npm - @sphereon/ssi-sdk.siopv2-oid4vp-op-auth - Versions diffs - 0.34.1-feature.SSISDK.62.218 → 0.34.1-feature.SSISDK.62.224 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-feature.SSISDK.62.218 → 0.34.1-feature.SSISDK.62.224

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.cjs +55 -12
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +46 -3
package/dist/index.js.map +1 -1
package/package.json +19 -19
package/src/agent/DidAuthSiopOpAuthenticator.ts +1 -1
package/src/machine/Siopv2Machine.ts +1 -1
package/src/services/Siopv2MachineService.ts +56 -3
package/src/session/OID4VP.ts +183 -184
package/src/types/IDidAuthSiopOpAuthenticator.ts +1 -1
package/src/types/machine/index.ts +1 -1
package/src/types/siop-service/index.ts +11 -7

package/dist/index.cjs CHANGED Viewed

@@ -424,7 +424,7 @@ var plugin_schema_default = {
 // src/agent/DidAuthSiopOpAuthenticator.ts
 var import_did_auth_siop4 = require("@sphereon/did-auth-siop");
-var import_ssi_sdk6 = require("@sphereon/ssi-sdk.data-store");
+var import_ssi_sdk7 = require("@sphereon/ssi-sdk.data-store-types");
 var import_ssi_types7 = require("@sphereon/ssi-types");
 var import_uuid2 = require("uuid");
@@ -1344,11 +1344,13 @@ var Siopv2Machine = class {
 };
 // src/services/Siopv2MachineService.ts
+var import_utils = require("@sphereon/pex/dist/main/lib/utils/index.js");
 var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.did-utils");
 var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
 var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
 var import_ssi_sdk4 = require("@sphereon/ssi-sdk.credential-store");
-var import_ssi_sdk5 = require("@sphereon/ssi-sdk.data-store");
+var import_ssi_sdk5 = require("@sphereon/ssi-sdk.data-store-types");
+var import_ssi_sdk6 = require("@sphereon/ssi-sdk.sd-jwt");
 var import_ssi_types6 = require("@sphereon/ssi-types");
 var import_dcql = require("dcql");
@@ -1390,6 +1392,7 @@ function convertToDcqlCredentials(credential, hasher) {
 __name(convertToDcqlCredentials, "convertToDcqlCredentials");
 // src/services/Siopv2MachineService.ts
+var CLOCK_SKEW = 120;
 var logger3 = import_ssi_types6.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
 var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
   const { agent } = context;
@@ -1470,8 +1473,23 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
       if (!originalVc) {
         continue;
       }
+      const decodedSdJwt = await import_ssi_types6.CredentialMapper.decodeSdJwtVcAsync(originalVc, import_ssi_sdk6.defaultGenerateDigest);
+      const updatedSdJwt = updateSdJwtCredential(decodedSdJwt, request.requestObject?.getPayload()?.nonce, domain);
+      const presentationResult = await context.agent.createSdJwtPresentation({
+        presentation: updatedSdJwt.compactSdJwtVc,
+        kb: {
+          payload: {
+            ...updatedSdJwt.kbJwt?.payload,
+            // FIXME SSISDK-44
+            nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject.getPayload().nonce,
+            // FIXME SSISDK-44
+            aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
+            iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1e3 - CLOCK_SKEW)
+          }
+        }
+      });
       if (originalVc) {
-        presentation[key] = originalVc;
+        presentation[key] = presentationResult.presentation;
       }
     }
   }
@@ -1564,6 +1582,31 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
   }
   return contacts[0].contact.displayName;
 }, "translateCorrelationIdToName");
+var updateSdJwtCredential = /* @__PURE__ */ __name((credential, nonce, aud) => {
+  const sdJwtCredential = credential;
+  const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? "sha-256";
+  const sdHash = (0, import_utils.calculateSdHash)(sdJwtCredential.compactSdJwtVc, hashAlg, import_ssi_sdk6.defaultGenerateDigest);
+  const kbJwt = {
+    // alg MUST be set by the signer
+    header: {
+      typ: "kb+jwt"
+    },
+    payload: {
+      iat: Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3),
+      sd_hash: sdHash,
+      ...nonce && {
+        nonce
+      },
+      ...aud && {
+        aud
+      }
+    }
+  };
+  return {
+    ...sdJwtCredential,
+    kbJwt
+  };
+}, "updateSdJwtCredential");
 // src/agent/DidAuthSiopOpAuthenticator.ts
 var logger4 = import_ssi_types7.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
@@ -1782,12 +1825,12 @@ var DidAuthSiopOpAuthenticator = class {
     if (correlationId) {
       const identity = {
         alias: correlationId,
-        origin: import_ssi_sdk6.IdentityOrigin.EXTERNAL,
+        origin: import_ssi_sdk7.IdentityOrigin.EXTERNAL,
         roles: [
           import_ssi_types7.CredentialRole.ISSUER
         ],
         identifier: {
-          type: correlationId.startsWith("did:") ? import_ssi_sdk6.CorrelationIdentifierType.DID : import_ssi_sdk6.CorrelationIdentifierType.URL,
+          type: correlationId.startsWith("did:") ? import_ssi_sdk7.CorrelationIdentifierType.DID : import_ssi_sdk7.CorrelationIdentifierType.URL,
           correlationId
         }
       };
@@ -1810,7 +1853,7 @@ var DidAuthSiopOpAuthenticator = class {
     if (authorizationRequestData === void 0) {
       return Promise.reject(Error("Missing authorization request data in context"));
     }
-    const response = await siopSendAuthorizationResponse(import_ssi_sdk6.ConnectionType.SIOPv2_OpenID4VP, {
+    const response = await siopSendAuthorizationResponse(import_ssi_sdk7.ConnectionType.SIOPv2_OpenID4VP, {
       sessionId: didAuthConfig.sessionId,
       ...args.idOpts && {
         idOpts: args.idOpts
@@ -1875,12 +1918,12 @@ var OID4VPCallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
 }, "OID4VPCallbackStateListener");
 // src/link-handler/index.ts
-var import_ssi_sdk7 = require("@sphereon/ssi-sdk.agent-config");
-var import_ssi_sdk8 = require("@sphereon/ssi-sdk.core");
-var import_ssi_sdk9 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
+var import_ssi_sdk8 = require("@sphereon/ssi-sdk.agent-config");
+var import_ssi_sdk9 = require("@sphereon/ssi-sdk.core");
+var import_ssi_sdk10 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
 var import_ssi_types9 = require("@sphereon/ssi-types");
 var logger6 = import_ssi_types9.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
-var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk8.LinkHandlerAdapter {
+var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
   static {
     __name(this, "Siopv2OID4VPLinkHandler");
   }
@@ -1906,8 +1949,8 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk8.LinkHandlerAdapter {
       stateNavigationListener: this.stateNavigationListener
     });
     const interpreter = siopv2Machine.interpreter;
-    if (!this.noStateMachinePersistence && !opts?.machineState && (0, import_ssi_sdk7.contextHasPlugin)(this.context, "machineStatesFindActive")) {
-      const init = await (0, import_ssi_sdk9.interpreterStartOrResume)({
+    if (!this.noStateMachinePersistence && !opts?.machineState && (0, import_ssi_sdk8.contextHasPlugin)(this.context, "machineStatesFindActive")) {
+      const init = await (0, import_ssi_sdk10.interpreterStartOrResume)({
         interpreter,
         context: this.context,
         cleanupAllOtherInstances: true,