@sphereon/ssi-sdk.oid4vci-holder 0.32.1-next.54 → 0.33.0

package/src/services/OID4VCIHolderService.ts

@@ -10,7 +10,7 @@ import {
   getTypesFromObject,
   MetadataDisplay,
   OpenId4VCIVersion,
-  AuthorizationChallengeCodeResponse
+  AuthorizationChallengeCodeResponse,
 } from '@sphereon/oid4vci-common'
 import { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'
 import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
@@ -26,6 +26,7 @@ import { keyTypeFromCryptographicSuite } from '@sphereon/ssi-sdk-ext.key-utils'
 import { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
 import {
   CredentialMapper,
+  Hasher,
   IVerifiableCredential,
   JoseSignatureAlgorithm,
   JoseSignatureAlgorithmString,
@@ -58,15 +59,12 @@ import {
   VerificationResult,
   VerifyCredentialToAcceptArgs,
   StartFirstPartApplicationMachine,
-  RequiredContext
+  RequiredContext,
 } from '../types/IOID4VCIHolder'
-import {
-  oid4vciGetCredentialBrandingFrom,
-  sdJwtGetCredentialBrandingFrom,
-  issuerLocaleBrandingFrom
-} from '../mappers/OIDC4VCIBrandingMapper'
+import { oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom, issuerLocaleBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
 import { FirstPartyMachine } from '../machines/firstPartyMachine'
 import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
+import { defaultHasher } from '@sphereon/ssi-sdk.core'
 
 export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Promise<Record<string, Array<IBasicCredentialLocaleBranding>>> => {
   const { credentialsSupported, context } = args
@@ -88,14 +86,14 @@ export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Pr
       if (sdJwtTypeMetadata) {
         mappedLocaleBranding = await sdJwtGetCredentialBrandingFrom({
           credentialDisplay: sdJwtTypeMetadata.display,
-          claimsMetadata: sdJwtTypeMetadata.claims
+          claimsMetadata: sdJwtTypeMetadata.claims,
         })
       } else {
         mappedLocaleBranding = await oid4vciGetCredentialBrandingFrom({
           credentialDisplay: credentialsConfigSupported.display,
           issuerCredentialSubject:
-          // @ts-ignore // FIXME SPRIND-123 add proper support for type recognition as claim display can be located elsewhere for v13
-          credentialsSupported.claims !== undefined ? credentialsConfigSupported.claims : credentialsConfigSupported.credentialSubject,
+            // @ts-ignore // FIXME SPRIND-123 add proper support for type recognition as claim display can be located elsewhere for v13
+            credentialsSupported.claims !== undefined ? credentialsConfigSupported.claims : credentialsConfigSupported.credentialSubject,
         })
       }
       // TODO we should make the mapper part of the plugin, so that the logic for getting the branding becomes more clear and easier to use
@@ -160,7 +158,7 @@ export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArg
     return Promise.reject(Error('No credential found in credential response'))
   }
 
-  const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher })
+  const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher: hasher ?? defaultHasher })
   if (
     wrappedVC.decoded?.iss?.includes('did:ebsi:') ||
     (typeof wrappedVC.decoded?.vc?.issuer === 'string'
@@ -226,7 +224,7 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
     if (!hasher) {
       return Promise.reject('a hasher is required for encoded SD-JWT credentials')
     }
-    const asyncHasher = (data: string, algorithm: string) => Promise.resolve(hasher(data, algorithm))
+    const asyncHasher: Hasher = (data: string | ArrayBuffer, algorithm: string) => Promise.resolve(hasher(data, algorithm))
     const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(wrappedVerifiableCredential.credential, asyncHasher)
     uniformVerifiableCredential = sdJwtDecodedCredentialToUniformCredential(<SdJwtDecodedVerifiableCredential>decodedSdJwt)
   } else if (CredentialMapper.isMsoMdocDecodedCredential(wrappedVerifiableCredential.credential)) {
@@ -621,7 +619,10 @@ export const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs):
   }
 }
 
-export const startFirstPartApplicationMachine = async (args: StartFirstPartApplicationMachine, context: RequiredContext): Promise<AuthorizationChallengeCodeResponse | string> => {
+export const startFirstPartApplicationMachine = async (
+  args: StartFirstPartApplicationMachine,
+  context: RequiredContext,
+): Promise<AuthorizationChallengeCodeResponse | string> => {
   const { openID4VCIClientState, stateNavigationListener, contact } = args
 
   if (!openID4VCIClientState) {
@@ -636,8 +637,8 @@ export const startFirstPartApplicationMachine = async (args: StartFirstPartAppli
     openID4VCIClientState,
     contact,
     agentContext: context,
-    stateNavigationListener
-  });
+    stateNavigationListener,
+  })
 
   return new Promise((resolve, reject) => {
     try {
@@ -645,20 +646,20 @@ export const startFirstPartApplicationMachine = async (args: StartFirstPartAppli
         if (state.matches(FirstPartyMachineStateTypes.done)) {
           const authorizationCodeResponse = state.context.authorizationCodeResponse
           if (!authorizationCodeResponse) {
-            reject(Error('No authorizationCodeResponse acquired'));
+            reject(Error('No authorizationCodeResponse acquired'))
           }
-          resolve(authorizationCodeResponse!);
+          resolve(authorizationCodeResponse!)
         } else if (state.matches(FirstPartyMachineStateTypes.aborted)) {
-          resolve(FirstPartyMachineStateTypes.aborted);
+          resolve(FirstPartyMachineStateTypes.aborted)
         } else if (state.matches(FirstPartyMachineStateTypes.declined)) {
-          resolve(FirstPartyMachineStateTypes.declined);
+          resolve(FirstPartyMachineStateTypes.declined)
         } else if (state.matches(FirstPartyMachineStateTypes.error)) {
-          reject(state.context.error);
+          reject(state.context.error)
         }
       })
-      firstPartyMachineInstance.start();
+      firstPartyMachineInstance.start()
     } catch (error) {
-      reject(error);
+      reject(error)
     }
-  });
-};
+  })
+}

package/src/types/FirstPartyMachine.ts

@@ -1,18 +1,7 @@
-import {
-  BaseActionObject,
-  Interpreter,
-  ResolveTypegenMeta,
-  ServiceMap, State,
-  StateMachine,
-  StatesConfig,
-  TypegenDisabled
-} from 'xstate'
+import { BaseActionObject, Interpreter, ResolveTypegenMeta, ServiceMap, State, StateMachine, StatesConfig, TypegenDisabled } from 'xstate'
 import { OpenID4VCIClientState } from '@sphereon/oid4vci-client'
 import { DidAuthConfig, Party } from '@sphereon/ssi-sdk.data-store'
-import {
-  PresentationDefinitionWithLocation,
-  RPRegistrationMetadataPayload
-} from '@sphereon/did-auth-siop'
+import { PresentationDefinitionWithLocation, RPRegistrationMetadataPayload } from '@sphereon/did-auth-siop'
 import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
 import { AuthorizationChallengeCodeResponse } from '@sphereon/oid4vci-common'
 import { IIdentifier } from '@veramo/core'
@@ -27,7 +16,7 @@ export enum FirstPartyMachineStateTypes {
   error = 'error',
   done = 'done',
   aborted = 'aborted',
-  declined = 'declined'
+  declined = 'declined',
 }
 
 export enum FirstPartyMachineServices {
@@ -37,7 +26,7 @@ export enum FirstPartyMachineServices {
   getSiopRequest = 'getSiopRequest',
 }
 
-export type FirstPartyMachineStates = Record<FirstPartyMachineStateTypes, {}>;
+export type FirstPartyMachineStates = Record<FirstPartyMachineStateTypes, {}>
 
 export type FirstPartyMachineContext = {
   openID4VCIClientState: OpenID4VCIClientState
@@ -50,115 +39,118 @@ export type FirstPartyMachineContext = {
   authorizationRequestData?: SiopV2AuthorizationRequestData
   presentationDuringIssuanceSession?: string
   authorizationCodeResponse?: AuthorizationChallengeCodeResponse
-  error?: ErrorDetails;
-};
+  error?: ErrorDetails
+}
 
 export enum FirstPartyMachineEvents {
   NEXT = 'NEXT',
   PREVIOUS = 'PREVIOUS',
   DECLINE = 'DECLINE',
-  SET_SELECTED_CREDENTIALS = 'SET_SELECTED_CREDENTIALS'
+  SET_SELECTED_CREDENTIALS = 'SET_SELECTED_CREDENTIALS',
 }
 
-export type FirstPartyNextEvent = {type: FirstPartyMachineEvents.NEXT};
-export type FirstPartyPreviousEvent = {type: FirstPartyMachineEvents.PREVIOUS};
-export type FirstPartyDeclineEvent = {type: FirstPartyMachineEvents.DECLINE};
+export type FirstPartyNextEvent = { type: FirstPartyMachineEvents.NEXT }
+export type FirstPartyPreviousEvent = { type: FirstPartyMachineEvents.PREVIOUS }
+export type FirstPartyDeclineEvent = { type: FirstPartyMachineEvents.DECLINE }
 export type FirstPartySelectCredentialsEvent = {
-  type: FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS;
-  data: Array<UniqueDigitalCredential>;
-};
+  type: FirstPartyMachineEvents.SET_SELECTED_CREDENTIALS
+  data: Array<UniqueDigitalCredential>
+}
 
-export type FirstPartyMachineEventTypes =
-  FirstPartyNextEvent |
-  FirstPartyPreviousEvent |
-  FirstPartyDeclineEvent |
-  FirstPartySelectCredentialsEvent
+export type FirstPartyMachineEventTypes = FirstPartyNextEvent | FirstPartyPreviousEvent | FirstPartyDeclineEvent | FirstPartySelectCredentialsEvent
 
 export type FirstPartyMachineStatesConfig = StatesConfig<
   FirstPartyMachineContext,
   {
-    states: FirstPartyMachineStates;
+    states: FirstPartyMachineStates
   },
   FirstPartyMachineEventTypes,
   any
->;
+>
 
 export type CreateFirstPartyMachineOpts = {
   openID4VCIClientState: OpenID4VCIClientState
   contact: Party
   agentContext: RequiredContext
-  machineId?: string;
-};
+  machineId?: string
+}
 
 export type FirstPartyStateMachine = StateMachine<
   FirstPartyMachineContext,
   any,
   FirstPartyMachineEventTypes,
   {
-    value: any;
-    context: FirstPartyMachineContext;
+    value: any
+    context: FirstPartyMachineContext
   },
   BaseActionObject,
   ServiceMap,
   ResolveTypegenMeta<TypegenDisabled, FirstPartyMachineEventTypes, BaseActionObject, ServiceMap>
->;
+>
 
 export type FirstPartyMachineInterpreter = Interpreter<
   FirstPartyMachineContext,
   any,
   FirstPartyMachineEventTypes,
   {
-    value: any;
-    context: FirstPartyMachineContext;
+    value: any
+    context: FirstPartyMachineContext
   },
   any
->;
+>
 
-export type FirstPartyMachineStateNavigationListener = (firstPartyMachine: FirstPartyMachineInterpreter, state: FirstPartyMachineState, navigation?: any) => Promise<void>
+export type FirstPartyMachineStateNavigationListener = (
+  firstPartyMachine: FirstPartyMachineInterpreter,
+  state: FirstPartyMachineState,
+  navigation?: any,
+) => Promise<void>
 
 export type InstanceFirstPartyMachineOpts = {
-  services?: any;
-  guards?: any;
-  subscription?: () => void;
-  requireCustomNavigationHook?: boolean;
+  services?: any
+  guards?: any
+  subscription?: () => void
+  requireCustomNavigationHook?: boolean
   stateNavigationListener?: FirstPartyMachineStateNavigationListener
-} & CreateFirstPartyMachineOpts;
+} & CreateFirstPartyMachineOpts
 
 export type FirstPartyMachineState = State<
   FirstPartyMachineContext,
   FirstPartyMachineEventTypes,
   any,
   {
-    value: any;
-    context: FirstPartyMachineContext;
+    value: any
+    context: FirstPartyMachineContext
   },
   any
->;
+>
 
-export type FirstPartyMachineServiceDefinitions = Record<
-  keyof typeof FirstPartyMachineServices,
-  (...args: Array<any>) => any
->;
+export type FirstPartyMachineServiceDefinitions = Record<keyof typeof FirstPartyMachineServices, (...args: Array<any>) => any>
 
-export type SendAuthorizationChallengeRequestArgs = Pick<FirstPartyMachineContext, 'openID4VCIClientState' | 'authSession' | 'presentationDuringIssuanceSession'>
+export type SendAuthorizationChallengeRequestArgs = Pick<
+  FirstPartyMachineContext,
+  'openID4VCIClientState' | 'authSession' | 'presentationDuringIssuanceSession'
+>
 
-export type SendAuthorizationResponseArgs = Pick<FirstPartyMachineContext, 'authSession' | 'presentationUri' | 'didAuthConfig' | 'authorizationRequestData' | 'selectedCredentials'>
+export type SendAuthorizationResponseArgs = Pick<
+  FirstPartyMachineContext,
+  'authSession' | 'presentationUri' | 'didAuthConfig' | 'authorizationRequestData' | 'selectedCredentials'
+>
 
 export type CreateConfigArgs = Pick<FirstPartyMachineContext, 'presentationUri' | 'identifier'>
 
 export type GetSiopRequestArgs = Pick<FirstPartyMachineContext, 'didAuthConfig' | 'presentationUri'>
 
 export type SiopV2AuthorizationRequestData = {
-  correlationId: string;
-  registrationMetadataPayload: RPRegistrationMetadataPayload;
-  issuer?: string;
-  name?: string;
-  uri?: URL;
-  clientIdScheme?: string;
-  clientId?: string;
-  entityId?: string;
-  presentationDefinitions?: PresentationDefinitionWithLocation[];
-};
+  correlationId: string
+  registrationMetadataPayload: RPRegistrationMetadataPayload
+  issuer?: string
+  name?: string
+  uri?: URL
+  clientIdScheme?: string
+  clientId?: string
+  entityId?: string
+  presentationDefinitions?: PresentationDefinitionWithLocation[]
+}
 
 export type FirstPartyMachineNavigationArgs = {
   firstPartyMachine: FirstPartyMachineInterpreter

package/src/types/IOID4VCIHolder.ts

@@ -7,12 +7,12 @@ import {
   CredentialConfigurationSupported,
   CredentialOfferRequestWithBaseUrl,
   CredentialResponse,
+  CredentialsSupportedDisplay,
   EndpointMetadataResult,
   ExperimentalSubjectIssuance,
+  IssuerCredentialSubject,
   MetadataDisplay,
   NotificationRequest,
-  CredentialsSupportedDisplay,
-  IssuerCredentialSubject,
 } from '@sphereon/oid4vci-common'
 import { DynamicRegistrationClientMetadata } from '@sphereon/oid4vc-common'
 import { CreateOrGetIdentifierOpts, IdentifierProviderOpts, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
@@ -40,16 +40,16 @@ import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
 import { ICredentialValidation, SchemaValidation } from '@sphereon/ssi-sdk.credential-validation'
 import { IDidAuthSiopOpAuthenticator } from '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth'
 import {
-  Hasher,
+  HasherSync,
   IVerifiableCredential,
   JoseSignatureAlgorithm,
   JoseSignatureAlgorithmString,
   OriginalVerifiableCredential,
-  SdJwtTypeDisplayMetadata,
   SdJwtClaimMetadata,
+  SdJwtTypeDisplayMetadata,
   W3CVerifiableCredential,
   WrappedVerifiableCredential,
-  WrappedVerifiablePresentation
+  WrappedVerifiablePresentation,
 } from '@sphereon/ssi-types'
 import {
   IAgentContext,
@@ -110,7 +110,7 @@ export type OID4VCIHolderOptions = {
   defaultAuthorizationRequestOptions?: AuthorizationRequestOpts
   didMethodPreferences?: Array<SupportedDidMethodEnum>
   jwtCryptographicSuitePreferences?: Array<JoseSignatureAlgorithm | JoseSignatureAlgorithmString>
-  hasher?: Hasher
+  hasher?: HasherSync
 }
 
 export type OnContactIdentityCreatedArgs = {
@@ -173,7 +173,9 @@ export type SendNotificationArgs = Pick<
   'credentialsToAccept' | 'serverMetadata' | 'credentialsSupported' | 'openID4VCIClientState'
 > & { notificationRequest?: NotificationRequest; stored: boolean }
 export type GetFederationTrustArgs = Pick<OID4VCIMachineContext, 'requestData' | 'trustAnchors' | 'serverMetadata'>
-export type StartFirstPartApplicationMachine = Pick<OID4VCIMachineContext, 'openID4VCIClientState' | 'contact'> & { stateNavigationListener?: FirstPartyMachineStateNavigationListener }
+export type StartFirstPartApplicationMachine = Pick<OID4VCIMachineContext, 'openID4VCIClientState' | 'contact'> & {
+  stateNavigationListener?: FirstPartyMachineStateNavigationListener
+}
 
 export enum OID4VCIHolderEvent {
   CONTACT_IDENTITY_CREATED = 'contact_identity_created',
@@ -199,7 +201,7 @@ export enum SupportedLanguage {
 export type VerifyCredentialToAcceptArgs = {
   mappedCredential: MappedCredentialToAccept
   onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>
-  hasher?: Hasher
+  hasher?: HasherSync
   schemaValidation?: SchemaValidation
   context: RequiredContext
 }
@@ -319,7 +321,11 @@ export type CreateOID4VCIMachineOpts = {
   issuanceOpt?: IssuanceOpts
 }
 
-export type OID4VCIMachineStateNavigationListener = (oid4vciMachine: OID4VCIMachineInterpreter, state: OID4VCIMachineState, navigation?: any) => Promise<void>
+export type OID4VCIMachineStateNavigationListener = (
+  oid4vciMachine: OID4VCIMachineInterpreter,
+  state: OID4VCIMachineState,
+  navigation?: any,
+) => Promise<void>
 
 export type OID4VCIMachineInstanceOpts = {
   services?: any
@@ -378,7 +384,7 @@ export enum OID4VCIMachineGuards {
   hasSelectedCredentialsGuard = 'oid4vciHasSelectedCredentialsGuard',
   isOIDFOriginGuard = 'oid4vciIsOIDFOriginGuard',
   contactHasLowTrustGuard = 'oid4vciContactHasLowTrustGuard',
-  isFirstPartyApplication = 'oid4vciIsFirstPartyApplication'
+  isFirstPartyApplication = 'oid4vciIsFirstPartyApplication',
 }
 
 export enum OID4VCIMachineServices {
@@ -394,13 +400,10 @@ export enum OID4VCIMachineServices {
   storeCredentialBranding = 'storeCredentialBranding',
   sendNotification = 'sendNotification',
   storeCredentials = 'storeCredentials',
-  startFirstPartApplicationFlow = 'startFirstPartApplicationFlow'
+  startFirstPartApplicationFlow = 'startFirstPartApplicationFlow',
 }
 
-export type OID4VCIMachineServiceDefinitions = Record<
-  keyof typeof OID4VCIMachineServices,
-  (...args: Array<any>) => any
->;
+export type OID4VCIMachineServiceDefinitions = Record<keyof typeof OID4VCIMachineServices, (...args: Array<any>) => any>
 
 export type NextEvent = { type: OID4VCIMachineEvents.NEXT }
 export type PreviousEvent = { type: OID4VCIMachineEvents.PREVIOUS }
@@ -411,8 +414,8 @@ export type VerificationCodeEvent = { type: OID4VCIMachineEvents.SET_VERIFICATIO
 export type ContactConsentEvent = { type: OID4VCIMachineEvents.SET_CONTACT_CONSENT; data: boolean }
 export type ContactAliasEvent = { type: OID4VCIMachineEvents.SET_CONTACT_ALIAS; data: string }
 export type SetAuthorizationCodeURLEvent = { type: OID4VCIMachineEvents.SET_AUTHORIZATION_CODE_URL; data: string }
-export type InvokeAuthorizationRequestEvent = { type: OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST, data: string }
-export type AuthorizationResponseEvent = { type: OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE, data: string | AuthorizationResponse }
+export type InvokeAuthorizationRequestEvent = { type: OID4VCIMachineEvents.INVOKED_AUTHORIZATION_CODE_REQUEST; data: string }
+export type AuthorizationResponseEvent = { type: OID4VCIMachineEvents.PROVIDE_AUTHORIZATION_CODE_RESPONSE; data: string | AuthorizationResponse }
 
 export type OID4VCIMachineEventTypes =
   | NextEvent
@@ -539,7 +542,7 @@ export type GetPreferredCredentialFormatsArgs = {
 
 export type MapCredentialToAcceptArgs = {
   credentialToAccept: CredentialToAccept
-  hasher?: Hasher
+  hasher?: HasherSync
 }
 
 export type GetDefaultIssuanceOptsArgs = {
@@ -632,7 +635,7 @@ export type CredentialVerificationError = {
 
 export type VerifyMdocArgs = { credential: string }
 
-export type VerifySDJWTCredentialArgs = { credential: string; hasher?: Hasher }
+export type VerifySDJWTCredentialArgs = { credential: string; hasher?: HasherSync }
 
 export interface VerifyCredentialArgs {
   credential: OriginalVerifiableCredential
@@ -720,17 +723,17 @@ export type DidAgents = TAgent<IResolver & IDIDManager>
 
 export type RequiredContext = IAgentContext<
   IIssuanceBranding &
-  IContactManager &
-  ICredentialValidation &
-  ICredentialVerifier &
-  ICredentialIssuer &
-  ICredentialStore &
-  IIdentifierResolution &
-  IJwtService &
-  IDIDManager &
-  IResolver &
-  IKeyManager &
-  ISDJwtPlugin &
-  ImDLMdoc &
-  IDidAuthSiopOpAuthenticator
+    IContactManager &
+    ICredentialValidation &
+    ICredentialVerifier &
+    ICredentialIssuer &
+    ICredentialStore &
+    IIdentifierResolution &
+    IJwtService &
+    IDIDManager &
+    IResolver &
+    IKeyManager &
+    ISDJwtPlugin &
+    ImDLMdoc &
+    IDidAuthSiopOpAuthenticator
 >