@sphereon/ssi-sdk.data-store 0.34.1-feature.SSISDK.78.306 → 0.34.1-feature.SSISDK.82.and.SSISDK.70.346

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.data-store",
-  "version": "0.34.1-feature.SSISDK.78.306+9aff176a",
+  "version": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -28,12 +28,12 @@
   "dependencies": {
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
     "@sphereon/pex": "5.0.0-unstable.28",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.SSISDK.78.306+9aff176a",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.78.306+9aff176a",
-    "@sphereon/ssi-sdk.agent-config": "0.34.1-feature.SSISDK.78.306+9aff176a",
-    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.78.306+9aff176a",
-    "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.SSISDK.78.306+9aff176a",
-    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.78.306+9aff176a",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
+    "@sphereon/ssi-sdk.agent-config": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
+    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
+    "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.82.and.SSISDK.70.346+6bddc62b",
     "@veramo/core": "4.2.0",
     "@veramo/utils": "4.2.0",
     "blakejs": "^1.2.1",
@@ -66,5 +66,5 @@
     "PostgreSQL",
     "Contact Store"
   ],
-  "gitHead": "9aff176afa613d6f69fb1ff33d4f6c8c7b811ffd"
+  "gitHead": "6bddc62b9e6c51c49ed95336ac485cde68ca8df0"
 }

package/src/__tests__/digitalCredential.store.test.ts

@@ -334,7 +334,7 @@ describe('Database entities tests', (): void => {
     expect(result).toEqual(false)
   })
 
-  it('should update stored digital credential', async (): Promise<void> => {
+  it('should update stored digital credential state', async (): Promise<void> => {
     const rawCredential: string =
       'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw'
     const digitalCredential: AddCredentialArgs = {
@@ -359,6 +359,121 @@ describe('Database entities tests', (): void => {
     expect(result.verifiedState).toEqual(CredentialStateType.VERIFIED)
   })
 
+  // Add these test cases to digitalCredential.store.test.ts after the existing update tests
+
+  it('should update digital credential fields', async (): Promise<void> => {
+    const rawCredential: string =
+      'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw'
+    const digitalCredential: AddCredentialArgs = {
+      rawDocument: rawCredential,
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+      tenantId: 'urn:uuid:nnag4b43-1e7a-98f8-a32c-a48dbc5b10mj',
+    }
+
+    const savedDigitalCredential: DigitalCredential = await digitalCredentialStore.addCredential(digitalCredential)
+
+    const result = await digitalCredentialStore.updateCredential({
+      id: savedDigitalCredential.id,
+      kmsKeyRef: 'newTestRef',
+      tenantId: 'urn:uuid:new-tenant-id',
+      linkedVpId: 'vp-123',
+    })
+
+    expect(result.kmsKeyRef).toEqual('newTestRef')
+    expect(result.tenantId).toEqual('urn:uuid:new-tenant-id')
+    expect(result.linkedVpId).toEqual('vp-123')
+    expect(result.id).toEqual(savedDigitalCredential.id)
+    expect(result.hash).toEqual(savedDigitalCredential.hash)
+    expect(result.createdAt).toEqual(savedDigitalCredential.createdAt)
+    expect(result.lastUpdatedAt.getTime()).toBeGreaterThan(savedDigitalCredential.lastUpdatedAt.getTime())
+  })
+
+  it('should update digital credential by hash', async (): Promise<void> => {
+    const rawCredential: string =
+      'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw'
+    const digitalCredential: AddCredentialArgs = {
+      rawDocument: rawCredential,
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+      tenantId: 'urn:uuid:nnag4b43-1e7a-98f8-a32c-a48dbc5b10mj',
+    }
+
+    const savedDigitalCredential: DigitalCredential = await digitalCredentialStore.addCredential(digitalCredential)
+
+    const result = await digitalCredentialStore.updateCredential({
+      hash: savedDigitalCredential.hash,
+      rpCorrelationId: 'did:example:rp',
+      rpCorrelationType: CredentialCorrelationType.DID,
+    })
+
+    expect(result.rpCorrelationId).toEqual('did:example:rp')
+    expect(result.rpCorrelationType).toEqual(CredentialCorrelationType.DID)
+    expect(result.hash).toEqual(savedDigitalCredential.hash)
+  })
+
+  it('should throw error when updating credential without id or hash', async (): Promise<void> => {
+    await expect(
+      digitalCredentialStore.updateCredential({
+        kmsKeyRef: 'newRef',
+      } as any),
+    ).rejects.toThrowError('No id or hash param is provided.')
+  })
+
+  it('should throw error when updating non-existent credential', async (): Promise<void> => {
+    await expect(
+      digitalCredentialStore.updateCredential({
+        id: 'non-existent-id',
+        kmsKeyRef: 'newRef',
+      }),
+    ).rejects.toThrowError('No credential found for args: {"id":"non-existent-id"}')
+  })
+
+  it('should preserve immutable fields when updating credential', async (): Promise<void> => {
+    const rawCredential: string =
+      'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw'
+    const digitalCredential: AddCredentialArgs = {
+      rawDocument: rawCredential,
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+      tenantId: 'urn:uuid:nnag4b43-1e7a-98f8-a32c-a48dbc5b10mj',
+    }
+
+    const savedDigitalCredential: DigitalCredential = await digitalCredentialStore.addCredential(digitalCredential)
+    const originalId = savedDigitalCredential.id
+    const originalHash = savedDigitalCredential.hash
+    const originalCreatedAt = savedDigitalCredential.createdAt
+
+    // Try to update with different id, hash, and createdAt - these should be ignored
+    const result = await digitalCredentialStore.updateCredential({
+      id: savedDigitalCredential.id,
+      kmsKeyRef: 'updatedRef',
+      hash: 'should-be-ignored' as any,
+    })
+
+    // Verify immutable fields remain unchanged
+    expect(result.id).toEqual(originalId)
+    expect(result.hash).toEqual(originalHash)
+    expect(result.createdAt).toEqual(originalCreatedAt)
+    // Verify mutable field was updated
+    expect(result.kmsKeyRef).toEqual('updatedRef')
+  })
+
   it('should throw exception on updating stored digital credential to revoked', async (): Promise<void> => {
     const rawCredential: string =
       'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw'

package/src/digitalCredential/DigitalCredentialStore.ts

@@ -8,13 +8,20 @@ import {
   GetCredentialsResponse,
   NonPersistedDigitalCredential,
   RemoveCredentialArgs,
+  UpdateCredentialArgs,
   UpdateCredentialStateArgs,
 } from '@sphereon/ssi-sdk.data-store-types'
 import { CredentialRole, OrPromise } from '@sphereon/ssi-types'
 import Debug from 'debug'
 import { DataSource, type FindOptionsOrder, type FindOptionsWhere, Repository } from 'typeorm'
 
-import { digitalCredentialFrom, digitalCredentialsFrom, nonPersistedDigitalCredentialEntityFromAddArgs } from '../../src'
+import {
+  digitalCredentialFrom,
+  digitalCredentialsFrom,
+  nonPersistedDigitalCredentialEntityFromAddArgs,
+  persistedDigitalCredentialEntityFromStateArgs,
+  persistedDigitalCredentialEntityFromUpdateArgs,
+} from '../../src'
 import { DigitalCredentialEntity } from '../entities/digitalCredential/DigitalCredentialEntity'
 import { parseAndValidateOrderOptions } from '../utils/SortingUtils'
 
@@ -37,7 +44,7 @@ export class DigitalCredentialStore extends AbstractDigitalCredentialStore {
       return Promise.reject(validationError)
     }
     const dcRepo = await this.getRepository()
-    const createdResult: DigitalCredentialEntity = await dcRepo.save(credentialEntity)
+    const createdResult: DigitalCredentialEntity = await dcRepo.save(credentialEntity as any)
     return Promise.resolve(digitalCredentialFrom(createdResult))
   }
 
@@ -72,6 +79,41 @@ export class DigitalCredentialStore extends AbstractDigitalCredentialStore {
     }
   }
 
+  updateCredential = async (args: UpdateCredentialArgs): Promise<DigitalCredential> => {
+    const dcRepo = await this.getRepository()
+    const whereClause: Record<string, any> = {}
+
+    if ('id' in args) {
+      whereClause.id = args.id
+    } else if ('hash' in args) {
+      whereClause.hash = args.hash
+    } else {
+      return Promise.reject(Error('No id or hash param is provided.'))
+    }
+
+    const credential: DigitalCredentialEntity | null = await dcRepo.findOne({
+      where: whereClause,
+    })
+
+    if (!credential) {
+      return Promise.reject(Error(`No credential found for args: ${JSON.stringify(whereClause)}`))
+    }
+
+    // Extract updates by removing the identifier fields
+    const updates = Object.fromEntries(Object.entries(args).filter(([key]) => key !== 'id' && key !== 'hash')) as Partial<DigitalCredential>
+
+    const entityToSave = persistedDigitalCredentialEntityFromUpdateArgs(credential, updates)
+
+    const validationError = this.assertValidDigitalCredential(entityToSave)
+    if (validationError) {
+      return Promise.reject(validationError)
+    }
+
+    debug('Updating credential', entityToSave)
+    const updatedResult = await dcRepo.save(entityToSave as any, { transaction: true })
+    return digitalCredentialFrom(updatedResult)
+  }
+
   removeCredential = async (args: RemoveCredentialArgs): Promise<boolean> => {
     if (!args) {
       return false
@@ -147,20 +189,16 @@ export class DigitalCredentialStore extends AbstractDigitalCredentialStore {
     if (!credential) {
       return Promise.reject(Error(`No credential found for args: ${JSON.stringify(whereClause)}`))
     }
-    const updatedCredential: DigitalCredential = {
-      ...credential,
-      ...(args.verifiedState !== CredentialStateType.REVOKED && { verifiedAt: args.verifiedAt }),
-      ...(args.verifiedState === CredentialStateType.REVOKED && { revokedAt: args.revokedAt }),
-      identifierMethod: credential.identifierMethod,
-      lastUpdatedAt: new Date(),
-      verifiedState: args.verifiedState,
-    }
-    debug('Updating credential', credential)
-    const updatedResult: DigitalCredentialEntity = await credentialRepository.save(updatedCredential, { transaction: true })
+
+    // Create entity with state updates applied
+    const entityToSave = persistedDigitalCredentialEntityFromStateArgs(credential, args)
+
+    debug('Updating credential state', entityToSave)
+    const updatedResult: DigitalCredentialEntity = await credentialRepository.save(entityToSave as any, { transaction: true })
     return digitalCredentialFrom(updatedResult)
   }
 
-  private assertValidDigitalCredential(credentialEntity: NonPersistedDigitalCredential): Error | undefined {
+  private assertValidDigitalCredential(credentialEntity: NonPersistedDigitalCredential | DigitalCredentialEntity): Error | undefined {
     const { kmsKeyRef, identifierMethod, credentialRole, isIssuerSigned } = credentialEntity
 
     const isRoleInvalid = credentialRole === CredentialRole.ISSUER || (credentialRole === CredentialRole.HOLDER && !isIssuerSigned)

package/src/entities/digitalCredential/DigitalCredentialEntity.ts

@@ -76,6 +76,12 @@ export class DigitalCredentialEntity extends BaseEntity implements DigitalCreden
   @Column('text', { name: 'tenant_id', nullable: true })
   tenantId?: string
 
+  @Column('text', { name: 'linked_vp_id', nullable: true })
+  linkedVpId?: string
+
+  @CreateDateColumn({ name: 'linked_vp_from', nullable: true, type: typeOrmDateTime() })
+  linkedVpFrom?: Date
+
   @CreateDateColumn({ name: 'created_at', nullable: false, type: typeOrmDateTime() })
   createdAt!: Date
 

package/src/migrations/generic/14-AddLinkedVpFields.ts

@@ -0,0 +1,66 @@
+import Debug, { Debugger } from 'debug'
+import { DatabaseType, MigrationInterface, QueryRunner } from 'typeorm'
+import { AddLinkedVpFields1763387280001 } from '../postgres/1763387280001-AddLinkedVpFields'
+import { AddLinkedVpFields1763387280002 } from '../sqlite/1763387280002-AddLinkedVpFields'
+
+const debug: Debugger = Debug('sphereon:ssi-sdk:migrations')
+
+export class AddLinkedVpFields1763387280000 implements MigrationInterface {
+  name: string = 'AddLinkedVpFields1763387280000'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    debug('migration: adding linked VP fields to DigitalCredential table')
+    const dbType: DatabaseType = queryRunner.connection.driver.options.type
+
+    switch (dbType) {
+      case 'postgres': {
+        debug('using postgres migration file for AddLinkedVpFields')
+        const mig: AddLinkedVpFields1763387280001 = new AddLinkedVpFields1763387280001()
+        await mig.up(queryRunner)
+        debug('Postgres migration statements for AddLinkedVpFields executed')
+        return
+      }
+      case 'sqlite':
+      case 'expo':
+      case 'react-native': {
+        debug('using sqlite/react-native migration file for AddLinkedVpFields')
+        const mig: AddLinkedVpFields1763387280002 = new AddLinkedVpFields1763387280002()
+        await mig.up(queryRunner)
+        debug('SQLite migration statements for AddLinkedVpFields executed')
+        return
+      }
+      default:
+        return Promise.reject(
+          `Migrations are currently only supported for sqlite, react-native, expo, and postgres for AddLinkedVpFields. Was ${dbType}. Please run your database without migrations and with 'migrationsRun: false' and 'synchronize: true' for now`,
+        )
+    }
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    debug('migration: reverting linked VP fields from DigitalCredential table')
+    const dbType: DatabaseType = queryRunner.connection.driver.options.type
+
+    switch (dbType) {
+      case 'postgres': {
+        debug('using postgres migration file for AddLinkedVpFields')
+        const mig: AddLinkedVpFields1763387280001 = new AddLinkedVpFields1763387280001()
+        await mig.down(queryRunner)
+        debug('Postgres migration statements for AddLinkedVpFields reverted')
+        return
+      }
+      case 'sqlite':
+      case 'expo':
+      case 'react-native': {
+        debug('using sqlite/react-native migration file for AddLinkedVpFields')
+        const mig: AddLinkedVpFields1763387280002 = new AddLinkedVpFields1763387280002()
+        await mig.down(queryRunner)
+        debug('SQLite migration statements for AddLinkedVpFields reverted')
+        return
+      }
+      default:
+        return Promise.reject(
+          `Migrations are currently only supported for sqlite, react-native, expo, and postgres for AddLinkedVpFields. Was ${dbType}. Please run your database without migrations and with 'migrationsRun: false' and 'synchronize: true' for now`,
+        )
+    }
+  }
+}

package/src/migrations/generic/index.ts

@@ -3,6 +3,7 @@ import { CreatePresentationDefinitions1716533767523 } from './10-CreatePresentat
 import { FixCredentialClaimsReferencesUuid1741895822987 } from './11-FixCredentialClaimsReferenceUuid'
 import { AddBitstringStatusListEnum1741895823000, CreateBitstringStatusList1741895823000 } from './12-CreateBitstringStatusList'
 import { CreateDcqlQueryItem1726617600000 } from './13-CreateDcqlQueryItem'
+import { AddLinkedVpFields1763387280000 } from './14-AddLinkedVpFields'
 import { CreateIssuanceBranding1659463079429 } from './2-CreateIssuanceBranding'
 import { CreateContacts1690925872318 } from './3-CreateContacts'
 import { CreateStatusList1693866470000 } from './4-CreateStatusList'
@@ -34,7 +35,7 @@ export const DataStoreStatusListMigrations = [
   CreateBitstringStatusList1741895823000,
 ]
 export const DataStoreEventLoggerMigrations = [CreateAuditEvents1701635835330]
-export const DataStoreDigitalCredentialMigrations = [CreateDigitalCredential1708525189000]
+export const DataStoreDigitalCredentialMigrations = [CreateDigitalCredential1708525189000, AddLinkedVpFields1763387280000]
 export const DataStoreMachineStateMigrations = [CreateMachineStateStore1708098041262]
 export const DataStorePresentationDefinitionMigrations = [CreatePresentationDefinitions1716533767523, CreateDcqlQueryItem1726617600000]
 

package/src/migrations/postgres/1763387280001-AddLinkedVpFields.ts

@@ -0,0 +1,29 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddLinkedVpFields1763387280001 implements MigrationInterface {
+  name = 'AddLinkedVpFields1763387280001'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      ADD COLUMN "linked_vp_id" text
+    `)
+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      ADD COLUMN "linked_vp_from" TIMESTAMP
+    `)
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      DROP COLUMN "linked_vp_from"
+    `)
+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      DROP COLUMN "linked_vp_id"
+    `)
+  }
+}

package/src/migrations/sqlite/1763387280002-AddLinkedVpFields.ts

@@ -0,0 +1,32 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+export class AddLinkedVpFields1763387280002 implements MigrationInterface {
+  name = 'AddLinkedVpFields1763387280002'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      ADD COLUMN "linked_vp_id" text
+    `)
+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      ADD COLUMN "linked_vp_from" datetime
+    `)
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    // SQLite doesn't support DROP COLUMN in older versions
+    // For production, you may need to recreate the table
+    // For now, we'll try the direct approach which works in SQLite 3.35.0+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      DROP COLUMN "linked_vp_from"
+    `)
+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      DROP COLUMN "linked_vp_id"
+    `)
+  }
+}

package/src/utils/digitalCredential/MappingUtils.ts

@@ -1,6 +1,11 @@
 import { defaultHasher } from '@sphereon/ssi-sdk.core'
-import type { AddCredentialArgs, DigitalCredential, NonPersistedDigitalCredential } from '@sphereon/ssi-sdk.data-store-types'
-import { CredentialDocumentFormat, DocumentType, RegulationType } from '@sphereon/ssi-sdk.data-store-types'
+import type {
+  AddCredentialArgs,
+  DigitalCredential,
+  NonPersistedDigitalCredential,
+  UpdateCredentialStateArgs,
+} from '@sphereon/ssi-sdk.data-store-types'
+import { CredentialDocumentFormat, CredentialStateType, DocumentType, RegulationType } from '@sphereon/ssi-sdk.data-store-types'
 import {
   CredentialMapper,
   DocumentFormat,
@@ -66,6 +71,20 @@ function determineCredentialDocumentFormat(documentFormat: DocumentFormat): Cred
   }
 }
 
+/**
+ * Normalizes nullable fields by converting undefined to null.
+ * This ensures TypeORM actually clears the database fields instead of ignoring them.
+ */
+export function normalizeNullableFields<T extends Record<string, any>>(obj: T, nullableKeys: Array<keyof T>): T {
+  const normalized = { ...obj }
+  for (const key of nullableKeys) {
+    if (normalized[key] === undefined) {
+      normalized[key] = null as any
+    }
+  }
+  return normalized
+}
+
 function getValidUntil(uniformDocument: IVerifiableCredential | IVerifiablePresentation | SdJwtDecodedVerifiableCredentialPayload): Date | undefined {
   if ('expirationDate' in uniformDocument && uniformDocument.expirationDate) {
     return new Date(uniformDocument.expirationDate)
@@ -127,6 +146,54 @@ export const nonPersistedDigitalCredentialEntityFromAddArgs = (addCredentialArgs
   }
 }
 
+export const persistedDigitalCredentialEntityFromUpdateArgs = (
+  existingCredential: DigitalCredentialEntity,
+  updates: Partial<DigitalCredential>,
+): DigitalCredentialEntity => {
+  const entity = new DigitalCredentialEntity()
+
+  // Copy all fields from existing credential
+  Object.assign(entity, existingCredential)
+
+  // Normalize nullable fields before applying updates
+  const normalizedUpdates = normalizeNullableFields(updates, ['linkedVpId', 'linkedVpFrom'])
+
+  // Apply updates
+  Object.assign(entity, normalizedUpdates)
+
+  // Ensure these fields are never overwritten
+  entity.id = existingCredential.id
+  entity.hash = existingCredential.hash
+  entity.createdAt = existingCredential.createdAt
+  entity.lastUpdatedAt = new Date()
+
+  return entity
+}
+
+export const persistedDigitalCredentialEntityFromStateArgs = (
+  existingCredential: DigitalCredentialEntity,
+  args: UpdateCredentialStateArgs,
+): DigitalCredentialEntity => {
+  const entity = new DigitalCredentialEntity()
+
+  // Copy all fields from existing credential
+  Object.assign(entity, existingCredential)
+
+  // Apply state updates
+  entity.verifiedState = args.verifiedState
+  entity.lastUpdatedAt = new Date()
+
+  if (args.verifiedState === CredentialStateType.REVOKED && args.revokedAt) {
+    entity.revokedAt = args.revokedAt
+  }
+
+  if (args.verifiedState !== CredentialStateType.REVOKED && args.verifiedAt) {
+    entity.verifiedAt = args.verifiedAt
+  }
+
+  return entity
+}
+
 export const digitalCredentialFrom = (credentialEntity: DigitalCredentialEntity): DigitalCredential => {
   const result: DigitalCredential = {
     ...credentialEntity,