB;QAC9D;AAED,wBAAiB,KAAK;QAAE;QAAY,UAAU;QAAmB,aAAa;QAAM,QAAQ;QAAM,CAAC;;YAEhG;AACL,UAAI,CAAC,sBAAsB,qBAAqB,mBAC9C,uBAAsB,qBAAqB,qBAAqB;OAC9D,OAAO,CAAC,aAAa;OACrB,cAAc,CAAC,EAAE,aAAa,wBAAwB,CAAC;OACvD,aAAa,2BAA2B,qBAAqB;OAC9D;WACI;OACL,MAAM,QAAQ,sBAAsB,qBAAqB,mBAAmB,SAAS,EAAE;AACvF,6BAAsB,qBAAqB,mBAAmB,QAAQ,CAAC,GAAG,OAAO,aAAa;;AAGhG,uBAAiB,KAAK;OAAE;OAAY,UAAU;OAAmB,aAAa;OAAO,QAAQ;OAAM,CAAC;;;;AAK1G,UAAO;IAAE;IAAuB;IAAyB;IAAkB;IAAW;IAAyB;;;CA/MjH,AAAQ,sBAAsB,YAA2C;EACvE,MAAM,cAAc;AACpB,MAAI,MAAM,QAAQ,WAAW,MAAM,EAAE;GACnC,MAAM,QAAQ,WAAW,MAAM,MAC5B,YAAUC,QAAM,SAAS,wBAAwB,iBAAiBA,WAASA,QAAM,gBAAgB,YACnG;AACD,OAAI,CAAC,MAAO,OAAM,IAAI,WAAW,kBAAkB,qCAAqC,QAAQ;AAChG,UAAO;;AAGT,MACE,WAAW,MAAM,SAAS,wBAC1B,EAAE,iBAAiB,WAAW,SAAS,WAAW,MAAM,gBAAgB,aAExE,OAAM,IAAI,WAAW,kBAAkB,qCAAqC,QAAQ;AAGtF,SAAO,WAAW;;CAEpB,AAAQ,iBAAiB,KAAc,OAA8D;EACnG,IAAIC,SAAsD,EAAE;AAC5D,MAAI,MACF,MAAK,MAAM,QAAQ,OAAO;AACxB,YAAS,SAAS,MAAM,KAAK,KAAK;AAClC,OAAI,OAAO,OAAQ;;AAGvB,SAAO;;CAGT,MAAc,mCACZ,eACA,qBACA,qBACA;EACA,MAAM,6BAA6B,KAAK,iBAAiB,EAAE,sBAAsB,qBAAqB,EAAE,CACtG,oBAAoB,KACrB,CAAC;AAEF,MAAI,2BAA2B,WAAW,KAAK,2BAA2B,SAAS,EACjF,OAAM,IAAI,MAAM,4DAA4D;EAG9E,MAAM,gCAAgC,2BAA2B,GAAG;EACpE,MAAM,oCAAoC,gBAAgB,OAAO,8BAA8B;EAE/F,MAAM,aAAa,oBAAoB,WAAW,eAChD,aAAa,gBAAgB,OAAO,WAAW,EAAE,kCAAkC,CACpF;AACD,MAAI,eAAe,GAAI,OAAM,IAAI,WAAW,qCAAqC;AAEjF,SAAO;GACL;GACA,YAAY,oBAAoB;GAChC,GAAG,kCAAkC,8BAA8B;GACpE;;CAGH,AAAQ,mCAAmC,YAAmD;EAC5F,MAAM,WAAW,WAAW,aAAa;AACzC,MAAI,CAAC,SAAU,QAAO;AACtB,MACE,UAAU,QAAQ,cACjB,SAAS,OAAO,cAAc,aAAa,SAAS,OAAO,cAAc,YAE1E,QAAO;AAET,QAAM,IAAI,WAAW,+BAA+B;;CAGtD,AAAQ,0BAA0B,iBAAiD;EACjF,MAAMC,aAGA,EAAE;EAER,MAAMC,4CAAmG;GACvG,kBAAkB;GAClB,kBAAkB;GAClB,SAAS;GACT,SAAS;GACV;AAED,OAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,gBAAgB,EAAE;AAC1D,OAAI,QAAQ,OAAQ;GAEpB,MAAM,gBAAgB,0CAA0C;AAChE,OAAI,CAAC,cAAe,OAAM,IAAI,WAAW,0CAA0C,IAAI,GAAG;AAC1F,cAAW,KAAK;IACd;IACA,gBAAgB;IACjB,CAAC;;AAGJ,SAAO;;CAGT,AAAQ,qBAAqB,OAAgB;AAC3C,MAAI,CAAC,MAAM,KAAM,OAAM,IAAI,WAAW,yBAAyB;EAE/D,MAAM,gBAAgB;EACtB,MAAM,aAAa,MAAM,KAAK,QAAQ,SAAS,KAAK,WAAW,cAAc,CAAC;AAC9E,MAAI,WAAW,WAAW,EAAG,QAAO;AAOpC,SAHmB,WAAW,KAAK,SAAS,KAAK,MAAM,GAAqB,CAAC,CAC7C;;CAuGlC,MAAa,mBACX,cACA,SAMA;EACA,MAAM,EAAE,wBAAwB,wBAAwB,2BAA2B,cAAc;EAMjG,MAAM,eAAe,uBAAuB,cAJxB,0BACjB,KAAK,WAAW,2BAA2B,OAAO,EAAE,sBAAsB,CAC1E,QAAQ,mBAAyCC,mBAAiB,OAAU,CAET;EAEtE,MAAM,EAAE,uBAAuB,yBAAyB,WAAW,kBAAkB,4BACnF,MAAM,KAAK,uCACT,cACA,wBACA,wBACA,0BAA0B,KAAK,WAAW,OAAO,gBAAgB,EACjE,UACD;EAEH,MAAMC,4BAA0D;GAC9D;GACA,cAAc;GACd;GACA,mCAAmC;GACnC,SAAS,MAAM,aAAa,cAAc,UAAU;GACpD,uBAAuB,MAAM,2BAA2B,cAAc,wBAAwB;GAC/F;AAKD,SADwB,MADtB,aAAa,kBAAkB,QAAgC,6BAA6B,CACzC,sBAAsB,cAAc,0BAA0B;;CAIrH,MAAa,mBAAmB,cAA4B,SAAmD;EAC7G,MAAM,EAAE,cAAc,wBAAwB,wBAAwB,cAAc;EAEpF,MAAM,0CAA0B,IAAI,KAAa;EAEjD,MAAM,wBAAwB,MAAM,QAAQ,aAAa,qBAAqB,GAC1E,aAAa,uBACb,CAAC,aAAa,qBAAqB;AAEvC,OAAK,MAAM,wBAAwB,sBACjC,KAAI,qBAAqB,gBAAgB,YAAY,OAAO;GAC1D,MAAM,QAAQ,KAAK,sBAAsB,qBAAqB;AAC9D,2BAAwB,IAAI,MAAM,mBAAmB;QAErD,OAAM,IAAI,WAAW,8BAA8B;EAIvD,MAAM,EAAE,uBAAuB,4BAA4B,MAAM,KAAK,uCACpE,cACA,wBACA,wBACA,uBACA,UACD;EAED,MAAM,wBAAwB,MAAM,2BAA2B,cAAc,wBAAwB;EAErG,MAAM,UAAU,MAAM,aAAa,cADjB,IAAI,IAAI,OAAO,OAAO,sBAAsB,CAAC,KAAK,OAAO,GAAG,SAAS,CAAC,CAC7B;AAK3D,SAAO,MAFL,aAAa,kBAAkB,QAAoC,+BAA+B,CAE9D,sBAAsB,cAAc;GACxE,mCAAmC;GACnC;GACA,cAAc;GACd;GACA;GACD,CAAC;;;4CApSL,YAAY"}

package/build/anoncreds-rs/AnonCredsRsHolderService.mjs

@@ -0,0 +1,488 @@
+import { AnonCredsModuleConfig } from "../AnonCredsModuleConfig.mjs";
+import { AnonCredsRsError } from "../error/AnonCredsRsError.mjs";
+import "../error/index.mjs";
+import { __decorate } from "../_virtual/_@oxc-project_runtime@0.99.0/helpers/decorate.mjs";
+import { isUnqualifiedCredentialDefinitionId, isUnqualifiedIndyDid, isUnqualifiedSchemaId, unqualifiedCredentialDefinitionIdRegex } from "../utils/indyIdentifiers.mjs";
+import { AnonCredsCredentialRepository } from "../repository/AnonCredsCredentialRepository.mjs";
+import { AnonCredsLinkSecretRepository } from "../repository/AnonCredsLinkSecretRepository.mjs";
+import "../repository/index.mjs";
+import { AnonCredsRegistryService } from "../services/registry/AnonCredsRegistryService.mjs";
+import "../services/index.mjs";
+import { assertLinkSecretsMatch, getLinkSecret, storeLinkSecret } from "../utils/linkSecret.mjs";
+import { W3cAnonCredsCredentialMetadataKey } from "../utils/metadata.mjs";
+import { getAnoncredsCredentialInfoFromRecord, getW3cRecordAnonCredsTags } from "../utils/w3cAnonCredsUtils.mjs";
+import "../utils/index.mjs";
+import { AnonCredsRestrictionWrapper } from "../models/AnonCredsRestrictionWrapper.mjs";
+import "../models/index.mjs";
+import { proofRequestUsesUnqualifiedIdentifiers } from "../utils/proofRequest.mjs";
+import { getRevocationMetadata } from "./utils.mjs";
+import { CredoError, JsonTransformer, Kms, TypedArrayEncoder, W3cCredentialRecord, W3cCredentialRepository, W3cCredentialService, W3cJsonLdVerifiableCredential, W3cJsonLdVerifiablePresentation, injectable, utils } from "@credo-ts/core";
+import { Credential, CredentialRequest, CredentialRevocationState, LinkSecret, Presentation, RevocationRegistryDefinition, RevocationStatusList, W3cCredential as W3cCredential$1, W3cPresentation, anoncreds } from "@hyperledger/anoncreds-shared";
+
+//#region src/anoncreds-rs/AnonCredsRsHolderService.ts
+let AnonCredsRsHolderService = class AnonCredsRsHolderService$1 {
+	constructor() {
+		this.getPresentationMetadata = async (agentContext, options) => {
+			const { credentialsWithMetadata, credentialsProve } = options;
+			return {
+				credentialsProve,
+				credentials: await Promise.all(credentialsWithMetadata.map(async ({ credential, nonRevoked }) => {
+					const credentialJson = JsonTransformer.toJSON(credential);
+					const { revocationRegistryIndex, revocationRegistryId, timestamp } = W3cCredential$1.fromJson(credentialJson);
+					if (!nonRevoked) return {
+						credential: credentialJson,
+						revocationState: void 0,
+						timestamp: void 0
+					};
+					if (!revocationRegistryId || !revocationRegistryIndex) throw new CredoError("Missing revocation metadata");
+					const { revocationState, updatedTimestamp } = await getRevocationMetadata(agentContext, {
+						nonRevokedInterval: nonRevoked,
+						timestamp,
+						revocationRegistryIndex,
+						revocationRegistryId
+					});
+					return {
+						credential: credentialJson,
+						revocationState,
+						timestamp: updatedTimestamp
+					};
+				}))
+			};
+		};
+	}
+	async createLinkSecret(_agentContext, options) {
+		return {
+			linkSecretId: options?.linkSecretId ?? utils.uuid(),
+			linkSecretValue: LinkSecret.create()
+		};
+	}
+	/**
+	* generate an 80-bit nonce suitable for AnonCreds proofs
+	*/
+	generateNonce(agentContext) {
+		return agentContext.resolve(Kms.KeyManagementApi).randomBytes({ length: 10 }).reduce((acc, byte) => acc << 8n | BigInt(byte), 0n).toString();
+	}
+	async createProof(agentContext, options) {
+		const { credentialDefinitions, proofRequest, selectedCredentials, schemas } = options;
+		let presentation;
+		try {
+			const rsCredentialDefinitions = {};
+			for (const credDefId in credentialDefinitions) rsCredentialDefinitions[credDefId] = credentialDefinitions[credDefId];
+			const rsSchemas = {};
+			for (const schemaId in schemas) rsSchemas[schemaId] = schemas[schemaId];
+			const w3cCredentialRepository = agentContext.dependencyManager.resolve(W3cCredentialRepository);
+			const anoncredsCredentialRepository = agentContext.dependencyManager.resolve(AnonCredsCredentialRepository);
+			const retrievedCredentials = /* @__PURE__ */ new Map();
+			const credentialEntryFromAttribute = async (attribute) => {
+				let credentialRecord = retrievedCredentials.get(attribute.credentialId);
+				if (!credentialRecord) {
+					const w3cCredentialRecord = await w3cCredentialRepository.findById(agentContext, attribute.credentialId);
+					if (w3cCredentialRecord) {
+						credentialRecord = w3cCredentialRecord;
+						retrievedCredentials.set(attribute.credentialId, w3cCredentialRecord);
+					} else {
+						credentialRecord = await anoncredsCredentialRepository.getByCredentialId(agentContext, attribute.credentialId);
+						agentContext.config.logger.warn([`Creating AnonCreds proof with legacy credential ${attribute.credentialId}.`, "Please run the migration script to migrate credentials to the new w3c format. See https://credo.js.org/guides/updating/versions/0.4-to-0.5 for information on how to migrate."].join("\n"));
+					}
+				}
+				const proofUsesUnqualifiedIdentifiers = proofRequestUsesUnqualifiedIdentifiers(proofRequest);
+				const { linkSecretId, schemaId, credentialDefinitionId, revocationRegistryId, credentialRevocationId } = getAnoncredsCredentialInfoFromRecord(credentialRecord, proofUsesUnqualifiedIdentifiers);
+				const timestamp = attribute.timestamp;
+				let revocationState;
+				let revocationRegistryDefinition;
+				try {
+					if (timestamp && credentialRevocationId && revocationRegistryId) {
+						if (!options.revocationRegistries[revocationRegistryId]) throw new AnonCredsRsError(`Revocation Registry ${revocationRegistryId} not found`);
+						const { definition, revocationStatusLists, tailsFilePath } = options.revocationRegistries[revocationRegistryId];
+						const revocationStatusList = revocationStatusLists[timestamp];
+						if (!revocationStatusList) throw new CredoError(`Revocation status list for revocation registry ${revocationRegistryId} and timestamp ${timestamp} not found in revocation status lists. All revocation status lists must be present.`);
+						revocationRegistryDefinition = RevocationRegistryDefinition.fromJson(definition);
+						revocationState = CredentialRevocationState.create({
+							revocationRegistryIndex: Number(credentialRevocationId),
+							revocationRegistryDefinition,
+							tailsPath: tailsFilePath,
+							revocationStatusList: RevocationStatusList.fromJson(revocationStatusList)
+						});
+					}
+					const credential = credentialRecord instanceof W3cCredentialRecord ? await this.w3cToLegacyCredential(agentContext, { credential: credentialRecord.firstCredential }) : credentialRecord.credential;
+					if (proofUsesUnqualifiedIdentifiers) {
+						credential.schema_id = schemaId;
+						credential.cred_def_id = credentialDefinitionId;
+						credential.rev_reg_id = revocationRegistryId != null ? revocationRegistryId : void 0;
+					}
+					return {
+						linkSecretId,
+						credentialId: attribute.credentialId,
+						credentialEntry: {
+							credential,
+							revocationState: revocationState?.toJson(),
+							timestamp
+						}
+					};
+				} finally {
+					revocationState?.handle.clear();
+					revocationRegistryDefinition?.handle.clear();
+				}
+			};
+			const credentialsProve = [];
+			const credentials = [];
+			let entryIndex = 0;
+			for (const referent in selectedCredentials.attributes) {
+				const attribute = selectedCredentials.attributes[referent];
+				const existingCredentialIndex = credentials.findIndex((credential) => credential.credentialId === attribute.credentialId && attribute.timestamp === credential.credentialEntry.timestamp);
+				if (existingCredentialIndex !== -1) credentialsProve.push({
+					entryIndex: existingCredentialIndex,
+					isPredicate: false,
+					referent,
+					reveal: attribute.revealed
+				});
+				else {
+					credentials.push(await credentialEntryFromAttribute(attribute));
+					credentialsProve.push({
+						entryIndex,
+						isPredicate: false,
+						referent,
+						reveal: attribute.revealed
+					});
+					entryIndex = entryIndex + 1;
+				}
+			}
+			for (const referent in selectedCredentials.predicates) {
+				const predicate = selectedCredentials.predicates[referent];
+				const existingCredentialIndex = credentials.findIndex((credential) => credential.credentialId === predicate.credentialId && predicate.timestamp === credential.credentialEntry.timestamp);
+				if (existingCredentialIndex !== -1) credentialsProve.push({
+					entryIndex: existingCredentialIndex,
+					isPredicate: true,
+					referent,
+					reveal: true
+				});
+				else {
+					credentials.push(await credentialEntryFromAttribute(predicate));
+					credentialsProve.push({
+						entryIndex,
+						isPredicate: true,
+						referent,
+						reveal: true
+					});
+					entryIndex = entryIndex + 1;
+				}
+			}
+			const linkSecret = await getLinkSecret(agentContext, assertLinkSecretsMatch(agentContext, credentials.map((item) => item.linkSecretId)));
+			presentation = Presentation.create({
+				credentialDefinitions: rsCredentialDefinitions,
+				schemas: rsSchemas,
+				presentationRequest: proofRequest,
+				credentials: credentials.map((entry) => entry.credentialEntry),
+				credentialsProve,
+				selfAttest: selectedCredentials.selfAttestedAttributes,
+				linkSecret
+			});
+			return presentation.toJson();
+		} finally {
+			presentation?.handle.clear();
+		}
+	}
+	async createCredentialRequest(agentContext, options) {
+		const { useLegacyProverDid, credentialDefinition, credentialOffer } = options;
+		let createReturnObj;
+		try {
+			const linkSecretRepository = agentContext.dependencyManager.resolve(AnonCredsLinkSecretRepository);
+			let linkSecretRecord = options.linkSecretId ? await linkSecretRepository.getByLinkSecretId(agentContext, options.linkSecretId) : await linkSecretRepository.findDefault(agentContext);
+			if (!linkSecretRecord) {
+				if (!agentContext.dependencyManager.resolve(AnonCredsModuleConfig).autoCreateLinkSecret) throw new AnonCredsRsError("No link secret provided to createCredentialRequest and no default link secret has been found");
+				const { linkSecretId, linkSecretValue } = await this.createLinkSecret(agentContext, {});
+				linkSecretRecord = await storeLinkSecret(agentContext, {
+					linkSecretId,
+					linkSecretValue,
+					setAsDefault: true
+				});
+			}
+			if (!linkSecretRecord.value) throw new AnonCredsRsError("Link Secret value not stored");
+			const isLegacyIdentifier = credentialOffer.cred_def_id.match(unqualifiedCredentialDefinitionIdRegex);
+			if (!isLegacyIdentifier && useLegacyProverDid) throw new CredoError("Cannot use legacy prover_did with non-legacy identifiers");
+			createReturnObj = CredentialRequest.create({
+				entropy: !useLegacyProverDid || !isLegacyIdentifier ? anoncreds.generateNonce() : void 0,
+				proverDid: useLegacyProverDid ? TypedArrayEncoder.toBase58(TypedArrayEncoder.fromString(anoncreds.generateNonce().slice(0, 16))) : void 0,
+				credentialDefinition,
+				credentialOffer,
+				linkSecret: linkSecretRecord.value,
+				linkSecretId: linkSecretRecord.linkSecretId
+			});
+			return {
+				credentialRequest: createReturnObj.credentialRequest.toJson(),
+				credentialRequestMetadata: createReturnObj.credentialRequestMetadata.toJson()
+			};
+		} finally {
+			createReturnObj?.credentialRequest.handle.clear();
+			createReturnObj?.credentialRequestMetadata.handle.clear();
+		}
+	}
+	async w3cToLegacyCredential(_agentContext, options) {
+		const credentialJson = JsonTransformer.toJSON(options.credential);
+		return W3cCredential$1.fromJson(credentialJson).toLegacy().toJson();
+	}
+	async processW3cCredential(agentContext, credential, processOptions) {
+		const { credentialRequestMetadata, revocationRegistryDefinition, credentialDefinition } = processOptions;
+		const processCredentialOptions = {
+			credentialRequestMetadata,
+			linkSecret: await getLinkSecret(agentContext, credentialRequestMetadata.link_secret_name),
+			revocationRegistryDefinition,
+			credentialDefinition
+		};
+		const credentialJson = JsonTransformer.toJSON(credential);
+		const processedW3cAnonCredsCredential = W3cCredential$1.fromJson(credentialJson).process(processCredentialOptions);
+		return JsonTransformer.fromJSON(processedW3cAnonCredsCredential.toJson(), W3cJsonLdVerifiableCredential);
+	}
+	async legacyToW3cCredential(agentContext, options) {
+		const { credential, issuerId, processOptions } = options;
+		let w3cCredential;
+		let anonCredsCredential;
+		let w3cCredentialObj;
+		try {
+			anonCredsCredential = Credential.fromJson(credential);
+			w3cCredentialObj = anonCredsCredential.toW3c({
+				issuerId,
+				w3cVersion: "1.1"
+			});
+			const w3cJsonLdVerifiableCredential = JsonTransformer.fromJSON(w3cCredentialObj.toJson(), W3cJsonLdVerifiableCredential);
+			w3cCredential = processOptions ? await this.processW3cCredential(agentContext, w3cJsonLdVerifiableCredential, processOptions) : w3cJsonLdVerifiableCredential;
+		} finally {
+			anonCredsCredential?.handle?.clear();
+			w3cCredentialObj?.handle?.clear();
+		}
+		return w3cCredential;
+	}
+	async storeW3cCredential(agentContext, options) {
+		const { credential, credentialRequestMetadata, schema, credentialDefinition, credentialDefinitionId, revocationRegistryId } = options;
+		const methodName = agentContext.dependencyManager.resolve(AnonCredsRegistryService).getRegistryForIdentifier(agentContext, credential.issuerId).methodName;
+		await getLinkSecret(agentContext, credentialRequestMetadata.link_secret_name);
+		const { revocationRegistryIndex } = W3cCredential$1.fromJson(JsonTransformer.toJSON(credential));
+		if (Array.isArray(credential.credentialSubject)) throw new CredoError("Credential subject must be an object, not an array.");
+		const anonCredsTags = getW3cRecordAnonCredsTags({
+			credentialSubject: credential.credentialSubject,
+			issuerId: credential.issuerId,
+			schema,
+			schemaId: credentialDefinition.schemaId,
+			credentialDefinitionId,
+			revocationRegistryId,
+			credentialRevocationId: revocationRegistryIndex?.toString(),
+			linkSecretId: credentialRequestMetadata.link_secret_name,
+			methodName
+		});
+		const w3cCredentialService = agentContext.dependencyManager.resolve(W3cCredentialService);
+		const w3cCredentialRecord = W3cCredentialRecord.fromCredential(credential);
+		const anonCredsCredentialMetadata = {
+			credentialRevocationId: anonCredsTags.anonCredsCredentialRevocationId,
+			linkSecretId: anonCredsTags.anonCredsLinkSecretId,
+			methodName: anonCredsTags.anonCredsMethodName
+		};
+		w3cCredentialRecord.setTags(anonCredsTags);
+		w3cCredentialRecord.metadata.set(W3cAnonCredsCredentialMetadataKey, anonCredsCredentialMetadata);
+		await w3cCredentialService.storeCredential(agentContext, { record: w3cCredentialRecord });
+		return w3cCredentialRecord;
+	}
+	async storeCredential(agentContext, options) {
+		const { credential, credentialDefinition, credentialDefinitionId, credentialRequestMetadata, schema, revocationRegistry } = options;
+		const w3cJsonLdCredential = credential instanceof W3cJsonLdVerifiableCredential ? credential : await this.legacyToW3cCredential(agentContext, {
+			credential,
+			issuerId: credentialDefinition.issuerId,
+			processOptions: {
+				credentialRequestMetadata,
+				credentialDefinition,
+				revocationRegistryDefinition: revocationRegistry?.definition
+			}
+		});
+		return (await this.storeW3cCredential(agentContext, {
+			credentialRequestMetadata,
+			credential: w3cJsonLdCredential,
+			credentialDefinitionId,
+			schema,
+			credentialDefinition,
+			revocationRegistryDefinition: revocationRegistry?.definition,
+			revocationRegistryId: revocationRegistry?.id
+		})).id;
+	}
+	async getCredential(agentContext, options) {
+		const w3cCredentialRecord = await agentContext.dependencyManager.resolve(W3cCredentialRepository).findById(agentContext, options.id);
+		if (w3cCredentialRecord) return getAnoncredsCredentialInfoFromRecord(w3cCredentialRecord, options.useUnqualifiedIdentifiersIfPresent);
+		const anonCredsCredentialRecord = await agentContext.dependencyManager.resolve(AnonCredsCredentialRepository).getByCredentialId(agentContext, options.id);
+		agentContext.config.logger.warn([`Querying legacy credential repository for credential with id ${options.id}.`, "Please run the migration script to migrate credentials to the new w3c format."].join("\n"));
+		return getAnoncredsCredentialInfoFromRecord(anonCredsCredentialRecord);
+	}
+	async getLegacyCredentials(agentContext, options) {
+		return (await agentContext.dependencyManager.resolve(AnonCredsCredentialRepository).findByQuery(agentContext, {
+			credentialDefinitionId: options.credentialDefinitionId,
+			schemaId: options.schemaId,
+			issuerId: options.issuerId,
+			schemaName: options.schemaName,
+			schemaVersion: options.schemaVersion,
+			schemaIssuerId: options.schemaIssuerId,
+			methodName: options.methodName
+		})).map((credentialRecord) => getAnoncredsCredentialInfoFromRecord(credentialRecord));
+	}
+	async getCredentials(agentContext, options) {
+		const credentials = (await agentContext.dependencyManager.resolve(W3cCredentialRepository).findByQuery(agentContext, {
+			issuerId: !options.issuerId || isUnqualifiedIndyDid(options.issuerId) ? void 0 : options.issuerId,
+			anonCredsCredentialDefinitionId: !options.credentialDefinitionId || isUnqualifiedCredentialDefinitionId(options.credentialDefinitionId) ? void 0 : options.credentialDefinitionId,
+			anonCredsSchemaId: !options.schemaId || isUnqualifiedSchemaId(options.schemaId) ? void 0 : options.schemaId,
+			anonCredsSchemaName: options.schemaName,
+			anonCredsSchemaVersion: options.schemaVersion,
+			anonCredsSchemaIssuerId: !options.schemaIssuerId || isUnqualifiedIndyDid(options.schemaIssuerId) ? void 0 : options.schemaIssuerId,
+			anonCredsMethodName: options.methodName,
+			anonCredsUnqualifiedSchemaId: options.schemaId && isUnqualifiedSchemaId(options.schemaId) ? options.schemaId : void 0,
+			anonCredsUnqualifiedIssuerId: options.issuerId && isUnqualifiedIndyDid(options.issuerId) ? options.issuerId : void 0,
+			anonCredsUnqualifiedSchemaIssuerId: options.schemaIssuerId && isUnqualifiedIndyDid(options.schemaIssuerId) ? options.schemaIssuerId : void 0,
+			anonCredsUnqualifiedCredentialDefinitionId: options.credentialDefinitionId && isUnqualifiedCredentialDefinitionId(options.credentialDefinitionId) ? options.credentialDefinitionId : void 0
+		})).map((credentialRecord) => getAnoncredsCredentialInfoFromRecord(credentialRecord));
+		const legacyCredentials = await this.getLegacyCredentials(agentContext, options);
+		if (legacyCredentials.length > 0) agentContext.config.logger.warn("Queried credentials include legacy credentials. Please run the migration script to migrate credentials to the new w3c format.");
+		return [...legacyCredentials, ...credentials];
+	}
+	async deleteCredential(agentContext, id) {
+		const w3cCredentialRepository = agentContext.dependencyManager.resolve(W3cCredentialRepository);
+		const w3cCredentialRecord = await w3cCredentialRepository.findById(agentContext, id);
+		if (w3cCredentialRecord) {
+			await w3cCredentialRepository.delete(agentContext, w3cCredentialRecord);
+			return;
+		}
+		const anoncredsCredentialRepository = agentContext.dependencyManager.resolve(AnonCredsCredentialRepository);
+		const anoncredsCredentialRecord = await anoncredsCredentialRepository.getByCredentialId(agentContext, id);
+		await anoncredsCredentialRepository.delete(agentContext, anoncredsCredentialRecord);
+	}
+	async getLegacyCredentialsForProofRequest(agentContext, options) {
+		const proofRequest = options.proofRequest;
+		const referent = options.attributeReferent;
+		const requestedAttribute = proofRequest.requested_attributes[referent] ?? proofRequest.requested_predicates[referent];
+		if (!requestedAttribute) throw new AnonCredsRsError("Referent not found in proof request");
+		const $and = [];
+		const attributes = requestedAttribute.names ?? [requestedAttribute.name];
+		const attributeQuery = {};
+		for (const attribute of attributes) attributeQuery[`anonCredsAttr::${attribute}::marker`] = true;
+		$and.push(attributeQuery);
+		if (requestedAttribute.restrictions) {
+			const restrictionQuery = this.queryLegacyFromRestrictions(requestedAttribute.restrictions);
+			$and.push(restrictionQuery);
+		}
+		if (options.extraQuery) $and.push(options.extraQuery);
+		return (await agentContext.dependencyManager.resolve(AnonCredsCredentialRepository).findByQuery(agentContext, { $and })).map((credentialRecord) => {
+			return {
+				credentialInfo: getAnoncredsCredentialInfoFromRecord(credentialRecord),
+				interval: proofRequest.non_revoked
+			};
+		});
+	}
+	async getCredentialsForProofRequest(agentContext, options) {
+		const proofRequest = options.proofRequest;
+		const referent = options.attributeReferent;
+		const requestedAttribute = proofRequest.requested_attributes[referent] ?? proofRequest.requested_predicates[referent];
+		if (!requestedAttribute) throw new AnonCredsRsError("Referent not found in proof request");
+		const $and = [];
+		const useUnqualifiedIdentifiers = proofRequestUsesUnqualifiedIdentifiers(proofRequest);
+		const attributes = requestedAttribute.names ?? [requestedAttribute.name];
+		const attributeQuery = {};
+		for (const attribute of attributes) attributeQuery[`anonCredsAttr::${attribute}::marker`] = true;
+		$and.push(attributeQuery);
+		if (requestedAttribute.restrictions) {
+			const restrictionQuery = this.queryFromRestrictions(requestedAttribute.restrictions);
+			$and.push(restrictionQuery);
+		}
+		if (options.extraQuery) $and.push(options.extraQuery);
+		const credentials = await agentContext.dependencyManager.resolve(W3cCredentialRepository).findByQuery(agentContext, { $and });
+		const legacyCredentialWithMetadata = await this.getLegacyCredentialsForProofRequest(agentContext, options);
+		if (legacyCredentialWithMetadata.length > 0) agentContext.config.logger.warn(["Including legacy credentials in proof request.", "Please run the migration script to migrate credentials to the new w3c format."].join("\n"));
+		return [...credentials.map((credentialRecord) => {
+			return {
+				credentialInfo: getAnoncredsCredentialInfoFromRecord(credentialRecord, useUnqualifiedIdentifiers),
+				interval: proofRequest.non_revoked
+			};
+		}), ...legacyCredentialWithMetadata];
+	}
+	queryFromRestrictions(restrictions) {
+		const query = [];
+		const { restrictions: parsedRestrictions } = JsonTransformer.fromJSON({ restrictions }, AnonCredsRestrictionWrapper);
+		for (const restriction of parsedRestrictions) {
+			const queryElements = {};
+			if (restriction.credentialDefinitionId) if (isUnqualifiedCredentialDefinitionId(restriction.credentialDefinitionId)) queryElements.anonCredsUnqualifiedCredentialDefinitionId = restriction.credentialDefinitionId;
+			else queryElements.anonCredsCredentialDefinitionId = restriction.credentialDefinitionId;
+			if (restriction.issuerId || restriction.issuerDid) {
+				const issuerId = restriction.issuerId ?? restriction.issuerDid;
+				if (isUnqualifiedIndyDid(issuerId)) queryElements.anonCredsUnqualifiedIssuerId = issuerId;
+				else queryElements.issuerId = issuerId;
+			}
+			if (restriction.schemaId) if (isUnqualifiedSchemaId(restriction.schemaId)) queryElements.anonCredsUnqualifiedSchemaId = restriction.schemaId;
+			else queryElements.anonCredsSchemaId = restriction.schemaId;
+			if (restriction.schemaIssuerId || restriction.schemaIssuerDid) {
+				const schemaIssuerId = restriction.schemaIssuerId ?? restriction.schemaIssuerDid;
+				if (isUnqualifiedIndyDid(schemaIssuerId)) queryElements.anonCredsUnqualifiedSchemaIssuerId = schemaIssuerId;
+				else queryElements.anonCredsSchemaIssuerId = schemaIssuerId;
+			}
+			if (restriction.schemaName) queryElements.anonCredsSchemaName = restriction.schemaName;
+			if (restriction.schemaVersion) queryElements.anonCredsSchemaVersion = restriction.schemaVersion;
+			for (const [attributeName, attributeValue] of Object.entries(restriction.attributeValues)) queryElements[`anonCredsAttr::${attributeName}::value`] = attributeValue;
+			for (const [attributeName, isAvailable] of Object.entries(restriction.attributeMarkers)) if (isAvailable) queryElements[`anonCredsAttr::${attributeName}::marker`] = isAvailable;
+			query.push(queryElements);
+		}
+		return query.length === 1 ? query[0] : { $or: query };
+	}
+	queryLegacyFromRestrictions(restrictions) {
+		const query = [];
+		const { restrictions: parsedRestrictions } = JsonTransformer.fromJSON({ restrictions }, AnonCredsRestrictionWrapper);
+		for (const restriction of parsedRestrictions) {
+			const queryElements = {};
+			const additionalQueryElements = {};
+			if (restriction.credentialDefinitionId) {
+				queryElements.credentialDefinitionId = restriction.credentialDefinitionId;
+				if (isUnqualifiedCredentialDefinitionId(restriction.credentialDefinitionId)) additionalQueryElements.credentialDefinitionId = restriction.credentialDefinitionId;
+			}
+			if (restriction.issuerId || restriction.issuerDid) {
+				const issuerId = restriction.issuerId ?? restriction.issuerDid;
+				queryElements.issuerId = issuerId;
+				if (isUnqualifiedIndyDid(issuerId)) additionalQueryElements.issuerId = issuerId;
+			}
+			if (restriction.schemaId) {
+				queryElements.schemaId = restriction.schemaId;
+				if (isUnqualifiedSchemaId(restriction.schemaId)) additionalQueryElements.schemaId = restriction.schemaId;
+			}
+			if (restriction.schemaIssuerId || restriction.schemaIssuerDid) {
+				const issuerId = restriction.schemaIssuerId ?? restriction.schemaIssuerDid;
+				queryElements.schemaIssuerId = issuerId;
+				if (isUnqualifiedIndyDid(issuerId)) additionalQueryElements.schemaIssuerId = issuerId;
+			}
+			if (restriction.schemaName) queryElements.schemaName = restriction.schemaName;
+			if (restriction.schemaVersion) queryElements.schemaVersion = restriction.schemaVersion;
+			for (const [attributeName, attributeValue] of Object.entries(restriction.attributeValues)) queryElements[`attr::${attributeName}::value`] = attributeValue;
+			for (const [attributeName, isAvailable] of Object.entries(restriction.attributeMarkers)) if (isAvailable) queryElements[`attr::${attributeName}::marker`] = isAvailable;
+			query.push(queryElements);
+			if (Object.keys(additionalQueryElements).length > 0) query.push(additionalQueryElements);
+		}
+		return query.length === 1 ? query[0] : { $or: query };
+	}
+	async createW3cPresentation(agentContext, options) {
+		const { credentialsProve, credentials } = await this.getPresentationMetadata(agentContext, {
+			credentialsWithMetadata: options.credentialsWithRevocationMetadata,
+			credentialsProve: options.credentialsProve
+		});
+		let w3cAnonCredsPresentation;
+		let w3cPresentation;
+		try {
+			w3cAnonCredsPresentation = W3cPresentation.create({
+				credentials,
+				credentialsProve,
+				schemas: options.schemas,
+				credentialDefinitions: options.credentialDefinitions,
+				presentationRequest: options.proofRequest,
+				linkSecret: await getLinkSecret(agentContext, options.linkSecretId)
+			});
+			const presentationJson = w3cAnonCredsPresentation.toJson();
+			w3cPresentation = JsonTransformer.fromJSON(presentationJson, W3cJsonLdVerifiablePresentation);
+		} finally {
+			w3cAnonCredsPresentation?.handle.clear();
+		}
+		return w3cPresentation;
+	}
+};
+AnonCredsRsHolderService = __decorate([injectable()], AnonCredsRsHolderService);
+
+//#endregion
+export { AnonCredsRsHolderService };
+//# sourceMappingURL=AnonCredsRsHolderService.mjs.map