@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.33.0 → 0.33.1-feature.vcdm2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/dist/agent/DidAuthSiopOpAuthenticator.js +319 -340
  2. package/dist/agent/DidAuthSiopOpAuthenticator.js.map +1 -1
  3. package/dist/index.js +7 -27
  4. package/dist/index.js.map +1 -1
  5. package/dist/link-handler/index.js +35 -47
  6. package/dist/link-handler/index.js.map +1 -1
  7. package/dist/localization/Localization.js +38 -43
  8. package/dist/localization/Localization.js.map +1 -1
  9. package/dist/machine/CallbackStateListener.js +9 -22
  10. package/dist/machine/CallbackStateListener.js.map +1 -1
  11. package/dist/machine/Siopv2Machine.js +129 -131
  12. package/dist/machine/Siopv2Machine.js.map +1 -1
  13. package/dist/services/IdentifierService.js +11 -24
  14. package/dist/services/IdentifierService.js.map +1 -1
  15. package/dist/services/Siopv2MachineService.js +117 -120
  16. package/dist/services/Siopv2MachineService.js.map +1 -1
  17. package/dist/session/OID4VP.js +184 -195
  18. package/dist/session/OID4VP.js.map +1 -1
  19. package/dist/session/OpSession.js +252 -288
  20. package/dist/session/OpSession.js.map +1 -1
  21. package/dist/session/functions.js +95 -111
  22. package/dist/session/functions.js.map +1 -1
  23. package/dist/session/index.js +3 -19
  24. package/dist/session/index.js.map +1 -1
  25. package/dist/types/IDidAuthSiopOpAuthenticator.js +4 -7
  26. package/dist/types/IDidAuthSiopOpAuthenticator.js.map +1 -1
  27. package/dist/types/error/index.js +1 -2
  28. package/dist/types/identifier/index.js +1 -4
  29. package/dist/types/identifier/index.js.map +1 -1
  30. package/dist/types/index.js +5 -21
  31. package/dist/types/index.js.map +1 -1
  32. package/dist/types/machine/index.js +10 -13
  33. package/dist/types/machine/index.js.map +1 -1
  34. package/dist/types/siop-service/index.js +4 -7
  35. package/dist/types/siop-service/index.js.map +1 -1
  36. package/dist/utils/CredentialUtils.js +18 -28
  37. package/dist/utils/CredentialUtils.js.map +1 -1
  38. package/dist/utils/dcql.js +6 -9
  39. package/dist/utils/dcql.js.map +1 -1
  40. package/package.json +15 -15
package/dist/session/OpSession.js CHANGED
@@ -1,59 +1,46 @@
1
- "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
- var __importDefault = (this && this.__importDefault) || function (mod) {
12
- return (mod && mod.__esModule) ? mod : { "default": mod };
13
- };
14
- Object.defineProperty(exports, "__esModule", { value: true });
15
- exports.OpSession = void 0;
16
- const did_auth_siop_1 = require("@sphereon/did-auth-siop");
17
- const ssi_sdk_ext_did_utils_1 = require("@sphereon/ssi-sdk-ext.did-utils");
18
- const ssi_sdk_core_1 = require("@sphereon/ssi-sdk.core");
19
- const ssi_types_1 = require("@sphereon/ssi-types");
20
- const debug_1 = __importDefault(require("debug"));
21
- const uuid_1 = require("uuid");
22
- const functions_1 = require("./functions");
23
- const OID4VP_1 = require("./OID4VP");
24
- const pex_1 = require("@sphereon/pex");
25
- const debug = (0, debug_1.default)(`sphereon:sdk:siop:op-session`);
26
- class OpSession {
1
+ import { OP, URI, } from '@sphereon/did-auth-siop';
2
+ import { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils';
3
+ import { encodeBase64url } from '@sphereon/ssi-sdk.core';
4
+ import { CredentialMapper, parseDid, } from '@sphereon/ssi-types';
5
+ import Debug from 'debug';
6
+ import { v4 } from 'uuid';
7
+ import { createOP } from './functions';
8
+ import { OID4VP } from './OID4VP';
9
+ import { PEX } from '@sphereon/pex';
10
+ const debug = Debug(`sphereon:sdk:siop:op-session`);
11
+ export class OpSession {
12
+ ts = new Date().getDate();
13
+ id;
14
+ options;
15
+ context;
16
+ requestJwtOrUri;
17
+ verifiedAuthorizationRequest;
18
+ _nonce;
19
+ _state;
20
+ _providedPresentationDefinitions;
27
21
  constructor(options) {
28
- this.ts = new Date().getDate();
29
22
  this.id = options.sessionId;
30
23
  this.options = options.op;
31
24
  this.context = options.context;
32
25
  this.requestJwtOrUri = options.requestJwtOrUri;
33
26
  this._providedPresentationDefinitions = options.providedPresentationDefinitions;
34
27
  }
35
- static init(options) {
36
- return __awaiter(this, void 0, void 0, function* () {
37
- return new OpSession(options);
38
- });
28
+ static async init(options) {
29
+ return new OpSession(options);
39
30
  }
40
- getAuthorizationRequest() {
41
- return __awaiter(this, void 0, void 0, function* () {
42
- if (!this.verifiedAuthorizationRequest) {
43
- const op = yield (0, functions_1.createOP)({ opOptions: this.options, context: this.context });
44
- this.verifiedAuthorizationRequest = yield op.verifyAuthorizationRequest(this.requestJwtOrUri);
45
- this._nonce = yield this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('nonce');
46
- this._state = yield this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('state');
47
- // only used to ensure that we have DID methods supported
48
- yield this.getSupportedDIDMethods();
49
- }
50
- return this.verifiedAuthorizationRequest;
51
- });
31
+ async getAuthorizationRequest() {
32
+ if (!this.verifiedAuthorizationRequest) {
33
+ const op = await createOP({ opOptions: this.options, context: this.context });
34
+ this.verifiedAuthorizationRequest = await op.verifyAuthorizationRequest(this.requestJwtOrUri);
35
+ this._nonce = await this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('nonce');
36
+ this._state = await this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('state');
37
+ // only used to ensure that we have DID methods supported
38
+ await this.getSupportedDIDMethods();
39
+ }
40
+ return this.verifiedAuthorizationRequest;
52
41
  }
53
- getAuthorizationRequestURI() {
54
- return __awaiter(this, void 0, void 0, function* () {
55
- return yield did_auth_siop_1.URI.fromAuthorizationRequest((yield this.getAuthorizationRequest()).authorizationRequest);
56
- });
42
+ async getAuthorizationRequestURI() {
43
+ return await URI.fromAuthorizationRequest((await this.getAuthorizationRequest()).authorizationRequest);
57
44
  }
58
45
  get nonce() {
59
46
  if (!this._nonce) {
@@ -73,289 +60,266 @@ class OpSession {
73
60
  this.verifiedAuthorizationRequest = undefined;
74
61
  return this;
75
62
  }
76
- getSupportedDIDMethods(didPrefix) {
77
- return __awaiter(this, void 0, void 0, function* () {
78
- var _a;
79
- const agentMethods = this.getAgentDIDMethodsSupported({ didPrefix });
80
- let rpMethods = yield this.getRPDIDMethodsSupported({ didPrefix, agentMethods });
81
- debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
82
- if (rpMethods.dids.length === 0) {
83
- debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
84
- return [];
85
- }
86
- let intersection;
87
- if (rpMethods.dids.includes('did')) {
88
- intersection =
89
- agentMethods && agentMethods.length > 0
90
- ? agentMethods
91
- : (yield (0, ssi_sdk_ext_did_utils_1.getAgentDIDMethods)(this.context)).map((method) => convertDidMethod(method, didPrefix)); // fallback to the agent in case the agent methods are undefined
92
- }
93
- else if (!agentMethods || agentMethods.length === 0) {
94
- intersection = (_a = rpMethods.dids) === null || _a === void 0 ? void 0 : _a.map((method) => convertDidMethod(method, didPrefix));
95
- }
96
- else {
97
- intersection = agentMethods.filter((value) => rpMethods.dids.includes(value));
98
- }
99
- if (intersection.length === 0) {
100
- throw Error('No matching DID methods between agent and relying party');
101
- }
102
- return intersection.map((value) => convertDidMethod(value, didPrefix));
103
- });
63
+ async getSupportedDIDMethods(didPrefix) {
64
+ const agentMethods = this.getAgentDIDMethodsSupported({ didPrefix });
65
+ let rpMethods = await this.getRPDIDMethodsSupported({ didPrefix, agentMethods });
66
+ debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
67
+ if (rpMethods.dids.length === 0) {
68
+ debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
69
+ return [];
70
+ }
71
+ let intersection;
72
+ if (rpMethods.dids.includes('did')) {
73
+ intersection =
74
+ agentMethods && agentMethods.length > 0
75
+ ? agentMethods
76
+ : (await getAgentDIDMethods(this.context)).map((method) => convertDidMethod(method, didPrefix)); // fallback to the agent in case the agent methods are undefined
77
+ }
78
+ else if (!agentMethods || agentMethods.length === 0) {
79
+ intersection = rpMethods.dids?.map((method) => convertDidMethod(method, didPrefix));
80
+ }
81
+ else {
82
+ intersection = agentMethods.filter((value) => rpMethods.dids.includes(value));
83
+ }
84
+ if (intersection.length === 0) {
85
+ throw Error('No matching DID methods between agent and relying party');
86
+ }
87
+ return intersection.map((value) => convertDidMethod(value, didPrefix));
104
88
  }
105
89
  getAgentDIDMethodsSupported(opts) {
106
- var _a;
107
- const agentMethods = (_a = this.options.supportedDIDMethods) === null || _a === void 0 ? void 0 : _a.map((method) => convertDidMethod(method, opts.didPrefix));
90
+ const agentMethods = this.options.supportedDIDMethods?.map((method) => convertDidMethod(method, opts.didPrefix));
108
91
  debug(`agent methods: ${JSON.stringify(agentMethods)}`);
109
92
  return agentMethods;
110
93
  }
111
- getSubjectSyntaxTypesSupported() {
112
- return __awaiter(this, void 0, void 0, function* () {
113
- var _a;
114
- const authReq = yield this.getAuthorizationRequest();
115
- const subjectSyntaxTypesSupported = (_a = authReq.registrationMetadataPayload) === null || _a === void 0 ? void 0 : _a.subject_syntax_types_supported;
116
- return subjectSyntaxTypesSupported !== null && subjectSyntaxTypesSupported !== void 0 ? subjectSyntaxTypesSupported : [];
117
- });
94
+ async getSubjectSyntaxTypesSupported() {
95
+ const authReq = await this.getAuthorizationRequest();
96
+ const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported;
97
+ return subjectSyntaxTypesSupported ?? [];
118
98
  }
119
- getRPDIDMethodsSupported(opts) {
120
- return __awaiter(this, void 0, void 0, function* () {
121
- var _a, _b, _c, _d, _e, _f, _g;
122
- let keyType;
123
- const agentMethods = (_c = (_b = ((_a = opts.agentMethods) !== null && _a !== void 0 ? _a : this.getAgentDIDMethodsSupported(opts))) === null || _b === void 0 ? void 0 : _b.map((method) => convertDidMethod(method, opts.didPrefix))) !== null && _c !== void 0 ? _c : [];
124
- debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
125
- const authReq = yield this.getAuthorizationRequest();
126
- const subjectSyntaxTypesSupported = (_e = (_d = authReq.registrationMetadataPayload) === null || _d === void 0 ? void 0 : _d.subject_syntax_types_supported) === null || _e === void 0 ? void 0 : _e.map((method) => convertDidMethod(method, opts.didPrefix)).filter((val) => !val.startsWith('did'));
127
- debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
128
- const aud = yield authReq.authorizationRequest.getMergedProperty('aud');
129
- let rpMethods = [];
130
- if (aud && aud.startsWith('did:')) {
131
- const didMethod = convertDidMethod((0, ssi_types_1.parseDid)(aud).method, opts.didPrefix);
132
- debug(`aud did method: ${didMethod}`);
133
- // The RP knows our DID, so we can use it to determine the supported DID methods
134
- // If the aud did:method is not in the supported types, there still is something wrong, unless the RP signals to support all did methods
135
- if (subjectSyntaxTypesSupported &&
136
- subjectSyntaxTypesSupported.length > 0 &&
137
- !subjectSyntaxTypesSupported.includes('did') &&
138
- !subjectSyntaxTypesSupported.includes(didMethod)) {
139
- throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
140
- }
141
- rpMethods = [didMethod];
99
+ async getRPDIDMethodsSupported(opts) {
100
+ let keyType;
101
+ const agentMethods = (opts.agentMethods ?? this.getAgentDIDMethodsSupported(opts))?.map((method) => convertDidMethod(method, opts.didPrefix)) ?? [];
102
+ debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
103
+ const authReq = await this.getAuthorizationRequest();
104
+ const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported
105
+ ?.map((method) => convertDidMethod(method, opts.didPrefix))
106
+ .filter((val) => !val.startsWith('did'));
107
+ debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
108
+ const aud = await authReq.authorizationRequest.getMergedProperty('aud');
109
+ let rpMethods = [];
110
+ if (aud && aud.startsWith('did:')) {
111
+ const didMethod = convertDidMethod(parseDid(aud).method, opts.didPrefix);
112
+ debug(`aud did method: ${didMethod}`);
113
+ // The RP knows our DID, so we can use it to determine the supported DID methods
114
+ // If the aud did:method is not in the supported types, there still is something wrong, unless the RP signals to support all did methods
115
+ if (subjectSyntaxTypesSupported &&
116
+ subjectSyntaxTypesSupported.length > 0 &&
117
+ !subjectSyntaxTypesSupported.includes('did') &&
118
+ !subjectSyntaxTypesSupported.includes(didMethod)) {
119
+ throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
142
120
  }
143
- else if (subjectSyntaxTypesSupported) {
144
- rpMethods = (Array.isArray(subjectSyntaxTypesSupported) ? subjectSyntaxTypesSupported : [subjectSyntaxTypesSupported]).map((method) => convertDidMethod(method, opts.didPrefix));
145
- }
146
- const isEBSI = rpMethods.length === 0 &&
147
- (((_f = authReq.issuer) === null || _f === void 0 ? void 0 : _f.includes('.ebsi.eu')) || ((_g = (yield authReq.authorizationRequest.getMergedProperty('client_id'))) === null || _g === void 0 ? void 0 : _g.includes('.ebsi.eu')));
148
- let codecName = undefined;
149
- if (isEBSI && (!aud || !aud.startsWith('http'))) {
150
- debug(`EBSI detected, adding did:key to supported DID methods for RP`);
151
- const didKeyMethod = convertDidMethod('did:key', opts.didPrefix);
152
- if (!(agentMethods === null || agentMethods === void 0 ? void 0 : agentMethods.includes(didKeyMethod))) {
153
- throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
154
- }
155
- rpMethods = [didKeyMethod];
156
- keyType = 'Secp256r1';
157
- codecName = 'jwk_jcs-pub';
121
+ rpMethods = [didMethod];
122
+ }
123
+ else if (subjectSyntaxTypesSupported) {
124
+ rpMethods = (Array.isArray(subjectSyntaxTypesSupported) ? subjectSyntaxTypesSupported : [subjectSyntaxTypesSupported]).map((method) => convertDidMethod(method, opts.didPrefix));
125
+ }
126
+ const isEBSI = rpMethods.length === 0 &&
127
+ (authReq.issuer?.includes('.ebsi.eu') || (await authReq.authorizationRequest.getMergedProperty('client_id'))?.includes('.ebsi.eu'));
128
+ let codecName = undefined;
129
+ if (isEBSI && (!aud || !aud.startsWith('http'))) {
130
+ debug(`EBSI detected, adding did:key to supported DID methods for RP`);
131
+ const didKeyMethod = convertDidMethod('did:key', opts.didPrefix);
132
+ if (!agentMethods?.includes(didKeyMethod)) {
133
+ throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
158
134
  }
159
- return { dids: rpMethods, codecName, keyType };
160
- });
135
+ rpMethods = [didKeyMethod];
136
+ keyType = 'Secp256r1';
137
+ codecName = 'jwk_jcs-pub';
138
+ }
139
+ return { dids: rpMethods, codecName, keyType };
161
140
  }
162
- getSupportedIdentifiers(opts) {
163
- return __awaiter(this, void 0, void 0, function* () {
164
- // todo: we also need to check signature algo
165
- const methods = yield this.getSupportedDIDMethods(true);
166
- debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
167
- if (methods.length === 0) {
168
- throw Error(`No DID methods are supported`);
169
- }
170
- const identifiers = yield this.context.agent
171
- .didManagerFind()
172
- .then((ids) => ids.filter((id) => methods.includes(id.provider)));
173
- if (identifiers.length === 0) {
174
- debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
175
- if ((opts === null || opts === void 0 ? void 0 : opts.createInCaseNoDIDFound) !== false) {
176
- const { codecName, keyType } = yield this.getRPDIDMethodsSupported({
177
- didPrefix: true,
178
- agentMethods: methods,
179
- });
180
- const identifier = yield this.context.agent.didManagerCreate({
181
- provider: methods[0],
182
- options: { codecName, keyType, type: keyType }, // both keyType and type, because not every did provider has the same param
183
- });
184
- debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
185
- identifiers.push(identifier);
186
- }
141
+ async getSupportedIdentifiers(opts) {
142
+ // todo: we also need to check signature algo
143
+ const methods = await this.getSupportedDIDMethods(true);
144
+ debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
145
+ if (methods.length === 0) {
146
+ throw Error(`No DID methods are supported`);
147
+ }
148
+ const identifiers = await this.context.agent
149
+ .didManagerFind()
150
+ .then((ids) => ids.filter((id) => methods.includes(id.provider)));
151
+ if (identifiers.length === 0) {
152
+ debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
153
+ if (opts?.createInCaseNoDIDFound !== false) {
154
+ const { codecName, keyType } = await this.getRPDIDMethodsSupported({
155
+ didPrefix: true,
156
+ agentMethods: methods,
157
+ });
158
+ const identifier = await this.context.agent.didManagerCreate({
159
+ provider: methods[0],
160
+ options: { codecName, keyType, type: keyType }, // both keyType and type, because not every did provider has the same param
161
+ });
162
+ debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
163
+ identifiers.push(identifier);
187
164
  }
188
- debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
189
- return identifiers;
190
- });
165
+ }
166
+ debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
167
+ return identifiers;
191
168
  }
192
- getSupportedDIDs() {
193
- return __awaiter(this, void 0, void 0, function* () {
194
- return (yield this.getSupportedIdentifiers()).map((id) => id.did);
195
- });
169
+ async getSupportedDIDs() {
170
+ return (await this.getSupportedIdentifiers()).map((id) => id.did);
196
171
  }
197
- getRedirectUri() {
198
- return __awaiter(this, void 0, void 0, function* () {
199
- return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
200
- });
172
+ async getRedirectUri() {
173
+ return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
201
174
  }
202
- hasPresentationDefinitions() {
203
- return __awaiter(this, void 0, void 0, function* () {
204
- var _a;
205
- const defs = (_a = this._providedPresentationDefinitions) !== null && _a !== void 0 ? _a : (yield this.getAuthorizationRequest()).presentationDefinitions;
206
- return defs !== undefined && defs.length > 0;
207
- });
175
+ async hasPresentationDefinitions() {
176
+ const defs = this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions;
177
+ return defs !== undefined && defs.length > 0;
208
178
  }
209
- getPresentationDefinitions() {
210
- return __awaiter(this, void 0, void 0, function* () {
211
- var _a;
212
- if (!(yield this.hasPresentationDefinitions())) {
213
- throw Error(`No presentation definitions found`);
214
- }
215
- return (_a = this._providedPresentationDefinitions) !== null && _a !== void 0 ? _a : (yield this.getAuthorizationRequest()).presentationDefinitions;
216
- });
179
+ async getPresentationDefinitions() {
180
+ if (!(await this.hasPresentationDefinitions())) {
181
+ throw Error(`No presentation definitions found`);
182
+ }
183
+ return this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions;
217
184
  }
218
- getOID4VP(args) {
219
- return __awaiter(this, void 0, void 0, function* () {
220
- var _a;
221
- return yield OID4VP_1.OID4VP.init(this, (_a = args.allIdentifiers) !== null && _a !== void 0 ? _a : [], args.hasher);
222
- });
185
+ async getOID4VP(args) {
186
+ return await OID4VP.init(this, args.allIdentifiers ?? [], args.hasher);
223
187
  }
224
188
  createPresentationVerificationCallback(context) {
225
- function presentationVerificationCallback(args, presentationSubmission) {
226
- return __awaiter(this, void 0, void 0, function* () {
227
- let result;
228
- if (ssi_types_1.CredentialMapper.isSdJwtEncoded(args)) {
229
- try {
230
- const sdJwtResult = yield context.agent.verifySdJwtPresentation({ presentation: args });
231
- result = {
232
- verified: 'header' in sdJwtResult,
233
- error: 'header' in sdJwtResult ? undefined : { message: 'could not verify SD JWT presentation' },
234
- };
235
- }
236
- catch (error) {
237
- result = {
238
- verified: false,
239
- error: { message: error.message },
240
- };
241
- }
189
+ async function presentationVerificationCallback(args, presentationSubmission) {
190
+ let result;
191
+ if (CredentialMapper.isSdJwtEncoded(args)) {
192
+ try {
193
+ const sdJwtResult = await context.agent.verifySdJwtPresentation({ presentation: args });
194
+ result = {
195
+ verified: 'header' in sdJwtResult,
196
+ error: 'header' in sdJwtResult ? undefined : { message: 'could not verify SD JWT presentation' },
197
+ };
242
198
  }
243
- else {
244
- // @ts-ignore TODO IVerifiablePresentation has too many union types for Veramo
245
- result = yield context.agent.verifyPresentation({ presentation: args });
199
+ catch (error) {
200
+ result = {
201
+ verified: false,
202
+ error: { message: error.message },
203
+ };
246
204
  }
247
- return result;
248
- });
205
+ }
206
+ else {
207
+ // @ts-ignore TODO IVerifiablePresentation has too many union types for Veramo
208
+ result = await context.agent.verifyPresentation({ presentation: args });
209
+ }
210
+ return result;
249
211
  }
250
212
  return presentationVerificationCallback;
251
213
  }
252
- createJarmResponseCallback(_a) {
253
- return __awaiter(this, arguments, void 0, function* ({ responseOpts, }) {
254
- const agent = this.context.agent;
255
- return function jarmResponse(opts) {
256
- return __awaiter(this, void 0, void 0, function* () {
257
- var _a, _b;
258
- const { clientMetadata, requestObjectPayload, authorizationResponsePayload: authResponse } = opts;
259
- const jwk = yield did_auth_siop_1.OP.extractEncJwksFromClientMetadata(clientMetadata);
260
- // @ts-ignore // FIXME: Fix jwk inference
261
- const recipientKey = yield agent.identifierExternalResolveByJwk({ identifier: jwk });
262
- return yield agent
263
- .jwtEncryptJweCompactJwt({
264
- recipientKey,
265
- protectedHeader: {},
266
- alg: (_a = requestObjectPayload.client_metadata.authorization_encrypted_response_alg) !== null && _a !== void 0 ? _a : 'ECDH-ES',
267
- enc: (_b = requestObjectPayload.client_metadata.authorization_encrypted_response_enc) !== null && _b !== void 0 ? _b : 'A256GCM',
268
- apv: (0, ssi_sdk_core_1.encodeBase64url)(opts.requestObjectPayload.nonce),
269
- apu: (0, ssi_sdk_core_1.encodeBase64url)((0, uuid_1.v4)()),
270
- payload: authResponse,
271
- issuer: responseOpts.issuer,
272
- audience: responseOpts.audience,
273
- })
274
- .then((result) => {
275
- return { response: result.jwt };
276
- });
277
- });
278
- };
279
- });
214
+ async createJarmResponseCallback({ responseOpts, }) {
215
+ const agent = this.context.agent;
216
+ return async function jarmResponse(opts) {
217
+ const { clientMetadata, requestObjectPayload, authorizationResponsePayload: authResponse } = opts;
218
+ const jwk = await OP.extractEncJwksFromClientMetadata(clientMetadata);
219
+ // @ts-ignore // FIXME: Fix jwk inference
220
+ const recipientKey = await agent.identifierExternalResolveByJwk({ identifier: jwk });
221
+ return await agent
222
+ .jwtEncryptJweCompactJwt({
223
+ recipientKey,
224
+ protectedHeader: {},
225
+ alg: requestObjectPayload.client_metadata.authorization_encrypted_response_alg ?? 'ECDH-ES',
226
+ enc: requestObjectPayload.client_metadata.authorization_encrypted_response_enc ?? 'A256GCM',
227
+ apv: encodeBase64url(opts.requestObjectPayload.nonce),
228
+ apu: encodeBase64url(v4()),
229
+ payload: authResponse,
230
+ issuer: responseOpts.issuer,
231
+ audience: responseOpts.audience,
232
+ })
233
+ .then((result) => {
234
+ return { response: result.jwt };
235
+ });
236
+ };
280
237
  }
281
- sendAuthorizationResponse(args) {
282
- return __awaiter(this, void 0, void 0, function* () {
283
- var _a, _b, _c, _d;
284
- const resolveOpts = (_a = this.options.resolveOpts) !== null && _a !== void 0 ? _a : {
285
- resolver: (0, ssi_sdk_ext_did_utils_1.getAgentResolver)(this.context, {
286
- uniresolverResolution: true,
287
- localResolution: true,
288
- resolverResolution: true,
289
- }),
290
- };
291
- if (!resolveOpts.subjectSyntaxTypesSupported || resolveOpts.subjectSyntaxTypesSupported.length === 0) {
292
- resolveOpts.subjectSyntaxTypesSupported = yield this.getSupportedDIDMethods(true);
238
+ async sendAuthorizationResponse(args) {
239
+ const resolveOpts = this.options.resolveOpts ?? {
240
+ resolver: getAgentResolver(this.context, {
241
+ uniresolverResolution: true,
242
+ localResolution: true,
243
+ resolverResolution: true,
244
+ }),
245
+ };
246
+ if (!resolveOpts.subjectSyntaxTypesSupported || resolveOpts.subjectSyntaxTypesSupported.length === 0) {
247
+ resolveOpts.subjectSyntaxTypesSupported = await this.getSupportedDIDMethods(true);
248
+ }
249
+ //todo: populate with the right verification params. In did-auth-siop we don't have any test that actually passes this parameter
250
+ const verification = {
251
+ presentationVerificationCallback: this.createPresentationVerificationCallback(this.context),
252
+ };
253
+ const request = await this.getAuthorizationRequest();
254
+ const hasDefinitions = await this.hasPresentationDefinitions();
255
+ if (hasDefinitions) {
256
+ const totalInputDescriptors = request.presentationDefinitions?.reduce((sum, pd) => {
257
+ return sum + pd.definition.input_descriptors.length;
258
+ }, 0);
259
+ const totalVCs = args.verifiablePresentations ? this.countVCsInAllVPs(args.verifiablePresentations, args.hasher) : 0;
260
+ if (!request.presentationDefinitions || !args.verifiablePresentations || totalVCs !== totalInputDescriptors) {
261
+ throw Error(`Amount of presentations ${args.verifiablePresentations?.length}, doesn't match expected ${request.presentationDefinitions?.length}`);
293
262
  }
294
- //todo: populate with the right verification params. In did-auth-siop we don't have any test that actually passes this parameter
295
- const verification = {
296
- presentationVerificationCallback: this.createPresentationVerificationCallback(this.context),
297
- };
298
- const request = yield this.getAuthorizationRequest();
299
- const hasDefinitions = yield this.hasPresentationDefinitions();
300
- if (hasDefinitions) {
301
- const totalInputDescriptors = (_b = request.presentationDefinitions) === null || _b === void 0 ? void 0 : _b.reduce((sum, pd) => {
302
- return sum + pd.definition.input_descriptors.length;
303
- }, 0);
304
- const totalVCs = args.verifiablePresentations ? this.countVCsInAllVPs(args.verifiablePresentations, args.hasher) : 0;
305
- if (!request.presentationDefinitions || !args.verifiablePresentations || totalVCs !== totalInputDescriptors) {
306
- throw Error(`Amount of presentations ${(_c = args.verifiablePresentations) === null || _c === void 0 ? void 0 : _c.length}, doesn't match expected ${(_d = request.presentationDefinitions) === null || _d === void 0 ? void 0 : _d.length}`);
307
- }
308
- else if (!args.presentationSubmission) {
309
- throw Error(`Presentation submission is required when verifiable presentations are required`);
310
- }
263
+ else if (!args.presentationSubmission) {
264
+ throw Error(`Presentation submission is required when verifiable presentations are required`);
311
265
  }
312
- const verifiablePresentations = args.verifiablePresentations
313
- ? args.verifiablePresentations.map((vp) => ssi_types_1.CredentialMapper.storedPresentationToOriginalFormat(vp))
314
- : [];
315
- const op = yield (0, functions_1.createOP)({
316
- opOptions: Object.assign(Object.assign({}, this.options), { resolveOpts: Object.assign({}, this.options.resolveOpts), eventEmitter: this.options.eventEmitter, presentationSignCallback: this.options.presentationSignCallback, wellknownDIDVerifyCallback: this.options.wellknownDIDVerifyCallback, supportedVersions: request.versions }),
317
- idOpts: args.responseSignerOpts,
318
- context: this.context,
319
- });
320
- //TODO change this to use the new functionalities by identifier-resolver and get the jwkIssuer for the responseOpts
321
- let issuer = args.responseSignerOpts.issuer;
322
- const responseOpts = Object.assign(Object.assign(Object.assign({ verification,
323
- issuer }, (args.isFirstParty && { isFirstParty: args.isFirstParty })), (args.verifiablePresentations && {
266
+ }
267
+ const verifiablePresentations = args.verifiablePresentations
268
+ ? args.verifiablePresentations.map((vp) => CredentialMapper.storedPresentationToOriginalFormat(vp))
269
+ : [];
270
+ const op = await createOP({
271
+ opOptions: {
272
+ ...this.options,
273
+ resolveOpts: { ...this.options.resolveOpts },
274
+ eventEmitter: this.options.eventEmitter,
275
+ presentationSignCallback: this.options.presentationSignCallback,
276
+ wellknownDIDVerifyCallback: this.options.wellknownDIDVerifyCallback,
277
+ supportedVersions: request.versions,
278
+ },
279
+ idOpts: args.responseSignerOpts,
280
+ context: this.context,
281
+ });
282
+ //TODO change this to use the new functionalities by identifier-resolver and get the jwkIssuer for the responseOpts
283
+ let issuer = args.responseSignerOpts.issuer;
284
+ const responseOpts = {
285
+ verification,
286
+ issuer,
287
+ ...(args.isFirstParty && { isFirstParty: args.isFirstParty }),
288
+ ...(args.verifiablePresentations && {
324
289
  presentationExchange: {
325
290
  verifiablePresentations,
326
291
  presentationSubmission: args.presentationSubmission,
327
292
  },
328
- })), { dcqlQuery: args.dcqlResponse });
329
- const authResponse = yield op.createAuthorizationResponse(request, responseOpts);
330
- const response = yield op.submitAuthorizationResponse(authResponse, yield this.createJarmResponseCallback({ responseOpts }));
331
- if (response.status >= 400) {
332
- throw Error(`Error ${response.status}: ${response.statusText || (yield response.text())}`);
333
- }
334
- else {
335
- return response;
336
- }
337
- });
293
+ }),
294
+ dcqlQuery: args.dcqlResponse,
295
+ };
296
+ const authResponse = await op.createAuthorizationResponse(request, responseOpts);
297
+ const response = await op.submitAuthorizationResponse(authResponse, await this.createJarmResponseCallback({ responseOpts }));
298
+ if (response.status >= 400) {
299
+ throw Error(`Error ${response.status}: ${response.statusText || (await response.text())}`);
300
+ }
301
+ else {
302
+ return response;
303
+ }
338
304
  }
339
305
  countVCsInAllVPs(verifiablePresentations, hasher) {
340
306
  return verifiablePresentations.reduce((sum, vp) => {
341
- var _a, _b;
342
- if (ssi_types_1.CredentialMapper.isMsoMdocDecodedPresentation(vp) || ssi_types_1.CredentialMapper.isMsoMdocOid4VPEncoded(vp)) {
307
+ if (CredentialMapper.isMsoMdocDecodedPresentation(vp) || CredentialMapper.isMsoMdocOid4VPEncoded(vp)) {
343
308
  return sum + 1;
344
309
  }
345
- const uvp = ssi_types_1.CredentialMapper.toUniformPresentation(vp, { hasher: hasher !== null && hasher !== void 0 ? hasher : this.options.hasher });
346
- if ((_a = uvp.verifiableCredential) === null || _a === void 0 ? void 0 : _a.length) {
347
- return sum + ((_b = uvp.verifiableCredential) === null || _b === void 0 ? void 0 : _b.length);
310
+ const uvp = CredentialMapper.toUniformPresentation(vp, { hasher: hasher ?? this.options.hasher });
311
+ if (uvp.verifiableCredential?.length) {
312
+ return sum + uvp.verifiableCredential?.length;
348
313
  }
349
- const isSdJWT = ssi_types_1.CredentialMapper.isSdJwtDecodedCredential(uvp);
314
+ const isSdJWT = CredentialMapper.isSdJwtDecodedCredential(uvp);
350
315
  if (isSdJWT ||
351
- (uvp.verifiableCredential && !pex_1.PEX.allowMultipleVCsPerPresentation(uvp.verifiableCredential))) {
316
+ (uvp.verifiableCredential && !PEX.allowMultipleVCsPerPresentation(uvp.verifiableCredential))) {
352
317
  return sum + 1;
353
318
  }
354
319
  return sum;
355
320
  }, 0);
356
321
  }
357
322
  }
358
- exports.OpSession = OpSession;
359
323
  function convertDidMethod(didMethod, didPrefix) {
360
324
  if (didPrefix === false) {
361
325
  return didMethod.startsWith('did:') ? didMethod.toLowerCase().replace('did:', '') : didMethod.toLowerCase();