@credo-ts/openid4vc 0.6.0-pr-2209-20250321171013 → 0.6.0-pr-2195-20250321180923

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (111) hide show
  1. package/build/openid4vc-holder/OpenId4VcHolderApi.d.ts +126 -21
  2. package/build/openid4vc-holder/OpenId4VcHolderApi.js +36 -21
  3. package/build/openid4vc-holder/OpenId4VcHolderApi.js.map +1 -1
  4. package/build/openid4vc-holder/OpenId4VcHolderModule.js +3 -3
  5. package/build/openid4vc-holder/OpenId4VcHolderModule.js.map +1 -1
  6. package/build/openid4vc-holder/OpenId4VciHolderService.d.ts +5 -6
  7. package/build/openid4vc-holder/OpenId4VciHolderService.js +13 -15
  8. package/build/openid4vc-holder/OpenId4VciHolderService.js.map +1 -1
  9. package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.d.ts +3 -3
  10. package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js +2 -2
  11. package/build/openid4vc-holder/OpenId4VciHolderServiceOptions.js.map +1 -1
  12. package/build/openid4vc-holder/OpenId4vpHolderService.d.ts +132 -0
  13. package/build/openid4vc-holder/OpenId4vpHolderService.js +317 -0
  14. package/build/openid4vc-holder/OpenId4vpHolderService.js.map +1 -0
  15. package/build/openid4vc-holder/OpenId4vpHolderServiceOptions.d.ts +81 -0
  16. package/build/openid4vc-holder/{OpenId4vcSiopHolderServiceOptions.js → OpenId4vpHolderServiceOptions.js} +1 -1
  17. package/build/openid4vc-holder/OpenId4vpHolderServiceOptions.js.map +1 -0
  18. package/build/openid4vc-holder/index.d.ts +2 -2
  19. package/build/openid4vc-holder/index.js +2 -2
  20. package/build/openid4vc-holder/index.js.map +1 -1
  21. package/build/openid4vc-issuer/OpenId4VcIssuerApi.d.ts +194 -44
  22. package/build/openid4vc-issuer/OpenId4VcIssuerModule.js +1 -1
  23. package/build/openid4vc-issuer/OpenId4VcIssuerModule.js.map +1 -1
  24. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.d.ts +7 -7
  25. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js +2 -10
  26. package/build/openid4vc-issuer/OpenId4VcIssuerModuleConfig.js.map +1 -1
  27. package/build/openid4vc-issuer/OpenId4VcIssuerService.d.ts +197 -48
  28. package/build/openid4vc-issuer/OpenId4VcIssuerService.js +28 -19
  29. package/build/openid4vc-issuer/OpenId4VcIssuerService.js.map +1 -1
  30. package/build/openid4vc-issuer/OpenId4VcIssuerServiceOptions.d.ts +11 -6
  31. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.d.ts +11 -1
  32. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js +2 -0
  33. package/build/openid4vc-issuer/repository/OpenId4VcIssuanceSessionRecord.js.map +1 -1
  34. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.js +2 -2
  35. package/build/openid4vc-issuer/repository/OpenId4VcIssuerRecord.js.map +1 -1
  36. package/build/openid4vc-issuer/router/accessTokenEndpoint.js +1 -1
  37. package/build/openid4vc-issuer/router/accessTokenEndpoint.js.map +1 -1
  38. package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js +1 -1
  39. package/build/openid4vc-issuer/router/authorizationChallengeEndpoint.js.map +1 -1
  40. package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.js +1 -1
  41. package/build/openid4vc-issuer/router/authorizationServerMetadataEndpoint.js.map +1 -1
  42. package/build/openid4vc-issuer/router/credentialEndpoint.js +4 -3
  43. package/build/openid4vc-issuer/router/credentialEndpoint.js.map +1 -1
  44. package/build/openid4vc-issuer/router/credentialOfferEndpoint.js +15 -0
  45. package/build/openid4vc-issuer/router/credentialOfferEndpoint.js.map +1 -1
  46. package/build/openid4vc-issuer/router/issuerMetadataEndpoint.js +1 -1
  47. package/build/openid4vc-issuer/router/issuerMetadataEndpoint.js.map +1 -1
  48. package/build/openid4vc-verifier/OpenId4VcVerifierApi.d.ts +12 -25
  49. package/build/openid4vc-verifier/OpenId4VcVerifierApi.js +16 -25
  50. package/build/openid4vc-verifier/OpenId4VcVerifierApi.js.map +1 -1
  51. package/build/openid4vc-verifier/OpenId4VcVerifierModule.js +5 -8
  52. package/build/openid4vc-verifier/OpenId4VcVerifierModule.js.map +1 -1
  53. package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.d.ts +30 -7
  54. package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.js +16 -12
  55. package/build/openid4vc-verifier/OpenId4VcVerifierModuleConfig.js.map +1 -1
  56. package/build/openid4vc-verifier/OpenId4VpVerifierService.d.ts +51 -0
  57. package/build/openid4vc-verifier/OpenId4VpVerifierService.js +765 -0
  58. package/build/openid4vc-verifier/OpenId4VpVerifierService.js.map +1 -0
  59. package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.d.ts +146 -0
  60. package/build/openid4vc-verifier/{OpenId4VcSiopVerifierServiceOptions.js → OpenId4VpVerifierServiceOptions.js} +1 -1
  61. package/build/openid4vc-verifier/OpenId4VpVerifierServiceOptions.js.map +1 -0
  62. package/build/openid4vc-verifier/index.d.ts +2 -2
  63. package/build/openid4vc-verifier/index.js +2 -2
  64. package/build/openid4vc-verifier/index.js.map +1 -1
  65. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.d.ts +39 -14
  66. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js +38 -8
  67. package/build/openid4vc-verifier/repository/OpenId4VcVerificationSessionRecord.js.map +1 -1
  68. package/build/openid4vc-verifier/repository/OpenId4VcVerifierRecord.d.ts +3 -3
  69. package/build/openid4vc-verifier/router/authorizationEndpoint.d.ts +2 -10
  70. package/build/openid4vc-verifier/router/authorizationEndpoint.js +94 -105
  71. package/build/openid4vc-verifier/router/authorizationEndpoint.js.map +1 -1
  72. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.d.ts +2 -10
  73. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js +21 -22
  74. package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js.map +1 -1
  75. package/build/shared/callbacks.d.ts +13 -5
  76. package/build/shared/callbacks.js +104 -13
  77. package/build/shared/callbacks.js.map +1 -1
  78. package/build/shared/issuerMetadataUtils.d.ts +102 -144
  79. package/build/shared/models/OpenId4VcJwtIssuer.d.ts +2 -3
  80. package/build/shared/models/index.d.ts +10 -10
  81. package/build/shared/models/index.js +5 -5
  82. package/build/shared/models/index.js.map +1 -1
  83. package/build/shared/router/context.d.ts +3 -3
  84. package/build/shared/router/context.js +7 -3
  85. package/build/shared/router/context.js.map +1 -1
  86. package/build/shared/transactionData.d.ts +5 -0
  87. package/build/shared/transactionData.js +22 -0
  88. package/build/shared/transactionData.js.map +1 -0
  89. package/build/shared/utils.d.ts +6 -8
  90. package/build/shared/utils.js +34 -105
  91. package/build/shared/utils.js.map +1 -1
  92. package/package.json +7 -8
  93. package/build/openid4vc-holder/OpenId4vcSiopHolderService.d.ts +0 -32
  94. package/build/openid4vc-holder/OpenId4vcSiopHolderService.js +0 -300
  95. package/build/openid4vc-holder/OpenId4vcSiopHolderService.js.map +0 -1
  96. package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.d.ts +0 -38
  97. package/build/openid4vc-holder/OpenId4vcSiopHolderServiceOptions.js.map +0 -1
  98. package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.d.ts +0 -55
  99. package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js +0 -553
  100. package/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js.map +0 -1
  101. package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts +0 -77
  102. package/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.js.map +0 -1
  103. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.d.ts +0 -49
  104. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js +0 -230
  105. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartyEventEmitter.js.map +0 -1
  106. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.d.ts +0 -19
  107. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js +0 -144
  108. package/build/openid4vc-verifier/repository/OpenId4VcRelyingPartySessionManager.js.map +0 -1
  109. package/build/shared/transform.d.ts +0 -5
  110. package/build/shared/transform.js +0 -69
  111. package/build/shared/transform.js.map +0 -1
package/build/openid4vc-verifier/router/authorizationEndpoint.js CHANGED
@@ -1,127 +1,116 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.configureAuthorizationEndpoint = configureAuthorizationEndpoint;
4
- const oauth2_1 = require("@animo-id/oauth2");
4
+ const oauth2_1 = require("@openid4vc/oauth2");
5
5
  const core_1 = require("@credo-ts/core");
6
- const did_auth_siop_1 = require("@sphereon/did-auth-siop");
6
+ // FIXME: export parseOpenid4VpAuthorizationResponsePayload from openid4vp
7
+ const openid4vp_1 = require("@openid4vc/openid4vp");
7
8
  const router_1 = require("../../shared/router");
8
- const OpenId4VcSiopVerifierService_1 = require("../OpenId4VcSiopVerifierService");
9
- async function getVerificationSession(agentContext, options) {
10
- const { verifierId, state, nonce } = options;
11
- const openId4VcVerifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
12
- const session = await openId4VcVerifierService.findVerificationSessionForAuthorizationResponse(agentContext, {
13
- authorizationResponseParams: { state, nonce },
14
- verifierId,
15
- });
16
- if (!session) {
17
- agentContext.config.logger.warn(`No verification session found for incoming authorization response for verifier ${verifierId}`);
18
- throw new core_1.CredoError(`No state or nonce provided in authorization response for verifier ${verifierId}`);
19
- }
20
- return session;
21
- }
22
- const decryptJarmResponse = (agentContext) => {
23
- return async (input) => {
24
- const { jwe: compactJwe, jwk: jwkJson } = input;
25
- const key = core_1.Key.fromFingerprint(jwkJson.kid);
26
- if (!agentContext.wallet.directDecryptCompactJweEcdhEs) {
27
- throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directDecryptCompactJweEcdhEs');
28
- }
29
- const { data, header } = await agentContext.wallet.directDecryptCompactJweEcdhEs({ compactJwe, recipientKey: key });
30
- const decryptedPayload = core_1.TypedArrayEncoder.toUtf8String(data);
31
- return {
32
- plaintext: decryptedPayload,
33
- protectedHeader: header,
34
- };
35
- };
36
- };
9
+ const OpenId4VpVerifierService_1 = require("../OpenId4VpVerifierService");
10
+ const repository_1 = require("../repository");
11
+ const utils_1 = require("@openid4vc/utils");
37
12
  function configureAuthorizationEndpoint(router, config) {
38
- router.post(config.endpointPath, async (request, response, next) => {
13
+ router.post(config.authorizationEndpoint, async (request, response, next) => {
39
14
  const { agentContext, verifier } = (0, router_1.getRequestContext)(request);
40
- let jarmResponseType;
15
+ const openId4VcVerifierService = agentContext.dependencyManager.resolve(OpenId4VpVerifierService_1.OpenId4VpVerifierService);
41
16
  try {
42
- const openId4VcVerifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
43
- let verificationSession;
44
- let authorizationResponsePayload;
45
- let jarmHeader = undefined;
46
- if (request.body.response) {
47
- const res = await did_auth_siop_1.RP.processJarmAuthorizationResponse(request.body.response, {
48
- getAuthRequestPayload: async (input) => {
49
- verificationSession = await getVerificationSession(agentContext, {
50
- verifierId: verifier.verifierId,
51
- state: input.state,
52
- nonce: input.nonce,
53
- });
54
- const req = await did_auth_siop_1.AuthorizationRequest.fromUriOrJwt(verificationSession.authorizationRequestJwt);
55
- const requestObjectPayload = await req.requestObject?.getPayload();
56
- if (!requestObjectPayload) {
57
- throw new core_1.CredoError('No request object payload found.');
58
- }
59
- return { authRequestParams: requestObjectPayload };
60
- },
61
- decryptCompact: decryptJarmResponse(agentContext),
62
- hasher: core_1.Hasher.hash,
63
- });
64
- jarmResponseType = res.type;
65
- const [header] = request.body.response.split('.');
66
- jarmHeader = core_1.JsonEncoder.fromBase64(header);
67
- // FIXME: verify the apv matches the nonce of the authorization reuqest
68
- authorizationResponsePayload = res.authResponseParams;
69
- }
70
- else {
71
- authorizationResponsePayload = request.body;
72
- verificationSession = await getVerificationSession(agentContext, {
73
- verifierId: verifier.verifierId,
74
- state: authorizationResponsePayload.state,
75
- nonce: authorizationResponsePayload.nonce,
76
- });
77
- }
78
- if (typeof authorizationResponsePayload.presentation_submission === 'string') {
79
- authorizationResponsePayload.presentation_submission = JSON.parse(request.body.presentation_submission);
80
- }
81
- // This feels hacky, and should probably be moved to OID4VP lib. However the OID4VP spec allows either object, string, or array...
82
- if (typeof authorizationResponsePayload.vp_token === 'string' &&
83
- (authorizationResponsePayload.vp_token.startsWith('{') || authorizationResponsePayload.vp_token.startsWith('['))) {
84
- authorizationResponsePayload.vp_token = JSON.parse(authorizationResponsePayload.vp_token);
85
- }
86
- if (!verificationSession) {
87
- throw new core_1.CredoError('Missing verification session, cannot verify authorization response.');
88
- }
89
- const authorizationRequest = await did_auth_siop_1.AuthorizationRequest.fromUriOrJwt(verificationSession.authorizationRequestJwt);
90
- const response_mode = await authorizationRequest.getMergedProperty('response_mode');
91
- if (response_mode?.includes('jwt') && !jarmResponseType) {
92
- throw new oauth2_1.Oauth2ServerErrorResponseError({
93
- error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
94
- error_description: `JARM response is required for JWT response mode '${response_mode}'.`,
95
- });
96
- }
97
- if (!response_mode?.includes('jwt') && jarmResponseType) {
98
- throw new oauth2_1.Oauth2ServerErrorResponseError({
99
- error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
100
- error_description: `Recieved JARM response which is incompatible with response mode '${response_mode}'.`,
101
- });
102
- }
103
- if (jarmResponseType && jarmResponseType !== 'encrypted') {
104
- throw new oauth2_1.Oauth2ServerErrorResponseError({
105
- error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
106
- error_description: `Only encrypted JARM responses are supported, received '${jarmResponseType}'.`,
107
- });
108
- }
109
- await openId4VcVerifierService.verifyAuthorizationResponse(agentContext, {
110
- authorizationResponse: authorizationResponsePayload,
111
- verificationSession,
112
- jarmHeader,
17
+ const result = await getVerificationSession(agentContext, request, response, next, verifier);
18
+ // Response already handled in the method
19
+ if (!result.success)
20
+ return;
21
+ const { verificationSession } = await openId4VcVerifierService.verifyAuthorizationResponse(agentContext, {
22
+ authorizationResponse: request.body,
23
+ verificationSession: result.verificationSession,
113
24
  });
114
25
  return (0, router_1.sendJsonResponse)(response, next, {
115
26
  // Used only for presentation during issuance flow, to prevent session fixation.
116
27
  presentation_during_issuance_session: verificationSession.presentationDuringIssuanceSession,
28
+ // TODO: add callback for the user of Credo, where also a redirect_uri can be returned
29
+ // callback should also be called in case of failed verification
30
+ // redirect_uri
117
31
  });
118
32
  }
119
33
  catch (error) {
120
34
  if (error instanceof oauth2_1.Oauth2ServerErrorResponseError) {
121
35
  return (0, router_1.sendOauth2ErrorResponse)(response, next, agentContext.config.logger, error);
122
36
  }
123
- return (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 500, 'invalid_request', error);
37
+ // FIXME: should throw a Oauth2ServerErrorResponseError in the oid4vp library
38
+ if (error instanceof utils_1.ValidationError) {
39
+ return (0, router_1.sendOauth2ErrorResponse)(response, next, agentContext.config.logger, new oauth2_1.Oauth2ServerErrorResponseError({
40
+ error: oauth2_1.Oauth2ErrorCodes.InvalidRequest,
41
+ error_description: error.message,
42
+ }, { cause: error }));
43
+ }
44
+ // FIXME: Many CredoError will result in 500. We should either throw Oauth2ServerErrorResponseError as well
45
+ // Or have a special OpenID4VP verifier error that is similar to Oauth2ServerErrorResponseError
46
+ return (0, router_1.sendUnknownServerErrorResponse)(response, next, agentContext.config.logger, error);
124
47
  }
125
48
  });
126
49
  }
50
+ async function getVerificationSession(agentContext, request, response, next, verifier) {
51
+ const openId4VcVerificationSessionRepository = agentContext.dependencyManager.resolve(repository_1.OpenId4VcVerificationSessionRepository);
52
+ try {
53
+ if (request.query.session) {
54
+ if (typeof request.query.session !== 'string') {
55
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `Unexpected value for 'session' query param`);
56
+ return { success: false };
57
+ }
58
+ const verificationSession = await openId4VcVerificationSessionRepository.findSingleByQuery(agentContext, {
59
+ verifierId: verifier.verifierId,
60
+ authorizationRequestId: request.query.session,
61
+ });
62
+ if (!verificationSession) {
63
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `Invalid 'session' parameter`);
64
+ return { success: false };
65
+ }
66
+ return { success: true, verificationSession };
67
+ }
68
+ const parsedResponse = openid4vp_1.zOpenid4vpAuthorizationResponse.safeParse(request.body);
69
+ if (parsedResponse.success) {
70
+ if (!parsedResponse.data.state) {
71
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `Missing required 'state' parameter in response without response encryption`);
72
+ return { success: false };
73
+ }
74
+ const verificationSession = await openId4VcVerificationSessionRepository.findSingleByQuery(agentContext, {
75
+ payloadState: parsedResponse.data.state,
76
+ verifierId: verifier.verifierId,
77
+ });
78
+ if (!verificationSession) {
79
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `Invalid 'state' parameter`);
80
+ return { success: false };
81
+ }
82
+ return { success: true, verificationSession };
83
+ }
84
+ // Try extracting apv (request nonce), which is used in encrypted responses (for ISO 18013-7/before draft 24)
85
+ if (typeof request.body === 'object' && 'response' in request.body) {
86
+ const { header } = (0, oauth2_1.decodeJwtHeader)({
87
+ jwt: request.body.response,
88
+ });
89
+ if (!header.apv) {
90
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `Missing 'session' query param or 'apv' value in header of encrypted JARM response.`);
91
+ return { success: false };
92
+ }
93
+ if (typeof header.apv !== 'string') {
94
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `'apv' value in header of encrypted JARM response is not of type string.`);
95
+ return { success: false };
96
+ }
97
+ const nonce = core_1.TypedArrayEncoder.toUtf8String(core_1.TypedArrayEncoder.fromBase64(header.apv));
98
+ const verificationSession = await openId4VcVerificationSessionRepository.findSingleByQuery(agentContext, {
99
+ nonce,
100
+ verifierId: verifier.verifierId,
101
+ });
102
+ if (!verificationSession) {
103
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, `Invalid 'apv' parameter`);
104
+ return { success: false };
105
+ }
106
+ return { success: true, verificationSession };
107
+ }
108
+ (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, oauth2_1.Oauth2ErrorCodes.InvalidRequest, 'Invalid response');
109
+ return { success: false };
110
+ }
111
+ catch (error) {
112
+ (0, router_1.sendUnknownServerErrorResponse)(response, next, agentContext.config.logger, error);
113
+ return { success: false };
114
+ }
115
+ }
127
116
  //# sourceMappingURL=authorizationEndpoint.js.map
package/build/openid4vc-verifier/router/authorizationEndpoint.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizationEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationEndpoint.ts"],"names":[],"mappings":";;AAmEA,wEAuGC;AApKD,6CAAmF;AACnF,yCAAwF;AACxF,2DAAkE;AAElE,gDAAqH;AACrH,kFAA8E;AAY9E,KAAK,UAAU,sBAAsB,CACnC,YAA0B,EAC1B,OAIC;IAED,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,OAAO,CAAA;IAE5C,MAAM,wBAAwB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;IACrG,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,+CAA+C,CAAC,YAAY,EAAE;QAC3G,2BAA2B,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE;QAC7C,UAAU;KACX,CAAC,CAAA;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAC7B,kFAAkF,UAAU,EAAE,CAC/F,CAAA;QACD,MAAM,IAAI,iBAAU,CAAC,qEAAqE,UAAU,EAAE,CAAC,CAAA;IACzG,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,mBAAmB,GAAG,CAAC,YAA0B,EAAkB,EAAE;IACzE,OAAO,KAAK,EAAE,KAAK,EAAE,EAAE;QACrB,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;QAC/C,MAAM,GAAG,GAAG,UAAG,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAC5C,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAAC,qFAAqF,CAAC,CAAA;QAC7G,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAA;QACnH,MAAM,gBAAgB,GAAG,wBAAiB,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;QAE7D,OAAO;YACL,SAAS,EAAE,gBAAgB;YAC3B,eAAe,EAAE,MAAgE;SAClF,CAAA;IACH,CAAC,CAAA;AACH,CAAC,CAAA;AAED,SAAgB,8BAA8B,CAAC,MAAc,EAAE,MAAgD;IAC7G,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACzG,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE7D,IAAI,gBAAoC,CAAA;QAExC,IAAI,CAAC;YACH,MAAM,wBAAwB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;YAErG,IAAI,mBAAmE,CAAA;YACvE,IAAI,4BAA0D,CAAA;YAC9D,IAAI,UAAU,GAA+C,SAAS,CAAA;YAEtE,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC1B,MAAM,GAAG,GAAG,MAAM,kBAAE,CAAC,gCAAgC,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE;oBAC3E,qBAAqB,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;wBACrC,mBAAmB,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE;4BAC/D,UAAU,EAAE,QAAQ,CAAC,UAAU;4BAC/B,KAAK,EAAE,KAAK,CAAC,KAAK;4BAClB,KAAK,EAAE,KAAK,CAAC,KAAe;yBAC7B,CAAC,CAAA;wBAEF,MAAM,GAAG,GAAG,MAAM,oCAAoB,CAAC,YAAY,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;wBAChG,MAAM,oBAAoB,GAAG,MAAM,GAAG,CAAC,aAAa,EAAE,UAAU,EAAE,CAAA;wBAClE,IAAI,CAAC,oBAAoB,EAAE,CAAC;4BAC1B,MAAM,IAAI,iBAAU,CAAC,kCAAkC,CAAC,CAAA;wBAC1D,CAAC;wBACD,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,CAAA;oBACpD,CAAC;oBACD,cAAc,EAAE,mBAAmB,CAAC,YAAY,CAAC;oBACjD,MAAM,EAAE,aAAM,CAAC,IAAI;iBACpB,CAAC,CAAA;gBAEF,gBAAgB,GAAG,GAAG,CAAC,IAAI,CAAA;gBAE3B,MAAM,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBACjD,UAAU,GAAG,kBAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAA;gBAC3C,uEAAuE;gBACvE,4BAA4B,GAAG,GAAG,CAAC,kBAAkD,CAAA;YACvF,CAAC;iBAAM,CAAC;gBACN,4BAA4B,GAAG,OAAO,CAAC,IAAI,CAAA;gBAC3C,mBAAmB,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE;oBAC/D,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,KAAK,EAAE,4BAA4B,CAAC,KAAK;oBACzC,KAAK,EAAE,4BAA4B,CAAC,KAAK;iBAC1C,CAAC,CAAA;YACJ,CAAC;YACD,IAAI,OAAO,4BAA4B,CAAC,uBAAuB,KAAK,QAAQ,EAAE,CAAC;gBAC7E,4BAA4B,CAAC,uBAAuB,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;YACzG,CAAC;YAED,kIAAkI;YAClI,IACE,OAAO,4BAA4B,CAAC,QAAQ,KAAK,QAAQ;gBACzD,CAAC,4BAA4B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAChH,CAAC;gBACD,4BAA4B,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,4BAA4B,CAAC,QAAQ,CAAC,CAAA;YAC3F,CAAC;YAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,MAAM,IAAI,iBAAU,CAAC,qEAAqE,CAAC,CAAA;YAC7F,CAAC;YAED,MAAM,oBAAoB,GAAG,MAAM,oCAAoB,CAAC,YAAY,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YACjH,MAAM,aAAa,GAAG,MAAM,oBAAoB,CAAC,iBAAiB,CAAS,eAAe,CAAC,CAAA;YAC3F,IAAI,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxD,MAAM,IAAI,uCAA8B,CAAC;oBACvC,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,oDAAoD,aAAa,IAAI;iBACzF,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,gBAAgB,EAAE,CAAC;gBACxD,MAAM,IAAI,uCAA8B,CAAC;oBACvC,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,oEAAoE,aAAa,IAAI;iBACzG,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,gBAAgB,IAAI,gBAAgB,KAAK,WAAW,EAAE,CAAC;gBACzD,MAAM,IAAI,uCAA8B,CAAC;oBACvC,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,0DAA0D,gBAAgB,IAAI;iBAClG,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,wBAAwB,CAAC,2BAA2B,CAAC,YAAY,EAAE;gBACvE,qBAAqB,EAAE,4BAA4B;gBACnD,mBAAmB;gBACnB,UAAU;aACX,CAAC,CAAA;YACF,OAAO,IAAA,yBAAgB,EAAC,QAAQ,EAAE,IAAI,EAAE;gBACtC,gFAAgF;gBAChF,oCAAoC,EAAE,mBAAmB,CAAC,iCAAiC;aAC5F,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,uCAA8B,EAAE,CAAC;gBACpD,OAAO,IAAA,gCAAuB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACnF,CAAC;YAED,OAAO,IAAA,0BAAiB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;QACrG,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}
1
+ {"version":3,"file":"authorizationEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationEndpoint.ts"],"names":[],"mappings":";;AAyBA,wEAiDC;AAvED,8CAAqG;AAErG,yCAAgE;AAChE,0EAA0E;AAC1E,oDAAsE;AACtE,gDAM4B;AAC5B,0EAAsE;AACtE,8CAIsB;AAEtB,4CAAkD;AAGlD,SAAgB,8BAA8B,CAAC,MAAc,EAAE,MAAqC;IAClG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QAClH,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAC7D,MAAM,wBAAwB,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,mDAAwB,CAAC,CAAA;QAEjG,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAA;YAC5F,yCAAyC;YACzC,IAAI,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAM;YAE3B,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,wBAAwB,CAAC,2BAA2B,CAAC,YAAY,EAAE;gBACvG,qBAAqB,EAAE,OAAO,CAAC,IAAI;gBACnC,mBAAmB,EAAE,MAAM,CAAC,mBAAmB;aAChD,CAAC,CAAA;YAEF,OAAO,IAAA,yBAAgB,EAAC,QAAQ,EAAE,IAAI,EAAE;gBACtC,gFAAgF;gBAChF,oCAAoC,EAAE,mBAAmB,CAAC,iCAAiC;gBAE3F,sFAAsF;gBACtF,gEAAgE;gBAChE,eAAe;aAChB,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,uCAA8B,EAAE,CAAC;gBACpD,OAAO,IAAA,gCAAuB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;YACnF,CAAC;YAED,6EAA6E;YAC7E,IAAI,KAAK,YAAY,uBAAe,EAAE,CAAC;gBACrC,OAAO,IAAA,gCAAuB,EAC5B,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,IAAI,uCAA8B,CAChC;oBACE,KAAK,EAAE,yBAAgB,CAAC,cAAc;oBACtC,iBAAiB,EAAE,KAAK,CAAC,OAAO;iBACjC,EACD,EAAE,KAAK,EAAE,KAAK,EAAE,CACjB,CACF,CAAA;YACH,CAAC;YAED,2GAA2G;YAC3G,+FAA+F;YAC/F,OAAO,IAAA,uCAA8B,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC1F,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,sBAAsB,CACnC,YAA0B,EAC1B,OAAgB,EAChB,QAAkB,EAClB,IAAkB,EAClB,QAAiC;IAEjC,MAAM,sCAAsC,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CACnF,mDAAsC,CACvC,CAAA;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC1B,IAAI,OAAO,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC9C,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,4CAA4C,CAC7C,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,MAAM,mBAAmB,GAAG,MAAM,sCAAsC,CAAC,iBAAiB,CAAC,YAAY,EAAE;gBACvG,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,sBAAsB,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO;aAC9C,CAAC,CAAA;YAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,6BAA6B,CAC9B,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAA;QAC/C,CAAC;QAED,MAAM,cAAc,GAAG,2CAA+B,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;QAC9E,IAAI,cAAc,CAAC,OAAO,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC/B,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,4EAA4E,CAC7E,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,MAAM,mBAAmB,GAAG,MAAM,sCAAsC,CAAC,iBAAiB,CAAC,YAAY,EAAE;gBACvG,YAAY,EAAE,cAAc,CAAC,IAAI,CAAC,KAAK;gBACvC,UAAU,EAAE,QAAQ,CAAC,UAAU;aAChC,CAAC,CAAA;YAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,2BAA2B,CAC5B,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAA;QAC/C,CAAC;QAED,6GAA6G;QAC7G,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,UAAU,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACnE,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,wBAAe,EAAC;gBACjC,GAAG,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ;aAC3B,CAAC,CAAA;YAEF,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAChB,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,oFAAoF,CACrF,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACnC,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,yEAAyE,CAC1E,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,MAAM,KAAK,GAAG,wBAAiB,CAAC,YAAY,CAAC,wBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAA;YACtF,MAAM,mBAAmB,GAAG,MAAM,sCAAsC,CAAC,iBAAiB,CAAC,YAAY,EAAE;gBACvG,KAAK;gBACL,UAAU,EAAE,QAAQ,CAAC,UAAU;aAChC,CAAC,CAAA;YAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,yBAAyB,CAC1B,CAAA;gBACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;YAC3B,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAA;QAC/C,CAAC;QAED,IAAA,0BAAiB,EACf,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,yBAAgB,CAAC,cAAc,EAC/B,kBAAkB,CACnB,CAAA;QACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAA,uCAA8B,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QACjF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC3B,CAAC;AACH,CAAC"}
package/build/openid4vc-verifier/router/authorizationRequestEndpoint.d.ts CHANGED
@@ -1,11 +1,3 @@
1
1
  import type { Router } from 'express';
2
- export interface OpenId4VcSiopAuthorizationRequestEndpointConfig {
3
- /**
4
- * The path at which the authorization request should be made available. Note that it will be
5
- * hosted at a subpath to take into account multiple tenants and verifiers.
6
- *
7
- * @default /authorization-requests
8
- */
9
- endpointPath: string;
10
- }
11
- export declare function configureAuthorizationRequestEndpoint(router: Router, config: OpenId4VcSiopAuthorizationRequestEndpointConfig): void;
2
+ import { OpenId4VcVerifierModuleConfig } from '../OpenId4VcVerifierModuleConfig';
3
+ export declare function configureAuthorizationRequestEndpoint(router: Router, config: OpenId4VcVerifierModuleConfig): void;
package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js CHANGED
@@ -3,32 +3,39 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.configureAuthorizationRequestEndpoint = configureAuthorizationRequestEndpoint;
4
4
  const core_1 = require("@credo-ts/core");
5
5
  const router_1 = require("../../shared/router");
6
- const OpenId4VcSiopVerifierService_1 = require("../OpenId4VcSiopVerifierService");
7
6
  const OpenId4VcVerificationSessionState_1 = require("../OpenId4VcVerificationSessionState");
8
- const OpenId4VcVerifierEvents_1 = require("../OpenId4VcVerifierEvents");
9
7
  const OpenId4VcVerifierModuleConfig_1 = require("../OpenId4VcVerifierModuleConfig");
10
- const repository_1 = require("../repository");
8
+ const OpenId4VpVerifierService_1 = require("../OpenId4VpVerifierService");
11
9
  function configureAuthorizationRequestEndpoint(router, config) {
12
- router.get((0, core_1.joinUriParts)(config.endpointPath, [':authorizationRequestId']), async (request, response, next) => {
10
+ router.get((0, core_1.joinUriParts)(config.authorizationRequestEndpoint, [':authorizationRequestId']), async (request, response, next) => {
13
11
  const { agentContext, verifier } = (0, router_1.getRequestContext)(request);
14
12
  if (!request.params.authorizationRequestId || typeof request.params.authorizationRequestId !== 'string') {
15
13
  return (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, 'invalid_request', 'Invalid authorization request url');
16
14
  }
17
15
  try {
18
- const verifierService = agentContext.dependencyManager.resolve(OpenId4VcSiopVerifierService_1.OpenId4VcSiopVerifierService);
19
- const verificationSessionRepository = agentContext.dependencyManager.resolve(repository_1.OpenId4VcVerificationSessionRepository);
16
+ const verifierService = agentContext.dependencyManager.resolve(OpenId4VpVerifierService_1.OpenId4VpVerifierService);
20
17
  const verifierConfig = agentContext.dependencyManager.resolve(OpenId4VcVerifierModuleConfig_1.OpenId4VcVerifierModuleConfig);
21
18
  // We always use shortened URIs currently
22
19
  const fullAuthorizationRequestUri = (0, core_1.joinUriParts)(verifierConfig.baseUrl, [
23
20
  verifier.verifierId,
24
- verifierConfig.authorizationRequestEndpoint.endpointPath,
21
+ verifierConfig.authorizationRequestEndpoint,
25
22
  request.params.authorizationRequestId,
26
23
  ]);
27
24
  const [verificationSession] = await verifierService.findVerificationSessionsByQuery(agentContext, {
28
25
  verifierId: verifier.verifierId,
29
- authorizationRequestUri: fullAuthorizationRequestUri,
26
+ $or: [
27
+ {
28
+ authorizationRequestId: request.params.authorizationRequestId,
29
+ },
30
+ // NOTE: this can soon be removed, authorization request id is cleaner,
31
+ // but only introduced since 0.6
32
+ {
33
+ authorizationRequestUri: fullAuthorizationRequestUri,
34
+ },
35
+ ],
30
36
  });
31
- if (!verificationSession) {
37
+ // Not all requets are signed, and those are not fetcheable
38
+ if (!verificationSession || !verificationSession.authorizationRequestJwt) {
32
39
  return (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 404, 'not_found', 'Authorization request not found');
33
40
  }
34
41
  if (![
@@ -37,26 +44,18 @@ function configureAuthorizationRequestEndpoint(router, config) {
37
44
  ].includes(verificationSession.state)) {
38
45
  return (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 400, 'invalid_request', 'Invalid state for authorization request');
39
46
  }
47
+ if (verificationSession.expiresAt && Date.now() > verificationSession.expiresAt.getTime()) {
48
+ return (0, router_1.sendNotFoundResponse)(response, next, agentContext.config.logger, 'Session expired');
49
+ }
40
50
  // It's okay to retrieve the offer multiple times. So we only update the state if it's not already retrieved
41
51
  if (verificationSession.state !== OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestUriRetrieved) {
42
- const previousState = verificationSession.state;
43
- verificationSession.state = OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestUriRetrieved;
44
- await verificationSessionRepository.update(agentContext, verificationSession);
45
- agentContext.dependencyManager
46
- .resolve(core_1.EventEmitter)
47
- .emit(agentContext, {
48
- type: OpenId4VcVerifierEvents_1.OpenId4VcVerifierEvents.VerificationSessionStateChanged,
49
- payload: {
50
- verificationSession: verificationSession.clone(),
51
- previousState,
52
- },
53
- });
52
+ await verifierService.updateState(agentContext, verificationSession, OpenId4VcVerificationSessionState_1.OpenId4VcVerificationSessionState.RequestUriRetrieved);
54
53
  }
55
54
  response.type('application/oauth-authz-req+jwt').status(200).send(verificationSession.authorizationRequestJwt);
56
55
  next();
57
56
  }
58
57
  catch (error) {
59
- return (0, router_1.sendErrorResponse)(response, next, agentContext.config.logger, 500, 'invalid_request', error);
58
+ return (0, router_1.sendUnknownServerErrorResponse)(response, next, agentContext.config.logger, error);
60
59
  }
61
60
  });
62
61
  }
package/build/openid4vc-verifier/router/authorizationRequestEndpoint.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authorizationRequestEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationRequestEndpoint.ts"],"names":[],"mappings":";;AAuBA,sFA2FC;AA9GD,yCAA2D;AAE3D,gDAA0E;AAC1E,kFAA8E;AAC9E,4FAAwF;AACxF,wEAAoE;AACpE,oFAAgF;AAChF,8CAAsE;AAYtE,SAAgB,qCAAqC,CACnD,MAAc,EACd,MAAuD;IAEvD,MAAM,CAAC,GAAG,CACR,IAAA,mBAAY,EAAC,MAAM,CAAC,YAAY,EAAE,CAAC,yBAAyB,CAAC,CAAC,EAC9D,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACxE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE7D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAsB,IAAI,OAAO,OAAO,CAAC,MAAM,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACxG,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,iBAAiB,EACjB,mCAAmC,CACpC,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,2DAA4B,CAAC,CAAA;YAC5F,MAAM,6BAA6B,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAC1E,mDAAsC,CACvC,CAAA;YACD,MAAM,cAAc,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,6DAA6B,CAAC,CAAA;YAE5F,yCAAyC;YACzC,MAAM,2BAA2B,GAAG,IAAA,mBAAY,EAAC,cAAc,CAAC,OAAO,EAAE;gBACvE,QAAQ,CAAC,UAAU;gBACnB,cAAc,CAAC,4BAA4B,CAAC,YAAY;gBACxD,OAAO,CAAC,MAAM,CAAC,sBAAsB;aACtC,CAAC,CAAA;YAEF,MAAM,CAAC,mBAAmB,CAAC,GAAG,MAAM,eAAe,CAAC,+BAA+B,CAAC,YAAY,EAAE;gBAChG,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,uBAAuB,EAAE,2BAA2B;aACrD,CAAC,CAAA;YAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;gBACzB,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,WAAW,EACX,iCAAiC,CAClC,CAAA;YACH,CAAC;YAED,IACE,CAAC;gBACC,qEAAiC,CAAC,cAAc;gBAChD,qEAAiC,CAAC,mBAAmB;aACtD,CAAC,QAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC,EACrC,CAAC;gBACD,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,iBAAiB,EACjB,yCAAyC,CAC1C,CAAA;YACH,CAAC;YAED,4GAA4G;YAC5G,IAAI,mBAAmB,CAAC,KAAK,KAAK,qEAAiC,CAAC,mBAAmB,EAAE,CAAC;gBACxF,MAAM,aAAa,GAAG,mBAAmB,CAAC,KAAK,CAAA;gBAE/C,mBAAmB,CAAC,KAAK,GAAG,qEAAiC,CAAC,mBAAmB,CAAA;gBACjF,MAAM,6BAA6B,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAA;gBAE7E,YAAY,CAAC,iBAAiB;qBAC3B,OAAO,CAAC,mBAAY,CAAC;qBACrB,IAAI,CAAgD,YAAY,EAAE;oBACjE,IAAI,EAAE,iDAAuB,CAAC,+BAA+B;oBAC7D,OAAO,EAAE;wBACP,mBAAmB,EAAE,mBAAmB,CAAC,KAAK,EAAE;wBAChD,aAAa;qBACd;iBACF,CAAC,CAAA;YACN,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YAC9G,IAAI,EAAE,CAAA;QACR,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAA,0BAAiB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,CAAC,CAAA;QACrG,CAAC;IACH,CAAC,CACF,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"authorizationRequestEndpoint.js","sourceRoot":"","sources":["../../../src/openid4vc-verifier/router/authorizationRequestEndpoint.ts"],"names":[],"mappings":";;AAeA,sFA0FC;AAtGD,yCAA6C;AAE7C,gDAK4B;AAC5B,4FAAwF;AACxF,oFAAgF;AAChF,0EAAsE;AAEtE,SAAgB,qCAAqC,CAAC,MAAc,EAAE,MAAqC;IACzG,MAAM,CAAC,GAAG,CACR,IAAA,mBAAY,EAAC,MAAM,CAAC,4BAA4B,EAAE,CAAC,yBAAyB,CAAC,CAAC,EAC9E,KAAK,EAAE,OAAqC,EAAE,QAAkB,EAAE,IAAI,EAAE,EAAE;QACxE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,IAAA,0BAAiB,EAAC,OAAO,CAAC,CAAA;QAE7D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,sBAAsB,IAAI,OAAO,OAAO,CAAC,MAAM,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACxG,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,iBAAiB,EACjB,mCAAmC,CACpC,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,mDAAwB,CAAC,CAAA;YACxF,MAAM,cAAc,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,6DAA6B,CAAC,CAAA;YAE5F,yCAAyC;YACzC,MAAM,2BAA2B,GAAG,IAAA,mBAAY,EAAC,cAAc,CAAC,OAAO,EAAE;gBACvE,QAAQ,CAAC,UAAU;gBACnB,cAAc,CAAC,4BAA4B;gBAC3C,OAAO,CAAC,MAAM,CAAC,sBAAsB;aACtC,CAAC,CAAA;YAEF,MAAM,CAAC,mBAAmB,CAAC,GAAG,MAAM,eAAe,CAAC,+BAA+B,CAAC,YAAY,EAAE;gBAChG,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,GAAG,EAAE;oBACH;wBACE,sBAAsB,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB;qBAC9D;oBACD,uEAAuE;oBACvE,gCAAgC;oBAChC;wBACE,uBAAuB,EAAE,2BAA2B;qBACrD;iBACF;aACF,CAAC,CAAA;YAEF,2DAA2D;YAC3D,IAAI,CAAC,mBAAmB,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,EAAE,CAAC;gBACzE,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,WAAW,EACX,iCAAiC,CAClC,CAAA;YACH,CAAC;YAED,IACE,CAAC;gBACC,qEAAiC,CAAC,cAAc;gBAChD,qEAAiC,CAAC,mBAAmB;aACtD,CAAC,QAAQ,CAAC,mBAAmB,CAAC,KAAK,CAAC,EACrC,CAAC;gBACD,OAAO,IAAA,0BAAiB,EACtB,QAAQ,EACR,IAAI,EACJ,YAAY,CAAC,MAAM,CAAC,MAAM,EAC1B,GAAG,EACH,iBAAiB,EACjB,yCAAyC,CAC1C,CAAA;YACH,CAAC;YAED,IAAI,mBAAmB,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1F,OAAO,IAAA,6BAAoB,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA;YAC5F,CAAC;YAED,4GAA4G;YAC5G,IAAI,mBAAmB,CAAC,KAAK,KAAK,qEAAiC,CAAC,mBAAmB,EAAE,CAAC;gBACxF,MAAM,eAAe,CAAC,WAAW,CAC/B,YAAY,EACZ,mBAAmB,EACnB,qEAAiC,CAAC,mBAAmB,CACtD,CAAA;YACH,CAAC;YAED,QAAQ,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,CAAC,CAAA;YAC9G,IAAI,EAAE,CAAA;QACR,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,IAAA,uCAA8B,EAAC,QAAQ,EAAE,IAAI,EAAE,YAAY,CAAC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC1F,CAAC;IACH,CAAC,CACF,CAAA;AACH,CAAC"}
package/build/shared/callbacks.d.ts CHANGED
@@ -1,15 +1,23 @@
1
- import type { ClientAuthenticationCallback, SignJwtCallback, VerifyJwtCallback } from '@animo-id/oauth2';
2
1
  import type { AgentContext } from '@credo-ts/core';
2
+ import type { ClientAuthenticationCallback, DecryptJweCallback, EncryptJweCallback, SignJwtCallback, VerifyJwtCallback } from '@openid4vc/oauth2';
3
3
  import type { OpenId4VcIssuerRecord } from '../openid4vc-issuer/repository';
4
- export declare function getOid4vciJwtVerifyCallback(agentContext: AgentContext): VerifyJwtCallback;
5
- export declare function getOid4vciJwtSignCallback(agentContext: AgentContext): SignJwtCallback;
6
- export declare function getOid4vciCallbacks(agentContext: AgentContext): {
7
- hash: (data: Uint8Array, alg: import("@animo-id/oauth2").HashAlgorithm) => Uint8Array;
4
+ export declare function getOid4vcJwtVerifyCallback(agentContext: AgentContext, trustedCertificates?: string[]): VerifyJwtCallback;
5
+ export declare function getOid4vcEncryptJweCallback(agentContext: AgentContext): EncryptJweCallback;
6
+ export declare function getOid4vcDecryptJweCallback(agentContext: AgentContext): DecryptJweCallback;
7
+ export declare function getOid4vcJwtSignCallback(agentContext: AgentContext): SignJwtCallback;
8
+ export declare function getOid4vcCallbacks(agentContext: AgentContext, trustedCertificates?: string[]): {
9
+ hash: (data: Uint8Array, alg: import("@openid4vc/oauth2").HashAlgorithm) => Uint8Array;
8
10
  generateRandom: (length: number) => Uint8Array;
9
11
  signJwt: SignJwtCallback;
10
12
  clientAuthentication: () => void;
11
13
  verifyJwt: VerifyJwtCallback;
12
14
  fetch: typeof fetch;
15
+ encryptJwe: EncryptJweCallback;
16
+ decryptJwe: DecryptJweCallback;
17
+ getX509CertificateMetadata: (certificate: string) => {
18
+ sanDnsNames: string[];
19
+ sanUriNames: string[];
20
+ };
13
21
  };
14
22
  /**
15
23
  * Allows us to authenticate when making requests to an external
package/build/shared/callbacks.js CHANGED
@@ -1,17 +1,20 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.getOid4vciJwtVerifyCallback = getOid4vciJwtVerifyCallback;
4
- exports.getOid4vciJwtSignCallback = getOid4vciJwtSignCallback;
5
- exports.getOid4vciCallbacks = getOid4vciCallbacks;
3
+ exports.getOid4vcJwtVerifyCallback = getOid4vcJwtVerifyCallback;
4
+ exports.getOid4vcEncryptJweCallback = getOid4vcEncryptJweCallback;
5
+ exports.getOid4vcDecryptJweCallback = getOid4vcDecryptJweCallback;
6
+ exports.getOid4vcJwtSignCallback = getOid4vcJwtSignCallback;
7
+ exports.getOid4vcCallbacks = getOid4vcCallbacks;
6
8
  exports.dynamicOid4vciClientAuthentication = dynamicOid4vciClientAuthentication;
7
- const oauth2_1 = require("@animo-id/oauth2");
8
9
  const core_1 = require("@credo-ts/core");
10
+ const oauth2_1 = require("@openid4vc/oauth2");
9
11
  const utils_1 = require("./utils");
10
- function getOid4vciJwtVerifyCallback(agentContext) {
12
+ function getOid4vcJwtVerifyCallback(agentContext, trustedCertificates) {
11
13
  const jwsService = agentContext.dependencyManager.resolve(core_1.JwsService);
12
14
  return async (signer, { compact }) => {
13
- const { isValid } = await jwsService.verifyJws(agentContext, {
15
+ const { isValid, signerKeys } = await jwsService.verifyJws(agentContext, {
14
16
  jws: compact,
17
+ trustedCertificates,
15
18
  // Only handles kid as did resolution. JWK is handled by jws service
16
19
  jwkResolver: async () => {
17
20
  if (signer.method === 'jwk') {
@@ -24,15 +27,94 @@ function getOid4vciJwtVerifyCallback(agentContext) {
24
27
  throw new core_1.CredoError(`Unexpected call to jwk resolver for signer method ${signer.method}`);
25
28
  },
26
29
  });
27
- return isValid;
30
+ if (!isValid) {
31
+ return { verified: false, signerJwk: undefined };
32
+ }
33
+ const signerKey = signerKeys[0];
34
+ const signerJwk = (0, core_1.getJwkFromKey)(signerKey).toJson();
35
+ if (signer.method === 'did') {
36
+ signerJwk.kid = signer.didUrl;
37
+ }
38
+ return { verified: true, signerJwk };
28
39
  };
29
40
  }
30
- function getOid4vciJwtSignCallback(agentContext) {
41
+ function getOid4vcEncryptJweCallback(agentContext) {
42
+ return async (jweEncryptor, compact) => {
43
+ if (jweEncryptor.method !== 'jwk') {
44
+ throw new core_1.CredoError(`Jwt encryption method '${jweEncryptor.method}' is not supported for jwt signer. Only 'jwk' is supported.`);
45
+ }
46
+ const jwk = (0, core_1.getJwkFromJson)(jweEncryptor.publicJwk);
47
+ const key = jwk.key;
48
+ if (jweEncryptor.alg !== 'ECDH-ES') {
49
+ throw new core_1.CredoError("Only 'ECDH-ES' is supported as 'alg' value for JARM response encryption");
50
+ }
51
+ if (jweEncryptor.enc !== 'A256GCM' && jweEncryptor.enc !== 'A128GCM' && jweEncryptor.enc !== 'A128CBC-HS256') {
52
+ throw new core_1.CredoError("Only 'A256GCM', 'A128GCM', and 'A128CBC-HS256' is supported as 'enc' value for JARM response encryption");
53
+ }
54
+ if (key.keyType !== core_1.KeyType.P256) {
55
+ throw new core_1.CredoError(`Only '${core_1.KeyType.P256}' key type is supported for JARM response encryption`);
56
+ }
57
+ if (!agentContext.wallet.directEncryptCompactJweEcdhEs) {
58
+ throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directEncryptCompactJweEcdhEs. You need to upgrade your wallet implementation.');
59
+ }
60
+ const jwe = await agentContext.wallet.directEncryptCompactJweEcdhEs({
61
+ data: core_1.Buffer.from(compact),
62
+ recipientKey: key,
63
+ header: { kid: jweEncryptor.publicJwk.kid },
64
+ encryptionAlgorithm: jweEncryptor.enc,
65
+ apu: jweEncryptor.apu ? core_1.TypedArrayEncoder.toBase64URL(core_1.TypedArrayEncoder.fromString(jweEncryptor.apu)) : undefined,
66
+ apv: jweEncryptor.apv ? core_1.TypedArrayEncoder.toBase64URL(core_1.TypedArrayEncoder.fromString(jweEncryptor.apv)) : undefined,
67
+ });
68
+ return { encryptionJwk: jweEncryptor.publicJwk, jwe };
69
+ };
70
+ }
71
+ function getOid4vcDecryptJweCallback(agentContext) {
72
+ return async (jwe, options) => {
73
+ const { header } = (0, oauth2_1.decodeJwtHeader)({ jwt: jwe });
74
+ const kid = options?.jwk?.kid ?? header.kid;
75
+ if (!kid) {
76
+ throw new core_1.CredoError('Uanbel to decrypt jwe. No kid or jwk found');
77
+ }
78
+ const key = core_1.Key.fromFingerprint(kid);
79
+ if (!agentContext.wallet.directDecryptCompactJweEcdhEs) {
80
+ throw new core_1.CredoError('Cannot decrypt Jarm Response, wallet does not support directDecryptCompactJweEcdhEs');
81
+ }
82
+ let decryptedPayload;
83
+ try {
84
+ const decrypted = await agentContext.wallet.directDecryptCompactJweEcdhEs({ compactJwe: jwe, recipientKey: key });
85
+ decryptedPayload = core_1.TypedArrayEncoder.toUtf8String(decrypted.data);
86
+ }
87
+ catch (_error) {
88
+ return {
89
+ decrypted: false,
90
+ encryptionJwk: options?.jwk,
91
+ payload: undefined,
92
+ header,
93
+ };
94
+ }
95
+ return {
96
+ decrypted: true,
97
+ decryptionJwk: (0, core_1.getJwkFromKey)(key).toJson(),
98
+ payload: decryptedPayload,
99
+ header,
100
+ };
101
+ };
102
+ }
103
+ function getOid4vcJwtSignCallback(agentContext) {
31
104
  const jwsService = agentContext.dependencyManager.resolve(core_1.JwsService);
32
105
  return async (signer, { payload, header }) => {
33
- if (signer.method === 'custom' || signer.method === 'x5c') {
106
+ if (signer.method === 'custom' || signer.method === 'trustChain') {
34
107
  throw new core_1.CredoError(`Jwt signer method 'custom' and 'x5c' are not supported for jwt signer.`);
35
108
  }
109
+ if (signer.method === 'x5c') {
110
+ const leafCertificate = core_1.X509Service.getLeafCertificate(agentContext, { certificateChain: signer.x5c });
111
+ const jws = await jwsService.createJwsCompact(agentContext, {
112
+ protectedHeaderOptions: { ...header, alg: signer.alg, jwk: undefined },
113
+ payload: core_1.JwtPayload.fromJson(payload),
114
+ key: leafCertificate.publicKey,
115
+ });
116
+ return { jwt: jws, signerJwk: (0, core_1.getJwkFromKey)(leafCertificate.publicKey).toJson() };
117
+ }
36
118
  const key = signer.method === 'did' ? await (0, utils_1.getKeyFromDid)(agentContext, signer.didUrl) : (0, core_1.getJwkFromJson)(signer.publicJwk).key;
37
119
  const jwk = (0, core_1.getJwkFromKey)(key);
38
120
  if (!jwk.supportsSignatureAlgorithm(signer.alg)) {
@@ -46,17 +128,26 @@ function getOid4vciJwtSignCallback(agentContext) {
46
128
  payload: core_1.JsonEncoder.toBuffer(payload),
47
129
  key,
48
130
  });
49
- return jwt;
131
+ return { jwt, signerJwk: (0, core_1.getJwkFromKey)(key).toJson() };
50
132
  };
51
133
  }
52
- function getOid4vciCallbacks(agentContext) {
134
+ function getOid4vcCallbacks(agentContext, trustedCertificates) {
53
135
  return {
54
136
  hash: (data, alg) => core_1.Hasher.hash(data, alg.toLowerCase()),
55
137
  generateRandom: (length) => agentContext.wallet.getRandomValues(length),
56
- signJwt: getOid4vciJwtSignCallback(agentContext),
138
+ signJwt: getOid4vcJwtSignCallback(agentContext),
57
139
  clientAuthentication: (0, oauth2_1.clientAuthenticationNone)(),
58
- verifyJwt: getOid4vciJwtVerifyCallback(agentContext),
140
+ verifyJwt: getOid4vcJwtVerifyCallback(agentContext, trustedCertificates),
59
141
  fetch: agentContext.config.agentDependencies.fetch,
142
+ encryptJwe: getOid4vcEncryptJweCallback(agentContext),
143
+ decryptJwe: getOid4vcDecryptJweCallback(agentContext),
144
+ getX509CertificateMetadata: (certificate) => {
145
+ const leafCertificate = core_1.X509Service.getLeafCertificate(agentContext, { certificateChain: [certificate] });
146
+ return {
147
+ sanDnsNames: leafCertificate.sanDnsNames,
148
+ sanUriNames: leafCertificate.sanUriNames,
149
+ };
150
+ },
60
151
  };
61
152
  }
62
153
  /**
package/build/shared/callbacks.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"callbacks.js","sourceRoot":"","sources":["../../src/shared/callbacks.ts"],"names":[],"mappings":";;AAcA,kEAsBC;AAED,8DA2BC;AAED,kDASC;AAMD,gFA4BC;AArGD,6CAAwF;AACxF,yCAA2G;AAE3G,mCAAuC;AAEvC,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACnC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,YAAY,EAAE;YAC3D,GAAG,EAAE,OAAO;YACZ,oEAAoE;YACpE,WAAW,EAAE,KAAK,IAAI,EAAE;gBACtB,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC5B,OAAO,IAAA,qBAAc,EAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBACzC,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC5B,MAAM,GAAG,GAAG,MAAM,IAAA,qBAAa,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;oBAC5D,OAAO,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;gBAC3B,CAAC;gBAED,MAAM,IAAI,iBAAU,CAAC,qDAAqD,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;YAC5F,CAAC;SACF,CAAC,CAAA;QAEF,OAAO,OAAO,CAAA;IAChB,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,yBAAyB,CAAC,YAA0B;IAClE,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;QAC3C,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC1D,MAAM,IAAI,iBAAU,CAAC,wEAAwE,CAAC,CAAA;QAChG,CAAC;QAED,MAAM,GAAG,GACP,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,IAAA,qBAAa,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAA;QACnH,MAAM,GAAG,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;QAE9B,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,iBAAU,CAAC,aAAa,GAAG,CAAC,OAAO,8CAA8C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAA;QAC3G,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;YAC1D,sBAAsB,EAAE;gBACtB,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;aACzD;YACD,OAAO,EAAE,kBAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;YACtC,GAAG;SACJ,CAAC,CAAA;QAEF,OAAO,GAAG,CAAA;IACZ,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,mBAAmB,CAAC,YAA0B;IAC5D,OAAO;QACL,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,aAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;QACzD,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC;QACvE,OAAO,EAAE,yBAAyB,CAAC,YAAY,CAAC;QAChD,oBAAoB,EAAE,IAAA,iCAAwB,GAAE;QAChD,SAAS,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACpD,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK;KAChB,CAAA;AACtC,CAAC;AAED;;;GAGG;AACH,SAAgB,kCAAkC,CAChD,YAA0B,EAC1B,YAAmC;IAEnC,OAAO,CAAC,eAAe,EAAE,EAAE;QACzB,MAAM,mBAAmB,GAAG,YAAY,CAAC,0BAA0B,EAAE,IAAI,CACvE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,yBAAyB,CAAC,MAAM,CACrE,CAAA;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,qEAAqE;YACrE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAC9B,iCAAiC,eAAe,CAAC,yBAAyB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,GAAG,CACnK,CAAA;YACD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,MAAM,IAAI,iBAAU,CAClB,mDAAmD,mBAAmB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,8GAA8G,CAC1Q,CAAA;QACH,CAAC;QAED,OAAO,IAAA,oCAA2B,EAAC;YACjC,QAAQ,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,QAAQ;YAC3D,YAAY,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,YAAY;SACpE,CAAC,CAAC,eAAe,CAAC,CAAA;IACrB,CAAC,CAAA;AACH,CAAC"}
1
+ {"version":3,"file":"callbacks.js","sourceRoot":"","sources":["../../src/shared/callbacks.ts"],"names":[],"mappings":";;AA6BA,gEAoCC;AAED,kEA0CC;AAED,kEAmCC;AAED,4DAuCC;AAED,gDAkBC;AAMD,gFA4BC;AAtOD,yCAauB;AACvB,8CAA0G;AAE1G,mCAAuC;AAEvC,SAAgB,0BAA0B,CACxC,YAA0B,EAC1B,mBAA8B;IAE9B,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;QACnC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM,UAAU,CAAC,SAAS,CAAC,YAAY,EAAE;YACvE,GAAG,EAAE,OAAO;YACZ,mBAAmB;YACnB,oEAAoE;YACpE,WAAW,EAAE,KAAK,IAAI,EAAE;gBACtB,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC5B,OAAO,IAAA,qBAAc,EAAC,MAAM,CAAC,SAAS,CAAC,CAAA;gBACzC,CAAC;gBACD,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC5B,MAAM,GAAG,GAAG,MAAM,IAAA,qBAAa,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;oBAC5D,OAAO,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;gBAC3B,CAAC;gBAED,MAAM,IAAI,iBAAU,CAAC,qDAAqD,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;YAC5F,CAAC;SACF,CAAC,CAAA;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAA;QAClD,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;QAC/B,MAAM,SAAS,GAAG,IAAA,oBAAa,EAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAA;QACnD,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,SAAS,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,CAAA;QAC/B,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAA;IACtC,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,OAAO,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,EAAE;QACrC,IAAI,YAAY,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAClC,MAAM,IAAI,iBAAU,CAClB,0BAA0B,YAAY,CAAC,MAAM,6DAA6D,CAC3G,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAG,IAAA,qBAAc,EAAC,YAAY,CAAC,SAAS,CAAC,CAAA;QAClD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAA;QAEnB,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,iBAAU,CAAC,yEAAyE,CAAC,CAAA;QACjG,CAAC;QAED,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,KAAK,SAAS,IAAI,YAAY,CAAC,GAAG,KAAK,eAAe,EAAE,CAAC;YAC7G,MAAM,IAAI,iBAAU,CAClB,yGAAyG,CAC1G,CAAA;QACH,CAAC;QAED,IAAI,GAAG,CAAC,OAAO,KAAK,cAAO,CAAC,IAAI,EAAE,CAAC;YACjC,MAAM,IAAI,iBAAU,CAAC,SAAS,cAAO,CAAC,IAAI,sDAAsD,CAAC,CAAA;QACnG,CAAC;QAED,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAClB,sIAAsI,CACvI,CAAA;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC;YAClE,IAAI,EAAE,aAAM,CAAC,IAAI,CAAC,OAAO,CAAC;YAC1B,YAAY,EAAE,GAAG;YACjB,MAAM,EAAE,EAAE,GAAG,EAAE,YAAY,CAAC,SAAS,CAAC,GAAG,EAAE;YAC3C,mBAAmB,EAAE,YAAY,CAAC,GAAG;YACrC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAiB,CAAC,WAAW,CAAC,wBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;YACjH,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,wBAAiB,CAAC,WAAW,CAAC,wBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;SAClH,CAAC,CAAA;QAEF,OAAO,EAAE,aAAa,EAAE,YAAY,CAAC,SAAS,EAAE,GAAG,EAAE,CAAA;IACvD,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,2BAA2B,CAAC,YAA0B;IACpE,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE;QAC5B,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,wBAAe,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;QAEhD,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,CAAA;QAC3C,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,iBAAU,CAAC,4CAA4C,CAAC,CAAA;QACpE,CAAC;QAED,MAAM,GAAG,GAAG,UAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;QACpC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,6BAA6B,EAAE,CAAC;YACvD,MAAM,IAAI,iBAAU,CAAC,qFAAqF,CAAC,CAAA;QAC7G,CAAC;QAED,IAAI,gBAAwB,CAAA;QAE5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,6BAA6B,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAA;YACjH,gBAAgB,GAAG,wBAAiB,CAAC,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;QACnE,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,OAAO;gBACL,SAAS,EAAE,KAAK;gBAChB,aAAa,EAAE,OAAO,EAAE,GAAG;gBAC3B,OAAO,EAAE,SAAS;gBAClB,MAAM;aACP,CAAA;QACH,CAAC;QAED,OAAO;YACL,SAAS,EAAE,IAAI;YACf,aAAa,EAAE,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC,MAAM,EAAE;YAC1C,OAAO,EAAE,gBAAgB;YACzB,MAAM;SACP,CAAA;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,wBAAwB,CAAC,YAA0B;IACjE,MAAM,UAAU,GAAG,YAAY,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAA;IAErE,OAAO,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;QAC3C,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YACjE,MAAM,IAAI,iBAAU,CAAC,wEAAwE,CAAC,CAAA;QAChG,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,eAAe,GAAG,kBAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE,EAAE,gBAAgB,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAA;YAEtG,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;gBAC1D,sBAAsB,EAAE,EAAE,GAAG,MAAM,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE;gBACtE,OAAO,EAAE,iBAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACrC,GAAG,EAAE,eAAe,CAAC,SAAS;aAC/B,CAAC,CAAA;YAEF,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,IAAA,oBAAa,EAAC,eAAe,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,EAAE,CAAA;QACnF,CAAC;QAED,MAAM,GAAG,GACP,MAAM,CAAC,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,MAAM,IAAA,qBAAa,EAAC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAA;QACnH,MAAM,GAAG,GAAG,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAA;QAE9B,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,IAAI,iBAAU,CAAC,aAAa,GAAG,CAAC,OAAO,8CAA8C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAA;QAC3G,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,YAAY,EAAE;YAC1D,sBAAsB,EAAE;gBACtB,GAAG,MAAM;gBACT,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAA,qBAAc,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS;aACzD;YACD,OAAO,EAAE,kBAAW,CAAC,QAAQ,CAAC,OAAO,CAAC;YACtC,GAAG;SACJ,CAAC,CAAA;QAEF,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,IAAA,oBAAa,EAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAA;IACxD,CAAC,CAAA;AACH,CAAC;AAED,SAAgB,kBAAkB,CAAC,YAA0B,EAAE,mBAA8B;IAC3F,OAAO;QACL,IAAI,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,aAAM,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,EAAE,CAAC;QACzD,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC;QACvE,OAAO,EAAE,wBAAwB,CAAC,YAAY,CAAC;QAC/C,oBAAoB,EAAE,IAAA,iCAAwB,GAAE;QAChD,SAAS,EAAE,0BAA0B,CAAC,YAAY,EAAE,mBAAmB,CAAC;QACxE,KAAK,EAAE,YAAY,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK;QAClD,UAAU,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACrD,UAAU,EAAE,2BAA2B,CAAC,YAAY,CAAC;QACrD,0BAA0B,EAAE,CAAC,WAAmB,EAAE,EAAE;YAClD,MAAM,eAAe,GAAG,kBAAW,CAAC,kBAAkB,CAAC,YAAY,EAAE,EAAE,gBAAgB,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAA;YACzG,OAAO;gBACL,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,WAAW,EAAE,eAAe,CAAC,WAAW;aACzC,CAAA;QACH,CAAC;KACiC,CAAA;AACtC,CAAC;AAED;;;GAGG;AACH,SAAgB,kCAAkC,CAChD,YAA0B,EAC1B,YAAmC;IAEnC,OAAO,CAAC,eAAe,EAAE,EAAE;QACzB,MAAM,mBAAmB,GAAG,YAAY,CAAC,0BAA0B,EAAE,IAAI,CACvE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,yBAAyB,CAAC,MAAM,CACrE,CAAA;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,qEAAqE;YACrE,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAC9B,iCAAiC,eAAe,CAAC,yBAAyB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,GAAG,CACnK,CAAA;YACD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,oBAAoB,EAAE,CAAC;YAC9C,MAAM,IAAI,iBAAU,CAClB,mDAAmD,mBAAmB,CAAC,MAAM,iBAAiB,YAAY,CAAC,QAAQ,qBAAqB,eAAe,CAAC,GAAG,8GAA8G,CAC1Q,CAAA;QACH,CAAC;QAED,OAAO,IAAA,oCAA2B,EAAC;YACjC,QAAQ,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,QAAQ;YAC3D,YAAY,EAAE,mBAAmB,CAAC,oBAAoB,CAAC,YAAY;SACpE,CAAC,CAAC,eAAe,CAAC,CAAA;IACrB,CAAC,CAAA;AACH,CAAC"}