@sphereon/ssi-sdk.oid4vci-holder 0.33.0 → 0.33.1-feature.vcdm2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/agent/OID4VCIHolder.js +727 -728
  2. package/dist/agent/OID4VCIHolder.js.map +1 -1
  3. package/dist/index.js +8 -28
  4. package/dist/index.js.map +1 -1
  5. package/dist/link-handler/index.js +55 -49
  6. package/dist/link-handler/index.js.map +1 -1
  7. package/dist/listeners/headlessStateNavListener.js +7 -20
  8. package/dist/listeners/headlessStateNavListener.js.map +1 -1
  9. package/dist/localization/Localization.js +38 -43
  10. package/dist/localization/Localization.js.map +1 -1
  11. package/dist/machines/firstPartyMachine.js +79 -78
  12. package/dist/machines/firstPartyMachine.js.map +1 -1
  13. package/dist/machines/oid4vciMachine.js +304 -323
  14. package/dist/machines/oid4vciMachine.js.map +1 -1
  15. package/dist/mappers/OIDC4VCIBrandingMapper.js +163 -135
  16. package/dist/mappers/OIDC4VCIBrandingMapper.js.map +1 -1
  17. package/dist/services/FirstPartyMachineServices.js +19 -30
  18. package/dist/services/FirstPartyMachineServices.js.map +1 -1
  19. package/dist/services/OID4VCIHolderService.js +145 -153
  20. package/dist/services/OID4VCIHolderService.js.map +1 -1
  21. package/dist/types/FirstPartyMachine.js +6 -9
  22. package/dist/types/FirstPartyMachine.js.map +1 -1
  23. package/dist/types/IOID4VCIHolder.js +20 -23
  24. package/dist/types/IOID4VCIHolder.js.map +1 -1
  25. package/package.json +15 -15
package/dist/agent/OID4VCIHolder.js CHANGED
@@ -1,37 +1,23 @@
1
- "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
- Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.OID4VCIHolder = exports.oid4vciHolderContextMethods = void 0;
13
- exports.signCallback = signCallback;
14
- exports.verifyEBSICredentialIssuer = verifyEBSICredentialIssuer;
15
- const oid4vci_client_1 = require("@sphereon/oid4vci-client");
16
- const oid4vci_common_1 = require("@sphereon/oid4vci-common");
17
- const ssi_sdk_ext_did_utils_1 = require("@sphereon/ssi-sdk-ext.did-utils");
18
- const ssi_sdk_ext_identifier_resolution_1 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
19
- const ssi_sdk_ext_key_utils_1 = require("@sphereon/ssi-sdk-ext.key-utils");
20
- const ssi_sdk_data_store_1 = require("@sphereon/ssi-sdk.data-store");
21
- const ssi_types_1 = require("@sphereon/ssi-types");
22
- const utils_1 = require("@veramo/utils");
23
- const did_jwt_1 = require("did-jwt");
24
- const uuid_1 = require("uuid");
25
- const oid4vciMachine_1 = require("../machines/oid4vciMachine");
26
- const IOID4VCIHolder_1 = require("../types/IOID4VCIHolder");
27
- const OID4VCIHolderService_1 = require("../services/OID4VCIHolderService");
28
- require("cross-fetch/polyfill");
29
- const ssi_sdk_core_1 = require("@sphereon/ssi-sdk.core");
1
+ import { CredentialOfferClient, MetadataClient, OpenID4VCIClient } from '@sphereon/oid4vci-client';
2
+ import { DefaultURISchemes, getTypesFromAuthorizationDetails, getTypesFromCredentialOffer, getTypesFromObject, } from '@sphereon/oid4vci-common';
3
+ import { SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils';
4
+ import { isManagedIdentifierDidOpts, isManagedIdentifierDidResult, isManagedIdentifierJwkResult, isManagedIdentifierKidResult, isManagedIdentifierResult, isManagedIdentifierX5cOpts, isManagedIdentifierX5cResult, } from '@sphereon/ssi-sdk-ext.identifier-resolution';
5
+ import { signatureAlgorithmFromKey } from '@sphereon/ssi-sdk-ext.key-utils';
6
+ import { ConnectionType, CorrelationIdentifierType, CredentialCorrelationType, CredentialRole, ensureRawDocument, IdentityOrigin, } from '@sphereon/ssi-sdk.data-store';
7
+ import { CredentialMapper, JoseSignatureAlgorithm, Loggers, parseDid, } from '@sphereon/ssi-types';
8
+ import { asArray, computeEntryHash } from '@veramo/utils';
9
+ import { decodeJWT } from 'did-jwt';
10
+ import { v4 as uuidv4 } from 'uuid';
11
+ import { OID4VCIMachine } from '../machines/oid4vciMachine';
12
+ import { OID4VCIHolderEvent, OID4VCIMachineServices, RequestType, } from '../types/IOID4VCIHolder';
13
+ import { getBasicIssuerLocaleBranding, getCredentialBranding, getCredentialConfigsSupportedMerged, getIdentifierOpts, getIssuanceOpts, mapCredentialToAccept, selectCredentialLocaleBranding, startFirstPartApplicationMachine, verifyCredentialToAccept, } from '../services/OID4VCIHolderService';
14
+ import 'cross-fetch/polyfill';
15
+ import { defaultHasher } from '@sphereon/ssi-sdk.core';
30
16
  /**
31
17
  * {@inheritDoc IOID4VCIHolder}
32
18
  */
33
19
  // Exposing the methods here for any REST implementation
34
- exports.oid4vciHolderContextMethods = [
20
+ export const oid4vciHolderContextMethods = [
35
21
  'cmGetContacts',
36
22
  'cmGetContact',
37
23
  'cmAddContact',
@@ -44,12 +30,11 @@ exports.oid4vciHolderContextMethods = [
44
30
  'keyManagerSign',
45
31
  'verifyCredential',
46
32
  ];
47
- const logger = ssi_types_1.Loggers.DEFAULT.get('sphereon:oid4vci:holder');
48
- function signCallback(identifier, context, nonce) {
49
- return (jwt, kid) => __awaiter(this, void 0, void 0, function* () {
50
- var _a;
51
- let resolution = yield context.agent.identifierManagedGet(identifier);
52
- const jwk = (_a = jwt.header.jwk) !== null && _a !== void 0 ? _a : (resolution.method === 'jwk' ? resolution.jwk : undefined);
33
+ const logger = Loggers.DEFAULT.get('sphereon:oid4vci:holder');
34
+ export function signCallback(identifier, context, nonce) {
35
+ return async (jwt, kid) => {
36
+ let resolution = await context.agent.identifierManagedGet(identifier);
37
+ const jwk = jwt.header.jwk ?? (resolution.method === 'jwk' ? resolution.jwk : undefined);
53
38
  if (!resolution.issuer && !jwt.payload.iss) {
54
39
  return Promise.reject(Error(`No issuer could be determined from the JWT ${JSON.stringify(jwt)} or identifier resolution`));
55
40
  }
@@ -62,78 +47,82 @@ function signCallback(identifier, context, nonce) {
62
47
  console.log(`Deleting kid, as we are using a jwk and the oid4vci spec does not allow both to be present (which is not the case in the JOSE spec)`);
63
48
  delete header.kid; // The OID4VCI spec does not allow a JWK with kid present although the JWS spec does
64
49
  }
65
- return (yield context.agent.jwtCreateJwsCompactSignature({
66
- issuer: Object.assign(Object.assign({}, resolution), { noIssPayloadUpdate: false }),
50
+ return (await context.agent.jwtCreateJwsCompactSignature({
51
+ issuer: { ...resolution, noIssPayloadUpdate: false },
67
52
  protectedHeader: header,
68
53
  payload,
69
54
  })).jwt;
70
- });
55
+ };
71
56
  }
72
- function verifyEBSICredentialIssuer(args) {
73
- return __awaiter(this, void 0, void 0, function* () {
74
- var _a, _b, _c, _d, _e, _f, _g, _h, _j;
75
- const { wrappedVc, issuerType = ['TI'] } = args;
76
- const issuer = (_b = (_a = wrappedVc.decoded) === null || _a === void 0 ? void 0 : _a.iss) !== null && _b !== void 0 ? _b : (typeof ((_d = (_c = wrappedVc.decoded) === null || _c === void 0 ? void 0 : _c.vc) === null || _d === void 0 ? void 0 : _d.issuer) === 'string' ? (_f = (_e = wrappedVc.decoded) === null || _e === void 0 ? void 0 : _e.vc) === null || _f === void 0 ? void 0 : _f.issuer : (_j = (_h = (_g = wrappedVc.decoded) === null || _g === void 0 ? void 0 : _g.vc) === null || _h === void 0 ? void 0 : _h.issuer) === null || _j === void 0 ? void 0 : _j.existingInstanceId);
77
- if (!issuer) {
78
- throw Error('The issuer of the VC is required to be present');
79
- }
80
- const url = `https://api-conformance.ebsi.eu/trusted-issuers-registry/v4/issuers/${issuer}`;
81
- const response = yield fetch(url);
82
- if (response.status !== 200) {
83
- throw Error('The issuer of the VC cannot be trusted');
84
- }
85
- const payload = yield response.json();
86
- if (!payload.attributes.some((a) => issuerType.includes(a.issuerType))) {
87
- throw Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`);
88
- }
89
- return payload;
90
- });
57
+ export async function verifyEBSICredentialIssuer(args) {
58
+ const { wrappedVc, issuerType = ['TI'] } = args;
59
+ const issuer = wrappedVc.decoded?.iss ??
60
+ (typeof wrappedVc.decoded?.vc?.issuer === 'string' ? wrappedVc.decoded?.vc?.issuer : wrappedVc.decoded?.vc?.issuer?.existingInstanceId);
61
+ if (!issuer) {
62
+ throw Error('The issuer of the VC is required to be present');
63
+ }
64
+ const url = `https://api-conformance.ebsi.eu/trusted-issuers-registry/v4/issuers/${issuer}`;
65
+ const response = await fetch(url);
66
+ if (response.status !== 200) {
67
+ throw Error('The issuer of the VC cannot be trusted');
68
+ }
69
+ const payload = await response.json();
70
+ if (!payload.attributes.some((a) => issuerType.includes(a.issuerType))) {
71
+ throw Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`);
72
+ }
73
+ return payload;
91
74
  }
92
- class OID4VCIHolder {
75
+ export class OID4VCIHolder {
76
+ hasher;
77
+ eventTypes = [
78
+ OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,
79
+ OID4VCIHolderEvent.CREDENTIAL_STORED,
80
+ OID4VCIHolderEvent.IDENTIFIER_CREATED,
81
+ ];
82
+ methods = {
83
+ oid4vciHolderStart: this.oid4vciHolderStart.bind(this),
84
+ oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),
85
+ oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),
86
+ oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),
87
+ oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),
88
+ oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),
89
+ oid4vciHolderGetCredential: this.oid4vciHolderGetCredential.bind(this),
90
+ oid4vciHolderAddContactIdentity: this.oid4vciHolderAddContactIdentity.bind(this),
91
+ oid4vciHolderAssertValidCredentials: this.oid4vciHolderAssertValidCredentials.bind(this),
92
+ oid4vciHolderStoreCredentialBranding: this.oid4vciHolderStoreCredentialBranding.bind(this),
93
+ oid4vciHolderStoreCredentials: this.oid4vciHolderStoreCredentials.bind(this),
94
+ oid4vciHolderSendNotification: this.oid4vciHolderSendNotification.bind(this),
95
+ oid4vciHolderGetIssuerBranding: this.oid4vciHolderGetIssuerBranding.bind(this),
96
+ oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this),
97
+ };
98
+ vcFormatPreferences = ['vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc'];
99
+ jsonldCryptographicSuitePreferences = [
100
+ 'Ed25519Signature2018',
101
+ 'EcdsaSecp256k1Signature2019',
102
+ 'Ed25519Signature2020',
103
+ 'JsonWebSignature2020',
104
+ // "JcsEd25519Signature2020"
105
+ ];
106
+ didMethodPreferences = [
107
+ SupportedDidMethodEnum.DID_JWK, // FIXME prefer JWK until we devise a method to detect when to use EBSI/jcs for did:key and when not
108
+ SupportedDidMethodEnum.DID_KEY,
109
+ SupportedDidMethodEnum.DID_OYD,
110
+ SupportedDidMethodEnum.DID_EBSI,
111
+ SupportedDidMethodEnum.DID_ION,
112
+ ];
113
+ jwtCryptographicSuitePreferences = [
114
+ JoseSignatureAlgorithm.ES256,
115
+ JoseSignatureAlgorithm.ES256K,
116
+ JoseSignatureAlgorithm.EdDSA,
117
+ ];
118
+ static DEFAULT_MOBILE_REDIRECT_URI = `${DefaultURISchemes.CREDENTIAL_OFFER}://`;
119
+ defaultAuthorizationRequestOpts = { redirectUri: OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI };
120
+ onContactIdentityCreated;
121
+ onCredentialStored;
122
+ onIdentifierCreated;
123
+ onVerifyEBSICredentialIssuer;
93
124
  constructor(options) {
94
- this.eventTypes = [
95
- IOID4VCIHolder_1.OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,
96
- IOID4VCIHolder_1.OID4VCIHolderEvent.CREDENTIAL_STORED,
97
- IOID4VCIHolder_1.OID4VCIHolderEvent.IDENTIFIER_CREATED,
98
- ];
99
- this.methods = {
100
- oid4vciHolderStart: this.oid4vciHolderStart.bind(this),
101
- oid4vciHolderGetIssuerMetadata: this.oid4vciHolderGetIssuerMetadata.bind(this),
102
- oid4vciHolderGetMachineInterpreter: this.oid4vciHolderGetMachineInterpreter.bind(this),
103
- oid4vciHolderCreateCredentialsToSelectFrom: this.oid4vciHolderCreateCredentialsToSelectFrom.bind(this),
104
- oid4vciHolderGetContact: this.oid4vciHolderGetContact.bind(this),
105
- oid4vciHolderGetCredentials: this.oid4vciHolderGetCredentials.bind(this),
106
- oid4vciHolderGetCredential: this.oid4vciHolderGetCredential.bind(this),
107
- oid4vciHolderAddContactIdentity: this.oid4vciHolderAddContactIdentity.bind(this),
108
- oid4vciHolderAssertValidCredentials: this.oid4vciHolderAssertValidCredentials.bind(this),
109
- oid4vciHolderStoreCredentialBranding: this.oid4vciHolderStoreCredentialBranding.bind(this),
110
- oid4vciHolderStoreCredentials: this.oid4vciHolderStoreCredentials.bind(this),
111
- oid4vciHolderSendNotification: this.oid4vciHolderSendNotification.bind(this),
112
- oid4vciHolderGetIssuerBranding: this.oid4vciHolderGetIssuerBranding.bind(this),
113
- oid4vciHolderStoreIssuerBranding: this.oid4vciHolderStoreIssuerBranding.bind(this),
114
- };
115
- this.vcFormatPreferences = ['vc+sd-jwt', 'mso_mdoc', 'jwt_vc_json', 'jwt_vc', 'ldp_vc'];
116
- this.jsonldCryptographicSuitePreferences = [
117
- 'Ed25519Signature2018',
118
- 'EcdsaSecp256k1Signature2019',
119
- 'Ed25519Signature2020',
120
- 'JsonWebSignature2020',
121
- // "JcsEd25519Signature2020"
122
- ];
123
- this.didMethodPreferences = [
124
- ssi_sdk_ext_did_utils_1.SupportedDidMethodEnum.DID_JWK, // FIXME prefer JWK until we devise a method to detect when to use EBSI/jcs for did:key and when not
125
- ssi_sdk_ext_did_utils_1.SupportedDidMethodEnum.DID_KEY,
126
- ssi_sdk_ext_did_utils_1.SupportedDidMethodEnum.DID_OYD,
127
- ssi_sdk_ext_did_utils_1.SupportedDidMethodEnum.DID_EBSI,
128
- ssi_sdk_ext_did_utils_1.SupportedDidMethodEnum.DID_ION,
129
- ];
130
- this.jwtCryptographicSuitePreferences = [
131
- ssi_types_1.JoseSignatureAlgorithm.ES256,
132
- ssi_types_1.JoseSignatureAlgorithm.ES256K,
133
- ssi_types_1.JoseSignatureAlgorithm.EdDSA,
134
- ];
135
- this.defaultAuthorizationRequestOpts = { redirectUri: OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI };
136
- const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = ssi_sdk_core_1.defaultHasher, } = Object.assign({}, options);
125
+ const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = defaultHasher, } = { ...options };
137
126
  this.hasher = hasher;
138
127
  if (vcFormatPreferences !== undefined && vcFormatPreferences.length > 0) {
139
128
  this.vcFormatPreferences = vcFormatPreferences;
@@ -155,51 +144,56 @@ class OID4VCIHolder {
155
144
  this.onIdentifierCreated = onIdentifierCreated;
156
145
  this.onVerifyEBSICredentialIssuer = onVerifyEBSICredentialIssuer;
157
146
  }
158
- onEvent(event, context) {
159
- return __awaiter(this, void 0, void 0, function* () {
160
- var _a, _b, _c;
161
- switch (event.type) {
162
- case IOID4VCIHolder_1.OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED:
163
- (_a = this.onContactIdentityCreated) === null || _a === void 0 ? void 0 : _a.call(this, event.data);
164
- break;
165
- case IOID4VCIHolder_1.OID4VCIHolderEvent.CREDENTIAL_STORED:
166
- (_b = this.onCredentialStored) === null || _b === void 0 ? void 0 : _b.call(this, event.data);
167
- break;
168
- case IOID4VCIHolder_1.OID4VCIHolderEvent.IDENTIFIER_CREATED:
169
- (_c = this.onIdentifierCreated) === null || _c === void 0 ? void 0 : _c.call(this, event.data);
170
- break;
171
- default:
172
- return Promise.reject(Error(`Event type ${event.type} not supported`));
173
- }
174
- });
147
+ async onEvent(event, context) {
148
+ switch (event.type) {
149
+ case OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED:
150
+ this.onContactIdentityCreated?.(event.data);
151
+ break;
152
+ case OID4VCIHolderEvent.CREDENTIAL_STORED:
153
+ this.onCredentialStored?.(event.data);
154
+ break;
155
+ case OID4VCIHolderEvent.IDENTIFIER_CREATED:
156
+ this.onIdentifierCreated?.(event.data);
157
+ break;
158
+ default:
159
+ return Promise.reject(Error(`Event type ${event.type} not supported`));
160
+ }
175
161
  }
176
162
  /**
177
163
  * FIXME: This method can only be used locally. Creating the interpreter should be local to where the agent is running
178
164
  */
179
- oid4vciHolderGetMachineInterpreter(opts, context) {
180
- return __awaiter(this, void 0, void 0, function* () {
181
- const authorizationRequestOpts = Object.assign(Object.assign({}, this.defaultAuthorizationRequestOpts), opts.authorizationRequestOpts);
182
- const services = {
183
- [IOID4VCIHolder_1.OID4VCIMachineServices.start]: (args) => this.oid4vciHolderStart(Object.assign(Object.assign({}, args), { authorizationRequestOpts }), context),
184
- [IOID4VCIHolder_1.OID4VCIMachineServices.startFirstPartApplicationFlow]: (args) => (0, OID4VCIHolderService_1.startFirstPartApplicationMachine)(Object.assign(Object.assign({}, args), { stateNavigationListener: opts.firstPartyStateNavigationListener }), context),
185
- [IOID4VCIHolder_1.OID4VCIMachineServices.createCredentialsToSelectFrom]: (args) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
186
- [IOID4VCIHolder_1.OID4VCIMachineServices.getContact]: (args) => this.oid4vciHolderGetContact(args, context),
187
- [IOID4VCIHolder_1.OID4VCIMachineServices.getCredentials]: (args) => { var _a; return this.oid4vciHolderGetCredentials(Object.assign({ accessTokenOpts: (_a = args.accessTokenOpts) !== null && _a !== void 0 ? _a : opts.accessTokenOpts }, args), context); },
188
- [IOID4VCIHolder_1.OID4VCIMachineServices.addContactIdentity]: (args) => this.oid4vciHolderAddContactIdentity(args, context),
189
- [IOID4VCIHolder_1.OID4VCIMachineServices.getIssuerBranding]: (args) => this.oid4vciHolderGetIssuerBranding(args, context),
190
- [IOID4VCIHolder_1.OID4VCIMachineServices.storeIssuerBranding]: (args) => this.oid4vciHolderStoreIssuerBranding(args, context),
191
- [IOID4VCIHolder_1.OID4VCIMachineServices.assertValidCredentials]: (args) => this.oid4vciHolderAssertValidCredentials(args, context),
192
- [IOID4VCIHolder_1.OID4VCIMachineServices.storeCredentialBranding]: (args) => this.oid4vciHolderStoreCredentialBranding(args, context),
193
- [IOID4VCIHolder_1.OID4VCIMachineServices.storeCredentials]: (args) => this.oid4vciHolderStoreCredentials(args, context),
194
- [IOID4VCIHolder_1.OID4VCIMachineServices.sendNotification]: (args) => this.oid4vciHolderSendNotification(args, context),
195
- [IOID4VCIHolder_1.OID4VCIMachineServices.getFederationTrust]: (args) => this.getFederationTrust(args, context),
196
- };
197
- const oid4vciMachineInstanceArgs = Object.assign(Object.assign({}, opts), { authorizationRequestOpts, services: Object.assign(Object.assign({}, services), opts.services) });
198
- const { interpreter } = yield oid4vciMachine_1.OID4VCIMachine.newInstance(oid4vciMachineInstanceArgs, context);
199
- return {
200
- interpreter,
201
- };
202
- });
165
+ async oid4vciHolderGetMachineInterpreter(opts, context) {
166
+ const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...opts.authorizationRequestOpts };
167
+ const services = {
168
+ [OID4VCIMachineServices.start]: (args) => this.oid4vciHolderStart({
169
+ ...args,
170
+ authorizationRequestOpts,
171
+ }, context),
172
+ [OID4VCIMachineServices.startFirstPartApplicationFlow]: (args) => startFirstPartApplicationMachine({ ...args, stateNavigationListener: opts.firstPartyStateNavigationListener }, context),
173
+ [OID4VCIMachineServices.createCredentialsToSelectFrom]: (args) => this.oid4vciHolderCreateCredentialsToSelectFrom(args, context),
174
+ [OID4VCIMachineServices.getContact]: (args) => this.oid4vciHolderGetContact(args, context),
175
+ [OID4VCIMachineServices.getCredentials]: (args) => this.oid4vciHolderGetCredentials({ accessTokenOpts: args.accessTokenOpts ?? opts.accessTokenOpts, ...args }, context),
176
+ [OID4VCIMachineServices.addContactIdentity]: (args) => this.oid4vciHolderAddContactIdentity(args, context),
177
+ [OID4VCIMachineServices.getIssuerBranding]: (args) => this.oid4vciHolderGetIssuerBranding(args, context),
178
+ [OID4VCIMachineServices.storeIssuerBranding]: (args) => this.oid4vciHolderStoreIssuerBranding(args, context),
179
+ [OID4VCIMachineServices.assertValidCredentials]: (args) => this.oid4vciHolderAssertValidCredentials(args, context),
180
+ [OID4VCIMachineServices.storeCredentialBranding]: (args) => this.oid4vciHolderStoreCredentialBranding(args, context),
181
+ [OID4VCIMachineServices.storeCredentials]: (args) => this.oid4vciHolderStoreCredentials(args, context),
182
+ [OID4VCIMachineServices.sendNotification]: (args) => this.oid4vciHolderSendNotification(args, context),
183
+ [OID4VCIMachineServices.getFederationTrust]: (args) => this.getFederationTrust(args, context),
184
+ };
185
+ const oid4vciMachineInstanceArgs = {
186
+ ...opts,
187
+ authorizationRequestOpts,
188
+ services: {
189
+ ...services,
190
+ ...opts.services,
191
+ },
192
+ };
193
+ const { interpreter } = await OID4VCIMachine.newInstance(oid4vciMachineInstanceArgs, context);
194
+ return {
195
+ interpreter,
196
+ };
203
197
  }
204
198
  /**
205
199
  * This method is run before the machine starts! So there is no concept of the state machine context or states yet
@@ -209,308 +203,327 @@ class OID4VCIHolder {
209
203
  * @param context
210
204
  * @private
211
205
  */
212
- oid4vciHolderStart(args, context) {
213
- return __awaiter(this, void 0, void 0, function* () {
214
- var _a, _b, _c;
215
- const { requestData } = args;
216
- if (!requestData) {
217
- throw Error(`Cannot start the OID4VCI holder flow without request data being provided`);
218
- }
219
- const { uri = undefined } = requestData;
220
- if (!uri) {
221
- return Promise.reject(Error('Missing request URI in context'));
222
- }
223
- const authorizationRequestOpts = Object.assign(Object.assign({}, this.defaultAuthorizationRequestOpts), args.authorizationRequestOpts);
224
- // We filter the details first against our vcformat prefs
225
- authorizationRequestOpts.authorizationDetails = (authorizationRequestOpts === null || authorizationRequestOpts === void 0 ? void 0 : authorizationRequestOpts.authorizationDetails)
226
- ? (0, utils_1.asArray)(authorizationRequestOpts.authorizationDetails).filter((detail) => typeof detail === 'string' || this.vcFormatPreferences.includes(detail.format))
227
- : undefined;
228
- if (!authorizationRequestOpts.redirectUri) {
229
- authorizationRequestOpts.redirectUri = OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI;
230
- }
231
- if (authorizationRequestOpts.redirectUri.startsWith('http') && !authorizationRequestOpts.clientId) {
232
- // At least set a default for a web based wallet.
233
- // TODO: We really need (dynamic) client registration support
234
- authorizationRequestOpts.clientId = authorizationRequestOpts.redirectUri;
235
- }
236
- let formats = this.vcFormatPreferences;
237
- const authFormats = (_a = authorizationRequestOpts === null || authorizationRequestOpts === void 0 ? void 0 : authorizationRequestOpts.authorizationDetails) === null || _a === void 0 ? void 0 : _a.map((detail) => (typeof detail === 'object' && 'format' in detail && detail.format ? detail.format : undefined)).filter((format) => !!format).map((format) => format);
238
- if (authFormats && authFormats.length > 0) {
239
- formats = Array.from(new Set(authFormats));
240
- }
241
- let oid4vciClient;
242
- let types = undefined;
243
- let offer;
244
- if (requestData.existingClientState) {
245
- oid4vciClient = yield oid4vci_client_1.OpenID4VCIClient.fromState({ state: requestData.existingClientState });
246
- offer = oid4vciClient.credentialOffer;
247
- }
248
- else {
249
- offer = requestData.credentialOffer;
250
- if (uri.startsWith(IOID4VCIHolder_1.RequestType.OPENID_INITIATE_ISSUANCE) ||
251
- uri.startsWith(IOID4VCIHolder_1.RequestType.OPENID_CREDENTIAL_OFFER) ||
252
- uri.match(/https?:\/\/.*credential_offer(_uri)=?.*/)) {
253
- if (!offer) {
254
- // Let's make sure to convert the URI to offer, as it matches the regexes. Normally this should already have happened at this point though
255
- offer = yield oid4vci_client_1.CredentialOfferClient.fromURI(uri);
256
- }
257
- }
258
- else {
259
- if (!!offer) {
260
- logger.warning(`Non default URI used for credential offer: ${uri}`);
261
- }
262
- }
206
+ async oid4vciHolderStart(args, context) {
207
+ const { requestData } = args;
208
+ if (!requestData) {
209
+ throw Error(`Cannot start the OID4VCI holder flow without request data being provided`);
210
+ }
211
+ const { uri = undefined } = requestData;
212
+ if (!uri) {
213
+ return Promise.reject(Error('Missing request URI in context'));
214
+ }
215
+ const authorizationRequestOpts = { ...this.defaultAuthorizationRequestOpts, ...args.authorizationRequestOpts };
216
+ // We filter the details first against our vcformat prefs
217
+ authorizationRequestOpts.authorizationDetails = authorizationRequestOpts?.authorizationDetails
218
+ ? asArray(authorizationRequestOpts.authorizationDetails).filter((detail) => typeof detail === 'string' || this.vcFormatPreferences.includes(detail.format))
219
+ : undefined;
220
+ if (!authorizationRequestOpts.redirectUri) {
221
+ authorizationRequestOpts.redirectUri = OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI;
222
+ }
223
+ if (authorizationRequestOpts.redirectUri.startsWith('http') && !authorizationRequestOpts.clientId) {
224
+ // At least set a default for a web based wallet.
225
+ // TODO: We really need (dynamic) client registration support
226
+ authorizationRequestOpts.clientId = authorizationRequestOpts.redirectUri;
227
+ }
228
+ let formats = this.vcFormatPreferences;
229
+ const authFormats = authorizationRequestOpts?.authorizationDetails
230
+ ?.map((detail) => (typeof detail === 'object' && 'format' in detail && detail.format ? detail.format : undefined))
231
+ .filter((format) => !!format)
232
+ .map((format) => format);
233
+ if (authFormats && authFormats.length > 0) {
234
+ formats = Array.from(new Set(authFormats));
235
+ }
236
+ let oid4vciClient;
237
+ let types = undefined;
238
+ let offer;
239
+ if (requestData.existingClientState) {
240
+ oid4vciClient = await OpenID4VCIClient.fromState({ state: requestData.existingClientState });
241
+ offer = oid4vciClient.credentialOffer;
242
+ }
243
+ else {
244
+ offer = requestData.credentialOffer;
245
+ if (uri.startsWith(RequestType.OPENID_INITIATE_ISSUANCE) ||
246
+ uri.startsWith(RequestType.OPENID_CREDENTIAL_OFFER) ||
247
+ uri.match(/https?:\/\/.*credential_offer(_uri)=?.*/)) {
263
248
  if (!offer) {
264
- // else no offer, meaning we have an issuer URL
265
- logger.log(`Issuer url received (no credential offer): ${uri}`);
266
- oid4vciClient = yield oid4vci_client_1.OpenID4VCIClient.fromCredentialIssuer({
267
- credentialIssuer: uri,
268
- authorizationRequest: authorizationRequestOpts,
269
- clientId: authorizationRequestOpts.clientId,
270
- createAuthorizationRequestURL: (_b = requestData.createAuthorizationRequestURL) !== null && _b !== void 0 ? _b : true,
271
- });
249
+ // Let's make sure to convert the URI to offer, as it matches the regexes. Normally this should already have happened at this point though
250
+ offer = await CredentialOfferClient.fromURI(uri);
272
251
  }
273
- else {
274
- logger.log(`Credential offer received: ${uri}`);
275
- oid4vciClient = yield oid4vci_client_1.OpenID4VCIClient.fromURI({
276
- uri,
277
- authorizationRequest: authorizationRequestOpts,
278
- clientId: authorizationRequestOpts.clientId,
279
- createAuthorizationRequestURL: (_c = requestData.createAuthorizationRequestURL) !== null && _c !== void 0 ? _c : true,
280
- });
252
+ }
253
+ else {
254
+ if (!!offer) {
255
+ logger.warning(`Non default URI used for credential offer: ${uri}`);
281
256
  }
282
257
  }
283
- if (offer) {
284
- types = (0, oid4vci_common_1.getTypesFromCredentialOffer)(offer.original_credential_offer);
258
+ if (!offer) {
259
+ // else no offer, meaning we have an issuer URL
260
+ logger.log(`Issuer url received (no credential offer): ${uri}`);
261
+ oid4vciClient = await OpenID4VCIClient.fromCredentialIssuer({
262
+ credentialIssuer: uri,
263
+ authorizationRequest: authorizationRequestOpts,
264
+ clientId: authorizationRequestOpts.clientId,
265
+ createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true,
266
+ });
285
267
  }
286
268
  else {
287
- types = (0, utils_1.asArray)(authorizationRequestOpts.authorizationDetails)
288
- .map((authReqOpts) => { var _a; return (_a = (0, oid4vci_common_1.getTypesFromAuthorizationDetails)(authReqOpts)) !== null && _a !== void 0 ? _a : []; })
289
- .filter((inner) => inner.length > 0);
290
- }
291
- const serverMetadata = yield oid4vciClient.retrieveServerMetadata();
292
- const credentialsSupported = yield (0, OID4VCIHolderService_1.getCredentialConfigsSupportedMerged)({
293
- client: oid4vciClient,
294
- vcFormatPreferences: formats,
295
- types,
296
- });
297
- const credentialBranding = yield (0, OID4VCIHolderService_1.getCredentialBranding)({ credentialsSupported, context });
298
- const authorizationCodeURL = oid4vciClient.authorizationURL;
299
- if (authorizationCodeURL) {
300
- logger.log(`authorization code URL ${authorizationCodeURL}`);
269
+ logger.log(`Credential offer received: ${uri}`);
270
+ oid4vciClient = await OpenID4VCIClient.fromURI({
271
+ uri,
272
+ authorizationRequest: authorizationRequestOpts,
273
+ clientId: authorizationRequestOpts.clientId,
274
+ createAuthorizationRequestURL: requestData.createAuthorizationRequestURL ?? true,
275
+ });
301
276
  }
302
- const oid4vciClientState = JSON.parse(yield oid4vciClient.exportState());
303
- return {
304
- authorizationCodeURL,
305
- credentialBranding,
306
- credentialsSupported,
307
- serverMetadata,
308
- oid4vciClientState,
309
- };
277
+ }
278
+ if (offer) {
279
+ types = getTypesFromCredentialOffer(offer.original_credential_offer);
280
+ }
281
+ else {
282
+ types = asArray(authorizationRequestOpts.authorizationDetails)
283
+ .map((authReqOpts) => getTypesFromAuthorizationDetails(authReqOpts) ?? [])
284
+ .filter((inner) => inner.length > 0);
285
+ }
286
+ const serverMetadata = await oid4vciClient.retrieveServerMetadata();
287
+ const credentialsSupported = await getCredentialConfigsSupportedMerged({
288
+ client: oid4vciClient,
289
+ vcFormatPreferences: formats,
290
+ types,
310
291
  });
292
+ const credentialBranding = await getCredentialBranding({ credentialsSupported, context });
293
+ const authorizationCodeURL = oid4vciClient.authorizationURL;
294
+ if (authorizationCodeURL) {
295
+ logger.log(`authorization code URL ${authorizationCodeURL}`);
296
+ }
297
+ const oid4vciClientState = JSON.parse(await oid4vciClient.exportState());
298
+ return {
299
+ authorizationCodeURL,
300
+ credentialBranding,
301
+ credentialsSupported,
302
+ serverMetadata,
303
+ oid4vciClientState,
304
+ };
311
305
  }
312
- oid4vciHolderCreateCredentialsToSelectFrom(args, context) {
313
- return __awaiter(this, void 0, void 0, function* () {
314
- const { credentialBranding, locale, selectedCredentials /*, openID4VCIClientState*/, credentialsSupported } = args;
315
- // const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState! }) // TODO see if we need the check openID4VCIClientState defined
316
- /*const credentialsSupported = await getCredentialConfigsSupportedBySingleTypeOrId({
317
- client,
318
- vcFormatPreferences: this.vcFormatPreferences,
319
- })*/
320
- logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(', ')}`);
321
- const credentialSelection = yield Promise.all(Object.entries(credentialsSupported).map((_a) => __awaiter(this, [_a], void 0, function* ([id, credentialConfigSupported]) {
322
- // FIXME this allows for duplicate VerifiableCredential, which the user has no idea which ones those are and we also have a branding map with unique keys, so some branding will not match
323
- // const defaultCredentialType = 'VerifiableCredential'
324
- var _b, _c, _d;
325
- const credentialTypes = (0, oid4vci_common_1.getTypesFromObject)(credentialConfigSupported);
326
- // const credentialType = id /*?? credentialTypes?.find((type) => type !== defaultCredentialType) ?? defaultCredentialType*/
327
- const localeBranding = !credentialBranding
328
- ? undefined
329
- : ((_b = credentialBranding === null || credentialBranding === void 0 ? void 0 : credentialBranding[id]) !== null && _b !== void 0 ? _b : (_c = Object.entries(credentialBranding)
306
+ async oid4vciHolderCreateCredentialsToSelectFrom(args, context) {
307
+ const { credentialBranding, locale, selectedCredentials /*, openID4VCIClientState*/, credentialsSupported } = args;
308
+ // const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState! }) // TODO see if we need the check openID4VCIClientState defined
309
+ /*const credentialsSupported = await getCredentialConfigsSupportedBySingleTypeOrId({
310
+ client,
311
+ vcFormatPreferences: this.vcFormatPreferences,
312
+ })*/
313
+ logger.info(`Credentials supported ${Object.keys(credentialsSupported).join(', ')}`);
314
+ const credentialSelection = await Promise.all(Object.entries(credentialsSupported).map(async ([id, credentialConfigSupported]) => {
315
+ // FIXME this allows for duplicate VerifiableCredential, which the user has no idea which ones those are and we also have a branding map with unique keys, so some branding will not match
316
+ // const defaultCredentialType = 'VerifiableCredential'
317
+ const credentialTypes = getTypesFromObject(credentialConfigSupported);
318
+ // const credentialType = id /*?? credentialTypes?.find((type) => type !== defaultCredentialType) ?? defaultCredentialType*/
319
+ const localeBranding = !credentialBranding
320
+ ? undefined
321
+ : (credentialBranding?.[id] ??
322
+ Object.entries(credentialBranding)
330
323
  .find(([type, _brandings]) => {
331
324
  credentialTypes && type in credentialTypes;
332
- })) === null || _c === void 0 ? void 0 : _c.map(([type, supported]) => supported));
333
- const credentialAlias = (_d = (yield (0, OID4VCIHolderService_1.selectCredentialLocaleBranding)({
334
- locale,
335
- localeBranding,
336
- }))) === null || _d === void 0 ? void 0 : _d.alias;
337
- return {
338
- id: (0, uuid_1.v4)(),
339
- credentialId: id,
340
- credentialTypes: credentialTypes !== null && credentialTypes !== void 0 ? credentialTypes : (0, utils_1.asArray)(id),
341
- credentialAlias: credentialAlias !== null && credentialAlias !== void 0 ? credentialAlias : id,
342
- isSelected: false,
343
- };
344
- })));
345
- // TODO find better place to do this, would be nice if the machine does this?
346
- if (credentialSelection.length >= 1) {
347
- credentialSelection.map((sel) => selectedCredentials.push(sel.credentialId));
348
- }
349
- logger.log(`Credential selection ${JSON.stringify(credentialSelection)}`);
350
- return credentialSelection;
351
- });
325
+ })
326
+ ?.map(([type, supported]) => supported));
327
+ const credentialAlias = (await selectCredentialLocaleBranding({
328
+ locale,
329
+ localeBranding,
330
+ }))?.alias;
331
+ return {
332
+ id: uuidv4(),
333
+ credentialId: id,
334
+ credentialTypes: credentialTypes ?? asArray(id),
335
+ credentialAlias: credentialAlias ?? id,
336
+ isSelected: false,
337
+ };
338
+ }));
339
+ // TODO find better place to do this, would be nice if the machine does this?
340
+ if (credentialSelection.length >= 1) {
341
+ credentialSelection.map((sel) => selectedCredentials.push(sel.credentialId));
342
+ }
343
+ logger.log(`Credential selection ${JSON.stringify(credentialSelection)}`);
344
+ return credentialSelection;
352
345
  }
353
- oid4vciHolderGetContact(args, context) {
354
- return __awaiter(this, void 0, void 0, function* () {
355
- var _a, _b, _c;
356
- const { serverMetadata } = args;
357
- if (serverMetadata === undefined) {
358
- return Promise.reject(Error('Missing serverMetadata in context'));
359
- }
360
- const names = new Set((_c = (_b = (_a = serverMetadata.credentialIssuerMetadata) === null || _a === void 0 ? void 0 : _a.display) === null || _b === void 0 ? void 0 : _b.map((display) => display.name).filter((name) => name != undefined).map((name) => name)) !== null && _c !== void 0 ? _c : []);
361
- const name = names.size > 0 ? Array.from(names)[0] : undefined;
362
- const correlationId = new URL(serverMetadata.issuer).hostname;
363
- const filter = [
364
- {
365
- identities: {
366
- identifier: {
367
- correlationId,
368
- },
346
+ async oid4vciHolderGetContact(args, context) {
347
+ const { serverMetadata } = args;
348
+ if (serverMetadata === undefined) {
349
+ return Promise.reject(Error('Missing serverMetadata in context'));
350
+ }
351
+ const names = new Set(serverMetadata.credentialIssuerMetadata?.display
352
+ ?.map((display) => display.name)
353
+ .filter((name) => name != undefined)
354
+ .map((name) => name) ?? []);
355
+ const name = names.size > 0 ? Array.from(names)[0] : undefined;
356
+ const correlationId = new URL(serverMetadata.issuer).hostname;
357
+ const filter = [
358
+ {
359
+ identities: {
360
+ identifier: {
361
+ correlationId,
369
362
  },
370
363
  },
371
- ];
372
- if (name) {
373
- filter.push({
374
- contact: {
375
- legalName: name,
376
- },
377
- });
378
- filter.push({
379
- contact: {
380
- displayName: name,
381
- },
382
- });
383
- }
384
- const parties = yield context.agent.cmGetContacts({
385
- filter,
364
+ },
365
+ ];
366
+ if (name) {
367
+ filter.push({
368
+ contact: {
369
+ legalName: name,
370
+ },
386
371
  });
387
- if (parties.length > 1) {
388
- logger.warning(`Get contacts returned more than one result: ${parties.length}, ${parties.map((party) => party.contact.displayName).join(',')}`);
389
- }
390
- const party = parties.length >= 1 ? parties[0] : undefined;
391
- logger.log(`Party involved: `, party);
392
- return party;
372
+ filter.push({
373
+ contact: {
374
+ displayName: name,
375
+ },
376
+ });
377
+ }
378
+ const parties = await context.agent.cmGetContacts({
379
+ filter,
393
380
  });
381
+ if (parties.length > 1) {
382
+ logger.warning(`Get contacts returned more than one result: ${parties.length}, ${parties.map((party) => party.contact.displayName).join(',')}`);
383
+ }
384
+ const party = parties.length >= 1 ? parties[0] : undefined;
385
+ logger.log(`Party involved: `, party);
386
+ return party;
394
387
  }
395
- oid4vciHolderGetCredentials(args, context) {
396
- return __awaiter(this, void 0, void 0, function* () {
397
- const { verificationCode, openID4VCIClientState, didMethodPreferences = this.didMethodPreferences, issuanceOpt, accessTokenOpts } = args;
398
- logger.debug(`Getting credentials`, issuanceOpt, accessTokenOpts);
399
- if (!openID4VCIClientState) {
400
- return Promise.reject(Error('Missing openID4VCI client state in context'));
401
- }
402
- const client = yield oid4vci_client_1.OpenID4VCIClient.fromState({ state: openID4VCIClientState });
403
- const credentialsSupported = yield (0, OID4VCIHolderService_1.getCredentialConfigsSupportedMerged)({
404
- client,
405
- vcFormatPreferences: this.vcFormatPreferences,
406
- configurationIds: args.selectedCredentials,
407
- });
408
- const serverMetadata = yield client.retrieveServerMetadata();
409
- const issuanceOpts = yield (0, OID4VCIHolderService_1.getIssuanceOpts)(Object.assign({ client,
410
- credentialsSupported,
411
- serverMetadata,
412
- context, didMethodPreferences: Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences, jwtCryptographicSuitePreferences: this.jwtCryptographicSuitePreferences, jsonldCryptographicSuitePreferences: this.jsonldCryptographicSuitePreferences }, (issuanceOpt && { forceIssuanceOpt: issuanceOpt })));
413
- const getCredentials = issuanceOpts.map((issuanceOpt) => __awaiter(this, void 0, void 0, function* () {
414
- return yield this.oid4vciHolderGetCredential({
415
- issuanceOpt,
416
- pin: verificationCode,
417
- client,
418
- accessTokenOpts,
419
- }, context);
420
- }));
421
- const allCredentials = yield Promise.all(getCredentials);
422
- logger.log(`Credentials received`, allCredentials);
423
- return allCredentials;
388
+ async oid4vciHolderGetCredentials(args, context) {
389
+ const { verificationCode, openID4VCIClientState, didMethodPreferences = this.didMethodPreferences, issuanceOpt, accessTokenOpts } = args;
390
+ logger.debug(`Getting credentials`, issuanceOpt, accessTokenOpts);
391
+ if (!openID4VCIClientState) {
392
+ return Promise.reject(Error('Missing openID4VCI client state in context'));
393
+ }
394
+ const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState });
395
+ const credentialsSupported = await getCredentialConfigsSupportedMerged({
396
+ client,
397
+ vcFormatPreferences: this.vcFormatPreferences,
398
+ configurationIds: args.selectedCredentials,
399
+ });
400
+ const serverMetadata = await client.retrieveServerMetadata();
401
+ const issuanceOpts = await getIssuanceOpts({
402
+ client,
403
+ credentialsSupported,
404
+ serverMetadata,
405
+ context,
406
+ didMethodPreferences: Array.isArray(didMethodPreferences) && didMethodPreferences.length > 0 ? didMethodPreferences : this.didMethodPreferences,
407
+ jwtCryptographicSuitePreferences: this.jwtCryptographicSuitePreferences,
408
+ jsonldCryptographicSuitePreferences: this.jsonldCryptographicSuitePreferences,
409
+ ...(issuanceOpt && { forceIssuanceOpt: issuanceOpt }),
424
410
  });
411
+ const getCredentials = issuanceOpts.map(async (issuanceOpt) => await this.oid4vciHolderGetCredential({
412
+ issuanceOpt,
413
+ pin: verificationCode,
414
+ client,
415
+ accessTokenOpts,
416
+ }, context));
417
+ const allCredentials = await Promise.all(getCredentials);
418
+ logger.log(`Credentials received`, allCredentials);
419
+ return allCredentials;
425
420
  }
426
- oid4vciHolderGetCredential(args, context) {
427
- return __awaiter(this, void 0, void 0, function* () {
428
- var _a, _b, _c, _d, _e, _f, _g, _h, _j;
429
- const { issuanceOpt, pin, client, accessTokenOpts } = args;
430
- logger.info(`Getting credential`, issuanceOpt);
431
- if (!issuanceOpt) {
432
- return Promise.reject(Error(`Cannot get credential issuance options`));
433
- }
434
- const identifier = yield (0, OID4VCIHolderService_1.getIdentifierOpts)({ issuanceOpt, context });
435
- issuanceOpt.identifier = identifier;
436
- logger.info(`ID opts`, identifier);
437
- const alg = yield (0, ssi_sdk_ext_key_utils_1.signatureAlgorithmFromKey)({ key: identifier.key });
438
- // The VCI lib either expects a jwk or a kid
439
- const jwk = (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierJwkResult)(identifier) ? identifier.jwk : undefined;
440
- const callbacks = {
441
- signCallback: signCallback(identifier, context),
442
- };
443
- try {
444
- // We need to make sure we have acquired the access token
445
- if (!client.clientId) {
446
- client.clientId = (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidResult)(identifier) ? identifier.did : identifier.issuer;
447
- }
448
- let asOpts = undefined;
449
- let kid = (_b = (_a = accessTokenOpts === null || accessTokenOpts === void 0 ? void 0 : accessTokenOpts.clientOpts) === null || _a === void 0 ? void 0 : _a.kid) !== null && _b !== void 0 ? _b : identifier.kid;
450
- if (accessTokenOpts === null || accessTokenOpts === void 0 ? void 0 : accessTokenOpts.clientOpts) {
451
- const clientId = (_d = (_c = accessTokenOpts.clientOpts.clientId) !== null && _c !== void 0 ? _c : client.clientId) !== null && _d !== void 0 ? _d : identifier.issuer;
452
- if (client.isEBSI() && (clientId === null || clientId === void 0 ? void 0 : clientId.startsWith('http')) && (kid === null || kid === void 0 ? void 0 : kid.includes('#'))) {
453
- kid = kid.split('#')[1];
454
- }
455
- //todo: investigate if the jwk should be used here as well if present
456
- const clientOpts = Object.assign(Object.assign({}, accessTokenOpts.clientOpts), { clientId,
457
- kid,
458
- // @ts-ignore
459
- alg: (_e = accessTokenOpts.clientOpts.alg) !== null && _e !== void 0 ? _e : alg, signCallbacks: (_f = accessTokenOpts.clientOpts.signCallbacks) !== null && _f !== void 0 ? _f : callbacks });
460
- asOpts = {
461
- clientOpts,
462
- };
463
- }
464
- yield client.acquireAccessToken(Object.assign({ clientId: client.clientId, pin, authorizationResponse: JSON.parse(yield client.exportState()).authorizationCodeResponse, additionalRequestParams: accessTokenOpts === null || accessTokenOpts === void 0 ? void 0 : accessTokenOpts.additionalRequestParams }, (asOpts && { asOpts })));
465
- // FIXME: This type mapping is wrong. It should use credential_identifier in case the access token response has authorization details
466
- const types = (0, oid4vci_common_1.getTypesFromObject)(issuanceOpt);
467
- const id = 'id' in issuanceOpt && issuanceOpt.id ? issuanceOpt.id : undefined;
468
- const credentialTypes = (0, utils_1.asArray)((_h = (_g = issuanceOpt.credentialConfigurationId) !== null && _g !== void 0 ? _g : types) !== null && _h !== void 0 ? _h : id);
469
- if (!credentialTypes || credentialTypes.length === 0) {
470
- return Promise.reject(Error('cannot determine credential id to request'));
421
+ async oid4vciHolderGetCredential(args, context) {
422
+ const { issuanceOpt, pin, client, accessTokenOpts } = args;
423
+ logger.info(`Getting credential`, issuanceOpt);
424
+ if (!issuanceOpt) {
425
+ return Promise.reject(Error(`Cannot get credential issuance options`));
426
+ }
427
+ const identifier = await getIdentifierOpts({ issuanceOpt, context });
428
+ issuanceOpt.identifier = identifier;
429
+ logger.info(`ID opts`, identifier);
430
+ const alg = await signatureAlgorithmFromKey({ key: identifier.key });
431
+ // The VCI lib either expects a jwk or a kid
432
+ const jwk = isManagedIdentifierJwkResult(identifier) ? identifier.jwk : undefined;
433
+ const callbacks = {
434
+ signCallback: signCallback(identifier, context),
435
+ };
436
+ try {
437
+ // We need to make sure we have acquired the access token
438
+ if (!client.clientId) {
439
+ client.clientId = isManagedIdentifierDidResult(identifier) ? identifier.did : identifier.issuer;
440
+ }
441
+ let asOpts = undefined;
442
+ let kid = accessTokenOpts?.clientOpts?.kid ?? identifier.kid;
443
+ if (accessTokenOpts?.clientOpts) {
444
+ const clientId = accessTokenOpts.clientOpts.clientId ?? client.clientId ?? identifier.issuer;
445
+ if (client.isEBSI() && clientId?.startsWith('http') && kid?.includes('#')) {
446
+ kid = kid.split('#')[1];
471
447
  }
472
- const credentialDefinition = this.getCredentialDefinition(issuanceOpt);
473
- const credentialResponse = yield client.acquireCredentials(Object.assign(Object.assign(Object.assign(Object.assign({}, (credentialDefinition && { context: credentialDefinition['@context'] })), { credentialTypes, proofCallbacks: callbacks, format: issuanceOpt.format,
474
- // TODO: We need to update the machine and add notifications support for actual deferred credentials instead of just waiting/retrying
475
- deferredCredentialAwait: true }), (!jwk && { kid })), { // vci client either wants a jwk or kid. If we have used the jwk method do not provide the kid
476
- jwk,
477
- alg, jti: (0, uuid_1.v4)() }));
478
- const credential = {
479
- id: (_j = issuanceOpt.credentialConfigurationId) !== null && _j !== void 0 ? _j : id,
480
- types: types !== null && types !== void 0 ? types : (0, utils_1.asArray)(credentialTypes),
481
- issuanceOpt,
482
- credentialResponse,
448
+ //todo: investigate if the jwk should be used here as well if present
449
+ const clientOpts = {
450
+ ...accessTokenOpts.clientOpts,
451
+ clientId,
452
+ kid,
453
+ // @ts-ignore
454
+ alg: accessTokenOpts.clientOpts.alg ?? alg,
455
+ signCallbacks: accessTokenOpts.clientOpts.signCallbacks ?? callbacks,
456
+ };
457
+ asOpts = {
458
+ clientOpts,
483
459
  };
484
- return (0, OID4VCIHolderService_1.mapCredentialToAccept)({ credentialToAccept: credential, hasher: this.hasher });
485
- }
486
- catch (error) {
487
- return Promise.reject(error);
488
460
  }
489
- });
461
+ await client.acquireAccessToken({
462
+ clientId: client.clientId,
463
+ pin,
464
+ authorizationResponse: JSON.parse(await client.exportState()).authorizationCodeResponse,
465
+ additionalRequestParams: accessTokenOpts?.additionalRequestParams,
466
+ ...(asOpts && { asOpts }),
467
+ });
468
+ // FIXME: This type mapping is wrong. It should use credential_identifier in case the access token response has authorization details
469
+ const types = getTypesFromObject(issuanceOpt);
470
+ const id = 'id' in issuanceOpt && issuanceOpt.id ? issuanceOpt.id : undefined;
471
+ const credentialTypes = asArray(issuanceOpt.credentialConfigurationId ?? types ?? id);
472
+ if (!credentialTypes || credentialTypes.length === 0) {
473
+ return Promise.reject(Error('cannot determine credential id to request'));
474
+ }
475
+ const credentialDefinition = this.getCredentialDefinition(issuanceOpt);
476
+ const credentialResponse = await client.acquireCredentials({
477
+ ...(credentialDefinition && { context: credentialDefinition['@context'] }),
478
+ credentialTypes,
479
+ proofCallbacks: callbacks,
480
+ format: issuanceOpt.format,
481
+ // TODO: We need to update the machine and add notifications support for actual deferred credentials instead of just waiting/retrying
482
+ deferredCredentialAwait: true,
483
+ ...(!jwk && { kid }), // vci client either wants a jwk or kid. If we have used the jwk method do not provide the kid
484
+ jwk,
485
+ alg,
486
+ jti: uuidv4(),
487
+ });
488
+ const credential = {
489
+ id: issuanceOpt.credentialConfigurationId ?? id,
490
+ types: types ?? asArray(credentialTypes),
491
+ issuanceOpt,
492
+ credentialResponse,
493
+ };
494
+ return mapCredentialToAccept({ credentialToAccept: credential, hasher: this.hasher });
495
+ }
496
+ catch (error) {
497
+ return Promise.reject(error);
498
+ }
490
499
  }
491
- oid4vciHolderAddContactIdentity(args, context) {
492
- return __awaiter(this, void 0, void 0, function* () {
493
- const { credentialsToAccept, contact } = args;
494
- if (!contact) {
495
- return Promise.reject(Error('Missing contact in context'));
496
- }
497
- if (credentialsToAccept === undefined || credentialsToAccept.length === 0) {
498
- return Promise.reject(Error('Missing credential offers in context'));
499
- }
500
- let correlationId = credentialsToAccept[0].correlationId;
501
- let identifierType = ssi_sdk_data_store_1.CorrelationIdentifierType.DID;
502
- if (!correlationId.toLowerCase().startsWith('did:')) {
503
- identifierType = ssi_sdk_data_store_1.CorrelationIdentifierType.URL;
504
- if (correlationId.startsWith('http')) {
505
- correlationId = new URL(correlationId).hostname;
506
- }
500
+ async oid4vciHolderAddContactIdentity(args, context) {
501
+ const { credentialsToAccept, contact } = args;
502
+ if (!contact) {
503
+ return Promise.reject(Error('Missing contact in context'));
504
+ }
505
+ if (credentialsToAccept === undefined || credentialsToAccept.length === 0) {
506
+ return Promise.reject(Error('Missing credential offers in context'));
507
+ }
508
+ let correlationId = credentialsToAccept[0].correlationId;
509
+ let identifierType = CorrelationIdentifierType.DID;
510
+ if (!correlationId.toLowerCase().startsWith('did:')) {
511
+ identifierType = CorrelationIdentifierType.URL;
512
+ if (correlationId.startsWith('http')) {
513
+ correlationId = new URL(correlationId).hostname;
507
514
  }
508
- const identity = Object.assign({ alias: credentialsToAccept[0].correlationId, origin: ssi_sdk_data_store_1.IdentityOrigin.EXTERNAL, roles: [ssi_sdk_data_store_1.CredentialRole.ISSUER], identifier: {
509
- type: identifierType,
510
- correlationId,
511
- } }, (identifierType === ssi_sdk_data_store_1.CorrelationIdentifierType.URL && {
515
+ }
516
+ const identity = {
517
+ alias: credentialsToAccept[0].correlationId,
518
+ origin: IdentityOrigin.EXTERNAL,
519
+ roles: [CredentialRole.ISSUER],
520
+ identifier: {
521
+ type: identifierType,
522
+ correlationId,
523
+ },
524
+ ...(identifierType === CorrelationIdentifierType.URL && {
512
525
  connection: {
513
- type: ssi_sdk_data_store_1.ConnectionType.OPENID_CONNECT,
526
+ type: ConnectionType.OPENID_CONNECT,
514
527
  config: {
515
528
  clientId: '138d7bf8-c930-4c6e-b928-97d3a4928b01',
516
529
  clientSecret: '03b3955f-d020-4f2a-8a27-4e452d4e27a0',
@@ -521,353 +534,341 @@ class OID4VCIHolder {
521
534
  clientAuthMethod: 'post',
522
535
  },
523
536
  },
524
- }));
525
- yield context.agent.emit(IOID4VCIHolder_1.OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED, {
526
- contactId: contact.id,
527
- identity,
528
- });
529
- logger.log(`Contact added: ${correlationId}`);
530
- return context.agent.cmAddIdentity({ contactId: contact.id, identity });
531
- });
532
- }
533
- oid4vciHolderGetIssuerBranding(args, context) {
534
- return __awaiter(this, void 0, void 0, function* () {
535
- var _a, _b;
536
- const { serverMetadata, contact } = args;
537
- // Here we are fetching issuer branding for a contact. If no contact is found that means we encounter this contact for the first time. This also means we do not have any branding for the contact.
538
- const issuerCorrelationId = contact === null || contact === void 0 ? void 0 : contact.identities.filter((identity) => identity.roles.includes(ssi_sdk_data_store_1.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
539
- if (issuerCorrelationId) {
540
- const branding = yield context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] });
541
- if (branding.length > 0) {
542
- return branding[0].localeBranding;
543
- }
544
- }
545
- // We should have serverMetadata in the context else something went wrong
546
- if (!serverMetadata) {
547
- return Promise.reject(Error('Missing serverMetadata in context'));
548
- }
549
- return (0, OID4VCIHolderService_1.getBasicIssuerLocaleBranding)({
550
- display: (_b = (_a = serverMetadata.credentialIssuerMetadata) === null || _a === void 0 ? void 0 : _a.display) !== null && _b !== void 0 ? _b : [],
551
- dynamicRegistrationClientMetadata: serverMetadata.credentialIssuerMetadata,
552
- context,
553
- });
537
+ }),
538
+ };
539
+ await context.agent.emit(OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED, {
540
+ contactId: contact.id,
541
+ identity,
554
542
  });
543
+ logger.log(`Contact added: ${correlationId}`);
544
+ return context.agent.cmAddIdentity({ contactId: contact.id, identity });
555
545
  }
556
- oid4vciHolderStoreIssuerBranding(args, context) {
557
- return __awaiter(this, void 0, void 0, function* () {
558
- const { issuerBranding, contact } = args;
559
- if (!issuerBranding || issuerBranding.length === 0 || issuerBranding[0].id) {
560
- // FIXME we need better separation between a contact(issuer) we encountered before and it's branding vs a new contact and it's branding
561
- return;
562
- }
563
- if (!contact) {
564
- return Promise.reject(Error('Missing contact in context'));
565
- }
566
- const issuerCorrelationId = contact === null || contact === void 0 ? void 0 : contact.identities.filter((identity) => identity.roles.includes(ssi_sdk_data_store_1.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
567
- // we check for issuer branding as adding an identity might also trigger storing the issuer branding
568
- const branding = yield context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] });
546
+ async oid4vciHolderGetIssuerBranding(args, context) {
547
+ const { serverMetadata, contact } = args;
548
+ // Here we are fetching issuer branding for a contact. If no contact is found that means we encounter this contact for the first time. This also means we do not have any branding for the contact.
549
+ const issuerCorrelationId = contact?.identities
550
+ .filter((identity) => identity.roles.includes(CredentialRole.ISSUER))
551
+ .map((identity) => identity.identifier.correlationId)[0];
552
+ if (issuerCorrelationId) {
553
+ const branding = await context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] });
569
554
  if (branding.length > 0) {
570
- return;
555
+ return branding[0].localeBranding;
571
556
  }
572
- yield context.agent.ibAddIssuerBranding({
573
- localeBranding: issuerBranding,
574
- issuerCorrelationId,
575
- });
557
+ }
558
+ // We should have serverMetadata in the context else something went wrong
559
+ if (!serverMetadata) {
560
+ return Promise.reject(Error('Missing serverMetadata in context'));
561
+ }
562
+ return getBasicIssuerLocaleBranding({
563
+ display: serverMetadata.credentialIssuerMetadata?.display ?? [],
564
+ dynamicRegistrationClientMetadata: serverMetadata.credentialIssuerMetadata,
565
+ context,
576
566
  });
577
567
  }
578
- oid4vciHolderAssertValidCredentials(args, context) {
579
- return __awaiter(this, void 0, void 0, function* () {
580
- const { credentialsToAccept, issuanceOpt } = args;
581
- return yield Promise.all(credentialsToAccept.map((credentialToAccept) => (0, OID4VCIHolderService_1.verifyCredentialToAccept)({
582
- mappedCredential: credentialToAccept,
583
- onVerifyEBSICredentialIssuer: this.onVerifyEBSICredentialIssuer,
584
- hasher: this.hasher,
585
- schemaValidation: issuanceOpt === null || issuanceOpt === void 0 ? void 0 : issuanceOpt.schemaValidation,
586
- context,
587
- })));
568
+ async oid4vciHolderStoreIssuerBranding(args, context) {
569
+ const { issuerBranding, contact } = args;
570
+ if (!issuerBranding || issuerBranding.length === 0 || issuerBranding[0].id) {
571
+ // FIXME we need better separation between a contact(issuer) we encountered before and it's branding vs a new contact and it's branding
572
+ return;
573
+ }
574
+ if (!contact) {
575
+ return Promise.reject(Error('Missing contact in context'));
576
+ }
577
+ const issuerCorrelationId = contact?.identities
578
+ .filter((identity) => identity.roles.includes(CredentialRole.ISSUER))
579
+ .map((identity) => identity.identifier.correlationId)[0];
580
+ // we check for issuer branding as adding an identity might also trigger storing the issuer branding
581
+ const branding = await context.agent.ibGetIssuerBranding({ filter: [{ issuerCorrelationId }] });
582
+ if (branding.length > 0) {
583
+ return;
584
+ }
585
+ await context.agent.ibAddIssuerBranding({
586
+ localeBranding: issuerBranding,
587
+ issuerCorrelationId,
588
588
  });
589
589
  }
590
- oid4vciHolderStoreCredentialBranding(args, context) {
591
- return __awaiter(this, void 0, void 0, function* () {
592
- const { credentialBranding, serverMetadata, selectedCredentials, credentialsToAccept } = args;
593
- if (serverMetadata === undefined) {
594
- return Promise.reject(Error('Missing serverMetadata in context'));
590
+ async oid4vciHolderAssertValidCredentials(args, context) {
591
+ const { credentialsToAccept, issuanceOpt } = args;
592
+ return await Promise.all(credentialsToAccept.map((credentialToAccept) => verifyCredentialToAccept({
593
+ mappedCredential: credentialToAccept,
594
+ onVerifyEBSICredentialIssuer: this.onVerifyEBSICredentialIssuer,
595
+ hasher: this.hasher,
596
+ schemaValidation: issuanceOpt?.schemaValidation,
597
+ context,
598
+ })));
599
+ }
600
+ async oid4vciHolderStoreCredentialBranding(args, context) {
601
+ const { credentialBranding, serverMetadata, selectedCredentials, credentialsToAccept } = args;
602
+ if (serverMetadata === undefined) {
603
+ return Promise.reject(Error('Missing serverMetadata in context'));
604
+ }
605
+ else if (selectedCredentials.length === 0) {
606
+ logger.warning(`No credentials selected for issuer: ${serverMetadata.issuer}`);
607
+ return;
608
+ }
609
+ let counter = 0;
610
+ for (const credentialId of selectedCredentials) {
611
+ const localeBranding = credentialBranding?.[credentialId];
612
+ if (localeBranding && localeBranding.length > 0) {
613
+ const credential = credentialsToAccept.find((credAccept) => credAccept.credentialToAccept.id === credentialId || JSON.stringify(credAccept.types) === credentialId || credentialsToAccept[counter]);
614
+ counter++;
615
+ await context.agent.ibAddCredentialBranding({
616
+ vcHash: computeEntryHash(credential.rawVerifiableCredential),
617
+ issuerCorrelationId: new URL(serverMetadata.issuer).hostname,
618
+ localeBranding,
619
+ });
620
+ logger.log(`Credential branding for issuer ${serverMetadata.issuer} and type ${credentialId} stored with locales ${localeBranding.map((b) => b.locale).join(',')}`);
595
621
  }
596
- else if (selectedCredentials.length === 0) {
597
- logger.warning(`No credentials selected for issuer: ${serverMetadata.issuer}`);
598
- return;
622
+ else {
623
+ logger.warning(`No credential branding found for issuer: ${serverMetadata.issuer} and type ${credentialId}`);
599
624
  }
600
- let counter = 0;
601
- for (const credentialId of selectedCredentials) {
602
- const localeBranding = credentialBranding === null || credentialBranding === void 0 ? void 0 : credentialBranding[credentialId];
603
- if (localeBranding && localeBranding.length > 0) {
604
- const credential = credentialsToAccept.find((credAccept) => credAccept.credentialToAccept.id === credentialId || JSON.stringify(credAccept.types) === credentialId || credentialsToAccept[counter]);
605
- counter++;
606
- yield context.agent.ibAddCredentialBranding({
607
- vcHash: (0, utils_1.computeEntryHash)(credential.rawVerifiableCredential),
608
- issuerCorrelationId: new URL(serverMetadata.issuer).hostname,
609
- localeBranding,
610
- });
611
- logger.log(`Credential branding for issuer ${serverMetadata.issuer} and type ${credentialId} stored with locales ${localeBranding.map((b) => b.locale).join(',')}`);
625
+ }
626
+ }
627
+ async oid4vciHolderStoreCredentials(args, context) {
628
+ function trimmed(input) {
629
+ const trim = input?.trim();
630
+ if (trim === '') {
631
+ return undefined;
632
+ }
633
+ return trim;
634
+ }
635
+ const { credentialsToAccept, openID4VCIClientState, credentialsSupported, serverMetadata, selectedCredentials } = args;
636
+ const mappedCredentialToAccept = credentialsToAccept[0];
637
+ if (selectedCredentials && selectedCredentials.length > 1) {
638
+ logger.error(`More than 1 credential selected ${selectedCredentials.join(', ')}, but current service only stores 1 credential!`);
639
+ }
640
+ // TODO determine when and how we should store credentials without key kmsKeyRef & id method), this should be tested with the code below
641
+ const issuanceOpt = args.issuanceOpt ?? mappedCredentialToAccept.credentialToAccept.issuanceOpt;
642
+ if (!issuanceOpt || !issuanceOpt.identifier) {
643
+ return Promise.reject(Error('issuanceOpt.identifier must me set in order to store a credential'));
644
+ }
645
+ const { kmsKeyRef, method } = issuanceOpt.identifier;
646
+ let persist = true;
647
+ const verifiableCredential = mappedCredentialToAccept.uniformVerifiableCredential;
648
+ const notificationId = mappedCredentialToAccept.credentialToAccept.credentialResponse.notification_id;
649
+ const subjectIssuance = mappedCredentialToAccept.credential_subject_issuance;
650
+ const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint;
651
+ let holderCredential = undefined;
652
+ if (!notificationEndpoint) {
653
+ logger.log(`Notifications not supported by issuer ${serverMetadata?.issuer}. Will not provide a notification`);
654
+ }
655
+ else if (notificationEndpoint && !notificationId) {
656
+ logger.warning(`Notification endpoint available in issuer metadata with value ${notificationEndpoint}, but no ${notificationId} provided. Will not send a notification to issuer ${serverMetadata?.issuer}`);
657
+ }
658
+ else if (notificationEndpoint && notificationId) {
659
+ logger.log(`Notification id ${notificationId} found, will send back a notification to ${notificationEndpoint}`);
660
+ let event = 'credential_accepted';
661
+ if (Array.isArray(subjectIssuance?.notification_events_supported)) {
662
+ // experimental subject issuance, where a new credential is being created
663
+ event = subjectIssuance.notification_events_supported.includes('credential_accepted_holder_signed')
664
+ ? 'credential_accepted_holder_signed'
665
+ : 'credential_deleted_holder_signed';
666
+ logger.log(`Subject issuance/signing will be used, with event`, event);
667
+ const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
668
+ const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher });
669
+ console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`);
670
+ // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)
671
+ let issuer;
672
+ if (CredentialMapper.isWrappedSdJwtVerifiableCredential(wrappedIssuerVC)) {
673
+ issuer = trimmed(wrappedIssuerVC.decoded?.sub);
612
674
  }
613
- else {
614
- logger.warning(`No credential branding found for issuer: ${serverMetadata.issuer} and type ${credentialId}`);
675
+ else if (CredentialMapper.isWrappedW3CVerifiableCredential(wrappedIssuerVC)) {
676
+ issuer = trimmed(wrappedIssuerVC.credential?.sub) ?? trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC));
615
677
  }
616
- }
617
- });
618
- }
619
- oid4vciHolderStoreCredentials(args, context) {
620
- return __awaiter(this, void 0, void 0, function* () {
621
- var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
622
- function trimmed(input) {
623
- const trim = input === null || input === void 0 ? void 0 : input.trim();
624
- if (trim === '') {
625
- return undefined;
678
+ else if (CredentialMapper.isWrappedMdocCredential(wrappedIssuerVC)) {
679
+ return Promise.reject(Error('mdoc not yet supported'));
626
680
  }
627
- return trim;
628
- }
629
- const { credentialsToAccept, openID4VCIClientState, credentialsSupported, serverMetadata, selectedCredentials } = args;
630
- const mappedCredentialToAccept = credentialsToAccept[0];
631
- if (selectedCredentials && selectedCredentials.length > 1) {
632
- logger.error(`More than 1 credential selected ${selectedCredentials.join(', ')}, but current service only stores 1 credential!`);
633
- }
634
- // TODO determine when and how we should store credentials without key kmsKeyRef & id method), this should be tested with the code below
635
- const issuanceOpt = (_a = args.issuanceOpt) !== null && _a !== void 0 ? _a : mappedCredentialToAccept.credentialToAccept.issuanceOpt;
636
- if (!issuanceOpt || !issuanceOpt.identifier) {
637
- return Promise.reject(Error('issuanceOpt.identifier must me set in order to store a credential'));
638
- }
639
- const { kmsKeyRef, method } = issuanceOpt.identifier;
640
- let persist = true;
641
- const verifiableCredential = mappedCredentialToAccept.uniformVerifiableCredential;
642
- const notificationId = mappedCredentialToAccept.credentialToAccept.credentialResponse.notification_id;
643
- const subjectIssuance = mappedCredentialToAccept.credential_subject_issuance;
644
- const notificationEndpoint = (_b = serverMetadata === null || serverMetadata === void 0 ? void 0 : serverMetadata.credentialIssuerMetadata) === null || _b === void 0 ? void 0 : _b.notification_endpoint;
645
- let holderCredential = undefined;
646
- if (!notificationEndpoint) {
647
- logger.log(`Notifications not supported by issuer ${serverMetadata === null || serverMetadata === void 0 ? void 0 : serverMetadata.issuer}. Will not provide a notification`);
648
- }
649
- else if (notificationEndpoint && !notificationId) {
650
- logger.warning(`Notification endpoint available in issuer metadata with value ${notificationEndpoint}, but no ${notificationId} provided. Will not send a notification to issuer ${serverMetadata === null || serverMetadata === void 0 ? void 0 : serverMetadata.issuer}`);
651
- }
652
- else if (notificationEndpoint && notificationId) {
653
- logger.log(`Notification id ${notificationId} found, will send back a notification to ${notificationEndpoint}`);
654
- let event = 'credential_accepted';
655
- if (Array.isArray(subjectIssuance === null || subjectIssuance === void 0 ? void 0 : subjectIssuance.notification_events_supported)) {
656
- // experimental subject issuance, where a new credential is being created
657
- event = subjectIssuance.notification_events_supported.includes('credential_accepted_holder_signed')
658
- ? 'credential_accepted_holder_signed'
659
- : 'credential_deleted_holder_signed';
660
- logger.log(`Subject issuance/signing will be used, with event`, event);
661
- const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
662
- const wrappedIssuerVC = ssi_types_1.CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: (_c = this.hasher) !== null && _c !== void 0 ? _c : ssi_sdk_core_1.defaultHasher });
663
- console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`);
664
- // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)
665
- let issuer;
666
- if (ssi_types_1.CredentialMapper.isWrappedSdJwtVerifiableCredential(wrappedIssuerVC)) {
667
- issuer = trimmed((_d = wrappedIssuerVC.decoded) === null || _d === void 0 ? void 0 : _d.sub);
668
- }
669
- else if (ssi_types_1.CredentialMapper.isWrappedW3CVerifiableCredential(wrappedIssuerVC)) {
670
- issuer = (_f = trimmed((_e = wrappedIssuerVC.credential) === null || _e === void 0 ? void 0 : _e.sub)) !== null && _f !== void 0 ? _f : trimmed(this.idFromW3cCredentialSubject(wrappedIssuerVC));
671
- }
672
- else if (ssi_types_1.CredentialMapper.isWrappedMdocCredential(wrappedIssuerVC)) {
673
- return Promise.reject(Error('mdoc not yet supported'));
674
- }
675
- if (!issuer) {
676
- issuer = trimmed((_g = verifiableCredential.credentialSubject) === null || _g === void 0 ? void 0 : _g.id);
677
- }
678
- if (!issuer && ((_h = openID4VCIClientState === null || openID4VCIClientState === void 0 ? void 0 : openID4VCIClientState.kid) === null || _h === void 0 ? void 0 : _h.startsWith('did:'))) {
679
- issuer = (0, ssi_types_1.parseDid)(openID4VCIClientState === null || openID4VCIClientState === void 0 ? void 0 : openID4VCIClientState.kid).did;
680
- }
681
- if (!issuer && ((_k = (_j = openID4VCIClientState === null || openID4VCIClientState === void 0 ? void 0 : openID4VCIClientState.jwk) === null || _j === void 0 ? void 0 : _j.kid) === null || _k === void 0 ? void 0 : _k.startsWith('did:'))) {
682
- issuer = (0, ssi_types_1.parseDid)(openID4VCIClientState.jwk.kid).did;
683
- }
684
- if (!issuer && (openID4VCIClientState === null || openID4VCIClientState === void 0 ? void 0 : openID4VCIClientState.clientId)) {
685
- issuer = trimmed(openID4VCIClientState.clientId);
686
- }
687
- if (!issuer && (openID4VCIClientState === null || openID4VCIClientState === void 0 ? void 0 : openID4VCIClientState.accessTokenResponse)) {
688
- const decodedJwt = (0, did_jwt_1.decodeJWT)(openID4VCIClientState.accessTokenResponse.access_token);
689
- issuer = decodedJwt.payload.sub;
690
- }
691
- if (!issuer && mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier) {
692
- const resolution = yield context.agent.identifierManagedGet(mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier);
693
- issuer = resolution.issuer;
694
- }
695
- if (!issuer) {
696
- throw Error(`We could not determine the issuer, which means we cannot sign the credential`);
697
- }
698
- logger.log(`Issuer for self-issued credential will be: ${issuer}`);
699
- const holderCredentialToSign = wrappedIssuerVC.decoded;
700
- let proofFormat = 'lds';
701
- if (wrappedIssuerVC.format.includes('jwt') && !wrappedIssuerVC.format.includes('mso_mdoc')) {
702
- holderCredentialToSign.iss = issuer;
703
- proofFormat = 'jwt';
704
- }
705
- if ('issuer' in holderCredentialToSign && !('iss' in holderCredentialToSign)) {
706
- holderCredentialToSign.issuer = issuer;
707
- }
708
- if ('sub' in holderCredentialToSign) {
709
- holderCredentialToSign.sub = issuer;
710
- }
711
- if ('credentialSubject' in holderCredentialToSign && !Array.isArray(holderCredentialToSign.credentialSubject)) {
712
- holderCredentialToSign.credentialSubject.id = issuer;
713
- }
714
- if ('vc' in holderCredentialToSign) {
715
- if (holderCredentialToSign.vc.credentialSubject) {
716
- holderCredentialToSign.vc.credentialSubject.id = issuer;
717
- }
718
- holderCredentialToSign.vc.issuer = issuer;
719
- delete holderCredentialToSign.vc.proof;
720
- delete holderCredentialToSign.vc.issuanceDate;
721
- }
722
- delete holderCredentialToSign.proof;
723
- delete holderCredentialToSign.issuanceDate;
724
- delete holderCredentialToSign.iat;
725
- logger.log(`Subject issuance/signing will sign credential of type ${proofFormat}:`, holderCredentialToSign);
726
- const issuedVC = yield context.agent.createVerifiableCredential({
727
- credential: holderCredentialToSign,
728
- fetchRemoteContexts: true,
729
- save: false,
730
- proofFormat,
731
- });
732
- if (!issuedVC) {
733
- throw Error(`Could not issue holder credential from the wallet`);
681
+ if (!issuer) {
682
+ issuer = trimmed(verifiableCredential.credentialSubject?.id);
683
+ }
684
+ if (!issuer && openID4VCIClientState?.kid?.startsWith('did:')) {
685
+ issuer = parseDid(openID4VCIClientState?.kid).did;
686
+ }
687
+ if (!issuer && openID4VCIClientState?.jwk?.kid?.startsWith('did:')) {
688
+ issuer = parseDid(openID4VCIClientState.jwk.kid).did;
689
+ }
690
+ if (!issuer && openID4VCIClientState?.clientId) {
691
+ issuer = trimmed(openID4VCIClientState.clientId);
692
+ }
693
+ if (!issuer && openID4VCIClientState?.accessTokenResponse) {
694
+ const decodedJwt = decodeJWT(openID4VCIClientState.accessTokenResponse.access_token);
695
+ issuer = decodedJwt.payload.sub;
696
+ }
697
+ if (!issuer && mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier) {
698
+ const resolution = await context.agent.identifierManagedGet(mappedCredentialToAccept.credentialToAccept.issuanceOpt.identifier);
699
+ issuer = resolution.issuer;
700
+ }
701
+ if (!issuer) {
702
+ throw Error(`We could not determine the issuer, which means we cannot sign the credential`);
703
+ }
704
+ logger.log(`Issuer for self-issued credential will be: ${issuer}`);
705
+ const holderCredentialToSign = wrappedIssuerVC.decoded;
706
+ let proofFormat = 'lds';
707
+ if (wrappedIssuerVC.format.includes('jwt') && !wrappedIssuerVC.format.includes('mso_mdoc')) {
708
+ holderCredentialToSign.iss = issuer;
709
+ proofFormat = 'jwt';
710
+ }
711
+ if ('issuer' in holderCredentialToSign && !('iss' in holderCredentialToSign)) {
712
+ holderCredentialToSign.issuer = issuer;
713
+ }
714
+ if ('sub' in holderCredentialToSign) {
715
+ holderCredentialToSign.sub = issuer;
716
+ }
717
+ if ('credentialSubject' in holderCredentialToSign && !Array.isArray(holderCredentialToSign.credentialSubject)) {
718
+ holderCredentialToSign.credentialSubject.id = issuer;
719
+ }
720
+ if ('vc' in holderCredentialToSign) {
721
+ if (holderCredentialToSign.vc.credentialSubject) {
722
+ holderCredentialToSign.vc.credentialSubject.id = issuer;
734
723
  }
735
- logger.log(`Holder ${issuedVC.issuer} issued new credential with id ${issuedVC.id}`, issuedVC);
736
- holderCredential = ssi_types_1.CredentialMapper.storedCredentialToOriginalFormat(issuedVC);
737
- persist = event === 'credential_accepted_holder_signed';
724
+ holderCredentialToSign.vc.issuer = issuer;
725
+ delete holderCredentialToSign.vc.proof;
726
+ delete holderCredentialToSign.vc.issuanceDate;
738
727
  }
739
- const notificationRequest = Object.assign(Object.assign({ notification_id: notificationId }, (holderCredential && { credential: holderCredential })), { event });
740
- yield this.oid4vciHolderSendNotification({
741
- openID4VCIClientState,
742
- stored: persist,
743
- credentialsToAccept,
744
- credentialsSupported,
745
- notificationRequest,
746
- serverMetadata,
747
- }, context);
748
- }
749
- const persistCredential = holderCredential
750
- ? ssi_types_1.CredentialMapper.storedCredentialToOriginalFormat(holderCredential)
751
- : mappedCredentialToAccept.rawVerifiableCredential;
752
- if (!persist && holderCredential) {
753
- logger.log(`Will not persist credential, since we are signing as a holder and the issuer asked not to persist`);
754
- }
755
- else {
756
- logger.log(`Persisting credential`, persistCredential);
757
- const issuer = ssi_types_1.CredentialMapper.issuerCorrelationIdFromIssuerType(verifiableCredential.issuer);
758
- const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer);
759
- const persistedCredential = yield context.agent.crsAddCredential({
760
- credential: {
761
- rawDocument: (0, ssi_sdk_data_store_1.ensureRawDocument)(persistCredential),
762
- kmsKeyRef: kmsKeyRef,
763
- identifierMethod: method,
764
- credentialRole: ssi_sdk_data_store_1.CredentialRole.HOLDER,
765
- issuerCorrelationType: (issuer === null || issuer === void 0 ? void 0 : issuer.startsWith('did:')) ? ssi_sdk_data_store_1.CredentialCorrelationType.DID : ssi_sdk_data_store_1.CredentialCorrelationType.URL,
766
- issuerCorrelationId: issuer,
767
- subjectCorrelationType,
768
- subjectCorrelationId,
769
- },
728
+ delete holderCredentialToSign.proof;
729
+ delete holderCredentialToSign.issuanceDate;
730
+ delete holderCredentialToSign.iat;
731
+ logger.log(`Subject issuance/signing will sign credential of type ${proofFormat}:`, holderCredentialToSign);
732
+ const issuedVC = await context.agent.createVerifiableCredential({
733
+ credential: holderCredentialToSign,
734
+ fetchRemoteContexts: true,
735
+ save: false,
736
+ proofFormat,
770
737
  });
771
- yield context.agent.emit(IOID4VCIHolder_1.OID4VCIHolderEvent.CREDENTIAL_STORED, {
772
- credential: persistedCredential,
773
- vcHash: persistedCredential.hash,
774
- });
775
- }
776
- });
738
+ if (!issuedVC) {
739
+ throw Error(`Could not issue holder credential from the wallet`);
740
+ }
741
+ logger.log(`Holder ${issuedVC.issuer} issued new credential with id ${issuedVC.id}`, issuedVC);
742
+ holderCredential = CredentialMapper.storedCredentialToOriginalFormat(issuedVC);
743
+ persist = event === 'credential_accepted_holder_signed';
744
+ }
745
+ const notificationRequest = {
746
+ notification_id: notificationId,
747
+ ...(holderCredential && { credential: holderCredential }),
748
+ event,
749
+ };
750
+ await this.oid4vciHolderSendNotification({
751
+ openID4VCIClientState,
752
+ stored: persist,
753
+ credentialsToAccept,
754
+ credentialsSupported,
755
+ notificationRequest,
756
+ serverMetadata,
757
+ }, context);
758
+ }
759
+ const persistCredential = holderCredential
760
+ ? CredentialMapper.storedCredentialToOriginalFormat(holderCredential)
761
+ : mappedCredentialToAccept.rawVerifiableCredential;
762
+ if (!persist && holderCredential) {
763
+ logger.log(`Will not persist credential, since we are signing as a holder and the issuer asked not to persist`);
764
+ }
765
+ else {
766
+ logger.log(`Persisting credential`, persistCredential);
767
+ const issuer = CredentialMapper.issuerCorrelationIdFromIssuerType(verifiableCredential.issuer);
768
+ const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer);
769
+ const persistedCredential = await context.agent.crsAddCredential({
770
+ credential: {
771
+ rawDocument: ensureRawDocument(persistCredential),
772
+ kmsKeyRef: kmsKeyRef,
773
+ identifierMethod: method,
774
+ credentialRole: CredentialRole.HOLDER,
775
+ issuerCorrelationType: issuer?.startsWith('did:') ? CredentialCorrelationType.DID : CredentialCorrelationType.URL,
776
+ issuerCorrelationId: issuer,
777
+ subjectCorrelationType,
778
+ subjectCorrelationId,
779
+ },
780
+ });
781
+ await context.agent.emit(OID4VCIHolderEvent.CREDENTIAL_STORED, {
782
+ credential: persistedCredential,
783
+ vcHash: persistedCredential.hash,
784
+ });
785
+ }
777
786
  }
778
- oid4vciHolderSendNotification(args, context) {
779
- return __awaiter(this, void 0, void 0, function* () {
780
- var _a, _b;
781
- const { serverMetadata, notificationRequest, openID4VCIClientState } = args;
782
- const notificationEndpoint = (_a = serverMetadata === null || serverMetadata === void 0 ? void 0 : serverMetadata.credentialIssuerMetadata) === null || _a === void 0 ? void 0 : _a.notification_endpoint;
783
- if (!notificationEndpoint) {
784
- return;
785
- }
786
- else if (!openID4VCIClientState) {
787
- return Promise.reject(Error('Missing openID4VCI client state in context'));
788
- }
789
- else if (!notificationRequest) {
790
- return Promise.reject(Error('Missing notification request'));
791
- }
792
- logger.log(`Will send notification to ${notificationEndpoint}`, notificationRequest);
793
- const client = yield oid4vci_client_1.OpenID4VCIClient.fromState({ state: openID4VCIClientState });
794
- yield client.sendNotification({ notificationEndpoint }, notificationRequest, (_b = openID4VCIClientState === null || openID4VCIClientState === void 0 ? void 0 : openID4VCIClientState.accessTokenResponse) === null || _b === void 0 ? void 0 : _b.access_token);
795
- logger.log(`Notification to ${notificationEndpoint} has been dispatched`);
796
- });
787
+ async oid4vciHolderSendNotification(args, context) {
788
+ const { serverMetadata, notificationRequest, openID4VCIClientState } = args;
789
+ const notificationEndpoint = serverMetadata?.credentialIssuerMetadata?.notification_endpoint;
790
+ if (!notificationEndpoint) {
791
+ return;
792
+ }
793
+ else if (!openID4VCIClientState) {
794
+ return Promise.reject(Error('Missing openID4VCI client state in context'));
795
+ }
796
+ else if (!notificationRequest) {
797
+ return Promise.reject(Error('Missing notification request'));
798
+ }
799
+ logger.log(`Will send notification to ${notificationEndpoint}`, notificationRequest);
800
+ const client = await OpenID4VCIClient.fromState({ state: openID4VCIClientState });
801
+ await client.sendNotification({ notificationEndpoint }, notificationRequest, openID4VCIClientState?.accessTokenResponse?.access_token);
802
+ logger.log(`Notification to ${notificationEndpoint} has been dispatched`);
797
803
  }
798
- getFederationTrust(args, context) {
799
- return __awaiter(this, void 0, void 0, function* () {
800
- const { requestData, serverMetadata, trustAnchors } = args;
801
- if (trustAnchors.length === 0) {
802
- return Promise.reject(Error('No trust anchors found'));
803
- }
804
- if (!(requestData === null || requestData === void 0 ? void 0 : requestData.uri)) {
805
- return Promise.reject(Error('Missing request URI in context'));
806
- }
807
- if (!serverMetadata) {
808
- return Promise.reject(Error('Missing serverMetadata in context'));
809
- }
810
- const url = new URL(requestData === null || requestData === void 0 ? void 0 : requestData.uri);
811
- const params = new URLSearchParams(url.search);
812
- const openidFederation = params.get('openid_federation');
813
- const entityIdentifier = openidFederation !== null && openidFederation !== void 0 ? openidFederation : serverMetadata.issuer;
814
- if (entityIdentifier.startsWith('http://')) {
815
- console.warn(`OpenID federation does not support http://, only https:// allowed; got: (${url.toString()})`);
816
- // OIDF always needs to be https
817
- return [];
818
- }
819
- const result = yield context.agent.identifierExternalResolveByOIDFEntityId({
820
- method: 'entity_id',
821
- trustAnchors: trustAnchors,
822
- identifier: entityIdentifier,
823
- });
824
- return result.trustedAnchors;
804
+ async getFederationTrust(args, context) {
805
+ const { requestData, serverMetadata, trustAnchors } = args;
806
+ if (trustAnchors.length === 0) {
807
+ return Promise.reject(Error('No trust anchors found'));
808
+ }
809
+ if (!requestData?.uri) {
810
+ return Promise.reject(Error('Missing request URI in context'));
811
+ }
812
+ if (!serverMetadata) {
813
+ return Promise.reject(Error('Missing serverMetadata in context'));
814
+ }
815
+ const url = new URL(requestData?.uri);
816
+ const params = new URLSearchParams(url.search);
817
+ const openidFederation = params.get('openid_federation');
818
+ const entityIdentifier = openidFederation ?? serverMetadata.issuer;
819
+ if (entityIdentifier.startsWith('http://')) {
820
+ console.warn(`OpenID federation does not support http://, only https:// allowed; got: (${url.toString()})`);
821
+ // OIDF always needs to be https
822
+ return [];
823
+ }
824
+ const result = await context.agent.identifierExternalResolveByOIDFEntityId({
825
+ method: 'entity_id',
826
+ trustAnchors: trustAnchors,
827
+ identifier: entityIdentifier,
825
828
  });
829
+ return result.trustedAnchors;
826
830
  }
827
- oid4vciHolderGetIssuerMetadata(args, context) {
828
- return __awaiter(this, void 0, void 0, function* () {
829
- const { issuer, errorOnNotFound = true } = args;
830
- return oid4vci_client_1.MetadataClient.retrieveAllMetadata(issuer, { errorOnNotFound });
831
- });
831
+ async oid4vciHolderGetIssuerMetadata(args, context) {
832
+ const { issuer, errorOnNotFound = true } = args;
833
+ return MetadataClient.retrieveAllMetadata(issuer, { errorOnNotFound });
832
834
  }
833
835
  determineSubjectCorrelation(identifier, issuer) {
834
836
  switch (identifier.method) {
835
837
  case 'did':
836
- if ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierResult)(identifier) && (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidResult)(identifier)) {
837
- return [ssi_sdk_data_store_1.CredentialCorrelationType.DID, identifier.did];
838
+ if (isManagedIdentifierResult(identifier) && isManagedIdentifierDidResult(identifier)) {
839
+ return [CredentialCorrelationType.DID, identifier.did];
838
840
  }
839
- else if ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidOpts)(identifier)) {
840
- return [ssi_sdk_data_store_1.CredentialCorrelationType.DID, typeof identifier.identifier === 'string' ? identifier.identifier : identifier.identifier.did];
841
+ else if (isManagedIdentifierDidOpts(identifier)) {
842
+ return [CredentialCorrelationType.DID, typeof identifier.identifier === 'string' ? identifier.identifier : identifier.identifier.did];
841
843
  }
842
844
  break;
843
845
  case 'kid':
844
- if ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierResult)(identifier) && (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierKidResult)(identifier)) {
845
- return [ssi_sdk_data_store_1.CredentialCorrelationType.KID, identifier.kid];
846
+ if (isManagedIdentifierResult(identifier) && isManagedIdentifierKidResult(identifier)) {
847
+ return [CredentialCorrelationType.KID, identifier.kid];
846
848
  }
847
- else if ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidOpts)(identifier)) {
848
- return [ssi_sdk_data_store_1.CredentialCorrelationType.KID, identifier.identifier];
849
+ else if (isManagedIdentifierDidOpts(identifier)) {
850
+ return [CredentialCorrelationType.KID, identifier.identifier];
849
851
  }
850
852
  break;
851
853
  case 'x5c':
852
- if ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierResult)(identifier) && (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierX5cResult)(identifier)) {
853
- return [ssi_sdk_data_store_1.CredentialCorrelationType.X509_SAN, identifier.x5c.join('\r\n')];
854
+ if (isManagedIdentifierResult(identifier) && isManagedIdentifierX5cResult(identifier)) {
855
+ return [CredentialCorrelationType.X509_SAN, identifier.x5c.join('\r\n')];
854
856
  }
855
- else if ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierX5cOpts)(identifier)) {
856
- return [ssi_sdk_data_store_1.CredentialCorrelationType.X509_SAN, identifier.identifier.join('\r\n')];
857
+ else if (isManagedIdentifierX5cOpts(identifier)) {
858
+ return [CredentialCorrelationType.X509_SAN, identifier.identifier.join('\r\n')];
857
859
  }
858
860
  break;
859
861
  }
860
- return [ssi_sdk_data_store_1.CredentialCorrelationType.URL, issuer];
862
+ return [CredentialCorrelationType.URL, issuer];
861
863
  }
862
864
  idFromW3cCredentialSubject(wrappedIssuerVC) {
863
- var _a, _b, _c, _d, _e;
864
- if (Array.isArray((_a = wrappedIssuerVC.credential) === null || _a === void 0 ? void 0 : _a.credentialSubject)) {
865
- if (((_b = wrappedIssuerVC.credential) === null || _b === void 0 ? void 0 : _b.credentialSubject.length) > 0) {
866
- return (_c = wrappedIssuerVC.credential) === null || _c === void 0 ? void 0 : _c.credentialSubject[0].id;
865
+ if (Array.isArray(wrappedIssuerVC.credential?.credentialSubject)) {
866
+ if (wrappedIssuerVC.credential?.credentialSubject.length > 0) {
867
+ return wrappedIssuerVC.credential?.credentialSubject[0].id;
867
868
  }
868
869
  }
869
870
  else {
870
- return (_e = (_d = wrappedIssuerVC.credential) === null || _d === void 0 ? void 0 : _d.credentialSubject) === null || _e === void 0 ? void 0 : _e.id;
871
+ return wrappedIssuerVC.credential?.credentialSubject?.id;
871
872
  }
872
873
  return undefined;
873
874
  }
@@ -878,6 +879,4 @@ class OID4VCIHolder {
878
879
  return undefined;
879
880
  }
880
881
  }
881
- exports.OID4VCIHolder = OID4VCIHolder;
882
- OID4VCIHolder.DEFAULT_MOBILE_REDIRECT_URI = `${oid4vci_common_1.DefaultURISchemes.CREDENTIAL_OFFER}://`;
883
882
  //# sourceMappingURL=OID4VCIHolder.js.map