@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-feature.SSISDK.78.280 → 0.34.1-feature.SSISDK.82.and.SSISDK.70.345
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +260 -201
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +15 -8
- package/dist/index.d.ts +15 -8
- package/dist/index.js +262 -203
- package/dist/index.js.map +1 -1
- package/package.json +22 -23
- package/src/services/Siopv2MachineService.ts +33 -84
- package/src/session/OID4VP.ts +162 -315
- package/src/session/OpSession.ts +4 -20
- package/src/utils/dcql.ts +7 -3
package/dist/index.cjs
CHANGED
|
@@ -67,7 +67,6 @@ __export(index_exports, {
|
|
|
67
67
|
DID_PREFIX: () => DID_PREFIX,
|
|
68
68
|
DidAuthSiopOpAuthenticator: () => DidAuthSiopOpAuthenticator,
|
|
69
69
|
LOGGER_NAMESPACE: () => LOGGER_NAMESPACE,
|
|
70
|
-
OID4VP: () => OID4VP,
|
|
71
70
|
OID4VPCallbackStateListener: () => OID4VPCallbackStateListener,
|
|
72
71
|
OpSession: () => OpSession,
|
|
73
72
|
Siopv2HolderEvent: () => Siopv2HolderEvent,
|
|
@@ -85,6 +84,7 @@ __export(index_exports, {
|
|
|
85
84
|
createOID4VPPresentationSignCallback: () => createOID4VPPresentationSignCallback,
|
|
86
85
|
createOP: () => createOP,
|
|
87
86
|
createOPBuilder: () => createOPBuilder,
|
|
87
|
+
createVerifiablePresentationForFormat: () => createVerifiablePresentationForFormat,
|
|
88
88
|
didAuthSiopOpAuthenticatorMethods: () => didAuthSiopOpAuthenticatorMethods,
|
|
89
89
|
getSigningAlgo: () => getSigningAlgo,
|
|
90
90
|
schema: () => plugin_schema_default
|
|
@@ -580,32 +580,204 @@ function getSigningAlgo(type) {
|
|
|
580
580
|
__name(getSigningAlgo, "getSigningAlgo");
|
|
581
581
|
|
|
582
582
|
// src/session/OID4VP.ts
|
|
583
|
-
var
|
|
584
|
-
|
|
585
|
-
|
|
583
|
+
var import_ssi_sdk_ext2 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
584
|
+
var import_ssi_sdk2 = require("@sphereon/ssi-sdk.sd-jwt");
|
|
585
|
+
var import_ssi_types = require("@sphereon/ssi-types");
|
|
586
|
+
|
|
587
|
+
// src/types/IDidAuthSiopOpAuthenticator.ts
|
|
588
|
+
var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
|
|
589
|
+
var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
|
|
590
|
+
|
|
591
|
+
// src/types/siop-service/index.ts
|
|
592
|
+
var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
|
|
593
|
+
Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
|
|
594
|
+
Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
|
|
595
|
+
return Siopv2HolderEvent2;
|
|
596
|
+
})({});
|
|
597
|
+
var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
|
|
598
|
+
SupportedLanguage2["ENGLISH"] = "en";
|
|
599
|
+
SupportedLanguage2["DUTCH"] = "nl";
|
|
600
|
+
return SupportedLanguage2;
|
|
601
|
+
})({});
|
|
602
|
+
|
|
603
|
+
// src/types/machine/index.ts
|
|
604
|
+
var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
|
|
605
|
+
Siopv2MachineStates2["createConfig"] = "createConfig";
|
|
606
|
+
Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
|
|
607
|
+
Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
608
|
+
Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
|
|
609
|
+
Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
|
|
610
|
+
Siopv2MachineStates2["addContact"] = "addContact";
|
|
611
|
+
Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
|
|
612
|
+
Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
|
|
613
|
+
Siopv2MachineStates2["sendResponse"] = "sendResponse";
|
|
614
|
+
Siopv2MachineStates2["handleError"] = "handleError";
|
|
615
|
+
Siopv2MachineStates2["aborted"] = "aborted";
|
|
616
|
+
Siopv2MachineStates2["declined"] = "declined";
|
|
617
|
+
Siopv2MachineStates2["error"] = "error";
|
|
618
|
+
Siopv2MachineStates2["done"] = "done";
|
|
619
|
+
return Siopv2MachineStates2;
|
|
620
|
+
})({});
|
|
621
|
+
var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
|
|
622
|
+
Siopv2MachineAddContactStates2["idle"] = "idle";
|
|
623
|
+
Siopv2MachineAddContactStates2["executing"] = "executing";
|
|
624
|
+
Siopv2MachineAddContactStates2["next"] = "next";
|
|
625
|
+
return Siopv2MachineAddContactStates2;
|
|
626
|
+
})({});
|
|
627
|
+
var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
|
|
628
|
+
Siopv2MachineEvents2["NEXT"] = "NEXT";
|
|
629
|
+
Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
|
|
630
|
+
Siopv2MachineEvents2["DECLINE"] = "DECLINE";
|
|
631
|
+
Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
|
|
632
|
+
Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
|
|
633
|
+
Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
|
|
634
|
+
Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
|
|
635
|
+
return Siopv2MachineEvents2;
|
|
636
|
+
})({});
|
|
637
|
+
var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
|
|
638
|
+
Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
|
|
639
|
+
Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
|
|
640
|
+
Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
|
|
641
|
+
Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
|
|
642
|
+
Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
|
|
643
|
+
Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
|
|
644
|
+
Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
|
|
645
|
+
Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
|
|
646
|
+
return Siopv2MachineGuards2;
|
|
647
|
+
})({});
|
|
648
|
+
var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
|
|
649
|
+
Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
|
|
650
|
+
Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
651
|
+
Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
|
|
652
|
+
Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
|
|
653
|
+
Siopv2MachineServices2["sendResponse"] = "sendResponse";
|
|
654
|
+
Siopv2MachineServices2["createConfig"] = "createConfig";
|
|
655
|
+
return Siopv2MachineServices2;
|
|
656
|
+
})({});
|
|
657
|
+
|
|
658
|
+
// src/types/identifier/index.ts
|
|
659
|
+
var DID_PREFIX = "did";
|
|
660
|
+
|
|
661
|
+
// src/session/OID4VP.ts
|
|
662
|
+
var CLOCK_SKEW = 120;
|
|
663
|
+
var logger = import_ssi_types.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
664
|
+
function extractOriginalCredential(credential) {
|
|
665
|
+
if (typeof credential === "string") {
|
|
666
|
+
return credential;
|
|
667
|
+
}
|
|
668
|
+
if ("digitalCredential" in credential) {
|
|
669
|
+
const udc = credential;
|
|
670
|
+
if (udc.originalVerifiableCredential) {
|
|
671
|
+
return udc.originalVerifiableCredential;
|
|
672
|
+
}
|
|
673
|
+
return udc.uniformVerifiableCredential;
|
|
586
674
|
}
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
// private readonly hasher?: HasherSync
|
|
590
|
-
constructor(args) {
|
|
675
|
+
if ("original" in credential) {
|
|
676
|
+
return credential.original;
|
|
591
677
|
}
|
|
592
|
-
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
678
|
+
return credential;
|
|
679
|
+
}
|
|
680
|
+
__name(extractOriginalCredential, "extractOriginalCredential");
|
|
681
|
+
function getIdentifierString(identifier) {
|
|
682
|
+
if ("opts" in identifier && "method" in identifier) {
|
|
683
|
+
if ((0, import_ssi_sdk_ext2.isManagedIdentifierDidResult)(identifier)) {
|
|
684
|
+
return identifier.did;
|
|
685
|
+
}
|
|
598
686
|
}
|
|
599
|
-
|
|
687
|
+
return identifier.issuer ?? identifier.kid ?? "";
|
|
688
|
+
}
|
|
689
|
+
__name(getIdentifierString, "getIdentifierString");
|
|
690
|
+
async function createVerifiablePresentationForFormat(credential, identifier, context) {
|
|
691
|
+
const { nonce, audience, agent, clockSkew = CLOCK_SKEW } = context;
|
|
692
|
+
const originalCredential = extractOriginalCredential(credential);
|
|
693
|
+
const documentFormat = import_ssi_types.CredentialMapper.detectDocumentType(originalCredential);
|
|
694
|
+
logger.debug(`Creating VP for format: ${documentFormat}`);
|
|
695
|
+
switch (documentFormat) {
|
|
696
|
+
case import_ssi_types.DocumentFormat.SD_JWT_VC: {
|
|
697
|
+
const decodedSdJwt = await import_ssi_types.CredentialMapper.decodeSdJwtVcAsync(typeof originalCredential === "string" ? originalCredential : originalCredential.compactSdJwtVc, import_ssi_sdk2.defaultGenerateDigest);
|
|
698
|
+
const hashAlg = decodedSdJwt.signedPayload._sd_alg ?? "sha-256";
|
|
699
|
+
const sdHash = (0, import_ssi_sdk2.calculateSdHash)(decodedSdJwt.compactSdJwtVc, hashAlg, import_ssi_sdk2.defaultGenerateDigest);
|
|
700
|
+
const kbJwtPayload = {
|
|
701
|
+
iat: Math.floor(Date.now() / 1e3 - clockSkew),
|
|
702
|
+
sd_hash: sdHash,
|
|
703
|
+
nonce,
|
|
704
|
+
aud: audience
|
|
705
|
+
};
|
|
706
|
+
const presentationResult = await agent.createSdJwtPresentation({
|
|
707
|
+
presentation: decodedSdJwt.compactSdJwtVc,
|
|
708
|
+
kb: {
|
|
709
|
+
payload: kbJwtPayload
|
|
710
|
+
}
|
|
711
|
+
});
|
|
712
|
+
return presentationResult.presentation;
|
|
713
|
+
}
|
|
714
|
+
case import_ssi_types.DocumentFormat.JSONLD: {
|
|
715
|
+
const vcObject = typeof originalCredential === "string" ? JSON.parse(originalCredential) : originalCredential;
|
|
716
|
+
const vpObject = {
|
|
717
|
+
"@context": [
|
|
718
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
719
|
+
],
|
|
720
|
+
type: [
|
|
721
|
+
"VerifiablePresentation"
|
|
722
|
+
],
|
|
723
|
+
verifiableCredential: [
|
|
724
|
+
vcObject
|
|
725
|
+
]
|
|
726
|
+
};
|
|
727
|
+
return await agent.createVerifiablePresentation({
|
|
728
|
+
presentation: vpObject,
|
|
729
|
+
proofFormat: "lds",
|
|
730
|
+
challenge: nonce,
|
|
731
|
+
domain: audience,
|
|
732
|
+
keyRef: identifier.kmsKeyRef || identifier.kid
|
|
733
|
+
});
|
|
734
|
+
}
|
|
735
|
+
case import_ssi_types.DocumentFormat.MSO_MDOC: {
|
|
736
|
+
logger.warning("mso_mdoc format has basic support - production use requires proper mdoc VP token implementation");
|
|
737
|
+
return originalCredential;
|
|
738
|
+
}
|
|
739
|
+
default: {
|
|
740
|
+
const vcJwt = typeof originalCredential === "string" ? originalCredential : JSON.stringify(originalCredential);
|
|
741
|
+
const identifierString = getIdentifierString(identifier);
|
|
742
|
+
const vpPayload = {
|
|
743
|
+
iss: identifierString,
|
|
744
|
+
aud: audience,
|
|
745
|
+
nonce,
|
|
746
|
+
vp: {
|
|
747
|
+
"@context": [
|
|
748
|
+
"https://www.w3.org/2018/credentials/v1"
|
|
749
|
+
],
|
|
750
|
+
type: [
|
|
751
|
+
"VerifiablePresentation"
|
|
752
|
+
],
|
|
753
|
+
holder: identifierString,
|
|
754
|
+
verifiableCredential: [
|
|
755
|
+
vcJwt
|
|
756
|
+
]
|
|
757
|
+
},
|
|
758
|
+
iat: Math.floor(Date.now() / 1e3 - clockSkew),
|
|
759
|
+
exp: Math.floor(Date.now() / 1e3 + 600 + clockSkew)
|
|
760
|
+
};
|
|
761
|
+
const vpJwt = await agent.createVerifiablePresentation({
|
|
762
|
+
presentation: vpPayload.vp,
|
|
763
|
+
proofFormat: "jwt",
|
|
764
|
+
domain: audience,
|
|
765
|
+
challenge: nonce,
|
|
766
|
+
keyRef: identifier.kmsKeyRef || identifier.kid
|
|
767
|
+
});
|
|
768
|
+
return vpJwt.proof?.jwt || vpJwt;
|
|
769
|
+
}
|
|
770
|
+
}
|
|
771
|
+
}
|
|
772
|
+
__name(createVerifiablePresentationForFormat, "createVerifiablePresentationForFormat");
|
|
600
773
|
|
|
601
774
|
// src/session/OpSession.ts
|
|
602
775
|
var import_did_auth_siop2 = require("@sphereon/did-auth-siop");
|
|
603
|
-
var
|
|
604
|
-
var
|
|
605
|
-
var import_ssi_types = require("@sphereon/ssi-types");
|
|
606
|
-
var import_uuid = require("uuid");
|
|
776
|
+
var import_ssi_sdk_ext3 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
777
|
+
var import_ssi_sdk3 = require("@sphereon/ssi-sdk.core");
|
|
607
778
|
var import_ssi_types2 = require("@sphereon/ssi-types");
|
|
608
|
-
var
|
|
779
|
+
var import_uuid = require("uuid");
|
|
780
|
+
var logger2 = import_ssi_types2.Loggers.DEFAULT.get("sphereon:oid4vp:OpSession");
|
|
609
781
|
var OpSession = class _OpSession {
|
|
610
782
|
static {
|
|
611
783
|
__name(this, "OpSession");
|
|
@@ -669,14 +841,14 @@ var OpSession = class _OpSession {
|
|
|
669
841
|
didPrefix,
|
|
670
842
|
agentMethods
|
|
671
843
|
});
|
|
672
|
-
|
|
844
|
+
logger2.debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
|
|
673
845
|
if (rpMethods.dids.length === 0) {
|
|
674
|
-
|
|
846
|
+
logger2.debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
|
|
675
847
|
return [];
|
|
676
848
|
}
|
|
677
849
|
let intersection;
|
|
678
850
|
if (rpMethods.dids.includes("did")) {
|
|
679
|
-
intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await (0,
|
|
851
|
+
intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await (0, import_ssi_sdk_ext3.getAgentDIDMethods)(this.context)).map((method) => convertDidMethod(method, didPrefix));
|
|
680
852
|
} else if (!agentMethods || agentMethods.length === 0) {
|
|
681
853
|
intersection = rpMethods.dids?.map((method) => convertDidMethod(method, didPrefix));
|
|
682
854
|
} else {
|
|
@@ -689,7 +861,7 @@ var OpSession = class _OpSession {
|
|
|
689
861
|
}
|
|
690
862
|
getAgentDIDMethodsSupported(opts) {
|
|
691
863
|
const agentMethods = this.options.supportedDIDMethods?.map((method) => convertDidMethod(method, opts.didPrefix));
|
|
692
|
-
|
|
864
|
+
logger2.debug(`agent methods: ${JSON.stringify(agentMethods)}`);
|
|
693
865
|
return agentMethods;
|
|
694
866
|
}
|
|
695
867
|
async getSubjectSyntaxTypesSupported() {
|
|
@@ -700,15 +872,15 @@ var OpSession = class _OpSession {
|
|
|
700
872
|
async getRPDIDMethodsSupported(opts) {
|
|
701
873
|
let keyType;
|
|
702
874
|
const agentMethods = (opts.agentMethods ?? this.getAgentDIDMethodsSupported(opts))?.map((method) => convertDidMethod(method, opts.didPrefix)) ?? [];
|
|
703
|
-
|
|
875
|
+
logger2.debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
|
|
704
876
|
const authReq = await this.getAuthorizationRequest();
|
|
705
877
|
const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported?.map((method) => convertDidMethod(method, opts.didPrefix)).filter((val) => !val.startsWith("did"));
|
|
706
|
-
|
|
878
|
+
logger2.debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
|
|
707
879
|
const aud = await authReq.authorizationRequest.getMergedProperty("aud");
|
|
708
880
|
let rpMethods = [];
|
|
709
881
|
if (aud && aud.startsWith("did:")) {
|
|
710
|
-
const didMethod = convertDidMethod((0,
|
|
711
|
-
|
|
882
|
+
const didMethod = convertDidMethod((0, import_ssi_types2.parseDid)(aud).method, opts.didPrefix);
|
|
883
|
+
logger2.debug(`aud did method: ${didMethod}`);
|
|
712
884
|
if (subjectSyntaxTypesSupported && subjectSyntaxTypesSupported.length > 0 && !subjectSyntaxTypesSupported.includes("did") && !subjectSyntaxTypesSupported.includes(didMethod)) {
|
|
713
885
|
throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
|
|
714
886
|
}
|
|
@@ -723,7 +895,7 @@ var OpSession = class _OpSession {
|
|
|
723
895
|
const isEBSI = rpMethods.length === 0 && (authReq.issuer?.includes(".ebsi.eu") || authReq.authorizationRequest.getMergedProperty("client_id")?.includes(".ebsi.eu"));
|
|
724
896
|
let codecName = void 0;
|
|
725
897
|
if (isEBSI && (!aud || !aud.startsWith("http"))) {
|
|
726
|
-
|
|
898
|
+
logger2.debug(`EBSI detected, adding did:key to supported DID methods for RP`);
|
|
727
899
|
const didKeyMethod = convertDidMethod("did:key", opts.didPrefix);
|
|
728
900
|
if (!agentMethods?.includes(didKeyMethod)) {
|
|
729
901
|
throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
|
|
@@ -742,13 +914,13 @@ var OpSession = class _OpSession {
|
|
|
742
914
|
}
|
|
743
915
|
async getSupportedIdentifiers(opts) {
|
|
744
916
|
const methods = await this.getSupportedDIDMethods(true);
|
|
745
|
-
|
|
917
|
+
logger2.debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
|
|
746
918
|
if (methods.length === 0) {
|
|
747
919
|
throw Error(`No DID methods are supported`);
|
|
748
920
|
}
|
|
749
921
|
const identifiers = await this.context.agent.didManagerFind().then((ids) => ids.filter((id) => methods.includes(id.provider)));
|
|
750
922
|
if (identifiers.length === 0) {
|
|
751
|
-
|
|
923
|
+
logger2.debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
|
|
752
924
|
if (opts?.createInCaseNoDIDFound !== false) {
|
|
753
925
|
const { codecName, keyType } = await this.getRPDIDMethodsSupported({
|
|
754
926
|
didPrefix: true,
|
|
@@ -762,11 +934,11 @@ var OpSession = class _OpSession {
|
|
|
762
934
|
type: keyType
|
|
763
935
|
}
|
|
764
936
|
});
|
|
765
|
-
|
|
937
|
+
logger2.debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
|
|
766
938
|
identifiers.push(identifier);
|
|
767
939
|
}
|
|
768
940
|
}
|
|
769
|
-
|
|
941
|
+
logger2.debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
|
|
770
942
|
return identifiers;
|
|
771
943
|
}
|
|
772
944
|
async getSupportedDIDs() {
|
|
@@ -775,9 +947,6 @@ var OpSession = class _OpSession {
|
|
|
775
947
|
async getRedirectUri() {
|
|
776
948
|
return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
|
|
777
949
|
}
|
|
778
|
-
async getOID4VP(args) {
|
|
779
|
-
return await OID4VP.init(this, args.allIdentifiers ?? [], args.hasher);
|
|
780
|
-
}
|
|
781
950
|
async createJarmResponseCallback({ responseOpts }) {
|
|
782
951
|
const agent = this.context.agent;
|
|
783
952
|
return /* @__PURE__ */ __name(async function jarmResponse(opts) {
|
|
@@ -791,8 +960,8 @@ var OpSession = class _OpSession {
|
|
|
791
960
|
protectedHeader: {},
|
|
792
961
|
alg: requestObjectPayload.client_metadata.authorization_encrypted_response_alg ?? "ECDH-ES",
|
|
793
962
|
enc: requestObjectPayload.client_metadata.authorization_encrypted_response_enc ?? "A256GCM",
|
|
794
|
-
apv: (0,
|
|
795
|
-
apu: (0,
|
|
963
|
+
apv: (0, import_ssi_sdk3.encodeBase64url)(opts.requestObjectPayload.nonce),
|
|
964
|
+
apu: (0, import_ssi_sdk3.encodeBase64url)((0, import_uuid.v4)()),
|
|
796
965
|
payload: authResponse,
|
|
797
966
|
issuer: responseOpts.issuer,
|
|
798
967
|
audience: responseOpts.audience
|
|
@@ -806,7 +975,7 @@ var OpSession = class _OpSession {
|
|
|
806
975
|
async sendAuthorizationResponse(args) {
|
|
807
976
|
const { responseSignerOpts, dcqlResponse, isFirstParty } = args;
|
|
808
977
|
const resolveOpts = this.options.resolveOpts ?? {
|
|
809
|
-
resolver: (0,
|
|
978
|
+
resolver: (0, import_ssi_sdk_ext3.getAgentResolver)(this.context, {
|
|
810
979
|
uniresolverResolution: true,
|
|
811
980
|
localResolution: true,
|
|
812
981
|
resolverResolution: true
|
|
@@ -857,80 +1026,6 @@ function convertDidMethod(didMethod, didPrefix) {
|
|
|
857
1026
|
}
|
|
858
1027
|
__name(convertDidMethod, "convertDidMethod");
|
|
859
1028
|
|
|
860
|
-
// src/types/IDidAuthSiopOpAuthenticator.ts
|
|
861
|
-
var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
|
|
862
|
-
var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
|
|
863
|
-
|
|
864
|
-
// src/types/siop-service/index.ts
|
|
865
|
-
var Siopv2HolderEvent = /* @__PURE__ */ (function(Siopv2HolderEvent2) {
|
|
866
|
-
Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
|
|
867
|
-
Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
|
|
868
|
-
return Siopv2HolderEvent2;
|
|
869
|
-
})({});
|
|
870
|
-
var SupportedLanguage = /* @__PURE__ */ (function(SupportedLanguage2) {
|
|
871
|
-
SupportedLanguage2["ENGLISH"] = "en";
|
|
872
|
-
SupportedLanguage2["DUTCH"] = "nl";
|
|
873
|
-
return SupportedLanguage2;
|
|
874
|
-
})({});
|
|
875
|
-
|
|
876
|
-
// src/types/machine/index.ts
|
|
877
|
-
var Siopv2MachineStates = /* @__PURE__ */ (function(Siopv2MachineStates2) {
|
|
878
|
-
Siopv2MachineStates2["createConfig"] = "createConfig";
|
|
879
|
-
Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
|
|
880
|
-
Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
881
|
-
Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
|
|
882
|
-
Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
|
|
883
|
-
Siopv2MachineStates2["addContact"] = "addContact";
|
|
884
|
-
Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
|
|
885
|
-
Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
|
|
886
|
-
Siopv2MachineStates2["sendResponse"] = "sendResponse";
|
|
887
|
-
Siopv2MachineStates2["handleError"] = "handleError";
|
|
888
|
-
Siopv2MachineStates2["aborted"] = "aborted";
|
|
889
|
-
Siopv2MachineStates2["declined"] = "declined";
|
|
890
|
-
Siopv2MachineStates2["error"] = "error";
|
|
891
|
-
Siopv2MachineStates2["done"] = "done";
|
|
892
|
-
return Siopv2MachineStates2;
|
|
893
|
-
})({});
|
|
894
|
-
var Siopv2MachineAddContactStates = /* @__PURE__ */ (function(Siopv2MachineAddContactStates2) {
|
|
895
|
-
Siopv2MachineAddContactStates2["idle"] = "idle";
|
|
896
|
-
Siopv2MachineAddContactStates2["executing"] = "executing";
|
|
897
|
-
Siopv2MachineAddContactStates2["next"] = "next";
|
|
898
|
-
return Siopv2MachineAddContactStates2;
|
|
899
|
-
})({});
|
|
900
|
-
var Siopv2MachineEvents = /* @__PURE__ */ (function(Siopv2MachineEvents2) {
|
|
901
|
-
Siopv2MachineEvents2["NEXT"] = "NEXT";
|
|
902
|
-
Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
|
|
903
|
-
Siopv2MachineEvents2["DECLINE"] = "DECLINE";
|
|
904
|
-
Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
|
|
905
|
-
Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
|
|
906
|
-
Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
|
|
907
|
-
Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
|
|
908
|
-
return Siopv2MachineEvents2;
|
|
909
|
-
})({});
|
|
910
|
-
var Siopv2MachineGuards = /* @__PURE__ */ (function(Siopv2MachineGuards2) {
|
|
911
|
-
Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
|
|
912
|
-
Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
|
|
913
|
-
Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
|
|
914
|
-
Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
|
|
915
|
-
Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
|
|
916
|
-
Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
|
|
917
|
-
Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
|
|
918
|
-
Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
|
|
919
|
-
return Siopv2MachineGuards2;
|
|
920
|
-
})({});
|
|
921
|
-
var Siopv2MachineServices = /* @__PURE__ */ (function(Siopv2MachineServices2) {
|
|
922
|
-
Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
|
|
923
|
-
Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
|
|
924
|
-
Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
|
|
925
|
-
Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
|
|
926
|
-
Siopv2MachineServices2["sendResponse"] = "sendResponse";
|
|
927
|
-
Siopv2MachineServices2["createConfig"] = "createConfig";
|
|
928
|
-
return Siopv2MachineServices2;
|
|
929
|
-
})({});
|
|
930
|
-
|
|
931
|
-
// src/types/identifier/index.ts
|
|
932
|
-
var DID_PREFIX = "did";
|
|
933
|
-
|
|
934
1029
|
// src/machine/Siopv2Machine.ts
|
|
935
1030
|
var import_xstate = require("xstate");
|
|
936
1031
|
|
|
@@ -977,7 +1072,7 @@ var translate = Localization.translate;
|
|
|
977
1072
|
|
|
978
1073
|
// src/machine/Siopv2Machine.ts
|
|
979
1074
|
var import_ssi_types3 = require("@sphereon/ssi-types");
|
|
980
|
-
var
|
|
1075
|
+
var logger3 = import_ssi_types3.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
981
1076
|
var Siopv2HasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
|
|
982
1077
|
const { contact } = _ctx;
|
|
983
1078
|
return contact === void 0;
|
|
@@ -1307,7 +1402,7 @@ var Siopv2Machine = class {
|
|
|
1307
1402
|
__name(this, "Siopv2Machine");
|
|
1308
1403
|
}
|
|
1309
1404
|
static newInstance(opts) {
|
|
1310
|
-
|
|
1405
|
+
logger3.info("New Siopv2Machine instance");
|
|
1311
1406
|
const interpreter = (0, import_xstate.interpret)(createSiopv2Machine(opts).withConfig({
|
|
1312
1407
|
services: {
|
|
1313
1408
|
...opts?.services
|
|
@@ -1335,7 +1430,7 @@ var Siopv2Machine = class {
|
|
|
1335
1430
|
});
|
|
1336
1431
|
}
|
|
1337
1432
|
interpreter.onTransition((snapshot) => {
|
|
1338
|
-
|
|
1433
|
+
logger3.info("onTransition to new state", snapshot.value);
|
|
1339
1434
|
});
|
|
1340
1435
|
return {
|
|
1341
1436
|
interpreter
|
|
@@ -1344,13 +1439,11 @@ var Siopv2Machine = class {
|
|
|
1344
1439
|
};
|
|
1345
1440
|
|
|
1346
1441
|
// src/services/Siopv2MachineService.ts
|
|
1347
|
-
var
|
|
1348
|
-
var
|
|
1349
|
-
var
|
|
1350
|
-
var
|
|
1351
|
-
var
|
|
1352
|
-
var import_ssi_sdk5 = require("@sphereon/ssi-sdk.data-store-types");
|
|
1353
|
-
var import_ssi_sdk6 = require("@sphereon/ssi-sdk.sd-jwt");
|
|
1442
|
+
var import_ssi_sdk_ext4 = require("@sphereon/ssi-sdk-ext.did-utils");
|
|
1443
|
+
var import_ssi_sdk_ext5 = require("@sphereon/ssi-sdk-ext.identifier-resolution");
|
|
1444
|
+
var import_ssi_sdk4 = require("@sphereon/ssi-sdk.core");
|
|
1445
|
+
var import_ssi_sdk5 = require("@sphereon/ssi-sdk.credential-store");
|
|
1446
|
+
var import_ssi_sdk6 = require("@sphereon/ssi-sdk.data-store-types");
|
|
1354
1447
|
var import_ssi_types6 = require("@sphereon/ssi-types");
|
|
1355
1448
|
var import_dcql = require("dcql");
|
|
1356
1449
|
|
|
@@ -1392,12 +1485,12 @@ function convertToDcqlCredentials(credential, hasher) {
|
|
|
1392
1485
|
__name(convertToDcqlCredentials, "convertToDcqlCredentials");
|
|
1393
1486
|
|
|
1394
1487
|
// src/services/Siopv2MachineService.ts
|
|
1395
|
-
var
|
|
1396
|
-
var
|
|
1488
|
+
var CLOCK_SKEW2 = 120;
|
|
1489
|
+
var logger4 = import_ssi_types6.Loggers.DEFAULT.get(LOGGER_NAMESPACE);
|
|
1397
1490
|
var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
|
|
1398
1491
|
const { agent } = context;
|
|
1399
1492
|
const { credentials } = args;
|
|
1400
|
-
if (connectionType !==
|
|
1493
|
+
if (connectionType !== import_ssi_sdk6.ConnectionType.SIOPv2_OpenID4VP) {
|
|
1401
1494
|
return Promise.reject(Error(`No supported authentication provider for type: ${connectionType}`));
|
|
1402
1495
|
}
|
|
1403
1496
|
const session = await agent.siopGetOPSession({
|
|
@@ -1405,10 +1498,10 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1405
1498
|
});
|
|
1406
1499
|
const request = await session.getAuthorizationRequest();
|
|
1407
1500
|
const aud = request.authorizationRequest.getMergedProperty("aud");
|
|
1408
|
-
|
|
1409
|
-
|
|
1501
|
+
logger4.debug(`AUD: ${aud}`);
|
|
1502
|
+
logger4.debug(JSON.stringify(request.authorizationRequest));
|
|
1410
1503
|
const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? "https://self-issued.me/v2";
|
|
1411
|
-
|
|
1504
|
+
logger4.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
|
|
1412
1505
|
const firstUniqueDC = credentials[0];
|
|
1413
1506
|
if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
|
|
1414
1507
|
return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
|
|
@@ -1416,10 +1509,12 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1416
1509
|
let identifier;
|
|
1417
1510
|
const digitalCredential = firstUniqueDC.digitalCredential;
|
|
1418
1511
|
const firstVC = firstUniqueDC.uniformVerifiableCredential;
|
|
1419
|
-
|
|
1420
|
-
|
|
1421
|
-
`did:jwk:${(0,
|
|
1422
|
-
|
|
1512
|
+
let holder;
|
|
1513
|
+
if (import_ssi_types6.CredentialMapper.isSdJwtDecodedCredential(firstVC)) {
|
|
1514
|
+
holder = firstVC.decodedPayload.cnf?.jwk ? `did:jwk:${(0, import_ssi_sdk4.encodeJoseBlob)(firstVC.decodedPayload.cnf?.jwk)}#0` : firstVC.decodedPayload.sub;
|
|
1515
|
+
} else {
|
|
1516
|
+
holder = Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
|
|
1517
|
+
}
|
|
1423
1518
|
if (!digitalCredential.kmsKeyRef) {
|
|
1424
1519
|
if (!holder) {
|
|
1425
1520
|
return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
|
|
@@ -1429,10 +1524,10 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1429
1524
|
identifier: holder
|
|
1430
1525
|
});
|
|
1431
1526
|
} catch (e) {
|
|
1432
|
-
|
|
1527
|
+
logger4.debug(`Holder DID not found: ${holder}`);
|
|
1433
1528
|
throw e;
|
|
1434
1529
|
}
|
|
1435
|
-
} else if ((0,
|
|
1530
|
+
} else if ((0, import_ssi_sdk_ext5.isOID4VCIssuerIdentifier)(digitalCredential.kmsKeyRef)) {
|
|
1436
1531
|
identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
|
|
1437
1532
|
identifier: firstUniqueDC.digitalCredential.kmsKeyRef
|
|
1438
1533
|
});
|
|
@@ -1460,6 +1555,13 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1460
1555
|
if (!queryResult.can_be_satisfied) {
|
|
1461
1556
|
return Promise.reject(Error("Credentials do not match required query request"));
|
|
1462
1557
|
}
|
|
1558
|
+
const presentationContext = {
|
|
1559
|
+
nonce: request.requestObject?.getPayload()?.nonce ?? session.nonce,
|
|
1560
|
+
audience: domain,
|
|
1561
|
+
agent: context.agent,
|
|
1562
|
+
clockSkew: CLOCK_SKEW2,
|
|
1563
|
+
hasher: args.hasher
|
|
1564
|
+
};
|
|
1463
1565
|
const presentation = {};
|
|
1464
1566
|
const uniqueCredentials = Array.from(dcqlCredentialsWithCredentials.values());
|
|
1465
1567
|
for (const [key, value] of Object.entries(queryResult.credential_matches)) {
|
|
@@ -1469,27 +1571,12 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1469
1571
|
if (!vc) {
|
|
1470
1572
|
continue;
|
|
1471
1573
|
}
|
|
1472
|
-
|
|
1473
|
-
|
|
1474
|
-
|
|
1475
|
-
}
|
|
1476
|
-
|
|
1477
|
-
|
|
1478
|
-
const presentationResult = await context.agent.createSdJwtPresentation({
|
|
1479
|
-
presentation: updatedSdJwt.compactSdJwtVc,
|
|
1480
|
-
kb: {
|
|
1481
|
-
payload: {
|
|
1482
|
-
...updatedSdJwt.kbJwt?.payload,
|
|
1483
|
-
// FIXME SSISDK-44
|
|
1484
|
-
nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject.getPayload().nonce,
|
|
1485
|
-
// FIXME SSISDK-44
|
|
1486
|
-
aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
|
|
1487
|
-
iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1e3 - CLOCK_SKEW)
|
|
1488
|
-
}
|
|
1489
|
-
}
|
|
1490
|
-
});
|
|
1491
|
-
if (originalVc) {
|
|
1492
|
-
presentation[key] = presentationResult.presentation;
|
|
1574
|
+
try {
|
|
1575
|
+
const vp = await createVerifiablePresentationForFormat(vc, identifier, presentationContext);
|
|
1576
|
+
presentation[key] = vp;
|
|
1577
|
+
} catch (error) {
|
|
1578
|
+
logger4.error(`Failed to create VP for credential ${key}:`, error);
|
|
1579
|
+
throw error;
|
|
1493
1580
|
}
|
|
1494
1581
|
}
|
|
1495
1582
|
}
|
|
@@ -1500,12 +1587,9 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
|
|
|
1500
1587
|
dcqlPresentation
|
|
1501
1588
|
}
|
|
1502
1589
|
});
|
|
1503
|
-
|
|
1590
|
+
logger4.debug(`Response: `, response);
|
|
1504
1591
|
return response;
|
|
1505
1592
|
}, "siopSendAuthorizationResponse");
|
|
1506
|
-
var retrieveEncodedCredential = /* @__PURE__ */ __name((credential) => {
|
|
1507
|
-
return credential.originalVerifiableCredential !== void 0 && credential.originalVerifiableCredential !== null && credential?.originalVerifiableCredential?.compactSdJwtVc !== void 0 && credential?.originalVerifiableCredential?.compactSdJwtVc !== null ? credential.originalVerifiableCredential.compactSdJwtVc : credential.originalVerifiableCredential;
|
|
1508
|
-
}, "retrieveEncodedCredential");
|
|
1509
1593
|
var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context) => {
|
|
1510
1594
|
const agentContext = {
|
|
1511
1595
|
...context,
|
|
@@ -1513,7 +1597,7 @@ var getSelectableCredentials = /* @__PURE__ */ __name(async (dcqlQuery, context)
|
|
|
1513
1597
|
};
|
|
1514
1598
|
const { agent } = agentContext;
|
|
1515
1599
|
const uniqueVerifiableCredentials = await agent.crsGetUniqueCredentials({
|
|
1516
|
-
filter: (0,
|
|
1600
|
+
filter: (0, import_ssi_sdk5.verifiableCredentialForRoleFilter)(import_ssi_types6.CredentialRole.HOLDER)
|
|
1517
1601
|
});
|
|
1518
1602
|
const branding = await agent.ibGetCredentialBranding();
|
|
1519
1603
|
const dcqlCredentialsWithCredentials = new Map(uniqueVerifiableCredentials.map((vc) => [
|
|
@@ -1582,34 +1666,9 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
|
|
|
1582
1666
|
}
|
|
1583
1667
|
return contacts[0].contact.displayName;
|
|
1584
1668
|
}, "translateCorrelationIdToName");
|
|
1585
|
-
var updateSdJwtCredential = /* @__PURE__ */ __name((credential, nonce, aud) => {
|
|
1586
|
-
const sdJwtCredential = credential;
|
|
1587
|
-
const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? "sha-256";
|
|
1588
|
-
const sdHash = (0, import_utils.calculateSdHash)(sdJwtCredential.compactSdJwtVc, hashAlg, import_ssi_sdk6.defaultGenerateDigest);
|
|
1589
|
-
const kbJwt = {
|
|
1590
|
-
// alg MUST be set by the signer
|
|
1591
|
-
header: {
|
|
1592
|
-
typ: "kb+jwt"
|
|
1593
|
-
},
|
|
1594
|
-
payload: {
|
|
1595
|
-
iat: Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3),
|
|
1596
|
-
sd_hash: sdHash,
|
|
1597
|
-
...nonce && {
|
|
1598
|
-
nonce
|
|
1599
|
-
},
|
|
1600
|
-
...aud && {
|
|
1601
|
-
aud
|
|
1602
|
-
}
|
|
1603
|
-
}
|
|
1604
|
-
};
|
|
1605
|
-
return {
|
|
1606
|
-
...sdJwtCredential,
|
|
1607
|
-
kbJwt
|
|
1608
|
-
};
|
|
1609
|
-
}, "updateSdJwtCredential");
|
|
1610
1669
|
|
|
1611
1670
|
// src/agent/DidAuthSiopOpAuthenticator.ts
|
|
1612
|
-
var
|
|
1671
|
+
var logger5 = import_ssi_types7.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
1613
1672
|
var didAuthSiopOpAuthenticatorMethods = [
|
|
1614
1673
|
"cmGetContacts",
|
|
1615
1674
|
"cmGetContact",
|
|
@@ -1763,7 +1822,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1763
1822
|
hasher: this.hasher
|
|
1764
1823
|
}
|
|
1765
1824
|
}));
|
|
1766
|
-
|
|
1825
|
+
logger5.debug(`session: ${JSON.stringify(session.id, null, 2)}`);
|
|
1767
1826
|
const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
|
|
1768
1827
|
const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
|
|
1769
1828
|
const url = verifiedAuthorizationRequest.responseURI ?? (args.url.includes("request_uri") ? decodeURIComponent(args.url.split("?request_uri=")[1].trim()) : verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id);
|
|
@@ -1842,7 +1901,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1842
1901
|
contactId: contact.id,
|
|
1843
1902
|
identity: addedIdentity
|
|
1844
1903
|
});
|
|
1845
|
-
|
|
1904
|
+
logger5.info(`Contact identity created: ${JSON.stringify(addedIdentity)}`);
|
|
1846
1905
|
}
|
|
1847
1906
|
}
|
|
1848
1907
|
async siopSendResponse(args, context) {
|
|
@@ -1885,7 +1944,7 @@ var DidAuthSiopOpAuthenticator = class {
|
|
|
1885
1944
|
|
|
1886
1945
|
// src/machine/CallbackStateListener.ts
|
|
1887
1946
|
var import_ssi_types8 = require("@sphereon/ssi-types");
|
|
1888
|
-
var
|
|
1947
|
+
var logger6 = import_ssi_types8.Loggers.DEFAULT.options("sphereon:siopv2-oid4vp:op-auth", {
|
|
1889
1948
|
defaultLogLevel: import_ssi_types8.LogLevel.DEBUG,
|
|
1890
1949
|
methods: [
|
|
1891
1950
|
import_ssi_types8.LogMethod.CONSOLE
|
|
@@ -1894,21 +1953,21 @@ var logger5 = import_ssi_types8.Loggers.DEFAULT.options("sphereon:siopv2-oid4vp:
|
|
|
1894
1953
|
var OID4VPCallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
|
|
1895
1954
|
return async (oid4vciMachine, state) => {
|
|
1896
1955
|
if (state._event.type === "internal") {
|
|
1897
|
-
|
|
1956
|
+
logger6.debug("oid4vpCallbackStateListener: internal event");
|
|
1898
1957
|
return;
|
|
1899
1958
|
}
|
|
1900
|
-
|
|
1959
|
+
logger6.info(`VP state listener state: ${JSON.stringify(state.value)}`);
|
|
1901
1960
|
if (!callbacks || callbacks.size === 0) {
|
|
1902
|
-
|
|
1961
|
+
logger6.info(`VP no callbacks registered for state: ${JSON.stringify(state.value)}`);
|
|
1903
1962
|
return;
|
|
1904
1963
|
}
|
|
1905
1964
|
for (const [stateKey, callback] of callbacks) {
|
|
1906
1965
|
if (state.matches(stateKey)) {
|
|
1907
|
-
|
|
1908
|
-
await callback(oid4vciMachine, state).then(() =>
|
|
1909
|
-
|
|
1966
|
+
logger6.log(`VP state callback for state: ${JSON.stringify(state.value)}, will execute...`);
|
|
1967
|
+
await callback(oid4vciMachine, state).then(() => logger6.log(`VP state callback executed for state: ${JSON.stringify(state.value)}`)).catch((error) => {
|
|
1968
|
+
logger6.error(`VP state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`);
|
|
1910
1969
|
if (error.stack) {
|
|
1911
|
-
|
|
1970
|
+
logger6.error(error.stack);
|
|
1912
1971
|
}
|
|
1913
1972
|
});
|
|
1914
1973
|
break;
|
|
@@ -1922,7 +1981,7 @@ var import_ssi_sdk8 = require("@sphereon/ssi-sdk.agent-config");
|
|
|
1922
1981
|
var import_ssi_sdk9 = require("@sphereon/ssi-sdk.core");
|
|
1923
1982
|
var import_ssi_sdk10 = require("@sphereon/ssi-sdk.xstate-machine-persistence");
|
|
1924
1983
|
var import_ssi_types9 = require("@sphereon/ssi-types");
|
|
1925
|
-
var
|
|
1984
|
+
var logger7 = import_ssi_types9.Loggers.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
|
|
1926
1985
|
var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
1927
1986
|
static {
|
|
1928
1987
|
__name(this, "Siopv2OID4VPLinkHandler");
|
|
@@ -1942,7 +2001,7 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
|
1942
2001
|
this.idOpts = args.idOpts;
|
|
1943
2002
|
}
|
|
1944
2003
|
async handle(url, opts) {
|
|
1945
|
-
|
|
2004
|
+
logger7.debug(`handling SIOP link: ${url}`);
|
|
1946
2005
|
const siopv2Machine = await this.context.agent.siopGetMachineInterpreter({
|
|
1947
2006
|
url,
|
|
1948
2007
|
idOpts: opts?.idOpts ?? this.idOpts,
|
|
@@ -1958,10 +2017,10 @@ var Siopv2OID4VPLinkHandler = class extends import_ssi_sdk9.LinkHandlerAdapter {
|
|
|
1958
2017
|
singletonCheck: true,
|
|
1959
2018
|
noRegistration: this.noStateMachinePersistence
|
|
1960
2019
|
});
|
|
1961
|
-
|
|
2020
|
+
logger7.debug(`SIOP machine started for link: ${url}`, init);
|
|
1962
2021
|
} else {
|
|
1963
2022
|
interpreter.start(opts?.machineState);
|
|
1964
|
-
|
|
2023
|
+
logger7.debug(`SIOP machine started for link: ${url}`);
|
|
1965
2024
|
}
|
|
1966
2025
|
}
|
|
1967
2026
|
};
|