@credo-ts/openid4vc 0.4.1-alpha.157

package/build/openid4vc-issuer/OpenId4VcIssuerService.js

@@ -0,0 +1,425 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenId4VcIssuerService = void 0;
+const core_1 = require("@credo-ts/core");
+const oid4vci_issuer_1 = require("@sphereon/oid4vci-issuer");
+const shared_1 = require("../shared");
+const router_1 = require("../shared/router");
+const transform_1 = require("../shared/transform");
+const utils_1 = require("../shared/utils");
+const OpenId4VcIssuanceSessionState_1 = require("./OpenId4VcIssuanceSessionState");
+const OpenId4VcIssuerModuleConfig_1 = require("./OpenId4VcIssuerModuleConfig");
+const repository_1 = require("./repository");
+const OpenId4VcCNonceStateManager_1 = require("./repository/OpenId4VcCNonceStateManager");
+const OpenId4VcCredentialOfferSessionStateManager_1 = require("./repository/OpenId4VcCredentialOfferSessionStateManager");
+const OpenId4VcCredentialOfferUriStateManager_1 = require("./repository/OpenId4VcCredentialOfferUriStateManager");
+const credentialRequest_1 = require("./util/credentialRequest");
+const w3cOpenId4VcFormats = [
+    shared_1.OpenId4VciCredentialFormatProfile.JwtVcJson,
+    shared_1.OpenId4VciCredentialFormatProfile.JwtVcJsonLd,
+    shared_1.OpenId4VciCredentialFormatProfile.LdpVc,
+];
+/**
+ * @internal
+ */
+let OpenId4VcIssuerService = class OpenId4VcIssuerService {
+    constructor(w3cCredentialService, jwsService, openId4VcIssuerConfig, openId4VcIssuerRepository, openId4VcIssuanceSessionRepository) {
+        this.getJwtVerifyCallback = (agentContext) => {
+            return async (opts) => {
+                let didDocument = undefined;
+                const { isValid, jws } = await this.jwsService.verifyJws(agentContext, {
+                    jws: opts.jwt,
+                    // Only handles kid as did resolution. JWK is handled by jws service
+                    jwkResolver: async ({ protectedHeader: { kid } }) => {
+                        if (!kid)
+                            throw new core_1.CredoError('Missing kid in protected header.');
+                        if (!kid.startsWith('did:'))
+                            throw new core_1.CredoError('Only did is supported for kid identifier');
+                        const didsApi = agentContext.dependencyManager.resolve(core_1.DidsApi);
+                        didDocument = await didsApi.resolveDidDocument(kid);
+                        const verificationMethod = didDocument.dereferenceKey(kid, ['authentication', 'assertionMethod']);
+                        const key = (0, core_1.getKeyFromVerificationMethod)(verificationMethod);
+                        return (0, core_1.getJwkFromKey)(key);
+                    },
+                });
+                if (!isValid)
+                    throw new core_1.CredoError('Could not verify JWT signature.');
+                // TODO: the jws service should return some better decoded metadata also from the resolver
+                // as currently is less useful if you afterwards need properties from the JWS
+                const firstJws = jws.signatures[0];
+                const protectedHeader = core_1.JsonEncoder.fromBase64(firstJws.protected);
+                return {
+                    jwt: { header: protectedHeader, payload: core_1.JsonEncoder.fromBase64(jws.payload) },
+                    kid: protectedHeader.kid,
+                    jwk: protectedHeader.jwk ? (0, core_1.getJwkFromJson)(protectedHeader.jwk) : undefined,
+                    did: didDocument === null || didDocument === void 0 ? void 0 : didDocument.id,
+                    alg: protectedHeader.alg,
+                    didDocument,
+                };
+            };
+        };
+        this.getSdJwtVcCredentialSigningCallback = (agentContext, options) => {
+            return async () => {
+                const sdJwtVcApi = agentContext.dependencyManager.resolve(core_1.SdJwtVcApi);
+                const sdJwtVc = await sdJwtVcApi.sign(options);
+                return (0, transform_1.getSphereonVerifiableCredential)(sdJwtVc);
+            };
+        };
+        this.getW3cCredentialSigningCallback = (agentContext, options) => {
+            return async (opts) => {
+                const { jwtVerifyResult, format } = opts;
+                const { kid, didDocument: holderDidDocument } = jwtVerifyResult;
+                if (!kid)
+                    throw new core_1.CredoError('Missing Kid. Cannot create the holder binding');
+                if (!holderDidDocument)
+                    throw new core_1.CredoError('Missing did document. Cannot create the holder binding.');
+                if (!format)
+                    throw new core_1.CredoError('Missing format. Cannot issue credential.');
+                const formatMap = {
+                    [shared_1.OpenId4VciCredentialFormatProfile.JwtVcJson]: core_1.ClaimFormat.JwtVc,
+                    [shared_1.OpenId4VciCredentialFormatProfile.JwtVcJsonLd]: core_1.ClaimFormat.JwtVc,
+                    [shared_1.OpenId4VciCredentialFormatProfile.LdpVc]: core_1.ClaimFormat.LdpVc,
+                };
+                const w3cServiceFormat = formatMap[format];
+                // Set the binding on the first credential subject if not set yet
+                // on any subject
+                if (!options.credential.credentialSubjectIds.includes(holderDidDocument.id)) {
+                    const credentialSubject = Array.isArray(options.credential.credentialSubject)
+                        ? options.credential.credentialSubject[0]
+                        : options.credential.credentialSubject;
+                    credentialSubject.id = holderDidDocument.id;
+                }
+                const didsApi = agentContext.dependencyManager.resolve(core_1.DidsApi);
+                const issuerDidDocument = await didsApi.resolveDidDocument(options.verificationMethod);
+                const verificationMethod = issuerDidDocument.dereferenceVerificationMethod(options.verificationMethod);
+                if (w3cServiceFormat === core_1.ClaimFormat.JwtVc) {
+                    const key = (0, core_1.getKeyFromVerificationMethod)(verificationMethod);
+                    const alg = (0, core_1.getJwkFromKey)(key).supportedSignatureAlgorithms[0];
+                    if (!alg) {
+                        throw new core_1.CredoError(`No supported JWA signature algorithms for key type ${key.keyType}`);
+                    }
+                    const signed = await this.w3cCredentialService.signCredential(agentContext, {
+                        format: w3cServiceFormat,
+                        credential: options.credential,
+                        verificationMethod: options.verificationMethod,
+                        alg,
+                    });
+                    return (0, transform_1.getSphereonVerifiableCredential)(signed);
+                }
+                else {
+                    const key = (0, core_1.getKeyFromVerificationMethod)(verificationMethod);
+                    const proofType = (0, utils_1.getProofTypeFromKey)(agentContext, key);
+                    const signed = await this.w3cCredentialService.signCredential(agentContext, {
+                        format: w3cServiceFormat,
+                        credential: options.credential,
+                        verificationMethod: options.verificationMethod,
+                        proofType: proofType,
+                    });
+                    return (0, transform_1.getSphereonVerifiableCredential)(signed);
+                }
+            };
+        };
+        this.getCredentialDataSupplier = (agentContext, options) => {
+            return async (args) => {
+                var _a;
+                const { credentialRequest, credentialOffer } = args;
+                const issuerMetadata = this.getIssuerMetadata(agentContext, options.issuer);
+                const offeredCredentialsMatchingRequest = this.findOfferedCredentialsMatchingRequest(credentialOffer.credential_offer, credentialRequest, issuerMetadata.credentialsSupported);
+                if (offeredCredentialsMatchingRequest.length === 0) {
+                    throw new core_1.CredoError('No offered credentials match the credential request.');
+                }
+                if (offeredCredentialsMatchingRequest.length > 1) {
+                    agentContext.config.logger.debug('Multiple credentials from credentials supported matching request, picking first one.');
+                }
+                const holderBinding = await this.getHolderBindingFromRequest(credentialRequest);
+                const mapper = (_a = options.credentialRequestToCredentialMapper) !== null && _a !== void 0 ? _a : this.openId4VcIssuerConfig.credentialEndpoint.credentialRequestToCredentialMapper;
+                const signOptions = await mapper({
+                    agentContext,
+                    issuanceSession: options.issuanceSession,
+                    holderBinding,
+                    credentialOffer,
+                    credentialRequest: credentialRequest,
+                    credentialsSupported: offeredCredentialsMatchingRequest,
+                });
+                if (signOptions.format === core_1.ClaimFormat.JwtVc || signOptions.format === core_1.ClaimFormat.LdpVc) {
+                    if (!w3cOpenId4VcFormats.includes(credentialRequest.format)) {
+                        throw new core_1.CredoError(`The credential to be issued does not match the request. Cannot issue a W3cCredential if the client expects a credential of format '${credentialRequest.format}'.`);
+                    }
+                    return {
+                        format: credentialRequest.format,
+                        credential: core_1.JsonTransformer.toJSON(signOptions.credential),
+                        signCallback: this.getW3cCredentialSigningCallback(agentContext, signOptions),
+                    };
+                }
+                else if (signOptions.format === core_1.ClaimFormat.SdJwtVc) {
+                    if (credentialRequest.format !== shared_1.OpenId4VciCredentialFormatProfile.SdJwtVc) {
+                        throw new core_1.CredoError(`Invalid credential format. Expected '${shared_1.OpenId4VciCredentialFormatProfile.SdJwtVc}', received '${credentialRequest.format}'.`);
+                    }
+                    if (credentialRequest.vct !== signOptions.payload.vct) {
+                        throw new core_1.CredoError(`The types of the offered credentials do not match the types of the requested credential. Offered '${signOptions.payload.vct}' Requested '${credentialRequest.vct}'.`);
+                    }
+                    return {
+                        format: credentialRequest.format,
+                        // NOTE: we don't use the credential value here as we pass the credential directly to the singer
+                        credential: Object.assign({}, signOptions.payload),
+                        signCallback: this.getSdJwtVcCredentialSigningCallback(agentContext, signOptions),
+                    };
+                }
+                else {
+                    throw new core_1.CredoError(`Unsupported credential format`);
+                }
+            };
+        };
+        this.w3cCredentialService = w3cCredentialService;
+        this.jwsService = jwsService;
+        this.openId4VcIssuerConfig = openId4VcIssuerConfig;
+        this.openId4VcIssuerRepository = openId4VcIssuerRepository;
+        this.openId4VcIssuanceSessionRepository = openId4VcIssuanceSessionRepository;
+    }
+    async createCredentialOffer(agentContext, options) {
+        const { preAuthorizedCodeFlowConfig, issuer, offeredCredentials } = options;
+        const vcIssuer = this.getVcIssuer(agentContext, issuer);
+        // this checks if the structure of the credentials is correct
+        // it throws an error if a offered credential cannot be found in the credentialsSupported
+        (0, shared_1.getOfferedCredentials)(options.offeredCredentials, vcIssuer.issuerMetadata.credentials_supported);
+        // We always use shortened URIs currently
+        const hostedCredentialOfferUri = (0, core_1.joinUriParts)(vcIssuer.issuerMetadata.credential_issuer, [
+            this.openId4VcIssuerConfig.credentialOfferEndpoint.endpointPath,
+            // It doesn't really matter what the url is, as long as it's unique
+            core_1.utils.uuid(),
+        ]);
+        let { uri } = await vcIssuer.createCredentialOfferURI({
+            grants: await this.getGrantsFromConfig(agentContext, preAuthorizedCodeFlowConfig),
+            credentials: offeredCredentials,
+            credentialOfferUri: hostedCredentialOfferUri,
+            baseUri: options.baseUri,
+            credentialDataSupplierInput: options.issuanceMetadata,
+        });
+        // FIXME: https://github.com/Sphereon-Opensource/OID4VCI/issues/102
+        if (uri.includes(hostedCredentialOfferUri)) {
+            uri = uri.replace(hostedCredentialOfferUri, encodeURIComponent(hostedCredentialOfferUri));
+        }
+        const issuanceSession = await this.openId4VcIssuanceSessionRepository.getSingleByQuery(agentContext, {
+            credentialOfferUri: hostedCredentialOfferUri,
+        });
+        return {
+            issuanceSession,
+            credentialOffer: uri,
+        };
+    }
+    /**
+     * find the issuance session associated with a credential request. You can optionally provide a issuer id if
+     * the issuer that the request is associated with is already known.
+     */
+    async findIssuanceSessionForCredentialRequest(agentContext, { credentialRequest, issuerId }) {
+        const cNonce = (0, credentialRequest_1.getCNonceFromCredentialRequest)(credentialRequest);
+        const issuanceSession = await this.openId4VcIssuanceSessionRepository.findSingleByQuery(agentContext, {
+            issuerId,
+            cNonce,
+        });
+        return issuanceSession;
+    }
+    async createCredentialResponse(agentContext, options) {
+        options.issuanceSession.assertState([
+            OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.AccessTokenCreated,
+            OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.CredentialRequestReceived,
+            // It is possible to issue multiple credentials in one session
+            OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.CredentialIssued,
+        ]);
+        const { credentialRequest, issuanceSession } = options;
+        if (!credentialRequest.proof)
+            throw new core_1.CredoError('No proof defined in the credentialRequest.');
+        const issuer = await this.getIssuerByIssuerId(agentContext, options.issuanceSession.issuerId);
+        const cNonce = (0, credentialRequest_1.getCNonceFromCredentialRequest)(credentialRequest);
+        if (issuanceSession.cNonce !== cNonce) {
+            throw new core_1.CredoError('The cNonce in the credential request does not match the cNonce in the issuance session.');
+        }
+        if (!issuanceSession.cNonceExpiresAt) {
+            throw new core_1.CredoError('Missing required cNonceExpiresAt in the issuance session. Assuming cNonce is not valid');
+        }
+        if (Date.now() > issuanceSession.cNonceExpiresAt.getTime()) {
+            throw new core_1.CredoError('The cNonce has expired.');
+        }
+        const vcIssuer = this.getVcIssuer(agentContext, issuer);
+        const credentialResponse = await vcIssuer.issueCredential({
+            credentialRequest,
+            tokenExpiresIn: this.openId4VcIssuerConfig.accessTokenEndpoint.tokenExpiresInSeconds,
+            // This can just be combined with signing callback right?
+            credentialDataSupplier: this.getCredentialDataSupplier(agentContext, Object.assign(Object.assign({}, options), { issuer })),
+            credentialDataSupplierInput: issuanceSession.issuanceMetadata,
+            responseCNonce: undefined,
+        });
+        const updatedIssuanceSession = await this.openId4VcIssuanceSessionRepository.getById(agentContext, issuanceSession.id);
+        if (!credentialResponse.credential) {
+            updatedIssuanceSession.state = OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.Error;
+            updatedIssuanceSession.errorMessage = 'No credential found in the issueCredentialResponse.';
+            await this.openId4VcIssuanceSessionRepository.update(agentContext, updatedIssuanceSession);
+            throw new core_1.CredoError(updatedIssuanceSession.errorMessage);
+        }
+        if (credentialResponse.acceptance_token) {
+            updatedIssuanceSession.state = OpenId4VcIssuanceSessionState_1.OpenId4VcIssuanceSessionState.Error;
+            updatedIssuanceSession.errorMessage = 'Acceptance token not yet supported.';
+            await this.openId4VcIssuanceSessionRepository.update(agentContext, updatedIssuanceSession);
+            throw new core_1.CredoError(updatedIssuanceSession.errorMessage);
+        }
+        return {
+            credentialResponse,
+            issuanceSession: updatedIssuanceSession,
+        };
+    }
+    async findIssuanceSessionsByQuery(agentContext, query) {
+        return this.openId4VcIssuanceSessionRepository.findByQuery(agentContext, query);
+    }
+    async getIssuanceSessionById(agentContext, issuanceSessionId) {
+        return this.openId4VcIssuanceSessionRepository.getById(agentContext, issuanceSessionId);
+    }
+    async getAllIssuers(agentContext) {
+        return this.openId4VcIssuerRepository.getAll(agentContext);
+    }
+    async getIssuerByIssuerId(agentContext, issuerId) {
+        return this.openId4VcIssuerRepository.getByIssuerId(agentContext, issuerId);
+    }
+    async updateIssuer(agentContext, issuer) {
+        return this.openId4VcIssuerRepository.update(agentContext, issuer);
+    }
+    async createIssuer(agentContext, options) {
+        var _a;
+        // TODO: ideally we can store additional data with a key, such as:
+        // - createdAt
+        // - purpose
+        const accessTokenSignerKey = await agentContext.wallet.createKey({
+            keyType: core_1.KeyType.Ed25519,
+        });
+        const openId4VcIssuer = new repository_1.OpenId4VcIssuerRecord({
+            issuerId: (_a = options.issuerId) !== null && _a !== void 0 ? _a : core_1.utils.uuid(),
+            display: options.display,
+            accessTokenPublicKeyFingerprint: accessTokenSignerKey.fingerprint,
+            credentialsSupported: options.credentialsSupported,
+        });
+        await this.openId4VcIssuerRepository.save(agentContext, openId4VcIssuer);
+        await (0, router_1.storeActorIdForContextCorrelationId)(agentContext, openId4VcIssuer.issuerId);
+        return openId4VcIssuer;
+    }
+    async rotateAccessTokenSigningKey(agentContext, issuer) {
+        const accessTokenSignerKey = await agentContext.wallet.createKey({
+            keyType: core_1.KeyType.Ed25519,
+        });
+        // TODO: ideally we can remove the previous key
+        issuer.accessTokenPublicKeyFingerprint = accessTokenSignerKey.fingerprint;
+        await this.openId4VcIssuerRepository.update(agentContext, issuer);
+    }
+    getIssuerMetadata(agentContext, issuerRecord) {
+        const config = agentContext.dependencyManager.resolve(OpenId4VcIssuerModuleConfig_1.OpenId4VcIssuerModuleConfig);
+        const issuerUrl = (0, core_1.joinUriParts)(config.baseUrl, [issuerRecord.issuerId]);
+        const issuerMetadata = {
+            issuerUrl,
+            tokenEndpoint: (0, core_1.joinUriParts)(issuerUrl, [config.accessTokenEndpoint.endpointPath]),
+            credentialEndpoint: (0, core_1.joinUriParts)(issuerUrl, [config.credentialEndpoint.endpointPath]),
+            credentialsSupported: issuerRecord.credentialsSupported,
+            issuerDisplay: issuerRecord.display,
+        };
+        return issuerMetadata;
+    }
+    getVcIssuer(agentContext, issuer) {
+        const issuerMetadata = this.getIssuerMetadata(agentContext, issuer);
+        const builder = new oid4vci_issuer_1.VcIssuerBuilder()
+            .withCredentialIssuer(issuerMetadata.issuerUrl)
+            .withCredentialEndpoint(issuerMetadata.credentialEndpoint)
+            .withTokenEndpoint(issuerMetadata.tokenEndpoint)
+            .withCredentialsSupported(issuerMetadata.credentialsSupported)
+            .withCNonceStateManager(new OpenId4VcCNonceStateManager_1.OpenId4VcCNonceStateManager(agentContext, issuer.issuerId))
+            .withCredentialOfferStateManager(new OpenId4VcCredentialOfferSessionStateManager_1.OpenId4VcCredentialOfferSessionStateManager(agentContext, issuer.issuerId))
+            .withCredentialOfferURIStateManager(new OpenId4VcCredentialOfferUriStateManager_1.OpenId4VcCredentialOfferUriStateManager(agentContext, issuer.issuerId))
+            .withJWTVerifyCallback(this.getJwtVerifyCallback(agentContext))
+            .withCredentialSignerCallback(() => {
+            throw new core_1.CredoError('Credential signer callback should be overwritten. This is a no-op');
+        });
+        if (issuerMetadata.authorizationServer) {
+            builder.withAuthorizationServer(issuerMetadata.authorizationServer);
+        }
+        if (issuerMetadata.issuerDisplay) {
+            builder.withIssuerDisplay(issuerMetadata.issuerDisplay);
+        }
+        return builder.build();
+    }
+    async getGrantsFromConfig(agentContext, preAuthorizedCodeFlowConfig) {
+        var _a, _b;
+        const grants = {
+            'urn:ietf:params:oauth:grant-type:pre-authorized_code': {
+                'pre-authorized_code': (_a = preAuthorizedCodeFlowConfig.preAuthorizedCode) !== null && _a !== void 0 ? _a : (await agentContext.wallet.generateNonce()),
+                user_pin_required: (_b = preAuthorizedCodeFlowConfig.userPinRequired) !== null && _b !== void 0 ? _b : false,
+            },
+        };
+        return grants;
+    }
+    findOfferedCredentialsMatchingRequest(credentialOffer, credentialRequest, credentialsSupported) {
+        const offeredCredentials = (0, shared_1.getOfferedCredentials)(credentialOffer.credentials, credentialsSupported);
+        return offeredCredentials.filter((offeredCredential) => {
+            if (offeredCredential.format !== credentialRequest.format)
+                return false;
+            if (credentialRequest.format === shared_1.OpenId4VciCredentialFormatProfile.JwtVcJson &&
+                offeredCredential.format === credentialRequest.format) {
+                return (0, core_1.equalsIgnoreOrder)(offeredCredential.types, credentialRequest.types);
+            }
+            else if (credentialRequest.format === shared_1.OpenId4VciCredentialFormatProfile.JwtVcJsonLd &&
+                offeredCredential.format === credentialRequest.format) {
+                return (0, core_1.equalsIgnoreOrder)(offeredCredential.types, credentialRequest.credential_definition.types);
+            }
+            else if (credentialRequest.format === shared_1.OpenId4VciCredentialFormatProfile.LdpVc &&
+                offeredCredential.format === credentialRequest.format) {
+                return (0, core_1.equalsIgnoreOrder)(offeredCredential.types, credentialRequest.credential_definition.types);
+            }
+            else if (credentialRequest.format === shared_1.OpenId4VciCredentialFormatProfile.SdJwtVc &&
+                offeredCredential.format === credentialRequest.format) {
+                return offeredCredential.vct === credentialRequest.vct;
+            }
+            return false;
+        });
+    }
+    async getHolderBindingFromRequest(credentialRequest) {
+        var _a;
+        if (!((_a = credentialRequest.proof) === null || _a === void 0 ? void 0 : _a.jwt))
+            throw new core_1.CredoError('Received a credential request without a proof');
+        const jwt = core_1.Jwt.fromSerializedJwt(credentialRequest.proof.jwt);
+        if (jwt.header.kid) {
+            if (!jwt.header.kid.startsWith('did:')) {
+                throw new core_1.CredoError("Only did is supported for 'kid' identifier");
+            }
+            else if (!jwt.header.kid.includes('#')) {
+                throw new core_1.CredoError(`kid containing did MUST point to a specific key within the did document: ${jwt.header.kid}`);
+            }
+            return {
+                method: 'did',
+                didUrl: jwt.header.kid,
+            };
+        }
+        else if (jwt.header.jwk) {
+            return {
+                method: 'jwk',
+                jwk: (0, core_1.getJwkFromJson)(jwt.header.jwk),
+            };
+        }
+        else {
+            throw new core_1.CredoError('Either kid or jwk must be present in credential request proof header');
+        }
+    }
+};
+OpenId4VcIssuerService = __decorate([
+    (0, core_1.injectable)(),
+    __metadata("design:paramtypes", [core_1.W3cCredentialService,
+        core_1.JwsService,
+        OpenId4VcIssuerModuleConfig_1.OpenId4VcIssuerModuleConfig,
+        repository_1.OpenId4VcIssuerRepository,
+        repository_1.OpenId4VcIssuanceSessionRepository])
+], OpenId4VcIssuerService);
+exports.OpenId4VcIssuerService = OpenId4VcIssuerService;
+//# sourceMappingURL=OpenId4VcIssuerService.js.map

package/build/openid4vc-issuer/OpenId4VcIssuerService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuerService.js","sourceRoot":"","sources":["../../src/openid4vc-issuer/OpenId4VcIssuerService.ts"],"names":[],"mappings":";;;;;;;;;;;;AA0BA,yCAkBuB;AACvB,6DAA0D;AAE1D,sCAAoF;AACpF,6CAAsE;AACtE,mDAAqE;AACrE,2CAAqD;AAErD,mFAA+E;AAC/E,+EAA2E;AAC3E,6CAAmH;AACnH,0FAAsF;AACtF,0HAAsH;AACtH,kHAA8G;AAC9G,gEAAyE;AAEzE,MAAM,mBAAmB,GAAG;IAC1B,0CAAiC,CAAC,SAAS;IAC3C,0CAAiC,CAAC,WAAW;IAC7C,0CAAiC,CAAC,KAAK;CACxC,CAAA;AAED;;GAEG;AAEI,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAOjC,YACE,oBAA0C,EAC1C,UAAsB,EACtB,qBAAkD,EAClD,yBAAoD,EACpD,kCAAsE;QAoMhE,yBAAoB,GAAG,CAAC,YAA0B,EAAkC,EAAE;YAC5F,OAAO,KAAK,EAAE,IAAI,EAAE,EAAE;gBACpB,IAAI,WAAW,GAAG,SAAoC,CAAA;gBACtD,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,YAAY,EAAE;oBACrE,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,oEAAoE;oBACpE,WAAW,EAAE,KAAK,EAAE,EAAE,eAAe,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE;wBAClD,IAAI,CAAC,GAAG;4BAAE,MAAM,IAAI,iBAAU,CAAC,kCAAkC,CAAC,CAAA;wBAClE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC;4BAAE,MAAM,IAAI,iBAAU,CAAC,0CAA0C,CAAC,CAAA;wBAE7F,MAAM,OAAO,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,cAAO,CAAC,CAAA;wBAC/D,WAAW,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAA;wBACnD,MAAM,kBAAkB,GAAG,WAAW,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,CAAC,CAAA;wBACjG,MAAM,GAAG,GAAG,IAAA,mCAA4B,EAAC,kBAAkB,CAAC,CAAA;wBAC5D,OAAO,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;oBAC3B,CAAC;iBACF,CAAC,CAAA;gBAEF,IAAI,CAAC,OAAO;oBAAE,MAAM,IAAI,iBAAU,CAAC,iCAAiC,CAAC,CAAA;gBAErE,0FAA0F;gBAC1F,6EAA6E;gBAC7E,MAAM,QAAQ,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;gBAClC,MAAM,eAAe,GAAG,kBAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;gBAClE,OAAO;oBACL,GAAG,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,OAAO,EAAE,kBAAW,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE;oBAC9E,GAAG,EAAE,eAAe,CAAC,GAAG;oBACxB,GAAG,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;oBAC1E,GAAG,EAAE,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,EAAE;oBACpB,GAAG,EAAE,eAAe,CAAC,GAAG;oBACxB,WAAW;iBACZ,CAAA;YACH,CAAC,CAAA;QACH,CAAC,CAAA;QAgFO,wCAAmC,GAAG,CAC5C,YAA0B,EAC1B,OAAsC,EACC,EAAE;YACzC,OAAO,KAAK,IAAI,EAAE;gBAChB,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;gBAErE,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;gBAC9C,OAAO,IAAA,2CAA+B,EAAC,OAAO,CAAC,CAAA;YACjD,CAAC,CAAA;QACH,CAAC,CAAA;QAEO,oCAA+B,GAAG,CACxC,YAA0B,EAC1B,OAAoC,EACG,EAAE;YACzC,OAAO,KAAK,EAAE,IAAI,EAAE,EAAE;gBACpB,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;gBACxC,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,iBAAiB,EAAE,GAAG,eAAe,CAAA;gBAE/D,IAAI,CAAC,GAAG;oBAAE,MAAM,IAAI,iBAAU,CAAC,+CAA+C,CAAC,CAAA;gBAC/E,IAAI,CAAC,iBAAiB;oBAAE,MAAM,IAAI,iBAAU,CAAC,yDAAyD,CAAC,CAAA;gBACvG,IAAI,CAAC,MAAM;oBAAE,MAAM,IAAI,iBAAU,CAAC,0CAA0C,CAAC,CAAA;gBAE7E,MAAM,SAAS,GAA0D;oBACvE,CAAC,0CAAiC,CAAC,SAAS,CAAC,EAAE,kBAAW,CAAC,KAAK;oBAChE,CAAC,0CAAiC,CAAC,WAAW,CAAC,EAAE,kBAAW,CAAC,KAAK;oBAClE,CAAC,0CAAiC,CAAC,KAAK,CAAC,EAAE,kBAAW,CAAC,KAAK;iBAC7D,CAAA;gBACD,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,CAAC,CAAA;gBAE1C,iEAAiE;gBACjE,iBAAiB;gBACjB,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,oBAAoB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC,EAAE;oBAC3E,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC;wBAC3E,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC;wBACzC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAA;oBACxC,iBAAiB,CAAC,EAAE,GAAG,iBAAiB,CAAC,EAAE,CAAA;iBAC5C;gBAED,MAAM,OAAO,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,cAAO,CAAC,CAAA;gBAC/D,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAA;gBACtF,MAAM,kBAAkB,GAAG,iBAAiB,CAAC,6BAA6B,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAA;gBAEtG,IAAI,gBAAgB,KAAK,kBAAW,CAAC,KAAK,EAAE;oBAC1C,MAAM,GAAG,GAAG,IAAA,mCAA4B,EAAC,kBAAkB,CAAC,CAAA;oBAC5D,MAAM,GAAG,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,CAAA;oBAE9D,IAAI,CAAC,GAAG,EAAE;wBACR,MAAM,IAAI,iBAAU,CAAC,sDAAsD,GAAG,CAAC,OAAO,EAAE,CAAC,CAAA;qBAC1F;oBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,YAAY,EAAE;wBAC1E,MAAM,EAAE,gBAAgB;wBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;wBAC9C,GAAG;qBACJ,CAAC,CAAA;oBAEF,OAAO,IAAA,2CAA+B,EAAC,MAAM,CAAC,CAAA;iBAC/C;qBAAM;oBACL,MAAM,GAAG,GAAG,IAAA,mCAA4B,EAAC,kBAAkB,CAAC,CAAA;oBAC5D,MAAM,SAAS,GAAG,IAAA,2BAAmB,EAAC,YAAY,EAAE,GAAG,CAAC,CAAA;oBAExD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,YAAY,EAAE;wBAC1E,MAAM,EAAE,gBAAgB;wBACxB,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;wBAC9C,SAAS,EAAE,SAAS;qBACrB,CAAC,CAAA;oBAEF,OAAO,IAAA,2CAA+B,EAAC,MAAM,CAAC,CAAA;iBAC/C;YACH,CAAC,CAAA;QACH,CAAC,CAAA;QA8BO,8BAAyB,GAAG,CAClC,YAA0B,EAC1B,OAGC,EACuB,EAAE;YAC1B,OAAO,KAAK,EAAE,IAAgC,EAAE,EAAE;;gBAChD,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,GAAG,IAAI,CAAA;gBACnD,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;gBAE3E,MAAM,iCAAiC,GAAG,IAAI,CAAC,qCAAqC,CAClF,eAAe,CAAC,gBAAgB,EAChC,iBAAgD,EAChD,cAAc,CAAC,oBAAoB,CACpC,CAAA;gBAED,IAAI,iCAAiC,CAAC,MAAM,KAAK,CAAC,EAAE;oBAClD,MAAM,IAAI,iBAAU,CAAC,sDAAsD,CAAC,CAAA;iBAC7E;gBAED,IAAI,iCAAiC,CAAC,MAAM,GAAG,CAAC,EAAE;oBAChD,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAC9B,sFAAsF,CACvF,CAAA;iBACF;gBAED,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,iBAAgD,CAAC,CAAA;gBAC9G,MAAM,MAAM,GACV,MAAA,OAAO,CAAC,mCAAmC,mCAC3C,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,mCAAmC,CAAA;gBACnF,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC;oBAC/B,YAAY;oBACZ,eAAe,EAAE,OAAO,CAAC,eAAe;oBACxC,aAAa;oBAEb,eAAe;oBACf,iBAAiB,EAAE,iBAAgD;oBAEnE,oBAAoB,EAAE,iCAAiC;iBACxD,CAAC,CAAA;gBAEF,IAAI,WAAW,CAAC,MAAM,KAAK,kBAAW,CAAC,KAAK,IAAI,WAAW,CAAC,MAAM,KAAK,kBAAW,CAAC,KAAK,EAAE;oBACxF,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAA2C,CAAC,EAAE;wBAChG,MAAM,IAAI,iBAAU,CAClB,sIAAsI,iBAAiB,CAAC,MAAM,IAAI,CACnK,CAAA;qBACF;oBAED,OAAO;wBACL,MAAM,EAAE,iBAAiB,CAAC,MAAM;wBAChC,UAAU,EAAE,sBAAe,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAgB;wBACzE,YAAY,EAAE,IAAI,CAAC,+BAA+B,CAAC,YAAY,EAAE,WAAW,CAAC;qBAC9E,CAAA;iBACF;qBAAM,IAAI,WAAW,CAAC,MAAM,KAAK,kBAAW,CAAC,OAAO,EAAE;oBACrD,IAAI,iBAAiB,CAAC,MAAM,KAAK,0CAAiC,CAAC,OAAO,EAAE;wBAC1E,MAAM,IAAI,iBAAU,CAClB,wCAAwC,0CAAiC,CAAC,OAAO,gBAAgB,iBAAiB,CAAC,MAAM,IAAI,CAC9H,CAAA;qBACF;oBACD,IAAI,iBAAiB,CAAC,GAAG,KAAK,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE;wBACrD,MAAM,IAAI,iBAAU,CAClB,qGAAqG,WAAW,CAAC,OAAO,CAAC,GAAG,gBAAgB,iBAAiB,CAAC,GAAG,IAAI,CACtK,CAAA;qBACF;oBAED,OAAO;wBACL,MAAM,EAAE,iBAAiB,CAAC,MAAM;wBAChC,gGAAgG;wBAChG,UAAU,EAAE,kBAAK,WAAW,CAAC,OAAO,CAAwC;wBAC5E,YAAY,EAAE,IAAI,CAAC,mCAAmC,CAAC,YAAY,EAAE,WAAW,CAAC;qBAClF,CAAA;iBACF;qBAAM;oBACL,MAAM,IAAI,iBAAU,CAAC,+BAA+B,CAAC,CAAA;iBACtD;YACH,CAAC,CAAA;QACH,CAAC,CAAA;QAveC,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAA;QAChD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,qBAAqB,GAAG,qBAAqB,CAAA;QAClD,IAAI,CAAC,yBAAyB,GAAG,yBAAyB,CAAA;QAC1D,IAAI,CAAC,kCAAkC,GAAG,kCAAkC,CAAA;IAC9E,CAAC;IAEM,KAAK,CAAC,qBAAqB,CAChC,YAA0B,EAC1B,OAAmF;QAEnF,MAAM,EAAE,2BAA2B,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAA;QAE3E,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QAEvD,6DAA6D;QAC7D,yFAAyF;QACzF,IAAA,8BAAqB,EAAC,OAAO,CAAC,kBAAkB,EAAE,QAAQ,CAAC,cAAc,CAAC,qBAAqB,CAAC,CAAA;QAEhG,yCAAyC;QACzC,MAAM,wBAAwB,GAAG,IAAA,mBAAY,EAAC,QAAQ,CAAC,cAAc,CAAC,iBAAiB,EAAE;YACvF,IAAI,CAAC,qBAAqB,CAAC,uBAAuB,CAAC,YAAY;YAC/D,mEAAmE;YACnE,YAAK,CAAC,IAAI,EAAE;SACb,CAAC,CAAA;QAEF,IAAI,EAAE,GAAG,EAAE,GAAG,MAAM,QAAQ,CAAC,wBAAwB,CAAC;YACpD,MAAM,EAAE,MAAM,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,2BAA2B,CAAC;YACjF,WAAW,EAAE,kBAAkB;YAC/B,kBAAkB,EAAE,wBAAwB;YAC5C,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,2BAA2B,EAAE,OAAO,CAAC,gBAAgB;SACtD,CAAC,CAAA;QAEF,mEAAmE;QACnE,IAAI,GAAG,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;YAC1C,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,wBAAwB,EAAE,kBAAkB,CAAC,wBAAwB,CAAC,CAAC,CAAA;SAC1F;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,gBAAgB,CAAC,YAAY,EAAE;YACnG,kBAAkB,EAAE,wBAAwB;SAC7C,CAAC,CAAA;QAEF,OAAO;YACL,eAAe;YACf,eAAe,EAAE,GAAG;SACrB,CAAA;IACH,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,uCAAuC,CAClD,YAA0B,EAC1B,EAAE,iBAAiB,EAAE,QAAQ,EAAyE;QAEtG,MAAM,MAAM,GAAG,IAAA,kDAA8B,EAAC,iBAAiB,CAAC,CAAA;QAEhE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,iBAAiB,CAAC,YAAY,EAAE;YACpG,QAAQ;YACR,MAAM;SACP,CAAC,CAAA;QAEF,OAAO,eAAe,CAAA;IACxB,CAAC;IAEM,KAAK,CAAC,wBAAwB,CACnC,YAA0B,EAC1B,OAAwG;QAExG,OAAO,CAAC,eAAe,CAAC,WAAW,CAAC;YAClC,6DAA6B,CAAC,kBAAkB;YAChD,6DAA6B,CAAC,yBAAyB;YACvD,8DAA8D;YAC9D,6DAA6B,CAAC,gBAAgB;SAC/C,CAAC,CAAA;QACF,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,GAAG,OAAO,CAAA;QACtD,IAAI,CAAC,iBAAiB,CAAC,KAAK;YAAE,MAAM,IAAI,iBAAU,CAAC,4CAA4C,CAAC,CAAA;QAEhG,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,YAAY,EAAE,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAA;QAE7F,MAAM,MAAM,GAAG,IAAA,kDAA8B,EAAC,iBAAiB,CAAC,CAAA;QAChE,IAAI,eAAe,CAAC,MAAM,KAAK,MAAM,EAAE;YACrC,MAAM,IAAI,iBAAU,CAAC,yFAAyF,CAAC,CAAA;SAChH;QAED,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE;YACpC,MAAM,IAAI,iBAAU,CAAC,wFAAwF,CAAC,CAAA;SAC/G;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC,eAAe,CAAC,OAAO,EAAE,EAAE;YAC1D,MAAM,IAAI,iBAAU,CAAC,yBAAyB,CAAC,CAAA;SAChD;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QACvD,MAAM,kBAAkB,GAAG,MAAM,QAAQ,CAAC,eAAe,CAAC;YACxD,iBAAiB;YACjB,cAAc,EAAE,IAAI,CAAC,qBAAqB,CAAC,mBAAmB,CAAC,qBAAqB;YAEpF,yDAAyD;YACzD,sBAAsB,EAAE,IAAI,CAAC,yBAAyB,CAAC,YAAY,kCAAO,OAAO,KAAE,MAAM,IAAG;YAC5F,2BAA2B,EAAE,eAAe,CAAC,gBAAgB;YAC7D,cAAc,EAAE,SAAS;SAC1B,CAAC,CAAA;QAEF,MAAM,sBAAsB,GAAG,MAAM,IAAI,CAAC,kCAAkC,CAAC,OAAO,CAClF,YAAY,EACZ,eAAe,CAAC,EAAE,CACnB,CAAA;QAED,IAAI,CAAC,kBAAkB,CAAC,UAAU,EAAE;YAClC,sBAAsB,CAAC,KAAK,GAAG,6DAA6B,CAAC,KAAK,CAAA;YAClE,sBAAsB,CAAC,YAAY,GAAG,qDAAqD,CAAA;YAC3F,MAAM,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAA;YAC1F,MAAM,IAAI,iBAAU,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAA;SAC1D;QAED,IAAI,kBAAkB,CAAC,gBAAgB,EAAE;YACvC,sBAAsB,CAAC,KAAK,GAAG,6DAA6B,CAAC,KAAK,CAAA;YAClE,sBAAsB,CAAC,YAAY,GAAG,qCAAqC,CAAA;YAC3E,MAAM,IAAI,CAAC,kCAAkC,CAAC,MAAM,CAAC,YAAY,EAAE,sBAAsB,CAAC,CAAA;YAC1F,MAAM,IAAI,iBAAU,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAA;SAC1D;QAED,OAAO;YACL,kBAAkB;YAClB,eAAe,EAAE,sBAAsB;SACxC,CAAA;IACH,CAAC;IAEM,KAAK,CAAC,2BAA2B,CAAC,YAA0B,EAAE,KAA4C;QAC/G,OAAO,IAAI,CAAC,kCAAkC,CAAC,WAAW,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;IACjF,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,YAA0B,EAAE,iBAAyB;QACvF,OAAO,IAAI,CAAC,kCAAkC,CAAC,OAAO,CAAC,YAAY,EAAE,iBAAiB,CAAC,CAAA;IACzF,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,YAA0B;QACnD,OAAO,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;IAC5D,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,YAA0B,EAAE,QAAgB;QAC3E,OAAO,IAAI,CAAC,yBAAyB,CAAC,aAAa,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAA;IAC7E,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,YAA0B,EAAE,MAA6B;QACjF,OAAO,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;IACpE,CAAC;IAEM,KAAK,CAAC,YAAY,CAAC,YAA0B,EAAE,OAAsC;;QAC1F,kEAAkE;QAClE,cAAc;QACd,YAAY;QACZ,MAAM,oBAAoB,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC;YAC/D,OAAO,EAAE,cAAO,CAAC,OAAO;SACzB,CAAC,CAAA;QACF,MAAM,eAAe,GAAG,IAAI,kCAAqB,CAAC;YAChD,QAAQ,EAAE,MAAA,OAAO,CAAC,QAAQ,mCAAI,YAAK,CAAC,IAAI,EAAE;YAC1C,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,+BAA+B,EAAE,oBAAoB,CAAC,WAAW;YACjE,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;SACnD,CAAC,CAAA;QAEF,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,YAAY,EAAE,eAAe,CAAC,CAAA;QACxE,MAAM,IAAA,4CAAmC,EAAC,YAAY,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAA;QACjF,OAAO,eAAe,CAAA;IACxB,CAAC;IAEM,KAAK,CAAC,2BAA2B,CAAC,YAA0B,EAAE,MAA6B;QAChG,MAAM,oBAAoB,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC;YAC/D,OAAO,EAAE,cAAO,CAAC,OAAO;SACzB,CAAC,CAAA;QAEF,+CAA+C;QAC/C,MAAM,CAAC,+BAA+B,GAAG,oBAAoB,CAAC,WAAW,CAAA;QACzE,MAAM,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;IACnE,CAAC;IAEM,iBAAiB,CAAC,YAA0B,EAAE,YAAmC;QACtF,MAAM,MAAM,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,yDAA2B,CAAC,CAAA;QAClF,MAAM,SAAS,GAAG,IAAA,mBAAY,EAAC,MAAM,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAA;QAEvE,MAAM,cAAc,GAAG;YACrB,SAAS;YACT,aAAa,EAAE,IAAA,mBAAY,EAAC,SAAS,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,YAAY,CAAC,CAAC;YACjF,kBAAkB,EAAE,IAAA,mBAAY,EAAC,SAAS,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;YACrF,oBAAoB,EAAE,YAAY,CAAC,oBAAoB;YACvD,aAAa,EAAE,YAAY,CAAC,OAAO;SACF,CAAA;QAEnC,OAAO,cAAc,CAAA;IACvB,CAAC;IAqCO,WAAW,CAAC,YAA0B,EAAE,MAA6B;QAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;QAEnE,MAAM,OAAO,GAAG,IAAI,gCAAe,EAAE;aAClC,oBAAoB,CAAC,cAAc,CAAC,SAAS,CAAC;aAC9C,sBAAsB,CAAC,cAAc,CAAC,kBAAkB,CAAC;aACzD,iBAAiB,CAAC,cAAc,CAAC,aAAa,CAAC;aAC/C,wBAAwB,CAAC,cAAc,CAAC,oBAAoB,CAAC;aAC7D,sBAAsB,CAAC,IAAI,yDAA2B,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;aACtF,+BAA+B,CAAC,IAAI,yFAA2C,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;aAC/G,kCAAkC,CAAC,IAAI,iFAAuC,CAAC,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;aAC9G,qBAAqB,CAAC,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;aAC9D,4BAA4B,CAAC,GAAG,EAAE;YACjC,MAAM,IAAI,iBAAU,CAAC,mEAAmE,CAAC,CAAA;QAC3F,CAAC,CAAC,CAAA;QAEJ,IAAI,cAAc,CAAC,mBAAmB,EAAE;YACtC,OAAO,CAAC,uBAAuB,CAAC,cAAc,CAAC,mBAAmB,CAAC,CAAA;SACpE;QAED,IAAI,cAAc,CAAC,aAAa,EAAE;YAChC,OAAO,CAAC,iBAAiB,CAAC,cAAc,CAAC,aAAa,CAAC,CAAA;SACxD;QAED,OAAO,OAAO,CAAC,KAAK,EAAE,CAAA;IACxB,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,YAA0B,EAC1B,2BAAkE;;QAElE,MAAM,MAAM,GAAU;YACpB,sDAAsD,EAAE;gBACtD,qBAAqB,EACnB,MAAA,2BAA2B,CAAC,iBAAiB,mCAAI,CAAC,MAAM,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC9F,iBAAiB,EAAE,MAAA,2BAA2B,CAAC,eAAe,mCAAI,KAAK;aACxE;SACF,CAAA;QAED,OAAO,MAAM,CAAA;IACf,CAAC;IAEO,qCAAqC,CAC3C,eAAiD,EACjD,iBAA8C,EAC9C,oBAAqD;QAErD,MAAM,kBAAkB,GAAG,IAAA,8BAAqB,EAAC,eAAe,CAAC,WAAW,EAAE,oBAAoB,CAAC,CAAA;QAEnG,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,iBAAiB,EAAE,EAAE;YACrD,IAAI,iBAAiB,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM;gBAAE,OAAO,KAAK,CAAA;YAEvE,IACE,iBAAiB,CAAC,MAAM,KAAK,0CAAiC,CAAC,SAAS;gBACxE,iBAAiB,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EACrD;gBACA,OAAO,IAAA,wBAAiB,EAAC,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAA;aAC3E;iBAAM,IACL,iBAAiB,CAAC,MAAM,KAAK,0CAAiC,CAAC,WAAW;gBAC1E,iBAAiB,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EACrD;gBACA,OAAO,IAAA,wBAAiB,EAAC,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAA;aACjG;iBAAM,IACL,iBAAiB,CAAC,MAAM,KAAK,0CAAiC,CAAC,KAAK;gBACpE,iBAAiB,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EACrD;gBACA,OAAO,IAAA,wBAAiB,EAAC,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAA;aACjG;iBAAM,IACL,iBAAiB,CAAC,MAAM,KAAK,0CAAiC,CAAC,OAAO;gBACtE,iBAAiB,CAAC,MAAM,KAAK,iBAAiB,CAAC,MAAM,EACrD;gBACA,OAAO,iBAAiB,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,CAAA;aACvD;YAED,OAAO,KAAK,CAAA;QACd,CAAC,CAAC,CAAA;IACJ,CAAC;IA8EO,KAAK,CAAC,2BAA2B,CAAC,iBAA8C;;QACtF,IAAI,CAAC,CAAA,MAAA,iBAAiB,CAAC,KAAK,0CAAE,GAAG,CAAA;YAAE,MAAM,IAAI,iBAAU,CAAC,+CAA+C,CAAC,CAAA;QAExG,MAAM,GAAG,GAAG,UAAG,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAE9D,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;YAClB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE;gBACtC,MAAM,IAAI,iBAAU,CAAC,4CAA4C,CAAC,CAAA;aACnE;iBAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;gBACxC,MAAM,IAAI,iBAAU,CAClB,4EAA4E,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE,CAC7F,CAAA;aACF;YAED,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;aACoB,CAAA;SAC7C;aAAM,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;YACzB,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,GAAG,EAAE,IAAA,qBAAc,EAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;aACO,CAAA;SAC7C;aAAM;YACL,MAAM,IAAI,iBAAU,CAAC,sEAAsE,CAAC,CAAA;SAC7F;IACH,CAAC;CA+EF,CAAA;AAtfY,sBAAsB;IADlC,IAAA,iBAAU,GAAE;qCASa,2BAAoB;QAC9B,iBAAU;QACC,yDAA2B;QACvB,sCAAyB;QAChB,+CAAkC;GAZ7D,sBAAsB,CAsflC;AAtfY,wDAAsB"}

package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.ts

@@ -0,0 +1,88 @@
+import type { OpenId4VcIssuanceSessionRecord } from './repository';
+import type { OpenId4VcCredentialHolderBinding, OpenId4VciCredentialOffer, OpenId4VciCredentialRequest, OpenId4VciCredentialSupported, OpenId4VciCredentialSupportedWithId, OpenId4VciIssuerMetadataDisplay } from '../shared';
+import type { AgentContext, ClaimFormat, W3cCredential, SdJwtVcSignOptions } from '@credo-ts/core';
+export interface OpenId4VciPreAuthorizedCodeFlowConfig {
+    preAuthorizedCode?: string;
+    userPinRequired?: boolean;
+}
+export type OpenId4VcIssuerMetadata = {
+    issuerUrl: string;
+    credentialEndpoint: string;
+    tokenEndpoint: string;
+    authorizationServer?: string;
+    issuerDisplay?: OpenId4VciIssuerMetadataDisplay[];
+    credentialsSupported: OpenId4VciCredentialSupported[];
+};
+export interface OpenId4VciCreateCredentialOfferOptions {
+    offeredCredentials: string[];
+    /**
+     * baseUri for the credential offer uri. By default `openid-credential-offer://` will be used
+     * if no value is provided. If a value is provided, make sure it contains the scheme as well as `://`.
+     */
+    baseUri?: string;
+    preAuthorizedCodeFlowConfig: OpenId4VciPreAuthorizedCodeFlowConfig;
+    /**
+     * Metadata about the issuance, that will be stored in the issuance session record and
+     * passed to the credential request to credential mapper. This can be used to e.g. store an
+     * user identifier so user data can be fetched in the credential mapper, or the actual credential
+     * data.
+     */
+    issuanceMetadata?: Record<string, unknown>;
+}
+export interface OpenId4VciCreateCredentialResponseOptions {
+    credentialRequest: OpenId4VciCredentialRequest;
+    /**
+     * You can optionally provide a credential request to credential mapper that will be
+     * dynamically invoked to return credential data based on the credential request.
+     *
+     * If not provided, the `credentialRequestToCredentialMapper` from the agent config
+     * will be used.
+     */
+    credentialRequestToCredentialMapper?: OpenId4VciCredentialRequestToCredentialMapper;
+}
+export type OpenId4VciCredentialRequestToCredentialMapper = (options: {
+    agentContext: AgentContext;
+    /**
+     * The issuance session associated with the credential request. You can extract the
+     * issuance metadata from this record if passed in the offer creation method.
+     */
+    issuanceSession: OpenId4VcIssuanceSessionRecord;
+    /**
+     * The credential request received from the wallet
+     */
+    credentialRequest: OpenId4VciCredentialRequest;
+    /**
+     * The offer associated with the credential request
+     */
+    credentialOffer: OpenId4VciCredentialOffer;
+    /**
+     * Verified key binding material that should be included in the credential
+     *
+     * Can either be bound to did or a JWK (in case of for ex. SD-JWT)
+     */
+    holderBinding: OpenId4VcCredentialHolderBinding;
+    /**
+     * The credentials supported entries from the issuer metadata that were offered
+     * and match the incoming request
+     *
+     * NOTE: in v12 this will probably become a single entry, as it will be matched on id
+     */
+    credentialsSupported: OpenId4VciCredentialSupported[];
+}) => Promise<OpenId4VciSignCredential> | OpenId4VciSignCredential;
+export type OpenId4VciSignCredential = OpenId4VciSignSdJwtCredential | OpenId4VciSignW3cCredential;
+export interface OpenId4VciSignSdJwtCredential extends SdJwtVcSignOptions {
+    format: ClaimFormat.SdJwtVc | `${ClaimFormat.SdJwtVc}`;
+}
+export interface OpenId4VciSignW3cCredential {
+    format: ClaimFormat.JwtVc | `${ClaimFormat.JwtVc}` | ClaimFormat.LdpVc | `${ClaimFormat.LdpVc}`;
+    verificationMethod: string;
+    credential: W3cCredential;
+}
+export interface OpenId4VciCreateIssuerOptions {
+    /**
+     * Id of the issuer, not the id of the issuer record. Will be exposed publicly
+     */
+    issuerId?: string;
+    credentialsSupported: OpenId4VciCredentialSupportedWithId[];
+    display?: OpenId4VciIssuerMetadataDisplay[];
+}

package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=OpenId4VcIssuerServiceOptions.js.map

package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VcIssuerServiceOptions.js","sourceRoot":"","sources":["../../src/openid4vc-issuer/OpenId4VcIssuerServiceOptions.ts"],"names":[],"mappings":""}

package/build/openid4vc-issuer/index.d.ts

@@ -0,0 +1,8 @@
+export * from './OpenId4VcIssuerApi';
+export * from './OpenId4VcIssuerModule';
+export * from './OpenId4VcIssuerService';
+export * from './OpenId4VcIssuerModuleConfig';
+export * from './OpenId4VcIssuerServiceOptions';
+export * from './OpenId4VcIssuerEvents';
+export * from './OpenId4VcIssuanceSessionState';
+export { OpenId4VcIssuerRecord, OpenId4VcIssuerRecordProps, OpenId4VcIssuerRecordTags } from './repository';

package/build/openid4vc-issuer/index.js

@@ -0,0 +1,27 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenId4VcIssuerRecord = void 0;
+__exportStar(require("./OpenId4VcIssuerApi"), exports);
+__exportStar(require("./OpenId4VcIssuerModule"), exports);
+__exportStar(require("./OpenId4VcIssuerService"), exports);
+__exportStar(require("./OpenId4VcIssuerModuleConfig"), exports);
+__exportStar(require("./OpenId4VcIssuerServiceOptions"), exports);
+__exportStar(require("./OpenId4VcIssuerEvents"), exports);
+__exportStar(require("./OpenId4VcIssuanceSessionState"), exports);
+var repository_1 = require("./repository");
+Object.defineProperty(exports, "OpenId4VcIssuerRecord", { enumerable: true, get: function () { return repository_1.OpenId4VcIssuerRecord; } });
+//# sourceMappingURL=index.js.map

package/build/openid4vc-issuer/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/openid4vc-issuer/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,uDAAoC;AACpC,0DAAuC;AACvC,2DAAwC;AACxC,gEAA6C;AAC7C,kEAA+C;AAC/C,0DAAuC;AACvC,kEAA+C;AAC/C,2CAA2G;AAAlG,mHAAA,qBAAqB,OAAA"}

package/build/openid4vc-issuer/repository/OpenId4VcCNonceStateManager.d.ts

@@ -0,0 +1,18 @@
+import type { AgentContext } from '@credo-ts/core';
+import type { CNonceState, IStateManager } from '@sphereon/oid4vci-common';
+export declare class OpenId4VcCNonceStateManager implements IStateManager<CNonceState> {
+    private agentContext;
+    private issuerId;
+    private openId4VcIssuanceSessionRepository;
+    private openId4VcIssuerModuleConfig;
+    constructor(agentContext: AgentContext, issuerId: string);
+    set(cNonce: string, stateValue: CNonceState): Promise<void>;
+    get(cNonce: string): Promise<CNonceState | undefined>;
+    has(cNonce: string): Promise<boolean>;
+    delete(cNonce: string): Promise<boolean>;
+    clearExpired(): Promise<void>;
+    clearAll(): Promise<void>;
+    getAsserted(id: string): Promise<CNonceState>;
+    startCleanupRoutine(): Promise<void>;
+    stopCleanupRoutine(): Promise<void>;
+}