@sphereon/ssi-sdk-ext.identifier-resolution 0.27.1-next.6 → 0.28.1-feature.esm.cjs.8

package/src/agent/IdentifierResolution.ts

@@ -1,7 +1,7 @@
 import { globalCrypto } from '@sphereon/ssi-sdk-ext.key-utils'
 import { IAgentContext, IAgentPlugin, IDIDManager, IKeyManager } from '@veramo/core'
 import { ExternalIdentifierOIDFEntityIdOpts, ExternalIdentifierOIDFEntityIdResult } from '../types'
-import { schema } from '..'
+import { schema } from '../index'
 import { resolveExternalIdentifier, ensureManagedIdentifierResult } from '../functions'
 import {
   ExternalIdentifierDidOpts,
@@ -34,24 +34,27 @@ import {
 } from '../types'
 import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
 
+import { webcrypto } from 'node:crypto'
+
 /**
  * @public
  */
 export class IdentifierResolution implements IAgentPlugin {
-  private readonly _crypto: Crypto
+
+  readonly _crypto: webcrypto.Crypto
 
   readonly schema = schema.IMnemonicInfoGenerator
   readonly methods: IIdentifierResolution = {
-    identifierManagedGet: this.identifierGetManaged.bind(this),
-    identifierManagedGetByDid: this.identifierGetManagedByDid.bind(this),
-    identifierManagedGetByKid: this.identifierGetManagedByKid.bind(this),
-    identifierManagedGetByJwk: this.identifierGetManagedByJwk.bind(this),
-    identifierManagedGetByX5c: this.identifierGetManagedByX5c.bind(this),
-    identifierManagedGetByKey: this.identifierGetManagedByKey.bind(this),
-    identifierManagedGetByCoseKey: this.identifierGetManagedByCoseKey.bind(this),
-    identifierManagedGetByOID4VCIssuer: this.identifierGetManagedByOID4VCIssuer.bind(this),
-
-    identifierExternalResolve: this.identifierResolveExternal.bind(this),
+    identifierManagedGet: this.identifierManagedGet.bind(this),
+    identifierManagedGetByDid: this.identifierManagedGetByDid.bind(this),
+    identifierManagedGetByKid: this.identifierManagedGetByKid.bind(this),
+    identifierManagedGetByJwk: this.identifierManagedGetByJwk.bind(this),
+    identifierManagedGetByX5c: this.identifierManagedGetByX5c.bind(this),
+    identifierManagedGetByKey: this.identifierManagedGetByKey.bind(this),
+    identifierManagedGetByCoseKey: this.identifierManagedGetByCoseKey.bind(this),
+    identifierManagedGetByOID4VCIssuer: this.identifierManagedGetByOID4VCIssuer.bind(this),
+
+    identifierExternalResolve: this.identifierExternalResolve.bind(this),
     identifierExternalResolveByDid: this.identifierExternalResolveByDid.bind(this),
     identifierExternalResolveByX5c: this.identifierExternalResolveByX5c.bind(this),
     identifierExternalResolveByJwk: this.identifierExternalResolveByJwk.bind(this),
@@ -64,7 +67,9 @@ export class IdentifierResolution implements IAgentPlugin {
   /**
    * TODO: Add a cache, as we are retrieving the same keys/info quite often
    */
-  constructor(opts?: { crypto?: Crypto }) {
+  constructor(opts?: {
+    crypto?: webcrypto.Crypto
+  }) {
     this._crypto = globalCrypto(false, opts?.crypto)
   }
 
@@ -73,65 +78,64 @@ export class IdentifierResolution implements IAgentPlugin {
    * integrate a plugin for anomaly detection. Having a single method helps
    * @param args
    * @param context
-   * @private
    */
-  private async identifierGetManaged(
+  private async identifierManagedGet(
     args: ManagedIdentifierOptsOrResult,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierResult> {
     return await ensureManagedIdentifierResult({ ...args, crypto: this._crypto }, context)
   }
 
-  private async identifierGetManagedByDid(
+  private async identifierManagedGetByDid(
     args: ManagedIdentifierDidOpts,
     context: IAgentContext<IKeyManager & IDIDManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierDidResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'did' }, context)) as ManagedIdentifierDidResult
+    return (await this.identifierManagedGet({ ...args, method: 'did' }, context)) as ManagedIdentifierDidResult
   }
 
-  private async identifierGetManagedByKid(
+  private async identifierManagedGetByKid(
     args: ManagedIdentifierKidOpts,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierKidResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'kid' }, context)) as ManagedIdentifierKidResult
+    return (await this.identifierManagedGet({ ...args, method: 'kid' }, context)) as ManagedIdentifierKidResult
   }
 
-  private async identifierGetManagedByKey(
+  private async identifierManagedGetByKey(
     args: ManagedIdentifierKeyOpts,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierKeyResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'key' }, context)) as ManagedIdentifierKeyResult
+    return (await this.identifierManagedGet({ ...args, method: 'key' }, context)) as ManagedIdentifierKeyResult
   }
 
-  private async identifierGetManagedByCoseKey(
+  private async identifierManagedGetByCoseKey(
     args: ManagedIdentifierCoseKeyOpts,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierCoseKeyResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'cose_key' }, context)) as ManagedIdentifierCoseKeyResult
+    return (await this.identifierManagedGet({ ...args, method: 'cose_key' }, context)) as ManagedIdentifierCoseKeyResult
   }
 
-  private async identifierGetManagedByOID4VCIssuer(
+  private async identifierManagedGetByOID4VCIssuer(
     args: ManagedIdentifierOID4VCIssuerOpts,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierOID4VCIssuerResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'oid4vci-issuer' }, context)) as ManagedIdentifierOID4VCIssuerResult
+    return (await this.identifierManagedGet({ ...args, method: 'oid4vci-issuer' }, context)) as ManagedIdentifierOID4VCIssuerResult
   }
 
-  private async identifierGetManagedByJwk(
+  private async identifierManagedGetByJwk(
     args: ManagedIdentifierJwkOpts,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierJwkResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'jwk' }, context)) as ManagedIdentifierJwkResult
+    return (await this.identifierManagedGet({ ...args, method: 'jwk' }, context)) as ManagedIdentifierJwkResult
   }
 
-  private async identifierGetManagedByX5c(
+  private async identifierManagedGetByX5c(
     args: ManagedIdentifierX5cOpts,
     context: IAgentContext<IKeyManager & IIdentifierResolution>
   ): Promise<ManagedIdentifierX5cResult> {
-    return (await this.identifierGetManaged({ ...args, method: 'x5c' }, context)) as ManagedIdentifierX5cResult
+    return (await this.identifierManagedGet({ ...args, method: 'x5c' }, context)) as ManagedIdentifierX5cResult
   }
 
-  private async identifierResolveExternal(
+  private async identifierExternalResolve(
     args: ExternalIdentifierOpts,
     context: IAgentContext<IKeyManager | IOIDFClient>
   ): Promise<ExternalIdentifierResult> {
@@ -139,28 +143,28 @@ export class IdentifierResolution implements IAgentPlugin {
   }
 
   private async identifierExternalResolveByDid(args: ExternalIdentifierDidOpts, context: IAgentContext<any>): Promise<ExternalIdentifierDidResult> {
-    return (await this.identifierResolveExternal({ ...args, method: 'did' }, context)) as ExternalIdentifierDidResult
+    return (await this.identifierExternalResolve({ ...args, method: 'did' }, context)) as ExternalIdentifierDidResult
   }
 
   private async identifierExternalResolveByX5c(args: ExternalIdentifierX5cOpts, context: IAgentContext<any>): Promise<ExternalIdentifierX5cResult> {
-    return (await this.identifierResolveExternal({ ...args, method: 'x5c' }, context)) as ExternalIdentifierX5cResult
+    return (await this.identifierExternalResolve({ ...args, method: 'x5c' }, context)) as ExternalIdentifierX5cResult
   }
 
   private async identifierExternalResolveByCoseKey(
     args: ExternalIdentifierCoseKeyOpts,
     context: IAgentContext<any>
   ): Promise<ExternalIdentifierCoseKeyResult> {
-    return (await this.identifierResolveExternal({ ...args, method: 'cose_key' }, context)) as ExternalIdentifierCoseKeyResult
+    return (await this.identifierExternalResolve({ ...args, method: 'cose_key' }, context)) as ExternalIdentifierCoseKeyResult
   }
 
   private async identifierExternalResolveByJwk(args: ExternalIdentifierJwkOpts, context: IAgentContext<any>): Promise<ExternalIdentifierJwkResult> {
-    return (await this.identifierResolveExternal({ ...args, method: 'jwk' }, context)) as ExternalIdentifierJwkResult
+    return (await this.identifierExternalResolve({ ...args, method: 'jwk' }, context)) as ExternalIdentifierJwkResult
   }
 
   private async identifierExternalResolveByOIDFEntityId(
     args: ExternalIdentifierOIDFEntityIdOpts,
     context: IAgentContext<any>
   ): Promise<ExternalIdentifierOIDFEntityIdResult> {
-    return (await this.identifierResolveExternal({ ...args, method: 'entity_id' }, context)) as ExternalIdentifierOIDFEntityIdResult
+    return (await this.identifierExternalResolve({ ...args, method: 'entity_id' }, context)) as ExternalIdentifierOIDFEntityIdResult
   }
 }

package/src/functions/externalIdentifierFunctions.ts

@@ -36,9 +36,10 @@ import {
 } from '../types'
 import { resolveExternalOIDFEntityIdIdentifier } from '.'
 
+import { webcrypto } from 'node:crypto'
 export async function resolveExternalIdentifier(
   opts: ExternalIdentifierOpts & {
-    crypto?: Crypto
+    crypto?: webcrypto.Crypto
   },
   context: IAgentContext<any>
 ): Promise<ExternalIdentifierResult> {
@@ -65,7 +66,7 @@ export async function resolveExternalIdentifier(
 
 export async function resolveExternalX5cIdentifier(
   opts: ExternalIdentifierX5cOpts & {
-    crypto?: Crypto
+    crypto?: webcrypto.Crypto
   },
   context: IAgentContext<IResolver & IDIDManager>
 ): Promise<ExternalIdentifierX5cResult> {
@@ -245,18 +246,24 @@ export async function resolveExternalDidIdentifier(
   const didDocument = didResolutionResult.didDocument ?? undefined
   const didJwks = didDocument ? didDocumentToJwks(didDocument) : undefined
   const jwks = didJwks
-    ? Array.from(new Set(Array.from(
-          Object.values(didJwks)
-            .filter((jwks) => isDefined(jwks) && jwks.length > 0)
-            .flatMap((jwks) => jwks)
-      ).flatMap((jwk) => {
-        return {
-          jwk,
-          jwkThumbprint: calculateJwkThumbprint({ jwk }),
-          kid: jwk.kid,
-          publicKeyHex: jwkTtoPublicKeyHex(jwk),
-        }
-      }).map(jwk => JSON.stringify(jwk)))).map((jwks) => JSON.parse(jwks))
+    ? Array.from(
+        new Set(
+          Array.from(
+            Object.values(didJwks)
+              .filter((jwks) => isDefined(jwks) && jwks.length > 0)
+              .flatMap((jwks) => jwks)
+          )
+            .flatMap((jwk) => {
+              return {
+                jwk,
+                jwkThumbprint: calculateJwkThumbprint({ jwk }),
+                kid: jwk.kid,
+                publicKeyHex: jwkTtoPublicKeyHex(jwk),
+              }
+            })
+            .map((jwk) => JSON.stringify(jwk))
+        )
+      ).map((jwks) => JSON.parse(jwks))
     : []
 
   if (didResolutionResult?.didDocument) {

package/src/functions/externalOIDFIdentifier.ts

@@ -2,8 +2,11 @@ import { ErrorMessage, ExternalIdentifierOIDFEntityIdOpts, ExternalIdentifierOID
 import { IAgentContext } from '@veramo/core'
 import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
-import { IJwsValidationResult } from '../types/IJwtService'
-
+import { IJwsValidationResult, JwsPayload } from '../types/IJwtService'
+// @ts-ignore
+import { fromString } from 'uint8arrays/from-string'
+// @ts-ignore
+import { toString } from 'uint8arrays/to-string'
 /**
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
  *
@@ -36,6 +39,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
   const errorList: Record<TrustedAnchor, ErrorMessage> = {}
   const jwkInfos: Array<ExternalJwkInfo> = []
 
+  let payload: JwsPayload | undefined
   for (const trustAnchor of trustAnchors) {
     const resolveResult = await context.agent.resolveTrustChain({
       entityIdentifier: identifier,
@@ -64,6 +68,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
         continue
       }
 
+      payload = JSON.parse(toString(fromString(jwtVerifyResult.jws.payload, 'base64url')))
       const signature = jwtVerifyResult.jws.signatures[0]
       if (signature.identifier.jwks.length === 0) {
         errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
@@ -83,6 +88,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
     trustedAnchors: Array.from(trustedAnchors),
     ...(Object.keys(errorList).length > 0 && { errorList }),
     jwks: jwkInfos,
+    jwtPayload: payload,
     trustEstablished: trustedAnchors.size > 0,
   }
 }

package/src/functions/managedIdentifierFunctions.ts

@@ -5,6 +5,7 @@ import { contextHasDidManager, contextHasKeyManager } from '@sphereon/ssi-sdk.ag
 import { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
 import { IAgentContext, IIdentifier, IKey, IKeyManager } from '@veramo/core'
 import { CryptoEngine, setEngine } from 'pkijs'
+import { webcrypto } from 'node:crypto'
 import {
   IIdentifierResolution,
   isManagedIdentifierCoseKeyOpts,
@@ -40,16 +41,29 @@ export async function getManagedKidIdentifier(
   context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierKidResult> {
   const method = 'kid'
+  let key: IKey | undefined = undefined
+  let issuer: string | undefined = undefined
+  let kid: string | undefined = undefined
   if (!contextHasKeyManager(context)) {
     return Promise.reject(Error(`Cannot get Key/JWK identifier if KeyManager plugin is not enabled!`))
   } else if (opts.identifier.startsWith('did:')) {
-    return Promise.reject(Error(`managed kid resolution called but a did url was passed in. Please call the did resolution method`))
+    const did = opts.identifier.split('#')[0]
+    const didIdentifier = await getManagedDidIdentifier({ ...opts, method: 'did', identifier: did }, context)
+    key = didIdentifier.key
+    issuer = didIdentifier.issuer
+    kid = opts?.kid ?? (key.meta?.verificationMethod?.id as string) ?? didIdentifier.kid
+  }
+  if (!key) {
+    key = await context.agent.keyManagerGet({ kid: opts.kmsKeyRef ?? opts.identifier })
   }
-  const key = await context.agent.keyManagerGet({ kid: opts.kmsKeyRef ?? opts.identifier })
   const jwk = toJwk(key.publicKeyHex, key.type, { key })
   const jwkThumbprint = (key.meta?.jwkThumbprint as string) ?? calculateJwkThumbprint({ jwk })
-  const kid = opts.kid ?? (key.meta?.verificationMethod?.id as string) ?? jwkThumbprint
-  const issuer = opts.issuer ?? kid // The different identifiers should set the value. Defaults to the kid
+  if (!kid) {
+    kid = opts.kid ?? (key.meta?.verificationMethod?.id as string) ?? key.kid ?? jwkThumbprint
+  }
+  if (!issuer) {
+    issuer = opts.issuer ?? kid // The different identifiers should set the value. Defaults to the kid
+  }
   return {
     method,
     key,
@@ -67,7 +81,7 @@ export async function getManagedKidIdentifier(
 
 export function isManagedIdentifierResult(
   identifier: ManagedIdentifierOptsOrResult & {
-    crypto?: Crypto
+    crypto?: webcrypto.Crypto
   }
 ): identifier is ManagedIdentifierResult {
   return 'key' in identifier && 'kmsKeyRef' in identifier && 'method' in identifier && 'opts' in identifier && 'jwkThumbprint' in identifier
@@ -80,7 +94,7 @@ export function isManagedIdentifierResult(
  */
 export async function ensureManagedIdentifierResult(
   identifier: ManagedIdentifierOptsOrResult & {
-    crypto?: Crypto
+    crypto?: webcrypto.Crypto
   },
   context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierResult> {
@@ -234,7 +248,7 @@ export async function getManagedJwkIdentifier(
 
 export async function getManagedX5cIdentifier(
   opts: ManagedIdentifierX5cOpts & {
-    crypto?: Crypto
+    crypto?: webcrypto.Crypto
   },
   context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierX5cResult> {
@@ -318,7 +332,7 @@ export async function getManagedOID4VCIssuerIdentifier(
 
 export async function getManagedIdentifier(
   opts: ManagedIdentifierOptsOrResult & {
-    crypto?: Crypto
+    crypto?: webcrypto.Crypto
   },
   context: IAgentContext<IKeyManager>
 ): Promise<ManagedIdentifierResult> {

package/src/index.ts

@@ -6,6 +6,6 @@ export { schema }
 /**
  * @public
  */
+export * from './types'
 export { IdentifierResolution } from './agent/IdentifierResolution'
 export * from './functions'
-export * from './types'

package/src/types/IIdentifierResolution.ts

@@ -41,7 +41,7 @@ export const identifierResolutionContextMethods: Array<string> = [
   'identifierManagedGetByX5c',
   'identifierManagedGetByKey',
   'identifierManagedGetByOID4VCIssuer',
-  'identifierGetManagedByCoseKey',
+  'identifierManagedGetByCoseKey',
   'identifierExternalResolve',
   'identifierExternalResolveByDid',
   'identifierExternalResolveByX5c',

package/src/types/IJwtService.d.ts

@@ -1,5 +1,5 @@
 // Copy of jwt-service typings since we cannot include that as devDependency due to cyclic dep
-
+/*
 import {
   ExternalIdentifierDidOpts,
   ExternalIdentifierResult,
@@ -7,7 +7,7 @@ import {
   IIdentifierResolution,
   ManagedIdentifierOptsOrResult,
   ManagedIdentifierResult,
-} from '@sphereon/ssi-sdk-ext.identifier-resolution'
+} from '../types'*/
 import { ClientIdScheme } from '@sphereon/ssi-sdk-ext.x509-utils'
 import { BaseJWK, IValidationResult, JoseSignatureAlgorithm, JoseSignatureAlgorithmString, JWK } from '@sphereon/ssi-types'
 import { IAgentContext, IKeyManager, IPluginMethodMap } from '@veramo/core'
@@ -25,6 +25,7 @@ export interface IJwtService extends IPluginMethodMap {
 export type IJwsValidationResult = IValidationResult & {
   jws: JwsJsonGeneralWithIdentifiers
 }
+
 export interface PreparedJws {
   protectedHeader: JwsHeader
   payload: Uint8Array

package/src/types/externalIdentifierTypes.ts

@@ -14,6 +14,7 @@ import {
   isX5cIdentifier,
   JwkInfo,
 } from './common'
+import { JwsPayload } from './IJwtService'
 
 /**
  * Use whenever we need to resolve an external identifier. We can pass in kids, DIDs, and x5chains
@@ -172,6 +173,7 @@ export interface ExternalIdentifierOIDFEntityIdResult extends IExternalIdentifie
   method: 'entity_id'
   trustedAnchors: Array<TrustedAnchor>
   errorList?: Record<TrustedAnchor, ErrorMessage>
+  jwtPayload?: JwsPayload
   trustEstablished: boolean
 }
 

package/dist/agent/IdentifierResolution.d.ts

@@ -1,38 +0,0 @@
-import { IAgentPlugin } from '@veramo/core';
-import { IIdentifierResolution } from '../types';
-/**
- * @public
- */
-export declare class IdentifierResolution implements IAgentPlugin {
-    private readonly _crypto;
-    readonly schema: any;
-    readonly methods: IIdentifierResolution;
-    /**
-     * TODO: Add a cache, as we are retrieving the same keys/info quite often
-     */
-    constructor(opts?: {
-        crypto?: Crypto;
-    });
-    /**
-     * Main method for managed identifiers. We always go through this method (also the other methods below) as we want to
-     * integrate a plugin for anomaly detection. Having a single method helps
-     * @param args
-     * @param context
-     * @private
-     */
-    private identifierGetManaged;
-    private identifierGetManagedByDid;
-    private identifierGetManagedByKid;
-    private identifierGetManagedByKey;
-    private identifierGetManagedByCoseKey;
-    private identifierGetManagedByOID4VCIssuer;
-    private identifierGetManagedByJwk;
-    private identifierGetManagedByX5c;
-    private identifierResolveExternal;
-    private identifierExternalResolveByDid;
-    private identifierExternalResolveByX5c;
-    private identifierExternalResolveByCoseKey;
-    private identifierExternalResolveByJwk;
-    private identifierExternalResolveByOIDFEntityId;
-}
-//# sourceMappingURL=IdentifierResolution.d.ts.map

package/dist/agent/IdentifierResolution.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"IdentifierResolution.d.ts","sourceRoot":"","sources":["../../src/agent/IdentifierResolution.ts"],"names":[],"mappings":"AACA,OAAO,EAAiB,YAAY,EAA4B,MAAM,cAAc,CAAA;AAIpF,OAAO,EAWL,qBAAqB,EAiBtB,MAAM,UAAU,CAAA;AAGjB;;GAEG;AACH,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAEhC,QAAQ,CAAC,MAAM,MAAgC;IAC/C,QAAQ,CAAC,OAAO,EAAE,qBAAqB,CAkBtC;IAED;;OAEG;gBACS,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IAItC;;;;;;OAMG;YACW,oBAAoB;YAOpB,yBAAyB;YAOzB,yBAAyB;YAOzB,yBAAyB;YAOzB,6BAA6B;YAO7B,kCAAkC;YAOlC,yBAAyB;YAOzB,yBAAyB;YAOzB,yBAAyB;YAOzB,8BAA8B;YAI9B,8BAA8B;YAI9B,kCAAkC;YAOlC,8BAA8B;YAI9B,uCAAuC;CAMtD"}

package/dist/agent/IdentifierResolution.js

@@ -1,123 +0,0 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.IdentifierResolution = void 0;
-const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
-const __1 = require("..");
-const functions_1 = require("../functions");
-/**
- * @public
- */
-class IdentifierResolution {
-    /**
-     * TODO: Add a cache, as we are retrieving the same keys/info quite often
-     */
-    constructor(opts) {
-        this.schema = __1.schema.IMnemonicInfoGenerator;
-        this.methods = {
-            identifierManagedGet: this.identifierGetManaged.bind(this),
-            identifierManagedGetByDid: this.identifierGetManagedByDid.bind(this),
-            identifierManagedGetByKid: this.identifierGetManagedByKid.bind(this),
-            identifierManagedGetByJwk: this.identifierGetManagedByJwk.bind(this),
-            identifierManagedGetByX5c: this.identifierGetManagedByX5c.bind(this),
-            identifierManagedGetByKey: this.identifierGetManagedByKey.bind(this),
-            identifierManagedGetByCoseKey: this.identifierGetManagedByCoseKey.bind(this),
-            identifierManagedGetByOID4VCIssuer: this.identifierGetManagedByOID4VCIssuer.bind(this),
-            identifierExternalResolve: this.identifierResolveExternal.bind(this),
-            identifierExternalResolveByDid: this.identifierExternalResolveByDid.bind(this),
-            identifierExternalResolveByX5c: this.identifierExternalResolveByX5c.bind(this),
-            identifierExternalResolveByJwk: this.identifierExternalResolveByJwk.bind(this),
-            identifierExternalResolveByCoseKey: this.identifierExternalResolveByCoseKey.bind(this),
-            identifierExternalResolveByOIDFEntityId: this.identifierExternalResolveByOIDFEntityId.bind(this),
-            // todo: JWKSet, oidc-discovery, oid4vci-issuer etc. Anything we already can resolve and need keys of
-        };
-        this._crypto = (0, ssi_sdk_ext_key_utils_1.globalCrypto)(false, opts === null || opts === void 0 ? void 0 : opts.crypto);
-    }
-    /**
-     * Main method for managed identifiers. We always go through this method (also the other methods below) as we want to
-     * integrate a plugin for anomaly detection. Having a single method helps
-     * @param args
-     * @param context
-     * @private
-     */
-    identifierGetManaged(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, functions_1.ensureManagedIdentifierResult)(Object.assign(Object.assign({}, args), { crypto: this._crypto }), context);
-        });
-    }
-    identifierGetManagedByDid(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'did' }), context));
-        });
-    }
-    identifierGetManagedByKid(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'kid' }), context));
-        });
-    }
-    identifierGetManagedByKey(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'key' }), context));
-        });
-    }
-    identifierGetManagedByCoseKey(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'cose_key' }), context));
-        });
-    }
-    identifierGetManagedByOID4VCIssuer(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'oid4vci-issuer' }), context));
-        });
-    }
-    identifierGetManagedByJwk(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'jwk' }), context));
-        });
-    }
-    identifierGetManagedByX5c(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierGetManaged(Object.assign(Object.assign({}, args), { method: 'x5c' }), context));
-        });
-    }
-    identifierResolveExternal(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return yield (0, functions_1.resolveExternalIdentifier)(Object.assign(Object.assign({}, args), { crypto: this._crypto }), context);
-        });
-    }
-    identifierExternalResolveByDid(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierResolveExternal(Object.assign(Object.assign({}, args), { method: 'did' }), context));
-        });
-    }
-    identifierExternalResolveByX5c(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierResolveExternal(Object.assign(Object.assign({}, args), { method: 'x5c' }), context));
-        });
-    }
-    identifierExternalResolveByCoseKey(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierResolveExternal(Object.assign(Object.assign({}, args), { method: 'cose_key' }), context));
-        });
-    }
-    identifierExternalResolveByJwk(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierResolveExternal(Object.assign(Object.assign({}, args), { method: 'jwk' }), context));
-        });
-    }
-    identifierExternalResolveByOIDFEntityId(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return (yield this.identifierResolveExternal(Object.assign(Object.assign({}, args), { method: 'entity_id' }), context));
-        });
-    }
-}
-exports.IdentifierResolution = IdentifierResolution;
-//# sourceMappingURL=IdentifierResolution.js.map

package/dist/agent/IdentifierResolution.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"IdentifierResolution.js","sourceRoot":"","sources":["../../src/agent/IdentifierResolution.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2EAA8D;AAG9D,0BAA2B;AAC3B,4CAAuF;AAgCvF;;GAEG;AACH,MAAa,oBAAoB;IAwB/B;;OAEG;IACH,YAAY,IAA0B;QAxB7B,WAAM,GAAG,UAAM,CAAC,sBAAsB,CAAA;QACtC,YAAO,GAA0B;YACxC,oBAAoB,EAAE,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC1D,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,6BAA6B,EAAE,IAAI,CAAC,6BAA6B,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5E,kCAAkC,EAAE,IAAI,CAAC,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC;YAEtF,yBAAyB,EAAE,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC;YACpE,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9E,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9E,8BAA8B,EAAE,IAAI,CAAC,8BAA8B,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9E,kCAAkC,EAAE,IAAI,CAAC,kCAAkC,CAAC,IAAI,CAAC,IAAI,CAAC;YACtF,uCAAuC,EAAE,IAAI,CAAC,uCAAuC,CAAC,IAAI,CAAC,IAAI,CAAC;YAEhG,qGAAqG;SACtG,CAAA;QAMC,IAAI,CAAC,OAAO,GAAG,IAAA,oCAAY,EAAC,KAAK,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,CAAC,CAAA;IAClD,CAAC;IAED;;;;;;OAMG;IACW,oBAAoB,CAChC,IAAmC,EACnC,OAA2D;;YAE3D,OAAO,MAAM,IAAA,yCAA6B,kCAAM,IAAI,KAAE,MAAM,EAAE,IAAI,CAAC,OAAO,KAAI,OAAO,CAAC,CAAA;QACxF,CAAC;KAAA;IAEa,yBAAyB,CACrC,IAA8B,EAC9B,OAAyE;;YAEzE,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAA+B,CAAA;QAC7G,CAAC;KAAA;IAEa,yBAAyB,CACrC,IAA8B,EAC9B,OAA2D;;YAE3D,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAA+B,CAAA;QAC7G,CAAC;KAAA;IAEa,yBAAyB,CACrC,IAA8B,EAC9B,OAA2D;;YAE3D,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAA+B,CAAA;QAC7G,CAAC;KAAA;IAEa,6BAA6B,CACzC,IAAkC,EAClC,OAA2D;;YAE3D,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,UAAU,KAAI,OAAO,CAAC,CAAmC,CAAA;QACtH,CAAC;KAAA;IAEa,kCAAkC,CAC9C,IAAuC,EACvC,OAA2D;;YAE3D,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,gBAAgB,KAAI,OAAO,CAAC,CAAwC,CAAA;QACjI,CAAC;KAAA;IAEa,yBAAyB,CACrC,IAA8B,EAC9B,OAA2D;;YAE3D,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAA+B,CAAA;QAC7G,CAAC;KAAA;IAEa,yBAAyB,CACrC,IAA8B,EAC9B,OAA2D;;YAE3D,OAAO,CAAC,MAAM,IAAI,CAAC,oBAAoB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAA+B,CAAA;QAC7G,CAAC;KAAA;IAEa,yBAAyB,CACrC,IAA4B,EAC5B,OAAiD;;YAEjD,OAAO,MAAM,IAAA,qCAAyB,kCAAM,IAAI,KAAE,MAAM,EAAE,IAAI,CAAC,OAAO,KAAI,OAAO,CAAC,CAAA;QACpF,CAAC;KAAA;IAEa,8BAA8B,CAAC,IAA+B,EAAE,OAA2B;;YACvG,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAAgC,CAAA;QACnH,CAAC;KAAA;IAEa,8BAA8B,CAAC,IAA+B,EAAE,OAA2B;;YACvG,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAAgC,CAAA;QACnH,CAAC;KAAA;IAEa,kCAAkC,CAC9C,IAAmC,EACnC,OAA2B;;YAE3B,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,iCAAM,IAAI,KAAE,MAAM,EAAE,UAAU,KAAI,OAAO,CAAC,CAAoC,CAAA;QAC5H,CAAC;KAAA;IAEa,8BAA8B,CAAC,IAA+B,EAAE,OAA2B;;YACvG,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,iCAAM,IAAI,KAAE,MAAM,EAAE,KAAK,KAAI,OAAO,CAAC,CAAgC,CAAA;QACnH,CAAC;KAAA;IAEa,uCAAuC,CACnD,IAAwC,EACxC,OAA2B;;YAE3B,OAAO,CAAC,MAAM,IAAI,CAAC,yBAAyB,iCAAM,IAAI,KAAE,MAAM,EAAE,WAAW,KAAI,OAAO,CAAC,CAAyC,CAAA;QAClI,CAAC;KAAA;CACF;AA9HD,oDA8HC"}

package/dist/functions/LegacySupport.d.ts

@@ -1,12 +0,0 @@
-import { ManagedIdentifierOptsOrResult } from '../types';
-/**
- * Converts legacy id opts key refs to the new ManagedIdentifierOpts
- * @param opts
- */
-export declare function legacyKeyRefsToIdentifierOpts(opts: {
-    idOpts?: ManagedIdentifierOptsOrResult;
-    iss?: string;
-    keyRef?: string;
-    didOpts?: any;
-}): ManagedIdentifierOptsOrResult;
-//# sourceMappingURL=LegacySupport.d.ts.map

package/dist/functions/LegacySupport.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"LegacySupport.d.ts","sourceRoot":"","sources":["../../src/functions/LegacySupport.ts"],"names":[],"mappings":"AACA,OAAO,EAA4B,6BAA6B,EAAE,MAAM,UAAU,CAAA;AAElF;;;GAGG;AACH,wBAAgB,6BAA6B,CAAC,IAAI,EAAE;IAClD,MAAM,CAAC,EAAE,6BAA6B,CAAA;IACtC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,GAAG,CAAA;CACd,GAAG,6BAA6B,CAyChC"}

package/dist/functions/LegacySupport.js

@@ -1,39 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.legacyKeyRefsToIdentifierOpts = legacyKeyRefsToIdentifierOpts;
-/**
- * Converts legacy id opts key refs to the new ManagedIdentifierOpts
- * @param opts
- */
-function legacyKeyRefsToIdentifierOpts(opts) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q, _r;
-    if (!opts.idOpts) {
-        console.warn(`Legacy idOpts being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`);
-        // legacy way
-        let kmsKeyRef = (_j = (_f = (_d = (_a = opts.keyRef) !== null && _a !== void 0 ? _a : (_c = (_b = opts.didOpts) === null || _b === void 0 ? void 0 : _b.idOpts) === null || _c === void 0 ? void 0 : _c.kmsKeyRef) !== null && _d !== void 0 ? _d : (_e = opts.didOpts) === null || _e === void 0 ? void 0 : _e.kid) !== null && _f !== void 0 ? _f : (_h = (_g = opts.didOpts) === null || _g === void 0 ? void 0 : _g.idOpts) === null || _h === void 0 ? void 0 : _h.kid) !== null && _j !== void 0 ? _j : (typeof ((_l = (_k = opts.didOpts) === null || _k === void 0 ? void 0 : _k.idOpts) === null || _l === void 0 ? void 0 : _l.identifier) === 'object' ? opts.didOpts.idOpts.identifier.keys[0].kid : undefined);
-        if (!kmsKeyRef) {
-            throw Error('Key ref is needed for access token signer');
-        }
-        let identifier = ((_o = (_m = opts.didOpts) === null || _m === void 0 ? void 0 : _m.identifier) !== null && _o !== void 0 ? _o : (_q = (_p = opts.didOpts) === null || _p === void 0 ? void 0 : _p.idOpts) === null || _q === void 0 ? void 0 : _q.identifier);
-        return {
-            kmsKeyRef: (_r = opts.keyRef) !== null && _r !== void 0 ? _r : kmsKeyRef,
-            identifier: identifier !== null && identifier !== void 0 ? identifier : kmsKeyRef,
-            issuer: opts.iss,
-        };
-    }
-    else {
-        const idOpts = opts.idOpts;
-        if (opts.keyRef && !idOpts.kmsKeyRef) {
-            // legacy way
-            console.warn(`Legacy keyRef being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`);
-            idOpts.kmsKeyRef = opts.keyRef;
-        }
-        if (opts.iss && !idOpts.issuer) {
-            // legacy way
-            console.warn(`Legacy iss being used. Support will be dropped in the future. Consider switching to the idOpts, to have support for DIDs, JWKS, x5c etc. See https://github.com/Sphereon-Opensource/SSI-SDK-crypto-extensions/tree/feature/multi_identifier_support/packages/identifier-resolution`);
-            idOpts.issuer = opts.iss;
-        }
-        return idOpts;
-    }
-}
-//# sourceMappingURL=LegacySupport.js.map

package/dist/functions/LegacySupport.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"LegacySupport.js","sourceRoot":"","sources":["../../src/functions/LegacySupport.ts"],"names":[],"mappings":";;AAOA,sEA8CC;AAlDD;;;GAGG;AACH,SAAgB,6BAA6B,CAAC,IAK7C;;IACC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CACV,uRAAuR,CACxR,CAAA;QACD,aAAa;QACb,IAAI,SAAS,GACX,MAAA,MAAA,MAAA,MAAA,IAAI,CAAC,MAAM,mCACX,MAAA,MAAA,IAAI,CAAC,OAAO,0CAAE,MAAM,0CAAE,SAAS,mCAC/B,MAAA,IAAI,CAAC,OAAO,0CAAE,GAAG,mCACjB,MAAA,MAAA,IAAI,CAAC,OAAO,0CAAE,MAAM,0CAAE,GAAG,mCACzB,CAAC,OAAO,CAAA,MAAA,MAAA,IAAI,CAAC,OAAO,0CAAE,MAAM,0CAAE,UAAU,CAAA,KAAK,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,UAA0B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAA;QAClI,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,KAAK,CAAC,2CAA2C,CAAC,CAAA;QAC1D,CAAC;QACD,IAAI,UAAU,GAAG,CAAC,MAAA,MAAA,IAAI,CAAC,OAAO,0CAAE,UAAU,mCAAI,MAAA,MAAA,IAAI,CAAC,OAAO,0CAAE,MAAM,0CAAE,UAAU,CAA4B,CAAA;QAE1G,OAAO;YACL,SAAS,EAAE,MAAA,IAAI,CAAC,MAAM,mCAAI,SAAS;YACnC,UAAU,EAAE,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,SAAS;YACnC,MAAM,EAAE,IAAI,CAAC,GAAG;SACkB,CAAA;IACtC,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;QAC1B,IAAI,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACrC,aAAa;YACb,OAAO,CAAC,IAAI,CACV,uRAAuR,CACxR,CAAA;YACD,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM,CAAA;QAChC,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAC/B,aAAa;YACb,OAAO,CAAC,IAAI,CACV,oRAAoR,CACrR,CAAA;YACD,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAA;QAC1B,CAAC;QAED,OAAO,MAAM,CAAA;IACf,CAAC;AACH,CAAC"}