@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-feature.SSISDK.62.218 → 0.34.1-feature.SSISDK.62.219

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/index.cjs +54 -11
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +1 -1
  4. package/dist/index.d.ts +1 -1
  5. package/dist/index.js +44 -1
  6. package/dist/index.js.map +1 -1
  7. package/package.json +19 -19
  8. package/src/services/Siopv2MachineService.ts +55 -2
  9. package/src/types/siop-service/index.ts +10 -6
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth",
3
- "version": "0.34.1-feature.SSISDK.62.218+da5863f4",
3
+ "version": "0.34.1-feature.SSISDK.62.219+f3e005e9",
4
4
  "source": "src/index.ts",
5
5
  "type": "module",
6
6
  "main": "./dist/index.cjs",
@@ -31,21 +31,21 @@
31
31
  "@sphereon/oid4vc-common": "0.19.1-feature.SSISDK.62.162",
32
32
  "@sphereon/pex": "5.0.0-unstable.28",
33
33
  "@sphereon/pex-models": "^2.3.2",
34
- "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.SSISDK.62.218+da5863f4",
35
- "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.62.218+da5863f4",
36
- "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.SSISDK.62.218+da5863f4",
37
- "@sphereon/ssi-sdk.contact-manager": "0.34.1-feature.SSISDK.62.218+da5863f4",
38
- "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.62.218+da5863f4",
39
- "@sphereon/ssi-sdk.credential-store": "0.34.1-feature.SSISDK.62.218+da5863f4",
40
- "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.62.218+da5863f4",
41
- "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.62.218+da5863f4",
42
- "@sphereon/ssi-sdk.issuance-branding": "0.34.1-feature.SSISDK.62.218+da5863f4",
43
- "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.62.218+da5863f4",
44
- "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.62.218+da5863f4",
45
- "@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.SSISDK.62.218+da5863f4",
46
- "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.62.218+da5863f4",
47
- "@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-feature.SSISDK.62.218+da5863f4",
48
- "@sphereon/ssi-types": "0.34.1-feature.SSISDK.62.218+da5863f4",
34
+ "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.SSISDK.62.219+f3e005e9",
35
+ "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.62.219+f3e005e9",
36
+ "@sphereon/ssi-sdk-ext.jwt-service": "0.34.1-feature.SSISDK.62.219+f3e005e9",
37
+ "@sphereon/ssi-sdk.contact-manager": "0.34.1-feature.SSISDK.62.219+f3e005e9",
38
+ "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.62.219+f3e005e9",
39
+ "@sphereon/ssi-sdk.credential-store": "0.34.1-feature.SSISDK.62.219+f3e005e9",
40
+ "@sphereon/ssi-sdk.credential-validation": "0.34.1-feature.SSISDK.62.219+f3e005e9",
41
+ "@sphereon/ssi-sdk.data-store": "0.34.1-feature.SSISDK.62.219+f3e005e9",
42
+ "@sphereon/ssi-sdk.issuance-branding": "0.34.1-feature.SSISDK.62.219+f3e005e9",
43
+ "@sphereon/ssi-sdk.pd-manager": "0.34.1-feature.SSISDK.62.219+f3e005e9",
44
+ "@sphereon/ssi-sdk.presentation-exchange": "0.34.1-feature.SSISDK.62.219+f3e005e9",
45
+ "@sphereon/ssi-sdk.sd-jwt": "0.34.1-feature.SSISDK.62.219+f3e005e9",
46
+ "@sphereon/ssi-sdk.siopv2-oid4vp-common": "0.34.1-feature.SSISDK.62.219+f3e005e9",
47
+ "@sphereon/ssi-sdk.xstate-machine-persistence": "0.34.1-feature.SSISDK.62.219+f3e005e9",
48
+ "@sphereon/ssi-types": "0.34.1-feature.SSISDK.62.219+f3e005e9",
49
49
  "@sphereon/wellknown-dids-client": "^0.1.3",
50
50
  "@veramo/core": "4.2.0",
51
51
  "@veramo/credential-w3c": "4.2.0",
@@ -59,8 +59,8 @@
59
59
  },
60
60
  "devDependencies": {
61
61
  "@sphereon/did-uni-client": "^0.6.3",
62
- "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-feature.SSISDK.62.218+da5863f4",
63
- "@sphereon/ssi-sdk.agent-config": "0.34.1-feature.SSISDK.62.218+da5863f4",
62
+ "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.34.1-feature.SSISDK.62.219+f3e005e9",
63
+ "@sphereon/ssi-sdk.agent-config": "0.34.1-feature.SSISDK.62.219+f3e005e9",
64
64
  "@types/i18n-js": "^3.8.9",
65
65
  "@types/lodash.memoize": "^4.1.9",
66
66
  "@types/sha.js": "^2.4.4",
@@ -102,5 +102,5 @@
102
102
  "OpenID Connect",
103
103
  "Authenticator"
104
104
  ],
105
- "gitHead": "da5863f4eaa8081dde4e943fe78c1217d62d1079"
105
+ "gitHead": "f3e005e98495aaa97478b4448b86fa2a40ecc4de"
106
106
  }
package/src/services/Siopv2MachineService.ts CHANGED
@@ -1,9 +1,12 @@
1
- import { AuthorizationRequest, Json } from '@sphereon/did-auth-siop'
1
+ import { AuthorizationRequest } from '@sphereon/did-auth-siop'
2
+ import type { PartialSdJwtDecodedVerifiableCredential, PartialSdJwtKbJwt } from '@sphereon/pex/dist/main/lib'
3
+ import { calculateSdHash } from '@sphereon/pex/dist/main/lib/utils'
2
4
  import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from '@sphereon/ssi-sdk-ext.did-utils'
3
5
  import { isOID4VCIssuerIdentifier, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
4
6
  import { encodeJoseBlob } from '@sphereon/ssi-sdk.core'
5
7
  import { UniqueDigitalCredential, verifiableCredentialForRoleFilter } from '@sphereon/ssi-sdk.credential-store'
6
8
  import { ConnectionType } from '@sphereon/ssi-sdk.data-store'
9
+ import { defaultGenerateDigest } from '@sphereon/ssi-sdk.sd-jwt'
7
10
  import {
8
11
  CredentialMapper,
9
12
  CredentialRole,
@@ -18,6 +21,8 @@ import { OpSession } from '../session'
18
21
  import { LOGGER_NAMESPACE, RequiredContext, SelectableCredential, SelectableCredentialsMap, Siopv2HolderEvent } from '../types'
19
22
  import { convertToDcqlCredentials } from '../utils/dcql'
20
23
 
24
+ const CLOCK_SKEW = 120
25
+
21
26
  export const logger = Loggers.DEFAULT.get(LOGGER_NAMESPACE)
22
27
 
23
28
  // @ts-ignore
@@ -140,8 +145,26 @@ export const siopSendAuthorizationResponse = async (
140
145
  if (!originalVc) {
141
146
  continue
142
147
  }
148
+ // FIXME SSISDK-44
149
+ const decodedSdJwt = await CredentialMapper.decodeSdJwtVcAsync(originalVc as string, defaultGenerateDigest)
150
+ const updatedSdJwt = updateSdJwtCredential(decodedSdJwt, request.requestObject?.getPayload()?.nonce, domain)
151
+
152
+ const presentationResult = await context.agent.createSdJwtPresentation({
153
+ presentation: updatedSdJwt.compactSdJwtVc,
154
+ kb: {
155
+ payload: {
156
+ ...updatedSdJwt.kbJwt?.payload,
157
+ // FIXME SSISDK-44
158
+ nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject!.getPayload()!.nonce,
159
+ // FIXME SSISDK-44
160
+ aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
161
+ iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1000 - CLOCK_SKEW),
162
+ },
163
+ },
164
+ })
165
+
143
166
  if (originalVc) {
144
- presentation[key] = originalVc as string | { [x: string]: Json }
167
+ presentation[key] = presentationResult.presentation
145
168
  }
146
169
  }
147
170
  }
@@ -223,3 +246,33 @@ export const translateCorrelationIdToName = async (correlationId: string, contex
223
246
 
224
247
  return contacts[0].contact.displayName
225
248
  }
249
+
250
+ const updateSdJwtCredential = (
251
+ credential: SdJwtDecodedVerifiableCredential,
252
+ nonce?: string,
253
+ aud?: string,
254
+ ): PartialSdJwtDecodedVerifiableCredential => {
255
+ const sdJwtCredential = credential as SdJwtDecodedVerifiableCredential
256
+
257
+ // extract sd_alg or default to sha-256
258
+ const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? 'sha-256'
259
+ const sdHash = calculateSdHash(sdJwtCredential.compactSdJwtVc, hashAlg, defaultGenerateDigest)
260
+
261
+ const kbJwt = {
262
+ // alg MUST be set by the signer
263
+ header: {
264
+ typ: 'kb+jwt',
265
+ },
266
+ payload: {
267
+ iat: Math.floor(new Date().getTime() / 1000),
268
+ sd_hash: sdHash,
269
+ ...(nonce && { nonce }),
270
+ ...(aud && { aud }),
271
+ },
272
+ } satisfies PartialSdJwtKbJwt
273
+
274
+ return {
275
+ ...sdJwtCredential,
276
+ kbJwt,
277
+ } satisfies PartialSdJwtDecodedVerifiableCredential
278
+ }
package/src/types/siop-service/index.ts CHANGED
@@ -1,13 +1,10 @@
1
- import {
2
- PresentationSignCallback,
3
- RPRegistrationMetadataPayload,
4
- VerifiedAuthorizationRequest,
5
- } from '@sphereon/did-auth-siop'
1
+ import { PresentationSignCallback, RPRegistrationMetadataPayload, VerifiedAuthorizationRequest } from '@sphereon/did-auth-siop'
6
2
  import { IIdentifierResolution, ManagedIdentifierOptsOrResult } from '@sphereon/ssi-sdk-ext.identifier-resolution'
7
3
  import { IContactManager } from '@sphereon/ssi-sdk.contact-manager'
8
4
  import { ICredentialStore, UniqueDigitalCredential } from '@sphereon/ssi-sdk.credential-store'
9
5
  import { DidAuthConfig, ICredentialLocaleBranding, Identity, Party } from '@sphereon/ssi-sdk.data-store'
10
6
  import { IIssuanceBranding } from '@sphereon/ssi-sdk.issuance-branding'
7
+ import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt'
11
8
  import { IAgentContext, IDIDManager, IIdentifier, IResolver } from '@veramo/core'
12
9
  import { IDidAuthSiopOpAuthenticator } from '../IDidAuthSiopOpAuthenticator'
13
10
  import { Siopv2MachineContext, Siopv2MachineInterpreter, Siopv2MachineState } from '../machine'
@@ -90,5 +87,12 @@ export type OnIdentifierCreatedArgs = {
90
87
  }
91
88
 
92
89
  export type RequiredContext = IAgentContext<
93
- IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding
90
+ IContactManager &
91
+ IDidAuthSiopOpAuthenticator &
92
+ IDIDManager &
93
+ IResolver &
94
+ IIdentifierResolution &
95
+ ICredentialStore &
96
+ IIssuanceBranding &
97
+ ISDJwtPlugin
94
98
  >