@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/dist/agent/DidAuthSiopOpAuthenticator.d.ts +36 -0
  2. package/dist/agent/DidAuthSiopOpAuthenticator.d.ts.map +1 -0
  3. package/dist/agent/DidAuthSiopOpAuthenticator.js +392 -0
  4. package/dist/agent/DidAuthSiopOpAuthenticator.js.map +1 -0
  5. package/dist/index.d.ts +8 -555
  6. package/dist/index.d.ts.map +1 -0
  7. package/dist/index.js +31 -2420
  8. package/dist/index.js.map +1 -1
  9. package/dist/link-handler/index.d.ts +22 -0
  10. package/dist/link-handler/index.d.ts.map +1 -0
  11. package/dist/link-handler/index.js +57 -0
  12. package/dist/link-handler/index.js.map +1 -0
  13. package/dist/localization/Localization.d.ts +9 -0
  14. package/dist/localization/Localization.d.ts.map +1 -0
  15. package/dist/localization/Localization.js +46 -0
  16. package/dist/localization/Localization.js.map +1 -0
  17. package/dist/localization/translations/en.json +9 -0
  18. package/dist/localization/translations/nl.json +8 -0
  19. package/dist/machine/CallbackStateListener.d.ts +3 -0
  20. package/dist/machine/CallbackStateListener.d.ts.map +1 -0
  21. package/dist/machine/CallbackStateListener.js +48 -0
  22. package/dist/machine/CallbackStateListener.js.map +1 -0
  23. package/dist/machine/Siopv2Machine.d.ts +8 -0
  24. package/dist/machine/Siopv2Machine.d.ts.map +1 -0
  25. package/dist/machine/Siopv2Machine.js +364 -0
  26. package/dist/machine/Siopv2Machine.js.map +1 -0
  27. package/dist/services/IdentifierService.d.ts +3 -0
  28. package/dist/services/IdentifierService.d.ts.map +1 -0
  29. package/dist/services/IdentifierService.js +28 -0
  30. package/dist/services/IdentifierService.js.map +1 -0
  31. package/dist/services/Siopv2MachineService.d.ts +18 -0
  32. package/dist/services/Siopv2MachineService.d.ts.map +1 -0
  33. package/dist/services/Siopv2MachineService.js +299 -0
  34. package/dist/services/Siopv2MachineService.js.map +1 -0
  35. package/dist/session/OID4VP.d.ts +72 -0
  36. package/dist/session/OID4VP.d.ts.map +1 -0
  37. package/dist/session/OID4VP.js +224 -0
  38. package/dist/session/OID4VP.js.map +1 -0
  39. package/dist/session/OpSession.d.ts +39 -0
  40. package/dist/session/OpSession.d.ts.map +1 -0
  41. package/dist/session/OpSession.js +365 -0
  42. package/dist/session/OpSession.js.map +1 -0
  43. package/dist/session/functions.d.ts +37 -0
  44. package/dist/session/functions.d.ts.map +1 -0
  45. package/dist/session/functions.js +163 -0
  46. package/dist/session/functions.js.map +1 -0
  47. package/dist/session/index.d.ts +4 -0
  48. package/dist/session/index.d.ts.map +1 -0
  49. package/dist/session/index.js +20 -0
  50. package/dist/session/index.js.map +1 -0
  51. package/dist/types/IDidAuthSiopOpAuthenticator.d.ts +120 -0
  52. package/dist/types/IDidAuthSiopOpAuthenticator.d.ts.map +1 -0
  53. package/dist/types/IDidAuthSiopOpAuthenticator.js +10 -0
  54. package/dist/types/IDidAuthSiopOpAuthenticator.js.map +1 -0
  55. package/dist/types/error/index.d.ts +8 -0
  56. package/dist/types/error/index.d.ts.map +1 -0
  57. package/dist/types/error/index.js +3 -0
  58. package/dist/types/error/index.js.map +1 -0
  59. package/dist/types/identifier/index.d.ts +53 -0
  60. package/dist/types/identifier/index.d.ts.map +1 -0
  61. package/dist/types/identifier/index.js +5 -0
  62. package/dist/types/identifier/index.js.map +1 -0
  63. package/dist/types/index.d.ts +6 -0
  64. package/dist/types/index.d.ts.map +1 -0
  65. package/dist/types/index.js +22 -0
  66. package/dist/types/index.js.map +1 -0
  67. package/dist/types/machine/index.d.ts +124 -0
  68. package/dist/types/machine/index.d.ts.map +1 -0
  69. package/dist/types/machine/index.js +57 -0
  70. package/dist/types/machine/index.js.map +1 -0
  71. package/dist/types/siop-service/index.d.ts +80 -0
  72. package/dist/types/siop-service/index.d.ts.map +1 -0
  73. package/dist/types/siop-service/index.js +14 -0
  74. package/dist/types/siop-service/index.js.map +1 -0
  75. package/dist/utils/CredentialUtils.d.ts +23 -0
  76. package/dist/utils/CredentialUtils.d.ts.map +1 -0
  77. package/dist/utils/CredentialUtils.js +65 -0
  78. package/dist/utils/CredentialUtils.js.map +1 -0
  79. package/dist/utils/dcql.d.ts +5 -0
  80. package/dist/utils/dcql.d.ts.map +1 -0
  81. package/dist/utils/dcql.js +37 -0
  82. package/dist/utils/dcql.js.map +1 -0
  83. package/package.json +30 -40
  84. package/src/agent/DidAuthSiopOpAuthenticator.ts +14 -13
  85. package/src/session/OpSession.ts +13 -13
  86. package/dist/index.cjs +0 -2451
  87. package/dist/index.cjs.map +0 -1
  88. package/dist/index.d.cts +0 -559
package/dist/session/OID4VP.js ADDED
@@ -0,0 +1,224 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.OID4VP = void 0;
13
+ const did_auth_siop_1 = require("@sphereon/did-auth-siop");
14
+ const pex_1 = require("@sphereon/pex");
15
+ const ssi_sdk_ext_identifier_resolution_1 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
16
+ const ssi_sdk_core_1 = require("@sphereon/ssi-sdk.core");
17
+ const ssi_sdk_credential_store_1 = require("@sphereon/ssi-sdk.credential-store");
18
+ const types_1 = require("../types");
19
+ const functions_1 = require("./functions");
20
+ class OID4VP {
21
+ constructor(args) {
22
+ const { session, allIdentifiers, hasher = ssi_sdk_core_1.defaultHasher } = args;
23
+ this.session = session;
24
+ this.allIdentifiers = allIdentifiers !== null && allIdentifiers !== void 0 ? allIdentifiers : [];
25
+ this.hasher = hasher;
26
+ }
27
+ static init(session, allIdentifiers, hasher) {
28
+ return __awaiter(this, void 0, void 0, function* () {
29
+ return new OID4VP({ session, allIdentifiers: allIdentifiers !== null && allIdentifiers !== void 0 ? allIdentifiers : (yield session.getSupportedDIDs()), hasher });
30
+ });
31
+ }
32
+ getPresentationDefinitions() {
33
+ return __awaiter(this, void 0, void 0, function* () {
34
+ const definitions = yield this.session.getPresentationDefinitions();
35
+ if (definitions) {
36
+ did_auth_siop_1.PresentationExchange.assertValidPresentationDefinitionWithLocations(definitions);
37
+ }
38
+ return definitions;
39
+ });
40
+ }
41
+ getPresentationExchange(args) {
42
+ const { verifiableCredentials, allIdentifiers, hasher } = args;
43
+ return new did_auth_siop_1.PresentationExchange({
44
+ allDIDs: allIdentifiers !== null && allIdentifiers !== void 0 ? allIdentifiers : this.allIdentifiers,
45
+ allVerifiableCredentials: verifiableCredentials,
46
+ hasher: hasher !== null && hasher !== void 0 ? hasher : this.hasher,
47
+ });
48
+ }
49
+ createVerifiablePresentations(credentialRole, credentialsWithDefinitions, opts) {
50
+ return __awaiter(this, void 0, void 0, function* () {
51
+ return yield Promise.all(credentialsWithDefinitions.map((cred) => this.createVerifiablePresentation(credentialRole, cred, opts)));
52
+ });
53
+ }
54
+ createVerifiablePresentation(credentialRole, selectedVerifiableCredentials, opts) {
55
+ return __awaiter(this, void 0, void 0, function* () {
56
+ var _a, _b, _c, _d, _e, _f, _g, _h;
57
+ const { subjectIsHolder, holder, forceNoCredentialsInVP = false } = Object.assign({}, opts);
58
+ if (subjectIsHolder && holder) {
59
+ throw Error('Cannot both have subject is holder and a holderDID value at the same time (programming error)');
60
+ }
61
+ if (forceNoCredentialsInVP) {
62
+ selectedVerifiableCredentials.credentials = [];
63
+ }
64
+ else if (!(selectedVerifiableCredentials === null || selectedVerifiableCredentials === void 0 ? void 0 : selectedVerifiableCredentials.credentials) || selectedVerifiableCredentials.credentials.length === 0) {
65
+ throw Error('No verifiable verifiableCredentials provided for presentation definition');
66
+ }
67
+ const proofOptions = Object.assign(Object.assign({}, opts === null || opts === void 0 ? void 0 : opts.proofOpts), { challenge: (_d = (_b = (_a = opts === null || opts === void 0 ? void 0 : opts.proofOpts) === null || _a === void 0 ? void 0 : _a.nonce) !== null && _b !== void 0 ? _b : (_c = opts === null || opts === void 0 ? void 0 : opts.proofOpts) === null || _c === void 0 ? void 0 : _c.challenge) !== null && _d !== void 0 ? _d : this.session.nonce, domain: (_f = (_e = opts === null || opts === void 0 ? void 0 : opts.proofOpts) === null || _e === void 0 ? void 0 : _e.domain) !== null && _f !== void 0 ? _f : (yield this.session.getRedirectUri()) });
68
+ let idOpts = opts === null || opts === void 0 ? void 0 : opts.idOpts;
69
+ if (!idOpts) {
70
+ if (opts === null || opts === void 0 ? void 0 : opts.subjectIsHolder) {
71
+ if (forceNoCredentialsInVP) {
72
+ return Promise.reject(Error(`Cannot have subject is holder, when force no credentials is being used, as we could never determine the holder then. Please provide holderDID`));
73
+ }
74
+ const firstUniqueDC = selectedVerifiableCredentials.credentials[0];
75
+ // const firstVC = firstUniqueDC.uniformVerifiableCredential!
76
+ if (typeof firstUniqueDC !== 'object' || !('digitalCredential' in firstUniqueDC)) {
77
+ return Promise.reject(Error('If no opts provided, credentials should be of type UniqueDigitalCredential'));
78
+ }
79
+ idOpts = (0, ssi_sdk_ext_identifier_resolution_1.isOID4VCIssuerIdentifier)(firstUniqueDC.digitalCredential.kmsKeyRef)
80
+ ? yield this.session.context.agent.identifierManagedGetByIssuer({
81
+ identifier: firstUniqueDC.digitalCredential.kmsKeyRef,
82
+ })
83
+ : yield this.session.context.agent.identifierManagedGetByKid({
84
+ identifier: firstUniqueDC.digitalCredential.kmsKeyRef,
85
+ kmsKeyRef: firstUniqueDC.digitalCredential.kmsKeyRef,
86
+ });
87
+ /*
88
+ const holder = CredentialMapper.isSdJwtDecodedCredential(firstVC)
89
+ ? firstVC.decodedPayload.cnf?.jwk
90
+ ? //TODO SDK-19: convert the JWK to hex and search for the appropriate key and associated DID
91
+ //doesn't apply to did:jwk only, as you can represent any DID key as a JWK. So whenever you encounter a JWK it doesn't mean it had to come from a did:jwk in the system. It just can always be represented as a did:jwk
92
+ `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0`
93
+ : firstVC.decodedPayload.sub
94
+ : Array.isArray(firstVC.credentialSubject)
95
+ ? firstVC.credentialSubject[0].id
96
+ : firstVC.credentialSubject.id
97
+ if (holder) {
98
+ idOpts = { identifier: holder }
99
+ }
100
+ */
101
+ }
102
+ else if (opts === null || opts === void 0 ? void 0 : opts.holder) {
103
+ idOpts = { identifier: opts.holder };
104
+ }
105
+ }
106
+ // We are making sure to filter, in case the user submitted all verifiableCredentials in the wallet/agent. We also make sure to get original formats back
107
+ const vcs = forceNoCredentialsInVP
108
+ ? selectedVerifiableCredentials
109
+ : (opts === null || opts === void 0 ? void 0 : opts.applyFilter)
110
+ ? yield this.filterCredentials(credentialRole, selectedVerifiableCredentials.definition, {
111
+ restrictToFormats: opts === null || opts === void 0 ? void 0 : opts.restrictToFormats,
112
+ restrictToDIDMethods: opts === null || opts === void 0 ? void 0 : opts.restrictToDIDMethods,
113
+ filterOpts: {
114
+ verifiableCredentials: selectedVerifiableCredentials.credentials,
115
+ },
116
+ })
117
+ : {
118
+ definition: selectedVerifiableCredentials.definition,
119
+ credentials: selectedVerifiableCredentials.credentials,
120
+ };
121
+ if (!idOpts) {
122
+ return Promise.reject(Error(`No identifier options present at this point`));
123
+ }
124
+ const signCallback = yield (0, functions_1.createOID4VPPresentationSignCallback)({
125
+ presentationSignCallback: this.session.options.presentationSignCallback,
126
+ idOpts,
127
+ context: this.session.context,
128
+ domain: proofOptions.domain,
129
+ challenge: proofOptions.challenge,
130
+ format: (_g = opts === null || opts === void 0 ? void 0 : opts.restrictToFormats) !== null && _g !== void 0 ? _g : selectedVerifiableCredentials.definition.definition.format,
131
+ skipDidResolution: (_h = opts === null || opts === void 0 ? void 0 : opts.skipDidResolution) !== null && _h !== void 0 ? _h : false,
132
+ });
133
+ const identifier = yield this.session.context.agent.identifierManagedGet(idOpts);
134
+ const verifiableCredentials = vcs.credentials.map((credential) => typeof credential === 'object' && 'digitalCredential' in credential ? credential.originalVerifiableCredential : credential);
135
+ const presentationResult = yield this.getPresentationExchange({
136
+ verifiableCredentials: verifiableCredentials,
137
+ allIdentifiers: this.allIdentifiers,
138
+ hasher: opts === null || opts === void 0 ? void 0 : opts.hasher,
139
+ }).createVerifiablePresentation(vcs.definition.definition, verifiableCredentials, signCallback, Object.assign({ proofOptions }, (identifier && (0, ssi_sdk_ext_identifier_resolution_1.isManagedIdentifierDidResult)(identifier) && { holderDID: identifier.did })));
140
+ const verifiablePresentations = presentationResult.verifiablePresentations.map((verifiablePresentation) => typeof verifiablePresentation !== 'string' &&
141
+ 'proof' in verifiablePresentation &&
142
+ 'jwt' in verifiablePresentation.proof &&
143
+ verifiablePresentation.proof.jwt
144
+ ? verifiablePresentation.proof.jwt
145
+ : verifiablePresentation);
146
+ return Object.assign(Object.assign({}, presentationResult), { verifiablePresentations, verifiableCredentials: verifiableCredentials, definition: selectedVerifiableCredentials.definition, idOpts });
147
+ });
148
+ }
149
+ filterCredentialsAgainstAllDefinitions(credentialRole, opts) {
150
+ return __awaiter(this, void 0, void 0, function* () {
151
+ const defs = yield this.getPresentationDefinitions();
152
+ const result = [];
153
+ if (defs) {
154
+ for (const definition of defs) {
155
+ result.push(yield this.filterCredentials(credentialRole, definition, opts));
156
+ }
157
+ }
158
+ return result;
159
+ });
160
+ }
161
+ filterCredentials(credentialRole, presentationDefinition, opts) {
162
+ return __awaiter(this, void 0, void 0, function* () {
163
+ var _a, _b, _c, _d, _e;
164
+ const udcMap = new Map();
165
+ (_b = (_a = opts === null || opts === void 0 ? void 0 : opts.filterOpts) === null || _a === void 0 ? void 0 : _a.verifiableCredentials) === null || _b === void 0 ? void 0 : _b.forEach((credential) => {
166
+ if (typeof credential === 'object' && 'digitalCredential' in credential) {
167
+ udcMap.set(credential.originalVerifiableCredential, credential);
168
+ }
169
+ else {
170
+ udcMap.set(credential, credential);
171
+ }
172
+ });
173
+ const credentials = (yield this.filterCredentialsWithSelectionStatus(credentialRole, presentationDefinition, Object.assign(Object.assign({}, opts), { filterOpts: {
174
+ verifiableCredentials: (_d = (_c = opts === null || opts === void 0 ? void 0 : opts.filterOpts) === null || _c === void 0 ? void 0 : _c.verifiableCredentials) === null || _d === void 0 ? void 0 : _d.map((credential) => {
175
+ if (typeof credential === 'object' && 'digitalCredential' in credential) {
176
+ return credential.originalVerifiableCredential;
177
+ }
178
+ else {
179
+ return credential;
180
+ }
181
+ }),
182
+ } }))).verifiableCredential;
183
+ return {
184
+ definition: presentationDefinition,
185
+ credentials: (_e = credentials === null || credentials === void 0 ? void 0 : credentials.map((vc) => udcMap.get(vc))) !== null && _e !== void 0 ? _e : [],
186
+ };
187
+ });
188
+ }
189
+ filterCredentialsWithSelectionStatus(credentialRole, presentationDefinition, opts) {
190
+ return __awaiter(this, void 0, void 0, function* () {
191
+ const selectionResults = yield this.getPresentationExchange({
192
+ verifiableCredentials: yield this.getCredentials(credentialRole, opts === null || opts === void 0 ? void 0 : opts.filterOpts),
193
+ }).selectVerifiableCredentialsForSubmission(presentationDefinition.definition, opts);
194
+ if (selectionResults.errors && selectionResults.errors.length > 0) {
195
+ throw Error(JSON.stringify(selectionResults.errors));
196
+ }
197
+ else if (selectionResults.areRequiredCredentialsPresent === pex_1.Status.ERROR) {
198
+ throw Error(`Not all required credentials are available to satisfy the relying party's request`);
199
+ }
200
+ const matches = selectionResults.matches;
201
+ if (!matches || matches.length === 0 || !selectionResults.verifiableCredential || selectionResults.verifiableCredential.length === 0) {
202
+ throw Error(JSON.stringify(selectionResults.errors));
203
+ }
204
+ return selectionResults;
205
+ });
206
+ }
207
+ getCredentials(credentialRole, filterOpts) {
208
+ return __awaiter(this, void 0, void 0, function* () {
209
+ if ((filterOpts === null || filterOpts === void 0 ? void 0 : filterOpts.verifiableCredentials) && filterOpts.verifiableCredentials.length > 0) {
210
+ return filterOpts.verifiableCredentials;
211
+ }
212
+ const filter = (0, ssi_sdk_credential_store_1.verifiableCredentialForRoleFilter)(credentialRole, filterOpts === null || filterOpts === void 0 ? void 0 : filterOpts.filter);
213
+ const uniqueCredentials = yield this.session.context.agent.crsGetUniqueCredentials({ filter });
214
+ return uniqueCredentials.map((uniqueVC) => {
215
+ const vc = uniqueVC.uniformVerifiableCredential;
216
+ const proof = Array.isArray(vc.proof) ? vc.proof : [vc.proof];
217
+ const jwtProof = proof.find((p) => (p === null || p === void 0 ? void 0 : p.type) === types_1.DEFAULT_JWT_PROOF_TYPE);
218
+ return jwtProof ? jwtProof.jwt : vc;
219
+ });
220
+ });
221
+ }
222
+ }
223
+ exports.OID4VP = OID4VP;
224
+ //# sourceMappingURL=OID4VP.js.map
package/dist/session/OID4VP.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"OID4VP.js","sourceRoot":"","sources":["../../src/session/OID4VP.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2DAAkG;AAClG,uCAAiF;AAEjF,mGAKoD;AACpD,yDAAoE;AACpE,iFAA+G;AAG/G,oCAMiB;AACjB,2CAAkE;AAGlE,MAAa,MAAM;IAKjB,YAAoB,IAAiB;QACnC,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,GAAG,4BAAa,EAAE,GAAG,IAAI,CAAA;QAEhE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,cAAc,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,EAAE,CAAA;QAC1C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;IAEM,MAAM,CAAO,IAAI,CAAC,OAAkB,EAAE,cAAwB,EAAE,MAAmB;;YACxF,OAAO,IAAI,MAAM,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,CAAC,MAAM,OAAO,CAAC,gBAAgB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;QAC9G,CAAC;KAAA;IAEY,0BAA0B;;YACrC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,0BAA0B,EAAE,CAAA;YACnE,IAAI,WAAW,EAAE,CAAC;gBAChB,oCAAoB,CAAC,8CAA8C,CAAC,WAAW,CAAC,CAAA;YAClF,CAAC;YACD,OAAO,WAAW,CAAA;QACpB,CAAC;KAAA;IAEO,uBAAuB,CAAC,IAAkC;QAChE,MAAM,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;QAE9D,OAAO,IAAI,oCAAoB,CAAC;YAC9B,OAAO,EAAE,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,IAAI,CAAC,cAAc;YAC9C,wBAAwB,EAAE,qBAAqB;YAC/C,MAAM,EAAE,MAAM,aAAN,MAAM,cAAN,MAAM,GAAI,IAAI,CAAC,MAAM;SAC9B,CAAC,CAAA;IACJ,CAAC;IAEY,6BAA6B,CACxC,cAA8B,EAC9B,0BAAiE,EACjE,IAWC;;YAED,OAAO,MAAM,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAA;QACnI,CAAC;KAAA;IAEY,4BAA4B,CACvC,cAA8B,EAC9B,6BAAkE,EAClE,IAWC;;;YAED,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,sBAAsB,GAAG,KAAK,EAAE,qBAAQ,IAAI,CAAE,CAAA;YAC/E,IAAI,eAAe,IAAI,MAAM,EAAE,CAAC;gBAC9B,MAAM,KAAK,CAAC,+FAA+F,CAAC,CAAA;YAC9G,CAAC;YACD,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,6BAA6B,CAAC,WAAW,GAAG,EAAE,CAAA;YAChD,CAAC;iBAAM,IAAI,CAAC,CAAA,6BAA6B,aAA7B,6BAA6B,uBAA7B,6BAA6B,CAAE,WAAW,CAAA,IAAI,6BAA6B,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjH,MAAM,KAAK,CAAC,0EAA0E,CAAC,CAAA;YACzF,CAAC;YAED,MAAM,YAAY,mCACb,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,SAAS,KAClB,SAAS,EAAE,MAAA,MAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,SAAS,0CAAE,KAAK,mCAAI,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,SAAS,0CAAE,SAAS,mCAAI,IAAI,CAAC,OAAO,CAAC,KAAK,EACrF,MAAM,EAAE,MAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,SAAS,0CAAE,MAAM,mCAAI,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,GACzE,CAAA;YAED,IAAI,MAAM,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,CAAA;YACzB,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,eAAe,EAAE,CAAC;oBAC1B,IAAI,sBAAsB,EAAE,CAAC;wBAC3B,OAAO,OAAO,CAAC,MAAM,CACnB,KAAK,CACH,+IAA+I,CAChJ,CACF,CAAA;oBACH,CAAC;oBACD,MAAM,aAAa,GAAG,6BAA6B,CAAC,WAAW,CAAC,CAAC,CAAC,CAAA;oBAClE,oEAAoE;oBACpE,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,CAAC,CAAC,mBAAmB,IAAI,aAAa,CAAC,EAAE,CAAC;wBACjF,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC,CAAA;oBAC5G,CAAC;oBAED,MAAM,GAAG,IAAA,4DAAwB,EAAC,aAAa,CAAC,iBAAiB,CAAC,SAAS,CAAC;wBAC1E,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC;4BAC5D,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,SAAS;yBACtD,CAAC;wBACJ,CAAC,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC;4BACzD,UAAU,EAAE,aAAa,CAAC,iBAAiB,CAAC,SAAS;4BACrD,SAAS,EAAE,aAAa,CAAC,iBAAiB,CAAC,SAAS;yBACrD,CAAC,CAAA;oBAEN;;;;;;;;;;;;;cAaN;gBACI,CAAC;qBAAM,IAAI,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM,EAAE,CAAC;oBACxB,MAAM,GAAG,EAAE,UAAU,EAAE,IAAI,CAAC,MAAM,EAAE,CAAA;gBACtC,CAAC;YACH,CAAC;YAED,yJAAyJ;YACzJ,MAAM,GAAG,GAAG,sBAAsB;gBAChC,CAAC,CAAC,6BAA6B;gBAC/B,CAAC,CAAC,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW;oBACjB,CAAC,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,6BAA6B,CAAC,UAAU,EAAE;wBACrF,iBAAiB,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB;wBAC1C,oBAAoB,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,oBAAoB;wBAChD,UAAU,EAAE;4BACV,qBAAqB,EAAE,6BAA6B,CAAC,WAAW;yBACjE;qBACF,CAAC;oBACJ,CAAC,CAAC;wBACE,UAAU,EAAE,6BAA6B,CAAC,UAAU;wBACpD,WAAW,EAAE,6BAA6B,CAAC,WAAW;qBACvD,CAAA;YAEP,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC,CAAA;YAC7E,CAAC;YAED,MAAM,YAAY,GAAG,MAAM,IAAA,gDAAoC,EAAC;gBAC9D,wBAAwB,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,wBAAwB;gBACvE,MAAM;gBACN,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;gBAC7B,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,SAAS,EAAE,YAAY,CAAC,SAAS;gBACjC,MAAM,EAAE,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB,mCAAI,6BAA6B,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7F,iBAAiB,EAAE,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB,mCAAI,KAAK;aACpD,CAAC,CAAA;YACF,MAAM,UAAU,GAA4B,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAA;YACzG,MAAM,qBAAqB,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAC/D,OAAO,UAAU,KAAK,QAAQ,IAAI,mBAAmB,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,4BAA6B,CAAC,CAAC,CAAC,UAAU,CAC5H,CAAA;YACD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC;gBAC5D,qBAAqB,EAAE,qBAAqB;gBAC5C,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,MAAM,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,MAAM;aACrB,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,EAAE,qBAAqB,EAAE,YAAY,kBAC5F,YAAY,IAET,CAAC,UAAU,IAAI,IAAA,gEAA4B,EAAC,UAAU,CAAC,IAAI,EAAE,SAAS,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,EAC5F,CAAA;YAEF,MAAM,uBAAuB,GAAG,kBAAkB,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC,sBAAsB,EAAE,EAAE,CACxG,OAAO,sBAAsB,KAAK,QAAQ;gBAC1C,OAAO,IAAI,sBAAsB;gBACjC,KAAK,IAAI,sBAAsB,CAAC,KAAK;gBACrC,sBAAsB,CAAC,KAAK,CAAC,GAAG;gBAC9B,CAAC,CAAC,sBAAsB,CAAC,KAAK,CAAC,GAAG;gBAClC,CAAC,CAAC,sBAAsB,CAC3B,CAAA;YAED,uCACK,kBAAkB,KACrB,uBAAuB,EACvB,qBAAqB,EAAE,qBAAqB,EAC5C,UAAU,EAAE,6BAA6B,CAAC,UAAU,EACpD,MAAM,IACP;QACH,CAAC;KAAA;IAEY,sCAAsC,CACjD,cAA8B,EAC9B,IAQC;;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,0BAA0B,EAAE,CAAA;YACpD,MAAM,MAAM,GAA0C,EAAE,CAAA;YACxD,IAAI,IAAI,EAAE,CAAC;gBACT,KAAK,MAAM,UAAU,IAAI,IAAI,EAAE,CAAC;oBAC9B,MAAM,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC,CAAA;gBAC7E,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;KAAA;IAEY,iBAAiB,CAC5B,cAA8B,EAC9B,sBAA0D,EAC1D,IAKC;;;YAED,MAAM,MAAM,GAAG,IAAI,GAAG,EAAwF,CAAA;YAC9G,MAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,0CAAE,qBAAqB,0CAAE,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;gBAC9D,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,mBAAmB,IAAI,UAAU,EAAE,CAAC;oBACxE,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,4BAA6B,EAAE,UAAU,CAAC,CAAA;gBAClE,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;gBACpC,CAAC;YACH,CAAC,CAAC,CAAA;YAEF,MAAM,WAAW,GAAG,CAClB,MAAM,IAAI,CAAC,oCAAoC,CAAC,cAAc,EAAE,sBAAsB,kCACjF,IAAI,KACP,UAAU,EAAE;oBACV,qBAAqB,EAAE,MAAA,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,0CAAE,qBAAqB,0CAAE,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;wBACjF,IAAI,OAAO,UAAU,KAAK,QAAQ,IAAI,mBAAmB,IAAI,UAAU,EAAE,CAAC;4BACxE,OAAO,UAAU,CAAC,4BAA6B,CAAA;wBACjD,CAAC;6BAAM,CAAC;4BACN,OAAO,UAAU,CAAA;wBACnB,CAAC;oBACH,CAAC,CAAC;iBACH,IACD,CACH,CAAC,oBAAoB,CAAA;YACtB,OAAO;gBACL,UAAU,EAAE,sBAAsB;gBAClC,WAAW,EAAE,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAE,CAAC,mCAAI,EAAE;aAC7D,CAAA;QACH,CAAC;KAAA;IAEY,oCAAoC,CAC/C,cAA8B,EAC9B,sBAA0D,EAC1D,IAKC;;YAED,MAAM,gBAAgB,GAAkB,MAAM,IAAI,CAAC,uBAAuB,CAAC;gBACzE,qBAAqB,EAAE,MAAM,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,UAAU,CAAC;aACnF,CAAC,CAAC,wCAAwC,CAAC,sBAAsB,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;YACpF,IAAI,gBAAgB,CAAC,MAAM,IAAI,gBAAgB,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAClE,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAA;YACtD,CAAC;iBAAM,IAAI,gBAAgB,CAAC,6BAA6B,KAAK,YAAM,CAAC,KAAK,EAAE,CAAC;gBAC3E,MAAM,KAAK,CAAC,mFAAmF,CAAC,CAAA;YAClG,CAAC;YAED,MAAM,OAAO,GAA6C,gBAAgB,CAAC,OAAO,CAAA;YAClF,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,oBAAoB,IAAI,gBAAgB,CAAC,oBAAoB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrI,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAA;YACtD,CAAC;YACD,OAAO,gBAAgB,CAAA;QACzB,CAAC;KAAA;IAEa,cAAc,CAC1B,cAA8B,EAC9B,UAGC;;YAED,IAAI,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,qBAAqB,KAAI,UAAU,CAAC,qBAAqB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrF,OAAO,UAAU,CAAC,qBAAqB,CAAA;YACzC,CAAC;YAED,MAAM,MAAM,GAAG,IAAA,4DAAiC,EAAC,cAAc,EAAE,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,CAAC,CAAA;YACpF,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAA;YAC9F,OAAO,iBAAiB,CAAC,GAAG,CAAC,CAAC,QAAiC,EAAE,EAAE;gBACjE,MAAM,EAAE,GAAG,QAAQ,CAAC,2BAA4B,CAAA;gBAChD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAA;gBAC7D,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,IAAI,MAAK,8BAAsB,CAAC,CAAA;gBAC9E,OAAO,QAAQ,CAAC,CAAC,CAAE,QAAQ,CAAC,GAAkB,CAAC,CAAC,CAAC,EAAE,CAAA;YACrD,CAAC,CAAC,CAAA;QACJ,CAAC;KAAA;CACF;AA1SD,wBA0SC"}
package/dist/session/OpSession.d.ts ADDED
@@ -0,0 +1,39 @@
1
+ import { PresentationDefinitionWithLocation, URI, VerifiedAuthorizationRequest } from '@sphereon/did-auth-siop';
2
+ import { IIdentifier } from '@veramo/core';
3
+ import { IOPOptions, IOpSessionArgs, IOpSessionGetOID4VPArgs, IOpsSendSiopAuthorizationResponseArgs, IRequiredContext } from '../types';
4
+ import { OID4VP } from './OID4VP';
5
+ export declare class OpSession {
6
+ readonly ts: number;
7
+ readonly id: string;
8
+ readonly options: IOPOptions;
9
+ readonly context: IRequiredContext;
10
+ private readonly requestJwtOrUri;
11
+ private verifiedAuthorizationRequest?;
12
+ private _nonce?;
13
+ private _state?;
14
+ private readonly _providedPresentationDefinitions?;
15
+ private constructor();
16
+ static init(options: Required<IOpSessionArgs>): Promise<OpSession>;
17
+ getAuthorizationRequest(): Promise<VerifiedAuthorizationRequest>;
18
+ getAuthorizationRequestURI(): Promise<URI>;
19
+ get nonce(): string;
20
+ get state(): string;
21
+ clear(): OpSession;
22
+ getSupportedDIDMethods(didPrefix?: boolean): Promise<string[]>;
23
+ private getAgentDIDMethodsSupported;
24
+ private getSubjectSyntaxTypesSupported;
25
+ private getRPDIDMethodsSupported;
26
+ getSupportedIdentifiers(opts?: {
27
+ createInCaseNoDIDFound?: boolean;
28
+ }): Promise<IIdentifier[]>;
29
+ getSupportedDIDs(): Promise<string[]>;
30
+ getRedirectUri(): Promise<string>;
31
+ hasPresentationDefinitions(): Promise<boolean>;
32
+ getPresentationDefinitions(): Promise<Array<PresentationDefinitionWithLocation> | undefined>;
33
+ getOID4VP(args: IOpSessionGetOID4VPArgs): Promise<OID4VP>;
34
+ private createPresentationVerificationCallback;
35
+ private createJarmResponseCallback;
36
+ sendAuthorizationResponse(args: IOpsSendSiopAuthorizationResponseArgs): Promise<Response>;
37
+ private countVCsInAllVPs;
38
+ }
39
+ //# sourceMappingURL=OpSession.d.ts.map
package/dist/session/OpSession.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"OpSession.d.ts","sourceRoot":"","sources":["../../src/session/OpSession.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,kCAAkC,EAMlC,GAAG,EAEH,4BAA4B,EAC7B,MAAM,yBAAyB,CAAA;AAehC,OAAO,EAAE,WAAW,EAA2B,MAAM,cAAc,CAAA;AAGnE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,uBAAuB,EAAE,qCAAqC,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAEvI,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAKjC,qBAAa,SAAS;IACpB,SAAgB,EAAE,SAAuB;IACzC,SAAgB,EAAE,EAAE,MAAM,CAAA;IAC1B,SAAgB,OAAO,EAAE,UAAU,CAAA;IACnC,SAAgB,OAAO,EAAE,gBAAgB,CAAA;IACzC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAc;IAC9C,OAAO,CAAC,4BAA4B,CAAC,CAA0C;IAC/E,OAAO,CAAC,MAAM,CAAC,CAAQ;IACvB,OAAO,CAAC,MAAM,CAAC,CAAQ;IACvB,OAAO,CAAC,QAAQ,CAAC,gCAAgC,CAAC,CAAsC;IAExF,OAAO;WAQa,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,cAAc,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;IAIlE,uBAAuB,IAAI,OAAO,CAAC,4BAA4B,CAAC;IAahE,0BAA0B,IAAI,OAAO,CAAC,GAAG,CAAC;IAIvD,IAAI,KAAK,WAKR;IAED,IAAI,KAAK,WAKR;IAEM,KAAK,IAAI,SAAS;IAOZ,sBAAsB,CAAC,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IA0B3E,OAAO,CAAC,2BAA2B;YAMrB,8BAA8B;YAM9B,wBAAwB;IAiDzB,uBAAuB,CAAC,IAAI,CAAC,EAAE;QAAE,sBAAsB,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IA6B5F,gBAAgB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAIrC,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC;IAIjC,0BAA0B,IAAI,OAAO,CAAC,OAAO,CAAC;IAK9C,0BAA0B,IAAI,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,GAAG,SAAS,CAAC;IAO5F,SAAS,CAAC,IAAI,EAAE,uBAAuB,GAAG,OAAO,CAAC,MAAM,CAAC;IAItE,OAAO,CAAC,sCAAsC;YA6BhC,0BAA0B;IAyC3B,yBAAyB,CAAC,IAAI,EAAE,qCAAqC,GAAG,OAAO,CAAC,QAAQ,CAAC;IAyEtG,OAAO,CAAC,gBAAgB;CAoBzB"}
package/dist/session/OpSession.js ADDED
@@ -0,0 +1,365 @@
1
+ "use strict";
2
+ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
+ return new (P || (P = Promise))(function (resolve, reject) {
5
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
9
+ });
10
+ };
11
+ var __importDefault = (this && this.__importDefault) || function (mod) {
12
+ return (mod && mod.__esModule) ? mod : { "default": mod };
13
+ };
14
+ Object.defineProperty(exports, "__esModule", { value: true });
15
+ exports.OpSession = void 0;
16
+ const did_auth_siop_1 = require("@sphereon/did-auth-siop");
17
+ const ssi_sdk_ext_did_utils_1 = require("@sphereon/ssi-sdk-ext.did-utils");
18
+ const ssi_sdk_core_1 = require("@sphereon/ssi-sdk.core");
19
+ const ssi_types_1 = require("@sphereon/ssi-types");
20
+ const debug_1 = __importDefault(require("debug"));
21
+ const uuid_1 = require("uuid");
22
+ const functions_1 = require("./functions");
23
+ const OID4VP_1 = require("./OID4VP");
24
+ const pex_1 = require("@sphereon/pex");
25
+ const debug = (0, debug_1.default)(`sphereon:sdk:siop:op-session`);
26
+ class OpSession {
27
+ constructor(options) {
28
+ this.ts = new Date().getDate();
29
+ this.id = options.sessionId;
30
+ this.options = options.op;
31
+ this.context = options.context;
32
+ this.requestJwtOrUri = options.requestJwtOrUri;
33
+ this._providedPresentationDefinitions = options.providedPresentationDefinitions;
34
+ }
35
+ static init(options) {
36
+ return __awaiter(this, void 0, void 0, function* () {
37
+ return new OpSession(options);
38
+ });
39
+ }
40
+ getAuthorizationRequest() {
41
+ return __awaiter(this, void 0, void 0, function* () {
42
+ if (!this.verifiedAuthorizationRequest) {
43
+ const op = yield (0, functions_1.createOP)({ opOptions: this.options, context: this.context });
44
+ this.verifiedAuthorizationRequest = yield op.verifyAuthorizationRequest(this.requestJwtOrUri);
45
+ this._nonce = yield this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('nonce');
46
+ this._state = yield this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty('state');
47
+ // only used to ensure that we have DID methods supported
48
+ yield this.getSupportedDIDMethods();
49
+ }
50
+ return this.verifiedAuthorizationRequest;
51
+ });
52
+ }
53
+ getAuthorizationRequestURI() {
54
+ return __awaiter(this, void 0, void 0, function* () {
55
+ return yield did_auth_siop_1.URI.fromAuthorizationRequest((yield this.getAuthorizationRequest()).authorizationRequest);
56
+ });
57
+ }
58
+ get nonce() {
59
+ if (!this._nonce) {
60
+ throw Error('No nonce available. Please get authorization request first');
61
+ }
62
+ return this._nonce;
63
+ }
64
+ get state() {
65
+ if (!this._state) {
66
+ throw Error('No state available. Please get authorization request first');
67
+ }
68
+ return this._state;
69
+ }
70
+ clear() {
71
+ this._nonce = undefined;
72
+ this._state = undefined;
73
+ this.verifiedAuthorizationRequest = undefined;
74
+ return this;
75
+ }
76
+ getSupportedDIDMethods(didPrefix) {
77
+ return __awaiter(this, void 0, void 0, function* () {
78
+ var _a;
79
+ const agentMethods = this.getAgentDIDMethodsSupported({ didPrefix });
80
+ let rpMethods = yield this.getRPDIDMethodsSupported({ didPrefix, agentMethods });
81
+ debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
82
+ if (rpMethods.dids.length === 0) {
83
+ debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
84
+ return [];
85
+ }
86
+ let intersection;
87
+ if (rpMethods.dids.includes('did')) {
88
+ intersection =
89
+ agentMethods && agentMethods.length > 0
90
+ ? agentMethods
91
+ : (yield (0, ssi_sdk_ext_did_utils_1.getAgentDIDMethods)(this.context)).map((method) => convertDidMethod(method, didPrefix)); // fallback to the agent in case the agent methods are undefined
92
+ }
93
+ else if (!agentMethods || agentMethods.length === 0) {
94
+ intersection = (_a = rpMethods.dids) === null || _a === void 0 ? void 0 : _a.map((method) => convertDidMethod(method, didPrefix));
95
+ }
96
+ else {
97
+ intersection = agentMethods.filter((value) => rpMethods.dids.includes(value));
98
+ }
99
+ if (intersection.length === 0) {
100
+ throw Error('No matching DID methods between agent and relying party');
101
+ }
102
+ return intersection.map((value) => convertDidMethod(value, didPrefix));
103
+ });
104
+ }
105
+ getAgentDIDMethodsSupported(opts) {
106
+ var _a;
107
+ const agentMethods = (_a = this.options.supportedDIDMethods) === null || _a === void 0 ? void 0 : _a.map((method) => convertDidMethod(method, opts.didPrefix));
108
+ debug(`agent methods: ${JSON.stringify(agentMethods)}`);
109
+ return agentMethods;
110
+ }
111
+ getSubjectSyntaxTypesSupported() {
112
+ return __awaiter(this, void 0, void 0, function* () {
113
+ var _a;
114
+ const authReq = yield this.getAuthorizationRequest();
115
+ const subjectSyntaxTypesSupported = (_a = authReq.registrationMetadataPayload) === null || _a === void 0 ? void 0 : _a.subject_syntax_types_supported;
116
+ return subjectSyntaxTypesSupported !== null && subjectSyntaxTypesSupported !== void 0 ? subjectSyntaxTypesSupported : [];
117
+ });
118
+ }
119
+ getRPDIDMethodsSupported(opts) {
120
+ return __awaiter(this, void 0, void 0, function* () {
121
+ var _a, _b, _c, _d, _e, _f, _g;
122
+ let keyType;
123
+ const agentMethods = (_c = (_b = ((_a = opts.agentMethods) !== null && _a !== void 0 ? _a : this.getAgentDIDMethodsSupported(opts))) === null || _b === void 0 ? void 0 : _b.map((method) => convertDidMethod(method, opts.didPrefix))) !== null && _c !== void 0 ? _c : [];
124
+ debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
125
+ const authReq = yield this.getAuthorizationRequest();
126
+ const subjectSyntaxTypesSupported = (_e = (_d = authReq.registrationMetadataPayload) === null || _d === void 0 ? void 0 : _d.subject_syntax_types_supported) === null || _e === void 0 ? void 0 : _e.map((method) => convertDidMethod(method, opts.didPrefix)).filter((val) => !val.startsWith('did'));
127
+ debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
128
+ const aud = yield authReq.authorizationRequest.getMergedProperty('aud');
129
+ let rpMethods = [];
130
+ if (aud && aud.startsWith('did:')) {
131
+ const didMethod = convertDidMethod((0, ssi_types_1.parseDid)(aud).method, opts.didPrefix);
132
+ debug(`aud did method: ${didMethod}`);
133
+ // The RP knows our DID, so we can use it to determine the supported DID methods
134
+ // If the aud did:method is not in the supported types, there still is something wrong, unless the RP signals to support all did methods
135
+ if (subjectSyntaxTypesSupported &&
136
+ subjectSyntaxTypesSupported.length > 0 &&
137
+ !subjectSyntaxTypesSupported.includes('did') &&
138
+ !subjectSyntaxTypesSupported.includes(didMethod)) {
139
+ throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
140
+ }
141
+ rpMethods = [didMethod];
142
+ }
143
+ else if (subjectSyntaxTypesSupported) {
144
+ rpMethods = (Array.isArray(subjectSyntaxTypesSupported) ? subjectSyntaxTypesSupported : [subjectSyntaxTypesSupported]).map((method) => convertDidMethod(method, opts.didPrefix));
145
+ }
146
+ const isEBSI = rpMethods.length === 0 &&
147
+ (((_f = authReq.issuer) === null || _f === void 0 ? void 0 : _f.includes('.ebsi.eu')) || ((_g = (yield authReq.authorizationRequest.getMergedProperty('client_id'))) === null || _g === void 0 ? void 0 : _g.includes('.ebsi.eu')));
148
+ let codecName = undefined;
149
+ if (isEBSI && (!aud || !aud.startsWith('http'))) {
150
+ debug(`EBSI detected, adding did:key to supported DID methods for RP`);
151
+ const didKeyMethod = convertDidMethod('did:key', opts.didPrefix);
152
+ if (!(agentMethods === null || agentMethods === void 0 ? void 0 : agentMethods.includes(didKeyMethod))) {
153
+ throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
154
+ }
155
+ rpMethods = [didKeyMethod];
156
+ keyType = 'Secp256r1';
157
+ codecName = 'jwk_jcs-pub';
158
+ }
159
+ return { dids: rpMethods, codecName, keyType };
160
+ });
161
+ }
162
+ getSupportedIdentifiers(opts) {
163
+ return __awaiter(this, void 0, void 0, function* () {
164
+ // todo: we also need to check signature algo
165
+ const methods = yield this.getSupportedDIDMethods(true);
166
+ debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
167
+ if (methods.length === 0) {
168
+ throw Error(`No DID methods are supported`);
169
+ }
170
+ const identifiers = yield this.context.agent
171
+ .didManagerFind()
172
+ .then((ids) => ids.filter((id) => methods.includes(id.provider)));
173
+ if (identifiers.length === 0) {
174
+ debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
175
+ if ((opts === null || opts === void 0 ? void 0 : opts.createInCaseNoDIDFound) !== false) {
176
+ const { codecName, keyType } = yield this.getRPDIDMethodsSupported({
177
+ didPrefix: true,
178
+ agentMethods: methods,
179
+ });
180
+ const identifier = yield this.context.agent.didManagerCreate({
181
+ provider: methods[0],
182
+ options: { codecName, keyType, type: keyType }, // both keyType and type, because not every did provider has the same param
183
+ });
184
+ debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
185
+ identifiers.push(identifier);
186
+ }
187
+ }
188
+ debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
189
+ return identifiers;
190
+ });
191
+ }
192
+ getSupportedDIDs() {
193
+ return __awaiter(this, void 0, void 0, function* () {
194
+ return (yield this.getSupportedIdentifiers()).map((id) => id.did);
195
+ });
196
+ }
197
+ getRedirectUri() {
198
+ return __awaiter(this, void 0, void 0, function* () {
199
+ return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
200
+ });
201
+ }
202
+ hasPresentationDefinitions() {
203
+ return __awaiter(this, void 0, void 0, function* () {
204
+ var _a;
205
+ const defs = (_a = this._providedPresentationDefinitions) !== null && _a !== void 0 ? _a : (yield this.getAuthorizationRequest()).presentationDefinitions;
206
+ return defs !== undefined && defs.length > 0;
207
+ });
208
+ }
209
+ getPresentationDefinitions() {
210
+ return __awaiter(this, void 0, void 0, function* () {
211
+ var _a;
212
+ if (!(yield this.hasPresentationDefinitions())) {
213
+ throw Error(`No presentation definitions found`);
214
+ }
215
+ return (_a = this._providedPresentationDefinitions) !== null && _a !== void 0 ? _a : (yield this.getAuthorizationRequest()).presentationDefinitions;
216
+ });
217
+ }
218
+ getOID4VP(args) {
219
+ return __awaiter(this, void 0, void 0, function* () {
220
+ var _a;
221
+ return yield OID4VP_1.OID4VP.init(this, (_a = args.allIdentifiers) !== null && _a !== void 0 ? _a : [], args.hasher);
222
+ });
223
+ }
224
+ createPresentationVerificationCallback(context) {
225
+ function presentationVerificationCallback(args, presentationSubmission) {
226
+ return __awaiter(this, void 0, void 0, function* () {
227
+ let result;
228
+ if (ssi_types_1.CredentialMapper.isSdJwtEncoded(args)) {
229
+ try {
230
+ const sdJwtResult = yield context.agent.verifySdJwtPresentation({ presentation: args });
231
+ result = {
232
+ verified: 'header' in sdJwtResult,
233
+ error: 'header' in sdJwtResult ? undefined : { message: 'could not verify SD JWT presentation' },
234
+ };
235
+ }
236
+ catch (error) {
237
+ result = {
238
+ verified: false,
239
+ error: { message: error.message },
240
+ };
241
+ }
242
+ }
243
+ else {
244
+ // @ts-ignore TODO IVerifiablePresentation has too many union types for Veramo
245
+ result = yield context.agent.verifyPresentation({ presentation: args });
246
+ }
247
+ return result;
248
+ });
249
+ }
250
+ return presentationVerificationCallback;
251
+ }
252
+ createJarmResponseCallback(_a) {
253
+ return __awaiter(this, arguments, void 0, function* ({ responseOpts, }) {
254
+ const agent = this.context.agent;
255
+ return function jarmResponse(opts) {
256
+ return __awaiter(this, void 0, void 0, function* () {
257
+ var _a, _b;
258
+ const { clientMetadata, requestObjectPayload, authorizationResponsePayload: authResponse } = opts;
259
+ const jwk = yield did_auth_siop_1.OP.extractEncJwksFromClientMetadata(clientMetadata);
260
+ // @ts-ignore // FIXME: Fix jwk inference
261
+ const recipientKey = yield agent.identifierExternalResolveByJwk({ identifier: jwk });
262
+ return yield agent
263
+ .jwtEncryptJweCompactJwt({
264
+ recipientKey,
265
+ protectedHeader: {},
266
+ alg: (_a = requestObjectPayload.client_metadata.authorization_encrypted_response_alg) !== null && _a !== void 0 ? _a : 'ECDH-ES',
267
+ enc: (_b = requestObjectPayload.client_metadata.authorization_encrypted_response_enc) !== null && _b !== void 0 ? _b : 'A256GCM',
268
+ apv: (0, ssi_sdk_core_1.encodeBase64url)(opts.requestObjectPayload.nonce),
269
+ apu: (0, ssi_sdk_core_1.encodeBase64url)((0, uuid_1.v4)()),
270
+ payload: authResponse,
271
+ issuer: responseOpts.issuer,
272
+ audience: responseOpts.audience,
273
+ })
274
+ .then((result) => {
275
+ return { response: result.jwt };
276
+ });
277
+ });
278
+ };
279
+ });
280
+ }
281
+ sendAuthorizationResponse(args) {
282
+ return __awaiter(this, void 0, void 0, function* () {
283
+ var _a, _b, _c, _d;
284
+ const resolveOpts = (_a = this.options.resolveOpts) !== null && _a !== void 0 ? _a : {
285
+ resolver: (0, ssi_sdk_ext_did_utils_1.getAgentResolver)(this.context, {
286
+ uniresolverResolution: true,
287
+ localResolution: true,
288
+ resolverResolution: true,
289
+ }),
290
+ };
291
+ if (!resolveOpts.subjectSyntaxTypesSupported || resolveOpts.subjectSyntaxTypesSupported.length === 0) {
292
+ resolveOpts.subjectSyntaxTypesSupported = yield this.getSupportedDIDMethods(true);
293
+ }
294
+ //todo: populate with the right verification params. In did-auth-siop we don't have any test that actually passes this parameter
295
+ const verification = {
296
+ presentationVerificationCallback: this.createPresentationVerificationCallback(this.context),
297
+ };
298
+ const request = yield this.getAuthorizationRequest();
299
+ const hasDefinitions = yield this.hasPresentationDefinitions();
300
+ if (hasDefinitions) {
301
+ const totalInputDescriptors = (_b = request.presentationDefinitions) === null || _b === void 0 ? void 0 : _b.reduce((sum, pd) => {
302
+ return sum + pd.definition.input_descriptors.length;
303
+ }, 0);
304
+ const totalVCs = args.verifiablePresentations ? this.countVCsInAllVPs(args.verifiablePresentations, args.hasher) : 0;
305
+ if (!request.presentationDefinitions || !args.verifiablePresentations || totalVCs !== totalInputDescriptors) {
306
+ throw Error(`Amount of presentations ${(_c = args.verifiablePresentations) === null || _c === void 0 ? void 0 : _c.length}, doesn't match expected ${(_d = request.presentationDefinitions) === null || _d === void 0 ? void 0 : _d.length}`);
307
+ }
308
+ else if (!args.presentationSubmission) {
309
+ throw Error(`Presentation submission is required when verifiable presentations are required`);
310
+ }
311
+ }
312
+ const verifiablePresentations = args.verifiablePresentations
313
+ ? args.verifiablePresentations.map((vp) => ssi_types_1.CredentialMapper.storedPresentationToOriginalFormat(vp))
314
+ : [];
315
+ const op = yield (0, functions_1.createOP)({
316
+ opOptions: Object.assign(Object.assign({}, this.options), { resolveOpts: Object.assign({}, this.options.resolveOpts), eventEmitter: this.options.eventEmitter, presentationSignCallback: this.options.presentationSignCallback, wellknownDIDVerifyCallback: this.options.wellknownDIDVerifyCallback, supportedVersions: request.versions }),
317
+ idOpts: args.responseSignerOpts,
318
+ context: this.context,
319
+ });
320
+ //TODO change this to use the new functionalities by identifier-resolver and get the jwkIssuer for the responseOpts
321
+ let issuer = args.responseSignerOpts.issuer;
322
+ const responseOpts = Object.assign(Object.assign(Object.assign({ verification,
323
+ issuer }, (args.isFirstParty && { isFirstParty: args.isFirstParty })), (args.verifiablePresentations && {
324
+ presentationExchange: {
325
+ verifiablePresentations,
326
+ presentationSubmission: args.presentationSubmission,
327
+ },
328
+ })), { dcqlQuery: args.dcqlResponse });
329
+ const authResponse = yield op.createAuthorizationResponse(request, responseOpts);
330
+ const response = yield op.submitAuthorizationResponse(authResponse, yield this.createJarmResponseCallback({ responseOpts }));
331
+ if (response.status >= 400) {
332
+ throw Error(`Error ${response.status}: ${response.statusText || (yield response.text())}`);
333
+ }
334
+ else {
335
+ return response;
336
+ }
337
+ });
338
+ }
339
+ countVCsInAllVPs(verifiablePresentations, hasher) {
340
+ return verifiablePresentations.reduce((sum, vp) => {
341
+ var _a, _b;
342
+ if (ssi_types_1.CredentialMapper.isMsoMdocDecodedPresentation(vp) || ssi_types_1.CredentialMapper.isMsoMdocOid4VPEncoded(vp)) {
343
+ return sum + 1;
344
+ }
345
+ const uvp = ssi_types_1.CredentialMapper.toUniformPresentation(vp, { hasher: hasher !== null && hasher !== void 0 ? hasher : this.options.hasher });
346
+ if ((_a = uvp.verifiableCredential) === null || _a === void 0 ? void 0 : _a.length) {
347
+ return sum + ((_b = uvp.verifiableCredential) === null || _b === void 0 ? void 0 : _b.length);
348
+ }
349
+ const isSdJWT = ssi_types_1.CredentialMapper.isSdJwtDecodedCredential(uvp);
350
+ if (isSdJWT ||
351
+ (uvp.verifiableCredential && !pex_1.PEX.allowMultipleVCsPerPresentation(uvp.verifiableCredential))) {
352
+ return sum + 1;
353
+ }
354
+ return sum;
355
+ }, 0);
356
+ }
357
+ }
358
+ exports.OpSession = OpSession;
359
+ function convertDidMethod(didMethod, didPrefix) {
360
+ if (didPrefix === false) {
361
+ return didMethod.startsWith('did:') ? didMethod.toLowerCase().replace('did:', '') : didMethod.toLowerCase();
362
+ }
363
+ return didMethod.startsWith('did:') ? didMethod.toLowerCase() : `did:${didMethod.toLowerCase().replace('did:', '')}`;
364
+ }
365
+ //# sourceMappingURL=OpSession.js.map