@nmshd/consumption 7.4.1 → 7.5.0

package/dist/modules/openid4vc/local/EnmeshedStorageService.js

@@ -0,0 +1,134 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnmeshedStorageService = void 0;
+exports.decodeRecord = decodeRecord;
+const core_1 = require("@credo-ts/core");
+const content_1 = require("@nmshd/content");
+const transport_1 = require("@nmshd/transport");
+const AttributesController_1 = require("../../attributes/AttributesController");
+const KeyStorage_1 = require("./KeyStorage");
+let EnmeshedStorageService = class EnmeshedStorageService {
+    constructor(accountController, attributeController, keyStorage) {
+        this.accountController = accountController;
+        this.attributeController = attributeController;
+        this.keyStorage = keyStorage;
+        this.storage = new Map();
+        this.supportsCursorPagination = false;
+    }
+    save(_agentContext, record) {
+        if (record.id !== "STORAGE_VERSION_RECORD_ID" && record.type !== "DidRecord") {
+            throw new Error("Not implemented: saving records other than STORAGE_VERSION_RECORD_ID and DidRecord has not been required so far.");
+        }
+        this.storage.set(record.id, record);
+        return Promise.resolve();
+    }
+    async saveWithDisplay(agentContext, value, type, displayInformation) {
+        const owner = this.accountController.identity.address;
+        const identityAttribute = content_1.IdentityAttribute.from({
+            value: {
+                "@type": "VerifiableCredential",
+                value: value,
+                type: type,
+                displayInformation: displayInformation
+            },
+            owner: owner
+        });
+        const result = await this.attributeController.createOwnIdentityAttribute({
+            content: identityAttribute
+        });
+        agentContext.config.logger.debug(`Saved record: ${JSON.stringify(result)}`);
+        return await Promise.resolve(result);
+    }
+    update(_agentContext, _record) {
+        throw new Error("Storage update not implemented because previously not needed");
+    }
+    delete(_agentContext, _record) {
+        throw new Error("Storage delete not implemented because previously not needed");
+    }
+    deleteById(_agentContext, _recordClass, _id) {
+        throw new Error("Storage delete not implemented because previously not needed");
+    }
+    getById(_agentContext, _recordClass, id) {
+        const record = this.storage.get(id);
+        if (!record)
+            throw new Error(`Record with id ${id} not found`);
+        return Promise.resolve(record);
+    }
+    async getAll(_agentContext, recordClass) {
+        const recordType = recordClass.type;
+        const correspondingCredentialType = this.recordTypeToCredentialType(recordType);
+        const attributes = await this.attributeController.getLocalAttributes({
+            "@type": "OwnIdentityAttribute",
+            "content.value.@type": "VerifiableCredential",
+            "content.value.type": correspondingCredentialType
+        });
+        return attributes.map((attribute) => {
+            const attributeValue = attribute.content.value;
+            return decodeRecord(correspondingCredentialType, attributeValue.value);
+        });
+    }
+    // this is currently the only method which supports all record types, as otherwise the presentation could not work
+    recordTypeToCredentialType(recordType) {
+        switch (recordType) {
+            case core_1.SdJwtVcRecord.name:
+                return core_1.ClaimFormat.SdJwtDc;
+            case core_1.MdocRecord.name:
+                return core_1.ClaimFormat.MsoMdoc;
+            case core_1.W3cCredentialRecord.name:
+                return core_1.ClaimFormat.SdJwtW3cVc;
+            default:
+                throw new Error("Record type not supported.");
+        }
+    }
+    async findByQuery(agentContext, recordClass, query, queryOptions) {
+        agentContext.config.logger.debug(`Finding records by query ${JSON.stringify(query)} and options ${JSON.stringify(queryOptions)}`);
+        const records = [];
+        for (const record of await this.getAll(agentContext, recordClass)) {
+            if (this.matchesQuery(record, query)) {
+                records.push(record);
+            }
+        }
+        if (records.length === 0) {
+            // recover from storage if no record was found by query, as the record might have been only added very shortly before calling the findByQuery
+            for (const record of this.storage.values()) {
+                if (this.matchesQuery(record, query)) {
+                    records.push(record);
+                }
+            }
+        }
+        return records;
+    }
+    matchesQuery(record, query) {
+        return Object.entries(query).every(([key, value]) => {
+            if (key === "$or") {
+                return value.some((subquery) => this.matchesQuery(record, subquery));
+            }
+            return record.getTags()[key] === value;
+        });
+    }
+};
+exports.EnmeshedStorageService = EnmeshedStorageService;
+exports.EnmeshedStorageService = EnmeshedStorageService = __decorate([
+    (0, core_1.injectable)(),
+    __metadata("design:paramtypes", [transport_1.AccountController,
+        AttributesController_1.AttributesController,
+        KeyStorage_1.KeyStorage])
+], EnmeshedStorageService);
+function decodeRecord(type, encoded) {
+    switch (type) {
+        case core_1.ClaimFormat.SdJwtDc:
+            return new core_1.SdJwtVcRecord({ credentialInstances: [{ compactSdJwtVc: encoded }] });
+        default:
+            throw new Error("Credential type not supported.");
+    }
+}
+//# sourceMappingURL=EnmeshedStorageService.js.map

package/dist/modules/openid4vc/local/EnmeshedStorageService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnmeshedStorageService.js","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/EnmeshedStorageService.ts"],"names":[],"mappings":";;;;;;;;;;;;AA0IA,oCAOC;AAjJD,yCAYwB;AACxB,4CAAyE;AACzE,gDAAqD;AAErD,gFAA6E;AAC7E,6CAA0C;AAGnC,IAAM,sBAAsB,GAA5B,MAAM,sBAAsB;IAG/B,YACqB,iBAAoC,EACpC,mBAAyC,EACzC,UAAsB;QAFtB,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,wBAAmB,GAAnB,mBAAmB,CAAsB;QACzC,eAAU,GAAV,UAAU,CAAY;QALpC,YAAO,GAAmB,IAAI,GAAG,EAAa,CAAC;QAC/C,6BAAwB,GAAG,KAAK,CAAC;IAKrC,CAAC;IAEG,IAAI,CAAC,aAA2B,EAAE,MAAS;QAC9C,IAAI,MAAM,CAAC,EAAE,KAAK,2BAA2B,IAAI,MAAM,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,kHAAkH,CAAC,CAAC;QACxI,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;QACpC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,eAAe,CACxB,YAA0B,EAC1B,KAAmC,EACnC,IAAY,EACZ,kBAA0C;QAE1C,MAAM,KAAK,GAAG,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC;QACtD,MAAM,iBAAiB,GAAG,2BAAiB,CAAC,IAAI,CAAC;YAC7C,KAAK,EAAE;gBACH,OAAO,EAAE,sBAAsB;gBAC/B,KAAK,EAAE,KAAK;gBACZ,IAAI,EAAE,IAAI;gBACV,kBAAkB,EAAE,kBAAkB;aACzC;YACD,KAAK,EAAE,KAAK;SACf,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,0BAA0B,CAAC;YACrE,OAAO,EAAE,iBAAiB;SAC7B,CAAC,CAAC;QACH,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5E,OAAO,MAAM,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC;IAEM,MAAM,CAAC,aAA2B,EAAE,OAAU;QACjD,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IACpF,CAAC;IAEM,MAAM,CAAC,aAA2B,EAAE,OAAU;QACjD,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IACpF,CAAC;IAEM,UAAU,CAAC,aAA2B,EAAE,YAAsC,EAAE,GAAW;QAC9F,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IACpF,CAAC;IAEM,OAAO,CAAC,aAA2B,EAAE,YAAsC,EAAE,EAAU;QAC1F,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpC,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;QAC/D,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,aAA2B,EAAE,WAAqC;QAClF,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC;QACpC,MAAM,2BAA2B,GAAG,IAAI,CAAC,0BAA0B,CAAC,UAAU,CAAC,CAAC;QAEhF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC;YACjE,OAAO,EAAE,sBAAsB;YAC/B,qBAAqB,EAAE,sBAAsB;YAC7C,oBAAoB,EAAE,2BAA2B;SACpD,CAAC,CAAC;QAEH,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,SAAS,EAAE,EAAE;YAChC,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,KAA6B,CAAC;YACvE,OAAO,YAAY,CAAC,2BAA2B,EAAE,cAAc,CAAC,KAAK,CAAM,CAAC;QAChF,CAAC,CAAC,CAAC;IACP,CAAC;IAED,kHAAkH;IAC1G,0BAA0B,CAAC,UAAkB;QACjD,QAAQ,UAAU,EAAE,CAAC;YACjB,KAAK,oBAAa,CAAC,IAAI;gBACnB,OAAO,kBAAW,CAAC,OAAO,CAAC;YAC/B,KAAK,iBAAU,CAAC,IAAI;gBAChB,OAAO,kBAAW,CAAC,OAAO,CAAC;YAC/B,KAAK,0BAAmB,CAAC,IAAI;gBACzB,OAAO,kBAAW,CAAC,UAAU,CAAC;YAClC;gBACI,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QACtD,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,YAA0B,EAAE,WAAqC,EAAE,KAAe,EAAE,YAA2B;QACpI,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAClI,MAAM,OAAO,GAAQ,EAAE,CAAC;QACxB,KAAK,MAAM,MAAM,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,EAAE,CAAC;YAChE,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;gBACnC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;QACL,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,6IAA6I;YAC7I,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;gBACzC,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;oBACnC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACzB,CAAC;YACL,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,YAAY,CAAC,MAAkB,EAAE,KAAe;QACpD,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;YAChD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAChB,OAAQ,KAAe,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;YACpF,CAAC;YACD,OAAO,MAAM,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC;QAC3C,CAAC,CAAC,CAAC;IACP,CAAC;CACJ,CAAA;AApHY,wDAAsB;iCAAtB,sBAAsB;IADlC,IAAA,iBAAU,GAAE;qCAK+B,6BAAiB;QACf,2CAAoB;QAC7B,uBAAU;GANlC,sBAAsB,CAoHlC;AAED,SAAgB,YAAY,CAAC,IAAY,EAAE,OAAqC;IAC5E,QAAQ,IAAI,EAAE,CAAC;QACX,KAAK,kBAAW,CAAC,OAAO;YACpB,OAAO,IAAI,oBAAa,CAAC,EAAE,mBAAmB,EAAE,CAAC,EAAE,cAAc,EAAE,OAAiB,EAAE,CAAC,EAAE,CAAC,CAAC;QAC/F;YACI,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAC1D,CAAC;AACL,CAAC"}

package/dist/modules/openid4vc/local/Holder.d.ts

@@ -0,0 +1,43 @@
+import { X509Module } from "@credo-ts/core";
+import { OpenId4VciCredentialResponse, OpenId4VcModule, type OpenId4VciResolvedCredentialOffer, type OpenId4VpResolvedAuthorizationRequest } from "@credo-ts/openid4vc";
+import { TokenContentVerifiablePresentation, VerifiableCredential } from "@nmshd/content";
+import { AccountController } from "@nmshd/transport";
+import { AttributesController, OwnIdentityAttribute } from "../../attributes";
+import { BaseAgent } from "./BaseAgent";
+import { KeyStorage } from "./KeyStorage";
+import { OpenId4VciCredentialResponseJSON } from "./OpenId4VciCredentialResponseJSON";
+declare function getOpenIdHolderModules(): {
+    readonly openid4vc: OpenId4VcModule<null, null>;
+    readonly x509: X509Module;
+};
+export declare class Holder extends BaseAgent<ReturnType<typeof getOpenIdHolderModules>> {
+    client: {
+        clientId: string;
+        redirectUri: string;
+    };
+    constructor(keyStorage: KeyStorage, accountController: AccountController, attributeController: AttributesController, fetchInstance: typeof fetch);
+    resolveCredentialOffer(credentialOffer: string): Promise<OpenId4VciResolvedCredentialOffer>;
+    requestCredentials(resolvedCredentialOffer: OpenId4VciResolvedCredentialOffer, credentialConfigurationIds: string[], access: {
+        accessToken: string;
+    } | {
+        pinCode?: string;
+    }): Promise<OpenId4VciCredentialResponse[]>;
+    storeCredentials(credentialResponses: OpenId4VciCredentialResponseJSON[]): Promise<OwnIdentityAttribute[]>;
+    resolveAuthorizationRequest(request: string): Promise<OpenId4VpResolvedAuthorizationRequest>;
+    acceptAuthorizationRequest(resolvedAuthorizationRequest: OpenId4VpResolvedAuthorizationRequest, credential: OwnIdentityAttribute): Promise<{
+        readonly status: number;
+        readonly body: string | Record<string, unknown> | null;
+    } | {
+        readonly status: number;
+        readonly body: Record<string, unknown>;
+    } | undefined>;
+    createPresentationTokenContent(credential: VerifiableCredential, nonce: string): Promise<TokenContentVerifiablePresentation>;
+    verifyPresentationTokenContent(tokenContent: TokenContentVerifiablePresentation, expectedNonce: string): Promise<{
+        isValid: boolean;
+        error?: Error;
+    }>;
+    exit(): Promise<void>;
+    restart(): Promise<void>;
+}
+export {};
+//# sourceMappingURL=Holder.d.ts.map

package/dist/modules/openid4vc/local/Holder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Holder.d.ts","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/Holder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwH,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAClK,OAAO,EAAE,4BAA4B,EAAE,eAAe,EAAE,KAAK,iCAAiC,EAAE,KAAK,qCAAqC,EAAE,MAAM,qBAAqB,CAAC;AACxK,OAAO,EAAE,kCAAkC,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC1F,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,gCAAgC,EAAE,MAAM,oCAAoC,CAAC;AAEtF,iBAAS,sBAAsB;;;EAS9B;AAED,qBAAa,MAAO,SAAQ,SAAS,CAAC,UAAU,CAAC,OAAO,sBAAsB,CAAC,CAAC;IACrE,MAAM;;;MAGX;gBAEiB,UAAU,EAAE,UAAU,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,aAAa,EAAE,OAAO,KAAK;IAI1I,sBAAsB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,iCAAiC,CAAC;IAI3F,kBAAkB,CAC3B,uBAAuB,EAAE,iCAAiC,EAC1D,0BAA0B,EAAE,MAAM,EAAE,EACpC,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GACvD,OAAO,CAAC,4BAA4B,EAAE,CAAC;IAiE7B,gBAAgB,CAAC,mBAAmB,EAAE,gCAAgC,EAAE,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAsB1G,2BAA2B,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,qCAAqC,CAAC;IAK5F,0BAA0B,CACnC,4BAA4B,EAAE,qCAAqC,EACnE,UAAU,EAAE,oBAAoB,GACjC,OAAO,CACJ;QACI,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;KAC1D,GACD;QACI,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAC1C,GACD,SAAS,CACd;IA2BY,8BAA8B,CAAC,UAAU,EAAE,oBAAoB,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,kCAAkC,CAAC;IAoB5H,8BAA8B,CAAC,YAAY,EAAE,kCAAkC,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,KAAK,CAAA;KAAE,CAAC;IAerJ,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAIrB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAGxC"}

package/dist/modules/openid4vc/local/Holder.js

@@ -0,0 +1,163 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Holder = void 0;
+const core_1 = require("@credo-ts/core");
+const openid4vc_1 = require("@credo-ts/openid4vc");
+const content_1 = require("@nmshd/content");
+const BaseAgent_1 = require("./BaseAgent");
+const EnmeshedStorageService_1 = require("./EnmeshedStorageService");
+function getOpenIdHolderModules() {
+    return {
+        openid4vc: new openid4vc_1.OpenId4VcModule(),
+        x509: new core_1.X509Module({
+            getTrustedCertificatesForVerification: (_agentContext, { certificateChain }) => {
+                return [certificateChain[0].toString("pem")];
+            }
+        })
+    };
+}
+class Holder extends BaseAgent_1.BaseAgent {
+    constructor(keyStorage, accountController, attributeController, fetchInstance) {
+        super(keyStorage, getOpenIdHolderModules(), accountController, attributeController, fetchInstance);
+        this.client = {
+            clientId: "wallet",
+            redirectUri: "http://localhost:3000/redirect"
+        };
+    }
+    async resolveCredentialOffer(credentialOffer) {
+        return await this.agent.openid4vc.holder.resolveCredentialOffer(credentialOffer);
+    }
+    async requestCredentials(resolvedCredentialOffer, credentialConfigurationIds, access) {
+        const tokenResponse = "accessToken" in access
+            ? {
+                accessToken: access.accessToken,
+                accessTokenResponse: {
+                    // eslint-disable-next-line @typescript-eslint/naming-convention
+                    access_token: access.accessToken,
+                    // eslint-disable-next-line @typescript-eslint/naming-convention
+                    token_type: "bearer"
+                }
+            }
+            : await this.agent.openid4vc.holder.requestToken({ resolvedCredentialOffer, txCode: access.pinCode });
+        const credentialResponse = await this.agent.openid4vc.holder.requestCredentials({
+            resolvedCredentialOffer,
+            credentialConfigurationIds: credentialConfigurationIds,
+            credentialBindingResolver: async ({ supportedDidMethods, supportsAllDidMethods, proofTypes }) => {
+                const key = await this.agent.kms.createKeyForSignatureAlgorithm({
+                    algorithm: proofTypes.jwt?.supportedSignatureAlgorithms[0] ?? "EdDSA"
+                });
+                const publicJwk = core_1.Kms.PublicJwk.fromPublicJwk(key.publicJwk);
+                if (supportsAllDidMethods || supportedDidMethods?.includes("did:key")) {
+                    await this.agent.dids.create({
+                        method: "key",
+                        options: {
+                            keyId: key.keyId
+                        }
+                    });
+                    const didKey = new core_1.DidKey(publicJwk);
+                    return {
+                        method: "did",
+                        didUrls: [`${didKey.did}#${didKey.publicJwk.fingerprint}`]
+                    };
+                }
+                if (supportedDidMethods?.includes("did:jwk")) {
+                    const didJwk = core_1.DidJwk.fromPublicJwk(publicJwk);
+                    await this.agent.dids.create({
+                        method: "jwk",
+                        options: {
+                            keyId: key.keyId
+                        }
+                    });
+                    return {
+                        method: "did",
+                        didUrls: [`${didJwk.did}#0`]
+                    };
+                }
+                return {
+                    method: "jwk",
+                    keys: [publicJwk]
+                };
+            },
+            ...tokenResponse
+        });
+        this.agent.config.logger.info("Credential response:", credentialResponse);
+        return credentialResponse.credentials;
+    }
+    async storeCredentials(credentialResponses) {
+        const storedCredentials = await Promise.all(credentialResponses.map((credentialResponse) => {
+            if (![core_1.ClaimFormat.SdJwtDc].includes(credentialResponse.claimFormat)) {
+                throw new Error("Unsupported credential format");
+            }
+            const enmeshedStorageService = this.agent.dependencyManager.resolve(core_1.InjectionSymbols.StorageService);
+            return enmeshedStorageService.saveWithDisplay(this.agent.context, credentialResponse.encoded, credentialResponse.claimFormat, credentialResponse.displayInformation);
+        }));
+        this.agent.config.logger.info(`Stored credentials: ${JSON.stringify(storedCredentials)}`);
+        return storedCredentials;
+    }
+    async resolveAuthorizationRequest(request) {
+        const resolvedRequest = await this.agent.openid4vc.holder.resolveOpenId4VpAuthorizationRequest(request);
+        return resolvedRequest;
+    }
+    async acceptAuthorizationRequest(resolvedAuthorizationRequest, credential) {
+        if (!resolvedAuthorizationRequest.dcql) {
+            throw new Error("Missing dcql on resolved authorization request");
+        }
+        const credentialContent = credential.content.value;
+        const credentialRecord = (0, EnmeshedStorageService_1.decodeRecord)(credentialContent.type, credentialContent.value);
+        const queryId = resolvedAuthorizationRequest.dcql.queryResult.credentials[0].id;
+        const credentialForDcql = {
+            [queryId]: [
+                {
+                    credentialRecord,
+                    claimFormat: credentialContent.type,
+                    disclosedPayload: {}
+                }
+            ]
+        };
+        const submissionResult = await this.agent.openid4vc.holder.acceptOpenId4VpAuthorizationRequest({
+            authorizationRequestPayload: resolvedAuthorizationRequest.authorizationRequestPayload,
+            presentationExchange: undefined,
+            dcql: { credentials: credentialForDcql }
+        });
+        return submissionResult.serverResponse;
+    }
+    async createPresentationTokenContent(credential, nonce) {
+        if (credential.type !== core_1.ClaimFormat.SdJwtDc)
+            throw new Error("Only SD-JWT credentials are supported for token presentation");
+        const sdJwtVcApi = this.agent.dependencyManager.resolve(core_1.SdJwtVcApi);
+        const presentation = await sdJwtVcApi.present({
+            sdJwtVc: sdJwtVcApi.fromCompact(credential.value),
+            verifierMetadata: {
+                audience: "defaultPresentationAudience",
+                issuedAt: Date.now() / 1000,
+                nonce
+            }
+        });
+        return content_1.TokenContentVerifiablePresentation.from({
+            value: presentation,
+            type: credential.type,
+            displayInformation: credential.displayInformation
+        });
+    }
+    async verifyPresentationTokenContent(tokenContent, expectedNonce) {
+        if (tokenContent.type !== core_1.ClaimFormat.SdJwtDc)
+            throw new Error("Only SD-JWT credentials are supported for token presentation");
+        const sdJwtVcApi = this.agent.dependencyManager.resolve(core_1.SdJwtVcApi);
+        const verificationResult = await sdJwtVcApi.verify({
+            compactSdJwtVc: tokenContent.value,
+            keyBinding: {
+                audience: "defaultPresentationAudience",
+                nonce: expectedNonce
+            }
+        });
+        return { isValid: verificationResult.isValid, error: "error" in verificationResult ? verificationResult.error : undefined };
+    }
+    async exit() {
+        await this.shutdown();
+    }
+    async restart() {
+        await this.shutdown();
+    }
+}
+exports.Holder = Holder;
+//# sourceMappingURL=Holder.js.map

package/dist/modules/openid4vc/local/Holder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Holder.js","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/Holder.ts"],"names":[],"mappings":";;;AAAA,yCAAkK;AAClK,mDAAwK;AACxK,4CAA0F;AAG1F,2CAAwC;AACxC,qEAAgF;AAIhF,SAAS,sBAAsB;IAC3B,OAAO;QACH,SAAS,EAAE,IAAI,2BAAe,EAAE;QAChC,IAAI,EAAE,IAAI,iBAAU,CAAC;YACjB,qCAAqC,EAAE,CAAC,aAAa,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE;gBAC3E,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YACjD,CAAC;SACJ,CAAC;KACI,CAAC;AACf,CAAC;AAED,MAAa,MAAO,SAAQ,qBAAoD;IAM5E,YAAmB,UAAsB,EAAE,iBAAoC,EAAE,mBAAyC,EAAE,aAA2B;QACnJ,KAAK,CAAC,UAAU,EAAE,sBAAsB,EAAE,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,aAAa,CAAC,CAAC;QANhG,WAAM,GAAG;YACZ,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,gCAAgC;SAChD,CAAC;IAIF,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,eAAuB;QACvD,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,sBAAsB,CAAC,eAAe,CAAC,CAAC;IACrF,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAC3B,uBAA0D,EAC1D,0BAAoC,EACpC,MAAsD;QAEtD,MAAM,aAAa,GACf,aAAa,IAAI,MAAM;YACnB,CAAC,CAAC;gBACI,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,mBAAmB,EAAE;oBACjB,gEAAgE;oBAChE,YAAY,EAAE,MAAM,CAAC,WAAW;oBAChC,gEAAgE;oBAChE,UAAU,EAAE,QAAQ;iBACvB;aACJ;YACH,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,uBAAuB,EAAE,MAAM,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;QAE9G,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,kBAAkB,CAAC;YAC5E,uBAAuB;YACvB,0BAA0B,EAAE,0BAA0B;YACtD,yBAAyB,EAAE,KAAK,EAAE,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,UAAU,EAAE,EAAE,EAAE;gBAC5F,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,8BAA8B,CAAC;oBAC5D,SAAS,EAAE,UAAU,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC,CAAC,IAAI,OAAO;iBACxE,CAAC,CAAC;gBACH,MAAM,SAAS,GAAG,UAAG,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBAE7D,IAAI,qBAAqB,IAAI,mBAAmB,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACpE,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAsB;wBAC9C,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE;4BACL,KAAK,EAAE,GAAG,CAAC,KAAK;yBACnB;qBACJ,CAAC,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,aAAM,CAAC,SAAS,CAAC,CAAC;oBAErC,OAAO;wBACH,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC;qBAC7D,CAAC;gBACN,CAAC;gBACD,IAAI,mBAAmB,EAAE,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC3C,MAAM,MAAM,GAAG,aAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;oBAC/C,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAsB;wBAC9C,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE;4BACL,KAAK,EAAE,GAAG,CAAC,KAAK;yBACnB;qBACJ,CAAC,CAAC;oBAEH,OAAO;wBACH,MAAM,EAAE,KAAK;wBACb,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,IAAI,CAAC;qBAC/B,CAAC;gBACN,CAAC;gBAED,OAAO;oBACH,MAAM,EAAE,KAAK;oBACb,IAAI,EAAE,CAAC,SAAS,CAAC;iBACpB,CAAC;YACN,CAAC;YACD,GAAG,aAAa;SACnB,CAAC,CAAC;QAEH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,kBAAkB,CAAC,CAAC;QAE1E,OAAO,kBAAkB,CAAC,WAAW,CAAC;IAC1C,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,mBAAuD;QACjF,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CACvC,mBAAmB,CAAC,GAAG,CAAC,CAAC,kBAAkB,EAAE,EAAE;YAC3C,IAAI,CAAC,CAAC,kBAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;YACrD,CAAC;YAED,MAAM,sBAAsB,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAqC,uBAAgB,CAAC,cAAc,CAAC,CAAC;YAEzI,OAAO,sBAAsB,CAAC,eAAe,CACzC,IAAI,CAAC,KAAK,CAAC,OAAO,EAClB,kBAAkB,CAAC,OAAO,EAC1B,kBAAkB,CAAC,WAAW,EAC9B,kBAAkB,CAAC,kBAAkB,CACxC,CAAC;QACN,CAAC,CAAC,CACL,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QAC1F,OAAO,iBAAiB,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,2BAA2B,CAAC,OAAe;QACpD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,oCAAoC,CAAC,OAAO,CAAC,CAAC;QACxG,OAAO,eAAe,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,0BAA0B,CACnC,4BAAmE,EACnE,UAAgC;QAYhC,IAAI,CAAC,4BAA4B,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACtE,CAAC;QAED,MAAM,iBAAiB,GAAG,UAAU,CAAC,OAAO,CAAC,KAA6B,CAAC;QAC3E,MAAM,gBAAgB,GAAG,IAAA,qCAAY,EAAC,iBAAiB,CAAC,IAAI,EAAE,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAEvF,MAAM,OAAO,GAAG,4BAA4B,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAChF,MAAM,iBAAiB,GAAG;YACtB,CAAC,OAAO,CAAC,EAAE;gBACP;oBACI,gBAAgB;oBAChB,WAAW,EAAE,iBAAiB,CAAC,IAAW;oBAC1C,gBAAgB,EAAE,EAAE;iBACvB;aACJ;SACG,CAAC;QAET,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,mCAAmC,CAAC;YAC3F,2BAA2B,EAAE,4BAA4B,CAAC,2BAA2B;YACrF,oBAAoB,EAAE,SAAS;YAC/B,IAAI,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;SAC3C,CAAC,CAAC;QACH,OAAO,gBAAgB,CAAC,cAAc,CAAC;IAC3C,CAAC;IAEM,KAAK,CAAC,8BAA8B,CAAC,UAAgC,EAAE,KAAa;QACvF,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAW,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAE7H,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAC;QACpE,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC;YAC1C,OAAO,EAAE,UAAU,CAAC,WAAW,CAAC,UAAU,CAAC,KAAe,CAAC;YAC3D,gBAAgB,EAAE;gBACd,QAAQ,EAAE,6BAA6B;gBACvC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;gBAC3B,KAAK;aACR;SACJ,CAAC,CAAC;QAEH,OAAO,4CAAkC,CAAC,IAAI,CAAC;YAC3C,KAAK,EAAE,YAAY;YACnB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,kBAAkB,EAAE,UAAU,CAAC,kBAAkB;SACpD,CAAC,CAAC;IACP,CAAC;IAEM,KAAK,CAAC,8BAA8B,CAAC,YAAgD,EAAE,aAAqB;QAC/G,IAAI,YAAY,CAAC,IAAI,KAAK,kBAAW,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;QAE/H,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,iBAAU,CAAC,CAAC;QACpE,MAAM,kBAAkB,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC;YAC/C,cAAc,EAAE,YAAY,CAAC,KAAe;YAC5C,UAAU,EAAE;gBACR,QAAQ,EAAE,6BAA6B;gBACvC,KAAK,EAAE,aAAa;aACvB;SACJ,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,kBAAkB,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,IAAI,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IAChI,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;IAEM,KAAK,CAAC,OAAO;QAChB,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC1B,CAAC;CACJ;AAhMD,wBAgMC"}

package/dist/modules/openid4vc/local/KeyStorage.d.ts

@@ -0,0 +1,12 @@
+import { ILogger } from "@js-soft/logging-abstractions";
+import { SynchronizedCollection } from "@nmshd/transport";
+export declare class KeyStorage {
+    private readonly collection;
+    private readonly logger;
+    constructor(collection: SynchronizedCollection, logger: ILogger);
+    hasKey(keyId: string): Promise<boolean>;
+    storeKey(keyId: string, keyData: any): Promise<void>;
+    getKey(keyId: string): Promise<any | undefined>;
+    deleteKey(keyId: string): Promise<void>;
+}
+//# sourceMappingURL=KeyStorage.d.ts.map

package/dist/modules/openid4vc/local/KeyStorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyStorage.d.ts","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/KeyStorage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAGxD,OAAO,EAA2C,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAmBnG,qBAAa,UAAU;IAEf,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,MAAM;gBADN,UAAU,EAAE,sBAAsB,EAClC,MAAM,EAAE,OAAO;IAGvB,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvC,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAUpD,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC;IAW/C,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CASvD"}

package/dist/modules/openid4vc/local/KeyStorage.js

@@ -0,0 +1,67 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyStorage = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const core_types_1 = require("@nmshd/core-types");
+const transport_1 = require("@nmshd/transport");
+const ts_simple_nameof_1 = require("ts-simple-nameof");
+class KeyStorageEntry extends transport_1.CoreSynchronizable {
+    constructor() {
+        super(...arguments);
+        this.technicalProperties = [(0, ts_simple_nameof_1.nameof)((r) => r.key)];
+    }
+    static from(entry) {
+        return this.fromAny(entry);
+    }
+}
+__decorate([
+    (0, ts_serval_1.serialize)({ any: true }),
+    (0, ts_serval_1.validate)(),
+    __metadata("design:type", Object)
+], KeyStorageEntry.prototype, "key", void 0);
+class KeyStorage {
+    constructor(collection, logger) {
+        this.collection = collection;
+        this.logger = logger;
+    }
+    async hasKey(keyId) {
+        const entry = await this.collection.read(keyId);
+        return !!entry;
+    }
+    async storeKey(keyId, keyData) {
+        const entry = await this.collection.read(keyId);
+        if (entry) {
+            this.logger.info(`Key with id ${keyId} already exists`);
+            return;
+        }
+        await this.collection.create(KeyStorageEntry.from({ id: core_types_1.CoreId.from(keyId), key: keyData }));
+    }
+    async getKey(keyId) {
+        const entry = await this.collection.read(keyId);
+        if (!entry) {
+            this.logger.warn(`Key with id ${keyId} not found`);
+            return undefined;
+        }
+        const parsed = KeyStorageEntry.from(entry);
+        return parsed.key;
+    }
+    async deleteKey(keyId) {
+        const entry = await this.collection.read(keyId);
+        if (!entry) {
+            this.logger.warn(`Key with id ${keyId} not found, cannot delete`);
+            return;
+        }
+        await this.collection.delete(KeyStorageEntry.from(entry));
+    }
+}
+exports.KeyStorage = KeyStorage;
+//# sourceMappingURL=KeyStorage.js.map

package/dist/modules/openid4vc/local/KeyStorage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyStorage.js","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/KeyStorage.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,kDAAyD;AACzD,kDAA2C;AAC3C,gDAAmG;AACnG,uDAA0C;AAM1C,MAAM,eAAgB,SAAQ,8BAAkB;IAAhD;;QACoB,wBAAmB,GAAa,CAAC,IAAA,yBAAM,EAAkB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAS5F,CAAC;IAHU,MAAM,CAAC,IAAI,CAAC,KAAuB;QACtC,OAAO,IAAI,CAAC,OAAO,CAAkB,KAAK,CAAC,CAAC;IAChD,CAAC;CACJ;AALU;IAFN,IAAA,qBAAS,EAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACxB,IAAA,oBAAQ,GAAE;;4CACK;AAOpB,MAAa,UAAU;IACnB,YACqB,UAAkC,EAClC,MAAe;QADf,eAAU,GAAV,UAAU,CAAwB;QAClC,WAAM,GAAN,MAAM,CAAS;IACjC,CAAC;IAEG,KAAK,CAAC,MAAM,CAAC,KAAa;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,OAAO,CAAC,CAAC,KAAK,CAAC;IACnB,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,KAAa,EAAE,OAAY;QAC7C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,KAAK,EAAE,CAAC;YACR,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,iBAAiB,CAAC,CAAC;YACxD,OAAO;QACX,CAAC;QAED,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,mBAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACjG,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,KAAa;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,YAAY,CAAC,CAAC;YACnD,OAAO,SAAS,CAAC;QACrB,CAAC;QAED,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,OAAO,MAAM,CAAC,GAAG,CAAC;IACtB,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,KAAa;QAChC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,KAAK,2BAA2B,CAAC,CAAC;YAClE,OAAO;QACX,CAAC;QAED,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9D,CAAC;CACJ;AAzCD,gCAyCC"}

package/dist/modules/openid4vc/local/OpenId4VciCredentialResponseJSON.d.ts

@@ -0,0 +1,7 @@
+import { ClaimFormat, W3cJsonCredential } from "@credo-ts/core";
+export interface OpenId4VciCredentialResponseJSON {
+    claimFormat: ClaimFormat;
+    encoded: string | W3cJsonCredential;
+    displayInformation?: Record<string, any>[];
+}
+//# sourceMappingURL=OpenId4VciCredentialResponseJSON.d.ts.map

package/dist/modules/openid4vc/local/OpenId4VciCredentialResponseJSON.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VciCredentialResponseJSON.d.ts","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/OpenId4VciCredentialResponseJSON.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAEhE,MAAM,WAAW,gCAAgC;IAC7C,WAAW,EAAE,WAAW,CAAC;IACzB,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAAC;IACpC,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;CAC9C"}

package/dist/modules/openid4vc/local/OpenId4VciCredentialResponseJSON.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=OpenId4VciCredentialResponseJSON.js.map

package/dist/modules/openid4vc/local/OpenId4VciCredentialResponseJSON.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"OpenId4VciCredentialResponseJSON.js","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/OpenId4VciCredentialResponseJSON.ts"],"names":[],"mappings":""}

package/dist/modules/openid4vc/local/RequestedCredentialCache.d.ts

@@ -0,0 +1,9 @@
+import { SynchronizedCollection } from "@nmshd/transport";
+import { OpenId4VciCredentialResponseJSON } from "./OpenId4VciCredentialResponseJSON";
+export declare class RequestedCredentialCache {
+    private readonly collection;
+    constructor(collection: SynchronizedCollection);
+    get(credentialOfferUrl: string): Promise<OpenId4VciCredentialResponseJSON[] | undefined>;
+    set(credentialOfferUrl: string, credentialResponses: OpenId4VciCredentialResponseJSON[]): Promise<void>;
+}
+//# sourceMappingURL=RequestedCredentialCache.d.ts.map

package/dist/modules/openid4vc/local/RequestedCredentialCache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RequestedCredentialCache.d.ts","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/RequestedCredentialCache.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsB,sBAAsB,EAAE,MAAM,kBAAkB,CAAC;AAG9E,OAAO,EAAE,gCAAgC,EAAE,MAAM,oCAAoC,CAAC;AAyBtF,qBAAa,wBAAwB;IACd,OAAO,CAAC,QAAQ,CAAC,UAAU;gBAAV,UAAU,EAAE,sBAAsB;IAEzD,GAAG,CAAC,kBAAkB,EAAE,MAAM,GAAG,OAAO,CAAC,gCAAgC,EAAE,GAAG,SAAS,CAAC;IAKxF,GAAG,CAAC,kBAAkB,EAAE,MAAM,EAAE,mBAAmB,EAAE,gCAAgC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;CAIvH"}

package/dist/modules/openid4vc/local/RequestedCredentialCache.js

@@ -0,0 +1,57 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RequestedCredentialCache = void 0;
+const ts_serval_1 = require("@js-soft/ts-serval");
+const transport_1 = require("@nmshd/transport");
+const ts_simple_nameof_1 = require("ts-simple-nameof");
+const ConsumptionIds_1 = require("../../../consumption/ConsumptionIds");
+class RequestedCredentialCacheEntry extends transport_1.CoreSynchronizable {
+    constructor() {
+        super(...arguments);
+        this.technicalProperties = [
+            (0, ts_simple_nameof_1.nameof)((r) => r.credentialOfferUrl),
+            (0, ts_simple_nameof_1.nameof)((r) => r.credentialResponses)
+        ];
+    }
+    static create(id, credentialOfferUrl, credentialResponses) {
+        return this.fromAny({
+            id: id,
+            credentialOfferUrl: credentialOfferUrl,
+            credentialResponses
+        });
+    }
+}
+__decorate([
+    (0, ts_serval_1.serialize)(),
+    (0, ts_serval_1.validate)(),
+    __metadata("design:type", String)
+], RequestedCredentialCacheEntry.prototype, "credentialOfferUrl", void 0);
+__decorate([
+    (0, ts_serval_1.serialize)({ any: true }),
+    (0, ts_serval_1.validate)(),
+    __metadata("design:type", Array)
+], RequestedCredentialCacheEntry.prototype, "credentialResponses", void 0);
+class RequestedCredentialCache {
+    constructor(collection) {
+        this.collection = collection;
+    }
+    async get(credentialOfferUrl) {
+        const doc = await this.collection.findOne({ credentialOfferUrl: credentialOfferUrl });
+        return doc ? RequestedCredentialCacheEntry.fromAny(doc).credentialResponses : undefined;
+    }
+    async set(credentialOfferUrl, credentialResponses) {
+        const id = await ConsumptionIds_1.ConsumptionIds.requestedCredentialCacheEntry.generate();
+        await this.collection.create(RequestedCredentialCacheEntry.create(id, credentialOfferUrl, credentialResponses));
+    }
+}
+exports.RequestedCredentialCache = RequestedCredentialCache;
+//# sourceMappingURL=RequestedCredentialCache.js.map

package/dist/modules/openid4vc/local/RequestedCredentialCache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RequestedCredentialCache.js","sourceRoot":"","sources":["../../../../src/modules/openid4vc/local/RequestedCredentialCache.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,kDAAyD;AAEzD,gDAA8E;AAC9E,uDAA0C;AAC1C,wEAAqE;AAGrE,MAAM,6BAA8B,SAAQ,8BAAkB;IAA9D;;QACoB,wBAAmB,GAAa;YAC5C,IAAA,yBAAM,EAAgC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,kBAAkB,CAAC;YAClE,IAAA,yBAAM,EAAgC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC;SACtE,CAAC;IAiBN,CAAC;IAPU,MAAM,CAAC,MAAM,CAAC,EAAU,EAAE,kBAA0B,EAAE,mBAAuD;QAChH,OAAO,IAAI,CAAC,OAAO,CAAgC;YAC/C,EAAE,EAAE,EAAE;YACN,kBAAkB,EAAE,kBAAkB;YACtC,mBAAmB;SACtB,CAAC,CAAC;IACP,CAAC;CACJ;AAbU;IAFN,IAAA,qBAAS,GAAE;IACX,IAAA,oBAAQ,GAAE;;yEACuB;AAI3B;IAFN,IAAA,qBAAS,EAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;IACxB,IAAA,oBAAQ,GAAE;;0EACoD;AAWnE,MAAa,wBAAwB;IACjC,YAAoC,UAAkC;QAAlC,eAAU,GAAV,UAAU,CAAwB;IAAG,CAAC;IAEnE,KAAK,CAAC,GAAG,CAAC,kBAA0B;QACvC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACtF,OAAO,GAAG,CAAC,CAAC,CAAC,6BAA6B,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,kBAA0B,EAAE,mBAAuD;QAChG,MAAM,EAAE,GAAG,MAAM,+BAAc,CAAC,6BAA6B,CAAC,QAAQ,EAAE,CAAC;QACzE,MAAM,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,6BAA6B,CAAC,MAAM,CAAC,EAAE,EAAE,kBAAkB,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACpH,CAAC;CACJ;AAZD,4DAYC"}

package/dist/modules/requests/events/ShareCredentialOfferRequestItemProcessedByRecipientEvent.d.ts

@@ -0,0 +1,12 @@
+import { CoreAddress } from "@nmshd/core-types";
+import { TransportDataEvent } from "@nmshd/transport";
+export interface ShareCredentialOfferRequestItemProcessedByRecipientEventData {
+    credentialOfferUrl: string;
+    accepted: boolean;
+    peer: CoreAddress;
+}
+export declare class ShareCredentialOfferRequestItemProcessedByRecipientEvent extends TransportDataEvent<ShareCredentialOfferRequestItemProcessedByRecipientEventData> {
+    static readonly namespace = "consumption.shareCredentialOfferRequestItemProcessedByRecipient";
+    constructor(eventTargetAddress: string, data: ShareCredentialOfferRequestItemProcessedByRecipientEventData);
+}
+//# sourceMappingURL=ShareCredentialOfferRequestItemProcessedByRecipientEvent.d.ts.map

package/dist/modules/requests/events/ShareCredentialOfferRequestItemProcessedByRecipientEvent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ShareCredentialOfferRequestItemProcessedByRecipientEvent.d.ts","sourceRoot":"","sources":["../../../../src/modules/requests/events/ShareCredentialOfferRequestItemProcessedByRecipientEvent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,WAAW,4DAA4D;IACzE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,IAAI,EAAE,WAAW,CAAC;CACrB;AAED,qBAAa,wDAAyD,SAAQ,kBAAkB,CAAC,4DAA4D,CAAC;IAC1J,gBAAuB,SAAS,qEAAqE;gBAElF,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,4DAA4D;CAGpH"}

package/dist/modules/requests/events/ShareCredentialOfferRequestItemProcessedByRecipientEvent.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ShareCredentialOfferRequestItemProcessedByRecipientEvent = void 0;
+const transport_1 = require("@nmshd/transport");
+class ShareCredentialOfferRequestItemProcessedByRecipientEvent extends transport_1.TransportDataEvent {
+    static { this.namespace = "consumption.shareCredentialOfferRequestItemProcessedByRecipient"; }
+    constructor(eventTargetAddress, data) {
+        super(ShareCredentialOfferRequestItemProcessedByRecipientEvent.namespace, eventTargetAddress, data);
+    }
+}
+exports.ShareCredentialOfferRequestItemProcessedByRecipientEvent = ShareCredentialOfferRequestItemProcessedByRecipientEvent;
+//# sourceMappingURL=ShareCredentialOfferRequestItemProcessedByRecipientEvent.js.map

package/dist/modules/requests/events/ShareCredentialOfferRequestItemProcessedByRecipientEvent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ShareCredentialOfferRequestItemProcessedByRecipientEvent.js","sourceRoot":"","sources":["../../../../src/modules/requests/events/ShareCredentialOfferRequestItemProcessedByRecipientEvent.ts"],"names":[],"mappings":";;;AACA,gDAAsD;AAQtD,MAAa,wDAAyD,SAAQ,8BAAgF;aACnI,cAAS,GAAG,iEAAiE,CAAC;IAErG,YAAmB,kBAA0B,EAAE,IAAkE;QAC7G,KAAK,CAAC,wDAAwD,CAAC,SAAS,EAAE,kBAAkB,EAAE,IAAI,CAAC,CAAC;IACxG,CAAC;;AALL,4HAMC"}

package/dist/modules/requests/events/index.d.ts

@@ -3,4 +3,5 @@ export * from "./IncomingRequestStatusChangedEvent";
 export * from "./OutgoingRequestCreatedAndCompletedEvent";
 export * from "./OutgoingRequestCreatedEvent";
 export * from "./OutgoingRequestStatusChangedEvent";
+export * from "./ShareCredentialOfferRequestItemProcessedByRecipientEvent";
 //# sourceMappingURL=index.d.ts.map

package/dist/modules/requests/events/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/modules/requests/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qCAAqC,CAAC;AACpD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qCAAqC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/modules/requests/events/index.ts"],"names":[],"mappings":"AAAA,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qCAAqC,CAAC;AACpD,cAAc,2CAA2C,CAAC;AAC1D,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qCAAqC,CAAC;AACpD,cAAc,4DAA4D,CAAC"}

package/dist/modules/requests/events/index.js

@@ -19,4 +19,5 @@ __exportStar(require("./IncomingRequestStatusChangedEvent"), exports);
 __exportStar(require("./OutgoingRequestCreatedAndCompletedEvent"), exports);
 __exportStar(require("./OutgoingRequestCreatedEvent"), exports);
 __exportStar(require("./OutgoingRequestStatusChangedEvent"), exports);
+__exportStar(require("./ShareCredentialOfferRequestItemProcessedByRecipientEvent"), exports);
 //# sourceMappingURL=index.js.map

package/dist/modules/requests/events/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/requests/events/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iEAA+C;AAC/C,sEAAoD;AACpD,4EAA0D;AAC1D,gEAA8C;AAC9C,sEAAoD"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/modules/requests/events/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iEAA+C;AAC/C,sEAAoD;AACpD,4EAA0D;AAC1D,gEAA8C;AAC9C,sEAAoD;AACpD,6FAA2E"}

package/dist/modules/requests/index.d.ts

@@ -26,6 +26,9 @@ export * from "./itemProcessors/RequestItemConstructor";
 export * from "./itemProcessors/RequestItemProcessorConstructor";
 export * from "./itemProcessors/RequestItemProcessorRegistry";
 export * from "./itemProcessors/shareAttribute/ShareAttributeRequestItemProcessor";
+export * from "./itemProcessors/shareAuthorizationRequest/AcceptShareAuthorizationRequestRequestItemParameters";
+export * from "./itemProcessors/shareAuthorizationRequest/ShareAuthorizationRequestRequestItemProcessor";
+export * from "./itemProcessors/shareCredentialOffer/ShareCredentialOfferRequestItemProcessor";
 export * from "./itemProcessors/transferFileOwnership/TransferFileOwnershipRequestItemProcessor";
 export * from "./local/LocalRequest";
 export * from "./local/LocalRequestStatus";