npm - @sphereon/ssi-sdk.linked-vp - Versions diffs - 0.34.1-feature.SSISDK.82.and.SSISDK.70.345 - Mend

@sphereon/ssi-sdk.linked-vp 0.34.1-feature.SSISDK.82.and.SSISDK.70.345

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/LICENSE +201 -0
package/dist/index.cjs +535 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +448 -0
package/dist/index.d.ts +448 -0
package/dist/index.js +514 -0
package/dist/index.js.map +1 -0
package/package.json +81 -0
package/plugin.schema.json +183 -0
package/src/__tests__/localAgent.test.ts +95 -0
package/src/__tests__/shared/linkedVPManagerAgentLogic.ts +180 -0
package/src/agent/LinkedVPManager.ts +240 -0
package/src/index.ts +7 -0
package/src/services/LinkedVPService.ts +150 -0
package/src/types/ILinkedVPManager.ts +90 -0
package/src/types/index.ts +1 -0

package/src/index.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * @public
+ */
+import schema from '../plugin.schema.json'
+export { schema }
+export { LinkedVPManager, linkedVPManagerMethods } from './agent/LinkedVPManager'
+export * from './types/ILinkedVPManager'

package/src/services/LinkedVPService.ts ADDED Viewed

@@ -0,0 +1,150 @@
+import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
+import { calculateSdHash, defaultGenerateDigest, PartialSdJwtKbJwt } from '@sphereon/ssi-sdk.sd-jwt'
+import {
+  CredentialMapper,
+  DocumentFormat,
+  Loggers,
+  OriginalVerifiableCredential,
+  SdJwtDecodedVerifiableCredential,
+  WrappedVerifiableCredential,
+} from '@sphereon/ssi-types'
+import { LinkedVPPresentation, LOGGER_NAMESPACE, RequiredContext } from '../types'
+const logger = Loggers.DEFAULT.get(LOGGER_NAMESPACE)
+const CLOCK_SKEW = 120 // TODO make adjustable?
+/**
+ * Extracts the original credential from various wrapper types
+ */
+function extractOriginalCredential(
+  credential: UniqueDigitalCredential | WrappedVerifiableCredential | OriginalVerifiableCredential,
+): OriginalVerifiableCredential {
+  if (typeof credential === 'string') {
+    return credential
+  }
+  if ('digitalCredential' in credential) {
+    const udc = credential as UniqueDigitalCredential
+    if (udc.originalVerifiableCredential) {
+      return udc.originalVerifiableCredential
+    }
+    return udc.uniformVerifiableCredential as OriginalVerifiableCredential
+  }
+  if ('original' in credential) {
+    return credential.original
+  }
+  return credential as OriginalVerifiableCredential
+}
+/**
+ * Creates a Verifiable Presentation for LinkedVP publishing
+ * Contains multiple credentials in a single JWT VP
+ * No nonce or audience since this is for publishing, not responding to verification
+ */
+export async function createLinkedVPPresentation(
+  holderDid: string,
+  credential: UniqueDigitalCredential,
+  agent: RequiredContext['agent'],
+): Promise<LinkedVPPresentation> {
+  logger.debug(`Creating LinkedVP presentation for ${holderDid} of credential ${credential.id}`)
+  const identifier = await agent.identifierManagedGet({ identifier: holderDid })
+  const originalCredential = extractOriginalCredential(credential)
+  const documentFormat = CredentialMapper.detectDocumentType(originalCredential)
+  switch (documentFormat) {
+    case DocumentFormat.SD_JWT_VC: {
+      // SD-JWT with KB-JWT
+      const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(
+        typeof originalCredential === 'string' ? originalCredential : (originalCredential as SdJwtDecodedVerifiableCredential).compactSdJwtVc,
+        defaultGenerateDigest,
+      )
+      const hashAlg = decodedSdJwt.signedPayload._sd_alg ?? 'sha-256'
+      const sdHash = calculateSdHash(decodedSdJwt.compactSdJwtVc, hashAlg, defaultGenerateDigest)
+      const kbJwtPayload: PartialSdJwtKbJwt['payload'] = {
+        iat: Math.floor(Date.now() / 1000 - CLOCK_SKEW),
+        sd_hash: sdHash,
+      }
+      const presentationResult = await agent.createSdJwtPresentation({
+        presentation: decodedSdJwt.compactSdJwtVc,
+        kb: {
+          payload: kbJwtPayload as any, // FIXME?
+        },
+      })
+      return {
+        documentFormat,
+        presentationPayload: presentationResult.presentation,
+      }
+    }
+    case DocumentFormat.JSONLD: {
+      // JSON-LD VC - create JSON-LD VP with challenge and domain in proof
+      const vcObject = typeof originalCredential === 'string' ? JSON.parse(originalCredential) : originalCredential
+      const vpObject = {
+        '@context': ['https://www.w3.org/2018/credentials/v1'],
+        type: ['VerifiablePresentation'],
+        verifiableCredential: [vcObject],
+        holder: holderDid,
+      }
+      // Create JSON-LD VP with proof
+      const verifiablePresentationSP = await agent.createVerifiablePresentation({
+        presentation: vpObject,
+        proofFormat: 'lds',
+        keyRef: identifier.kmsKeyRef || identifier.kid,
+      })
+      return {
+        documentFormat,
+        presentationPayload: verifiablePresentationSP,
+      }
+    }
+    case DocumentFormat.MSO_MDOC: {
+      // ISO mdoc - create mdoc VP token
+      // This is a placeholder implementation
+      // Full implementation would require:
+      // 1. Decode the mdoc using CredentialMapper or mdoc utilities
+      // 2. Build proper mdoc VP token with session transcript
+      // 3. Include nonce/audience in the session transcript
+      logger.warning('mso_mdoc format has basic support - production use requires proper mdoc VP token implementation')
+      return {
+        documentFormat,
+        presentationPayload: originalCredential,
+      }
+    }
+    default: {
+      // JWT VC - create JWT VP with nonce and aud in payload
+      const vcJwt = typeof originalCredential === 'string' ? originalCredential : JSON.stringify(originalCredential)
+      // Create VP JWT using agent method
+      const vpPayload = {
+        iss: holderDid,
+        vp: {
+          '@context': ['https://www.w3.org/2018/credentials/v1'],
+          type: ['VerifiablePresentation'],
+          holder: holderDid,
+          verifiableCredential: [vcJwt],
+        },
+        iat: Math.floor(Date.now() / 1000 - CLOCK_SKEW),
+        exp: Math.floor(Date.now() / 1000 + 600 + CLOCK_SKEW), // 10 minutes
+      }
+      // Use the agent's JWT creation capability
+      const vpJwt = await agent.createVerifiablePresentation({
+        presentation: vpPayload.vp,
+        proofFormat: 'jwt',
+        keyRef: identifier.kmsKeyRef || identifier.kid,
+      })
+      return {
+        documentFormat,
+        presentationPayload: (vpJwt.proof && 'jwt' in vpJwt.proof && vpJwt.proof.jwt) || vpJwt,
+      }
+    }
+  }
+}

package/src/types/ILinkedVPManager.ts ADDED Viewed

@@ -0,0 +1,90 @@
+import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
+import { ICredentialStore } from '@sphereon/ssi-sdk.credential-store'
+import { VcdmCredentialPlugin } from '@sphereon/ssi-sdk.credential-vcdm'
+import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
+import { DocumentFormat } from '@sphereon/ssi-types'
+import { IAgentContext, IPluginMethodMap } from '@veramo/core'
+import { IKeyManager } from '@veramo/core/src/types/IKeyManager'
+export const LOGGER_NAMESPACE = 'sphereon:linked-vp'
+export type LinkedVPPresentation = {
+  documentFormat: DocumentFormat
+  presentationPayload: string | Record<string, any>
+}
+export interface ILinkedVPManager extends IPluginMethodMap {
+  /**
+   * Publish a credential as a LinkedVP by adding it to the holder's DID Document
+   * @param args - Publication arguments including credential ID and scope configuration
+   * @param context - Agent context
+   */
+  lvpPublishCredential(args: PublishCredentialArgs, context: RequiredContext): Promise<LinkedVPEntry>
+  /**
+   * Unpublish a credential by removing its LinkedVP entry from the DID Document
+   * @param args - Unpublish arguments
+   * @param context - Agent context
+   */
+  lvpUnpublishCredential(args: UnpublishCredentialArgs, context: RequiredContext): Promise<boolean>
+  /**
+   * Check if a LinkedVP entry exists by linkedVpId
+   * @param args - Query arguments
+   * @param context - Agent context
+   */
+  lvpHasEntry(args: HasLinkedVPEntryArgs, context: RequiredContext): Promise<boolean>
+  /**
+   * Get LinkedVP service entries for a DID to be added to a DID Document
+   * This is useful when generating DID Documents with toDidDocument
+   * @param args - Query arguments for the DID
+   * @param context - Agent context
+   */
+  lvpGetServiceEntries(args: GetServiceEntriesArgs, context: RequiredContext): Promise<Array<LinkedVPServiceEntry>>
+  /**
+   * Generate and return a Verifiable Presentation for a published LinkedVP
+   * This is the main endpoint handler for GET /linked-vp/{linkedVpId}
+   * @param args - Generation arguments
+   * @param context - Agent context
+   */
+  lvpGeneratePresentation(args: GeneratePresentationArgs, context: RequiredContext): Promise<LinkedVPPresentation>
+}
+export type PublishCredentialArgs = {
+  digitalCredentialId: string
+  linkedVpId?: string // Optional: if not provided, will be auto-generated
+}
+export type UnpublishCredentialArgs = {
+  linkedVpId: string
+}
+export type HasLinkedVPEntryArgs = {
+  linkedVpId: string
+}
+export type GetServiceEntriesArgs = {
+  tenantId?: string
+}
+export type GeneratePresentationArgs = {
+  linkedVpId: string
+}
+export type LinkedVPEntry = {
+  id: string
+  linkedVpId: string
+  linkedVpFrom?: Date
+  tenantId?: string
+  createdAt: Date
+}
+export type LinkedVPServiceEntry = {
+  id: string
+  type: 'LinkedVerifiablePresentation'
+  serviceEndpoint: string
+}
+export type RequiredContext = IAgentContext<IIdentifierResolution & ICredentialStore & IKeyManager & VcdmCredentialPlugin & ISDJwtPlugin>

package/src/types/index.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from './ILinkedVPManager'