@sphereon/ssi-sdk-ext.identifier-resolution 0.36.1-next.11 → 0.36.1-next.113
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +53 -10
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +53 -10
- package/dist/index.js.map +1 -1
- package/package.json +13 -13
- package/plugin.schema.json +2 -2
- package/src/functions/externalIdentifierFunctions.ts +7 -0
- package/src/functions/managedIdentifierFunctions.ts +65 -12
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk-ext.identifier-resolution",
|
|
3
|
-
"version": "0.36.1-next.
|
|
3
|
+
"version": "0.36.1-next.113+e4111993",
|
|
4
4
|
"source": "./src/index.ts",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -27,12 +27,12 @@
|
|
|
27
27
|
"generate-plugin-schema": "tsx ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.
|
|
31
|
-
"@sphereon/ssi-sdk-ext.key-utils": "0.36.1-next.
|
|
32
|
-
"@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-next.
|
|
33
|
-
"@sphereon/ssi-sdk.agent-config": "0.36.1-next.
|
|
34
|
-
"@sphereon/ssi-sdk.oidf-client": "0.36.1-next.
|
|
35
|
-
"@sphereon/ssi-types": "0.36.1-next.
|
|
30
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.113+e4111993",
|
|
31
|
+
"@sphereon/ssi-sdk-ext.key-utils": "0.36.1-next.113+e4111993",
|
|
32
|
+
"@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-next.113+e4111993",
|
|
33
|
+
"@sphereon/ssi-sdk.agent-config": "0.36.1-next.113+e4111993",
|
|
34
|
+
"@sphereon/ssi-sdk.oidf-client": "0.36.1-next.113+e4111993",
|
|
35
|
+
"@sphereon/ssi-types": "0.36.1-next.113+e4111993",
|
|
36
36
|
"@veramo/core": "4.2.0",
|
|
37
37
|
"@veramo/utils": "4.2.0",
|
|
38
38
|
"debug": "^4.3.4",
|
|
@@ -40,11 +40,11 @@
|
|
|
40
40
|
"uint8arrays": "3.1.1"
|
|
41
41
|
},
|
|
42
42
|
"devDependencies": {
|
|
43
|
-
"@sphereon/ssi-sdk-ext.did-provider-jwk": "0.36.1-next.
|
|
44
|
-
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-next.
|
|
45
|
-
"@sphereon/ssi-sdk-ext.key-manager": "0.36.1-next.
|
|
46
|
-
"@sphereon/ssi-sdk-ext.kms-local": "0.36.1-next.
|
|
47
|
-
"@sphereon/ssi-sdk.dev": "0.36.1-next.
|
|
43
|
+
"@sphereon/ssi-sdk-ext.did-provider-jwk": "0.36.1-next.113+e4111993",
|
|
44
|
+
"@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-next.113+e4111993",
|
|
45
|
+
"@sphereon/ssi-sdk-ext.key-manager": "0.36.1-next.113+e4111993",
|
|
46
|
+
"@sphereon/ssi-sdk-ext.kms-local": "0.36.1-next.113+e4111993",
|
|
47
|
+
"@sphereon/ssi-sdk.dev": "0.36.1-next.113+e4111993",
|
|
48
48
|
"@veramo/data-store": "4.2.0",
|
|
49
49
|
"@veramo/did-manager": "4.2.0",
|
|
50
50
|
"@veramo/did-resolver": "4.2.0",
|
|
@@ -78,5 +78,5 @@
|
|
|
78
78
|
"X.509 Certificates",
|
|
79
79
|
"ARF"
|
|
80
80
|
],
|
|
81
|
-
"gitHead": "
|
|
81
|
+
"gitHead": "e4111993609fb157be593a2933454bbb2384a60b"
|
|
82
82
|
}
|
package/plugin.schema.json
CHANGED
|
@@ -1052,9 +1052,9 @@
|
|
|
1052
1052
|
"type": "object"
|
|
1053
1053
|
},
|
|
1054
1054
|
"DidDocumentJwks": {
|
|
1055
|
-
"$ref": "#/components/schemas/Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-
|
|
1055
|
+
"$ref": "#/components/schemas/Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-36172-36897-.ts-0-63936[]>"
|
|
1056
1056
|
},
|
|
1057
|
-
"Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-
|
|
1057
|
+
"Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-36172-36897-.ts-0-63936[]>": {
|
|
1058
1058
|
"type": "object",
|
|
1059
1059
|
"properties": {
|
|
1060
1060
|
"verificationMethod": {
|
|
@@ -255,6 +255,13 @@ export async function resolveExternalDidIdentifier(
|
|
|
255
255
|
.filter((jwks) => isDefined(jwks) && jwks.length > 0)
|
|
256
256
|
.flatMap((jwks) => jwks),
|
|
257
257
|
)
|
|
258
|
+
.filter((jwk) => {
|
|
259
|
+
if (!didParsed.fragment) {
|
|
260
|
+
return true
|
|
261
|
+
}
|
|
262
|
+
const fullKid = `${didParsed.did}#${didParsed.fragment}`
|
|
263
|
+
return jwk.kid === fullKid || jwk.kid === didParsed.fragment
|
|
264
|
+
})
|
|
258
265
|
.flatMap((jwk) => {
|
|
259
266
|
return {
|
|
260
267
|
jwk,
|
|
@@ -4,38 +4,37 @@ import { pemOrDerToX509Certificate } from '@sphereon/ssi-sdk-ext.x509-utils'
|
|
|
4
4
|
import { contextHasDidManager, contextHasKeyManager } from '@sphereon/ssi-sdk.agent-config'
|
|
5
5
|
import type { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
|
|
6
6
|
import type { IAgentContext, IIdentifier, IKey, IKeyManager } from '@veramo/core'
|
|
7
|
-
import { CryptoEngine, setEngine } from 'pkijs'
|
|
8
7
|
import { webcrypto } from 'node:crypto'
|
|
8
|
+
import { CryptoEngine, setEngine } from 'pkijs'
|
|
9
9
|
import type {
|
|
10
10
|
IIdentifierResolution,
|
|
11
11
|
ManagedIdentifierCoseKeyOpts,
|
|
12
12
|
ManagedIdentifierCoseKeyResult,
|
|
13
13
|
ManagedIdentifierDidOpts,
|
|
14
14
|
ManagedIdentifierDidResult,
|
|
15
|
-
ManagedIdentifierOID4VCIssuerOpts,
|
|
16
|
-
ManagedIdentifierOID4VCIssuerResult,
|
|
17
15
|
ManagedIdentifierJwkOpts,
|
|
18
16
|
ManagedIdentifierJwkResult,
|
|
19
17
|
ManagedIdentifierKeyOpts,
|
|
20
18
|
ManagedIdentifierKeyResult,
|
|
21
19
|
ManagedIdentifierKidOpts,
|
|
22
20
|
ManagedIdentifierKidResult,
|
|
21
|
+
ManagedIdentifierOID4VCIssuerOpts,
|
|
22
|
+
ManagedIdentifierOID4VCIssuerResult,
|
|
23
23
|
ManagedIdentifierOptsOrResult,
|
|
24
24
|
ManagedIdentifierResult,
|
|
25
25
|
ManagedIdentifierX5cOpts,
|
|
26
26
|
ManagedIdentifierX5cResult,
|
|
27
27
|
} from '../types'
|
|
28
|
-
|
|
29
28
|
import {
|
|
30
29
|
isManagedIdentifierCoseKeyOpts,
|
|
31
30
|
isManagedIdentifierDidOpts,
|
|
32
31
|
isManagedIdentifierDidResult,
|
|
33
|
-
isManagedIdentifierOID4VCIssuerOpts,
|
|
34
32
|
isManagedIdentifierJwkOpts,
|
|
35
33
|
isManagedIdentifierJwkResult,
|
|
36
34
|
isManagedIdentifierKeyOpts,
|
|
37
35
|
isManagedIdentifierKeyResult,
|
|
38
36
|
isManagedIdentifierKidOpts,
|
|
37
|
+
isManagedIdentifierOID4VCIssuerOpts,
|
|
39
38
|
isManagedIdentifierX5cOpts,
|
|
40
39
|
} from '../types'
|
|
41
40
|
|
|
@@ -183,7 +182,6 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
183
182
|
}
|
|
184
183
|
|
|
185
184
|
const did = identifier.did
|
|
186
|
-
const keys = identifier?.keys // fixme: We really want to return the vmRelationship keys here actually
|
|
187
185
|
const extendedKey = await getFirstKeyWithRelation(
|
|
188
186
|
{
|
|
189
187
|
...opts,
|
|
@@ -195,16 +193,71 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
195
193
|
context,
|
|
196
194
|
)
|
|
197
195
|
const key = extendedKey
|
|
198
|
-
const controllerKeyId = identifier.controllerKeyId
|
|
199
196
|
const jwk = toJwk(key.publicKeyHex, key.type, { key })
|
|
200
197
|
const jwkThumbprint = key.meta?.jwkThumbprint ?? calculateJwkThumbprint({ jwk })
|
|
201
|
-
let kid = opts.kid ?? extendedKey.meta?.verificationMethod?.id
|
|
202
|
-
if (!kid.startsWith(did)) {
|
|
198
|
+
let kid = opts.kid ?? extendedKey.meta?.verificationMethod?.id ?? extendedKey.kid
|
|
199
|
+
if (kid && !kid.startsWith(did)) {
|
|
203
200
|
// Make sure we create a fully qualified kid
|
|
204
201
|
const hash = kid.startsWith('#') ? '' : '#'
|
|
205
202
|
kid = `${did}${hash}${kid}`
|
|
206
203
|
}
|
|
207
204
|
const issuer = opts.issuer ?? did
|
|
205
|
+
|
|
206
|
+
// filter keys based on the criteria
|
|
207
|
+
let filteredKeys = identifier?.keys ?? []
|
|
208
|
+
|
|
209
|
+
// Use a flag to track if we have successfully applied a specific filter
|
|
210
|
+
let isFiltered = false
|
|
211
|
+
|
|
212
|
+
// first try to filter by kmsKeyRef if supplied
|
|
213
|
+
if (opts.kmsKeyRef) {
|
|
214
|
+
const keysByKmsKeyRef = filteredKeys.filter((k) => k.kid === opts.kmsKeyRef)
|
|
215
|
+
if (keysByKmsKeyRef.length > 0) {
|
|
216
|
+
filteredKeys = keysByKmsKeyRef
|
|
217
|
+
isFiltered = true
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
// no match or kmsKeyRef not supplied, try vmRelationship
|
|
222
|
+
if (!isFiltered && opts.vmRelationship) {
|
|
223
|
+
const keysByVmRelationship = filteredKeys.filter((k) => {
|
|
224
|
+
const purposes = k.meta?.purposes
|
|
225
|
+
if (!purposes || purposes.length === 0) {
|
|
226
|
+
return opts.vmRelationship === 'verificationMethod'
|
|
227
|
+
}
|
|
228
|
+
return purposes.includes(opts.vmRelationship!)
|
|
229
|
+
})
|
|
230
|
+
if (keysByVmRelationship.length > 0) {
|
|
231
|
+
filteredKeys = keysByVmRelationship
|
|
232
|
+
isFiltered = true
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
|
|
236
|
+
//no match, try to filter by fragment from opts.identifier (if it's a string with fragment)
|
|
237
|
+
if (!isFiltered && typeof opts.identifier === 'string' && opts.identifier.includes('#')) {
|
|
238
|
+
const fragment = opts.identifier.split('#')[1]
|
|
239
|
+
const keysByFragment = filteredKeys.filter((k) => {
|
|
240
|
+
const vmId = k.meta?.verificationMethod?.id
|
|
241
|
+
return vmId === `${did}#${fragment}` || vmId === fragment || k.kid === fragment
|
|
242
|
+
})
|
|
243
|
+
if (keysByFragment.length > 0) {
|
|
244
|
+
filteredKeys = keysByFragment
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
// Use the filtered keys (or original keys if no filtering occurred)
|
|
249
|
+
const keys = filteredKeys
|
|
250
|
+
|
|
251
|
+
// Update controllerKeyId to match the selected key
|
|
252
|
+
const controllerKeyId = key.kid
|
|
253
|
+
|
|
254
|
+
// update the identifier object with filtered keys and updated controllerKeyId
|
|
255
|
+
const filteredIdentifier: IIdentifier = {
|
|
256
|
+
...identifier,
|
|
257
|
+
keys: filteredKeys,
|
|
258
|
+
controllerKeyId,
|
|
259
|
+
}
|
|
260
|
+
|
|
208
261
|
return {
|
|
209
262
|
method,
|
|
210
263
|
key,
|
|
@@ -216,7 +269,7 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
|
|
|
216
269
|
kid,
|
|
217
270
|
keys,
|
|
218
271
|
issuer,
|
|
219
|
-
identifier,
|
|
272
|
+
identifier: filteredIdentifier,
|
|
220
273
|
clientId: opts.clientId,
|
|
221
274
|
clientIdScheme: opts.clientIdScheme,
|
|
222
275
|
opts,
|
|
@@ -341,10 +394,10 @@ export async function getManagedIdentifier(
|
|
|
341
394
|
},
|
|
342
395
|
context: IAgentContext<IKeyManager>,
|
|
343
396
|
): Promise<ManagedIdentifierResult> {
|
|
344
|
-
let resolutionResult: ManagedIdentifierResult
|
|
345
397
|
if (isManagedIdentifierResult(opts)) {
|
|
346
|
-
opts
|
|
398
|
+
return opts
|
|
347
399
|
}
|
|
400
|
+
let resolutionResult: ManagedIdentifierResult
|
|
348
401
|
if (isManagedIdentifierKidOpts(opts)) {
|
|
349
402
|
resolutionResult = await getManagedKidIdentifier(opts, context)
|
|
350
403
|
} else if (isManagedIdentifierDidOpts(opts)) {
|