@sphereon/ssi-sdk.oid4vci-holder 0.34.1-feature.SSISDK.26.48 → 0.34.1-feature.SSISDK.26.54

package/dist/index.cjs

@@ -139,7 +139,8 @@ var import_oid4vci_common4 = require("@sphereon/oid4vci-common");
 var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk_ext6 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
 var import_ssi_sdk_ext7 = require("@sphereon/ssi-sdk-ext.key-utils");
-var import_ssi_sdk2 = require("@sphereon/ssi-sdk.data-store");
+var import_ssi_sdk2 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk3 = require("@sphereon/ssi-sdk.data-store");
 var import_ssi_types2 = require("@sphereon/ssi-types");
 var import_utils2 = require("@veramo/utils");
 var import_did_jwt = require("did-jwt");
@@ -228,6 +229,7 @@ var OID4VCIMachineGuards = /* @__PURE__ */ function(OID4VCIMachineGuards2) {
   OID4VCIMachineGuards2["requirePinGuard"] = "oid4vciRequirePinGuard";
   OID4VCIMachineGuards2["requireAuthorizationGuard"] = "oid4vciRequireAuthorizationGuard";
   OID4VCIMachineGuards2["noAuthorizationGuard"] = "oid4vciNoAuthorizationGuard";
+  OID4VCIMachineGuards2["hasNonceEndpointGuard"] = "oid4vciHasNonceEndpointGuard ";
   OID4VCIMachineGuards2["hasAuthorizationResponse"] = "oid4vciHasAuthorizationResponse";
   OID4VCIMachineGuards2["hasNoContactIdentityGuard"] = "oid4vciHasNoContactIdentityGuard";
   OID4VCIMachineGuards2["verificationCodeGuard"] = "oid4vciVerificationCodeGuard";
@@ -1683,7 +1685,13 @@ var selectCredentialLocaleBranding = /* @__PURE__ */ __name(async (args) => {
 }, "selectCredentialLocaleBranding");
 var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args;
-  const credential = mappedCredential.credentialToAccept.credentialResponse.credential;
+  const credentialResponse = mappedCredential.credentialToAccept.credentialResponse;
+  let credential;
+  if ("credential" in credentialResponse) {
+    credential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    credential = credentialResponse.credentials[0].credential;
+  }
   if (!credential) {
     return Promise.reject(Error("No credential found in credential response"));
   }
@@ -1739,7 +1747,12 @@ var verifyCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
 var mapCredentialToAccept = /* @__PURE__ */ __name(async (args) => {
   const { credentialToAccept, hasher } = args;
   const credentialResponse = credentialToAccept.credentialResponse;
-  const verifiableCredential = credentialResponse.credential;
+  let verifiableCredential;
+  if ("credential" in credentialResponse) {
+    verifiableCredential = credentialResponse.credential;
+  } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+    verifiableCredential = credentialResponse.credentials[0].credential;
+  }
   if (!verifiableCredential) {
     return Promise.reject(Error("No credential found in credential response"));
   }
@@ -2073,6 +2086,7 @@ var getIssuanceCryptoSuite = /* @__PURE__ */ __name(async (opts) => {
     case "jwt":
     case "jwt_vc_json":
     case "jwt_vc":
+    case "vc+sd-jwt":
     case "dc+sd-jwt":
     case "mso_mdoc": {
       const supportedPreferences = jwtCryptographicSuitePreferences.filter((suite) => signing_algs_supported.includes(suite));
@@ -2142,7 +2156,6 @@ var startFirstPartApplicationMachine = /* @__PURE__ */ __name(async (args, conte
 
 // src/agent/OID4VCIHolder.ts
 var import_polyfill = require("cross-fetch/polyfill");
-var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
 var oid4vciHolderContextMethods = [
   "cmGetContacts",
   "cmGetContact",
@@ -2158,7 +2171,7 @@ var oid4vciHolderContextMethods = [
 ];
 var logger = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vci:holder");
 function signCallback(identifier, context, nonce) {
-  return async (jwt, kid) => {
+  return async (jwt, kid, noIssPayloadUpdate) => {
     let resolution = await context.agent.identifierManagedGet(identifier);
     const jwk = jwt.header.jwk ?? (resolution.method === "jwk" ? resolution.jwk : void 0);
     if (!resolution.issuer && !jwt.payload.iss) {
@@ -2176,7 +2189,7 @@ function signCallback(identifier, context, nonce) {
     return (await context.agent.jwtCreateJwsCompactSignature({
       issuer: {
         ...resolution,
-        noIssPayloadUpdate: false
+        noIssPayloadUpdate: noIssPayloadUpdate ?? false
       },
       protectedHeader: header,
       payload
@@ -2212,6 +2225,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
   };
   vcFormatPreferences = [
     "dc+sd-jwt",
+    "vc+sd-jwt",
     "mso_mdoc",
     "jwt_vc_json",
     "jwt_vc",
@@ -2244,7 +2258,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
   onIdentifierCreated;
   onVerifyEBSICredentialIssuer;
   constructor(options) {
-    const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = import_ssi_sdk3.defaultHasher } = {
+    const { onContactIdentityCreated, onCredentialStored, onIdentifierCreated, onVerifyEBSICredentialIssuer, vcFormatPreferences, jsonldCryptographicSuitePreferences, didMethodPreferences, jwtCryptographicSuitePreferences, defaultAuthorizationRequestOptions, hasher = import_ssi_sdk2.defaultHasher } = {
       ...options
     };
     this.hasher = hasher;
@@ -2625,26 +2639,26 @@ var OID4VCIHolder = class _OID4VCIHolder {
       return Promise.reject(Error("Missing credential offers in context"));
     }
     let correlationId = credentialsToAccept[0].correlationId;
-    let identifierType = import_ssi_sdk2.CorrelationIdentifierType.DID;
+    let identifierType = import_ssi_sdk3.CorrelationIdentifierType.DID;
     if (!correlationId.toLowerCase().startsWith("did:")) {
-      identifierType = import_ssi_sdk2.CorrelationIdentifierType.URL;
+      identifierType = import_ssi_sdk3.CorrelationIdentifierType.URL;
       if (correlationId.startsWith("http")) {
         correlationId = new URL(correlationId).hostname;
       }
     }
     const identity = {
       alias: credentialsToAccept[0].correlationId,
-      origin: import_ssi_sdk2.IdentityOrigin.EXTERNAL,
+      origin: import_ssi_sdk3.IdentityOrigin.EXTERNAL,
       roles: [
-        import_ssi_sdk2.CredentialRole.ISSUER
+        import_ssi_sdk3.CredentialRole.ISSUER
       ],
       identifier: {
         type: identifierType,
         correlationId
       },
-      ...identifierType === import_ssi_sdk2.CorrelationIdentifierType.URL && {
+      ...identifierType === import_ssi_sdk3.CorrelationIdentifierType.URL && {
         connection: {
-          type: import_ssi_sdk2.ConnectionType.OPENID_CONNECT,
+          type: import_ssi_sdk3.ConnectionType.OPENID_CONNECT,
           config: {
             clientId: "138d7bf8-c930-4c6e-b928-97d3a4928b01",
             clientSecret: "03b3955f-d020-4f2a-8a27-4e452d4e27a0",
@@ -2671,7 +2685,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
   }
   async oid4vciHolderGetIssuerBranding(args, context) {
     const { serverMetadata, contact } = args;
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
+    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
     if (issuerCorrelationId) {
       const branding = await context.agent.ibGetIssuerBranding({
         filter: [
@@ -2701,7 +2715,7 @@ var OID4VCIHolder = class _OID4VCIHolder {
     if (!contact) {
       return Promise.reject(Error("Missing contact in context"));
     }
-    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk2.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
+    const issuerCorrelationId = contact?.identities.filter((identity) => identity.roles.includes(import_ssi_sdk3.CredentialRole.ISSUER)).map((identity) => identity.identifier.correlationId)[0];
     const branding = await context.agent.ibGetIssuerBranding({
       filter: [
         {
@@ -2797,9 +2811,18 @@ var OID4VCIHolder = class _OID4VCIHolder {
       if (Array.isArray(subjectIssuance?.notification_events_supported)) {
         event = subjectIssuance.notification_events_supported.includes("credential_accepted_holder_signed") ? "credential_accepted_holder_signed" : "credential_deleted_holder_signed";
         logger.log(`Subject issuance/signing will be used, with event`, event);
-        const issuerVC = mappedCredentialToAccept.credentialToAccept.credentialResponse.credential;
+        const credentialResponse = mappedCredentialToAccept.credentialToAccept.credentialResponse;
+        let issuerVC;
+        if ("credential" in credentialResponse) {
+          issuerVC = credentialResponse.credential;
+        } else if ("credentials" in credentialResponse && credentialResponse.credentials && Array.isArray(credentialResponse.credentials) && credentialResponse.credentials.length > 0) {
+          issuerVC = credentialResponse.credentials[0].credential;
+        }
+        if (!issuerVC) {
+          return Promise.reject(Error("No credential found in credential response"));
+        }
         const wrappedIssuerVC = import_ssi_types2.CredentialMapper.toWrappedVerifiableCredential(issuerVC, {
-          hasher: this.hasher ?? import_ssi_sdk3.defaultHasher
+          hasher: this.hasher ?? import_ssi_sdk2.defaultHasher
         });
         console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`);
         let issuer;
@@ -2900,11 +2923,11 @@ var OID4VCIHolder = class _OID4VCIHolder {
       const [subjectCorrelationType, subjectCorrelationId] = this.determineSubjectCorrelation(issuanceOpt.identifier, issuer);
       const persistedCredential = await context.agent.crsAddCredential({
         credential: {
-          rawDocument: (0, import_ssi_sdk2.ensureRawDocument)(persistCredential),
+          rawDocument: (0, import_ssi_sdk3.ensureRawDocument)(persistCredential),
           kmsKeyRef,
           identifierMethod: method,
-          credentialRole: import_ssi_sdk2.CredentialRole.HOLDER,
-          issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk2.CredentialCorrelationType.DID : import_ssi_sdk2.CredentialCorrelationType.URL,
+          credentialRole: import_ssi_sdk3.CredentialRole.HOLDER,
+          issuerCorrelationType: issuer?.startsWith("did:") ? import_ssi_sdk3.CredentialCorrelationType.DID : import_ssi_sdk3.CredentialCorrelationType.URL,
           issuerCorrelationId: issuer,
           subjectCorrelationType,
           subjectCorrelationId
@@ -2972,12 +2995,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "did":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierDidResult)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.DID,
+            import_ssi_sdk3.CredentialCorrelationType.DID,
             identifier.did
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.DID,
+            import_ssi_sdk3.CredentialCorrelationType.DID,
             typeof identifier.identifier === "string" ? identifier.identifier : identifier.identifier.did
           ];
         }
@@ -2985,12 +3008,12 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "kid":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierKidResult)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.KID,
+            import_ssi_sdk3.CredentialCorrelationType.KID,
             identifier.kid
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierDidOpts)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.KID,
+            import_ssi_sdk3.CredentialCorrelationType.KID,
             identifier.identifier
           ];
         }
@@ -2998,19 +3021,19 @@ var OID4VCIHolder = class _OID4VCIHolder {
       case "x5c":
         if ((0, import_ssi_sdk_ext6.isManagedIdentifierResult)(identifier) && (0, import_ssi_sdk_ext6.isManagedIdentifierX5cResult)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.X509_SAN,
+            import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
             identifier.x5c.join("\r\n")
           ];
         } else if ((0, import_ssi_sdk_ext6.isManagedIdentifierX5cOpts)(identifier)) {
           return [
-            import_ssi_sdk2.CredentialCorrelationType.X509_SAN,
+            import_ssi_sdk3.CredentialCorrelationType.X509_SAN,
             identifier.identifier.join("\r\n")
           ];
         }
         break;
     }
     return [
-      import_ssi_sdk2.CredentialCorrelationType.URL,
+      import_ssi_sdk3.CredentialCorrelationType.URL,
       issuer
     ];
   }