@sphereon/ssi-sdk-ext.identifier-resolution 0.36.1-feature.integration.fides.68 → 0.36.1-feature.integration.fides.74
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +37 -3
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +37 -3
- package/dist/index.js.map +1 -1
- package/package.json +13 -13
- package/src/functions/managedIdentifierFunctions.ts +56 -8
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.identifier-resolution",
|
|
3
|
-
"version": "0.36.1-feature.integration.fides.
|
|
3
|
+
"version": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
4
4
|
"source": "./src/index.ts",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -27,12 +27,12 @@
|
|
|
27
27
|
"generate-plugin-schema": "tsx ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.36.1-feature.integration.fides.
|
|
31
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feature.integration.fides.
|
|
32
|
-
"@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-feature.integration.fides.
|
|
33
|
-
"@sphereon/ssi-sdk.agent-config": "0.36.1-feature.integration.fides.
|
|
34
|
-
"@sphereon/ssi-sdk.oidf-client": "0.36.1-feature.integration.fides.
|
|
35
|
-
"@sphereon/ssi-types": "0.36.1-feature.integration.fides.
|
|
30
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
31
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
32
|
+
"@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
33
|
+
"@sphereon/ssi-sdk.agent-config": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
34
|
+
"@sphereon/ssi-sdk.oidf-client": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
35
|
+
"@sphereon/ssi-types": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
36
36
|
"@veramo/core": "4.2.0",
|
|
37
37
|
"@veramo/utils": "4.2.0",
|
|
38
38
|
"debug": "^4.3.4",
|
|
@@ -40,11 +40,11 @@
|
|
|
40
40
|
"uint8arrays": "3.1.1"
|
|
41
41
|
},
|
|
42
42
|
"devDependencies": {
|
|
43
|
-
"@sphereon/ssi-sdk-ext.did-provider-jwk": "0.36.1-feature.integration.fides.
|
|
44
|
-
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-feature.integration.fides.
|
|
45
|
-
"@sphereon/ssi-sdk-ext.key-manager": "0.36.1-feature.integration.fides.
|
|
46
|
-
"@sphereon/ssi-sdk-ext.kms-local": "0.36.1-feature.integration.fides.
|
|
47
|
-
"@sphereon/ssi-sdk.dev": "0.36.1-feature.integration.fides.
|
|
43
|
+
"@sphereon/ssi-sdk-ext.did-provider-jwk": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
44
|
+
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
45
|
+
"@sphereon/ssi-sdk-ext.key-manager": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
46
|
+
"@sphereon/ssi-sdk-ext.kms-local": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
47
|
+
"@sphereon/ssi-sdk.dev": "0.36.1-feature.integration.fides.74+0d17e392",
|
|
48
48
|
"@veramo/data-store": "4.2.0",
|
|
49
49
|
"@veramo/did-manager": "4.2.0",
|
|
50
50
|
"@veramo/did-resolver": "4.2.0",
|
|
@@ -78,5 +78,5 @@
|
|
|
78
78
|
"X.509 Certificates",
|
|
79
79
|
"ARF"
|
|
80
80
|
],
|
|
81
|
-
"gitHead": "
|
|
81
|
+
"gitHead": "0d17e392eadbabaf626832e1841493cc29be7787"
|
|
82
82
|
}
|
|
@@ -4,38 +4,37 @@ import { pemOrDerToX509Certificate } from '@sphereon/ssi-sdk-ext.x509-utils'
|
|
|
4
4
|
import { contextHasDidManager, contextHasKeyManager } from '@sphereon/ssi-sdk.agent-config'
|
|
5
5
|
import type { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
|
|
6
6
|
import type { IAgentContext, IIdentifier, IKey, IKeyManager } from '@veramo/core'
|
|
7
|
-
import { CryptoEngine, setEngine } from 'pkijs'
|
|
8
7
|
import { webcrypto } from 'node:crypto'
|
|
8
|
+
import { CryptoEngine, setEngine } from 'pkijs'
|
|
9
9
|
import type {
|
|
10
10
|
IIdentifierResolution,
|
|
11
11
|
ManagedIdentifierCoseKeyOpts,
|
|
12
12
|
ManagedIdentifierCoseKeyResult,
|
|
13
13
|
ManagedIdentifierDidOpts,
|
|
14
14
|
ManagedIdentifierDidResult,
|
|
15
|
-
ManagedIdentifierOID4VCIssuerOpts,
|
|
16
|
-
ManagedIdentifierOID4VCIssuerResult,
|
|
17
15
|
ManagedIdentifierJwkOpts,
|
|
18
16
|
ManagedIdentifierJwkResult,
|
|
19
17
|
ManagedIdentifierKeyOpts,
|
|
20
18
|
ManagedIdentifierKeyResult,
|
|
21
19
|
ManagedIdentifierKidOpts,
|
|
22
20
|
ManagedIdentifierKidResult,
|
|
21
|
+
ManagedIdentifierOID4VCIssuerOpts,
|
|
22
|
+
ManagedIdentifierOID4VCIssuerResult,
|
|
23
23
|
ManagedIdentifierOptsOrResult,
|
|
24
24
|
ManagedIdentifierResult,
|
|
25
25
|
ManagedIdentifierX5cOpts,
|
|
26
26
|
ManagedIdentifierX5cResult,
|
|
27
27
|
} from '../types'
|
|
28
|
-
|
|
29
28
|
import {
|
|
30
29
|
isManagedIdentifierCoseKeyOpts,
|
|
31
30
|
isManagedIdentifierDidOpts,
|
|
32
31
|
isManagedIdentifierDidResult,
|
|
33
|
-
isManagedIdentifierOID4VCIssuerOpts,
|
|
34
32
|
isManagedIdentifierJwkOpts,
|
|
35
33
|
isManagedIdentifierJwkResult,
|
|
36
34
|
isManagedIdentifierKeyOpts,
|
|
37
35
|
isManagedIdentifierKeyResult,
|
|
38
36
|
isManagedIdentifierKidOpts,
|
|
37
|
+
isManagedIdentifierOID4VCIssuerOpts,
|
|
39
38
|
isManagedIdentifierX5cOpts,
|
|
40
39
|
} from '../types'
|
|
41
40
|
|
|
@@ -183,7 +182,6 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
183
182
|
}
|
|
184
183
|
|
|
185
184
|
const did = identifier.did
|
|
186
|
-
const keys = identifier?.keys // fixme: We really want to return the vmRelationship keys here actually
|
|
187
185
|
const extendedKey = await getFirstKeyWithRelation(
|
|
188
186
|
{
|
|
189
187
|
...opts,
|
|
@@ -195,7 +193,6 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
195
193
|
context,
|
|
196
194
|
)
|
|
197
195
|
const key = extendedKey
|
|
198
|
-
const controllerKeyId = identifier.controllerKeyId
|
|
199
196
|
const jwk = toJwk(key.publicKeyHex, key.type, { key })
|
|
200
197
|
const jwkThumbprint = key.meta?.jwkThumbprint ?? calculateJwkThumbprint({ jwk })
|
|
201
198
|
let kid = opts.kid ?? extendedKey.meta?.verificationMethod?.id
|
|
@@ -205,6 +202,57 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
205
202
|
kid = `${did}${hash}${kid}`
|
|
206
203
|
}
|
|
207
204
|
const issuer = opts.issuer ?? did
|
|
205
|
+
|
|
206
|
+
// filter keys based on the criteria
|
|
207
|
+
let filteredKeys = identifier?.keys ?? []
|
|
208
|
+
|
|
209
|
+
// first try to filter by kmsKeyRef if supplied
|
|
210
|
+
if (opts.kmsKeyRef) {
|
|
211
|
+
const keysByKmsKeyRef = filteredKeys.filter((k) => k.kid === opts.kmsKeyRef)
|
|
212
|
+
if (keysByKmsKeyRef.length > 0) {
|
|
213
|
+
filteredKeys = keysByKmsKeyRef
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
// no match or kmsKeyRef not supplied, try vmRelationship
|
|
218
|
+
if (filteredKeys.length === identifier?.keys?.length && opts.vmRelationship) {
|
|
219
|
+
const keysByVmRelationship = filteredKeys.filter((k) => {
|
|
220
|
+
const purposes = k.meta?.purposes
|
|
221
|
+
if (!purposes || purposes.length === 0) {
|
|
222
|
+
return opts.vmRelationship === 'verificationMethod'
|
|
223
|
+
}
|
|
224
|
+
return purposes.includes(opts.vmRelationship!)
|
|
225
|
+
})
|
|
226
|
+
if (keysByVmRelationship.length > 0) {
|
|
227
|
+
filteredKeys = keysByVmRelationship
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
//no match, try to filter by fragment from opts.identifier (if it's a string with fragment)
|
|
232
|
+
if (filteredKeys.length === identifier?.keys?.length && typeof opts.identifier === 'string' && opts.identifier.includes('#')) {
|
|
233
|
+
const fragment = opts.identifier.split('#')[1]
|
|
234
|
+
const keysByFragment = filteredKeys.filter((k) => {
|
|
235
|
+
const vmId = k.meta?.verificationMethod?.id
|
|
236
|
+
return vmId === `${did}#${fragment}` || vmId === fragment || k.kid === fragment
|
|
237
|
+
})
|
|
238
|
+
if (keysByFragment.length > 0) {
|
|
239
|
+
filteredKeys = keysByFragment
|
|
240
|
+
}
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
// fall back to original keys if no filtering occurred
|
|
244
|
+
const keys = filteredKeys
|
|
245
|
+
|
|
246
|
+
// Update controllerKeyId to match the selected key
|
|
247
|
+
const controllerKeyId = key.kid
|
|
248
|
+
|
|
249
|
+
// update the identifier object with filtered keys and updated controllerKeyId
|
|
250
|
+
const filteredIdentifier: IIdentifier = {
|
|
251
|
+
...identifier,
|
|
252
|
+
keys: filteredKeys,
|
|
253
|
+
controllerKeyId,
|
|
254
|
+
}
|
|
255
|
+
|
|
208
256
|
return {
|
|
209
257
|
method,
|
|
210
258
|
key,
|
|
@@ -216,7 +264,7 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
216
264
|
kid,
|
|
217
265
|
keys,
|
|
218
266
|
issuer,
|
|
219
|
-
identifier,
|
|
267
|
+
identifier: filteredIdentifier,
|
|
220
268
|
clientId: opts.clientId,
|
|
221
269
|
clientIdScheme: opts.clientIdScheme,
|
|
222
270
|
opts,
|