@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.32.1-next.13 → 0.32.1-next.141

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/dist/agent/DidAuthSiopOpAuthenticator.d.ts +8 -3
  2. package/dist/agent/DidAuthSiopOpAuthenticator.d.ts.map +1 -1
  3. package/dist/agent/DidAuthSiopOpAuthenticator.js +105 -35
  4. package/dist/agent/DidAuthSiopOpAuthenticator.js.map +1 -1
  5. package/dist/services/Siopv2MachineService.d.ts +5 -0
  6. package/dist/services/Siopv2MachineService.d.ts.map +1 -1
  7. package/dist/services/Siopv2MachineService.js +99 -9
  8. package/dist/services/Siopv2MachineService.js.map +1 -1
  9. package/dist/session/OpSession.d.ts.map +1 -1
  10. package/dist/session/OpSession.js +3 -3
  11. package/dist/session/OpSession.js.map +1 -1
  12. package/dist/types/IDidAuthSiopOpAuthenticator.d.ts +6 -1
  13. package/dist/types/IDidAuthSiopOpAuthenticator.d.ts.map +1 -1
  14. package/dist/types/IDidAuthSiopOpAuthenticator.js.map +1 -1
  15. package/dist/types/machine/index.d.ts +1 -0
  16. package/dist/types/machine/index.d.ts.map +1 -1
  17. package/dist/types/machine/index.js.map +1 -1
  18. package/dist/types/siop-service/index.d.ts +22 -5
  19. package/dist/types/siop-service/index.d.ts.map +1 -1
  20. package/dist/types/siop-service/index.js.map +1 -1
  21. package/dist/utils/CredentialUtils.d.ts +23 -0
  22. package/dist/utils/CredentialUtils.d.ts.map +1 -0
  23. package/dist/utils/CredentialUtils.js +65 -0
  24. package/dist/utils/CredentialUtils.js.map +1 -0
  25. package/dist/utils/dcql.d.ts +5 -0
  26. package/dist/utils/dcql.d.ts.map +1 -0
  27. package/dist/utils/dcql.js +37 -0
  28. package/dist/utils/dcql.js.map +1 -0
  29. package/package.json +22 -19
  30. package/src/agent/DidAuthSiopOpAuthenticator.ts +133 -55
  31. package/src/services/Siopv2MachineService.ts +119 -13
  32. package/src/session/OpSession.ts +5 -3
  33. package/src/types/IDidAuthSiopOpAuthenticator.ts +14 -0
  34. package/src/types/machine/index.ts +1 -0
  35. package/src/types/siop-service/index.ts +24 -5
  36. package/src/utils/CredentialUtils.ts +71 -0
  37. package/src/utils/dcql.ts +36 -0
package/src/utils/CredentialUtils.ts ADDED
@@ -0,0 +1,71 @@
1
+ import { CredentialMapper, Hasher, ICredential, IVerifiableCredential, OriginalVerifiableCredential } from '@sphereon/ssi-types'
2
+ import { VerifiableCredential } from '@veramo/core'
3
+ import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
4
+
5
+ /**
6
+ * Return the type(s) of a VC minus the VerifiableCredential type which should always be present
7
+ * @param credential The input credential
8
+ */
9
+ export const getCredentialTypeAsString = (credential: ICredential | VerifiableCredential): string => {
10
+ if (!credential.type) {
11
+ return 'Verifiable Credential'
12
+ } else if (typeof credential.type === 'string') {
13
+ return credential.type
14
+ }
15
+ return credential.type.filter((type: string): boolean => type !== 'VerifiableCredential').join(', ')
16
+ }
17
+
18
+ /**
19
+ * Returns a Unique Verifiable Credential (with hash) as stored in Veramo, based upon matching the id of the input VC or the proof value of the input VC
20
+ * @param uniqueVCs The Unique VCs to search in
21
+ * @param searchVC The VC to search for in the unique VCs array
22
+ */
23
+ export const getMatchingUniqueDigitalCredential = (
24
+ uniqueVCs: UniqueDigitalCredential[],
25
+ searchVC: OriginalVerifiableCredential,
26
+ ): UniqueDigitalCredential | undefined => {
27
+ // Since an ID is optional in a VC according to VCDM, and we really need the matches, we have a fallback match on something which is guaranteed to be unique for any VC (the proof(s))
28
+ return uniqueVCs.find(
29
+ (uniqueVC: UniqueDigitalCredential) =>
30
+ (typeof searchVC !== 'string' &&
31
+ (uniqueVC.id === (<IVerifiableCredential>searchVC).id ||
32
+ (uniqueVC.originalVerifiableCredential as VerifiableCredential).proof === (<IVerifiableCredential>searchVC).proof)) ||
33
+ (typeof searchVC === 'string' && (uniqueVC.uniformVerifiableCredential as VerifiableCredential)?.proof?.jwt === searchVC) ||
34
+ // We are ignoring the signature of the sd-jwt as PEX signs the vc again and it will not match anymore with the jwt in the proof of the stored jsonld vc
35
+ (typeof searchVC === 'string' &&
36
+ CredentialMapper.isSdJwtEncoded(searchVC) &&
37
+ uniqueVC.uniformVerifiableCredential?.proof &&
38
+ 'jwt' in uniqueVC.uniformVerifiableCredential.proof &&
39
+ uniqueVC.uniformVerifiableCredential.proof.jwt?.split('.')?.slice(0, 2)?.join('.') === searchVC.split('.')?.slice(0, 2)?.join('.')),
40
+ )
41
+ }
42
+
43
+ type InputCredential = UniqueDigitalCredential | VerifiableCredential | ICredential | OriginalVerifiableCredential
44
+
45
+ /**
46
+ * Get an original verifiable credential. Maps to wrapped Verifiable Credential first, to get an original JWT as Veramo stores these with a special proof value
47
+ * @param credential The input VC
48
+ */
49
+
50
+ export const getOriginalVerifiableCredential = (credential: InputCredential): OriginalVerifiableCredential => {
51
+ if (isUniqueDigitalCredential(credential)) {
52
+ if (!credential.originalVerifiableCredential) {
53
+ throw new Error('originalVerifiableCredential is not defined in UniqueDigitalCredential')
54
+ }
55
+ return getCredentialFromProofOrWrapped(credential.originalVerifiableCredential)
56
+ }
57
+
58
+ return getCredentialFromProofOrWrapped(credential)
59
+ }
60
+
61
+ const getCredentialFromProofOrWrapped = (cred: any, hasher?: Hasher): OriginalVerifiableCredential => {
62
+ if (typeof cred === 'object' && 'proof' in cred && 'jwt' in cred.proof && CredentialMapper.isSdJwtEncoded(cred.proof.jwt)) {
63
+ return cred.proof.jwt
64
+ }
65
+
66
+ return CredentialMapper.toWrappedVerifiableCredential(cred as OriginalVerifiableCredential, { hasher }).original
67
+ }
68
+
69
+ export const isUniqueDigitalCredential = (credential: InputCredential): credential is UniqueDigitalCredential => {
70
+ return (credential as UniqueDigitalCredential).digitalCredential !== undefined
71
+ }
package/src/utils/dcql.ts ADDED
@@ -0,0 +1,36 @@
1
+ import { UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
2
+ import { DcqlCredential, DcqlSdJwtVcCredential, DcqlW3cVcCredential } from 'dcql'
3
+ import { CredentialMapper, Hasher, OriginalVerifiableCredential } from '@sphereon/ssi-types'
4
+ import { isUniqueDigitalCredential } from './CredentialUtils'
5
+
6
+ export function convertToDcqlCredentials(credential: UniqueDigitalCredential | OriginalVerifiableCredential, hasher?: Hasher): DcqlCredential {
7
+ let payload
8
+ if (isUniqueDigitalCredential(credential)) {
9
+ if (!credential.originalVerifiableCredential) {
10
+ throw new Error('originalVerifiableCredential is not defined in UniqueDigitalCredential')
11
+ }
12
+ payload = CredentialMapper.decodeVerifiableCredential(credential.originalVerifiableCredential, hasher)
13
+ } else {
14
+ payload = CredentialMapper.decodeVerifiableCredential(credential as OriginalVerifiableCredential, hasher)
15
+ }
16
+
17
+ if (!payload) {
18
+ throw new Error('No payload found')
19
+ }
20
+
21
+ if ('decodedPayload' in payload && payload.decodedPayload) {
22
+ payload = payload.decodedPayload
23
+ }
24
+
25
+ if ('vct' in payload!) {
26
+ return { vct: payload.vct, claims: payload, credential_format: 'vc+sd-jwt' } satisfies DcqlSdJwtVcCredential // TODO dc+sd-jwt support?
27
+ } else if ('docType' in payload! && 'namespaces' in payload) {
28
+ // mdoc
29
+ return { docType: payload.docType, namespaces: payload.namespaces, claims: payload }
30
+ } else {
31
+ return {
32
+ claims: payload,
33
+ credential_format: 'jwt_vc_json', // TODO jwt_vc_json-ld support
34
+ } as DcqlW3cVcCredential
35
+ }
36
+ }