@sphereon/ssi-sdk.oid4vci-holder 0.34.1-next.87 → 0.34.1-next.91

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.oid4vci-holder",
-  "version": "0.34.1-next.87+8fbfff8c",
+  "version": "0.34.1-next.91+3c949810",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -26,27 +26,27 @@
     "build": "tsup --config ../../tsup.config.ts --tsconfig ../../tsconfig.tsup.json"
   },
   "dependencies": {
-    "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.45.86",
+    "@sphereon/did-auth-siop": "0.19.1-feature.SSISDK.45.90",
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
-    "@sphereon/oid4vci-client": "0.19.1-feature.SSISDK.45.86",
-    "@sphereon/oid4vci-common": "0.19.1-feature.SSISDK.45.86",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.contact-manager": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.core": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.credential-store": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.credential-validation": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.data-store": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.issuance-branding": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.oidf-client": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.sd-jwt": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-next.87+8fbfff8c",
-    "@sphereon/ssi-types": "0.34.1-next.87+8fbfff8c",
+    "@sphereon/oid4vci-client": "0.19.1-feature.SSISDK.45.90",
+    "@sphereon/oid4vci-common": "0.19.1-feature.SSISDK.45.90",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.contact-manager": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.core": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.credential-store": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.credential-validation": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.data-store": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.issuance-branding": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.mdl-mdoc": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.oidf-client": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.sd-jwt": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-next.91+3c949810",
+    "@sphereon/ssi-types": "0.34.1-next.91+3c949810",
     "@veramo/core": "4.2.0",
     "@veramo/data-store": "4.2.0",
     "@veramo/utils": "4.2.0",
@@ -59,8 +59,8 @@
     "xstate": "^4.38.3"
   },
   "devDependencies": {
-    "@sphereon/oid4vc-common": "0.19.1-feature.SSISDK.45.86",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-next.87+8fbfff8c",
+    "@sphereon/oid4vc-common": "0.19.1-feature.SSISDK.45.90",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-next.91+3c949810",
     "@sphereon/ssi-sdk.siopv2-oid4vp-common": "workspace:*",
     "@types/i18n-js": "^3.8.9",
     "@types/lodash.memoize": "^4.1.9",
@@ -90,5 +90,5 @@
     "OID4VCI",
     "State Machine"
   ],
-  "gitHead": "8fbfff8ca6d490f1f01dd5401c2a30d7581cda59"
+  "gitHead": "3c9498100ca07dfc2ba7979e7347fb9b19c47d18"
 }

package/src/agent/OID4VCIHolder.ts

@@ -55,7 +55,6 @@ import {
   JoseSignatureAlgorithmString,
   JwtDecodedVerifiableCredential,
   Loggers,
-  OriginalVerifiableCredential,
   parseDid,
   SdJwtDecodedVerifiableCredentialPayload,
   WrappedW3CVerifiableCredential,
@@ -75,6 +74,7 @@ import { decodeJWT } from 'did-jwt'
 import { v4 as uuidv4 } from 'uuid'
 import { OID4VCIMachine } from '../machines/oid4vciMachine'
 import {
+  extractCredentialFromResponse,
   getBasicIssuerLocaleBranding,
   getCredentialBranding,
   getCredentialConfigsSupportedMerged,
@@ -939,21 +939,8 @@ export class OID4VCIHolder implements IAgentPlugin {
           ? 'credential_accepted_holder_signed'
           : 'credential_deleted_holder_signed'
         logger.log(`Subject issuance/signing will be used, with event`, event)
-        const credentialResponse = mappedCredentialToAccept.credentialToAccept.credentialResponse
-        let issuerVC
-        if ('credential' in credentialResponse) {
-          issuerVC = credentialResponse.credential as OriginalVerifiableCredential
-        } else if (
-          'credentials' in credentialResponse &&
-          credentialResponse.credentials &&
-          Array.isArray(credentialResponse.credentials) &&
-          credentialResponse.credentials.length > 0
-        ) {
-          issuerVC = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)
-        }
-        if (!issuerVC) {
-          return Promise.reject(Error('No credential found in credential response'))
-        }
+
+        const issuerVC = extractCredentialFromResponse(mappedCredentialToAccept.credentialToAccept.credentialResponse)
         const wrappedIssuerVC = CredentialMapper.toWrappedVerifiableCredential(issuerVC, { hasher: this.hasher ?? defaultHasher })
         console.log(`Wrapped VC: ${wrappedIssuerVC.type}, ${wrappedIssuerVC.format}`)
         // We will use the subject of the VCI Issuer (the holder, as the issuer of the new credential, so the below is not a mistake!)

package/src/services/OID4VCIHolderService.ts

@@ -1,16 +1,17 @@
 import { LOG } from '@sphereon/oid4vci-client'
 import {
+  AuthorizationChallengeCodeResponse,
   CredentialConfigurationSupported,
-  CredentialSupportedSdJwtVc,
   CredentialConfigurationSupportedSdJwtVcV1_0_15,
   CredentialOfferFormatV1_0_11,
   CredentialResponse,
+  CredentialResponseV1_0_15,
+  CredentialSupportedSdJwtVc,
   getSupportedCredentials,
   getTypesFromCredentialSupported,
   getTypesFromObject,
   MetadataDisplay,
   OpenId4VCIVersion,
-  AuthorizationChallengeCodeResponse,
 } from '@sphereon/oid4vci-common'
 import { KeyUse } from '@sphereon/ssi-sdk-ext.did-resolver-jwk'
 import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
@@ -23,6 +24,7 @@ import {
   managedIdentifierToJwk,
 } from '@sphereon/ssi-sdk-ext.identifier-resolution'
 import { keyTypeFromCryptographicSuite } from '@sphereon/ssi-sdk-ext.key-utils'
+import { defaultHasher } from '@sphereon/ssi-sdk.core'
 import { IBasicCredentialLocaleBranding, IBasicIssuerLocaleBranding } from '@sphereon/ssi-sdk.data-store'
 import {
   CredentialMapper,
@@ -40,8 +42,12 @@ import {
 } from '@sphereon/ssi-types'
 import { asArray } from '@veramo/utils'
 import { translate } from '../localization/Localization'
+import { FirstPartyMachine } from '../machines/firstPartyMachine'
+import { issuerLocaleBrandingFrom, oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
+import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
 import {
   DidAgents,
+  GetBasicIssuerLocaleBrandingArgs,
   GetCredentialBrandingArgs,
   GetCredentialConfigsSupportedArgs,
   GetCredentialConfigsSupportedBySingleTypeOrIdArgs,
@@ -49,22 +55,17 @@ import {
   GetIssuanceCryptoSuiteArgs,
   GetIssuanceDidMethodArgs,
   GetIssuanceOptsArgs,
-  GetBasicIssuerLocaleBrandingArgs,
   GetPreferredCredentialFormatsArgs,
   IssuanceOpts,
   MapCredentialToAcceptArgs,
   MappedCredentialToAccept,
   OID4VCIHolderEvent,
+  RequiredContext,
   SelectAppLocaleBrandingArgs,
+  StartFirstPartApplicationMachine,
   VerificationResult,
   VerifyCredentialToAcceptArgs,
-  StartFirstPartApplicationMachine,
-  RequiredContext,
 } from '../types/IOID4VCIHolder'
-import { oid4vciGetCredentialBrandingFrom, sdJwtGetCredentialBrandingFrom, issuerLocaleBrandingFrom } from '../mappers/OIDC4VCIBrandingMapper'
-import { FirstPartyMachine } from '../machines/firstPartyMachine'
-import { FirstPartyMachineState, FirstPartyMachineStateTypes } from '../types/FirstPartyMachine'
-import { defaultHasher } from '@sphereon/ssi-sdk.core'
 
 export const getCredentialBranding = async (args: GetCredentialBrandingArgs): Promise<Record<string, Array<IBasicCredentialLocaleBranding>>> => {
   const { credentialsSupported, context } = args
@@ -153,21 +154,7 @@ export const selectCredentialLocaleBranding = async (
 export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArgs): Promise<VerificationResult> => {
   const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, schemaValidation, context } = args
 
-  const credentialResponse = mappedCredential.credentialToAccept.credentialResponse
-  let credential
-  if ('credential' in credentialResponse) {
-    credential = credentialResponse.credential as OriginalVerifiableCredential
-  } else if (
-    'credentials' in credentialResponse &&
-    credentialResponse.credentials &&
-    Array.isArray(credentialResponse.credentials) &&
-    credentialResponse.credentials.length > 0
-  ) {
-    credential = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)
-  }
-  if (!credential) {
-    return Promise.reject(Error('No credential found in credential response'))
-  }
+  const credential = extractCredentialFromResponse(mappedCredential.credentialToAccept.credentialResponse)
 
   const wrappedVC = CredentialMapper.toWrappedVerifiableCredential(credential, { hasher: hasher ?? defaultHasher })
   if (
@@ -216,21 +203,7 @@ export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArg
 export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Promise<MappedCredentialToAccept> => {
   const { credentialToAccept, hasher } = args
 
-  const credentialResponse: CredentialResponse = credentialToAccept.credentialResponse
-  let verifiableCredential: W3CVerifiableCredential | undefined
-  if ('credential' in credentialResponse) {
-    verifiableCredential = credentialResponse.credential
-  } else if (
-    'credentials' in credentialResponse &&
-    credentialResponse.credentials &&
-    Array.isArray(credentialResponse.credentials) &&
-    credentialResponse.credentials.length > 0
-  ) {
-    verifiableCredential = credentialResponse.credentials[0].credential // FIXME SSISDK-13 (no multi-credential support yet)
-  }
-  if (!verifiableCredential) {
-    return Promise.reject(Error('No credential found in credential response'))
-  }
+  const verifiableCredential = extractCredentialFromResponse(credentialToAccept.credentialResponse) as W3CVerifiableCredential
 
   const wrappedVerifiableCredential: WrappedVerifiableCredential = CredentialMapper.toWrappedVerifiableCredential(
     verifiableCredential as OriginalVerifiableCredential,
@@ -261,6 +234,7 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
         ? uniformVerifiableCredential.decodedPayload.iss
         : uniformVerifiableCredential.issuer.id
 
+  const credentialResponse = credentialToAccept.credentialResponse as CredentialResponseV1_0_15
   return {
     correlationId,
     credentialToAccept,
@@ -271,6 +245,27 @@ export const mapCredentialToAccept = async (args: MapCredentialToAcceptArgs): Pr
   }
 }
 
+export const extractCredentialFromResponse = (credentialResponse: CredentialResponse): OriginalVerifiableCredential => {
+  let credential: OriginalVerifiableCredential | undefined
+
+  if ('credential' in credentialResponse) {
+    credential = credentialResponse.credential as OriginalVerifiableCredential
+  } else if (
+    'credentials' in credentialResponse &&
+    credentialResponse.credentials &&
+    Array.isArray(credentialResponse.credentials) &&
+    credentialResponse.credentials.length > 0
+  ) {
+    credential = credentialResponse.credentials[0].credential as OriginalVerifiableCredential // FIXME SSISDK-13 (no multi-credential support yet)
+  }
+
+  if (!credential) {
+    throw new Error('No credential found in credential response')
+  }
+
+  return credential
+}
+
 export const getIdentifierOpts = async (args: GetIdentifierArgs): Promise<ManagedIdentifierResult> => {
   const { issuanceOpt, context } = args
   const { identifier: identifierArg } = issuanceOpt
@@ -601,7 +596,7 @@ export const getIssuanceCryptoSuite = async (opts: GetIssuanceCryptoSuiteArgs):
     case 'jwt':
     case 'jwt_vc_json':
     case 'jwt_vc':
-    case 'dc+sd-jwt':
+    case 'vc+sd-jwt':
     case 'dc+sd-jwt':
     case 'mso_mdoc': {
       const supportedPreferences: Array<JoseSignatureAlgorithm | JoseSignatureAlgorithmString> = jwtCryptographicSuitePreferences.filter(