@sphereon/ssi-sdk.oid4vci-issuer 0.33.1-next.3 → 0.33.1-next.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/dist/index.cjs +959 -0
  2. package/dist/index.cjs.map +1 -0
  3. package/dist/index.d.cts +210 -0
  4. package/dist/index.d.ts +206 -6
  5. package/dist/index.js +927 -26
  6. package/dist/index.js.map +1 -1
  7. package/package.json +38 -28
  8. package/src/functions.ts +2 -2
  9. package/src/types/IOID4VCIIssuer.ts +1 -1
  10. package/dist/IssuerInstance.d.ts +0 -26
  11. package/dist/IssuerInstance.d.ts.map +0 -1
  12. package/dist/IssuerInstance.js +0 -52
  13. package/dist/IssuerInstance.js.map +0 -1
  14. package/dist/agent/OID4VCIIssuer.d.ts +0 -25
  15. package/dist/agent/OID4VCIIssuer.d.ts.map +0 -1
  16. package/dist/agent/OID4VCIIssuer.js +0 -210
  17. package/dist/agent/OID4VCIIssuer.js.map +0 -1
  18. package/dist/functions.d.ts +0 -74
  19. package/dist/functions.d.ts.map +0 -1
  20. package/dist/functions.js +0 -328
  21. package/dist/functions.js.map +0 -1
  22. package/dist/index.d.ts.map +0 -1
  23. package/dist/state-manager/TypeOrmStateManager.d.ts +0 -1
  24. package/dist/state-manager/TypeOrmStateManager.d.ts.map +0 -1
  25. package/dist/state-manager/TypeOrmStateManager.js +0 -2
  26. package/dist/state-manager/TypeOrmStateManager.js.map +0 -1
  27. package/dist/state-manager/oid4vcState/IAbstractMachineStateStore.d.ts +0 -39
  28. package/dist/state-manager/oid4vcState/IAbstractMachineStateStore.d.ts.map +0 -1
  29. package/dist/state-manager/oid4vcState/IAbstractMachineStateStore.js +0 -3
  30. package/dist/state-manager/oid4vcState/IAbstractMachineStateStore.js.map +0 -1
  31. package/dist/state-manager/oid4vcState/MachineStateStore.d.ts +0 -1
  32. package/dist/state-manager/oid4vcState/MachineStateStore.d.ts.map +0 -1
  33. package/dist/state-manager/oid4vcState/MachineStateStore.js +0 -137
  34. package/dist/state-manager/oid4vcState/MachineStateStore.js.map +0 -1
  35. package/dist/types/IOID4VCIIssuer.d.ts +0 -90
  36. package/dist/types/IOID4VCIIssuer.d.ts.map +0 -1
  37. package/dist/types/IOID4VCIIssuer.js +0 -3
  38. package/dist/types/IOID4VCIIssuer.js.map +0 -1
package/dist/index.cjs ADDED
@@ -0,0 +1,959 @@
1
+ "use strict";
2
+ var __create = Object.create;
3
+ var __defProp = Object.defineProperty;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __getOwnPropNames = Object.getOwnPropertyNames;
6
+ var __getProtoOf = Object.getPrototypeOf;
7
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
8
+ var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
9
+ var __commonJS = (cb, mod) => function __require() {
10
+ return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
11
+ };
12
+ var __export = (target, all) => {
13
+ for (var name in all)
14
+ __defProp(target, name, { get: all[name], enumerable: true });
15
+ };
16
+ var __copyProps = (to, from, except, desc) => {
17
+ if (from && typeof from === "object" || typeof from === "function") {
18
+ for (let key of __getOwnPropNames(from))
19
+ if (!__hasOwnProp.call(to, key) && key !== except)
20
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
21
+ }
22
+ return to;
23
+ };
24
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
25
+ // If the importer is in node compatibility mode or this is not an ESM
26
+ // file that has been converted to a CommonJS file using a Babel-
27
+ // compatible transform (i.e. "__esModule" has not been set), then set
28
+ // "default" to the CommonJS "module.exports" for node compatibility.
29
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
30
+ mod
31
+ ));
32
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
33
+
34
+ // plugin.schema.json
35
+ var require_plugin_schema = __commonJS({
36
+ "plugin.schema.json"(exports, module2) {
37
+ module2.exports = {
38
+ IDidAuthSiopOpAuthenticator: {
39
+ components: {
40
+ schemas: {
41
+ IGetSiopSessionArgs: {
42
+ type: "object",
43
+ properties: {
44
+ sessionId: {
45
+ type: "string"
46
+ },
47
+ additionalProperties: false
48
+ },
49
+ required: ["sessionId"],
50
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
51
+ },
52
+ IRegisterSiopSessionArgs: {
53
+ type: "object",
54
+ properties: {
55
+ identifier: {
56
+ type: "object",
57
+ properties: {
58
+ did: {
59
+ type: "string"
60
+ },
61
+ alias: {
62
+ type: "string"
63
+ },
64
+ provider: {
65
+ type: "string"
66
+ },
67
+ controllerKeyId: {
68
+ type: "string"
69
+ },
70
+ keys: {
71
+ type: "array",
72
+ items: {
73
+ type: "object",
74
+ properties: {
75
+ additionalProperties: true
76
+ }
77
+ }
78
+ },
79
+ services: {
80
+ type: "array",
81
+ items: {
82
+ type: "object",
83
+ properties: {
84
+ additionalProperties: true
85
+ }
86
+ }
87
+ }
88
+ },
89
+ additionalProperties: false,
90
+ required: ["did", "provider", "keys", "services"]
91
+ },
92
+ sessionId: {
93
+ type: "string"
94
+ },
95
+ expiresIn: {
96
+ type: "number"
97
+ },
98
+ additionalProperties: false
99
+ },
100
+ required: ["identifier"],
101
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
102
+ },
103
+ IRemoveSiopSessionArgs: {
104
+ type: "object",
105
+ properties: {
106
+ sessionId: {
107
+ type: "string"
108
+ },
109
+ additionalProperties: false
110
+ },
111
+ required: ["sessionId"],
112
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
113
+ },
114
+ IAuthenticateWithSiopArgs: {
115
+ type: "object",
116
+ properties: {
117
+ sessionId: {
118
+ type: "string"
119
+ },
120
+ stateId: {
121
+ type: "string"
122
+ },
123
+ redirectUrl: {
124
+ type: "string"
125
+ },
126
+ additionalProperties: false
127
+ },
128
+ required: ["sessionId", "stateId", "redirectUrl"],
129
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
130
+ },
131
+ IResponse: {
132
+ type: "object",
133
+ properties: {
134
+ status: {
135
+ type: "number"
136
+ },
137
+ additionalProperties: true
138
+ },
139
+ required: ["status"],
140
+ description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
141
+ },
142
+ IGetSiopAuthenticationRequestFromRpArgs: {
143
+ type: "object",
144
+ properties: {
145
+ sessionId: {
146
+ type: "string"
147
+ },
148
+ stateId: {
149
+ type: "string"
150
+ },
151
+ redirectUrl: {
152
+ type: "string"
153
+ },
154
+ additionalProperties: false
155
+ },
156
+ required: ["sessionId", "stateId", "redirectUrl"],
157
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
158
+ },
159
+ ParsedAuthenticationRequestURI: {
160
+ type: "object",
161
+ properties: {
162
+ jwt: {
163
+ type: "string"
164
+ },
165
+ requestPayload: {
166
+ type: "object",
167
+ properties: {
168
+ additionalProperties: true
169
+ }
170
+ },
171
+ registration: {
172
+ type: "object",
173
+ properties: {
174
+ additionalProperties: true
175
+ }
176
+ },
177
+ additionalProperties: false
178
+ },
179
+ required: ["jwt", "requestPayload", "registration"],
180
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
181
+ },
182
+ IGetSiopAuthenticationRequestDetailsArgs: {
183
+ type: "object",
184
+ properties: {
185
+ sessionId: {
186
+ type: "string"
187
+ },
188
+ verifiedAuthenticationRequest: {
189
+ type: "object",
190
+ properties: {
191
+ additionalProperties: true
192
+ }
193
+ },
194
+ credentialFilter: {
195
+ type: "object",
196
+ properties: {
197
+ additionalProperties: true
198
+ }
199
+ },
200
+ additionalProperties: false
201
+ },
202
+ required: ["sessionId", "verifiedAuthenticationRequest"],
203
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
204
+ },
205
+ IAuthRequestDetails: {
206
+ type: "object",
207
+ properties: {
208
+ id: {
209
+ type: "string"
210
+ },
211
+ alsoKnownAs: {
212
+ type: "array",
213
+ items: {
214
+ type: "string"
215
+ }
216
+ },
217
+ vpResponseOpts: {
218
+ type: "object",
219
+ properties: {
220
+ additionalProperties: true
221
+ }
222
+ },
223
+ additionalProperties: false
224
+ },
225
+ required: ["id", "vpResponseOpts"],
226
+ description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
227
+ },
228
+ IVerifySiopAuthenticationRequestUriArgs: {
229
+ type: "object",
230
+ properties: {
231
+ sessionId: {
232
+ type: "string"
233
+ },
234
+ ParsedAuthenticationRequestURI: {
235
+ type: "object",
236
+ properties: {
237
+ additionalProperties: true
238
+ }
239
+ },
240
+ additionalProperties: false
241
+ },
242
+ required: ["sessionId", "ParsedAuthenticationRequestURI"],
243
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
244
+ },
245
+ VerifiedAuthorizationRequest: {
246
+ type: "object",
247
+ properties: {
248
+ payload: {
249
+ type: "object",
250
+ properties: {
251
+ additionalProperties: true
252
+ }
253
+ },
254
+ presentationDefinitions: {
255
+ type: "object",
256
+ properties: {
257
+ additionalProperties: true
258
+ }
259
+ },
260
+ verifyOpts: {
261
+ type: "object",
262
+ properties: {
263
+ additionalProperties: true
264
+ }
265
+ },
266
+ additionalProperties: false
267
+ },
268
+ required: ["payload", "verifyOpts"],
269
+ description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
270
+ },
271
+ ISendSiopAuthenticationResponseArgs: {
272
+ type: "object",
273
+ properties: {
274
+ sessionId: {
275
+ type: "string"
276
+ },
277
+ verifiedAuthenticationRequest: {
278
+ type: "object",
279
+ properties: {
280
+ additionalProperties: true
281
+ }
282
+ },
283
+ verifiablePresentationResponse: {
284
+ type: "object",
285
+ properties: {
286
+ additionalProperties: true
287
+ }
288
+ },
289
+ additionalProperties: false
290
+ },
291
+ required: ["sessionId", "verifiedAuthenticationRequest"],
292
+ description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
293
+ }
294
+ },
295
+ methods: {
296
+ getSessionForSiop: {
297
+ description: "Get SIOP session",
298
+ arguments: {
299
+ $ref: "#/components/schemas/IGetSiopSessionArgs"
300
+ },
301
+ returnType: "object"
302
+ },
303
+ registerSessionForSiop: {
304
+ description: "Register SIOP session",
305
+ arguments: {
306
+ $ref: "#/components/schemas/IRegisterSiopSessionArgs"
307
+ },
308
+ returnType: "object"
309
+ },
310
+ removeSessionForSiop: {
311
+ description: "Remove SIOP session",
312
+ arguments: {
313
+ $ref: "#/components/schemas/IRemoveSiopSessionArgs"
314
+ },
315
+ returnType: "boolean"
316
+ },
317
+ authenticateWithSiop: {
318
+ description: "Authenticate using DID Auth SIOP",
319
+ arguments: {
320
+ $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
321
+ },
322
+ returnType: {
323
+ $ref: "#/components/schemas/Response"
324
+ }
325
+ },
326
+ getSiopAuthenticationRequestFromRP: {
327
+ description: "Get authentication request from RP",
328
+ arguments: {
329
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
330
+ },
331
+ returnType: {
332
+ $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
333
+ }
334
+ },
335
+ getSiopAuthenticationRequestDetails: {
336
+ description: "Get authentication request details",
337
+ arguments: {
338
+ $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
339
+ },
340
+ returnType: {
341
+ $ref: "#/components/schemas/IAuthRequestDetails"
342
+ }
343
+ },
344
+ verifySiopAuthenticationRequestURI: {
345
+ description: "Verify authentication request URI",
346
+ arguments: {
347
+ $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
348
+ },
349
+ returnType: {
350
+ $ref: "#/components/schemas/VerifiedAuthorizationRequest"
351
+ }
352
+ },
353
+ sendSiopAuthenticationResponse: {
354
+ description: "Send authentication response",
355
+ arguments: {
356
+ $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
357
+ },
358
+ returnType: {
359
+ $ref: "#/components/schemas/IRequiredContext"
360
+ }
361
+ }
362
+ }
363
+ }
364
+ }
365
+ };
366
+ }
367
+ });
368
+
369
+ // src/index.ts
370
+ var index_exports = {};
371
+ __export(index_exports, {
372
+ IssuerInstance: () => IssuerInstance,
373
+ OID4VCIIssuer: () => OID4VCIIssuer,
374
+ createAuthRequestUriCallback: () => createAuthRequestUriCallback,
375
+ createVciIssuer: () => createVciIssuer,
376
+ createVciIssuerBuilder: () => createVciIssuerBuilder,
377
+ createVerifyAuthResponseCallback: () => createVerifyAuthResponseCallback,
378
+ getAccessTokenKeyRef: () => getAccessTokenKeyRef,
379
+ getAccessTokenSignerCallback: () => getAccessTokenSignerCallback,
380
+ getCredentialSignerCallback: () => getCredentialSignerCallback,
381
+ getJwtVerifyCallback: () => getJwtVerifyCallback,
382
+ schema: () => schema
383
+ });
384
+ module.exports = __toCommonJS(index_exports);
385
+
386
+ // src/agent/OID4VCIIssuer.ts
387
+ var import_oid4vci_common = require("@sphereon/oid4vci-common");
388
+ var import_oid4vci_issuer2 = require("@sphereon/oid4vci-issuer");
389
+ var import_oid4vci_client = require("@sphereon/oid4vci-client");
390
+ var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.did-utils");
391
+
392
+ // src/functions.ts
393
+ var import_oid4vci_issuer = require("@sphereon/oid4vci-issuer");
394
+ var import_ssi_sdk_ext = require("@sphereon/ssi-sdk-ext.did-utils");
395
+ var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
396
+ var import_ssi_sdk = require("@sphereon/ssi-sdk.agent-config");
397
+ var import_ssi_types = require("@sphereon/ssi-types");
398
+ var import_utils = require("@veramo/utils");
399
+ var import_did_jwt = require("did-jwt");
400
+ var import_jwt_decode = require("jwt-decode");
401
+ var import_cross_fetch = __toESM(require("cross-fetch"), 1);
402
+ var import_did_auth_siop = require("@sphereon/did-auth-siop");
403
+ function getJwtVerifyCallback({ verifyOpts }, _context) {
404
+ return async (args) => {
405
+ const resolver = (0, import_ssi_sdk_ext.getAgentResolver)(_context, {
406
+ resolverResolution: true,
407
+ uniresolverResolution: true,
408
+ localResolution: true
409
+ });
410
+ verifyOpts = {
411
+ ...verifyOpts,
412
+ resolver: verifyOpts?.resolver
413
+ };
414
+ if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== "function") {
415
+ verifyOpts.resolver = resolver;
416
+ }
417
+ const result = await _context.agent.jwtVerifyJwsSignature({
418
+ jws: args.jwt
419
+ });
420
+ if (!result.error) {
421
+ const identifier = result.jws.signatures[0].identifier;
422
+ if (!identifier) {
423
+ return Promise.reject(Error("the jws did not contain a signature with an identifier"));
424
+ }
425
+ const jwkInfo = identifier.jwks[0];
426
+ if (!jwkInfo) {
427
+ return Promise.reject(Error(`the identifier of type ${identifier.method} is missing jwks (ExternalJwkInfo)`));
428
+ }
429
+ const { alg: alg2 } = jwkInfo.jwk;
430
+ const header = (0, import_jwt_decode.jwtDecode)(args.jwt, {
431
+ header: true
432
+ });
433
+ const payload = (0, import_jwt_decode.jwtDecode)(args.jwt, {
434
+ header: false
435
+ });
436
+ const kid2 = args.kid ?? header.kid;
437
+ const jwk = jwkInfo.jwk;
438
+ return {
439
+ alg: alg2,
440
+ ...identifier,
441
+ jwt: {
442
+ header,
443
+ payload
444
+ },
445
+ ...kid2 && {
446
+ kid: kid2
447
+ },
448
+ ...jwk && {
449
+ jwk
450
+ }
451
+ };
452
+ }
453
+ const decodedJwt = await (0, import_did_jwt.decodeJWT)(args.jwt);
454
+ const kid = args.kid ?? decodedJwt.header.kid;
455
+ if (!kid || !kid.startsWith("did:")) {
456
+ return {
457
+ alg: decodedJwt.header.alg,
458
+ jwt: decodedJwt
459
+ };
460
+ }
461
+ const did = kid.split("#")[0];
462
+ const didResult = await (0, import_did_jwt.verifyJWT)(args.jwt, verifyOpts);
463
+ if (!didResult.verified) {
464
+ console.log(`JWT invalid: ${args.jwt}`);
465
+ throw Error("JWT did not verify successfully");
466
+ }
467
+ const didResolution = await resolver.resolve(did);
468
+ if (!didResolution || !didResolution.didDocument) {
469
+ throw Error(`Could not resolve did: ${did}, metadata: ${didResolution?.didResolutionMetadata}`);
470
+ }
471
+ const alg = decodedJwt.header.alg;
472
+ return {
473
+ alg,
474
+ kid,
475
+ did,
476
+ didDocument: didResolution.didDocument,
477
+ jwt: decodedJwt
478
+ };
479
+ };
480
+ }
481
+ __name(getJwtVerifyCallback, "getJwtVerifyCallback");
482
+ async function getAccessTokenKeyRef(opts, context) {
483
+ let identifier = (0, import_ssi_sdk_ext2.legacyKeyRefsToIdentifierOpts)(opts);
484
+ return await context.agent.identifierManagedGet(identifier);
485
+ }
486
+ __name(getAccessTokenKeyRef, "getAccessTokenKeyRef");
487
+ async function getAccessTokenSignerCallback(opts, context) {
488
+ const signer = /* @__PURE__ */ __name(async (data) => {
489
+ let dataString, encoding;
490
+ const resolution = await (0, import_ssi_sdk_ext2.legacyKeyRefsToIdentifierOpts)(opts);
491
+ const keyRef = resolution.kmsKeyRef;
492
+ if (!keyRef) {
493
+ throw Error("Cannot sign access tokens without a key ref");
494
+ }
495
+ if (typeof data === "string") {
496
+ dataString = data;
497
+ encoding = void 0;
498
+ } else {
499
+ dataString = (0, import_utils.bytesToBase64)(data);
500
+ encoding = "base64";
501
+ }
502
+ return context.agent.keyManagerSign({
503
+ keyRef,
504
+ data: dataString,
505
+ encoding
506
+ });
507
+ }, "signer");
508
+ async function accessTokenSignerCallback(jwt, kid) {
509
+ const issuer = opts.idOpts?.issuer ?? (typeof opts.idOpts?.identifier === "string" ? opts.idOpts.identifier : opts.didOpts?.idOpts?.identifier?.toString() ?? opts?.iss);
510
+ if (!issuer) {
511
+ throw Error("No issuer configured for access tokens");
512
+ }
513
+ let kidHeader = jwt?.header?.kid ?? kid;
514
+ if (!kidHeader) {
515
+ if (opts.idOpts?.method === "did" || opts.idOpts?.method === "kid" || typeof opts.didOpts?.idOpts.identifier === "string" && opts.didOpts?.idOpts?.identifier?.startsWith("did:")) {
516
+ kidHeader = opts.idOpts?.kid ?? opts.didOpts?.idOpts?.kid ?? opts?.didOpts?.identifierOpts?.kid;
517
+ }
518
+ }
519
+ return await (0, import_did_jwt.createJWT)(jwt.payload, {
520
+ signer,
521
+ issuer
522
+ }, {
523
+ ...jwt.header,
524
+ ...kidHeader && {
525
+ kid: kidHeader
526
+ },
527
+ typ: "JWT"
528
+ });
529
+ }
530
+ __name(accessTokenSignerCallback, "accessTokenSignerCallback");
531
+ return accessTokenSignerCallback;
532
+ }
533
+ __name(getAccessTokenSignerCallback, "getAccessTokenSignerCallback");
534
+ async function getCredentialSignerCallback(idOpts, context) {
535
+ async function issueVCCallback(args) {
536
+ const { jwtVerifyResult, format, statusLists } = args;
537
+ const credential = args.credential;
538
+ let proofFormat;
539
+ const resolution = await context.agent.identifierManagedGet(idOpts);
540
+ proofFormat = format?.includes("ld") ? "lds" : "jwt";
541
+ const issuer = resolution.issuer ?? resolution.kmsKeyRef;
542
+ if (import_ssi_types.CredentialMapper.isW3cCredential(credential)) {
543
+ if (!credential.issuer) {
544
+ credential.issuer = {
545
+ id: issuer
546
+ };
547
+ } else if (typeof credential.issuer === "object" && !credential.issuer.id) {
548
+ credential.issuer.id = issuer;
549
+ }
550
+ const subjectIsArray = Array.isArray(credential.credentialSubject);
551
+ let credentialSubjects = Array.isArray(credential.credentialSubject) ? credential.credentialSubject : [
552
+ credential.credentialSubject
553
+ ];
554
+ credentialSubjects = credentialSubjects.map((subject) => {
555
+ if (!subject.id) {
556
+ subject.id = jwtVerifyResult.did;
557
+ }
558
+ return subject;
559
+ });
560
+ credential.credentialSubject = subjectIsArray ? credentialSubjects : credentialSubjects[0];
561
+ if ((0, import_ssi_sdk.contextHasPlugin)(context, "slAddStatusToCredential")) {
562
+ const credentialStatusVC = await context.agent.slAddStatusToCredential({
563
+ credential,
564
+ statusLists
565
+ });
566
+ if (credential.credentialStatus && !credential.credentialStatus.statusListCredential) {
567
+ credential.credentialStatus = credentialStatusVC.credentialStatus;
568
+ }
569
+ }
570
+ const result = await context.agent.createVerifiableCredential({
571
+ credential,
572
+ proofFormat,
573
+ removeOriginalFields: false,
574
+ fetchRemoteContexts: true,
575
+ domain: typeof credential.issuer === "object" ? credential.issuer.id : credential.issuer,
576
+ ...resolution.kid && {
577
+ header: {
578
+ kid: resolution.kid
579
+ }
580
+ }
581
+ });
582
+ return proofFormat === "jwt" && "jwt" in result.proof ? result.proof.jwt : result;
583
+ } else if (import_ssi_types.CredentialMapper.isSdJwtDecodedCredentialPayload(credential)) {
584
+ const sdJwtPayload = credential;
585
+ if (sdJwtPayload.iss === void 0) {
586
+ sdJwtPayload.iss = issuer;
587
+ }
588
+ if (sdJwtPayload.iat === void 0) {
589
+ sdJwtPayload.iat = Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3);
590
+ }
591
+ let disclosureFrame;
592
+ if ("disclosureFrame" in credential) {
593
+ disclosureFrame = credential["disclosureFrame"];
594
+ delete credential["disclosureFrame"];
595
+ } else {
596
+ disclosureFrame = {
597
+ _sd: credential["_sd"]
598
+ };
599
+ }
600
+ if ((0, import_ssi_sdk.contextHasPlugin)(context, "slAddStatusToSdJwtCredential")) {
601
+ if (sdJwtPayload.status && sdJwtPayload.status.status_list || statusLists && statusLists.length > 0) {
602
+ const sdJwtPayloadWithStatus = await context.agent.slAddStatusToSdJwtCredential({
603
+ credential: sdJwtPayload,
604
+ statusLists
605
+ });
606
+ if (sdJwtPayload.status?.status_list?.idx) {
607
+ if (!sdJwtPayloadWithStatus.status || !sdJwtPayloadWithStatus.status.status_list) {
608
+ return Promise.reject(Error("slAddStatusToSdJwtCredential did not return a status_list"));
609
+ }
610
+ if (statusLists && statusLists.length > 0) {
611
+ const statusList = statusLists[0];
612
+ statusList.statusListId = sdJwtPayloadWithStatus.status.status_list.uri;
613
+ statusList.statusListIndex = sdJwtPayloadWithStatus.status.status_list.idx;
614
+ }
615
+ sdJwtPayload.status.status_list.idx = sdJwtPayloadWithStatus.status.status_list.idx;
616
+ }
617
+ }
618
+ }
619
+ const result = await context.agent.createSdJwtVc({
620
+ credentialPayload: sdJwtPayload,
621
+ disclosureFrame,
622
+ resolution
623
+ });
624
+ return result.credential;
625
+ }
626
+ return Promise.reject("VC issuance failed, an incorrect or unsupported credential was supplied");
627
+ }
628
+ __name(issueVCCallback, "issueVCCallback");
629
+ return issueVCCallback;
630
+ }
631
+ __name(getCredentialSignerCallback, "getCredentialSignerCallback");
632
+ async function createVciIssuerBuilder(args, context) {
633
+ const { issuerOpts, issuerMetadata, authorizationServerMetadata } = args;
634
+ const builder = new import_oid4vci_issuer.VcIssuerBuilder();
635
+ const resolver = args.resolver ?? args?.issuerOpts?.didOpts?.resolveOpts?.resolver ?? args.issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts?.resolver ?? (0, import_ssi_sdk_ext.getAgentResolver)(context);
636
+ if (!resolver) {
637
+ throw Error("A Resolver is necessary to verify DID JWTs");
638
+ }
639
+ const idOpts = (0, import_ssi_sdk_ext2.legacyKeyRefsToIdentifierOpts)({
640
+ didOpts: issuerOpts.didOpts,
641
+ idOpts: issuerOpts.idOpts
642
+ });
643
+ const jwtVerifyOpts = {
644
+ ...issuerOpts?.didOpts?.resolveOpts?.jwtVerifyOpts,
645
+ ...args?.issuerOpts?.resolveOpts?.jwtVerifyOpts,
646
+ resolver,
647
+ audience: issuerMetadata.credential_issuer
648
+ };
649
+ builder.withIssuerMetadata(issuerMetadata);
650
+ builder.withAuthorizationMetadata(authorizationServerMetadata);
651
+ builder.withCredentialSignerCallback(await getCredentialSignerCallback(idOpts, context));
652
+ if (issuerOpts.asClientOpts) {
653
+ builder.withASClientMetadata(issuerOpts.asClientOpts);
654
+ }
655
+ builder.withJWTVerifyCallback(getJwtVerifyCallback({
656
+ verifyOpts: jwtVerifyOpts
657
+ }, context));
658
+ if (args.credentialDataSupplier) {
659
+ builder.withCredentialDataSupplier(args.credentialDataSupplier);
660
+ }
661
+ builder.withInMemoryCNonceState();
662
+ builder.withInMemoryCredentialOfferState();
663
+ builder.withInMemoryCredentialOfferURIState();
664
+ return builder;
665
+ }
666
+ __name(createVciIssuerBuilder, "createVciIssuerBuilder");
667
+ async function createVciIssuer({ issuerOpts, issuerMetadata, authorizationServerMetadata, credentialDataSupplier }, context) {
668
+ return (await createVciIssuerBuilder({
669
+ issuerOpts,
670
+ issuerMetadata,
671
+ authorizationServerMetadata,
672
+ credentialDataSupplier
673
+ }, context)).build();
674
+ }
675
+ __name(createVciIssuer, "createVciIssuer");
676
+ async function createAuthRequestUriCallback(opts) {
677
+ async function authRequestUriCallback() {
678
+ const path = opts.path.replace(":definitionId", opts.presentationDefinitionId);
679
+ return (0, import_cross_fetch.default)(path, {
680
+ method: "POST",
681
+ headers: {
682
+ "Content-Type": "application/json"
683
+ }
684
+ }).then(async (response) => {
685
+ if (response.status >= 400) {
686
+ return Promise.reject(Error(await response.text()));
687
+ } else {
688
+ const responseData = await response.json();
689
+ if (!responseData.authRequestURI) {
690
+ return Promise.reject(Error("Missing auth request uri in response body"));
691
+ }
692
+ return responseData.authRequestURI;
693
+ }
694
+ });
695
+ }
696
+ __name(authRequestUriCallback, "authRequestUriCallback");
697
+ return authRequestUriCallback;
698
+ }
699
+ __name(createAuthRequestUriCallback, "createAuthRequestUriCallback");
700
+ async function createVerifyAuthResponseCallback(opts) {
701
+ async function verifyAuthResponseCallback(correlationId) {
702
+ return (0, import_cross_fetch.default)(opts.path, {
703
+ method: "POST",
704
+ headers: {
705
+ "Content-Type": "application/json"
706
+ },
707
+ body: JSON.stringify({
708
+ definitionId: opts.presentationDefinitionId,
709
+ correlationId
710
+ })
711
+ }).then(async (response) => {
712
+ if (response.status >= 400) {
713
+ return Promise.reject(Error(await response.text()));
714
+ } else {
715
+ const responseData = await response.json();
716
+ if (!responseData.status) {
717
+ return Promise.reject(Error("Missing status in response body"));
718
+ }
719
+ return responseData.status === import_did_auth_siop.AuthorizationResponseStateStatus.VERIFIED;
720
+ }
721
+ });
722
+ }
723
+ __name(verifyAuthResponseCallback, "verifyAuthResponseCallback");
724
+ return verifyAuthResponseCallback;
725
+ }
726
+ __name(createVerifyAuthResponseCallback, "createVerifyAuthResponseCallback");
727
+
728
+ // src/IssuerInstance.ts
729
+ var IssuerInstance = class {
730
+ static {
731
+ __name(this, "IssuerInstance");
732
+ }
733
+ _issuer;
734
+ _metadataOptions;
735
+ _issuerOptions;
736
+ _issuerMetadata;
737
+ _authorizationServerMetadata;
738
+ constructor({ issuerOpts, metadataOpts, issuerMetadata, authorizationServerMetadata }) {
739
+ this._issuerOptions = issuerOpts;
740
+ this._metadataOptions = metadataOpts;
741
+ this._issuerMetadata = issuerMetadata;
742
+ this._authorizationServerMetadata = authorizationServerMetadata;
743
+ }
744
+ async get(opts) {
745
+ if (!this._issuer) {
746
+ const builder = await createVciIssuerBuilder({
747
+ issuerOpts: this.issuerOptions,
748
+ issuerMetadata: this.issuerMetadata,
749
+ authorizationServerMetadata: this.authorizationServerMetadata,
750
+ credentialDataSupplier: opts?.credentialDataSupplier
751
+ }, opts.context);
752
+ this._issuer = builder.build();
753
+ }
754
+ return this._issuer;
755
+ }
756
+ get issuerOptions() {
757
+ return this._issuerOptions;
758
+ }
759
+ get metadataOptions() {
760
+ return this._metadataOptions;
761
+ }
762
+ get issuerMetadata() {
763
+ return this._issuerMetadata;
764
+ }
765
+ set issuerMetadata(value) {
766
+ this._issuerMetadata = value;
767
+ }
768
+ get authorizationServerMetadata() {
769
+ return this._authorizationServerMetadata;
770
+ }
771
+ };
772
+
773
+ // src/agent/OID4VCIIssuer.ts
774
+ var OID4VCIIssuer = class _OID4VCIIssuer {
775
+ static {
776
+ __name(this, "OID4VCIIssuer");
777
+ }
778
+ static _DEFAULT_OPTS_KEY = "_default";
779
+ instances = /* @__PURE__ */ new Map();
780
+ schema = schema.IDidAuthSiopOpAuthenticator;
781
+ methods = {
782
+ oid4vciCreateOfferURI: this.oid4vciCreateOfferURI.bind(this),
783
+ oid4vciIssueCredential: this.oid4vciIssueCredential.bind(this),
784
+ oid4vciCreateAccessTokenResponse: this.oid4vciCreateAccessTokenResponse.bind(this),
785
+ oid4vciGetInstance: this.oid4vciGetInstance.bind(this)
786
+ };
787
+ _opts;
788
+ constructor(opts) {
789
+ this._opts = opts ?? {};
790
+ }
791
+ async oid4vciCreateOfferURI(createArgs, context) {
792
+ return await this.oid4vciGetInstance(createArgs, context).then((instance) => instance.get({
793
+ context
794
+ })).then((issuer) => issuer.createCredentialOfferURI(createArgs).then((response) => {
795
+ const result = response;
796
+ if (this._opts.returnSessions === false) {
797
+ delete result.session;
798
+ }
799
+ return result;
800
+ }));
801
+ }
802
+ async oid4vciIssueCredential(issueArgs, context) {
803
+ return await this.oid4vciGetInstance(issueArgs, context).then((instance) => instance.get({
804
+ context
805
+ })).then((issuer) => issuer.issueCredential(issueArgs));
806
+ }
807
+ async oid4vciCreateAccessTokenResponse(accessTokenArgs, context) {
808
+ return await this.oid4vciGetInstance(accessTokenArgs, context).then(async (instance) => {
809
+ const issuer = await instance.get({
810
+ context
811
+ });
812
+ await (0, import_oid4vci_issuer2.assertValidAccessTokenRequest)(accessTokenArgs.request, {
813
+ credentialOfferSessions: issuer.credentialOfferSessions,
814
+ expirationDuration: accessTokenArgs.expirationDuration
815
+ });
816
+ const accessTokenIssuer = instance.issuerOptions.idOpts?.issuer ?? instance.issuerOptions.didOpts?.idOpts.identifier.toString();
817
+ if (!accessTokenIssuer) {
818
+ return Promise.reject(Error(`Could not determine access token issuer`));
819
+ }
820
+ return (0, import_oid4vci_issuer2.createAccessTokenResponse)(accessTokenArgs.request, {
821
+ accessTokenIssuer,
822
+ tokenExpiresIn: accessTokenArgs.expirationDuration,
823
+ cNonceExpiresIn: accessTokenArgs.expirationDuration,
824
+ cNonces: issuer.cNonces,
825
+ credentialOfferSessions: issuer.credentialOfferSessions,
826
+ accessTokenSignerCallback: await getAccessTokenSignerCallback(instance.issuerOptions, context)
827
+ });
828
+ });
829
+ }
830
+ getExternalAS(issuerMetadata) {
831
+ if ("authorization_servers" in issuerMetadata && Array.isArray(issuerMetadata.authorization_servers)) {
832
+ return issuerMetadata.authorization_servers.find((as) => as !== issuerMetadata.credential_issuer);
833
+ }
834
+ return void 0;
835
+ }
836
+ async createIssuerInstance(args, context) {
837
+ const credentialIssuer = args.credentialIssuer ?? _OID4VCIIssuer._DEFAULT_OPTS_KEY;
838
+ const metadataOpts = await this.getMetadataOpts({
839
+ ...args,
840
+ credentialIssuer
841
+ }, context);
842
+ const issuerMetadata = await this.getIssuerMetadata({
843
+ ...args,
844
+ credentialIssuer
845
+ }, context);
846
+ const externalAS = this.getExternalAS(issuerMetadata);
847
+ let asMetadataResponse = void 0;
848
+ if (externalAS) {
849
+ asMetadataResponse = await (0, import_oid4vci_client.retrieveWellknown)(externalAS, import_oid4vci_common.WellKnownEndpoints.OPENID_CONFIGURATION, {
850
+ errorOnNotFound: false
851
+ });
852
+ if (!asMetadataResponse) {
853
+ asMetadataResponse = await (0, import_oid4vci_client.retrieveWellknown)(externalAS, import_oid4vci_common.WellKnownEndpoints.OAUTH_AS, {
854
+ errorOnNotFound: true
855
+ });
856
+ }
857
+ }
858
+ const authorizationServerMetadata = asMetadataResponse?.successBody ? asMetadataResponse.successBody : await this.getAuthorizationServerMetadataFromStore({
859
+ ...args,
860
+ credentialIssuer
861
+ }, context);
862
+ const issuerOpts = await this.getIssuerOptsFromStore({
863
+ ...args,
864
+ credentialIssuer
865
+ }, context);
866
+ if (!issuerOpts.resolveOpts) {
867
+ issuerOpts.resolveOpts = {
868
+ ...issuerOpts.didOpts?.resolveOpts,
869
+ ...this._opts.resolveOpts
870
+ };
871
+ }
872
+ if (!issuerOpts.resolveOpts?.resolver) {
873
+ issuerOpts.resolveOpts.resolver = (0, import_ssi_sdk_ext3.getAgentResolver)(context);
874
+ }
875
+ this.instances.set(credentialIssuer, new IssuerInstance({
876
+ issuerOpts,
877
+ metadataOpts,
878
+ issuerMetadata,
879
+ authorizationServerMetadata
880
+ }));
881
+ return this.oid4vciGetInstance(args, context);
882
+ }
883
+ async oid4vciGetInstance(args, context) {
884
+ const credentialIssuer = args.credentialIssuer ?? _OID4VCIIssuer._DEFAULT_OPTS_KEY;
885
+ if (!this.instances.has(credentialIssuer)) {
886
+ await this.createIssuerInstance(args, context);
887
+ }
888
+ return this.instances.get(credentialIssuer);
889
+ }
890
+ async getIssuerOptsFromStore(opts, context) {
891
+ const credentialIssuer = opts.credentialIssuer;
892
+ const storeId = await this.storeId(opts, context);
893
+ const namespace = await this.namespace(opts, context);
894
+ const options = await context.agent.oid4vciStoreGetIssuerOpts({
895
+ metadataType: "issuer",
896
+ correlationId: credentialIssuer,
897
+ storeId,
898
+ namespace
899
+ });
900
+ if (!options) {
901
+ throw Error(`Could not get specific nor default options for definition ${credentialIssuer}`);
902
+ }
903
+ return options;
904
+ }
905
+ async getMetadataOpts(opts, context) {
906
+ const credentialIssuer = opts.credentialIssuer;
907
+ const storeId = await this.storeId(opts, context);
908
+ const storeNamespace = await this.namespace(opts, context);
909
+ return {
910
+ credentialIssuer,
911
+ storeId,
912
+ storeNamespace
913
+ };
914
+ }
915
+ async getIssuerMetadata(opts, context) {
916
+ const metadataOpts = await this.getMetadataOpts(opts, context);
917
+ const metadata = await context.agent.oid4vciStoreGetMetadata({
918
+ metadataType: "issuer",
919
+ correlationId: metadataOpts.credentialIssuer,
920
+ namespace: metadataOpts.storeNamespace,
921
+ storeId: metadataOpts.storeId
922
+ });
923
+ if (!metadata) {
924
+ throw Error(`Issuer metadata not found for issuer ${opts.credentialIssuer}, namespace ${opts.namespace} and store ${opts.storeId}`);
925
+ }
926
+ return metadata;
927
+ }
928
+ async getAuthorizationServerMetadataFromStore(opts, context) {
929
+ const metadataOpts = await this.getMetadataOpts(opts, context);
930
+ const metadata = await context.agent.oid4vciStoreGetMetadata({
931
+ metadataType: "authorizationServer",
932
+ correlationId: metadataOpts.credentialIssuer,
933
+ namespace: metadataOpts.storeNamespace,
934
+ storeId: metadataOpts.storeId
935
+ });
936
+ if (!metadata) {
937
+ throw Error(`Authorization server ${opts.credentialIssuer} metadata not found for namespace ${metadataOpts.storeNamespace} and store ${metadataOpts.storeId}`);
938
+ }
939
+ return metadata;
940
+ }
941
+ async storeId(opts, context) {
942
+ const storeId = opts?.storeId ?? this._opts?.defaultStoreId ?? await context?.agent.oid4vciStoreDefaultStoreId();
943
+ if (!storeId) {
944
+ throw Error("Please provide a store id a default value, or provide the context for a global default store id");
945
+ }
946
+ return storeId;
947
+ }
948
+ async namespace(opts, context) {
949
+ const namespace = opts?.namespace ?? this._opts?.defaultNamespace ?? await context?.agent.oid4vciStoreDefaultNamespace();
950
+ if (!namespace) {
951
+ throw Error("Please provide a namespace a default value, or provide the context for a global default namespace");
952
+ }
953
+ return namespace;
954
+ }
955
+ };
956
+
957
+ // src/index.ts
958
+ var schema = require_plugin_schema();
959
+ //# sourceMappingURL=index.cjs.map