@sphereon/ssi-sdk.credential-vcdm 0.33.1-feature.jose.vcdm.57 → 0.33.1-feature.jose.vcdm.59

package/dist/index.cjs

@@ -162,6 +162,7 @@ var import_debug2 = __toESM(require("debug"), 1);
 var import_utils2 = require("@veramo/utils");
 var import_did_jwt = require("did-jwt");
 var import_ssi_types = require("@sphereon/ssi-types");
+var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-utils");
 function extractIssuer2(input, options = {}) {
   if (!(0, import_utils2.isDefined)(input)) {
     return "";
@@ -191,15 +192,12 @@ function removeDIDParameters(did) {
   return did.replace(/\?.*$/, "");
 }
 __name(removeDIDParameters, "removeDIDParameters");
-function pickSigningKey(identifier, keyRef) {
-  let key;
-  if (!keyRef) {
-    key = identifier.keys.find((k) => k.type === "Secp256k1" || k.type === "Ed25519" || k.type === "Secp256r1");
-    if (!key) throw Error("key_not_found: No signing key for " + identifier.did);
-  } else {
-    key = identifier.keys.find((k) => k.kid === keyRef);
-    if (!key) throw Error("key_not_found: No signing key for " + identifier.did + " with kid " + keyRef);
-  }
+async function pickSigningKey({ identifier, kmsKeyRef }, context) {
+  const key = await (0, import_ssi_sdk_ext.getKey)({
+    identifier,
+    vmRelationship: "assertionMethod",
+    kmsKeyRef
+  }, context);
   return key;
 }
 __name(pickSigningKey, "pickSigningKey");
@@ -220,6 +218,7 @@ function preProcessCredentialPayload({ credential, now = /* @__PURE__ */ new Dat
   const isVdcm2 = (0, import_ssi_types.isVcdm2Credential)(credential);
   const credentialType = (0, import_utils2.processEntryToArray)(credential?.type, "VerifiableCredential");
   let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === "number" ? new Date(now) : now).toISOString();
+  let expirationDate = credential?.validUntil ?? credential?.expirationDate;
   if (issuanceDate instanceof Date) {
     issuanceDate = issuanceDate.toISOString();
   }
@@ -230,10 +229,23 @@ function preProcessCredentialPayload({ credential, now = /* @__PURE__ */ new Dat
     ...isVdcm1 && {
       issuanceDate
     },
+    ...isVdcm1 && expirationDate && {
+      expirationDate
+    },
     ...isVdcm2 && {
       validFrom: issuanceDate
+    },
+    ...isVdcm2 && expirationDate && {
+      validUntil: expirationDate
     }
   };
+  if (isVdcm1) {
+    delete credentialPayload.validFrom;
+    delete credentialPayload.validUntil;
+  } else if (isVdcm2) {
+    delete credentialPayload.issuanceDate;
+    delete credentialPayload.expirationDate;
+  }
   const issuer = extractIssuer2(credentialPayload, {
     removeParameters: true
   });

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/message-handler.ts","../src/vcdmCredentialPlugin.ts","../src/functions.ts"],"sourcesContent":["/**\n * Provides a {@link @veramo/credential-w3c#CredentialPlugin | plugin} for the {@link @veramo/core#Agent} that\n * implements\n * {@link @veramo/core#ICredentialIssuer} interface.\n *\n * Provides a {@link @veramo/credential-w3c#W3cMessageHandler | plugin} for the\n * {@link @veramo/message-handler#MessageHandler} that verifies Credentials and Presentations in a message.\n *\n * @packageDocumentation\n */\nexport type * from './types'\nexport { W3cMessageHandler, MessageTypes } from './message-handler'\nimport { VcdmCredentialPlugin } from './vcdmCredentialPlugin'\n\n/**\n * @deprecated please use {@link VcdmCredentialPlugin} instead\n * @public\n */\nconst CredentialIssuer = VcdmCredentialPlugin\nexport { CredentialIssuer, VcdmCredentialPlugin }\n\n// For backward compatibility, re-export the plugin types that were moved to core in v4\nexport type { ICredentialIssuer, ICredentialVerifier } from '@veramo/core'\n\nexport * from './functions'\n","import type {\n  IAgentContext,\n  ICredentialVerifier,\n  IResolver,\n  VerifiableCredential,\n  VerifiablePresentation,\n} from '@veramo/core'\nimport { AbstractMessageHandler, Message } from '@veramo/message-handler'\nimport { asArray, computeEntryHash, decodeCredentialToObject, extractIssuer } from '@veramo/utils'\n\nimport {\n  normalizeCredential,\n  normalizePresentation,\n  validateJwtCredentialPayload,\n  validateJwtPresentationPayload,\n}// @ts-ignore\nfrom 'did-jwt-vc'\n\nimport { v4 as uuidv4 } from 'uuid'\nimport Debug from 'debug'\n\nconst debug = Debug('sphereon:vcdm:message-handler')\n\n/**\n * These types are used by `@veramo/data-store` when storing Verifiable Credentials and Presentations\n *\n * @internal\n */\nexport const MessageTypes = {\n  /** Represents a Verifiable Credential */\n  vc: 'w3c.vc',\n  /** Represents a Verifiable Presentation */\n  vp: 'w3c.vp',\n}\n\n/**\n * Represents the requirements that this plugin has.\n * The agent that is using this plugin is expected to provide these methods.\n *\n * This interface can be used for static type checks, to make sure your application is properly initialized.\n */\nexport type IContext = IAgentContext<IResolver & ICredentialVerifier>\n\n/**\n * An implementation of the {@link @veramo/message-handler#AbstractMessageHandler}.\n *\n * This plugin can handle incoming W3C Verifiable Credentials and Presentations and prepare them\n * for internal storage as {@link @veramo/message-handler#Message} types.\n *\n * The current version can only handle `JWT` encoded\n *\n * @remarks {@link @veramo/core#IDataStore | IDataStore }\n *\n * @public\n */\nexport class W3cMessageHandler extends AbstractMessageHandler {\n  async handle(message: Message, context: IContext): Promise<Message> {\n    const meta = message.getLastMetaData()\n\n    // console.log(JSON.stringify(message, null,  2))\n\n    //FIXME: messages should not be expected to be only JWT\n    if (meta?.type === 'JWT' && message.raw) {\n      const { data } = message\n\n      try {\n        validateJwtPresentationPayload(data)\n\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vp)\n        const presentation = normalizePresentation(message.raw)\n        const credentials = presentation.verifiableCredential\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = credentials\n\n        return message\n      } catch (e) {}\n\n      try {\n        validateJwtCredentialPayload(data)\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vc)\n        const credential = normalizeCredential(message.raw)\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vc\n        message.from = credential.issuer.id\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } catch (e) {}\n    }\n\n    // LDS Verification and Handling\n    if (message.type === MessageTypes.vc && message.data) {\n      // verify credential\n      const credential = message.data as VerifiableCredential\n\n      const result = await context.agent.verifyCredential({ credential })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vc\n        message.from = extractIssuer(credential)\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    if (message.type === MessageTypes.vp && message.data) {\n      // verify presentation\n      const presentation = message.data as VerifiablePresentation\n\n      // throws on error.\n      const result = await context.agent.verifyPresentation({\n        presentation,\n        // FIXME: HARDCODED CHALLENGE VERIFICATION FOR NOW\n        challenge: 'VERAMO',\n        domain: 'VERAMO',\n      })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        // message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        // message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = asArray(presentation.verifiableCredential).map(decodeCredentialToObject)\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    return super.handle(message, context)\n  }\n}\n","import type { IAgentPlugin, IIdentifier, IVerifyResult, VerifiableCredential } from '@veramo/core'\nimport { schema } from '@veramo/core'\n\nimport type {\n  ICreateVerifiableCredentialLDArgs,\n  ICreateVerifiablePresentationLDArgs,\n  IVcdmCredentialPlugin,\n  IVcdmCredentialProvider,\n  IVcdmIssuerAgentContext,\n  IVcdmVerifierAgentContext,\n  IVerifyCredentialLDArgs,\n  IVerifyPresentationLDArgs,\n} from './types'\nimport Debug from 'debug'\nimport { isRevoked, preProcessCredentialPayload, preProcessPresentation } from './functions'\nimport type { W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types'\nimport { asArray, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\n\nconst debug = Debug('sphereon:ssi-sdk:vcdm')\n\n/**\n * A plugin that implements the {@link @sphereon/ssi-sdk.credential-vcdm#IVcdmCredentialPlugin} methods.\n *\n * @public\n */\nexport class VcdmCredentialPlugin implements IAgentPlugin {\n  readonly methods: IVcdmCredentialPlugin\n  readonly schema = {\n    components: {\n      schemas: {\n        ...schema.ICredentialIssuer.components.schemas,\n        ...schema.ICredentialVerifier.components.schemas,\n      },\n      methods: {\n        ...schema.ICredentialIssuer.components.methods,\n        ...schema.ICredentialVerifier.components.methods,\n      },\n    },\n  }\n  private issuers: IVcdmCredentialProvider[]\n\n  constructor(options: { issuers: IVcdmCredentialProvider[] }) {\n    this.issuers = options.issuers\n    this.methods = {\n      listUsableProofFormats: this.listUsableProofFormats.bind(this),\n      createVerifiableCredential: this.createVerifiableCredential.bind(this),\n      verifyCredential: this.verifyCredential.bind(this),\n      createVerifiablePresentation: this.createVerifiablePresentation.bind(this),\n      verifyPresentation: this.verifyPresentation.bind(this),\n    }\n  }\n\n  async listUsableProofFormats(did: IIdentifier, context: IVcdmIssuerAgentContext): Promise<string[]> {\n    const signingOptions: string[] = []\n    const keys = did.keys\n    for (const key of keys) {\n      for (const issuer of this.issuers) {\n        if (issuer.matchKeyForType(key)) {\n          signingOptions.push(issuer.getTypeProofFormat())\n        }\n      }\n    }\n    return signingOptions\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiableCredential} */\n  async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n    let { proofFormat /* keyRef, removeOriginalFields, now , ...otherOptions */ } = args\n    const { credential, issuer, now } = preProcessCredentialPayload(args)\n\n    try {\n      await context.agent.didManagerGet({ did: issuer })\n    } catch (e) {\n      throw new Error(`invalid_argument: credential.issuer must be a DID managed by this agent. ${e}`)\n    }\n    try {\n      async function findAndIssueCredential(issuers: IVcdmCredentialProvider[]) {\n        for (const issuer of issuers) {\n          if (issuer.canIssueCredentialType({ proofFormat })) {\n            return await issuer.createVerifiableCredential({ ...args, credential, now }, context)\n          }\n        }\n        throw new Error(\n          `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        )\n      }\n      const verifiableCredential = await findAndIssueCredential(this.issuers)\n      return verifiableCredential\n    } catch (error) {\n      debug(error)\n      return Promise.reject(error)\n    }\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyCredential} */\n  async verifyCredential(args: IVerifyCredentialLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { credential, policies /*, ...otherOptions*/ } = args\n    let verifiedCredential: VerifiableCredential\n    let verificationResult: IVerifyResult | undefined = { verified: false }\n\n    async function findAndVerifyCredential(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: credential as W3CVerifiableCredential })) {\n          return issuer.verifyCredential(args, context)\n        }\n      }\n      return Promise.reject(\n        Error(\n          `invalid_setup: No verifier found for the provided credential credential type: ${JSON.stringify(args.credential.type)} proof type ${asArray(args.credential.proof)?.[0]?.type} supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        ),\n      )\n    }\n    verificationResult = await findAndVerifyCredential(this.issuers)\n    verifiedCredential = <VerifiableCredential>credential\n\n    if (policies?.credentialStatus !== false && (await isRevoked(verifiedCredential, context as any))) {\n      verificationResult = {\n        verified: false,\n        error: {\n          message: 'revoked: The credential was revoked by the issuer',\n          errorCode: 'revoked',\n        },\n      }\n    }\n\n    return verificationResult\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiablePresentation} */\n  async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n    const { proofFormat } = args\n    const { presentation } = preProcessPresentation(args)\n\n    let verifiablePresentation: VerifiablePresentationSP\n\n    async function findAndCreatePresentation(issuers: IVcdmCredentialProvider[]) {\n      for (const issuer of issuers) {\n        if (issuer.canIssueCredentialType({ proofFormat })) {\n          return await issuer.createVerifiablePresentation({ ...args, presentation }, context)\n        }\n      }\n      throw new Error(\n        `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n      )\n    }\n\n    verifiablePresentation = await findAndCreatePresentation(this.issuers)\n    return verifiablePresentation\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyPresentation} */\n  async verifyPresentation(args: IVerifyPresentationLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { presentation /*domain, challenge, fetchRemoteContexts, policies, ...otherOptions*/ } = args\n    async function findAndVerifyPresentation(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: presentation as W3CVerifiablePresentation })) {\n          return issuer.verifyPresentation(args, context)\n        }\n      }\n      throw new Error('invalid_setup: No verifier found for the provided presentation')\n    }\n    const result = await findAndVerifyPresentation(this.issuers)\n    return result\n  }\n}\n","import type {\n  CredentialPayload,\n  IAgentContext, ICredentialStatusVerifier,\n  IIdentifier,\n  IKey,\n  IssuerType,\n  PresentationPayload,\n  VerifiableCredential,\n  W3CVerifiableCredential,\n  W3CVerifiablePresentation\n} from '@veramo/core'\nimport { isDefined, processEntryToArray } from '@veramo/utils'\nimport { decodeJWT } from 'did-jwt'\nimport { addVcdmContextIfNeeded, isVcdm1Credential, isVcdm2Credential, VCDM_CREDENTIAL_CONTEXT_V1, VCDM_CREDENTIAL_CONTEXT_V2 } from '@sphereon/ssi-types'\nimport { ICreateVerifiablePresentationLDArgs } from './types'\n\n/**\n * Decodes a credential or presentation and returns the issuer ID\n * `iss` from a JWT or `issuer`/`issuer.id` from a VC or `holder` from a VP\n *\n * @param input - the credential or presentation whose issuer/holder needs to be extracted.\n * @param options - options for the extraction\n *   removeParameters - Remove all DID parameters from the issuer ID\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractIssuer(\n  input?:\n    | W3CVerifiableCredential\n    | W3CVerifiablePresentation\n    | CredentialPayload\n    | PresentationPayload\n    | null,\n  options: { removeParameters?: boolean } = {}\n): string {\n  if (!isDefined(input)) {\n    return ''\n  } else if (typeof input === 'string') {\n    // JWT\n    try {\n      const { payload } = decodeJWT(input.split(`~`)[0])\n      const iss = payload.iss ?? ''\n      return !!options.removeParameters ? removeDIDParameters(iss) : iss\n    } catch (e: any) {\n      return ''\n    }\n  } else {\n    // JSON\n    let iss: IssuerType\n    if (input.issuer) {\n      iss = input.issuer\n    } else if (input.holder) {\n      iss = input.holder\n    } else {\n      iss = ''\n    }\n    if (typeof iss !== 'string') iss = iss.id ?? ''\n    return !!options.removeParameters ? removeDIDParameters(iss) : iss\n  }\n}\n\n\n/**\n * Remove all DID parameters from a DID url after the query part (?)\n *\n * @param did - the DID URL\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function removeDIDParameters(did: string): string {\n  return did.replace(/\\?.*$/, '')\n}\n\n\nexport function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey {\n  let key: IKey | undefined\n\n  if (!keyRef) {\n    key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1')\n    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did)\n  } else {\n    key = identifier.keys.find((k) => k.kid === keyRef)\n    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did + ' with kid ' + keyRef)\n  }\n\n  return key as IKey\n}\n\nexport async function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean> {\n  if (!credential.credentialStatus) return false\n\n  if (typeof context.agent.checkCredentialStatus === 'function') {\n    const status = await context.agent.checkCredentialStatus({ credential })\n    return status?.revoked == true || status?.verified === false\n  }\n\n  throw new Error(`invalid_setup: The credential status can't be verified because there is no ICredentialStatusVerifier plugin installed.`)\n}\n\n\n\nexport function preProcessCredentialPayload({credential, now = new Date()}: {credential: CredentialPayload, now?: number | Date}) {\n  const credentialContext = addVcdmContextIfNeeded(credential?.['@context'])\n  const isVdcm1 = isVcdm1Credential(credential)\n  const isVdcm2 = isVcdm2Credential(credential)\n  const credentialType = processEntryToArray(credential?.type, 'VerifiableCredential')\n  let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const credentialPayload: CredentialPayload = {\n    ...credential,\n    '@context': credentialContext,\n    type: credentialType,\n    ...(isVdcm1 && { issuanceDate }),\n    ...(isVdcm2 && { validFrom: issuanceDate }),\n  }\n\n  // debug(JSON.stringify(credentialPayload))\n\n  const issuer = extractIssuer(credentialPayload, {removeParameters: true})\n  if (!issuer || typeof issuer === 'undefined') {\n    throw new Error('invalid_argument: args.credential.issuer must not be empty')\n  }\n  return { credential: credentialPayload, issuer, now }\n}\n\n\nexport function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs) {\n  const { presentation, now = new Date() } = args\n  const credentials = presentation?.verifiableCredential ?? []\n  const v1Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V1))\n    ? VCDM_CREDENTIAL_CONTEXT_V1\n    : undefined\n  const v2Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V2))\n    ? VCDM_CREDENTIAL_CONTEXT_V2\n    : undefined\n  const presentationContext = addVcdmContextIfNeeded(args?.presentation?.['@context'] ?? [], v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2)\n  const presentationType = processEntryToArray(args?.presentation?.type, 'VerifiablePresentation')\n\n  let issuanceDate = presentation?.validFrom ?? presentation?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const presentationPayload: PresentationPayload = {\n    ...presentation,\n    '@context': presentationContext,\n    type: presentationType,\n    ...(v1Credential && { issuanceDate }), // V1 only for JWT, but we remove it in the jsonld processor anyway\n    ...(v2Credential && { validFrom: issuanceDate }),\n  }\n  // Workaround for bug in TypeError: Cannot read property 'length' of undefined\n  //     at VeramoEd25519Signature2018.preSigningPresModification\n  /*if (!presentation.verifier) {\n        presentation.verifier = []\n      }*/\n\n  if (!isDefined(presentationPayload.holder) || !presentationPayload.holder) {\n    throw new Error('invalid_argument: args.presentation.holderDID must not be empty')\n  }\n  if (presentationPayload.verifiableCredential) {\n    presentationPayload.verifiableCredential = presentationPayload.verifiableCredential.map((cred) => {\n      // map JWT credentials to their canonical form\n      if (typeof cred !== 'string' && cred.proof.jwt) {\n        return cred.proof.jwt\n      } else {\n        return cred\n      }\n    })\n  }\n  return {presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder)}\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;uBAAAA;EAAA;;;;;;;;;ACOA,6BAAgD;AAChD,mBAAmF;AAEnF,wBAMK;AAEL,kBAA6B;AAC7B,mBAAkB;AAElB,IAAMC,YAAQC,aAAAA,SAAM,+BAAA;AAOb,IAAMC,eAAe;;EAE1BC,IAAI;;EAEJC,IAAI;AACN;AAsBO,IAAMC,oBAAN,cAAgCC,8CAAAA;EAhDvC,OAgDuCA;;;EACrC,MAAMC,OAAOC,SAAkBC,SAAqC;AAClE,UAAMC,OAAOF,QAAQG,gBAAe;AAKpC,QAAID,MAAME,SAAS,SAASJ,QAAQK,KAAK;AACvC,YAAM,EAAEC,KAAI,IAAKN;AAEjB,UAAI;AACFO,8DAA+BD,IAAAA;AAG/Bd,cAAM,UAAUE,aAAaE,EAAE;AAC/B,cAAMY,mBAAeC,yCAAsBT,QAAQK,GAAG;AACtD,cAAMK,cAAcF,aAAaG;AAEjCX,gBAAQY,SAAKC,+BAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAC5Bf,gBAAQgB,KAAKR,aAAaS,WAAW,CAAA;AAErC,YAAIT,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAEAlB,gBAAQoB,YAAYZ,aAAaa;AACjCrB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAcA;AAEtB,eAAOV;MACT,SAASuB,GAAG;MAAC;AAEb,UAAI;AACFC,4DAA6BlB,IAAAA;AAE7Bd,cAAM,UAAUE,aAAaC,EAAE;AAC/B,cAAM8B,iBAAaC,uCAAoB1B,QAAQK,GAAG;AAElDL,gBAAQY,SAAKC,+BAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOW,WAAWE,OAAOf;AACjCZ,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,SAASuB,GAAG;MAAC;IACf;AAGA,QAAIvB,QAAQI,SAASV,aAAaC,MAAMK,QAAQM,MAAM;AAEpD,YAAMmB,aAAazB,QAAQM;AAE3B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMC,iBAAiB;QAAEN;MAAW,CAAA;AACjE,UAAII,OAAOG,UAAU;AACnBhC,gBAAQY,SAAKC,+BAAiBb,QAAQK,OAAOL,QAAQY,UAAMqB,YAAAA,IAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,WAAOoB,4BAAcT,UAAAA;AAC7BzB,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,QAAIA,QAAQI,SAASV,aAAaE,MAAMI,QAAQM,MAAM;AAEpD,YAAME,eAAeR,QAAQM;AAG7B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMO,mBAAmB;QACpD7B;;QAEA8B,WAAW;QACXC,QAAQ;MACV,CAAA;AACA,UAAIV,OAAOG,UAAU;AACnBhC,gBAAQY,SAAKC,+BAAiBb,QAAQK,OAAOL,QAAQY,UAAMqB,YAAAA,IAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAG5B,YAAIP,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAGAlB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,kBAAc8B,sBAAQhC,aAAaG,oBAAoB,EAAE8B,IAAIC,qCAAAA;AACrE,eAAO1C;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,WAAO,MAAMD,OAAOC,SAASC,OAAAA;EAC/B;AACF;;;ACrKA,kBAAuB;AAYvB,IAAA0C,gBAAkB;;;ACFlB,IAAAC,gBAA+C;AAC/C,qBAA0B;AAC1B,uBAAqI;AAa9H,SAASC,eACdC,OAMAC,UAA0C,CAAC,GAAC;AAE5C,MAAI,KAACC,yBAAUF,KAAAA,GAAQ;AACrB,WAAO;EACT,WAAW,OAAOA,UAAU,UAAU;AAEpC,QAAI;AACF,YAAM,EAAEG,QAAO,QAAKC,0BAAUJ,MAAMK,MAAM,GAAG,EAAE,CAAA,CAAE;AACjD,YAAMC,MAAMH,QAAQG,OAAO;AAC3B,aAAO,CAAC,CAACL,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;IACjE,SAASG,GAAQ;AACf,aAAO;IACT;EACF,OAAO;AAEL,QAAIH;AACJ,QAAIN,MAAMU,QAAQ;AAChBJ,YAAMN,MAAMU;IACd,WAAWV,MAAMW,QAAQ;AACvBL,YAAMN,MAAMW;IACd,OAAO;AACLL,YAAM;IACR;AACA,QAAI,OAAOA,QAAQ,SAAUA,OAAMA,IAAIM,MAAM;AAC7C,WAAO,CAAC,CAACX,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;EACjE;AACF;AAjCgBP,OAAAA,gBAAAA;AA2CT,SAASS,oBAAoBK,KAAW;AAC7C,SAAOA,IAAIC,QAAQ,SAAS,EAAA;AAC9B;AAFgBN;AAKT,SAASO,eAAeC,YAAyBC,QAAe;AACrE,MAAIC;AAEJ,MAAI,CAACD,QAAQ;AACXC,UAAMF,WAAWG,KAAKC,KAAK,CAACC,MAAMA,EAAEC,SAAS,eAAeD,EAAEC,SAAS,aAAaD,EAAEC,SAAS,WAAA;AAC/F,QAAI,CAACJ,IAAK,OAAMK,MAAM,uCAAuCP,WAAWH,GAAG;EAC7E,OAAO;AACLK,UAAMF,WAAWG,KAAKC,KAAK,CAACC,MAAMA,EAAEG,QAAQP,MAAAA;AAC5C,QAAI,CAACC,IAAK,OAAMK,MAAM,uCAAuCP,WAAWH,MAAM,eAAeI,MAAAA;EAC/F;AAEA,SAAOC;AACT;AAZgBH;AAchB,eAAsBU,UAAUC,YAAkCC,SAAiD;AACjH,MAAI,CAACD,WAAWE,iBAAkB,QAAO;AAEzC,MAAI,OAAOD,QAAQE,MAAMC,0BAA0B,YAAY;AAC7D,UAAMC,SAAS,MAAMJ,QAAQE,MAAMC,sBAAsB;MAAEJ;IAAW,CAAA;AACtE,WAAOK,QAAQC,WAAW,QAAQD,QAAQE,aAAa;EACzD;AAEA,QAAM,IAAIV,MAAM,wHAAwH;AAC1I;AATsBE;AAaf,SAASS,4BAA4B,EAACR,YAAYS,MAAM,oBAAIC,KAAAA,EAAM,GAAuD;AAC9H,QAAMC,wBAAoBC,yCAAuBZ,aAAa,UAAA,CAAW;AACzE,QAAMa,cAAUC,oCAAkBd,UAAAA;AAClC,QAAMe,cAAUC,oCAAkBhB,UAAAA;AAClC,QAAMiB,qBAAiBC,mCAAoBlB,YAAYJ,MAAM,sBAAA;AAC7D,MAAIuB,eAAenB,YAAYoB,aAAapB,YAAYmB,iBAAiB,OAAOV,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKY,YAAW;AACnI,MAAIF,wBAAwBT,MAAM;AAChCS,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMC,oBAAuC;IAC3C,GAAGtB;IACH,YAAYW;IACZf,MAAMqB;IACN,GAAIJ,WAAW;MAAEM;IAAa;IAC9B,GAAIJ,WAAW;MAAEK,WAAWD;IAAa;EAC3C;AAIA,QAAMnC,SAASX,eAAciD,mBAAmB;IAACzC,kBAAkB;EAAI,CAAA;AACvE,MAAI,CAACG,UAAU,OAAOA,WAAW,aAAa;AAC5C,UAAM,IAAIa,MAAM,4DAAA;EAClB;AACA,SAAO;IAAEG,YAAYsB;IAAmBtC;IAAQyB;EAAI;AACtD;AAxBgBD;AA2BT,SAASe,uBAAuBC,MAAyC;AAC9E,QAAM,EAAEC,cAAchB,MAAM,oBAAIC,KAAAA,EAAM,IAAKc;AAC3C,QAAME,cAAcD,cAAcE,wBAAwB,CAAA;AAC1D,QAAMC,eAAeF,YAAYhC,KAAK,CAACmC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASC,2CAAAA,CAAAA,IAClGA,8CACAC;AACJ,QAAMC,eAAeP,YAAYhC,KAAK,CAACmC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASI,2CAAAA,CAAAA,IAClGA,8CACAF;AACJ,QAAMG,0BAAsBvB,yCAAuBY,MAAMC,eAAe,UAAA,KAAe,CAAA,GAAIQ,gBAAgBL,gBAAgBM,2CAAAA;AAC3H,QAAME,uBAAmBlB,mCAAoBM,MAAMC,cAAc7B,MAAM,wBAAA;AAEvE,MAAIuB,eAAeM,cAAcL,aAAaK,cAAcN,iBAAiB,OAAOV,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKY,YAAW;AACvI,MAAIF,wBAAwBT,MAAM;AAChCS,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMgB,sBAA2C;IAC/C,GAAGZ;IACH,YAAYU;IACZvC,MAAMwC;IACN,GAAIR,gBAAgB;MAAET;IAAa;IACnC,GAAIc,gBAAgB;MAAEb,WAAWD;IAAa;EAChD;AAOA,MAAI,KAAC3C,yBAAU6D,oBAAoBpD,MAAM,KAAK,CAACoD,oBAAoBpD,QAAQ;AACzE,UAAM,IAAIY,MAAM,iEAAA;EAClB;AACA,MAAIwC,oBAAoBV,sBAAsB;AAC5CU,wBAAoBV,uBAAuBU,oBAAoBV,qBAAqBW,IAAI,CAACT,SAAAA;AAEvF,UAAI,OAAOA,SAAS,YAAYA,KAAKU,MAAMC,KAAK;AAC9C,eAAOX,KAAKU,MAAMC;MACpB,OAAO;AACL,eAAOX;MACT;IACF,CAAA;EACF;AACA,SAAO;IAACJ,cAAcY;IAAqBpD,QAAQH,oBAAoBuD,oBAAoBpD,MAAM;EAAC;AACpG;AA3CgBsC;;;ADhHhB,qBAA0E;AAE1E,IAAMkB,aAAQC,cAAAA,SAAM,uBAAA;AAOb,IAAMC,uBAAN,MAAMA;EAxBb,OAwBaA;;;EACFC;EACAC,SAAS;IAChBC,YAAY;MACVC,SAAS;QACP,GAAGF,mBAAOG,kBAAkBF,WAAWC;QACvC,GAAGF,mBAAOI,oBAAoBH,WAAWC;MAC3C;MACAH,SAAS;QACP,GAAGC,mBAAOG,kBAAkBF,WAAWF;QACvC,GAAGC,mBAAOI,oBAAoBH,WAAWF;MAC3C;IACF;EACF;EACQM;EAERC,YAAYC,SAAiD;AAC3D,SAAKF,UAAUE,QAAQF;AACvB,SAAKN,UAAU;MACbS,wBAAwB,KAAKA,uBAAuBC,KAAK,IAAI;MAC7DC,4BAA4B,KAAKA,2BAA2BD,KAAK,IAAI;MACrEE,kBAAkB,KAAKA,iBAAiBF,KAAK,IAAI;MACjDG,8BAA8B,KAAKA,6BAA6BH,KAAK,IAAI;MACzEI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACvD;EACF;EAEA,MAAMD,uBAAuBM,KAAkBC,SAAqD;AAClG,UAAMC,iBAA2B,CAAA;AACjC,UAAMC,OAAOH,IAAIG;AACjB,eAAWC,OAAOD,MAAM;AACtB,iBAAWE,UAAU,KAAKd,SAAS;AACjC,YAAIc,OAAOC,gBAAgBF,GAAAA,GAAM;AAC/BF,yBAAeK,KAAKF,OAAOG,mBAAkB,CAAA;QAC/C;MACF;IACF;AACA,WAAON;EACT;;EAGA,MAAMN,2BAA2Ba,MAAyCR,SAAmE;AAC3I,QAAI;MAAES;;IAAmE,IAAOD;AAChF,UAAM,EAAEE,YAAYN,QAAQO,IAAG,IAAKC,4BAA4BJ,IAAAA;AAEhE,QAAI;AACF,YAAMR,QAAQa,MAAMC,cAAc;QAAEf,KAAKK;MAAO,CAAA;IAClD,SAASW,GAAG;AACV,YAAM,IAAIC,MAAM,4EAA4ED,CAAAA,EAAG;IACjG;AACA,QAAI;AACF,qBAAeE,uBAAuB3B,SAAkC;AACtE,mBAAWc,WAAUd,SAAS;AAC5B,cAAIc,QAAOc,uBAAuB;YAAET;UAAY,CAAA,GAAI;AAClD,mBAAO,MAAML,QAAOT,2BAA2B;cAAE,GAAGa;cAAME;cAAYC;YAAI,GAAGX,OAAAA;UAC/E;QACF;AACA,cAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;MAEvJ;AATeJ;AAUf,YAAMK,uBAAuB,MAAML,uBAAuB,KAAK3B,OAAO;AACtE,aAAOgC;IACT,SAASC,OAAO;AACd1C,MAAAA,OAAM0C,KAAAA;AACN,aAAOC,QAAQC,OAAOF,KAAAA;IACxB;EACF;;EAGA,MAAM3B,iBAAiBY,MAA+BR,SAA4D;AAChH,QAAI;MAAEU;MAAYgB;;IAA4B,IAAOlB;AACrD,QAAImB;AACJ,QAAIC,qBAAgD;MAAEC,UAAU;IAAM;AAEtE,mBAAeC,wBAAwBxC,SAAkC;AACvE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUtB;QAAsC,CAAA,GAAI;AACrF,iBAAON,OAAOR,iBAAiBY,MAAMR,OAAAA;QACvC;MACF;AACA,aAAOwB,QAAQC,OACbT,MACE,iFAAiFiB,KAAKC,UAAU1B,KAAKE,WAAWyB,IAAI,CAAA,mBAAgBC,wBAAQ5B,KAAKE,WAAW2B,KAAK,IAAI,CAAA,GAAIF,IAAAA,eAAmB7C,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM,CAAA;IAGxP;AAXeS;AAYfF,yBAAqB,MAAME,wBAAwB,KAAKxC,OAAO;AAC/DqC,yBAA2CjB;AAE3C,QAAIgB,UAAUY,qBAAqB,SAAU,MAAMC,UAAUZ,oBAAoB3B,OAAAA,GAAkB;AACjG4B,2BAAqB;QACnBC,UAAU;QACVN,OAAO;UACLiB,SAAS;UACTC,WAAW;QACb;MACF;IACF;AAEA,WAAOb;EACT;;EAGA,MAAM/B,6BAA6BW,MAA2CR,SAAqE;AACjJ,UAAM,EAAES,YAAW,IAAKD;AACxB,UAAM,EAAEkC,aAAY,IAAKC,uBAAuBnC,IAAAA;AAEhD,QAAIoC;AAEJ,mBAAeC,0BAA0BvD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAOc,uBAAuB;UAAET;QAAY,CAAA,GAAI;AAClD,iBAAO,MAAML,OAAOP,6BAA6B;YAAE,GAAGW;YAAMkC;UAAa,GAAG1C,OAAAA;QAC9E;MACF;AACA,YAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;IAEvJ;AATewB;AAWfD,6BAAyB,MAAMC,0BAA0B,KAAKvD,OAAO;AACrE,WAAOsD;EACT;;EAGA,MAAM9C,mBAAmBU,MAAiCR,SAA4D;AACpH,QAAI;MAAE0C;;IAAgF,IAAOlC;AAC7F,mBAAesC,0BAA0BxD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUU;QAA0C,CAAA,GAAI;AACzF,iBAAOtC,OAAON,mBAAmBU,MAAMR,OAAAA;QACzC;MACF;AACA,YAAM,IAAIgB,MAAM,gEAAA;IAClB;AAPe8B;AAQf,UAAMC,SAAS,MAAMD,0BAA0B,KAAKxD,OAAO;AAC3D,WAAOyD;EACT;AACF;;;AFlJA,IAAMC,mBAAmBC;","names":["extractIssuer","debug","Debug","MessageTypes","vc","vp","W3cMessageHandler","AbstractMessageHandler","handle","message","context","meta","getLastMetaData","type","raw","data","validateJwtPresentationPayload","presentation","normalizePresentation","credentials","verifiableCredential","id","computeEntryHash","from","holder","to","verifier","tag","threadId","createdAt","issuanceDate","presentations","e","validateJwtCredentialPayload","credential","normalizeCredential","issuer","credentialSubject","result","agent","verifyCredential","verified","uuidv4","extractIssuer","Error","error","verifyPresentation","challenge","domain","asArray","map","decodeCredentialToObject","import_debug","import_utils","extractIssuer","input","options","isDefined","payload","decodeJWT","split","iss","removeParameters","removeDIDParameters","e","issuer","holder","id","did","replace","pickSigningKey","identifier","keyRef","key","keys","find","k","type","Error","kid","isRevoked","credential","context","credentialStatus","agent","checkCredentialStatus","status","revoked","verified","preProcessCredentialPayload","now","Date","credentialContext","addVcdmContextIfNeeded","isVdcm1","isVcdm1Credential","isVdcm2","isVcdm2Credential","credentialType","processEntryToArray","issuanceDate","validFrom","toISOString","credentialPayload","preProcessPresentation","args","presentation","credentials","verifiableCredential","v1Credential","cred","includes","VCDM_CREDENTIAL_CONTEXT_V1","undefined","v2Credential","VCDM_CREDENTIAL_CONTEXT_V2","presentationContext","presentationType","presentationPayload","map","proof","jwt","debug","Debug","VcdmCredentialPlugin","methods","schema","components","schemas","ICredentialIssuer","ICredentialVerifier","issuers","constructor","options","listUsableProofFormats","bind","createVerifiableCredential","verifyCredential","createVerifiablePresentation","verifyPresentation","did","context","signingOptions","keys","key","issuer","matchKeyForType","push","getTypeProofFormat","args","proofFormat","credential","now","preProcessCredentialPayload","agent","didManagerGet","e","Error","findAndIssueCredential","canIssueCredentialType","map","i","join","verifiableCredential","error","Promise","reject","policies","verifiedCredential","verificationResult","verified","findAndVerifyCredential","canVerifyDocumentType","document","JSON","stringify","type","asArray","proof","credentialStatus","isRevoked","message","errorCode","presentation","preProcessPresentation","verifiablePresentation","findAndCreatePresentation","findAndVerifyPresentation","result","CredentialIssuer","VcdmCredentialPlugin"]}
+{"version":3,"sources":["../src/index.ts","../src/message-handler.ts","../src/vcdmCredentialPlugin.ts","../src/functions.ts"],"sourcesContent":["/**\n * Provides a {@link @veramo/credential-w3c#CredentialPlugin | plugin} for the {@link @veramo/core#Agent} that\n * implements\n * {@link @veramo/core#ICredentialIssuer} interface.\n *\n * Provides a {@link @veramo/credential-w3c#W3cMessageHandler | plugin} for the\n * {@link @veramo/message-handler#MessageHandler} that verifies Credentials and Presentations in a message.\n *\n * @packageDocumentation\n */\nexport type * from './types'\nexport { W3cMessageHandler, MessageTypes } from './message-handler'\nimport { VcdmCredentialPlugin } from './vcdmCredentialPlugin'\n\n/**\n * @deprecated please use {@link VcdmCredentialPlugin} instead\n * @public\n */\nconst CredentialIssuer = VcdmCredentialPlugin\nexport { CredentialIssuer, VcdmCredentialPlugin }\n\n// For backward compatibility, re-export the plugin types that were moved to core in v4\nexport type { ICredentialIssuer, ICredentialVerifier } from '@veramo/core'\n\nexport * from './functions'\n","import type {\n  IAgentContext,\n  ICredentialVerifier,\n  IResolver,\n  VerifiableCredential,\n  VerifiablePresentation,\n} from '@veramo/core'\nimport { AbstractMessageHandler, Message } from '@veramo/message-handler'\nimport { asArray, computeEntryHash, decodeCredentialToObject, extractIssuer } from '@veramo/utils'\n\nimport {\n  normalizeCredential,\n  normalizePresentation,\n  validateJwtCredentialPayload,\n  validateJwtPresentationPayload,\n}// @ts-ignore\nfrom 'did-jwt-vc'\n\nimport { v4 as uuidv4 } from 'uuid'\nimport Debug from 'debug'\n\nconst debug = Debug('sphereon:vcdm:message-handler')\n\n/**\n * These types are used by `@veramo/data-store` when storing Verifiable Credentials and Presentations\n *\n * @internal\n */\nexport const MessageTypes = {\n  /** Represents a Verifiable Credential */\n  vc: 'w3c.vc',\n  /** Represents a Verifiable Presentation */\n  vp: 'w3c.vp',\n}\n\n/**\n * Represents the requirements that this plugin has.\n * The agent that is using this plugin is expected to provide these methods.\n *\n * This interface can be used for static type checks, to make sure your application is properly initialized.\n */\nexport type IContext = IAgentContext<IResolver & ICredentialVerifier>\n\n/**\n * An implementation of the {@link @veramo/message-handler#AbstractMessageHandler}.\n *\n * This plugin can handle incoming W3C Verifiable Credentials and Presentations and prepare them\n * for internal storage as {@link @veramo/message-handler#Message} types.\n *\n * The current version can only handle `JWT` encoded\n *\n * @remarks {@link @veramo/core#IDataStore | IDataStore }\n *\n * @public\n */\nexport class W3cMessageHandler extends AbstractMessageHandler {\n  async handle(message: Message, context: IContext): Promise<Message> {\n    const meta = message.getLastMetaData()\n\n    // console.log(JSON.stringify(message, null,  2))\n\n    //FIXME: messages should not be expected to be only JWT\n    if (meta?.type === 'JWT' && message.raw) {\n      const { data } = message\n\n      try {\n        validateJwtPresentationPayload(data)\n\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vp)\n        const presentation = normalizePresentation(message.raw)\n        const credentials = presentation.verifiableCredential\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = credentials\n\n        return message\n      } catch (e) {}\n\n      try {\n        validateJwtCredentialPayload(data)\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vc)\n        const credential = normalizeCredential(message.raw)\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vc\n        message.from = credential.issuer.id\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } catch (e) {}\n    }\n\n    // LDS Verification and Handling\n    if (message.type === MessageTypes.vc && message.data) {\n      // verify credential\n      const credential = message.data as VerifiableCredential\n\n      const result = await context.agent.verifyCredential({ credential })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vc\n        message.from = extractIssuer(credential)\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    if (message.type === MessageTypes.vp && message.data) {\n      // verify presentation\n      const presentation = message.data as VerifiablePresentation\n\n      // throws on error.\n      const result = await context.agent.verifyPresentation({\n        presentation,\n        // FIXME: HARDCODED CHALLENGE VERIFICATION FOR NOW\n        challenge: 'VERAMO',\n        domain: 'VERAMO',\n      })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        // message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        // message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = asArray(presentation.verifiableCredential).map(decodeCredentialToObject)\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    return super.handle(message, context)\n  }\n}\n","import type { IAgentPlugin, IIdentifier, IVerifyResult, VerifiableCredential } from '@veramo/core'\nimport { schema } from '@veramo/core'\n\nimport type {\n  ICreateVerifiableCredentialLDArgs,\n  ICreateVerifiablePresentationLDArgs,\n  IVcdmCredentialPlugin,\n  IVcdmCredentialProvider,\n  IVcdmIssuerAgentContext,\n  IVcdmVerifierAgentContext,\n  IVerifyCredentialLDArgs,\n  IVerifyPresentationLDArgs,\n} from './types'\nimport Debug from 'debug'\nimport { isRevoked, preProcessCredentialPayload, preProcessPresentation } from './functions'\nimport type { W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types'\nimport { asArray, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\n\nconst debug = Debug('sphereon:ssi-sdk:vcdm')\n\n/**\n * A plugin that implements the {@link @sphereon/ssi-sdk.credential-vcdm#IVcdmCredentialPlugin} methods.\n *\n * @public\n */\nexport class VcdmCredentialPlugin implements IAgentPlugin {\n  readonly methods: IVcdmCredentialPlugin\n  readonly schema = {\n    components: {\n      schemas: {\n        ...schema.ICredentialIssuer.components.schemas,\n        ...schema.ICredentialVerifier.components.schemas,\n      },\n      methods: {\n        ...schema.ICredentialIssuer.components.methods,\n        ...schema.ICredentialVerifier.components.methods,\n      },\n    },\n  }\n  private issuers: IVcdmCredentialProvider[]\n\n  constructor(options: { issuers: IVcdmCredentialProvider[] }) {\n    this.issuers = options.issuers\n    this.methods = {\n      listUsableProofFormats: this.listUsableProofFormats.bind(this),\n      createVerifiableCredential: this.createVerifiableCredential.bind(this),\n      verifyCredential: this.verifyCredential.bind(this),\n      createVerifiablePresentation: this.createVerifiablePresentation.bind(this),\n      verifyPresentation: this.verifyPresentation.bind(this),\n    }\n  }\n\n  async listUsableProofFormats(did: IIdentifier, context: IVcdmIssuerAgentContext): Promise<string[]> {\n    const signingOptions: string[] = []\n    const keys = did.keys\n    for (const key of keys) {\n      for (const issuer of this.issuers) {\n        if (issuer.matchKeyForType(key)) {\n          signingOptions.push(issuer.getTypeProofFormat())\n        }\n      }\n    }\n    return signingOptions\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiableCredential} */\n  async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n    let { proofFormat /* keyRef, removeOriginalFields, now , ...otherOptions */ } = args\n    const { credential, issuer, now } = preProcessCredentialPayload(args)\n\n    try {\n      await context.agent.didManagerGet({ did: issuer })\n    } catch (e) {\n      throw new Error(`invalid_argument: credential.issuer must be a DID managed by this agent. ${e}`)\n    }\n    try {\n      async function findAndIssueCredential(issuers: IVcdmCredentialProvider[]) {\n        for (const issuer of issuers) {\n          if (issuer.canIssueCredentialType({ proofFormat })) {\n            return await issuer.createVerifiableCredential({ ...args, credential, now }, context)\n          }\n        }\n        throw new Error(\n          `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        )\n      }\n      const verifiableCredential = await findAndIssueCredential(this.issuers)\n      return verifiableCredential\n    } catch (error) {\n      debug(error)\n      return Promise.reject(error)\n    }\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyCredential} */\n  async verifyCredential(args: IVerifyCredentialLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { credential, policies /*, ...otherOptions*/ } = args\n    let verifiedCredential: VerifiableCredential\n    let verificationResult: IVerifyResult | undefined = { verified: false }\n\n    async function findAndVerifyCredential(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: credential as W3CVerifiableCredential })) {\n          return issuer.verifyCredential(args, context)\n        }\n      }\n      return Promise.reject(\n        Error(\n          `invalid_setup: No verifier found for the provided credential credential type: ${JSON.stringify(args.credential.type)} proof type ${asArray(args.credential.proof)?.[0]?.type} supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        ),\n      )\n    }\n    verificationResult = await findAndVerifyCredential(this.issuers)\n    verifiedCredential = <VerifiableCredential>credential\n\n    if (policies?.credentialStatus !== false && (await isRevoked(verifiedCredential, context as any))) {\n      verificationResult = {\n        verified: false,\n        error: {\n          message: 'revoked: The credential was revoked by the issuer',\n          errorCode: 'revoked',\n        },\n      }\n    }\n\n    return verificationResult\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiablePresentation} */\n  async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n    const { proofFormat } = args\n    const { presentation } = preProcessPresentation(args)\n\n    let verifiablePresentation: VerifiablePresentationSP\n\n    async function findAndCreatePresentation(issuers: IVcdmCredentialProvider[]) {\n      for (const issuer of issuers) {\n        if (issuer.canIssueCredentialType({ proofFormat })) {\n          return await issuer.createVerifiablePresentation({ ...args, presentation }, context)\n        }\n      }\n      throw new Error(\n        `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n      )\n    }\n\n    verifiablePresentation = await findAndCreatePresentation(this.issuers)\n    return verifiablePresentation\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyPresentation} */\n  async verifyPresentation(args: IVerifyPresentationLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { presentation /*domain, challenge, fetchRemoteContexts, policies, ...otherOptions*/ } = args\n    async function findAndVerifyPresentation(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: presentation as W3CVerifiablePresentation })) {\n          return issuer.verifyPresentation(args, context)\n        }\n      }\n      throw new Error('invalid_setup: No verifier found for the provided presentation')\n    }\n    const result = await findAndVerifyPresentation(this.issuers)\n    return result\n  }\n}\n","import type {\n  CredentialPayload,\n  IAgentContext,\n  ICredentialStatusVerifier,\n  IDIDManager,\n  IIdentifier,\n  IResolver,\n  IssuerType,\n  PresentationPayload,\n  VerifiableCredential,\n  W3CVerifiableCredential,\n  W3CVerifiablePresentation,\n} from '@veramo/core'\nimport { _ExtendedIKey, isDefined, processEntryToArray } from '@veramo/utils'\nimport { decodeJWT } from 'did-jwt'\nimport {\n  addVcdmContextIfNeeded,\n  isVcdm1Credential,\n  isVcdm2Credential,\n  VCDM_CREDENTIAL_CONTEXT_V1,\n  VCDM_CREDENTIAL_CONTEXT_V2,\n} from '@sphereon/ssi-types'\nimport { ICreateVerifiablePresentationLDArgs } from './types'\nimport { getKey } from '@sphereon/ssi-sdk-ext.did-utils'\n\n/**\n * Decodes a credential or presentation and returns the issuer ID\n * `iss` from a JWT or `issuer`/`issuer.id` from a VC or `holder` from a VP\n *\n * @param input - the credential or presentation whose issuer/holder needs to be extracted.\n * @param options - options for the extraction\n *   removeParameters - Remove all DID parameters from the issuer ID\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractIssuer(\n  input?: W3CVerifiableCredential | W3CVerifiablePresentation | CredentialPayload | PresentationPayload | null,\n  options: { removeParameters?: boolean } = {},\n): string {\n  if (!isDefined(input)) {\n    return ''\n  } else if (typeof input === 'string') {\n    // JWT\n    try {\n      const { payload } = decodeJWT(input.split(`~`)[0])\n      const iss = payload.iss ?? ''\n      return !!options.removeParameters ? removeDIDParameters(iss) : iss\n    } catch (e: any) {\n      return ''\n    }\n  } else {\n    // JSON\n    let iss: IssuerType\n    if (input.issuer) {\n      iss = input.issuer\n    } else if (input.holder) {\n      iss = input.holder\n    } else {\n      iss = ''\n    }\n    if (typeof iss !== 'string') iss = iss.id ?? ''\n    return !!options.removeParameters ? removeDIDParameters(iss) : iss\n  }\n}\n\n/**\n * Remove all DID parameters from a DID url after the query part (?)\n *\n * @param did - the DID URL\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function removeDIDParameters(did: string): string {\n  return did.replace(/\\?.*$/, '')\n}\n\nexport async function pickSigningKey(\n  { identifier, kmsKeyRef }: { identifier: IIdentifier; kmsKeyRef?: string },\n  context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n  const key = await getKey({ identifier, vmRelationship: 'assertionMethod', kmsKeyRef: kmsKeyRef }, context)\n  return key\n}\n\nexport async function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean> {\n  if (!credential.credentialStatus) return false\n\n  if (typeof context.agent.checkCredentialStatus === 'function') {\n    const status = await context.agent.checkCredentialStatus({ credential })\n    return status?.revoked == true || status?.verified === false\n  }\n\n  throw new Error(`invalid_setup: The credential status can't be verified because there is no ICredentialStatusVerifier plugin installed.`)\n}\n\nexport function preProcessCredentialPayload({ credential, now = new Date() }: { credential: CredentialPayload; now?: number | Date }) {\n  const credentialContext = addVcdmContextIfNeeded(credential?.['@context'])\n  const isVdcm1 = isVcdm1Credential(credential)\n  const isVdcm2 = isVcdm2Credential(credential)\n  const credentialType = processEntryToArray(credential?.type, 'VerifiableCredential')\n  let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  let expirationDate = credential?.validUntil ?? credential?.expirationDate\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const credentialPayload: CredentialPayload = {\n    ...credential,\n    '@context': credentialContext,\n    type: credentialType,\n    ...(isVdcm1 && { issuanceDate }),\n    ...(isVdcm1 && expirationDate && { expirationDate }),\n    ...(isVdcm2 && { validFrom: issuanceDate }),\n    ...(isVdcm2 && expirationDate && { validUntil: expirationDate }),\n  }\n  if (isVdcm1) {\n    delete credentialPayload.validFrom\n    delete credentialPayload.validUntil\n  } else if (isVdcm2) {\n    delete credentialPayload.issuanceDate\n    delete credentialPayload.expirationDate\n  }\n\n  // debug(JSON.stringify(credentialPayload))\n\n  const issuer = extractIssuer(credentialPayload, { removeParameters: true })\n  if (!issuer || typeof issuer === 'undefined') {\n    throw new Error('invalid_argument: args.credential.issuer must not be empty')\n  }\n  return { credential: credentialPayload, issuer, now }\n}\n\nexport function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs) {\n  const { presentation, now = new Date() } = args\n  const credentials = presentation?.verifiableCredential ?? []\n  const v1Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V1))\n    ? VCDM_CREDENTIAL_CONTEXT_V1\n    : undefined\n  const v2Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V2))\n    ? VCDM_CREDENTIAL_CONTEXT_V2\n    : undefined\n  const presentationContext = addVcdmContextIfNeeded(\n    args?.presentation?.['@context'] ?? [],\n    v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2,\n  )\n  const presentationType = processEntryToArray(args?.presentation?.type, 'VerifiablePresentation')\n\n  let issuanceDate = presentation?.validFrom ?? presentation?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const presentationPayload: PresentationPayload = {\n    ...presentation,\n    '@context': presentationContext,\n    type: presentationType,\n    ...(v1Credential && { issuanceDate }), // V1 only for JWT, but we remove it in the jsonld processor anyway\n    ...(v2Credential && { validFrom: issuanceDate }),\n  }\n  // Workaround for bug in TypeError: Cannot read property 'length' of undefined\n  //     at VeramoEd25519Signature2018.preSigningPresModification\n  /*if (!presentation.verifier) {\n        presentation.verifier = []\n      }*/\n\n  if (!isDefined(presentationPayload.holder) || !presentationPayload.holder) {\n    throw new Error('invalid_argument: args.presentation.holderDID must not be empty')\n  }\n  if (presentationPayload.verifiableCredential) {\n    presentationPayload.verifiableCredential = presentationPayload.verifiableCredential.map((cred) => {\n      // map JWT credentials to their canonical form\n      if (typeof cred !== 'string' && cred.proof.jwt) {\n        return cred.proof.jwt\n      } else {\n        return cred\n      }\n    })\n  }\n  return { presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder) }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;uBAAAA;EAAA;;;;;;;;;ACOA,6BAAgD;AAChD,mBAAmF;AAEnF,wBAMK;AAEL,kBAA6B;AAC7B,mBAAkB;AAElB,IAAMC,YAAQC,aAAAA,SAAM,+BAAA;AAOb,IAAMC,eAAe;;EAE1BC,IAAI;;EAEJC,IAAI;AACN;AAsBO,IAAMC,oBAAN,cAAgCC,8CAAAA;EAhDvC,OAgDuCA;;;EACrC,MAAMC,OAAOC,SAAkBC,SAAqC;AAClE,UAAMC,OAAOF,QAAQG,gBAAe;AAKpC,QAAID,MAAME,SAAS,SAASJ,QAAQK,KAAK;AACvC,YAAM,EAAEC,KAAI,IAAKN;AAEjB,UAAI;AACFO,8DAA+BD,IAAAA;AAG/Bd,cAAM,UAAUE,aAAaE,EAAE;AAC/B,cAAMY,mBAAeC,yCAAsBT,QAAQK,GAAG;AACtD,cAAMK,cAAcF,aAAaG;AAEjCX,gBAAQY,SAAKC,+BAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAC5Bf,gBAAQgB,KAAKR,aAAaS,WAAW,CAAA;AAErC,YAAIT,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAEAlB,gBAAQoB,YAAYZ,aAAaa;AACjCrB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAcA;AAEtB,eAAOV;MACT,SAASuB,GAAG;MAAC;AAEb,UAAI;AACFC,4DAA6BlB,IAAAA;AAE7Bd,cAAM,UAAUE,aAAaC,EAAE;AAC/B,cAAM8B,iBAAaC,uCAAoB1B,QAAQK,GAAG;AAElDL,gBAAQY,SAAKC,+BAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOW,WAAWE,OAAOf;AACjCZ,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,SAASuB,GAAG;MAAC;IACf;AAGA,QAAIvB,QAAQI,SAASV,aAAaC,MAAMK,QAAQM,MAAM;AAEpD,YAAMmB,aAAazB,QAAQM;AAE3B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMC,iBAAiB;QAAEN;MAAW,CAAA;AACjE,UAAII,OAAOG,UAAU;AACnBhC,gBAAQY,SAAKC,+BAAiBb,QAAQK,OAAOL,QAAQY,UAAMqB,YAAAA,IAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,WAAOoB,4BAAcT,UAAAA;AAC7BzB,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,QAAIA,QAAQI,SAASV,aAAaE,MAAMI,QAAQM,MAAM;AAEpD,YAAME,eAAeR,QAAQM;AAG7B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMO,mBAAmB;QACpD7B;;QAEA8B,WAAW;QACXC,QAAQ;MACV,CAAA;AACA,UAAIV,OAAOG,UAAU;AACnBhC,gBAAQY,SAAKC,+BAAiBb,QAAQK,OAAOL,QAAQY,UAAMqB,YAAAA,IAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAG5B,YAAIP,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAGAlB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,kBAAc8B,sBAAQhC,aAAaG,oBAAoB,EAAE8B,IAAIC,qCAAAA;AACrE,eAAO1C;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,WAAO,MAAMD,OAAOC,SAASC,OAAAA;EAC/B;AACF;;;ACrKA,kBAAuB;AAYvB,IAAA0C,gBAAkB;;;ACAlB,IAAAC,gBAA8D;AAC9D,qBAA0B;AAC1B,uBAMO;AAEP,yBAAuB;AAYhB,SAASC,eACdC,OACAC,UAA0C,CAAC,GAAC;AAE5C,MAAI,KAACC,yBAAUF,KAAAA,GAAQ;AACrB,WAAO;EACT,WAAW,OAAOA,UAAU,UAAU;AAEpC,QAAI;AACF,YAAM,EAAEG,QAAO,QAAKC,0BAAUJ,MAAMK,MAAM,GAAG,EAAE,CAAA,CAAE;AACjD,YAAMC,MAAMH,QAAQG,OAAO;AAC3B,aAAO,CAAC,CAACL,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;IACjE,SAASG,GAAQ;AACf,aAAO;IACT;EACF,OAAO;AAEL,QAAIH;AACJ,QAAIN,MAAMU,QAAQ;AAChBJ,YAAMN,MAAMU;IACd,WAAWV,MAAMW,QAAQ;AACvBL,YAAMN,MAAMW;IACd,OAAO;AACLL,YAAM;IACR;AACA,QAAI,OAAOA,QAAQ,SAAUA,OAAMA,IAAIM,MAAM;AAC7C,WAAO,CAAC,CAACX,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;EACjE;AACF;AA5BgBP,OAAAA,gBAAAA;AAqCT,SAASS,oBAAoBK,KAAW;AAC7C,SAAOA,IAAIC,QAAQ,SAAS,EAAA;AAC9B;AAFgBN;AAIhB,eAAsBO,eACpB,EAAEC,YAAYC,UAAS,GACvBC,SAA+C;AAE/C,QAAMC,MAAM,UAAMC,2BAAO;IAAEJ;IAAYK,gBAAgB;IAAmBJ;EAAqB,GAAGC,OAAAA;AAClG,SAAOC;AACT;AANsBJ;AAQtB,eAAsBO,UAAUC,YAAkCL,SAAiD;AACjH,MAAI,CAACK,WAAWC,iBAAkB,QAAO;AAEzC,MAAI,OAAON,QAAQO,MAAMC,0BAA0B,YAAY;AAC7D,UAAMC,SAAS,MAAMT,QAAQO,MAAMC,sBAAsB;MAAEH;IAAW,CAAA;AACtE,WAAOI,QAAQC,WAAW,QAAQD,QAAQE,aAAa;EACzD;AAEA,QAAM,IAAIC,MAAM,wHAAwH;AAC1I;AATsBR;AAWf,SAASS,4BAA4B,EAAER,YAAYS,MAAM,oBAAIC,KAAAA,EAAM,GAA0D;AAClI,QAAMC,wBAAoBC,yCAAuBZ,aAAa,UAAA,CAAW;AACzE,QAAMa,cAAUC,oCAAkBd,UAAAA;AAClC,QAAMe,cAAUC,oCAAkBhB,UAAAA;AAClC,QAAMiB,qBAAiBC,mCAAoBlB,YAAYmB,MAAM,sBAAA;AAC7D,MAAIC,eAAepB,YAAYqB,aAAarB,YAAYoB,iBAAiB,OAAOX,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKa,YAAW;AACnI,MAAIC,iBAAiBvB,YAAYwB,cAAcxB,YAAYuB;AAC3D,MAAIH,wBAAwBV,MAAM;AAChCU,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMG,oBAAuC;IAC3C,GAAGzB;IACH,YAAYW;IACZQ,MAAMF;IACN,GAAIJ,WAAW;MAAEO;IAAa;IAC9B,GAAIP,WAAWU,kBAAkB;MAAEA;IAAe;IAClD,GAAIR,WAAW;MAAEM,WAAWD;IAAa;IACzC,GAAIL,WAAWQ,kBAAkB;MAAEC,YAAYD;IAAe;EAChE;AACA,MAAIV,SAAS;AACX,WAAOY,kBAAkBJ;AACzB,WAAOI,kBAAkBD;EAC3B,WAAWT,SAAS;AAClB,WAAOU,kBAAkBL;AACzB,WAAOK,kBAAkBF;EAC3B;AAIA,QAAMpC,SAASX,eAAciD,mBAAmB;IAAEzC,kBAAkB;EAAK,CAAA;AACzE,MAAI,CAACG,UAAU,OAAOA,WAAW,aAAa;AAC5C,UAAM,IAAIoB,MAAM,4DAAA;EAClB;AACA,SAAO;IAAEP,YAAYyB;IAAmBtC;IAAQsB;EAAI;AACtD;AAlCgBD;AAoCT,SAASkB,uBAAuBC,MAAyC;AAC9E,QAAM,EAAEC,cAAcnB,MAAM,oBAAIC,KAAAA,EAAM,IAAKiB;AAC3C,QAAME,cAAcD,cAAcE,wBAAwB,CAAA;AAC1D,QAAMC,eAAeF,YAAYG,KAAK,CAACC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASC,2CAAAA,CAAAA,IAClGA,8CACAC;AACJ,QAAMC,eAAeR,YAAYG,KAAK,CAACC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASI,2CAAAA,CAAAA,IAClGA,8CACAF;AACJ,QAAMG,0BAAsB3B,yCAC1Be,MAAMC,eAAe,UAAA,KAAe,CAAA,GACpCS,gBAAgBN,gBAAgBO,2CAAAA;AAElC,QAAME,uBAAmBtB,mCAAoBS,MAAMC,cAAcT,MAAM,wBAAA;AAEvE,MAAIC,eAAeQ,cAAcP,aAAaO,cAAcR,iBAAiB,OAAOX,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKa,YAAW;AACvI,MAAIF,wBAAwBV,MAAM;AAChCU,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMmB,sBAA2C;IAC/C,GAAGb;IACH,YAAYW;IACZpB,MAAMqB;IACN,GAAIT,gBAAgB;MAAEX;IAAa;IACnC,GAAIiB,gBAAgB;MAAEhB,WAAWD;IAAa;EAChD;AAOA,MAAI,KAACzC,yBAAU8D,oBAAoBrD,MAAM,KAAK,CAACqD,oBAAoBrD,QAAQ;AACzE,UAAM,IAAImB,MAAM,iEAAA;EAClB;AACA,MAAIkC,oBAAoBX,sBAAsB;AAC5CW,wBAAoBX,uBAAuBW,oBAAoBX,qBAAqBY,IAAI,CAACT,SAAAA;AAEvF,UAAI,OAAOA,SAAS,YAAYA,KAAKU,MAAMC,KAAK;AAC9C,eAAOX,KAAKU,MAAMC;MACpB,OAAO;AACL,eAAOX;MACT;IACF,CAAA;EACF;AACA,SAAO;IAAEL,cAAca;IAAqBrD,QAAQH,oBAAoBwD,oBAAoBrD,MAAM;EAAE;AACtG;AA9CgBsC;;;ADnHhB,qBAA0E;AAE1E,IAAMmB,aAAQC,cAAAA,SAAM,uBAAA;AAOb,IAAMC,uBAAN,MAAMA;EAxBb,OAwBaA;;;EACFC;EACAC,SAAS;IAChBC,YAAY;MACVC,SAAS;QACP,GAAGF,mBAAOG,kBAAkBF,WAAWC;QACvC,GAAGF,mBAAOI,oBAAoBH,WAAWC;MAC3C;MACAH,SAAS;QACP,GAAGC,mBAAOG,kBAAkBF,WAAWF;QACvC,GAAGC,mBAAOI,oBAAoBH,WAAWF;MAC3C;IACF;EACF;EACQM;EAERC,YAAYC,SAAiD;AAC3D,SAAKF,UAAUE,QAAQF;AACvB,SAAKN,UAAU;MACbS,wBAAwB,KAAKA,uBAAuBC,KAAK,IAAI;MAC7DC,4BAA4B,KAAKA,2BAA2BD,KAAK,IAAI;MACrEE,kBAAkB,KAAKA,iBAAiBF,KAAK,IAAI;MACjDG,8BAA8B,KAAKA,6BAA6BH,KAAK,IAAI;MACzEI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACvD;EACF;EAEA,MAAMD,uBAAuBM,KAAkBC,SAAqD;AAClG,UAAMC,iBAA2B,CAAA;AACjC,UAAMC,OAAOH,IAAIG;AACjB,eAAWC,OAAOD,MAAM;AACtB,iBAAWE,UAAU,KAAKd,SAAS;AACjC,YAAIc,OAAOC,gBAAgBF,GAAAA,GAAM;AAC/BF,yBAAeK,KAAKF,OAAOG,mBAAkB,CAAA;QAC/C;MACF;IACF;AACA,WAAON;EACT;;EAGA,MAAMN,2BAA2Ba,MAAyCR,SAAmE;AAC3I,QAAI;MAAES;;IAAmE,IAAOD;AAChF,UAAM,EAAEE,YAAYN,QAAQO,IAAG,IAAKC,4BAA4BJ,IAAAA;AAEhE,QAAI;AACF,YAAMR,QAAQa,MAAMC,cAAc;QAAEf,KAAKK;MAAO,CAAA;IAClD,SAASW,GAAG;AACV,YAAM,IAAIC,MAAM,4EAA4ED,CAAAA,EAAG;IACjG;AACA,QAAI;AACF,qBAAeE,uBAAuB3B,SAAkC;AACtE,mBAAWc,WAAUd,SAAS;AAC5B,cAAIc,QAAOc,uBAAuB;YAAET;UAAY,CAAA,GAAI;AAClD,mBAAO,MAAML,QAAOT,2BAA2B;cAAE,GAAGa;cAAME;cAAYC;YAAI,GAAGX,OAAAA;UAC/E;QACF;AACA,cAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;MAEvJ;AATeJ;AAUf,YAAMK,uBAAuB,MAAML,uBAAuB,KAAK3B,OAAO;AACtE,aAAOgC;IACT,SAASC,OAAO;AACd1C,MAAAA,OAAM0C,KAAAA;AACN,aAAOC,QAAQC,OAAOF,KAAAA;IACxB;EACF;;EAGA,MAAM3B,iBAAiBY,MAA+BR,SAA4D;AAChH,QAAI;MAAEU;MAAYgB;;IAA4B,IAAOlB;AACrD,QAAImB;AACJ,QAAIC,qBAAgD;MAAEC,UAAU;IAAM;AAEtE,mBAAeC,wBAAwBxC,SAAkC;AACvE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUtB;QAAsC,CAAA,GAAI;AACrF,iBAAON,OAAOR,iBAAiBY,MAAMR,OAAAA;QACvC;MACF;AACA,aAAOwB,QAAQC,OACbT,MACE,iFAAiFiB,KAAKC,UAAU1B,KAAKE,WAAWyB,IAAI,CAAA,mBAAgBC,wBAAQ5B,KAAKE,WAAW2B,KAAK,IAAI,CAAA,GAAIF,IAAAA,eAAmB7C,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM,CAAA;IAGxP;AAXeS;AAYfF,yBAAqB,MAAME,wBAAwB,KAAKxC,OAAO;AAC/DqC,yBAA2CjB;AAE3C,QAAIgB,UAAUY,qBAAqB,SAAU,MAAMC,UAAUZ,oBAAoB3B,OAAAA,GAAkB;AACjG4B,2BAAqB;QACnBC,UAAU;QACVN,OAAO;UACLiB,SAAS;UACTC,WAAW;QACb;MACF;IACF;AAEA,WAAOb;EACT;;EAGA,MAAM/B,6BAA6BW,MAA2CR,SAAqE;AACjJ,UAAM,EAAES,YAAW,IAAKD;AACxB,UAAM,EAAEkC,aAAY,IAAKC,uBAAuBnC,IAAAA;AAEhD,QAAIoC;AAEJ,mBAAeC,0BAA0BvD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAOc,uBAAuB;UAAET;QAAY,CAAA,GAAI;AAClD,iBAAO,MAAML,OAAOP,6BAA6B;YAAE,GAAGW;YAAMkC;UAAa,GAAG1C,OAAAA;QAC9E;MACF;AACA,YAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;IAEvJ;AATewB;AAWfD,6BAAyB,MAAMC,0BAA0B,KAAKvD,OAAO;AACrE,WAAOsD;EACT;;EAGA,MAAM9C,mBAAmBU,MAAiCR,SAA4D;AACpH,QAAI;MAAE0C;;IAAgF,IAAOlC;AAC7F,mBAAesC,0BAA0BxD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUU;QAA0C,CAAA,GAAI;AACzF,iBAAOtC,OAAON,mBAAmBU,MAAMR,OAAAA;QACzC;MACF;AACA,YAAM,IAAIgB,MAAM,gEAAA;IAClB;AAPe8B;AAQf,UAAMC,SAAS,MAAMD,0BAA0B,KAAKxD,OAAO;AAC3D,WAAOyD;EACT;AACF;;;AFlJA,IAAMC,mBAAmBC;","names":["extractIssuer","debug","Debug","MessageTypes","vc","vp","W3cMessageHandler","AbstractMessageHandler","handle","message","context","meta","getLastMetaData","type","raw","data","validateJwtPresentationPayload","presentation","normalizePresentation","credentials","verifiableCredential","id","computeEntryHash","from","holder","to","verifier","tag","threadId","createdAt","issuanceDate","presentations","e","validateJwtCredentialPayload","credential","normalizeCredential","issuer","credentialSubject","result","agent","verifyCredential","verified","uuidv4","extractIssuer","Error","error","verifyPresentation","challenge","domain","asArray","map","decodeCredentialToObject","import_debug","import_utils","extractIssuer","input","options","isDefined","payload","decodeJWT","split","iss","removeParameters","removeDIDParameters","e","issuer","holder","id","did","replace","pickSigningKey","identifier","kmsKeyRef","context","key","getKey","vmRelationship","isRevoked","credential","credentialStatus","agent","checkCredentialStatus","status","revoked","verified","Error","preProcessCredentialPayload","now","Date","credentialContext","addVcdmContextIfNeeded","isVdcm1","isVcdm1Credential","isVdcm2","isVcdm2Credential","credentialType","processEntryToArray","type","issuanceDate","validFrom","toISOString","expirationDate","validUntil","credentialPayload","preProcessPresentation","args","presentation","credentials","verifiableCredential","v1Credential","find","cred","includes","VCDM_CREDENTIAL_CONTEXT_V1","undefined","v2Credential","VCDM_CREDENTIAL_CONTEXT_V2","presentationContext","presentationType","presentationPayload","map","proof","jwt","debug","Debug","VcdmCredentialPlugin","methods","schema","components","schemas","ICredentialIssuer","ICredentialVerifier","issuers","constructor","options","listUsableProofFormats","bind","createVerifiableCredential","verifyCredential","createVerifiablePresentation","verifyPresentation","did","context","signingOptions","keys","key","issuer","matchKeyForType","push","getTypeProofFormat","args","proofFormat","credential","now","preProcessCredentialPayload","agent","didManagerGet","e","Error","findAndIssueCredential","canIssueCredentialType","map","i","join","verifiableCredential","error","Promise","reject","policies","verifiedCredential","verificationResult","verified","findAndVerifyCredential","canVerifyDocumentType","document","JSON","stringify","type","asArray","proof","credentialStatus","isRevoked","message","errorCode","presentation","preProcessPresentation","verifiablePresentation","findAndCreatePresentation","findAndVerifyPresentation","result","CredentialIssuer","VcdmCredentialPlugin"]}

package/dist/index.d.cts

@@ -4,6 +4,7 @@ import { VerifiablePresentationSP, VerifiableCredentialSP } from '@sphereon/ssi-
 import { IIssueCredentialStatusOpts } from '@sphereon/ssi-sdk.vc-status-list';
 import { W3CVerifiablePresentation, W3CVerifiableCredential } from '@sphereon/ssi-types';
 import { AbstractMessageHandler, Message } from '@veramo/message-handler';
+import { _ExtendedIKey } from '@veramo/utils';
 
 type IVcdmCredentialPlugin = IVcdmCredentialIssuer & IVcdmCredentialVerifier;
 /**
@@ -525,7 +526,10 @@ declare function extractIssuer(input?: W3CVerifiableCredential$1 | W3CVerifiable
  * @beta This API may change without a BREAKING CHANGE notice.
  */
 declare function removeDIDParameters(did: string): string;
-declare function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey;
+declare function pickSigningKey({ identifier, kmsKeyRef }: {
+    identifier: IIdentifier;
+    kmsKeyRef?: string;
+}, context: IAgentContext<IResolver & IDIDManager>): Promise<_ExtendedIKey>;
 declare function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean>;
 declare function preProcessCredentialPayload({ credential, now }: {
     credential: CredentialPayload;

package/dist/index.d.ts

@@ -4,6 +4,7 @@ import { VerifiablePresentationSP, VerifiableCredentialSP } from '@sphereon/ssi-
 import { IIssueCredentialStatusOpts } from '@sphereon/ssi-sdk.vc-status-list';
 import { W3CVerifiablePresentation, W3CVerifiableCredential } from '@sphereon/ssi-types';
 import { AbstractMessageHandler, Message } from '@veramo/message-handler';
+import { _ExtendedIKey } from '@veramo/utils';
 
 type IVcdmCredentialPlugin = IVcdmCredentialIssuer & IVcdmCredentialVerifier;
 /**
@@ -525,7 +526,10 @@ declare function extractIssuer(input?: W3CVerifiableCredential$1 | W3CVerifiable
  * @beta This API may change without a BREAKING CHANGE notice.
  */
 declare function removeDIDParameters(did: string): string;
-declare function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey;
+declare function pickSigningKey({ identifier, kmsKeyRef }: {
+    identifier: IIdentifier;
+    kmsKeyRef?: string;
+}, context: IAgentContext<IResolver & IDIDManager>): Promise<_ExtendedIKey>;
 declare function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean>;
 declare function preProcessCredentialPayload({ credential, now }: {
     credential: CredentialPayload;

package/dist/index.js

@@ -119,6 +119,7 @@ import Debug2 from "debug";
 import { isDefined, processEntryToArray } from "@veramo/utils";
 import { decodeJWT } from "did-jwt";
 import { addVcdmContextIfNeeded, isVcdm1Credential, isVcdm2Credential, VCDM_CREDENTIAL_CONTEXT_V1, VCDM_CREDENTIAL_CONTEXT_V2 } from "@sphereon/ssi-types";
+import { getKey } from "@sphereon/ssi-sdk-ext.did-utils";
 function extractIssuer2(input, options = {}) {
   if (!isDefined(input)) {
     return "";
@@ -148,15 +149,12 @@ function removeDIDParameters(did) {
   return did.replace(/\?.*$/, "");
 }
 __name(removeDIDParameters, "removeDIDParameters");
-function pickSigningKey(identifier, keyRef) {
-  let key;
-  if (!keyRef) {
-    key = identifier.keys.find((k) => k.type === "Secp256k1" || k.type === "Ed25519" || k.type === "Secp256r1");
-    if (!key) throw Error("key_not_found: No signing key for " + identifier.did);
-  } else {
-    key = identifier.keys.find((k) => k.kid === keyRef);
-    if (!key) throw Error("key_not_found: No signing key for " + identifier.did + " with kid " + keyRef);
-  }
+async function pickSigningKey({ identifier, kmsKeyRef }, context) {
+  const key = await getKey({
+    identifier,
+    vmRelationship: "assertionMethod",
+    kmsKeyRef
+  }, context);
   return key;
 }
 __name(pickSigningKey, "pickSigningKey");
@@ -177,6 +175,7 @@ function preProcessCredentialPayload({ credential, now = /* @__PURE__ */ new Dat
   const isVdcm2 = isVcdm2Credential(credential);
   const credentialType = processEntryToArray(credential?.type, "VerifiableCredential");
   let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === "number" ? new Date(now) : now).toISOString();
+  let expirationDate = credential?.validUntil ?? credential?.expirationDate;
   if (issuanceDate instanceof Date) {
     issuanceDate = issuanceDate.toISOString();
   }
@@ -187,10 +186,23 @@ function preProcessCredentialPayload({ credential, now = /* @__PURE__ */ new Dat
     ...isVdcm1 && {
       issuanceDate
     },
+    ...isVdcm1 && expirationDate && {
+      expirationDate
+    },
     ...isVdcm2 && {
       validFrom: issuanceDate
+    },
+    ...isVdcm2 && expirationDate && {
+      validUntil: expirationDate
     }
   };
+  if (isVdcm1) {
+    delete credentialPayload.validFrom;
+    delete credentialPayload.validUntil;
+  } else if (isVdcm2) {
+    delete credentialPayload.issuanceDate;
+    delete credentialPayload.expirationDate;
+  }
   const issuer = extractIssuer2(credentialPayload, {
     removeParameters: true
   });

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/message-handler.ts","../src/vcdmCredentialPlugin.ts","../src/functions.ts","../src/index.ts"],"sourcesContent":["import type {\n  IAgentContext,\n  ICredentialVerifier,\n  IResolver,\n  VerifiableCredential,\n  VerifiablePresentation,\n} from '@veramo/core'\nimport { AbstractMessageHandler, Message } from '@veramo/message-handler'\nimport { asArray, computeEntryHash, decodeCredentialToObject, extractIssuer } from '@veramo/utils'\n\nimport {\n  normalizeCredential,\n  normalizePresentation,\n  validateJwtCredentialPayload,\n  validateJwtPresentationPayload,\n}// @ts-ignore\nfrom 'did-jwt-vc'\n\nimport { v4 as uuidv4 } from 'uuid'\nimport Debug from 'debug'\n\nconst debug = Debug('sphereon:vcdm:message-handler')\n\n/**\n * These types are used by `@veramo/data-store` when storing Verifiable Credentials and Presentations\n *\n * @internal\n */\nexport const MessageTypes = {\n  /** Represents a Verifiable Credential */\n  vc: 'w3c.vc',\n  /** Represents a Verifiable Presentation */\n  vp: 'w3c.vp',\n}\n\n/**\n * Represents the requirements that this plugin has.\n * The agent that is using this plugin is expected to provide these methods.\n *\n * This interface can be used for static type checks, to make sure your application is properly initialized.\n */\nexport type IContext = IAgentContext<IResolver & ICredentialVerifier>\n\n/**\n * An implementation of the {@link @veramo/message-handler#AbstractMessageHandler}.\n *\n * This plugin can handle incoming W3C Verifiable Credentials and Presentations and prepare them\n * for internal storage as {@link @veramo/message-handler#Message} types.\n *\n * The current version can only handle `JWT` encoded\n *\n * @remarks {@link @veramo/core#IDataStore | IDataStore }\n *\n * @public\n */\nexport class W3cMessageHandler extends AbstractMessageHandler {\n  async handle(message: Message, context: IContext): Promise<Message> {\n    const meta = message.getLastMetaData()\n\n    // console.log(JSON.stringify(message, null,  2))\n\n    //FIXME: messages should not be expected to be only JWT\n    if (meta?.type === 'JWT' && message.raw) {\n      const { data } = message\n\n      try {\n        validateJwtPresentationPayload(data)\n\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vp)\n        const presentation = normalizePresentation(message.raw)\n        const credentials = presentation.verifiableCredential\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = credentials\n\n        return message\n      } catch (e) {}\n\n      try {\n        validateJwtCredentialPayload(data)\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vc)\n        const credential = normalizeCredential(message.raw)\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vc\n        message.from = credential.issuer.id\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } catch (e) {}\n    }\n\n    // LDS Verification and Handling\n    if (message.type === MessageTypes.vc && message.data) {\n      // verify credential\n      const credential = message.data as VerifiableCredential\n\n      const result = await context.agent.verifyCredential({ credential })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vc\n        message.from = extractIssuer(credential)\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    if (message.type === MessageTypes.vp && message.data) {\n      // verify presentation\n      const presentation = message.data as VerifiablePresentation\n\n      // throws on error.\n      const result = await context.agent.verifyPresentation({\n        presentation,\n        // FIXME: HARDCODED CHALLENGE VERIFICATION FOR NOW\n        challenge: 'VERAMO',\n        domain: 'VERAMO',\n      })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        // message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        // message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = asArray(presentation.verifiableCredential).map(decodeCredentialToObject)\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    return super.handle(message, context)\n  }\n}\n","import type { IAgentPlugin, IIdentifier, IVerifyResult, VerifiableCredential } from '@veramo/core'\nimport { schema } from '@veramo/core'\n\nimport type {\n  ICreateVerifiableCredentialLDArgs,\n  ICreateVerifiablePresentationLDArgs,\n  IVcdmCredentialPlugin,\n  IVcdmCredentialProvider,\n  IVcdmIssuerAgentContext,\n  IVcdmVerifierAgentContext,\n  IVerifyCredentialLDArgs,\n  IVerifyPresentationLDArgs,\n} from './types'\nimport Debug from 'debug'\nimport { isRevoked, preProcessCredentialPayload, preProcessPresentation } from './functions'\nimport type { W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types'\nimport { asArray, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\n\nconst debug = Debug('sphereon:ssi-sdk:vcdm')\n\n/**\n * A plugin that implements the {@link @sphereon/ssi-sdk.credential-vcdm#IVcdmCredentialPlugin} methods.\n *\n * @public\n */\nexport class VcdmCredentialPlugin implements IAgentPlugin {\n  readonly methods: IVcdmCredentialPlugin\n  readonly schema = {\n    components: {\n      schemas: {\n        ...schema.ICredentialIssuer.components.schemas,\n        ...schema.ICredentialVerifier.components.schemas,\n      },\n      methods: {\n        ...schema.ICredentialIssuer.components.methods,\n        ...schema.ICredentialVerifier.components.methods,\n      },\n    },\n  }\n  private issuers: IVcdmCredentialProvider[]\n\n  constructor(options: { issuers: IVcdmCredentialProvider[] }) {\n    this.issuers = options.issuers\n    this.methods = {\n      listUsableProofFormats: this.listUsableProofFormats.bind(this),\n      createVerifiableCredential: this.createVerifiableCredential.bind(this),\n      verifyCredential: this.verifyCredential.bind(this),\n      createVerifiablePresentation: this.createVerifiablePresentation.bind(this),\n      verifyPresentation: this.verifyPresentation.bind(this),\n    }\n  }\n\n  async listUsableProofFormats(did: IIdentifier, context: IVcdmIssuerAgentContext): Promise<string[]> {\n    const signingOptions: string[] = []\n    const keys = did.keys\n    for (const key of keys) {\n      for (const issuer of this.issuers) {\n        if (issuer.matchKeyForType(key)) {\n          signingOptions.push(issuer.getTypeProofFormat())\n        }\n      }\n    }\n    return signingOptions\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiableCredential} */\n  async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n    let { proofFormat /* keyRef, removeOriginalFields, now , ...otherOptions */ } = args\n    const { credential, issuer, now } = preProcessCredentialPayload(args)\n\n    try {\n      await context.agent.didManagerGet({ did: issuer })\n    } catch (e) {\n      throw new Error(`invalid_argument: credential.issuer must be a DID managed by this agent. ${e}`)\n    }\n    try {\n      async function findAndIssueCredential(issuers: IVcdmCredentialProvider[]) {\n        for (const issuer of issuers) {\n          if (issuer.canIssueCredentialType({ proofFormat })) {\n            return await issuer.createVerifiableCredential({ ...args, credential, now }, context)\n          }\n        }\n        throw new Error(\n          `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        )\n      }\n      const verifiableCredential = await findAndIssueCredential(this.issuers)\n      return verifiableCredential\n    } catch (error) {\n      debug(error)\n      return Promise.reject(error)\n    }\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyCredential} */\n  async verifyCredential(args: IVerifyCredentialLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { credential, policies /*, ...otherOptions*/ } = args\n    let verifiedCredential: VerifiableCredential\n    let verificationResult: IVerifyResult | undefined = { verified: false }\n\n    async function findAndVerifyCredential(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: credential as W3CVerifiableCredential })) {\n          return issuer.verifyCredential(args, context)\n        }\n      }\n      return Promise.reject(\n        Error(\n          `invalid_setup: No verifier found for the provided credential credential type: ${JSON.stringify(args.credential.type)} proof type ${asArray(args.credential.proof)?.[0]?.type} supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        ),\n      )\n    }\n    verificationResult = await findAndVerifyCredential(this.issuers)\n    verifiedCredential = <VerifiableCredential>credential\n\n    if (policies?.credentialStatus !== false && (await isRevoked(verifiedCredential, context as any))) {\n      verificationResult = {\n        verified: false,\n        error: {\n          message: 'revoked: The credential was revoked by the issuer',\n          errorCode: 'revoked',\n        },\n      }\n    }\n\n    return verificationResult\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiablePresentation} */\n  async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n    const { proofFormat } = args\n    const { presentation } = preProcessPresentation(args)\n\n    let verifiablePresentation: VerifiablePresentationSP\n\n    async function findAndCreatePresentation(issuers: IVcdmCredentialProvider[]) {\n      for (const issuer of issuers) {\n        if (issuer.canIssueCredentialType({ proofFormat })) {\n          return await issuer.createVerifiablePresentation({ ...args, presentation }, context)\n        }\n      }\n      throw new Error(\n        `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n      )\n    }\n\n    verifiablePresentation = await findAndCreatePresentation(this.issuers)\n    return verifiablePresentation\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyPresentation} */\n  async verifyPresentation(args: IVerifyPresentationLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { presentation /*domain, challenge, fetchRemoteContexts, policies, ...otherOptions*/ } = args\n    async function findAndVerifyPresentation(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: presentation as W3CVerifiablePresentation })) {\n          return issuer.verifyPresentation(args, context)\n        }\n      }\n      throw new Error('invalid_setup: No verifier found for the provided presentation')\n    }\n    const result = await findAndVerifyPresentation(this.issuers)\n    return result\n  }\n}\n","import type {\n  CredentialPayload,\n  IAgentContext, ICredentialStatusVerifier,\n  IIdentifier,\n  IKey,\n  IssuerType,\n  PresentationPayload,\n  VerifiableCredential,\n  W3CVerifiableCredential,\n  W3CVerifiablePresentation\n} from '@veramo/core'\nimport { isDefined, processEntryToArray } from '@veramo/utils'\nimport { decodeJWT } from 'did-jwt'\nimport { addVcdmContextIfNeeded, isVcdm1Credential, isVcdm2Credential, VCDM_CREDENTIAL_CONTEXT_V1, VCDM_CREDENTIAL_CONTEXT_V2 } from '@sphereon/ssi-types'\nimport { ICreateVerifiablePresentationLDArgs } from './types'\n\n/**\n * Decodes a credential or presentation and returns the issuer ID\n * `iss` from a JWT or `issuer`/`issuer.id` from a VC or `holder` from a VP\n *\n * @param input - the credential or presentation whose issuer/holder needs to be extracted.\n * @param options - options for the extraction\n *   removeParameters - Remove all DID parameters from the issuer ID\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractIssuer(\n  input?:\n    | W3CVerifiableCredential\n    | W3CVerifiablePresentation\n    | CredentialPayload\n    | PresentationPayload\n    | null,\n  options: { removeParameters?: boolean } = {}\n): string {\n  if (!isDefined(input)) {\n    return ''\n  } else if (typeof input === 'string') {\n    // JWT\n    try {\n      const { payload } = decodeJWT(input.split(`~`)[0])\n      const iss = payload.iss ?? ''\n      return !!options.removeParameters ? removeDIDParameters(iss) : iss\n    } catch (e: any) {\n      return ''\n    }\n  } else {\n    // JSON\n    let iss: IssuerType\n    if (input.issuer) {\n      iss = input.issuer\n    } else if (input.holder) {\n      iss = input.holder\n    } else {\n      iss = ''\n    }\n    if (typeof iss !== 'string') iss = iss.id ?? ''\n    return !!options.removeParameters ? removeDIDParameters(iss) : iss\n  }\n}\n\n\n/**\n * Remove all DID parameters from a DID url after the query part (?)\n *\n * @param did - the DID URL\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function removeDIDParameters(did: string): string {\n  return did.replace(/\\?.*$/, '')\n}\n\n\nexport function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey {\n  let key: IKey | undefined\n\n  if (!keyRef) {\n    key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1')\n    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did)\n  } else {\n    key = identifier.keys.find((k) => k.kid === keyRef)\n    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did + ' with kid ' + keyRef)\n  }\n\n  return key as IKey\n}\n\nexport async function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean> {\n  if (!credential.credentialStatus) return false\n\n  if (typeof context.agent.checkCredentialStatus === 'function') {\n    const status = await context.agent.checkCredentialStatus({ credential })\n    return status?.revoked == true || status?.verified === false\n  }\n\n  throw new Error(`invalid_setup: The credential status can't be verified because there is no ICredentialStatusVerifier plugin installed.`)\n}\n\n\n\nexport function preProcessCredentialPayload({credential, now = new Date()}: {credential: CredentialPayload, now?: number | Date}) {\n  const credentialContext = addVcdmContextIfNeeded(credential?.['@context'])\n  const isVdcm1 = isVcdm1Credential(credential)\n  const isVdcm2 = isVcdm2Credential(credential)\n  const credentialType = processEntryToArray(credential?.type, 'VerifiableCredential')\n  let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const credentialPayload: CredentialPayload = {\n    ...credential,\n    '@context': credentialContext,\n    type: credentialType,\n    ...(isVdcm1 && { issuanceDate }),\n    ...(isVdcm2 && { validFrom: issuanceDate }),\n  }\n\n  // debug(JSON.stringify(credentialPayload))\n\n  const issuer = extractIssuer(credentialPayload, {removeParameters: true})\n  if (!issuer || typeof issuer === 'undefined') {\n    throw new Error('invalid_argument: args.credential.issuer must not be empty')\n  }\n  return { credential: credentialPayload, issuer, now }\n}\n\n\nexport function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs) {\n  const { presentation, now = new Date() } = args\n  const credentials = presentation?.verifiableCredential ?? []\n  const v1Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V1))\n    ? VCDM_CREDENTIAL_CONTEXT_V1\n    : undefined\n  const v2Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V2))\n    ? VCDM_CREDENTIAL_CONTEXT_V2\n    : undefined\n  const presentationContext = addVcdmContextIfNeeded(args?.presentation?.['@context'] ?? [], v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2)\n  const presentationType = processEntryToArray(args?.presentation?.type, 'VerifiablePresentation')\n\n  let issuanceDate = presentation?.validFrom ?? presentation?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const presentationPayload: PresentationPayload = {\n    ...presentation,\n    '@context': presentationContext,\n    type: presentationType,\n    ...(v1Credential && { issuanceDate }), // V1 only for JWT, but we remove it in the jsonld processor anyway\n    ...(v2Credential && { validFrom: issuanceDate }),\n  }\n  // Workaround for bug in TypeError: Cannot read property 'length' of undefined\n  //     at VeramoEd25519Signature2018.preSigningPresModification\n  /*if (!presentation.verifier) {\n        presentation.verifier = []\n      }*/\n\n  if (!isDefined(presentationPayload.holder) || !presentationPayload.holder) {\n    throw new Error('invalid_argument: args.presentation.holderDID must not be empty')\n  }\n  if (presentationPayload.verifiableCredential) {\n    presentationPayload.verifiableCredential = presentationPayload.verifiableCredential.map((cred) => {\n      // map JWT credentials to their canonical form\n      if (typeof cred !== 'string' && cred.proof.jwt) {\n        return cred.proof.jwt\n      } else {\n        return cred\n      }\n    })\n  }\n  return {presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder)}\n}\n","/**\n * Provides a {@link @veramo/credential-w3c#CredentialPlugin | plugin} for the {@link @veramo/core#Agent} that\n * implements\n * {@link @veramo/core#ICredentialIssuer} interface.\n *\n * Provides a {@link @veramo/credential-w3c#W3cMessageHandler | plugin} for the\n * {@link @veramo/message-handler#MessageHandler} that verifies Credentials and Presentations in a message.\n *\n * @packageDocumentation\n */\nexport type * from './types'\nexport { W3cMessageHandler, MessageTypes } from './message-handler'\nimport { VcdmCredentialPlugin } from './vcdmCredentialPlugin'\n\n/**\n * @deprecated please use {@link VcdmCredentialPlugin} instead\n * @public\n */\nconst CredentialIssuer = VcdmCredentialPlugin\nexport { CredentialIssuer, VcdmCredentialPlugin }\n\n// For backward compatibility, re-export the plugin types that were moved to core in v4\nexport type { ICredentialIssuer, ICredentialVerifier } from '@veramo/core'\n\nexport * from './functions'\n"],"mappings":";;;;AAOA,SAASA,8BAAuC;AAChD,SAASC,SAASC,kBAAkBC,0BAA0BC,qBAAqB;AAEnF,SACEC,qBACAC,uBACAC,8BACAC,sCAEG;AAEL,SAASC,MAAMC,cAAc;AAC7B,OAAOC,WAAW;AAElB,IAAMC,QAAQC,MAAM,+BAAA;AAOb,IAAMC,eAAe;;EAE1BC,IAAI;;EAEJC,IAAI;AACN;AAsBO,IAAMC,oBAAN,cAAgCC,uBAAAA;EAhDvC,OAgDuCA;;;EACrC,MAAMC,OAAOC,SAAkBC,SAAqC;AAClE,UAAMC,OAAOF,QAAQG,gBAAe;AAKpC,QAAID,MAAME,SAAS,SAASJ,QAAQK,KAAK;AACvC,YAAM,EAAEC,KAAI,IAAKN;AAEjB,UAAI;AACFO,uCAA+BD,IAAAA;AAG/Bd,cAAM,UAAUE,aAAaE,EAAE;AAC/B,cAAMY,eAAeC,sBAAsBT,QAAQK,GAAG;AACtD,cAAMK,cAAcF,aAAaG;AAEjCX,gBAAQY,KAAKC,iBAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAC5Bf,gBAAQgB,KAAKR,aAAaS,WAAW,CAAA;AAErC,YAAIT,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAEAlB,gBAAQoB,YAAYZ,aAAaa;AACjCrB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAcA;AAEtB,eAAOV;MACT,SAASuB,GAAG;MAAC;AAEb,UAAI;AACFC,qCAA6BlB,IAAAA;AAE7Bd,cAAM,UAAUE,aAAaC,EAAE;AAC/B,cAAM8B,aAAaC,oBAAoB1B,QAAQK,GAAG;AAElDL,gBAAQY,KAAKC,iBAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOW,WAAWE,OAAOf;AACjCZ,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,SAASuB,GAAG;MAAC;IACf;AAGA,QAAIvB,QAAQI,SAASV,aAAaC,MAAMK,QAAQM,MAAM;AAEpD,YAAMmB,aAAazB,QAAQM;AAE3B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMC,iBAAiB;QAAEN;MAAW,CAAA;AACjE,UAAII,OAAOG,UAAU;AACnBhC,gBAAQY,KAAKC,iBAAiBb,QAAQK,OAAOL,QAAQY,MAAMqB,OAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOoB,cAAcT,UAAAA;AAC7BzB,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,QAAIA,QAAQI,SAASV,aAAaE,MAAMI,QAAQM,MAAM;AAEpD,YAAME,eAAeR,QAAQM;AAG7B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMO,mBAAmB;QACpD7B;;QAEA8B,WAAW;QACXC,QAAQ;MACV,CAAA;AACA,UAAIV,OAAOG,UAAU;AACnBhC,gBAAQY,KAAKC,iBAAiBb,QAAQK,OAAOL,QAAQY,MAAMqB,OAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAG5B,YAAIP,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAGAlB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAc8B,QAAQhC,aAAaG,oBAAoB,EAAE8B,IAAIC,wBAAAA;AACrE,eAAO1C;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,WAAO,MAAMD,OAAOC,SAASC,OAAAA;EAC/B;AACF;;;ACrKA,SAAS0C,cAAc;AAYvB,OAAOC,YAAW;;;ACFlB,SAASC,WAAWC,2BAA2B;AAC/C,SAASC,iBAAiB;AAC1B,SAASC,wBAAwBC,mBAAmBC,mBAAmBC,4BAA4BC,kCAAkC;AAa9H,SAASC,eACdC,OAMAC,UAA0C,CAAC,GAAC;AAE5C,MAAI,CAACC,UAAUF,KAAAA,GAAQ;AACrB,WAAO;EACT,WAAW,OAAOA,UAAU,UAAU;AAEpC,QAAI;AACF,YAAM,EAAEG,QAAO,IAAKC,UAAUJ,MAAMK,MAAM,GAAG,EAAE,CAAA,CAAE;AACjD,YAAMC,MAAMH,QAAQG,OAAO;AAC3B,aAAO,CAAC,CAACL,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;IACjE,SAASG,GAAQ;AACf,aAAO;IACT;EACF,OAAO;AAEL,QAAIH;AACJ,QAAIN,MAAMU,QAAQ;AAChBJ,YAAMN,MAAMU;IACd,WAAWV,MAAMW,QAAQ;AACvBL,YAAMN,MAAMW;IACd,OAAO;AACLL,YAAM;IACR;AACA,QAAI,OAAOA,QAAQ,SAAUA,OAAMA,IAAIM,MAAM;AAC7C,WAAO,CAAC,CAACX,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;EACjE;AACF;AAjCgBP,OAAAA,gBAAAA;AA2CT,SAASS,oBAAoBK,KAAW;AAC7C,SAAOA,IAAIC,QAAQ,SAAS,EAAA;AAC9B;AAFgBN;AAKT,SAASO,eAAeC,YAAyBC,QAAe;AACrE,MAAIC;AAEJ,MAAI,CAACD,QAAQ;AACXC,UAAMF,WAAWG,KAAKC,KAAK,CAACC,MAAMA,EAAEC,SAAS,eAAeD,EAAEC,SAAS,aAAaD,EAAEC,SAAS,WAAA;AAC/F,QAAI,CAACJ,IAAK,OAAMK,MAAM,uCAAuCP,WAAWH,GAAG;EAC7E,OAAO;AACLK,UAAMF,WAAWG,KAAKC,KAAK,CAACC,MAAMA,EAAEG,QAAQP,MAAAA;AAC5C,QAAI,CAACC,IAAK,OAAMK,MAAM,uCAAuCP,WAAWH,MAAM,eAAeI,MAAAA;EAC/F;AAEA,SAAOC;AACT;AAZgBH;AAchB,eAAsBU,UAAUC,YAAkCC,SAAiD;AACjH,MAAI,CAACD,WAAWE,iBAAkB,QAAO;AAEzC,MAAI,OAAOD,QAAQE,MAAMC,0BAA0B,YAAY;AAC7D,UAAMC,SAAS,MAAMJ,QAAQE,MAAMC,sBAAsB;MAAEJ;IAAW,CAAA;AACtE,WAAOK,QAAQC,WAAW,QAAQD,QAAQE,aAAa;EACzD;AAEA,QAAM,IAAIV,MAAM,wHAAwH;AAC1I;AATsBE;AAaf,SAASS,4BAA4B,EAACR,YAAYS,MAAM,oBAAIC,KAAAA,EAAM,GAAuD;AAC9H,QAAMC,oBAAoBC,uBAAuBZ,aAAa,UAAA,CAAW;AACzE,QAAMa,UAAUC,kBAAkBd,UAAAA;AAClC,QAAMe,UAAUC,kBAAkBhB,UAAAA;AAClC,QAAMiB,iBAAiBC,oBAAoBlB,YAAYJ,MAAM,sBAAA;AAC7D,MAAIuB,eAAenB,YAAYoB,aAAapB,YAAYmB,iBAAiB,OAAOV,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKY,YAAW;AACnI,MAAIF,wBAAwBT,MAAM;AAChCS,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMC,oBAAuC;IAC3C,GAAGtB;IACH,YAAYW;IACZf,MAAMqB;IACN,GAAIJ,WAAW;MAAEM;IAAa;IAC9B,GAAIJ,WAAW;MAAEK,WAAWD;IAAa;EAC3C;AAIA,QAAMnC,SAASX,eAAciD,mBAAmB;IAACzC,kBAAkB;EAAI,CAAA;AACvE,MAAI,CAACG,UAAU,OAAOA,WAAW,aAAa;AAC5C,UAAM,IAAIa,MAAM,4DAAA;EAClB;AACA,SAAO;IAAEG,YAAYsB;IAAmBtC;IAAQyB;EAAI;AACtD;AAxBgBD;AA2BT,SAASe,uBAAuBC,MAAyC;AAC9E,QAAM,EAAEC,cAAchB,MAAM,oBAAIC,KAAAA,EAAM,IAAKc;AAC3C,QAAME,cAAcD,cAAcE,wBAAwB,CAAA;AAC1D,QAAMC,eAAeF,YAAYhC,KAAK,CAACmC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASC,0BAAAA,CAAAA,IAClGA,6BACAC;AACJ,QAAMC,eAAeP,YAAYhC,KAAK,CAACmC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASI,0BAAAA,CAAAA,IAClGA,6BACAF;AACJ,QAAMG,sBAAsBvB,uBAAuBY,MAAMC,eAAe,UAAA,KAAe,CAAA,GAAIQ,gBAAgBL,gBAAgBM,0BAAAA;AAC3H,QAAME,mBAAmBlB,oBAAoBM,MAAMC,cAAc7B,MAAM,wBAAA;AAEvE,MAAIuB,eAAeM,cAAcL,aAAaK,cAAcN,iBAAiB,OAAOV,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKY,YAAW;AACvI,MAAIF,wBAAwBT,MAAM;AAChCS,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMgB,sBAA2C;IAC/C,GAAGZ;IACH,YAAYU;IACZvC,MAAMwC;IACN,GAAIR,gBAAgB;MAAET;IAAa;IACnC,GAAIc,gBAAgB;MAAEb,WAAWD;IAAa;EAChD;AAOA,MAAI,CAAC3C,UAAU6D,oBAAoBpD,MAAM,KAAK,CAACoD,oBAAoBpD,QAAQ;AACzE,UAAM,IAAIY,MAAM,iEAAA;EAClB;AACA,MAAIwC,oBAAoBV,sBAAsB;AAC5CU,wBAAoBV,uBAAuBU,oBAAoBV,qBAAqBW,IAAI,CAACT,SAAAA;AAEvF,UAAI,OAAOA,SAAS,YAAYA,KAAKU,MAAMC,KAAK;AAC9C,eAAOX,KAAKU,MAAMC;MACpB,OAAO;AACL,eAAOX;MACT;IACF,CAAA;EACF;AACA,SAAO;IAACJ,cAAcY;IAAqBpD,QAAQH,oBAAoBuD,oBAAoBpD,MAAM;EAAC;AACpG;AA3CgBsC;;;ADhHhB,SAASkB,WAAAA,gBAAiE;AAE1E,IAAMC,SAAQC,OAAM,uBAAA;AAOb,IAAMC,uBAAN,MAAMA;EAxBb,OAwBaA;;;EACFC;EACAC,SAAS;IAChBC,YAAY;MACVC,SAAS;QACP,GAAGF,OAAOG,kBAAkBF,WAAWC;QACvC,GAAGF,OAAOI,oBAAoBH,WAAWC;MAC3C;MACAH,SAAS;QACP,GAAGC,OAAOG,kBAAkBF,WAAWF;QACvC,GAAGC,OAAOI,oBAAoBH,WAAWF;MAC3C;IACF;EACF;EACQM;EAERC,YAAYC,SAAiD;AAC3D,SAAKF,UAAUE,QAAQF;AACvB,SAAKN,UAAU;MACbS,wBAAwB,KAAKA,uBAAuBC,KAAK,IAAI;MAC7DC,4BAA4B,KAAKA,2BAA2BD,KAAK,IAAI;MACrEE,kBAAkB,KAAKA,iBAAiBF,KAAK,IAAI;MACjDG,8BAA8B,KAAKA,6BAA6BH,KAAK,IAAI;MACzEI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACvD;EACF;EAEA,MAAMD,uBAAuBM,KAAkBC,SAAqD;AAClG,UAAMC,iBAA2B,CAAA;AACjC,UAAMC,OAAOH,IAAIG;AACjB,eAAWC,OAAOD,MAAM;AACtB,iBAAWE,UAAU,KAAKd,SAAS;AACjC,YAAIc,OAAOC,gBAAgBF,GAAAA,GAAM;AAC/BF,yBAAeK,KAAKF,OAAOG,mBAAkB,CAAA;QAC/C;MACF;IACF;AACA,WAAON;EACT;;EAGA,MAAMN,2BAA2Ba,MAAyCR,SAAmE;AAC3I,QAAI;MAAES;;IAAmE,IAAOD;AAChF,UAAM,EAAEE,YAAYN,QAAQO,IAAG,IAAKC,4BAA4BJ,IAAAA;AAEhE,QAAI;AACF,YAAMR,QAAQa,MAAMC,cAAc;QAAEf,KAAKK;MAAO,CAAA;IAClD,SAASW,GAAG;AACV,YAAM,IAAIC,MAAM,4EAA4ED,CAAAA,EAAG;IACjG;AACA,QAAI;AACF,qBAAeE,uBAAuB3B,SAAkC;AACtE,mBAAWc,WAAUd,SAAS;AAC5B,cAAIc,QAAOc,uBAAuB;YAAET;UAAY,CAAA,GAAI;AAClD,mBAAO,MAAML,QAAOT,2BAA2B;cAAE,GAAGa;cAAME;cAAYC;YAAI,GAAGX,OAAAA;UAC/E;QACF;AACA,cAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;MAEvJ;AATeJ;AAUf,YAAMK,uBAAuB,MAAML,uBAAuB,KAAK3B,OAAO;AACtE,aAAOgC;IACT,SAASC,OAAO;AACd1C,MAAAA,OAAM0C,KAAAA;AACN,aAAOC,QAAQC,OAAOF,KAAAA;IACxB;EACF;;EAGA,MAAM3B,iBAAiBY,MAA+BR,SAA4D;AAChH,QAAI;MAAEU;MAAYgB;;IAA4B,IAAOlB;AACrD,QAAImB;AACJ,QAAIC,qBAAgD;MAAEC,UAAU;IAAM;AAEtE,mBAAeC,wBAAwBxC,SAAkC;AACvE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUtB;QAAsC,CAAA,GAAI;AACrF,iBAAON,OAAOR,iBAAiBY,MAAMR,OAAAA;QACvC;MACF;AACA,aAAOwB,QAAQC,OACbT,MACE,iFAAiFiB,KAAKC,UAAU1B,KAAKE,WAAWyB,IAAI,CAAA,eAAgBC,SAAQ5B,KAAKE,WAAW2B,KAAK,IAAI,CAAA,GAAIF,IAAAA,eAAmB7C,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM,CAAA;IAGxP;AAXeS;AAYfF,yBAAqB,MAAME,wBAAwB,KAAKxC,OAAO;AAC/DqC,yBAA2CjB;AAE3C,QAAIgB,UAAUY,qBAAqB,SAAU,MAAMC,UAAUZ,oBAAoB3B,OAAAA,GAAkB;AACjG4B,2BAAqB;QACnBC,UAAU;QACVN,OAAO;UACLiB,SAAS;UACTC,WAAW;QACb;MACF;IACF;AAEA,WAAOb;EACT;;EAGA,MAAM/B,6BAA6BW,MAA2CR,SAAqE;AACjJ,UAAM,EAAES,YAAW,IAAKD;AACxB,UAAM,EAAEkC,aAAY,IAAKC,uBAAuBnC,IAAAA;AAEhD,QAAIoC;AAEJ,mBAAeC,0BAA0BvD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAOc,uBAAuB;UAAET;QAAY,CAAA,GAAI;AAClD,iBAAO,MAAML,OAAOP,6BAA6B;YAAE,GAAGW;YAAMkC;UAAa,GAAG1C,OAAAA;QAC9E;MACF;AACA,YAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;IAEvJ;AATewB;AAWfD,6BAAyB,MAAMC,0BAA0B,KAAKvD,OAAO;AACrE,WAAOsD;EACT;;EAGA,MAAM9C,mBAAmBU,MAAiCR,SAA4D;AACpH,QAAI;MAAE0C;;IAAgF,IAAOlC;AAC7F,mBAAesC,0BAA0BxD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUU;QAA0C,CAAA,GAAI;AACzF,iBAAOtC,OAAON,mBAAmBU,MAAMR,OAAAA;QACzC;MACF;AACA,YAAM,IAAIgB,MAAM,gEAAA;IAClB;AAPe8B;AAQf,UAAMC,SAAS,MAAMD,0BAA0B,KAAKxD,OAAO;AAC3D,WAAOyD;EACT;AACF;;;AElJA,IAAMC,mBAAmBC;","names":["AbstractMessageHandler","asArray","computeEntryHash","decodeCredentialToObject","extractIssuer","normalizeCredential","normalizePresentation","validateJwtCredentialPayload","validateJwtPresentationPayload","v4","uuidv4","Debug","debug","Debug","MessageTypes","vc","vp","W3cMessageHandler","AbstractMessageHandler","handle","message","context","meta","getLastMetaData","type","raw","data","validateJwtPresentationPayload","presentation","normalizePresentation","credentials","verifiableCredential","id","computeEntryHash","from","holder","to","verifier","tag","threadId","createdAt","issuanceDate","presentations","e","validateJwtCredentialPayload","credential","normalizeCredential","issuer","credentialSubject","result","agent","verifyCredential","verified","uuidv4","extractIssuer","Error","error","verifyPresentation","challenge","domain","asArray","map","decodeCredentialToObject","schema","Debug","isDefined","processEntryToArray","decodeJWT","addVcdmContextIfNeeded","isVcdm1Credential","isVcdm2Credential","VCDM_CREDENTIAL_CONTEXT_V1","VCDM_CREDENTIAL_CONTEXT_V2","extractIssuer","input","options","isDefined","payload","decodeJWT","split","iss","removeParameters","removeDIDParameters","e","issuer","holder","id","did","replace","pickSigningKey","identifier","keyRef","key","keys","find","k","type","Error","kid","isRevoked","credential","context","credentialStatus","agent","checkCredentialStatus","status","revoked","verified","preProcessCredentialPayload","now","Date","credentialContext","addVcdmContextIfNeeded","isVdcm1","isVcdm1Credential","isVdcm2","isVcdm2Credential","credentialType","processEntryToArray","issuanceDate","validFrom","toISOString","credentialPayload","preProcessPresentation","args","presentation","credentials","verifiableCredential","v1Credential","cred","includes","VCDM_CREDENTIAL_CONTEXT_V1","undefined","v2Credential","VCDM_CREDENTIAL_CONTEXT_V2","presentationContext","presentationType","presentationPayload","map","proof","jwt","asArray","debug","Debug","VcdmCredentialPlugin","methods","schema","components","schemas","ICredentialIssuer","ICredentialVerifier","issuers","constructor","options","listUsableProofFormats","bind","createVerifiableCredential","verifyCredential","createVerifiablePresentation","verifyPresentation","did","context","signingOptions","keys","key","issuer","matchKeyForType","push","getTypeProofFormat","args","proofFormat","credential","now","preProcessCredentialPayload","agent","didManagerGet","e","Error","findAndIssueCredential","canIssueCredentialType","map","i","join","verifiableCredential","error","Promise","reject","policies","verifiedCredential","verificationResult","verified","findAndVerifyCredential","canVerifyDocumentType","document","JSON","stringify","type","asArray","proof","credentialStatus","isRevoked","message","errorCode","presentation","preProcessPresentation","verifiablePresentation","findAndCreatePresentation","findAndVerifyPresentation","result","CredentialIssuer","VcdmCredentialPlugin"]}
+{"version":3,"sources":["../src/message-handler.ts","../src/vcdmCredentialPlugin.ts","../src/functions.ts","../src/index.ts"],"sourcesContent":["import type {\n  IAgentContext,\n  ICredentialVerifier,\n  IResolver,\n  VerifiableCredential,\n  VerifiablePresentation,\n} from '@veramo/core'\nimport { AbstractMessageHandler, Message } from '@veramo/message-handler'\nimport { asArray, computeEntryHash, decodeCredentialToObject, extractIssuer } from '@veramo/utils'\n\nimport {\n  normalizeCredential,\n  normalizePresentation,\n  validateJwtCredentialPayload,\n  validateJwtPresentationPayload,\n}// @ts-ignore\nfrom 'did-jwt-vc'\n\nimport { v4 as uuidv4 } from 'uuid'\nimport Debug from 'debug'\n\nconst debug = Debug('sphereon:vcdm:message-handler')\n\n/**\n * These types are used by `@veramo/data-store` when storing Verifiable Credentials and Presentations\n *\n * @internal\n */\nexport const MessageTypes = {\n  /** Represents a Verifiable Credential */\n  vc: 'w3c.vc',\n  /** Represents a Verifiable Presentation */\n  vp: 'w3c.vp',\n}\n\n/**\n * Represents the requirements that this plugin has.\n * The agent that is using this plugin is expected to provide these methods.\n *\n * This interface can be used for static type checks, to make sure your application is properly initialized.\n */\nexport type IContext = IAgentContext<IResolver & ICredentialVerifier>\n\n/**\n * An implementation of the {@link @veramo/message-handler#AbstractMessageHandler}.\n *\n * This plugin can handle incoming W3C Verifiable Credentials and Presentations and prepare them\n * for internal storage as {@link @veramo/message-handler#Message} types.\n *\n * The current version can only handle `JWT` encoded\n *\n * @remarks {@link @veramo/core#IDataStore | IDataStore }\n *\n * @public\n */\nexport class W3cMessageHandler extends AbstractMessageHandler {\n  async handle(message: Message, context: IContext): Promise<Message> {\n    const meta = message.getLastMetaData()\n\n    // console.log(JSON.stringify(message, null,  2))\n\n    //FIXME: messages should not be expected to be only JWT\n    if (meta?.type === 'JWT' && message.raw) {\n      const { data } = message\n\n      try {\n        validateJwtPresentationPayload(data)\n\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vp)\n        const presentation = normalizePresentation(message.raw)\n        const credentials = presentation.verifiableCredential\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = credentials\n\n        return message\n      } catch (e) {}\n\n      try {\n        validateJwtCredentialPayload(data)\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vc)\n        const credential = normalizeCredential(message.raw)\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vc\n        message.from = credential.issuer.id\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } catch (e) {}\n    }\n\n    // LDS Verification and Handling\n    if (message.type === MessageTypes.vc && message.data) {\n      // verify credential\n      const credential = message.data as VerifiableCredential\n\n      const result = await context.agent.verifyCredential({ credential })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vc\n        message.from = extractIssuer(credential)\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    if (message.type === MessageTypes.vp && message.data) {\n      // verify presentation\n      const presentation = message.data as VerifiablePresentation\n\n      // throws on error.\n      const result = await context.agent.verifyPresentation({\n        presentation,\n        // FIXME: HARDCODED CHALLENGE VERIFICATION FOR NOW\n        challenge: 'VERAMO',\n        domain: 'VERAMO',\n      })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        // message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        // message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = asArray(presentation.verifiableCredential).map(decodeCredentialToObject)\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    return super.handle(message, context)\n  }\n}\n","import type { IAgentPlugin, IIdentifier, IVerifyResult, VerifiableCredential } from '@veramo/core'\nimport { schema } from '@veramo/core'\n\nimport type {\n  ICreateVerifiableCredentialLDArgs,\n  ICreateVerifiablePresentationLDArgs,\n  IVcdmCredentialPlugin,\n  IVcdmCredentialProvider,\n  IVcdmIssuerAgentContext,\n  IVcdmVerifierAgentContext,\n  IVerifyCredentialLDArgs,\n  IVerifyPresentationLDArgs,\n} from './types'\nimport Debug from 'debug'\nimport { isRevoked, preProcessCredentialPayload, preProcessPresentation } from './functions'\nimport type { W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types'\nimport { asArray, VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\n\nconst debug = Debug('sphereon:ssi-sdk:vcdm')\n\n/**\n * A plugin that implements the {@link @sphereon/ssi-sdk.credential-vcdm#IVcdmCredentialPlugin} methods.\n *\n * @public\n */\nexport class VcdmCredentialPlugin implements IAgentPlugin {\n  readonly methods: IVcdmCredentialPlugin\n  readonly schema = {\n    components: {\n      schemas: {\n        ...schema.ICredentialIssuer.components.schemas,\n        ...schema.ICredentialVerifier.components.schemas,\n      },\n      methods: {\n        ...schema.ICredentialIssuer.components.methods,\n        ...schema.ICredentialVerifier.components.methods,\n      },\n    },\n  }\n  private issuers: IVcdmCredentialProvider[]\n\n  constructor(options: { issuers: IVcdmCredentialProvider[] }) {\n    this.issuers = options.issuers\n    this.methods = {\n      listUsableProofFormats: this.listUsableProofFormats.bind(this),\n      createVerifiableCredential: this.createVerifiableCredential.bind(this),\n      verifyCredential: this.verifyCredential.bind(this),\n      createVerifiablePresentation: this.createVerifiablePresentation.bind(this),\n      verifyPresentation: this.verifyPresentation.bind(this),\n    }\n  }\n\n  async listUsableProofFormats(did: IIdentifier, context: IVcdmIssuerAgentContext): Promise<string[]> {\n    const signingOptions: string[] = []\n    const keys = did.keys\n    for (const key of keys) {\n      for (const issuer of this.issuers) {\n        if (issuer.matchKeyForType(key)) {\n          signingOptions.push(issuer.getTypeProofFormat())\n        }\n      }\n    }\n    return signingOptions\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiableCredential} */\n  async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n    let { proofFormat /* keyRef, removeOriginalFields, now , ...otherOptions */ } = args\n    const { credential, issuer, now } = preProcessCredentialPayload(args)\n\n    try {\n      await context.agent.didManagerGet({ did: issuer })\n    } catch (e) {\n      throw new Error(`invalid_argument: credential.issuer must be a DID managed by this agent. ${e}`)\n    }\n    try {\n      async function findAndIssueCredential(issuers: IVcdmCredentialProvider[]) {\n        for (const issuer of issuers) {\n          if (issuer.canIssueCredentialType({ proofFormat })) {\n            return await issuer.createVerifiableCredential({ ...args, credential, now }, context)\n          }\n        }\n        throw new Error(\n          `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        )\n      }\n      const verifiableCredential = await findAndIssueCredential(this.issuers)\n      return verifiableCredential\n    } catch (error) {\n      debug(error)\n      return Promise.reject(error)\n    }\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyCredential} */\n  async verifyCredential(args: IVerifyCredentialLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { credential, policies /*, ...otherOptions*/ } = args\n    let verifiedCredential: VerifiableCredential\n    let verificationResult: IVerifyResult | undefined = { verified: false }\n\n    async function findAndVerifyCredential(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: credential as W3CVerifiableCredential })) {\n          return issuer.verifyCredential(args, context)\n        }\n      }\n      return Promise.reject(\n        Error(\n          `invalid_setup: No verifier found for the provided credential credential type: ${JSON.stringify(args.credential.type)} proof type ${asArray(args.credential.proof)?.[0]?.type} supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        ),\n      )\n    }\n    verificationResult = await findAndVerifyCredential(this.issuers)\n    verifiedCredential = <VerifiableCredential>credential\n\n    if (policies?.credentialStatus !== false && (await isRevoked(verifiedCredential, context as any))) {\n      verificationResult = {\n        verified: false,\n        error: {\n          message: 'revoked: The credential was revoked by the issuer',\n          errorCode: 'revoked',\n        },\n      }\n    }\n\n    return verificationResult\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiablePresentation} */\n  async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n    const { proofFormat } = args\n    const { presentation } = preProcessPresentation(args)\n\n    let verifiablePresentation: VerifiablePresentationSP\n\n    async function findAndCreatePresentation(issuers: IVcdmCredentialProvider[]) {\n      for (const issuer of issuers) {\n        if (issuer.canIssueCredentialType({ proofFormat })) {\n          return await issuer.createVerifiablePresentation({ ...args, presentation }, context)\n        }\n      }\n      throw new Error(\n        `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n      )\n    }\n\n    verifiablePresentation = await findAndCreatePresentation(this.issuers)\n    return verifiablePresentation\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyPresentation} */\n  async verifyPresentation(args: IVerifyPresentationLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { presentation /*domain, challenge, fetchRemoteContexts, policies, ...otherOptions*/ } = args\n    async function findAndVerifyPresentation(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: presentation as W3CVerifiablePresentation })) {\n          return issuer.verifyPresentation(args, context)\n        }\n      }\n      throw new Error('invalid_setup: No verifier found for the provided presentation')\n    }\n    const result = await findAndVerifyPresentation(this.issuers)\n    return result\n  }\n}\n","import type {\n  CredentialPayload,\n  IAgentContext,\n  ICredentialStatusVerifier,\n  IDIDManager,\n  IIdentifier,\n  IResolver,\n  IssuerType,\n  PresentationPayload,\n  VerifiableCredential,\n  W3CVerifiableCredential,\n  W3CVerifiablePresentation,\n} from '@veramo/core'\nimport { _ExtendedIKey, isDefined, processEntryToArray } from '@veramo/utils'\nimport { decodeJWT } from 'did-jwt'\nimport {\n  addVcdmContextIfNeeded,\n  isVcdm1Credential,\n  isVcdm2Credential,\n  VCDM_CREDENTIAL_CONTEXT_V1,\n  VCDM_CREDENTIAL_CONTEXT_V2,\n} from '@sphereon/ssi-types'\nimport { ICreateVerifiablePresentationLDArgs } from './types'\nimport { getKey } from '@sphereon/ssi-sdk-ext.did-utils'\n\n/**\n * Decodes a credential or presentation and returns the issuer ID\n * `iss` from a JWT or `issuer`/`issuer.id` from a VC or `holder` from a VP\n *\n * @param input - the credential or presentation whose issuer/holder needs to be extracted.\n * @param options - options for the extraction\n *   removeParameters - Remove all DID parameters from the issuer ID\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractIssuer(\n  input?: W3CVerifiableCredential | W3CVerifiablePresentation | CredentialPayload | PresentationPayload | null,\n  options: { removeParameters?: boolean } = {},\n): string {\n  if (!isDefined(input)) {\n    return ''\n  } else if (typeof input === 'string') {\n    // JWT\n    try {\n      const { payload } = decodeJWT(input.split(`~`)[0])\n      const iss = payload.iss ?? ''\n      return !!options.removeParameters ? removeDIDParameters(iss) : iss\n    } catch (e: any) {\n      return ''\n    }\n  } else {\n    // JSON\n    let iss: IssuerType\n    if (input.issuer) {\n      iss = input.issuer\n    } else if (input.holder) {\n      iss = input.holder\n    } else {\n      iss = ''\n    }\n    if (typeof iss !== 'string') iss = iss.id ?? ''\n    return !!options.removeParameters ? removeDIDParameters(iss) : iss\n  }\n}\n\n/**\n * Remove all DID parameters from a DID url after the query part (?)\n *\n * @param did - the DID URL\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function removeDIDParameters(did: string): string {\n  return did.replace(/\\?.*$/, '')\n}\n\nexport async function pickSigningKey(\n  { identifier, kmsKeyRef }: { identifier: IIdentifier; kmsKeyRef?: string },\n  context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n  const key = await getKey({ identifier, vmRelationship: 'assertionMethod', kmsKeyRef: kmsKeyRef }, context)\n  return key\n}\n\nexport async function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean> {\n  if (!credential.credentialStatus) return false\n\n  if (typeof context.agent.checkCredentialStatus === 'function') {\n    const status = await context.agent.checkCredentialStatus({ credential })\n    return status?.revoked == true || status?.verified === false\n  }\n\n  throw new Error(`invalid_setup: The credential status can't be verified because there is no ICredentialStatusVerifier plugin installed.`)\n}\n\nexport function preProcessCredentialPayload({ credential, now = new Date() }: { credential: CredentialPayload; now?: number | Date }) {\n  const credentialContext = addVcdmContextIfNeeded(credential?.['@context'])\n  const isVdcm1 = isVcdm1Credential(credential)\n  const isVdcm2 = isVcdm2Credential(credential)\n  const credentialType = processEntryToArray(credential?.type, 'VerifiableCredential')\n  let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  let expirationDate = credential?.validUntil ?? credential?.expirationDate\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const credentialPayload: CredentialPayload = {\n    ...credential,\n    '@context': credentialContext,\n    type: credentialType,\n    ...(isVdcm1 && { issuanceDate }),\n    ...(isVdcm1 && expirationDate && { expirationDate }),\n    ...(isVdcm2 && { validFrom: issuanceDate }),\n    ...(isVdcm2 && expirationDate && { validUntil: expirationDate }),\n  }\n  if (isVdcm1) {\n    delete credentialPayload.validFrom\n    delete credentialPayload.validUntil\n  } else if (isVdcm2) {\n    delete credentialPayload.issuanceDate\n    delete credentialPayload.expirationDate\n  }\n\n  // debug(JSON.stringify(credentialPayload))\n\n  const issuer = extractIssuer(credentialPayload, { removeParameters: true })\n  if (!issuer || typeof issuer === 'undefined') {\n    throw new Error('invalid_argument: args.credential.issuer must not be empty')\n  }\n  return { credential: credentialPayload, issuer, now }\n}\n\nexport function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs) {\n  const { presentation, now = new Date() } = args\n  const credentials = presentation?.verifiableCredential ?? []\n  const v1Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V1))\n    ? VCDM_CREDENTIAL_CONTEXT_V1\n    : undefined\n  const v2Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V2))\n    ? VCDM_CREDENTIAL_CONTEXT_V2\n    : undefined\n  const presentationContext = addVcdmContextIfNeeded(\n    args?.presentation?.['@context'] ?? [],\n    v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2,\n  )\n  const presentationType = processEntryToArray(args?.presentation?.type, 'VerifiablePresentation')\n\n  let issuanceDate = presentation?.validFrom ?? presentation?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const presentationPayload: PresentationPayload = {\n    ...presentation,\n    '@context': presentationContext,\n    type: presentationType,\n    ...(v1Credential && { issuanceDate }), // V1 only for JWT, but we remove it in the jsonld processor anyway\n    ...(v2Credential && { validFrom: issuanceDate }),\n  }\n  // Workaround for bug in TypeError: Cannot read property 'length' of undefined\n  //     at VeramoEd25519Signature2018.preSigningPresModification\n  /*if (!presentation.verifier) {\n        presentation.verifier = []\n      }*/\n\n  if (!isDefined(presentationPayload.holder) || !presentationPayload.holder) {\n    throw new Error('invalid_argument: args.presentation.holderDID must not be empty')\n  }\n  if (presentationPayload.verifiableCredential) {\n    presentationPayload.verifiableCredential = presentationPayload.verifiableCredential.map((cred) => {\n      // map JWT credentials to their canonical form\n      if (typeof cred !== 'string' && cred.proof.jwt) {\n        return cred.proof.jwt\n      } else {\n        return cred\n      }\n    })\n  }\n  return { presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder) }\n}\n","/**\n * Provides a {@link @veramo/credential-w3c#CredentialPlugin | plugin} for the {@link @veramo/core#Agent} that\n * implements\n * {@link @veramo/core#ICredentialIssuer} interface.\n *\n * Provides a {@link @veramo/credential-w3c#W3cMessageHandler | plugin} for the\n * {@link @veramo/message-handler#MessageHandler} that verifies Credentials and Presentations in a message.\n *\n * @packageDocumentation\n */\nexport type * from './types'\nexport { W3cMessageHandler, MessageTypes } from './message-handler'\nimport { VcdmCredentialPlugin } from './vcdmCredentialPlugin'\n\n/**\n * @deprecated please use {@link VcdmCredentialPlugin} instead\n * @public\n */\nconst CredentialIssuer = VcdmCredentialPlugin\nexport { CredentialIssuer, VcdmCredentialPlugin }\n\n// For backward compatibility, re-export the plugin types that were moved to core in v4\nexport type { ICredentialIssuer, ICredentialVerifier } from '@veramo/core'\n\nexport * from './functions'\n"],"mappings":";;;;AAOA,SAASA,8BAAuC;AAChD,SAASC,SAASC,kBAAkBC,0BAA0BC,qBAAqB;AAEnF,SACEC,qBACAC,uBACAC,8BACAC,sCAEG;AAEL,SAASC,MAAMC,cAAc;AAC7B,OAAOC,WAAW;AAElB,IAAMC,QAAQC,MAAM,+BAAA;AAOb,IAAMC,eAAe;;EAE1BC,IAAI;;EAEJC,IAAI;AACN;AAsBO,IAAMC,oBAAN,cAAgCC,uBAAAA;EAhDvC,OAgDuCA;;;EACrC,MAAMC,OAAOC,SAAkBC,SAAqC;AAClE,UAAMC,OAAOF,QAAQG,gBAAe;AAKpC,QAAID,MAAME,SAAS,SAASJ,QAAQK,KAAK;AACvC,YAAM,EAAEC,KAAI,IAAKN;AAEjB,UAAI;AACFO,uCAA+BD,IAAAA;AAG/Bd,cAAM,UAAUE,aAAaE,EAAE;AAC/B,cAAMY,eAAeC,sBAAsBT,QAAQK,GAAG;AACtD,cAAMK,cAAcF,aAAaG;AAEjCX,gBAAQY,KAAKC,iBAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAC5Bf,gBAAQgB,KAAKR,aAAaS,WAAW,CAAA;AAErC,YAAIT,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAEAlB,gBAAQoB,YAAYZ,aAAaa;AACjCrB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAcA;AAEtB,eAAOV;MACT,SAASuB,GAAG;MAAC;AAEb,UAAI;AACFC,qCAA6BlB,IAAAA;AAE7Bd,cAAM,UAAUE,aAAaC,EAAE;AAC/B,cAAM8B,aAAaC,oBAAoB1B,QAAQK,GAAG;AAElDL,gBAAQY,KAAKC,iBAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOW,WAAWE,OAAOf;AACjCZ,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,SAASuB,GAAG;MAAC;IACf;AAGA,QAAIvB,QAAQI,SAASV,aAAaC,MAAMK,QAAQM,MAAM;AAEpD,YAAMmB,aAAazB,QAAQM;AAE3B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMC,iBAAiB;QAAEN;MAAW,CAAA;AACjE,UAAII,OAAOG,UAAU;AACnBhC,gBAAQY,KAAKC,iBAAiBb,QAAQK,OAAOL,QAAQY,MAAMqB,OAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOoB,cAAcT,UAAAA;AAC7BzB,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,QAAIA,QAAQI,SAASV,aAAaE,MAAMI,QAAQM,MAAM;AAEpD,YAAME,eAAeR,QAAQM;AAG7B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMO,mBAAmB;QACpD7B;;QAEA8B,WAAW;QACXC,QAAQ;MACV,CAAA;AACA,UAAIV,OAAOG,UAAU;AACnBhC,gBAAQY,KAAKC,iBAAiBb,QAAQK,OAAOL,QAAQY,MAAMqB,OAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAG5B,YAAIP,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAGAlB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAc8B,QAAQhC,aAAaG,oBAAoB,EAAE8B,IAAIC,wBAAAA;AACrE,eAAO1C;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,WAAO,MAAMD,OAAOC,SAASC,OAAAA;EAC/B;AACF;;;ACrKA,SAAS0C,cAAc;AAYvB,OAAOC,YAAW;;;ACAlB,SAAwBC,WAAWC,2BAA2B;AAC9D,SAASC,iBAAiB;AAC1B,SACEC,wBACAC,mBACAC,mBACAC,4BACAC,kCACK;AAEP,SAASC,cAAc;AAYhB,SAASC,eACdC,OACAC,UAA0C,CAAC,GAAC;AAE5C,MAAI,CAACC,UAAUF,KAAAA,GAAQ;AACrB,WAAO;EACT,WAAW,OAAOA,UAAU,UAAU;AAEpC,QAAI;AACF,YAAM,EAAEG,QAAO,IAAKC,UAAUJ,MAAMK,MAAM,GAAG,EAAE,CAAA,CAAE;AACjD,YAAMC,MAAMH,QAAQG,OAAO;AAC3B,aAAO,CAAC,CAACL,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;IACjE,SAASG,GAAQ;AACf,aAAO;IACT;EACF,OAAO;AAEL,QAAIH;AACJ,QAAIN,MAAMU,QAAQ;AAChBJ,YAAMN,MAAMU;IACd,WAAWV,MAAMW,QAAQ;AACvBL,YAAMN,MAAMW;IACd,OAAO;AACLL,YAAM;IACR;AACA,QAAI,OAAOA,QAAQ,SAAUA,OAAMA,IAAIM,MAAM;AAC7C,WAAO,CAAC,CAACX,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;EACjE;AACF;AA5BgBP,OAAAA,gBAAAA;AAqCT,SAASS,oBAAoBK,KAAW;AAC7C,SAAOA,IAAIC,QAAQ,SAAS,EAAA;AAC9B;AAFgBN;AAIhB,eAAsBO,eACpB,EAAEC,YAAYC,UAAS,GACvBC,SAA+C;AAE/C,QAAMC,MAAM,MAAMC,OAAO;IAAEJ;IAAYK,gBAAgB;IAAmBJ;EAAqB,GAAGC,OAAAA;AAClG,SAAOC;AACT;AANsBJ;AAQtB,eAAsBO,UAAUC,YAAkCL,SAAiD;AACjH,MAAI,CAACK,WAAWC,iBAAkB,QAAO;AAEzC,MAAI,OAAON,QAAQO,MAAMC,0BAA0B,YAAY;AAC7D,UAAMC,SAAS,MAAMT,QAAQO,MAAMC,sBAAsB;MAAEH;IAAW,CAAA;AACtE,WAAOI,QAAQC,WAAW,QAAQD,QAAQE,aAAa;EACzD;AAEA,QAAM,IAAIC,MAAM,wHAAwH;AAC1I;AATsBR;AAWf,SAASS,4BAA4B,EAAER,YAAYS,MAAM,oBAAIC,KAAAA,EAAM,GAA0D;AAClI,QAAMC,oBAAoBC,uBAAuBZ,aAAa,UAAA,CAAW;AACzE,QAAMa,UAAUC,kBAAkBd,UAAAA;AAClC,QAAMe,UAAUC,kBAAkBhB,UAAAA;AAClC,QAAMiB,iBAAiBC,oBAAoBlB,YAAYmB,MAAM,sBAAA;AAC7D,MAAIC,eAAepB,YAAYqB,aAAarB,YAAYoB,iBAAiB,OAAOX,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKa,YAAW;AACnI,MAAIC,iBAAiBvB,YAAYwB,cAAcxB,YAAYuB;AAC3D,MAAIH,wBAAwBV,MAAM;AAChCU,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMG,oBAAuC;IAC3C,GAAGzB;IACH,YAAYW;IACZQ,MAAMF;IACN,GAAIJ,WAAW;MAAEO;IAAa;IAC9B,GAAIP,WAAWU,kBAAkB;MAAEA;IAAe;IAClD,GAAIR,WAAW;MAAEM,WAAWD;IAAa;IACzC,GAAIL,WAAWQ,kBAAkB;MAAEC,YAAYD;IAAe;EAChE;AACA,MAAIV,SAAS;AACX,WAAOY,kBAAkBJ;AACzB,WAAOI,kBAAkBD;EAC3B,WAAWT,SAAS;AAClB,WAAOU,kBAAkBL;AACzB,WAAOK,kBAAkBF;EAC3B;AAIA,QAAMpC,SAASX,eAAciD,mBAAmB;IAAEzC,kBAAkB;EAAK,CAAA;AACzE,MAAI,CAACG,UAAU,OAAOA,WAAW,aAAa;AAC5C,UAAM,IAAIoB,MAAM,4DAAA;EAClB;AACA,SAAO;IAAEP,YAAYyB;IAAmBtC;IAAQsB;EAAI;AACtD;AAlCgBD;AAoCT,SAASkB,uBAAuBC,MAAyC;AAC9E,QAAM,EAAEC,cAAcnB,MAAM,oBAAIC,KAAAA,EAAM,IAAKiB;AAC3C,QAAME,cAAcD,cAAcE,wBAAwB,CAAA;AAC1D,QAAMC,eAAeF,YAAYG,KAAK,CAACC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASC,0BAAAA,CAAAA,IAClGA,6BACAC;AACJ,QAAMC,eAAeR,YAAYG,KAAK,CAACC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASI,0BAAAA,CAAAA,IAClGA,6BACAF;AACJ,QAAMG,sBAAsB3B,uBAC1Be,MAAMC,eAAe,UAAA,KAAe,CAAA,GACpCS,gBAAgBN,gBAAgBO,0BAAAA;AAElC,QAAME,mBAAmBtB,oBAAoBS,MAAMC,cAAcT,MAAM,wBAAA;AAEvE,MAAIC,eAAeQ,cAAcP,aAAaO,cAAcR,iBAAiB,OAAOX,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKa,YAAW;AACvI,MAAIF,wBAAwBV,MAAM;AAChCU,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMmB,sBAA2C;IAC/C,GAAGb;IACH,YAAYW;IACZpB,MAAMqB;IACN,GAAIT,gBAAgB;MAAEX;IAAa;IACnC,GAAIiB,gBAAgB;MAAEhB,WAAWD;IAAa;EAChD;AAOA,MAAI,CAACzC,UAAU8D,oBAAoBrD,MAAM,KAAK,CAACqD,oBAAoBrD,QAAQ;AACzE,UAAM,IAAImB,MAAM,iEAAA;EAClB;AACA,MAAIkC,oBAAoBX,sBAAsB;AAC5CW,wBAAoBX,uBAAuBW,oBAAoBX,qBAAqBY,IAAI,CAACT,SAAAA;AAEvF,UAAI,OAAOA,SAAS,YAAYA,KAAKU,MAAMC,KAAK;AAC9C,eAAOX,KAAKU,MAAMC;MACpB,OAAO;AACL,eAAOX;MACT;IACF,CAAA;EACF;AACA,SAAO;IAAEL,cAAca;IAAqBrD,QAAQH,oBAAoBwD,oBAAoBrD,MAAM;EAAE;AACtG;AA9CgBsC;;;ADnHhB,SAASmB,WAAAA,gBAAiE;AAE1E,IAAMC,SAAQC,OAAM,uBAAA;AAOb,IAAMC,uBAAN,MAAMA;EAxBb,OAwBaA;;;EACFC;EACAC,SAAS;IAChBC,YAAY;MACVC,SAAS;QACP,GAAGF,OAAOG,kBAAkBF,WAAWC;QACvC,GAAGF,OAAOI,oBAAoBH,WAAWC;MAC3C;MACAH,SAAS;QACP,GAAGC,OAAOG,kBAAkBF,WAAWF;QACvC,GAAGC,OAAOI,oBAAoBH,WAAWF;MAC3C;IACF;EACF;EACQM;EAERC,YAAYC,SAAiD;AAC3D,SAAKF,UAAUE,QAAQF;AACvB,SAAKN,UAAU;MACbS,wBAAwB,KAAKA,uBAAuBC,KAAK,IAAI;MAC7DC,4BAA4B,KAAKA,2BAA2BD,KAAK,IAAI;MACrEE,kBAAkB,KAAKA,iBAAiBF,KAAK,IAAI;MACjDG,8BAA8B,KAAKA,6BAA6BH,KAAK,IAAI;MACzEI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACvD;EACF;EAEA,MAAMD,uBAAuBM,KAAkBC,SAAqD;AAClG,UAAMC,iBAA2B,CAAA;AACjC,UAAMC,OAAOH,IAAIG;AACjB,eAAWC,OAAOD,MAAM;AACtB,iBAAWE,UAAU,KAAKd,SAAS;AACjC,YAAIc,OAAOC,gBAAgBF,GAAAA,GAAM;AAC/BF,yBAAeK,KAAKF,OAAOG,mBAAkB,CAAA;QAC/C;MACF;IACF;AACA,WAAON;EACT;;EAGA,MAAMN,2BAA2Ba,MAAyCR,SAAmE;AAC3I,QAAI;MAAES;;IAAmE,IAAOD;AAChF,UAAM,EAAEE,YAAYN,QAAQO,IAAG,IAAKC,4BAA4BJ,IAAAA;AAEhE,QAAI;AACF,YAAMR,QAAQa,MAAMC,cAAc;QAAEf,KAAKK;MAAO,CAAA;IAClD,SAASW,GAAG;AACV,YAAM,IAAIC,MAAM,4EAA4ED,CAAAA,EAAG;IACjG;AACA,QAAI;AACF,qBAAeE,uBAAuB3B,SAAkC;AACtE,mBAAWc,WAAUd,SAAS;AAC5B,cAAIc,QAAOc,uBAAuB;YAAET;UAAY,CAAA,GAAI;AAClD,mBAAO,MAAML,QAAOT,2BAA2B;cAAE,GAAGa;cAAME;cAAYC;YAAI,GAAGX,OAAAA;UAC/E;QACF;AACA,cAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;MAEvJ;AATeJ;AAUf,YAAMK,uBAAuB,MAAML,uBAAuB,KAAK3B,OAAO;AACtE,aAAOgC;IACT,SAASC,OAAO;AACd1C,MAAAA,OAAM0C,KAAAA;AACN,aAAOC,QAAQC,OAAOF,KAAAA;IACxB;EACF;;EAGA,MAAM3B,iBAAiBY,MAA+BR,SAA4D;AAChH,QAAI;MAAEU;MAAYgB;;IAA4B,IAAOlB;AACrD,QAAImB;AACJ,QAAIC,qBAAgD;MAAEC,UAAU;IAAM;AAEtE,mBAAeC,wBAAwBxC,SAAkC;AACvE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUtB;QAAsC,CAAA,GAAI;AACrF,iBAAON,OAAOR,iBAAiBY,MAAMR,OAAAA;QACvC;MACF;AACA,aAAOwB,QAAQC,OACbT,MACE,iFAAiFiB,KAAKC,UAAU1B,KAAKE,WAAWyB,IAAI,CAAA,eAAgBC,SAAQ5B,KAAKE,WAAW2B,KAAK,IAAI,CAAA,GAAIF,IAAAA,eAAmB7C,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM,CAAA;IAGxP;AAXeS;AAYfF,yBAAqB,MAAME,wBAAwB,KAAKxC,OAAO;AAC/DqC,yBAA2CjB;AAE3C,QAAIgB,UAAUY,qBAAqB,SAAU,MAAMC,UAAUZ,oBAAoB3B,OAAAA,GAAkB;AACjG4B,2BAAqB;QACnBC,UAAU;QACVN,OAAO;UACLiB,SAAS;UACTC,WAAW;QACb;MACF;IACF;AAEA,WAAOb;EACT;;EAGA,MAAM/B,6BAA6BW,MAA2CR,SAAqE;AACjJ,UAAM,EAAES,YAAW,IAAKD;AACxB,UAAM,EAAEkC,aAAY,IAAKC,uBAAuBnC,IAAAA;AAEhD,QAAIoC;AAEJ,mBAAeC,0BAA0BvD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAOc,uBAAuB;UAAET;QAAY,CAAA,GAAI;AAClD,iBAAO,MAAML,OAAOP,6BAA6B;YAAE,GAAGW;YAAMkC;UAAa,GAAG1C,OAAAA;QAC9E;MACF;AACA,YAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BnB,QAAQ6B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;IAEvJ;AATewB;AAWfD,6BAAyB,MAAMC,0BAA0B,KAAKvD,OAAO;AACrE,WAAOsD;EACT;;EAGA,MAAM9C,mBAAmBU,MAAiCR,SAA4D;AACpH,QAAI;MAAE0C;;IAAgF,IAAOlC;AAC7F,mBAAesC,0BAA0BxD,SAAkC;AACzE,iBAAWc,UAAUd,SAAS;AAC5B,YAAIc,OAAO2B,sBAAsB;UAAEC,UAAUU;QAA0C,CAAA,GAAI;AACzF,iBAAOtC,OAAON,mBAAmBU,MAAMR,OAAAA;QACzC;MACF;AACA,YAAM,IAAIgB,MAAM,gEAAA;IAClB;AAPe8B;AAQf,UAAMC,SAAS,MAAMD,0BAA0B,KAAKxD,OAAO;AAC3D,WAAOyD;EACT;AACF;;;AElJA,IAAMC,mBAAmBC;","names":["AbstractMessageHandler","asArray","computeEntryHash","decodeCredentialToObject","extractIssuer","normalizeCredential","normalizePresentation","validateJwtCredentialPayload","validateJwtPresentationPayload","v4","uuidv4","Debug","debug","Debug","MessageTypes","vc","vp","W3cMessageHandler","AbstractMessageHandler","handle","message","context","meta","getLastMetaData","type","raw","data","validateJwtPresentationPayload","presentation","normalizePresentation","credentials","verifiableCredential","id","computeEntryHash","from","holder","to","verifier","tag","threadId","createdAt","issuanceDate","presentations","e","validateJwtCredentialPayload","credential","normalizeCredential","issuer","credentialSubject","result","agent","verifyCredential","verified","uuidv4","extractIssuer","Error","error","verifyPresentation","challenge","domain","asArray","map","decodeCredentialToObject","schema","Debug","isDefined","processEntryToArray","decodeJWT","addVcdmContextIfNeeded","isVcdm1Credential","isVcdm2Credential","VCDM_CREDENTIAL_CONTEXT_V1","VCDM_CREDENTIAL_CONTEXT_V2","getKey","extractIssuer","input","options","isDefined","payload","decodeJWT","split","iss","removeParameters","removeDIDParameters","e","issuer","holder","id","did","replace","pickSigningKey","identifier","kmsKeyRef","context","key","getKey","vmRelationship","isRevoked","credential","credentialStatus","agent","checkCredentialStatus","status","revoked","verified","Error","preProcessCredentialPayload","now","Date","credentialContext","addVcdmContextIfNeeded","isVdcm1","isVcdm1Credential","isVdcm2","isVcdm2Credential","credentialType","processEntryToArray","type","issuanceDate","validFrom","toISOString","expirationDate","validUntil","credentialPayload","preProcessPresentation","args","presentation","credentials","verifiableCredential","v1Credential","find","cred","includes","VCDM_CREDENTIAL_CONTEXT_V1","undefined","v2Credential","VCDM_CREDENTIAL_CONTEXT_V2","presentationContext","presentationType","presentationPayload","map","proof","jwt","asArray","debug","Debug","VcdmCredentialPlugin","methods","schema","components","schemas","ICredentialIssuer","ICredentialVerifier","issuers","constructor","options","listUsableProofFormats","bind","createVerifiableCredential","verifyCredential","createVerifiablePresentation","verifyPresentation","did","context","signingOptions","keys","key","issuer","matchKeyForType","push","getTypeProofFormat","args","proofFormat","credential","now","preProcessCredentialPayload","agent","didManagerGet","e","Error","findAndIssueCredential","canIssueCredentialType","map","i","join","verifiableCredential","error","Promise","reject","policies","verifiedCredential","verificationResult","verified","findAndVerifyCredential","canVerifyDocumentType","document","JSON","stringify","type","asArray","proof","credentialStatus","isRevoked","message","errorCode","presentation","preProcessPresentation","verifiablePresentation","findAndCreatePresentation","findAndVerifyPresentation","result","CredentialIssuer","VcdmCredentialPlugin"]}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@sphereon/ssi-sdk.credential-vcdm",
   "description": "Plugin for working with W3C Verifiable Credentials DataModel 1 and 2 Credentials & Presentations.",
-  "version": "0.33.1-feature.jose.vcdm.57+67da2083",
+  "version": "0.33.1-feature.jose.vcdm.59+5f24a990",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -28,10 +28,12 @@
     "generate-plugin-schema": "tsx ../../packages/dev/bin/sphereon.js dev generate-plugin-schema"
   },
   "dependencies": {
-    "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.jose.vcdm.57+67da2083",
-    "@sphereon/ssi-sdk.core": "0.33.1-feature.jose.vcdm.57+67da2083",
-    "@sphereon/ssi-sdk.vc-status-list": "0.33.1-feature.jose.vcdm.57+67da2083",
-    "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.57+67da2083",
+    "@sphereon/ssi-sdk-ext.did-utils": "workspace:*",
+    "@sphereon/ssi-sdk-ext.key-utils": "workspace:*",
+    "@sphereon/ssi-sdk.agent-config": "0.33.1-feature.jose.vcdm.59+5f24a990",
+    "@sphereon/ssi-sdk.core": "0.33.1-feature.jose.vcdm.59+5f24a990",
+    "@sphereon/ssi-sdk.vc-status-list": "0.33.1-feature.jose.vcdm.59+5f24a990",
+    "@sphereon/ssi-types": "0.33.1-feature.jose.vcdm.59+5f24a990",
     "@veramo/core": "4.2.0",
     "@veramo/message-handler": "4.2.0",
     "@veramo/utils": "4.2.0",
@@ -43,9 +45,9 @@
     "uuid": "^9.0.1"
   },
   "devDependencies": {
-    "@sphereon/ssi-sdk-ext.did-provider-key": "0.28.1-feature.jose.vcdm.20",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.28.1-feature.jose.vcdm.20",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.28.1-feature.jose.vcdm.20",
+    "@sphereon/ssi-sdk-ext.did-provider-key": "0.28.1-feature.jose.vcdm.25",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.28.1-feature.jose.vcdm.25",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.28.1-feature.jose.vcdm.25",
     "@types/debug": "4.1.8",
     "@types/uuid": "9.0.2",
     "@veramo/did-manager": "4.2.0",
@@ -89,5 +91,5 @@
     "node_modules",
     "src"
   ],
-  "gitHead": "67da2083bb6408f9896ad06e87688178ab3e2d31"
+  "gitHead": "5f24a9904d53b07534cdaf71f2874f8e64b4c845"
 }

package/src/__tests__/action-handler.test.ts

@@ -2,7 +2,7 @@ import { beforeAll, describe, expect, test } from 'vitest'
 
 import { CredentialPayload, ICredentialPlugin, IDIDManager, IIdentifier, IKeyManager, IResolver, PresentationPayload, TAgent } from '@veramo/core'
 import { VcdmCredentialPlugin } from '../vcdmCredentialPlugin'
-import { CredentialProviderJWT } from '../../../credential-jwt/src'
+import { CredentialProviderJWT } from '../../../credential-vcdm1-jwt-provider/src'
 
 import { getDidKeyResolver, SphereonKeyDidProvider } from '@sphereon/ssi-sdk-ext.did-provider-key'
 import { Resolver } from 'did-resolver'

package/src/__tests__/issue-verify-flow-w3c.test.ts

@@ -13,11 +13,11 @@ import {
   LdDefaultContexts,
   SphereonEcdsaSecp256k1RecoverySignature2020, SphereonEd25519Signature2018,
   SphereonEd25519Signature2020
-} from '../../../credential-jsonld/src'
+} from '../../../credential-vcdm-jsonld-provider/src'
 import { Resolver } from 'did-resolver'
 import { getResolver as ethrDidResolver } from 'ethr-did-resolver'
 
-import { CredentialProviderJWT } from '../../../credential-jwt/src'
+import { CredentialProviderJWT } from '../../../credential-vcdm1-jwt-provider/src'
 import { VerifiableCredentialSP } from '@sphereon/ssi-sdk.core'
 
 const customContext: Record<string, ContextDoc> = {

package/src/functions.ts

@@ -1,18 +1,27 @@
 import type {
   CredentialPayload,
-  IAgentContext, ICredentialStatusVerifier,
+  IAgentContext,
+  ICredentialStatusVerifier,
+  IDIDManager,
   IIdentifier,
-  IKey,
+  IResolver,
   IssuerType,
   PresentationPayload,
   VerifiableCredential,
   W3CVerifiableCredential,
-  W3CVerifiablePresentation
+  W3CVerifiablePresentation,
 } from '@veramo/core'
-import { isDefined, processEntryToArray } from '@veramo/utils'
+import { _ExtendedIKey, isDefined, processEntryToArray } from '@veramo/utils'
 import { decodeJWT } from 'did-jwt'
-import { addVcdmContextIfNeeded, isVcdm1Credential, isVcdm2Credential, VCDM_CREDENTIAL_CONTEXT_V1, VCDM_CREDENTIAL_CONTEXT_V2 } from '@sphereon/ssi-types'
+import {
+  addVcdmContextIfNeeded,
+  isVcdm1Credential,
+  isVcdm2Credential,
+  VCDM_CREDENTIAL_CONTEXT_V1,
+  VCDM_CREDENTIAL_CONTEXT_V2,
+} from '@sphereon/ssi-types'
 import { ICreateVerifiablePresentationLDArgs } from './types'
+import { getKey } from '@sphereon/ssi-sdk-ext.did-utils'
 
 /**
  * Decodes a credential or presentation and returns the issuer ID
@@ -25,13 +34,8 @@ import { ICreateVerifiablePresentationLDArgs } from './types'
  * @beta This API may change without a BREAKING CHANGE notice.
  */
 export function extractIssuer(
-  input?:
-    | W3CVerifiableCredential
-    | W3CVerifiablePresentation
-    | CredentialPayload
-    | PresentationPayload
-    | null,
-  options: { removeParameters?: boolean } = {}
+  input?: W3CVerifiableCredential | W3CVerifiablePresentation | CredentialPayload | PresentationPayload | null,
+  options: { removeParameters?: boolean } = {},
 ): string {
   if (!isDefined(input)) {
     return ''
@@ -59,7 +63,6 @@ export function extractIssuer(
   }
 }
 
-
 /**
  * Remove all DID parameters from a DID url after the query part (?)
  *
@@ -71,19 +74,12 @@ export function removeDIDParameters(did: string): string {
   return did.replace(/\?.*$/, '')
 }
 
-
-export function pickSigningKey(identifier: IIdentifier, keyRef?: string): IKey {
-  let key: IKey | undefined
-
-  if (!keyRef) {
-    key = identifier.keys.find((k) => k.type === 'Secp256k1' || k.type === 'Ed25519' || k.type === 'Secp256r1')
-    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did)
-  } else {
-    key = identifier.keys.find((k) => k.kid === keyRef)
-    if (!key) throw Error('key_not_found: No signing key for ' + identifier.did + ' with kid ' + keyRef)
-  }
-
-  return key as IKey
+export async function pickSigningKey(
+  { identifier, kmsKeyRef }: { identifier: IIdentifier; kmsKeyRef?: string },
+  context: IAgentContext<IResolver & IDIDManager>,
+): Promise<_ExtendedIKey> {
+  const key = await getKey({ identifier, vmRelationship: 'assertionMethod', kmsKeyRef: kmsKeyRef }, context)
+  return key
 }
 
 export async function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean> {
@@ -97,14 +93,13 @@ export async function isRevoked(credential: VerifiableCredential, context: IAgen
   throw new Error(`invalid_setup: The credential status can't be verified because there is no ICredentialStatusVerifier plugin installed.`)
 }
 
-
-
-export function preProcessCredentialPayload({credential, now = new Date()}: {credential: CredentialPayload, now?: number | Date}) {
+export function preProcessCredentialPayload({ credential, now = new Date() }: { credential: CredentialPayload; now?: number | Date }) {
   const credentialContext = addVcdmContextIfNeeded(credential?.['@context'])
   const isVdcm1 = isVcdm1Credential(credential)
   const isVdcm2 = isVcdm2Credential(credential)
   const credentialType = processEntryToArray(credential?.type, 'VerifiableCredential')
   let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()
+  let expirationDate = credential?.validUntil ?? credential?.expirationDate
   if (issuanceDate instanceof Date) {
     issuanceDate = issuanceDate.toISOString()
   }
@@ -113,19 +108,27 @@ export function preProcessCredentialPayload({credential, now = new Date()}: {cre
     '@context': credentialContext,
     type: credentialType,
     ...(isVdcm1 && { issuanceDate }),
+    ...(isVdcm1 && expirationDate && { expirationDate }),
     ...(isVdcm2 && { validFrom: issuanceDate }),
+    ...(isVdcm2 && expirationDate && { validUntil: expirationDate }),
+  }
+  if (isVdcm1) {
+    delete credentialPayload.validFrom
+    delete credentialPayload.validUntil
+  } else if (isVdcm2) {
+    delete credentialPayload.issuanceDate
+    delete credentialPayload.expirationDate
   }
 
   // debug(JSON.stringify(credentialPayload))
 
-  const issuer = extractIssuer(credentialPayload, {removeParameters: true})
+  const issuer = extractIssuer(credentialPayload, { removeParameters: true })
   if (!issuer || typeof issuer === 'undefined') {
     throw new Error('invalid_argument: args.credential.issuer must not be empty')
   }
   return { credential: credentialPayload, issuer, now }
 }
 
-
 export function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs) {
   const { presentation, now = new Date() } = args
   const credentials = presentation?.verifiableCredential ?? []
@@ -135,7 +138,10 @@ export function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs
   const v2Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V2))
     ? VCDM_CREDENTIAL_CONTEXT_V2
     : undefined
-  const presentationContext = addVcdmContextIfNeeded(args?.presentation?.['@context'] ?? [], v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2)
+  const presentationContext = addVcdmContextIfNeeded(
+    args?.presentation?.['@context'] ?? [],
+    v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2,
+  )
   const presentationType = processEntryToArray(args?.presentation?.type, 'VerifiablePresentation')
 
   let issuanceDate = presentation?.validFrom ?? presentation?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()
@@ -168,5 +174,5 @@ export function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs
       }
     })
   }
-  return {presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder)}
+  return { presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder) }
 }

package/src/types.ts

@@ -8,7 +8,7 @@ import type {
   IResolver,
   IVerifyResult,
   PresentationPayload,
-  VerificationPolicies,
+  VerificationPolicies
 } from '@veramo/core'
 
 import type { VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'