@sphereon/ssi-sdk.presentation-exchange 0.29.0 → 0.29.1-next.104
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/functions.d.ts +4 -4
- package/dist/functions.d.ts.map +1 -1
- package/dist/functions.js +97 -104
- package/dist/functions.js.map +1 -1
- package/dist/types/IPresentationExchange.d.ts +5 -4
- package/dist/types/IPresentationExchange.d.ts.map +1 -1
- package/package.json +9 -7
- package/src/functions.ts +134 -115
- package/src/types/IPresentationExchange.ts +5 -4
package/dist/functions.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { IIdentifierOpts } from '@sphereon/ssi-sdk-ext.did-utils';
|
|
2
|
-
import { IPEXPresentationSignCallback, IRequiredContext } from './types/IPresentationExchange';
|
|
3
|
-
import { ProofFormat } from '@veramo/core';
|
|
4
1
|
import { Format } from '@sphereon/pex-models';
|
|
2
|
+
import { ManagedIdentifierOpts } from '@sphereon/ssi-sdk-ext.identifier-resolution';
|
|
3
|
+
import { ProofFormat } from '@veramo/core';
|
|
4
|
+
import { IPEXPresentationSignCallback, IRequiredContext } from './types/IPresentationExchange';
|
|
5
5
|
export declare function createPEXPresentationSignCallback(args: {
|
|
6
|
-
idOpts:
|
|
6
|
+
idOpts: ManagedIdentifierOpts;
|
|
7
7
|
fetchRemoteContexts?: boolean;
|
|
8
8
|
skipDidResolution?: boolean;
|
|
9
9
|
format?: Format | ProofFormat;
|
package/dist/functions.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"functions.d.ts","sourceRoot":"","sources":["../src/functions.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"functions.d.ts","sourceRoot":"","sources":["../src/functions.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAC7C,OAAO,EAIL,qBAAqB,EACtB,MAAM,6CAA6C,CAAA;AAQpD,OAAO,EAAuB,WAAW,EAAE,MAAM,cAAc,CAAA;AAC/D,OAAO,EAAE,4BAA4B,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAE9F,wBAAsB,iCAAiC,CACrD,IAAI,EAAE;IACJ,MAAM,EAAE,qBAAqB,CAAA;IAC7B,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,iBAAiB,CAAC,EAAE,OAAO,CAAA;IAC3B,MAAM,CAAC,EAAE,MAAM,GAAG,WAAW,CAAA;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,EACD,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,4BAA4B,CAAC,CAyJvC"}
|
package/dist/functions.js
CHANGED
|
@@ -10,130 +10,123 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.createPEXPresentationSignCallback = void 0;
|
|
13
|
-
const
|
|
13
|
+
const ssi_sdk_ext_identifier_resolution_1 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
14
14
|
const ssi_types_1 = require("@sphereon/ssi-types");
|
|
15
15
|
function createPEXPresentationSignCallback(args, context) {
|
|
16
16
|
return __awaiter(this, void 0, void 0, function* () {
|
|
17
|
-
function determineProofFormat(
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
const formatOptions =
|
|
21
|
-
if (formatOptions) {
|
|
22
|
-
|
|
23
|
-
const formats = Object.keys(formatOptions).map((form) => (form.includes('ldp') ? 'lds' : 'jwt'));
|
|
24
|
-
if (!formats.includes('jwt')) {
|
|
25
|
-
proofFormat = 'lds';
|
|
26
|
-
}
|
|
27
|
-
}
|
|
28
|
-
else {
|
|
29
|
-
proofFormat = formatOptions;
|
|
30
|
-
}
|
|
17
|
+
function determineProofFormat(args) {
|
|
18
|
+
const { format, presentationDefinition } = args;
|
|
19
|
+
// All format arguments are optional. So if no format has been given we go for SD-JWT
|
|
20
|
+
const formatOptions = format !== null && format !== void 0 ? format : presentationDefinition.format;
|
|
21
|
+
if (!formatOptions) {
|
|
22
|
+
return 'vc+sd-jwt';
|
|
31
23
|
}
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
var _b, _c, _d, _e, _f, _g;
|
|
36
|
-
const idOpts = args.idOpts;
|
|
37
|
-
const id = yield (0, ssi_sdk_ext_did_utils_1.getIdentifier)(idOpts, context);
|
|
38
|
-
if (typeof idOpts.identifier === 'string') {
|
|
39
|
-
idOpts.identifier = id;
|
|
24
|
+
else if (typeof formatOptions === 'string') {
|
|
25
|
+
// if formatOptions is a singular string we can return that as the format
|
|
26
|
+
return formatOptions;
|
|
40
27
|
}
|
|
41
|
-
|
|
42
|
-
|
|
28
|
+
// here we transform all format options to either lds or jwt. but we also want to support sd-jwt, so we need to specifically check for this one. which is ['vc+sd-jwt']
|
|
29
|
+
const formats = new Set(Object.keys(formatOptions).map((form) => (form.includes('ldp') ? 'lds' : form.includes('vc+sd-jwt') ? 'vc+sd-jwt' : 'jwt')));
|
|
30
|
+
// if we only have 1 format type we can return that
|
|
31
|
+
if (formats.size === 1) {
|
|
32
|
+
return formats.values().next().value;
|
|
43
33
|
}
|
|
44
|
-
|
|
45
|
-
if (
|
|
46
|
-
|
|
47
|
-
key = id.keys.find((key) => { var _a, _b, _c; return ((_b = (_a = key.meta) === null || _a === void 0 ? void 0 : _a.purpose) === null || _b === void 0 ? void 0 : _b.includes((_c = idOpts.verificationMethodSection) !== null && _c !== void 0 ? _c : 'authentication')) === true; });
|
|
48
|
-
}
|
|
49
|
-
if (!key) {
|
|
50
|
-
key = id.keys.find((key) => {
|
|
51
|
-
var _a;
|
|
52
|
-
return !idOpts.kmsKeyRef ||
|
|
53
|
-
key.kid === idOpts.kmsKeyRef ||
|
|
54
|
-
((_a = key.meta) === null || _a === void 0 ? void 0 : _a.jwkThumbprint) === idOpts.kmsKeyRef ||
|
|
55
|
-
`${id.did}#${key.kid}` === idOpts.kmsKeyRef;
|
|
56
|
-
});
|
|
57
|
-
}
|
|
34
|
+
// if we can go for sd-jwt, we go for sd-jwt
|
|
35
|
+
if (formats.has('vc+sd-jwt')) {
|
|
36
|
+
return 'vc+sd-jwt';
|
|
58
37
|
}
|
|
59
|
-
|
|
60
|
-
|
|
38
|
+
// if it is not sd-jwt we would like to go for jwt
|
|
39
|
+
else if (formats.has('jwt')) {
|
|
40
|
+
return 'jwt';
|
|
61
41
|
}
|
|
62
|
-
|
|
63
|
-
|
|
42
|
+
// else we go for lds
|
|
43
|
+
return 'lds';
|
|
44
|
+
}
|
|
45
|
+
return (_a) => __awaiter(this, [_a], void 0, function* ({ presentation, domain, presentationDefinition, format, challenge, }) {
|
|
46
|
+
var _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
|
|
47
|
+
const proofFormat = determineProofFormat({ format, presentationDefinition });
|
|
48
|
+
const { idOpts } = args;
|
|
49
|
+
const CLOCK_SKEW = 120;
|
|
50
|
+
if (args.skipDidResolution && (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidOpts)(idOpts)) {
|
|
51
|
+
idOpts.offlineWhenNoDIDRegistered = true;
|
|
64
52
|
}
|
|
65
|
-
|
|
66
|
-
if (
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
vm = vms.find((vm) => vm.publicKeyHex === key.publicKeyHex);
|
|
70
|
-
if (!vm) {
|
|
71
|
-
throw Error(`Could not resolve DID document or match signing key to did ${idOpts.identifier.did}`);
|
|
53
|
+
const resolution = yield context.agent.identifierManagedGet(idOpts);
|
|
54
|
+
if ('compactSdJwtVc' in presentation) {
|
|
55
|
+
if (proofFormat !== 'vc+sd-jwt') {
|
|
56
|
+
return Promise.reject(Error(`presentation payload does not match proof format ${proofFormat}`));
|
|
72
57
|
}
|
|
58
|
+
const presentationResult = yield context.agent.createSdJwtPresentation({
|
|
59
|
+
presentation: presentation.compactSdJwtVc,
|
|
60
|
+
kb: {
|
|
61
|
+
payload: Object.assign(Object.assign({}, (_b = presentation.kbJwt) === null || _b === void 0 ? void 0 : _b.payload), { iat: (_e = (_d = (_c = presentation.kbJwt) === null || _c === void 0 ? void 0 : _c.payload) === null || _d === void 0 ? void 0 : _d.iat) !== null && _e !== void 0 ? _e : Math.floor(Date.now() / 1000 - CLOCK_SKEW), nonce: challenge !== null && challenge !== void 0 ? challenge : (_g = (_f = presentation.kbJwt) === null || _f === void 0 ? void 0 : _f.payload) === null || _g === void 0 ? void 0 : _g.nonce, aud: (_k = (_j = (_h = presentation.kbJwt) === null || _h === void 0 ? void 0 : _h.payload) === null || _j === void 0 ? void 0 : _j.aud) !== null && _k !== void 0 ? _k : resolution.issuer }),
|
|
62
|
+
},
|
|
63
|
+
});
|
|
64
|
+
return ssi_types_1.CredentialMapper.storedPresentationToOriginalFormat(presentationResult.presentation);
|
|
73
65
|
}
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
header = {
|
|
82
|
-
kid: kid.includes('#') ? kid : `${id.did}#${kid}`,
|
|
83
|
-
};
|
|
84
|
-
if (presentation.verifier || !presentation.aud) {
|
|
85
|
-
presentation.aud = Array.isArray(presentation.verifier) ? presentation.verifier : ((_g = (_f = presentation.verifier) !== null && _f !== void 0 ? _f : domain) !== null && _g !== void 0 ? _g : args.domain);
|
|
86
|
-
delete presentation.verifier;
|
|
66
|
+
else {
|
|
67
|
+
if (proofFormat === 'vc+sd-jwt') {
|
|
68
|
+
return Promise.reject(Error(`presentation payload does not match proof format ${proofFormat}`));
|
|
69
|
+
}
|
|
70
|
+
let header;
|
|
71
|
+
if (!presentation.holder) {
|
|
72
|
+
presentation.holder = resolution.issuer;
|
|
87
73
|
}
|
|
88
|
-
if (
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
74
|
+
if (proofFormat === 'jwt') {
|
|
75
|
+
header = Object.assign(Object.assign({}, (((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidResult)(resolution) || (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierX5cResult)(resolution)) && resolution.kid && { kid: resolution.kid })), ((0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierX5cResult)(resolution) && { jwk: resolution.jwk }));
|
|
76
|
+
if (presentation.verifier || !presentation.aud) {
|
|
77
|
+
presentation.aud = Array.isArray(presentation.verifier) ? presentation.verifier : ((_m = (_l = presentation.verifier) !== null && _l !== void 0 ? _l : domain) !== null && _m !== void 0 ? _m : args.domain);
|
|
78
|
+
delete presentation.verifier;
|
|
79
|
+
}
|
|
80
|
+
if (!presentation.nbf) {
|
|
81
|
+
if (presentation.issuanceDate) {
|
|
82
|
+
const converted = Date.parse(presentation.issuanceDate);
|
|
83
|
+
if (!isNaN(converted)) {
|
|
84
|
+
presentation.nbf = Math.floor(converted / 1000); // no skew here, as an explicit value was given
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
else {
|
|
88
|
+
presentation.nbf = Math.floor(Date.now() / 1000 - CLOCK_SKEW);
|
|
93
89
|
}
|
|
94
90
|
}
|
|
95
|
-
|
|
96
|
-
presentation.
|
|
91
|
+
if (!presentation.iat) {
|
|
92
|
+
presentation.iat = presentation.nbf;
|
|
97
93
|
}
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
presentation.exp =
|
|
94
|
+
if (!presentation.exp) {
|
|
95
|
+
if (presentation.expirationDate) {
|
|
96
|
+
const converted = Date.parse(presentation.expirationDate);
|
|
97
|
+
if (!isNaN(converted)) {
|
|
98
|
+
presentation.exp = Math.floor(converted / 1000); // no skew here as an explicit value w as given
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
else {
|
|
102
|
+
presentation.exp = presentation.nbf + 600 + CLOCK_SKEW;
|
|
107
103
|
}
|
|
108
104
|
}
|
|
109
|
-
|
|
110
|
-
presentation.
|
|
105
|
+
if (!presentation.vp) {
|
|
106
|
+
presentation.vp = {};
|
|
107
|
+
}
|
|
108
|
+
/*if (!presentation.sub) {
|
|
109
|
+
presentation.sub = id.did
|
|
110
|
+
}*/
|
|
111
|
+
if (!presentation.vp.holder) {
|
|
112
|
+
presentation.vp.holder = presentation.holder;
|
|
111
113
|
}
|
|
112
114
|
}
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
115
|
+
// we ignore the alg / proof_format for now, as we already have the kid anyway at this point
|
|
116
|
+
// todo: look for jwt_vc_json and remove types and @context
|
|
117
|
+
const vp = yield context.agent.createVerifiablePresentation({
|
|
118
|
+
presentation: presentation,
|
|
119
|
+
removeOriginalFields: false,
|
|
120
|
+
keyRef: resolution.kmsKeyRef,
|
|
121
|
+
// domain: domain ?? args.domain, // handled above, and did-jwt-vc creates an array even for 1 entry
|
|
122
|
+
challenge: challenge !== null && challenge !== void 0 ? challenge : args.challenge,
|
|
123
|
+
fetchRemoteContexts: args.fetchRemoteContexts !== false,
|
|
124
|
+
proofFormat: proofFormat,
|
|
125
|
+
header,
|
|
126
|
+
});
|
|
127
|
+
// makes sure we extract an actual JWT from the internal representation in case it is a JWT
|
|
128
|
+
return ssi_types_1.CredentialMapper.storedPresentationToOriginalFormat(vp);
|
|
122
129
|
}
|
|
123
|
-
// we ignore the alg / proof_format for now, as we already have the kid anyway at this point
|
|
124
|
-
// todo: look for jwt_vc_json and remove types and @context
|
|
125
|
-
const vp = yield context.agent.createVerifiablePresentation({
|
|
126
|
-
presentation: presentation,
|
|
127
|
-
removeOriginalFields: false,
|
|
128
|
-
keyRef: key.kid,
|
|
129
|
-
// domain: domain ?? args.domain, // handled above, and did-jwt-vc creates an array even for 1 entry
|
|
130
|
-
challenge: challenge !== null && challenge !== void 0 ? challenge : args.challenge,
|
|
131
|
-
fetchRemoteContexts: args.fetchRemoteContexts !== false,
|
|
132
|
-
proofFormat,
|
|
133
|
-
header,
|
|
134
|
-
});
|
|
135
|
-
// makes sure we extract an actual JWT from the internal representation in case it is a JWT
|
|
136
|
-
return ssi_types_1.CredentialMapper.storedPresentationToOriginalFormat(vp);
|
|
137
130
|
});
|
|
138
131
|
});
|
|
139
132
|
}
|
package/dist/functions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"functions.js","sourceRoot":"","sources":["../src/functions.ts"],"names":[],"mappings":";;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"functions.js","sourceRoot":"","sources":["../src/functions.ts"],"names":[],"mappings":";;;;;;;;;;;;AAEA,mGAKoD;AACpD,mDAM4B;AAI5B,SAAsB,iCAAiC,CACrD,IAOC,EACD,OAAyB;;QAEzB,SAAS,oBAAoB,CAAC,IAG7B;YACC,MAAM,EAAE,MAAM,EAAE,sBAAsB,EAAE,GAAG,IAAI,CAAA;YAE/C,qFAAqF;YACrF,MAAM,aAAa,GAAG,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,sBAAsB,CAAC,MAAM,CAAA;YAC7D,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,OAAO,WAAW,CAAA;YACpB,CAAC;iBAAM,IAAI,OAAO,aAAa,KAAK,QAAQ,EAAE,CAAC;gBAC7C,yEAAyE;gBACzE,OAAO,aAAa,CAAA;YACtB,CAAC;YAED,uKAAuK;YACvK,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAC5H,CAAA;YAED,mDAAmD;YACnD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;gBACvB,OAAO,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAA;YACtC,CAAC;YAED,4CAA4C;YAC5C,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC7B,OAAO,WAAW,CAAA;YACpB,CAAC;YACD,kDAAkD;iBAC7C,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,OAAO,KAAK,CAAA;YACd,CAAC;YAED,qBAAqB;YACrB,OAAO,KAAK,CAAA;QACd,CAAC;QAED,OAAO,KAYgC,EAAE,0CAZ3B,EACZ,YAAY,EACZ,MAAM,EACN,sBAAsB,EACtB,MAAM,EACN,SAAS,GAOV;;YACC,MAAM,WAAW,GAAG,oBAAoB,CAAC,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC,CAAA;YAC5E,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;YACvB,MAAM,UAAU,GAAG,GAAG,CAAA;YACtB,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAA,8DAA0B,EAAC,MAAM,CAAC,EAAE,CAAC;gBACjE,MAAM,CAAC,0BAA0B,GAAG,IAAI,CAAA;YAC1C,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAA;YAEnE,IAAI,gBAAgB,IAAI,YAAY,EAAE,CAAC;gBACrC,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;oBAChC,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,WAAW,EAAE,CAAC,CAAC,CAAA;gBACjG,CAAC;gBAED,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC;oBACrE,YAAY,EAAE,YAAY,CAAC,cAAc;oBACzC,EAAE,EAAE;wBACF,OAAO,kCACF,MAAA,YAAY,CAAC,KAAK,0CAAE,OAAO,KAC9B,GAAG,EAAE,MAAA,MAAA,MAAA,YAAY,CAAC,KAAK,0CAAE,OAAO,0CAAE,GAAG,mCAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,UAAU,CAAC,EACnF,KAAK,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,MAAA,MAAA,YAAY,CAAC,KAAK,0CAAE,OAAO,0CAAE,KAAK,EACtD,GAAG,EAAE,MAAA,MAAA,MAAA,YAAY,CAAC,KAAK,0CAAE,OAAO,0CAAE,GAAG,mCAAI,UAAU,CAAC,MAAM,GAC3D;qBACF;iBACF,CAAC,CAAA;gBAEF,OAAO,4BAAgB,CAAC,kCAAkC,CAAC,kBAAkB,CAAC,YAA8C,CAAC,CAAA;YAC/H,CAAC;iBAAM,CAAC;gBACN,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;oBAChC,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,WAAW,EAAE,CAAC,CAAC,CAAA;gBACjG,CAAC;gBACD,IAAI,MAAM,CAAA;gBACV,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC;oBACzB,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAA;gBACzC,CAAC;gBACD,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;oBAC1B,MAAM,mCACD,CAAC,CAAC,IAAA,gEAA4B,EAAC,UAAU,CAAC,IAAI,IAAA,gEAA4B,EAAC,UAAU,CAAC,CAAC,IAAI,UAAU,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,GACrI,CAAC,IAAA,gEAA4B,EAAC,UAAU,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,CACzE,CAAA;oBACD,IAAI,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;wBAC/C,YAAY,CAAC,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAA,MAAA,YAAY,CAAC,QAAQ,mCAAI,MAAM,mCAAI,IAAI,CAAC,MAAM,CAAC,CAAA;wBAClI,OAAO,YAAY,CAAC,QAAQ,CAAA;oBAC9B,CAAC;oBAED,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;wBACtB,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;4BAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,YAAY,CAAC,CAAA;4BACvD,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;gCACtB,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,CAAA,CAAC,+CAA+C;4BACjG,CAAC;wBACH,CAAC;6BAAM,CAAC;4BACN,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,UAAU,CAAC,CAAA;wBAC/D,CAAC;oBACH,CAAC;oBAED,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;wBACtB,YAAY,CAAC,GAAG,GAAG,YAAY,CAAC,GAAG,CAAA;oBACrC,CAAC;oBAED,IAAI,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;wBACtB,IAAI,YAAY,CAAC,cAAc,EAAE,CAAC;4BAChC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,cAAc,CAAC,CAAA;4BACzD,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;gCACtB,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,CAAA,CAAC,+CAA+C;4BACjG,CAAC;wBACH,CAAC;6BAAM,CAAC;4BACN,YAAY,CAAC,GAAG,GAAG,YAAY,CAAC,GAAG,GAAG,GAAG,GAAG,UAAU,CAAA;wBACxD,CAAC;oBACH,CAAC;oBAED,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;wBACrB,YAAY,CAAC,EAAE,GAAG,EAAE,CAAA;oBACtB,CAAC;oBACD;;uBAEG;oBACH,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC;wBAC5B,YAAY,CAAC,EAAE,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAA;oBAC9C,CAAC;gBACH,CAAC;gBAED,4FAA4F;gBAE5F,2DAA2D;gBAE3D,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC;oBAC1D,YAAY,EAAE,YAAmC;oBACjD,oBAAoB,EAAE,KAAK;oBAC3B,MAAM,EAAE,UAAU,CAAC,SAAS;oBAC5B,oGAAoG;oBACpG,SAAS,EAAE,SAAS,aAAT,SAAS,cAAT,SAAS,GAAI,IAAI,CAAC,SAAS;oBACtC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB,KAAK,KAAK;oBACvD,WAAW,EAAE,WAA0B;oBACvC,MAAM;iBACP,CAAC,CAAA;gBAEF,2FAA2F;gBAC3F,OAAO,4BAAgB,CAAC,kCAAkC,CAAC,EAAoC,CAAC,CAAA;YAClG,CAAC;QACH,CAAC,CAAA,CAAA;IACH,CAAC;CAAA;AAnKD,8EAmKC"}
|
|
@@ -1,9 +1,10 @@
|
|
|
1
|
+
import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution';
|
|
1
2
|
import { IAgentContext, ICredentialPlugin, IDataStoreORM, IDIDManager, IIdentifier, IPluginMethodMap, IResolver, PresentationPayload } from '@veramo/core';
|
|
2
|
-
import { IPresentation, Optional, W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types';
|
|
3
|
+
import { IPresentation, Optional, SdJwtDecodedVerifiableCredential, W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types';
|
|
3
4
|
import { IPresentationDefinition, PEVersion, SelectResults } from '@sphereon/pex';
|
|
4
5
|
import { Format, InputDescriptorV1, InputDescriptorV2 } from '@sphereon/pex-models';
|
|
5
|
-
import { ICredentialStore } from '@sphereon/ssi-sdk.credential-store';
|
|
6
6
|
import { CredentialRole, FindDigitalCredentialArgs } from '@sphereon/ssi-sdk.data-store';
|
|
7
|
+
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
|
|
7
8
|
export interface IPresentationExchange extends IPluginMethodMap {
|
|
8
9
|
pexValidateDefinition(args: IDefinitionValidateArgs): Promise<boolean>;
|
|
9
10
|
pexDefinitionVersion(presentationDefinition: IPresentationDefinition): Promise<VersionDiscoveryResult>;
|
|
@@ -47,8 +48,8 @@ export interface VersionDiscoveryResult {
|
|
|
47
48
|
}
|
|
48
49
|
export type IPEXPresentationSignCallback = (args: IPEXPresentationSignCallBackParams) => Promise<W3CVerifiablePresentation>;
|
|
49
50
|
export interface IPEXPresentationSignCallBackParams {
|
|
50
|
-
presentation: IPresentation | Optional<PresentationPayload, 'holder'
|
|
51
|
+
presentation: IPresentation | Optional<PresentationPayload, 'holder'> | SdJwtDecodedVerifiableCredential;
|
|
51
52
|
presentationDefinition: IPresentationDefinition;
|
|
52
53
|
}
|
|
53
|
-
export type IRequiredContext = IAgentContext<IDataStoreORM & IResolver & IDIDManager & ICredentialPlugin &
|
|
54
|
+
export type IRequiredContext = IAgentContext<IDataStoreORM & IResolver & IDIDManager & IIdentifierResolution & ICredentialPlugin & ISDJwtPlugin>;
|
|
54
55
|
//# sourceMappingURL=IPresentationExchange.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IPresentationExchange.d.ts","sourceRoot":"","sources":["../../src/types/IPresentationExchange.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,mBAAmB,EACpB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"IPresentationExchange.d.ts","sourceRoot":"","sources":["../../src/types/IPresentationExchange.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,6CAA6C,CAAA;AACnF,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,aAAa,EACb,WAAW,EACX,WAAW,EACX,gBAAgB,EAChB,SAAS,EACT,mBAAmB,EACpB,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,gCAAgC,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAA;AACnJ,OAAO,EAAE,uBAAuB,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AACjF,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACnF,OAAO,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAA;AACxF,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAEvD,MAAM,WAAW,qBAAsB,SAAQ,gBAAgB;IAC7D,qBAAqB,CAAC,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IAEtE,oBAAoB,CAAC,sBAAsB,EAAE,uBAAuB,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAAA;IAEtG,8BAA8B,CAAC,IAAI,EAAE,+BAA+B,EAAE,OAAO,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAE3H,gDAAgD,CAC9C,IAAI,EAAE,+BAA+B,EACrC,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,mCAAmC,EAAE,CAAC,CAAA;CAClD;AAED,MAAM,WAAW,uBAAuB;IACtC,UAAU,EAAE,uBAAuB,CAAA;CACpC;AAED,MAAM,WAAW,+BAA+B;IAC9C,sBAAsB,EAAE,uBAAuB,CAAA;IAC/C,oBAAoB,EAAE;QACpB,cAAc,EAAE,cAAc,CAAA;QAC9B,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAA;QACjD,MAAM,CAAC,EAAE,yBAAyB,CAAA;KACnC,CAAA;IACD,UAAU,CAAC,EAAE,CAAC,MAAM,GAAG,WAAW,CAAC,EAAE,CAAA;IACrC,8BAA8B,CAAC,EAAE,MAAM,EAAE,CAAA;IACzC,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAA;CAChC;AAED,MAAM,WAAW,OAAO;IACtB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAED,MAAM,WAAW,WAAW;IAE1B,UAAU,CAAC,EAAE,uBAAuB,CAAA;IACpC,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,mCAAoC,SAAQ,gBAAgB;IAC3E,eAAe,EAAE,iBAAiB,GAAG,iBAAiB,CAAA;CACvD;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,aAAa,EAAE,aAAa,CAAA;IAC5B,mBAAmB,EAAE,uBAAuB,EAAE,CAAA;CAC/C;AAED,MAAM,WAAW,sBAAsB;IACrC,OAAO,CAAC,EAAE,SAAS,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAED,MAAM,MAAM,4BAA4B,GAAG,CAAC,IAAI,EAAE,kCAAkC,KAAK,OAAO,CAAC,yBAAyB,CAAC,CAAA;AAE3H,MAAM,WAAW,kCAAkC;IACjD,YAAY,EAAE,aAAa,GAAG,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,GAAG,gCAAgC,CAAA;IACxG,sBAAsB,EAAE,uBAAuB,CAAA;CAChD;AAED,MAAM,MAAM,gBAAgB,GAAG,aAAa,CAAC,aAAa,GAAG,SAAS,GAAG,WAAW,GAAG,qBAAqB,GAAG,iBAAiB,GAAG,YAAY,CAAC,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk.presentation-exchange",
|
|
3
|
-
"version": "0.29.
|
|
3
|
+
"version": "0.29.1-next.104+f55b05ba",
|
|
4
4
|
"source": "src/index.ts",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -16,15 +16,17 @@
|
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@sphereon/pex": "^4.0.1",
|
|
18
18
|
"@sphereon/pex-models": "^2.2.4",
|
|
19
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.24.
|
|
20
|
-
"@sphereon/ssi-sdk.
|
|
21
|
-
"@sphereon/ssi-sdk.
|
|
22
|
-
"@sphereon/ssi-
|
|
19
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.24.1-next.96",
|
|
20
|
+
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.24.1-next.96",
|
|
21
|
+
"@sphereon/ssi-sdk.credential-store": "0.29.1-next.104+f55b05ba",
|
|
22
|
+
"@sphereon/ssi-sdk.data-store": "0.29.1-next.104+f55b05ba",
|
|
23
|
+
"@sphereon/ssi-sdk.sd-jwt": "0.29.1-next.104+f55b05ba",
|
|
24
|
+
"@sphereon/ssi-types": "0.29.1-next.104+f55b05ba",
|
|
23
25
|
"@veramo/core": "4.2.0"
|
|
24
26
|
},
|
|
25
27
|
"devDependencies": {
|
|
26
28
|
"@sphereon/did-uni-client": "^0.6.3",
|
|
27
|
-
"@sphereon/ssi-sdk.agent-config": "0.29.
|
|
29
|
+
"@sphereon/ssi-sdk.agent-config": "0.29.1-next.104+f55b05ba",
|
|
28
30
|
"@types/json-buffer": "^3.0.2",
|
|
29
31
|
"@veramo/did-provider-key": "4.2.0",
|
|
30
32
|
"@veramo/did-resolver": "4.2.0",
|
|
@@ -61,5 +63,5 @@
|
|
|
61
63
|
"OpenID Connect",
|
|
62
64
|
"Authenticator"
|
|
63
65
|
],
|
|
64
|
-
"gitHead": "
|
|
66
|
+
"gitHead": "f55b05baa77e2a8acb72d5e74f3db710ef898958"
|
|
65
67
|
}
|
package/src/functions.ts
CHANGED
|
@@ -1,14 +1,24 @@
|
|
|
1
|
-
import { dereferenceDidKeysWithJwkSupport, getAgentResolver, getIdentifier, getKey, IIdentifierOpts } from '@sphereon/ssi-sdk-ext.did-utils'
|
|
2
|
-
import { _NormalizedVerificationMethod } from '@veramo/utils'
|
|
3
|
-
import { IPEXPresentationSignCallback, IRequiredContext } from './types/IPresentationExchange'
|
|
4
1
|
import { IPresentationDefinition } from '@sphereon/pex'
|
|
5
|
-
import { IKey, PresentationPayload, ProofFormat } from '@veramo/core'
|
|
6
|
-
import { CredentialMapper, Optional, OriginalVerifiablePresentation, W3CVerifiablePresentation } from '@sphereon/ssi-types'
|
|
7
2
|
import { Format } from '@sphereon/pex-models'
|
|
3
|
+
import {
|
|
4
|
+
isManagedIdentifierDidOpts,
|
|
5
|
+
isManagedIdentifierDidResult,
|
|
6
|
+
isManagedIdentifierX5cResult,
|
|
7
|
+
ManagedIdentifierOpts,
|
|
8
|
+
} from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
9
|
+
import {
|
|
10
|
+
CredentialMapper,
|
|
11
|
+
Optional,
|
|
12
|
+
OriginalVerifiablePresentation,
|
|
13
|
+
SdJwtDecodedVerifiableCredential,
|
|
14
|
+
W3CVerifiablePresentation,
|
|
15
|
+
} from '@sphereon/ssi-types'
|
|
16
|
+
import { PresentationPayload, ProofFormat } from '@veramo/core'
|
|
17
|
+
import { IPEXPresentationSignCallback, IRequiredContext } from './types/IPresentationExchange'
|
|
8
18
|
|
|
9
19
|
export async function createPEXPresentationSignCallback(
|
|
10
20
|
args: {
|
|
11
|
-
idOpts:
|
|
21
|
+
idOpts: ManagedIdentifierOpts
|
|
12
22
|
fetchRemoteContexts?: boolean
|
|
13
23
|
skipDidResolution?: boolean
|
|
14
24
|
format?: Format | ProofFormat
|
|
@@ -17,26 +27,42 @@ export async function createPEXPresentationSignCallback(
|
|
|
17
27
|
},
|
|
18
28
|
context: IRequiredContext,
|
|
19
29
|
): Promise<IPEXPresentationSignCallback> {
|
|
20
|
-
function determineProofFormat({
|
|
21
|
-
format,
|
|
22
|
-
presentationDefinition,
|
|
23
|
-
}: {
|
|
30
|
+
function determineProofFormat(args: {
|
|
24
31
|
format?: Format | 'jwt' | 'lds' | 'EthereumEip712Signature2021'
|
|
25
32
|
presentationDefinition: IPresentationDefinition
|
|
26
|
-
}) {
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
if
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
33
|
+
}): string {
|
|
34
|
+
const { format, presentationDefinition } = args
|
|
35
|
+
|
|
36
|
+
// All format arguments are optional. So if no format has been given we go for SD-JWT
|
|
37
|
+
const formatOptions = format ?? presentationDefinition.format
|
|
38
|
+
if (!formatOptions) {
|
|
39
|
+
return 'vc+sd-jwt'
|
|
40
|
+
} else if (typeof formatOptions === 'string') {
|
|
41
|
+
// if formatOptions is a singular string we can return that as the format
|
|
42
|
+
return formatOptions
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
// here we transform all format options to either lds or jwt. but we also want to support sd-jwt, so we need to specifically check for this one. which is ['vc+sd-jwt']
|
|
46
|
+
const formats = new Set(
|
|
47
|
+
Object.keys(formatOptions).map((form) => (form.includes('ldp') ? 'lds' : form.includes('vc+sd-jwt') ? 'vc+sd-jwt' : 'jwt')),
|
|
48
|
+
)
|
|
49
|
+
|
|
50
|
+
// if we only have 1 format type we can return that
|
|
51
|
+
if (formats.size === 1) {
|
|
52
|
+
return formats.values().next().value
|
|
38
53
|
}
|
|
39
|
-
|
|
54
|
+
|
|
55
|
+
// if we can go for sd-jwt, we go for sd-jwt
|
|
56
|
+
if (formats.has('vc+sd-jwt')) {
|
|
57
|
+
return 'vc+sd-jwt'
|
|
58
|
+
}
|
|
59
|
+
// if it is not sd-jwt we would like to go for jwt
|
|
60
|
+
else if (formats.has('jwt')) {
|
|
61
|
+
return 'jwt'
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// else we go for lds
|
|
65
|
+
return 'lds'
|
|
40
66
|
}
|
|
41
67
|
|
|
42
68
|
return async ({
|
|
@@ -46,118 +72,111 @@ export async function createPEXPresentationSignCallback(
|
|
|
46
72
|
format,
|
|
47
73
|
challenge,
|
|
48
74
|
}: {
|
|
49
|
-
presentation: Optional<PresentationPayload, 'holder'>
|
|
75
|
+
presentation: Optional<PresentationPayload, 'holder'> | SdJwtDecodedVerifiableCredential
|
|
50
76
|
presentationDefinition: IPresentationDefinition
|
|
51
77
|
format?: Format | ProofFormat
|
|
52
78
|
domain?: string
|
|
53
79
|
challenge?: string
|
|
54
80
|
}): Promise<W3CVerifiablePresentation> => {
|
|
55
|
-
const
|
|
56
|
-
const
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
if (!presentation.holder) {
|
|
61
|
-
presentation.holder = id.did
|
|
81
|
+
const proofFormat = determineProofFormat({ format, presentationDefinition })
|
|
82
|
+
const { idOpts } = args
|
|
83
|
+
const CLOCK_SKEW = 120
|
|
84
|
+
if (args.skipDidResolution && isManagedIdentifierDidOpts(idOpts)) {
|
|
85
|
+
idOpts.offlineWhenNoDIDRegistered = true
|
|
62
86
|
}
|
|
63
|
-
let key: IKey | undefined
|
|
64
87
|
|
|
65
|
-
|
|
66
|
-
if (!idOpts.kmsKeyRef) {
|
|
67
|
-
key = id.keys.find((key) => key.meta?.purpose?.includes(idOpts.verificationMethodSection ?? 'authentication') === true)
|
|
68
|
-
}
|
|
69
|
-
if (!key) {
|
|
70
|
-
key = id.keys.find(
|
|
71
|
-
(key) =>
|
|
72
|
-
!idOpts.kmsKeyRef ||
|
|
73
|
-
key.kid === idOpts.kmsKeyRef ||
|
|
74
|
-
key.meta?.jwkThumbprint === idOpts.kmsKeyRef ||
|
|
75
|
-
`${id.did}#${key.kid}` === idOpts.kmsKeyRef,
|
|
76
|
-
)
|
|
77
|
-
}
|
|
78
|
-
} else {
|
|
79
|
-
key = await getKey({ identifier: id, vmRelationship: 'authentication', kmsKeyRef: idOpts.kmsKeyRef }, context)
|
|
80
|
-
}
|
|
88
|
+
const resolution = await context.agent.identifierManagedGet(idOpts)
|
|
81
89
|
|
|
82
|
-
if (
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
let vm: _NormalizedVerificationMethod | undefined = undefined
|
|
86
|
-
if (args.skipDidResolution !== true) {
|
|
87
|
-
const didResolution = await getAgentResolver(context).resolve(idOpts.identifier.did)
|
|
88
|
-
const vms = await dereferenceDidKeysWithJwkSupport(didResolution.didDocument!, idOpts.verificationMethodSection ?? 'authentication', context)
|
|
89
|
-
vm = vms.find((vm) => vm.publicKeyHex === key.publicKeyHex)
|
|
90
|
-
if (!vm) {
|
|
91
|
-
throw Error(`Could not resolve DID document or match signing key to did ${idOpts.identifier.did}`)
|
|
90
|
+
if ('compactSdJwtVc' in presentation) {
|
|
91
|
+
if (proofFormat !== 'vc+sd-jwt') {
|
|
92
|
+
return Promise.reject(Error(`presentation payload does not match proof format ${proofFormat}`))
|
|
92
93
|
}
|
|
93
|
-
}
|
|
94
94
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
95
|
+
const presentationResult = await context.agent.createSdJwtPresentation({
|
|
96
|
+
presentation: presentation.compactSdJwtVc,
|
|
97
|
+
kb: {
|
|
98
|
+
payload: {
|
|
99
|
+
...presentation.kbJwt?.payload,
|
|
100
|
+
iat: presentation.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1000 - CLOCK_SKEW),
|
|
101
|
+
nonce: challenge ?? presentation.kbJwt?.payload?.nonce,
|
|
102
|
+
aud: presentation.kbJwt?.payload?.aud ?? resolution.issuer,
|
|
103
|
+
},
|
|
104
|
+
},
|
|
105
|
+
})
|
|
106
|
+
|
|
107
|
+
return CredentialMapper.storedPresentationToOriginalFormat(presentationResult.presentation as OriginalVerifiablePresentation)
|
|
108
|
+
} else {
|
|
109
|
+
if (proofFormat === 'vc+sd-jwt') {
|
|
110
|
+
return Promise.reject(Error(`presentation payload does not match proof format ${proofFormat}`))
|
|
104
111
|
}
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
112
|
+
let header
|
|
113
|
+
if (!presentation.holder) {
|
|
114
|
+
presentation.holder = resolution.issuer
|
|
108
115
|
}
|
|
109
|
-
if (
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
116
|
+
if (proofFormat === 'jwt') {
|
|
117
|
+
header = {
|
|
118
|
+
...((isManagedIdentifierDidResult(resolution) || isManagedIdentifierX5cResult(resolution)) && resolution.kid && { kid: resolution.kid }),
|
|
119
|
+
...(isManagedIdentifierX5cResult(resolution) && { jwk: resolution.jwk }),
|
|
120
|
+
}
|
|
121
|
+
if (presentation.verifier || !presentation.aud) {
|
|
122
|
+
presentation.aud = Array.isArray(presentation.verifier) ? presentation.verifier : (presentation.verifier ?? domain ?? args.domain)
|
|
123
|
+
delete presentation.verifier
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
if (!presentation.nbf) {
|
|
127
|
+
if (presentation.issuanceDate) {
|
|
128
|
+
const converted = Date.parse(presentation.issuanceDate)
|
|
129
|
+
if (!isNaN(converted)) {
|
|
130
|
+
presentation.nbf = Math.floor(converted / 1000) // no skew here, as an explicit value was given
|
|
131
|
+
}
|
|
132
|
+
} else {
|
|
133
|
+
presentation.nbf = Math.floor(Date.now() / 1000 - CLOCK_SKEW)
|
|
114
134
|
}
|
|
115
|
-
} else {
|
|
116
|
-
presentation.nbf = Math.floor(Date.now() / 1000 - 120)
|
|
117
135
|
}
|
|
118
|
-
}
|
|
119
136
|
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
137
|
+
if (!presentation.iat) {
|
|
138
|
+
presentation.iat = presentation.nbf
|
|
139
|
+
}
|
|
123
140
|
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
141
|
+
if (!presentation.exp) {
|
|
142
|
+
if (presentation.expirationDate) {
|
|
143
|
+
const converted = Date.parse(presentation.expirationDate)
|
|
144
|
+
if (!isNaN(converted)) {
|
|
145
|
+
presentation.exp = Math.floor(converted / 1000) // no skew here as an explicit value w as given
|
|
146
|
+
}
|
|
147
|
+
} else {
|
|
148
|
+
presentation.exp = presentation.nbf + 600 + CLOCK_SKEW
|
|
129
149
|
}
|
|
130
|
-
} else {
|
|
131
|
-
presentation.exp = presentation.nbf + 600 + 120
|
|
132
150
|
}
|
|
133
|
-
}
|
|
134
151
|
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
152
|
+
if (!presentation.vp) {
|
|
153
|
+
presentation.vp = {}
|
|
154
|
+
}
|
|
155
|
+
/*if (!presentation.sub) {
|
|
156
|
+
presentation.sub = id.did
|
|
157
|
+
}*/
|
|
158
|
+
if (!presentation.vp.holder) {
|
|
159
|
+
presentation.vp.holder = presentation.holder
|
|
160
|
+
}
|
|
143
161
|
}
|
|
144
|
-
}
|
|
145
162
|
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
163
|
+
// we ignore the alg / proof_format for now, as we already have the kid anyway at this point
|
|
164
|
+
|
|
165
|
+
// todo: look for jwt_vc_json and remove types and @context
|
|
166
|
+
|
|
167
|
+
const vp = await context.agent.createVerifiablePresentation({
|
|
168
|
+
presentation: presentation as PresentationPayload,
|
|
169
|
+
removeOriginalFields: false,
|
|
170
|
+
keyRef: resolution.kmsKeyRef,
|
|
171
|
+
// domain: domain ?? args.domain, // handled above, and did-jwt-vc creates an array even for 1 entry
|
|
172
|
+
challenge: challenge ?? args.challenge,
|
|
173
|
+
fetchRemoteContexts: args.fetchRemoteContexts !== false,
|
|
174
|
+
proofFormat: proofFormat as ProofFormat,
|
|
175
|
+
header,
|
|
176
|
+
})
|
|
177
|
+
|
|
178
|
+
// makes sure we extract an actual JWT from the internal representation in case it is a JWT
|
|
179
|
+
return CredentialMapper.storedPresentationToOriginalFormat(vp as OriginalVerifiablePresentation)
|
|
180
|
+
}
|
|
162
181
|
}
|
|
163
182
|
}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution'
|
|
1
2
|
import {
|
|
2
3
|
IAgentContext,
|
|
3
4
|
ICredentialPlugin,
|
|
@@ -8,11 +9,11 @@ import {
|
|
|
8
9
|
IResolver,
|
|
9
10
|
PresentationPayload,
|
|
10
11
|
} from '@veramo/core'
|
|
11
|
-
import { IPresentation, Optional, W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types'
|
|
12
|
+
import { IPresentation, Optional, SdJwtDecodedVerifiableCredential, W3CVerifiableCredential, W3CVerifiablePresentation } from '@sphereon/ssi-types'
|
|
12
13
|
import { IPresentationDefinition, PEVersion, SelectResults } from '@sphereon/pex'
|
|
13
14
|
import { Format, InputDescriptorV1, InputDescriptorV2 } from '@sphereon/pex-models'
|
|
14
|
-
import { ICredentialStore } from '@sphereon/ssi-sdk.credential-store'
|
|
15
15
|
import { CredentialRole, FindDigitalCredentialArgs } from '@sphereon/ssi-sdk.data-store'
|
|
16
|
+
import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
|
|
16
17
|
|
|
17
18
|
export interface IPresentationExchange extends IPluginMethodMap {
|
|
18
19
|
pexValidateDefinition(args: IDefinitionValidateArgs): Promise<boolean>
|
|
@@ -73,8 +74,8 @@ export interface VersionDiscoveryResult {
|
|
|
73
74
|
export type IPEXPresentationSignCallback = (args: IPEXPresentationSignCallBackParams) => Promise<W3CVerifiablePresentation>
|
|
74
75
|
|
|
75
76
|
export interface IPEXPresentationSignCallBackParams {
|
|
76
|
-
presentation: IPresentation | Optional<PresentationPayload, 'holder'>
|
|
77
|
+
presentation: IPresentation | Optional<PresentationPayload, 'holder'> | SdJwtDecodedVerifiableCredential
|
|
77
78
|
presentationDefinition: IPresentationDefinition
|
|
78
79
|
}
|
|
79
80
|
|
|
80
|
-
export type IRequiredContext = IAgentContext<IDataStoreORM & IResolver & IDIDManager & ICredentialPlugin &
|
|
81
|
+
export type IRequiredContext = IAgentContext<IDataStoreORM & IResolver & IDIDManager & IIdentifierResolution & ICredentialPlugin & ISDJwtPlugin>
|