@sphereon/ssi-sdk-ext.identifier-resolution 0.24.1-next.112 → 0.24.1-next.148

package/src/functions/managedIdentifierFunctions.ts

@@ -10,6 +10,7 @@ import {
   isManagedIdentifierCoseKeyOpts,
   isManagedIdentifierDidOpts,
   isManagedIdentifierDidResult,
+  isManagedIdentifierOID4VCIssuerOpts,
   isManagedIdentifierJwkOpts,
   isManagedIdentifierJwkResult,
   isManagedIdentifierKeyOpts,
@@ -20,6 +21,8 @@ import {
   ManagedIdentifierCoseKeyResult,
   ManagedIdentifierDidOpts,
   ManagedIdentifierDidResult,
+  ManagedIdentifierOID4VCIssuerOpts,
+  ManagedIdentifierOID4VCIssuerResult,
   ManagedIdentifierJwkOpts,
   ManagedIdentifierJwkResult,
   ManagedIdentifierKeyOpts,
@@ -270,6 +273,49 @@ export async function getManagedX5cIdentifier(
   } satisfies ManagedIdentifierX5cResult
 }
 
+export async function getManagedOID4VCIssuerIdentifier(
+    opts: ManagedIdentifierOID4VCIssuerOpts,
+    context: IAgentContext<IKeyManager>
+): Promise<ManagedIdentifierOID4VCIssuerResult> {
+  const { identifier } = opts
+  const method = 'oid4vci-issuer'
+  // FIXME: We need to eventually determine the JWK based on the issuer. Using a dummy JWK for now
+  const jwk = {
+    "kty" : "RSA",
+    "kid" : "dummy-jwk-for-vci-issuer-signing",
+    "use" : "sig",
+    "n"   : "pjdss8ZaDfEH6K6U7GeW2nxDqR4IP049fk1fK0lndimbMMVBdPv_hSpm8T8EtBDxrUdi1OHZfMhUixGaut-3nQ4GG9nM249oxhCtxqqNvEXrmQRGqczyLxuh-fKn9Fg--hS9UpazHpfVAFnB5aCfXoNhPuI8oByyFKMKaOVgHNqP5NBEqabiLftZD3W_lsFCPGuzr4Vp0YS7zS2hDYScC2oOMu4rGU1LcMZf39p3153Cq7bS2Xh6Y-vw5pwzFYZdjQxDn8x8BG3fJ6j8TGLXQsbKH1218_HcUJRvMwdpbUQG5nvA2GXVqLqdwp054Lzk9_B_f1lVrmOKuHjTNHq48w",
+    "e"   : "AQAB",
+    "d"   : "ksDmucdMJXkFGZxiomNHnroOZxe8AmDLDGO1vhs-POa5PZM7mtUPonxwjVmthmpbZzla-kg55OFfO7YcXhg-Hm2OWTKwm73_rLh3JavaHjvBqsVKuorX3V3RYkSro6HyYIzFJ1Ek7sLxbjDRcDOj4ievSX0oN9l-JZhaDYlPlci5uJsoqro_YrE0PRRWVhtGynd-_aWgQv1YzkfZuMD-hJtDi1Im2humOWxA4eZrFs9eG-whXcOvaSwO4sSGbS99ecQZHM2TcdXeAs1PvjVgQ_dKnZlGN3lTWoWfQP55Z7Tgt8Nf1q4ZAKd-NlMe-7iqCFfsnFwXjSiaOa2CRGZn-Q",
+    "p"   : "4A5nU4ahEww7B65yuzmGeCUUi8ikWzv1C81pSyUKvKzu8CX41hp9J6oRaLGesKImYiuVQK47FhZ--wwfpRwHvSxtNU9qXb8ewo-BvadyO1eVrIk4tNV543QlSe7pQAoJGkxCia5rfznAE3InKF4JvIlchyqs0RQ8wx7lULqwnn0",
+    "q"   : "ven83GM6SfrmO-TBHbjTk6JhP_3CMsIvmSdo4KrbQNvp4vHO3w1_0zJ3URkmkYGhz2tgPlfd7v1l2I6QkIh4Bumdj6FyFZEBpxjE4MpfdNVcNINvVj87cLyTRmIcaGxmfylY7QErP8GFA-k4UoH_eQmGKGK44TRzYj5hZYGWIC8",
+    "dp"  : "lmmU_AG5SGxBhJqb8wxfNXDPJjf__i92BgJT2Vp4pskBbr5PGoyV0HbfUQVMnw977RONEurkR6O6gxZUeCclGt4kQlGZ-m0_XSWx13v9t9DIbheAtgVJ2mQyVDvK4m7aRYlEceFh0PsX8vYDS5o1txgPwb3oXkPTtrmbAGMUBpE",
+    "dq"  : "mxRTU3QDyR2EnCv0Nl0TCF90oliJGAHR9HJmBe__EjuCBbwHfcT8OG3hWOv8vpzokQPRl5cQt3NckzX3fs6xlJN4Ai2Hh2zduKFVQ2p-AF2p6Yfahscjtq-GY9cB85NxLy2IXCC0PF--Sq9LOrTE9QV988SJy_yUrAjcZ5MmECk",
+    "qi"  : "ldHXIrEmMZVaNwGzDF9WG8sHj2mOZmQpw9yrjLK9hAsmsNr5LTyqWAqJIYZSwPTYWhY4nu2O0EY9G9uYiqewXfCKw_UngrJt8Xwfq1Zruz0YY869zPN4GiE9-9rzdZB33RBw8kIOquY3MK74FMwCihYx_LiU2YTHkaoJ3ncvtvg"
+  } as JWK
+  const jwkThumbprint = calculateJwkThumbprint({ jwk })
+
+  const key = {
+    kid: 'dummy-key-for-vci-issuer-signing',
+    kms: 'local',
+    type: "RSA",
+    publicKeyHex: '9a3f75b2e4d8b91128fc6e9a8f6782e5a4f1cba3718e58b5d0a789d6e5f52b3a'
+  } as IKey
+
+  return {
+    method,
+    identifier,
+    jwk,
+    jwkThumbprint,
+    key, // FIXME: We need construct a key as soon as we have the external VCI Issuer resolution
+    kmsKeyRef: identifier, // FIXME: We need use kmsKeyRef as soon as we have the external VCI Issuer resolution
+    issuer: identifier.replace('/.well-known/openid-credential-issuer', ''),
+    clientId: opts.clientId,
+    clientIdScheme: opts.clientIdScheme,
+    opts,
+  } satisfies ManagedIdentifierOID4VCIssuerResult
+}
+
 export async function getManagedIdentifier(
   opts: ManagedIdentifierOptsOrResult & {
     crypto?: Crypto
@@ -292,11 +338,13 @@ export async function getManagedIdentifier(
     resolutionResult = await getManagedKeyIdentifier(opts, context)
   } else if (isManagedIdentifierCoseKeyOpts(opts)) {
     resolutionResult = await getManagedCoseKeyIdentifier(opts, context)
+  } else if (isManagedIdentifierOID4VCIssuerOpts(opts)) {
+    resolutionResult = await getManagedOID4VCIssuerIdentifier(opts, context)
   } else {
     return Promise.reject(Error(`Could not determine identifier method. Please provide explicitly`))
   }
   const { key } = resolutionResult
-  if (!key || (isManagedIdentifierDidOpts(opts) && isManagedIdentifierDidResult(resolutionResult) && !resolutionResult.identifier)) {
+  if ((!key && !isManagedIdentifierOID4VCIssuerOpts(opts)) || (isManagedIdentifierDidOpts(opts) && isManagedIdentifierDidResult(resolutionResult) && !resolutionResult.identifier)) {
     console.log(`Cannot find identifier`, opts.identifier)
     return Promise.reject(`Cannot find identifier ${opts.identifier}`)
   }
@@ -311,6 +359,7 @@ export async function managedIdentifierToKeyResult(
   if (isManagedIdentifierKeyResult(resolved)) {
     return resolved
   }
+
   return {
     ...resolved,
     method: 'key',

package/src/types/IIdentifierResolution.ts

@@ -16,6 +16,8 @@ import {
   ManagedIdentifierCoseKeyResult,
   ManagedIdentifierDidOpts,
   ManagedIdentifierDidResult,
+  ManagedIdentifierOID4VCIssuerOpts,
+  ManagedIdentifierOID4VCIssuerResult,
   ManagedIdentifierJwkOpts,
   ManagedIdentifierJwkResult,
   ManagedIdentifierKeyOpts,
@@ -36,6 +38,7 @@ export const identifierResolutionContextMethods: Array<string> = [
   'identifierManagedGetByJwk',
   'identifierManagedGetByX5c',
   'identifierManagedGetByKey',
+  'identifierManagedGetByOID4VCIssuer',
   'identifierGetManagedByCoseKey',
   'identifierExternalResolve',
   'identifierExternalResolveByDid',
@@ -77,6 +80,8 @@ export interface IIdentifierResolution extends IPluginMethodMap {
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierCoseKeyResult>
 
+  identifierManagedGetByOID4VCIssuer(args: ManagedIdentifierOID4VCIssuerOpts, context: IAgentContext<any>): Promise<ManagedIdentifierOID4VCIssuerResult>
+
   // TODO: We can create a custom managed identifier method allowing developers to register a callback function to get their implementation hooked up. Needs more investigation as it would also impact the KMS
 
   /**

package/src/types/common.ts

@@ -29,7 +29,11 @@ export function isJwksUrlIdentifier(identifier: ManagedIdentifierType | External
 }
 
 export function isKidIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string {
-  return typeof identifier === 'string' && !identifier.startsWith('did:')
+  return typeof identifier === 'string' && !identifier.startsWith('did:') && !identifier.startsWith('http')
+}
+
+export function isOID4VCIssuerIdentifier(identifier: ManagedIdentifierType | ExternalIdentifierType): identifier is string {
+  return typeof identifier === 'string' && identifier.startsWith('http') && identifier.endsWith('/.well-known/openid-credential-issuer')
 }
 
 export function isKeyIdentifier(identifier: ManagedIdentifierType): identifier is IKey {

package/src/types/managedIdentifierTypes.ts

@@ -1,7 +1,16 @@
 import { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
 import { DIDDocumentSection, IIdentifier, IKey, TKeyType } from '@veramo/core'
-import { isCoseKeyIdentifier, isDidIdentifier, isJwkIdentifier, isKeyIdentifier, isKidIdentifier, isX5cIdentifier, JwkInfo } from './common'
+import {
+  isCoseKeyIdentifier,
+  isDidIdentifier,
+  isOID4VCIssuerIdentifier,
+  isJwkIdentifier,
+  isKeyIdentifier,
+  isKidIdentifier,
+  isX5cIdentifier,
+  JwkInfo
+} from './common'
 
 /**
  * Use whenever we need to pass in an identifier. We can pass in kids, DIDs, IIdentifier objects and x5chains
@@ -17,6 +26,7 @@ export type ManagedIdentifierOpts = (
   | ManagedIdentifierKidOpts
   | ManagedIdentifierKeyOpts
   | ManagedIdentifierCoseKeyOpts
+  | ManagedIdentifierOID4VCIssuerOpts
 ) &
   ManagedIdentifierOptsBase
 
@@ -30,7 +40,7 @@ export type ManagedIdentifierOptsBase = {
   clientIdScheme?: ClientIdScheme | 'did' | string
 }
 
-export type ManagedIdentifierDidOpts = Omit<ManagedIdentifierOptsBase, 'method'> & {
+export type ManagedIdentifierDidOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
   method?: 'did'
   identifier: IIdentifier | string
   keyType?: TKeyType
@@ -45,7 +55,7 @@ export function isManagedIdentifierDidOpts(opts: ManagedIdentifierOptsBase): opt
   return ('method' in opts && opts.method === 'did') || isDidIdentifier(identifier)
 }
 
-export type ManagedIdentifierKidOpts = Omit<ManagedIdentifierOptsBase, 'method'> & {
+export type ManagedIdentifierKidOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
   method?: 'kid'
   identifier: string
 }
@@ -55,7 +65,7 @@ export function isManagedIdentifierKidOpts(opts: ManagedIdentifierOptsBase): opt
   return ('method' in opts && opts.method === 'kid') || isKidIdentifier(identifier)
 }
 
-export type ManagedIdentifierKeyOpts = Omit<ManagedIdentifierOptsBase, 'method'> & {
+export type ManagedIdentifierKeyOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
   method?: 'key'
   identifier: IKey
 }
@@ -65,7 +75,7 @@ export function isManagedIdentifierKeyOpts(opts: ManagedIdentifierOptsBase): opt
   return ('method' in opts && opts.method === 'key') || isKeyIdentifier(identifier)
 }
 
-export type ManagedIdentifierCoseKeyOpts = Omit<ManagedIdentifierOptsBase, 'method'> & {
+export type ManagedIdentifierCoseKeyOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
   method?: 'cose_key'
   identifier: ICoseKeyJson
 }
@@ -75,7 +85,17 @@ export function isManagedIdentifierCoseKeyOpts(opts: ManagedIdentifierOptsBase):
   return ('method' in opts && opts.method === 'cose_key') || isCoseKeyIdentifier(identifier)
 }
 
-export type ManagedIdentifierJwkOpts = Omit<ManagedIdentifierOptsBase, 'method'> & {
+export type ManagedIdentifierOID4VCIssuerOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
+  method?: 'oid4vci-issuer'
+  identifier: string
+}
+
+export function isManagedIdentifierOID4VCIssuerOpts(opts: ManagedIdentifierOptsBase): opts is ManagedIdentifierCoseKeyOpts {
+  const { identifier } = opts
+  return ('method' in opts && opts.method === 'oid4vci-issuer') || isOID4VCIssuerIdentifier(identifier)
+}
+
+export type ManagedIdentifierJwkOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
   method?: 'jwk'
   identifier: JWK
 }
@@ -85,7 +105,7 @@ export function isManagedIdentifierJwkOpts(opts: ManagedIdentifierOptsBase): opt
   return ('method' in opts && opts.method === 'jwk') || isJwkIdentifier(identifier)
 }
 
-export type ManagedIdentifierX5cOpts = Omit<ManagedIdentifierOptsBase, 'method'> & {
+export type ManagedIdentifierX5cOpts = Omit<ManagedIdentifierOptsBase, 'method' | 'identifier'> & {
   method?: 'x5c'
   identifier: string[]
 }
@@ -110,6 +130,10 @@ export interface IManagedIdentifierResultBase extends ManagedJwkInfo {
   identifier: ManagedIdentifierType
 }
 
+export function isManagedIdentifierCoseKeyResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierCoseKeyResult {
+  return object!! && typeof object === 'object' && 'method' in object && object.method === 'cose_key'
+}
+
 export function isManagedIdentifierDidResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierDidResult {
   return object!! && typeof object === 'object' && 'method' in object && object.method === 'did'
 }
@@ -130,10 +154,6 @@ export function isManagedIdentifierKeyResult(object: IManagedIdentifierResultBas
   return object!! && typeof object === 'object' && 'method' in object && object.method === 'key'
 }
 
-export function isManagedIdentifierCoseKeyResult(object: IManagedIdentifierResultBase): object is ManagedIdentifierCoseKeyResult {
-  return object!! && typeof object === 'object' && 'method' in object && object.method === 'cose_key'
-}
-
 export interface ManagedIdentifierDidResult extends IManagedIdentifierResultBase {
   method: 'did'
   identifier: IIdentifier
@@ -167,6 +187,11 @@ export interface ManagedIdentifierCoseKeyResult extends IManagedIdentifierResult
   identifier: ICoseKeyJson
 }
 
+export interface ManagedIdentifierOID4VCIssuerResult extends IManagedIdentifierResultBase {
+  method: 'oid4vci-issuer'
+  identifier: string
+}
+
 export interface ManagedIdentifierX5cResult extends IManagedIdentifierResultBase {
   method: 'x5c'
   identifier: string[]
@@ -174,7 +199,7 @@ export interface ManagedIdentifierX5cResult extends IManagedIdentifierResultBase
   certificate: any // Certificate(JSON_, but trips schema generator. Probably want to create our own DTO
 }
 
-export type ManagedIdentifierMethod = 'did' | 'jwk' | 'x5c' | 'kid' | 'key' | 'cose_key'
+export type ManagedIdentifierMethod = 'did' | 'jwk' | 'x5c' | 'kid' | 'key' | 'cose_key' | 'oid4vci-issuer'
 
 export type ManagedIdentifierResult = IManagedIdentifierResultBase &
   (
@@ -184,6 +209,7 @@ export type ManagedIdentifierResult = IManagedIdentifierResultBase &
     | ManagedIdentifierKidResult
     | ManagedIdentifierKeyResult
     | ManagedIdentifierCoseKeyResult
+    | ManagedIdentifierOID4VCIssuerResult
   )
 
 export type ManagedIdentifierOptsOrResult = (ManagedIdentifierResult | ManagedIdentifierOpts) & {