@sphereon/ssi-sdk-ext.identifier-resolution 0.36.1-next.50 → 0.36.1-next.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +46 -9
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.js +46 -9
  4. package/dist/index.js.map +1 -1
  5. package/package.json +13 -13
  6. package/plugin.schema.json +2 -2
  7. package/src/functions/managedIdentifierFunctions.ts +65 -12
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk-ext.identifier-resolution",
3
- "version": "0.36.1-next.50+49074a02",
3
+ "version": "0.36.1-next.70+6dc79789",
4
4
  "source": "./src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -27,12 +27,12 @@
27
27
  "generate-plugin-schema": "tsx ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
28
28
  },
29
29
  "dependencies": {
30
- "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.50+49074a02",
31
- "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-next.50+49074a02",
32
- "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-next.50+49074a02",
33
- "@sphereon/ssi-sdk.agent-config": "0.36.1-next.50+49074a02",
34
- "@sphereon/ssi-sdk.oidf-client": "0.36.1-next.50+49074a02",
35
- "@sphereon/ssi-types": "0.36.1-next.50+49074a02",
30
+ "@sphereon/ssi-sdk-ext.did-utils": "0.36.1-next.70+6dc79789",
31
+ "@sphereon/ssi-sdk-ext.key-utils": "0.36.1-next.70+6dc79789",
32
+ "@sphereon/ssi-sdk-ext.x509-utils": "0.36.1-next.70+6dc79789",
33
+ "@sphereon/ssi-sdk.agent-config": "0.36.1-next.70+6dc79789",
34
+ "@sphereon/ssi-sdk.oidf-client": "0.36.1-next.70+6dc79789",
35
+ "@sphereon/ssi-types": "0.36.1-next.70+6dc79789",
36
36
  "@veramo/core": "4.2.0",
37
37
  "@veramo/utils": "4.2.0",
38
38
  "debug": "^4.3.4",
@@ -40,11 +40,11 @@
40
40
  "uint8arrays": "3.1.1"
41
41
  },
42
42
  "devDependencies": {
43
- "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.36.1-next.50+49074a02",
44
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-next.50+49074a02",
45
- "@sphereon/ssi-sdk-ext.key-manager": "0.36.1-next.50+49074a02",
46
- "@sphereon/ssi-sdk-ext.kms-local": "0.36.1-next.50+49074a02",
47
- "@sphereon/ssi-sdk.dev": "0.36.1-next.50+49074a02",
43
+ "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.36.1-next.70+6dc79789",
44
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.36.1-next.70+6dc79789",
45
+ "@sphereon/ssi-sdk-ext.key-manager": "0.36.1-next.70+6dc79789",
46
+ "@sphereon/ssi-sdk-ext.kms-local": "0.36.1-next.70+6dc79789",
47
+ "@sphereon/ssi-sdk.dev": "0.36.1-next.70+6dc79789",
48
48
  "@veramo/data-store": "4.2.0",
49
49
  "@veramo/did-manager": "4.2.0",
50
50
  "@veramo/did-resolver": "4.2.0",
@@ -78,5 +78,5 @@
78
78
  "X.509 Certificates",
79
79
  "ARF"
80
80
  ],
81
- "gitHead": "49074a0266b42bdd8012e0872d471f655a0b5736"
81
+ "gitHead": "6dc79789e21f41b193a6e604c132d24130748fa5"
82
82
  }
package/plugin.schema.json CHANGED
@@ -1052,9 +1052,9 @@
1052
1052
  "type": "object"
1053
1053
  },
1054
1054
  "DidDocumentJwks": {
1055
- "$ref": "#/components/schemas/Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-36152-36877-.ts-0-63876[]>"
1055
+ "$ref": "#/components/schemas/Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-36172-36897-.ts-0-63936[]>"
1056
1056
  },
1057
- "Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-36152-36877-.ts-0-63876[]>": {
1057
+ "Record<Exclude<DIDDocumentSection,(\"publicKey\"|\"service\")>,def-interface-.ts-36172-36897-.ts-0-63936[]>": {
1058
1058
  "type": "object",
1059
1059
  "properties": {
1060
1060
  "verificationMethod": {
package/src/functions/managedIdentifierFunctions.ts CHANGED
@@ -4,38 +4,37 @@ import { pemOrDerToX509Certificate } from '@sphereon/ssi-sdk-ext.x509-utils'
4
4
  import { contextHasDidManager, contextHasKeyManager } from '@sphereon/ssi-sdk.agent-config'
5
5
  import type { ICoseKeyJson, JWK } from '@sphereon/ssi-types'
6
6
  import type { IAgentContext, IIdentifier, IKey, IKeyManager } from '@veramo/core'
7
- import { CryptoEngine, setEngine } from 'pkijs'
8
7
  import { webcrypto } from 'node:crypto'
8
+ import { CryptoEngine, setEngine } from 'pkijs'
9
9
  import type {
10
10
  IIdentifierResolution,
11
11
  ManagedIdentifierCoseKeyOpts,
12
12
  ManagedIdentifierCoseKeyResult,
13
13
  ManagedIdentifierDidOpts,
14
14
  ManagedIdentifierDidResult,
15
- ManagedIdentifierOID4VCIssuerOpts,
16
- ManagedIdentifierOID4VCIssuerResult,
17
15
  ManagedIdentifierJwkOpts,
18
16
  ManagedIdentifierJwkResult,
19
17
  ManagedIdentifierKeyOpts,
20
18
  ManagedIdentifierKeyResult,
21
19
  ManagedIdentifierKidOpts,
22
20
  ManagedIdentifierKidResult,
21
+ ManagedIdentifierOID4VCIssuerOpts,
22
+ ManagedIdentifierOID4VCIssuerResult,
23
23
  ManagedIdentifierOptsOrResult,
24
24
  ManagedIdentifierResult,
25
25
  ManagedIdentifierX5cOpts,
26
26
  ManagedIdentifierX5cResult,
27
27
  } from '../types'
28
-
29
28
  import {
30
29
  isManagedIdentifierCoseKeyOpts,
31
30
  isManagedIdentifierDidOpts,
32
31
  isManagedIdentifierDidResult,
33
- isManagedIdentifierOID4VCIssuerOpts,
34
32
  isManagedIdentifierJwkOpts,
35
33
  isManagedIdentifierJwkResult,
36
34
  isManagedIdentifierKeyOpts,
37
35
  isManagedIdentifierKeyResult,
38
36
  isManagedIdentifierKidOpts,
37
+ isManagedIdentifierOID4VCIssuerOpts,
39
38
  isManagedIdentifierX5cOpts,
40
39
  } from '../types'
41
40
 
@@ -183,7 +182,6 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
183
182
  }
184
183
 
185
184
  const did = identifier.did
186
- const keys = identifier?.keys // fixme: We really want to return the vmRelationship keys here actually
187
185
  const extendedKey = await getFirstKeyWithRelation(
188
186
  {
189
187
  ...opts,
@@ -195,16 +193,71 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
195
193
  context,
196
194
  )
197
195
  const key = extendedKey
198
- const controllerKeyId = identifier.controllerKeyId
199
196
  const jwk = toJwk(key.publicKeyHex, key.type, { key })
200
197
  const jwkThumbprint = key.meta?.jwkThumbprint ?? calculateJwkThumbprint({ jwk })
201
- let kid = opts.kid ?? extendedKey.meta?.verificationMethod?.id
202
- if (!kid.startsWith(did)) {
198
+ let kid = opts.kid ?? extendedKey.meta?.verificationMethod?.id ?? extendedKey.kid
199
+ if (kid && !kid.startsWith(did)) {
203
200
  // Make sure we create a fully qualified kid
204
201
  const hash = kid.startsWith('#') ? '' : '#'
205
202
  kid = `${did}${hash}${kid}`
206
203
  }
207
204
  const issuer = opts.issuer ?? did
205
+
206
+ // filter keys based on the criteria
207
+ let filteredKeys = identifier?.keys ?? []
208
+
209
+ // Use a flag to track if we have successfully applied a specific filter
210
+ let isFiltered = false
211
+
212
+ // first try to filter by kmsKeyRef if supplied
213
+ if (opts.kmsKeyRef) {
214
+ const keysByKmsKeyRef = filteredKeys.filter((k) => k.kid === opts.kmsKeyRef)
215
+ if (keysByKmsKeyRef.length > 0) {
216
+ filteredKeys = keysByKmsKeyRef
217
+ isFiltered = true
218
+ }
219
+ }
220
+
221
+ // no match or kmsKeyRef not supplied, try vmRelationship
222
+ if (!isFiltered && opts.vmRelationship) {
223
+ const keysByVmRelationship = filteredKeys.filter((k) => {
224
+ const purposes = k.meta?.purposes
225
+ if (!purposes || purposes.length === 0) {
226
+ return opts.vmRelationship === 'verificationMethod'
227
+ }
228
+ return purposes.includes(opts.vmRelationship!)
229
+ })
230
+ if (keysByVmRelationship.length > 0) {
231
+ filteredKeys = keysByVmRelationship
232
+ isFiltered = true
233
+ }
234
+ }
235
+
236
+ //no match, try to filter by fragment from opts.identifier (if it's a string with fragment)
237
+ if (!isFiltered && typeof opts.identifier === 'string' && opts.identifier.includes('#')) {
238
+ const fragment = opts.identifier.split('#')[1]
239
+ const keysByFragment = filteredKeys.filter((k) => {
240
+ const vmId = k.meta?.verificationMethod?.id
241
+ return vmId === `${did}#${fragment}` || vmId === fragment || k.kid === fragment
242
+ })
243
+ if (keysByFragment.length > 0) {
244
+ filteredKeys = keysByFragment
245
+ }
246
+ }
247
+
248
+ // Use the filtered keys (or original keys if no filtering occurred)
249
+ const keys = filteredKeys
250
+
251
+ // Update controllerKeyId to match the selected key
252
+ const controllerKeyId = key.kid
253
+
254
+ // update the identifier object with filtered keys and updated controllerKeyId
255
+ const filteredIdentifier: IIdentifier = {
256
+ ...identifier,
257
+ keys: filteredKeys,
258
+ controllerKeyId,
259
+ }
260
+
208
261
  return {
209
262
  method,
210
263
  key,
@@ -216,7 +269,7 @@ export async function getManagedDidIdentifier(opts: ManagedIdentifierDidOpts, co
216
269
  kid,
217
270
  keys,
218
271
  issuer,
219
- identifier,
272
+ identifier: filteredIdentifier,
220
273
  clientId: opts.clientId,
221
274
  clientIdScheme: opts.clientIdScheme,
222
275
  opts,
@@ -341,10 +394,10 @@ export async function getManagedIdentifier(
341
394
  },
342
395
  context: IAgentContext<IKeyManager>,
343
396
  ): Promise<ManagedIdentifierResult> {
344
- let resolutionResult: ManagedIdentifierResult
345
397
  if (isManagedIdentifierResult(opts)) {
346
- opts
398
+ return opts
347
399
  }
400
+ let resolutionResult: ManagedIdentifierResult
348
401
  if (isManagedIdentifierKidOpts(opts)) {
349
402
  resolutionResult = await getManagedKidIdentifier(opts, context)
350
403
  } else if (isManagedIdentifierDidOpts(opts)) {