@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.32.1-next.54 → 0.33.1-feature.vcdm2.4

package/dist/agent/DidAuthSiopOpAuthenticator.js

@@ -1,29 +1,18 @@
-"use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DidAuthSiopOpAuthenticator = exports.didAuthSiopOpAuthenticatorMethods = void 0;
-const did_auth_siop_1 = require("@sphereon/did-auth-siop");
-const ssi_sdk_data_store_1 = require("@sphereon/ssi-sdk.data-store");
-const ssi_types_1 = require("@sphereon/ssi-types");
-const uuid_1 = require("uuid");
-const index_1 = require("../index");
-const Siopv2Machine_1 = require("../machine/Siopv2Machine");
-const Siopv2MachineService_1 = require("../services/Siopv2MachineService");
-const session_1 = require("../session");
-const pex_1 = require("@sphereon/pex");
-const utils_1 = require("@veramo/utils");
-const types_1 = require("../types");
-const logger = ssi_types_1.Loggers.DEFAULT.options(index_1.LOGGER_NAMESPACE, {}).get(index_1.LOGGER_NAMESPACE);
+import { decodeUriAsJson, SupportedVersion } from '@sphereon/did-auth-siop';
+import { ConnectionType, CorrelationIdentifierType, CredentialDocumentFormat, CredentialRole, DocumentType, IdentityOrigin, } from '@sphereon/ssi-sdk.data-store';
+import { Loggers } from '@sphereon/ssi-types';
+import { v4 as uuidv4 } from 'uuid';
+import { LOGGER_NAMESPACE, schema, } from '../index';
+import { Siopv2Machine } from '../machine/Siopv2Machine';
+import { getSelectableCredentials, siopSendAuthorizationResponse, translateCorrelationIdToName } from '../services/Siopv2MachineService';
+import { OpSession } from '../session';
+import { PEX, Status } from '@sphereon/pex';
+import { computeEntryHash } from '@veramo/utils';
+import { Siopv2HolderEvent, } from '../types';
+import { DcqlQuery } from 'dcql';
+const logger = Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
 // Exposing the methods here for any REST implementation
-exports.didAuthSiopOpAuthenticatorMethods = [
+export const didAuthSiopOpAuthenticatorMethods = [
     'cmGetContacts',
     'cmGetContact',
     'cmAddContact',
@@ -35,24 +24,31 @@ exports.didAuthSiopOpAuthenticatorMethods = [
     'dataStoreORMGetVerifiableCredentials',
     'createVerifiablePresentation',
 ];
-class DidAuthSiopOpAuthenticator {
+export class DidAuthSiopOpAuthenticator {
+    schema = schema.IDidAuthSiopOpAuthenticator;
+    methods = {
+        siopGetOPSession: this.siopGetOPSession.bind(this),
+        siopRegisterOPSession: this.siopRegisterOPSession.bind(this),
+        siopRemoveOPSession: this.siopRemoveOPSession.bind(this),
+        siopRegisterOPCustomApproval: this.siopRegisterOPCustomApproval.bind(this),
+        siopRemoveOPCustomApproval: this.siopRemoveOPCustomApproval.bind(this),
+        siopGetMachineInterpreter: this.siopGetMachineInterpreter.bind(this),
+        siopCreateConfig: this.siopCreateConfig.bind(this),
+        siopGetSiopRequest: this.siopGetSiopRequest.bind(this),
+        siopRetrieveContact: this.siopRetrieveContact.bind(this),
+        siopAddIdentity: this.siopAddContactIdentity.bind(this),
+        siopSendResponse: this.siopSendResponse.bind(this),
+        siopGetSelectableCredentials: this.siopGetSelectableCredentials.bind(this),
+    };
+    sessions;
+    customApprovals;
+    presentationSignCallback;
+    onContactIdentityCreated;
+    onIdentifierCreated;
+    eventEmitter;
+    hasher;
     constructor(options) {
-        this.schema = index_1.schema.IDidAuthSiopOpAuthenticator;
-        this.methods = {
-            siopGetOPSession: this.siopGetOPSession.bind(this),
-            siopRegisterOPSession: this.siopRegisterOPSession.bind(this),
-            siopRemoveOPSession: this.siopRemoveOPSession.bind(this),
-            siopRegisterOPCustomApproval: this.siopRegisterOPCustomApproval.bind(this),
-            siopRemoveOPCustomApproval: this.siopRemoveOPCustomApproval.bind(this),
-            siopGetMachineInterpreter: this.siopGetMachineInterpreter.bind(this),
-            siopCreateConfig: this.siopCreateConfig.bind(this),
-            siopGetSiopRequest: this.siopGetSiopRequest.bind(this),
-            siopRetrieveContact: this.siopRetrieveContact.bind(this),
-            siopAddIdentity: this.siopAddContactIdentity.bind(this),
-            siopSendResponse: this.siopSendResponse.bind(this),
-            siopGetSelectableCredentials: this.siopGetSelectableCredentials.bind(this),
-        };
-        const { onContactIdentityCreated, onIdentifierCreated, hasher, customApprovals = {}, presentationSignCallback } = Object.assign({}, options);
+        const { onContactIdentityCreated, onIdentifierCreated, hasher, customApprovals = {}, presentationSignCallback } = { ...options };
         this.hasher = hasher;
         this.onContactIdentityCreated = onContactIdentityCreated;
         this.onIdentifierCreated = onIdentifierCreated;
@@ -60,264 +56,316 @@ class DidAuthSiopOpAuthenticator {
         this.sessions = new Map();
         this.customApprovals = customApprovals;
     }
-    onEvent(event, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b;
-            switch (event.type) {
-                case types_1.Siopv2HolderEvent.CONTACT_IDENTITY_CREATED:
-                    (_a = this.onContactIdentityCreated) === null || _a === void 0 ? void 0 : _a.call(this, event.data);
-                    break;
-                case types_1.Siopv2HolderEvent.IDENTIFIER_CREATED:
-                    (_b = this.onIdentifierCreated) === null || _b === void 0 ? void 0 : _b.call(this, event.data);
-                    break;
-                default:
-                    return Promise.reject(Error(`Event type ${event.type} not supported`));
-            }
-        });
+    async onEvent(event, context) {
+        switch (event.type) {
+            case Siopv2HolderEvent.CONTACT_IDENTITY_CREATED:
+                this.onContactIdentityCreated?.(event.data);
+                break;
+            case Siopv2HolderEvent.IDENTIFIER_CREATED:
+                this.onIdentifierCreated?.(event.data);
+                break;
+            default:
+                return Promise.reject(Error(`Event type ${event.type} not supported`));
+        }
     }
-    siopGetOPSession(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // TODO add cleaning up sessions https://sphereon.atlassian.net/browse/MYC-143
-            if (!this.sessions.has(args.sessionId)) {
-                throw Error(`No session found for id: ${args.sessionId}`);
-            }
-            return this.sessions.get(args.sessionId);
-        });
+    async siopGetOPSession(args, context) {
+        // TODO add cleaning up sessions https://sphereon.atlassian.net/browse/MYC-143
+        if (!this.sessions.has(args.sessionId)) {
+            throw Error(`No session found for id: ${args.sessionId}`);
+        }
+        return this.sessions.get(args.sessionId);
     }
-    siopRegisterOPSession(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const sessionId = args.sessionId || (0, uuid_1.v4)();
-            if (this.sessions.has(sessionId)) {
-                return Promise.reject(new Error(`Session with id: ${args.sessionId} already present`));
-            }
-            const opts = Object.assign(Object.assign({}, args), { sessionId, context });
-            if (!((_a = opts.op) === null || _a === void 0 ? void 0 : _a.presentationSignCallback)) {
-                opts.op = Object.assign(Object.assign({}, opts.op), { presentationSignCallback: this.presentationSignCallback });
-            }
-            const session = yield session_1.OpSession.init(opts);
-            this.sessions.set(sessionId, session);
-            return session;
-        });
+    async siopRegisterOPSession(args, context) {
+        const sessionId = args.sessionId || uuidv4();
+        if (this.sessions.has(sessionId)) {
+            return Promise.reject(new Error(`Session with id: ${args.sessionId} already present`));
+        }
+        const opts = { ...args, sessionId, context };
+        if (!opts.op?.presentationSignCallback) {
+            opts.op = { ...opts.op, presentationSignCallback: this.presentationSignCallback };
+        }
+        const session = await OpSession.init(opts);
+        this.sessions.set(sessionId, session);
+        return session;
     }
-    siopRemoveOPSession(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.sessions.delete(args.sessionId);
-        });
+    async siopRemoveOPSession(args, context) {
+        return this.sessions.delete(args.sessionId);
     }
-    siopRegisterOPCustomApproval(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (this.customApprovals[args.key] !== undefined) {
-                return Promise.reject(new Error(`Custom approval with key: ${args.key} already present`));
-            }
-            this.customApprovals[args.key] = args.customApproval;
-        });
+    async siopRegisterOPCustomApproval(args, context) {
+        if (this.customApprovals[args.key] !== undefined) {
+            return Promise.reject(new Error(`Custom approval with key: ${args.key} already present`));
+        }
+        this.customApprovals[args.key] = args.customApproval;
     }
-    siopRemoveOPCustomApproval(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return delete this.customApprovals[args.key];
-        });
+    async siopRemoveOPCustomApproval(args, context) {
+        return delete this.customApprovals[args.key];
     }
-    siopGetMachineInterpreter(opts, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { stateNavigationListener, url } = opts;
-            const services = Object.assign({ createConfig: (args) => this.siopCreateConfig(args), getSiopRequest: (args) => this.siopGetSiopRequest(args, context), getSelectableCredentials: (args) => this.siopGetSelectableCredentials(args, context), retrieveContact: (args) => this.siopRetrieveContact(args, context), addContactIdentity: (args) => this.siopAddContactIdentity(args, context), sendResponse: (args) => this.siopSendResponse(args, context) }, opts === null || opts === void 0 ? void 0 : opts.services);
-            const siopv2MachineOpts = Object.assign(Object.assign({}, opts), { url,
-                stateNavigationListener, services: Object.assign(Object.assign({}, services), opts.services) });
-            return Siopv2Machine_1.Siopv2Machine.newInstance(siopv2MachineOpts);
-        });
+    async siopGetMachineInterpreter(opts, context) {
+        const { stateNavigationListener, url } = opts;
+        const services = {
+            createConfig: (args) => this.siopCreateConfig(args),
+            getSiopRequest: (args) => this.siopGetSiopRequest(args, context),
+            getSelectableCredentials: (args) => this.siopGetSelectableCredentials(args, context),
+            retrieveContact: (args) => this.siopRetrieveContact(args, context),
+            addContactIdentity: (args) => this.siopAddContactIdentity(args, context),
+            sendResponse: (args) => this.siopSendResponse(args, context),
+            ...opts?.services,
+        };
+        const siopv2MachineOpts = {
+            ...opts,
+            url,
+            stateNavigationListener,
+            services: {
+                ...services,
+                ...opts.services,
+            },
+        };
+        return Siopv2Machine.newInstance(siopv2MachineOpts);
     }
-    siopCreateConfig(context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { url } = context;
-            if (!url) {
-                return Promise.reject(Error('Missing request uri in context'));
-            }
-            return {
-                id: (0, uuid_1.v4)(),
-                // FIXME: Update these values in SSI-SDK. Only the URI (not a redirectURI) would be available at this point
-                sessionId: (0, uuid_1.v4)(),
-                redirectUrl: url,
-            };
-        });
+    async siopCreateConfig(context) {
+        const { url } = context;
+        if (!url) {
+            return Promise.reject(Error('Missing request uri in context'));
+        }
+        return {
+            id: uuidv4(),
+            // FIXME: Update these values in SSI-SDK. Only the URI (not a redirectURI) would be available at this point
+            sessionId: uuidv4(),
+            redirectUrl: url,
+        };
     }
-    siopGetSiopRequest(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b, _c, _d, _e;
-            const { agent } = context;
-            const { didAuthConfig } = args;
-            if (args.url === undefined) {
-                return Promise.reject(Error('Missing request uri in context'));
-            }
-            if (didAuthConfig === undefined) {
-                return Promise.reject(Error('Missing config in context'));
-            }
-            const { sessionId, redirectUrl } = didAuthConfig;
-            const session = yield agent
-                .siopGetOPSession({ sessionId })
-                .catch(() => __awaiter(this, void 0, void 0, function* () { return yield agent.siopRegisterOPSession({ requestJwtOrUri: redirectUrl, sessionId, op: { eventEmitter: this.eventEmitter, hasher: this.hasher } }); }));
-            logger.debug(`session: ${JSON.stringify(session.id, null, 2)}`);
-            const verifiedAuthorizationRequest = yield session.getAuthorizationRequest();
-            // logger.trace('Request: ' + JSON.stringify(verifiedAuthorizationRequest, null, 2))
-            const clientName = (_a = verifiedAuthorizationRequest.registrationMetadataPayload) === null || _a === void 0 ? void 0 : _a.client_name;
-            const url = (_b = verifiedAuthorizationRequest.responseURI) !== null && _b !== void 0 ? _b : (args.url.includes('request_uri')
+    async siopGetSiopRequest(args, context) {
+        const { agent } = context;
+        const { didAuthConfig } = args;
+        if (args.url === undefined) {
+            return Promise.reject(Error('Missing request uri in context'));
+        }
+        if (didAuthConfig === undefined) {
+            return Promise.reject(Error('Missing config in context'));
+        }
+        const { sessionId, redirectUrl } = didAuthConfig;
+        const session = await agent.siopGetOPSession({ sessionId }).catch(async () => await agent.siopRegisterOPSession({
+            requestJwtOrUri: redirectUrl,
+            sessionId,
+            op: { eventEmitter: this.eventEmitter, hasher: this.hasher },
+        }));
+        logger.debug(`session: ${JSON.stringify(session.id, null, 2)}`);
+        const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
+        // logger.trace('Request: ' + JSON.stringify(verifiedAuthorizationRequest, null, 2))
+        const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
+        const url = verifiedAuthorizationRequest.responseURI ??
+            (args.url.includes('request_uri')
                 ? decodeURIComponent(args.url.split('?request_uri=')[1].trim())
-                : ((_c = verifiedAuthorizationRequest.issuer) !== null && _c !== void 0 ? _c : (_d = verifiedAuthorizationRequest.registrationMetadataPayload) === null || _d === void 0 ? void 0 : _d.client_id));
-            const uri = url.includes('://') ? new URL(url) : undefined;
-            const correlationId = (_e = uri === null || uri === void 0 ? void 0 : uri.hostname) !== null && _e !== void 0 ? _e : (yield this.determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context));
-            const clientId = yield verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('client_id');
-            return {
-                issuer: verifiedAuthorizationRequest.issuer,
-                correlationId,
-                registrationMetadataPayload: verifiedAuthorizationRequest.registrationMetadataPayload,
-                uri,
-                name: clientName,
-                clientId,
-                presentationDefinitions: (yield verifiedAuthorizationRequest.authorizationRequest.containsResponseType('vp_token')) ||
-                    (verifiedAuthorizationRequest.versions.every((version) => version <= did_auth_siop_1.SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1) &&
-                        verifiedAuthorizationRequest.presentationDefinitions &&
-                        verifiedAuthorizationRequest.presentationDefinitions.length > 0)
-                    ? verifiedAuthorizationRequest.presentationDefinitions
-                    : undefined,
-            };
-        });
+                : (verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id));
+        const uri = url.includes('://') ? new URL(url) : undefined;
+        const correlationId = uri?.hostname ?? (await this.determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context));
+        const clientId = await verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('client_id');
+        return {
+            issuer: verifiedAuthorizationRequest.issuer,
+            correlationId,
+            registrationMetadataPayload: verifiedAuthorizationRequest.registrationMetadataPayload,
+            uri,
+            name: clientName,
+            clientId,
+            presentationDefinitions: (await verifiedAuthorizationRequest.authorizationRequest.containsResponseType('vp_token')) ||
+                (verifiedAuthorizationRequest.versions.every((version) => version <= SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1) &&
+                    verifiedAuthorizationRequest.presentationDefinitions &&
+                    verifiedAuthorizationRequest.presentationDefinitions.length > 0)
+                ? verifiedAuthorizationRequest.presentationDefinitions
+                : undefined,
+            dcqlQuery: verifiedAuthorizationRequest.dcqlQuery,
+        };
     }
-    determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a, _b;
-            if (uri) {
-                return (_a = (yield (0, Siopv2MachineService_1.translateCorrelationIdToName)(uri.hostname, context))) !== null && _a !== void 0 ? _a : uri.hostname;
-            }
-            if (verifiedAuthorizationRequest.issuer) {
-                const issuerHostname = verifiedAuthorizationRequest.issuer.split('://')[1];
-                return (_b = (yield (0, Siopv2MachineService_1.translateCorrelationIdToName)(issuerHostname, context))) !== null && _b !== void 0 ? _b : issuerHostname;
-            }
-            if (clientName) {
-                return clientName;
-            }
-            throw new Error("Can't determine correlationId from request");
-        });
+    async determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context) {
+        if (uri) {
+            return (await translateCorrelationIdToName(uri.hostname, context)) ?? uri.hostname;
+        }
+        if (verifiedAuthorizationRequest.issuer) {
+            const issuerHostname = verifiedAuthorizationRequest.issuer.split('://')[1];
+            return (await translateCorrelationIdToName(issuerHostname, context)) ?? issuerHostname;
+        }
+        if (clientName) {
+            return clientName;
+        }
+        throw new Error("Can't determine correlationId from request");
     }
-    siopRetrieveContact(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { authorizationRequestData } = args;
-            const { agent } = context;
-            if (authorizationRequestData === undefined) {
-                return Promise.reject(Error('Missing authorization request data in context'));
-            }
-            return agent
-                .cmGetContacts({
-                filter: [
-                    {
-                        identities: {
-                            identifier: {
-                                correlationId: authorizationRequestData.correlationId,
-                            },
+    async siopRetrieveContact(args, context) {
+        const { authorizationRequestData } = args;
+        const { agent } = context;
+        if (authorizationRequestData === undefined) {
+            return Promise.reject(Error('Missing authorization request data in context'));
+        }
+        return agent
+            .cmGetContacts({
+            filter: [
+                {
+                    identities: {
+                        identifier: {
+                            correlationId: authorizationRequestData.correlationId,
                         },
                     },
-                ],
-            })
-                .then((contacts) => (contacts.length === 1 ? contacts[0] : undefined));
-        });
+                },
+            ],
+        })
+            .then((contacts) => (contacts.length === 1 ? contacts[0] : undefined));
     }
-    siopAddContactIdentity(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const { agent } = context;
-            const { contact, authorizationRequestData } = args;
-            if (contact === undefined) {
-                return Promise.reject(Error('Missing contact in context'));
-            }
-            if (authorizationRequestData === undefined) {
-                return Promise.reject(Error('Missing authorization request data in context'));
-            }
-            // TODO: Makes sense to move these types of common queries/retrievals to the SIOP auth request object
-            const clientId = (_a = authorizationRequestData.clientId) !== null && _a !== void 0 ? _a : authorizationRequestData.issuer;
-            const correlationId = clientId
-                ? clientId.startsWith('did:')
-                    ? clientId
-                    : `${new URL(clientId).protocol}//${new URL(clientId).hostname}`
-                : undefined;
-            if (correlationId) {
-                const identity = {
-                    alias: correlationId,
-                    origin: ssi_sdk_data_store_1.IdentityOrigin.EXTERNAL,
-                    roles: [ssi_sdk_data_store_1.CredentialRole.ISSUER],
-                    identifier: {
-                        type: correlationId.startsWith('did:') ? ssi_sdk_data_store_1.CorrelationIdentifierType.DID : ssi_sdk_data_store_1.CorrelationIdentifierType.URL,
-                        correlationId,
-                    },
-                };
-                const addedIdentity = yield agent.cmAddIdentity({ contactId: contact.id, identity });
-                yield context.agent.emit(types_1.Siopv2HolderEvent.CONTACT_IDENTITY_CREATED, {
-                    contactId: contact.id,
-                    identity: addedIdentity,
+    async siopAddContactIdentity(args, context) {
+        const { agent } = context;
+        const { contact, authorizationRequestData } = args;
+        if (contact === undefined) {
+            return Promise.reject(Error('Missing contact in context'));
+        }
+        if (authorizationRequestData === undefined) {
+            return Promise.reject(Error('Missing authorization request data in context'));
+        }
+        // TODO: Makes sense to move these types of common queries/retrievals to the SIOP auth request object
+        const clientId = authorizationRequestData.clientId ?? authorizationRequestData.issuer;
+        const correlationId = clientId
+            ? clientId.startsWith('did:')
+                ? clientId
+                : `${new URL(clientId).protocol}//${new URL(clientId).hostname}`
+            : undefined;
+        if (correlationId) {
+            const identity = {
+                alias: correlationId,
+                origin: IdentityOrigin.EXTERNAL,
+                roles: [CredentialRole.ISSUER],
+                identifier: {
+                    type: correlationId.startsWith('did:') ? CorrelationIdentifierType.DID : CorrelationIdentifierType.URL,
+                    correlationId,
+                },
+            };
+            const addedIdentity = await agent.cmAddIdentity({ contactId: contact.id, identity });
+            await context.agent.emit(Siopv2HolderEvent.CONTACT_IDENTITY_CREATED, {
+                contactId: contact.id,
+                identity: addedIdentity,
+            });
+            logger.info(`Contact identity created: ${JSON.stringify(addedIdentity)}`);
+        }
+    }
+    async siopSendResponse(args, context) {
+        const { didAuthConfig, authorizationRequestData, selectedCredentials, isFirstParty } = args;
+        if (didAuthConfig === undefined) {
+            return Promise.reject(Error('Missing config in context'));
+        }
+        if (authorizationRequestData === undefined) {
+            return Promise.reject(Error('Missing authorization request data in context'));
+        }
+        const pex = new PEX({ hasher: this.hasher });
+        const verifiableCredentialsWithDefinition = [];
+        const dcqlCredentialsWithCredentials = new Map();
+        if (Array.isArray(authorizationRequestData.presentationDefinitions) && authorizationRequestData?.presentationDefinitions.length > 0) {
+            try {
+                authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
+                    const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(presentationDefinition.definition, selectedCredentials.map((udc) => udc.originalVerifiableCredential));
+                    if (areRequiredCredentialsPresent !== Status.ERROR && verifiableCredentials) {
+                        let uniqueDigitalCredentials = [];
+                        uniqueDigitalCredentials = verifiableCredentials.map((vc) => {
+                            // @ts-ignore FIXME Funke
+                            const hash = typeof vc === 'string' ? computeEntryHash(vc.split('~'[0])) : computeEntryHash(vc);
+                            const udc = selectedCredentials.find((udc) => udc.hash == hash || udc.originalVerifiableCredential == vc);
+                            if (!udc) {
+                                throw Error(`UniqueDigitalCredential could not be found in store. Either the credential is not present in the store or the hash is not correct.`);
+                            }
+                            return udc;
+                        });
+                        verifiableCredentialsWithDefinition.push({
+                            definition: presentationDefinition,
+                            credentials: uniqueDigitalCredentials,
+                        });
+                    }
                 });
-                logger.info(`Contact identity created: ${JSON.stringify(addedIdentity)}`);
             }
-        });
-    }
-    siopSendResponse(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            var _a;
-            const { didAuthConfig, authorizationRequestData, selectedCredentials, isFirstParty } = args;
-            if (didAuthConfig === undefined) {
-                return Promise.reject(Error('Missing config in context'));
+            catch (e) {
+                return Promise.reject(e);
             }
-            if (authorizationRequestData === undefined) {
-                return Promise.reject(Error('Missing authorization request data in context'));
+            if (verifiableCredentialsWithDefinition.length === 0) {
+                return Promise.reject(Error('None of the selected credentials match any of the presentation definitions.'));
             }
-            const pex = new pex_1.PEX({ hasher: this.hasher });
-            const verifiableCredentialsWithDefinition = [];
-            (_a = authorizationRequestData.presentationDefinitions) === null || _a === void 0 ? void 0 : _a.forEach((presentationDefinition) => {
-                const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(presentationDefinition.definition, selectedCredentials.map((udc) => udc.originalVerifiableCredential));
-                if (areRequiredCredentialsPresent !== pex_1.Status.ERROR && verifiableCredentials) {
-                    const uniqueDigitalCredentials = verifiableCredentials.map((vc) => {
-                        // @ts-ignore FIXME Funke
-                        const hash = (0, utils_1.computeEntryHash)(vc);
-                        const udc = selectedCredentials.find((udc) => udc.hash == hash);
-                        if (!udc) {
-                            throw Error('UniqueDigitalCredential could not be found');
+        }
+        else if (authorizationRequestData.dcqlQuery) {
+            //TODO Only SD-JWT and MSO MDOC are supported at the moment
+            if (this.hasMDocCredentials(selectedCredentials) || this.hasSdJwtCredentials(selectedCredentials)) {
+                try {
+                    selectedCredentials.forEach((vc) => {
+                        if (this.isSdJwtCredential(vc)) {
+                            const payload = vc.originalVerifiableCredential.decodedPayload;
+                            const result = {
+                                claims: payload,
+                                vct: payload.vct,
+                                credential_format: 'vc+sd-jwt',
+                            };
+                            dcqlCredentialsWithCredentials.set(result, vc);
+                            //FIXME MDoc namespaces are incompatible: array of strings vs complex object - https://sphereon.atlassian.net/browse/SPRIND-143
+                        }
+                        else {
+                            throw Error(`Invalid credential format: ${vc.digitalCredential.documentFormat}`);
                         }
-                        return udc;
-                    });
-                    verifiableCredentialsWithDefinition.push({
-                        definition: presentationDefinition,
-                        credentials: uniqueDigitalCredentials,
                     });
                 }
-            });
-            if (verifiableCredentialsWithDefinition.length === 0) {
-                return Promise.reject(Error('None of the selected credentials match any of the presentation definitions.'));
-            }
-            const response = yield (0, Siopv2MachineService_1.siopSendAuthorizationResponse)(ssi_sdk_data_store_1.ConnectionType.SIOPv2_OpenID4VP, Object.assign(Object.assign(Object.assign({ sessionId: didAuthConfig.sessionId }, (args.idOpts && { idOpts: args.idOpts })), (authorizationRequestData.presentationDefinitions !== undefined && { verifiableCredentialsWithDefinition })), { isFirstParty, hasher: this.hasher }), context);
-            const contentType = response.headers.get('content-type') || '';
-            let responseBody = null;
-            const text = yield response.text();
-            if (text) {
-                responseBody = contentType.includes('application/json') || text.startsWith('{') ? JSON.parse(text) : text;
+                catch (e) {
+                    return Promise.reject(e);
+                }
+                const dcqlPresentationRecord = {};
+                const queryResult = DcqlQuery.query(authorizationRequestData.dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()));
+                for (const [key, value] of Object.entries(queryResult.credential_matches)) {
+                    if (value.success) {
+                        dcqlPresentationRecord[key] = this.retrieveEncodedCredential(dcqlCredentialsWithCredentials.get(value.output));
+                    }
+                }
             }
-            return {
-                body: responseBody,
-                url: response.url,
-                queryParams: (0, did_auth_siop_1.decodeUriAsJson)(response.url),
-            };
-        });
+        }
+        const response = await siopSendAuthorizationResponse(ConnectionType.SIOPv2_OpenID4VP, {
+            sessionId: didAuthConfig.sessionId,
+            ...(args.idOpts && { idOpts: args.idOpts }),
+            ...(authorizationRequestData.presentationDefinitions !== undefined && { verifiableCredentialsWithDefinition }),
+            isFirstParty,
+            hasher: this.hasher,
+        }, context);
+        const contentType = response.headers.get('content-type') || '';
+        let responseBody = null;
+        const text = await response.text();
+        if (text) {
+            responseBody = contentType.includes('application/json') || text.startsWith('{') ? JSON.parse(text) : text;
+        }
+        return {
+            body: responseBody,
+            url: response?.url,
+            queryParams: decodeUriAsJson(response?.url),
+        };
     }
-    siopGetSelectableCredentials(args, context) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { authorizationRequestData } = args;
-            if (!authorizationRequestData ||
-                !authorizationRequestData.presentationDefinitions ||
-                authorizationRequestData.presentationDefinitions.length === 0) {
-                return Promise.reject(Error('Missing required fields in arguments or context'));
-            }
-            if (authorizationRequestData.presentationDefinitions.length > 1) {
-                return Promise.reject(Error('Multiple presentation definitions present'));
-            }
-            return (0, Siopv2MachineService_1.getSelectableCredentials)(authorizationRequestData.presentationDefinitions[0].definition, context);
-        });
+    hasMDocCredentials = (credentials) => {
+        return credentials.some(this.isMDocCredential);
+    };
+    isMDocCredential = (credential) => {
+        return (credential.digitalCredential.documentFormat === CredentialDocumentFormat.MSO_MDOC &&
+            credential.digitalCredential.documentType === DocumentType.VC);
+    };
+    hasSdJwtCredentials = (credentials) => {
+        return credentials.some(this.isSdJwtCredential);
+    };
+    isSdJwtCredential = (credential) => {
+        return (credential.digitalCredential.documentFormat === CredentialDocumentFormat.SD_JWT && credential.digitalCredential.documentType === DocumentType.VC);
+    };
+    retrieveEncodedCredential = (credential) => {
+        return credential.originalVerifiableCredential !== undefined &&
+            credential.originalVerifiableCredential !== null &&
+            credential?.originalVerifiableCredential?.compactSdJwtVc !== undefined &&
+            credential?.originalVerifiableCredential?.compactSdJwtVc !== null
+            ? credential.originalVerifiableCredential.compactSdJwtVc
+            : credential.originalVerifiableCredential;
+    };
+    async siopGetSelectableCredentials(args, context) {
+        const { authorizationRequestData } = args;
+        if (!authorizationRequestData ||
+            !authorizationRequestData.presentationDefinitions ||
+            authorizationRequestData.presentationDefinitions.length === 0) {
+            return Promise.reject(Error('Missing required fields in arguments or context'));
+        }
+        if (authorizationRequestData.presentationDefinitions.length > 1) {
+            return Promise.reject(Error('Multiple presentation definitions present'));
+        }
+        return getSelectableCredentials(authorizationRequestData.presentationDefinitions[0].definition, context);
     }
 }
-exports.DidAuthSiopOpAuthenticator = DidAuthSiopOpAuthenticator;
 //# sourceMappingURL=DidAuthSiopOpAuthenticator.js.map