npm - @sphereon/ssi-sdk.siopv2-oid4vp-op-auth - Versions diffs - 0.34.1-fix.226 → 0.34.1-fix.254 - Mend

@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.34.1-fix.226 → 0.34.1-fix.254

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.cjs +55 -12
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +46 -3
package/dist/index.js.map +1 -1
package/package.json +22 -22
package/src/agent/DidAuthSiopOpAuthenticator.ts +1 -1
package/src/machine/Siopv2Machine.ts +1 -1
package/src/services/Siopv2MachineService.ts +56 -3
package/src/session/OID4VP.ts +183 -184
package/src/types/IDidAuthSiopOpAuthenticator.ts +1 -1
package/src/types/machine/index.ts +1 -1
package/src/types/siop-service/index.ts +11 -7

package/dist/index.d.cts CHANGED Viewed

@@ -5,7 +5,7 @@ import { DIDDocument } from '@sphereon/did-uni-client';
 import { ManagedIdentifierOptsOrResult, IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution';
 import { JwsPayload, IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { UniqueDigitalCredential, ICredentialStore } from '@sphereon/ssi-sdk.credential-store';
-import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store';
+import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store-types';
 import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
 import { HasherSync, PresentationSubmission, W3CVerifiablePresentation, OriginalVerifiableCredential } from '@sphereon/ssi-types';
@@ -533,7 +533,7 @@ type OnContactIdentityCreatedArgs = {
 type OnIdentifierCreatedArgs = {
     identifier: IIdentifier;
 };
-type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding>;
+type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding & ISDJwtPlugin>;
 type Siopv2MachineContext = {
     url: string;

package/dist/index.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { DIDDocument } from '@sphereon/did-uni-client';
 import { ManagedIdentifierOptsOrResult, IIdentifierResolution } from '@sphereon/ssi-sdk-ext.identifier-resolution';
 import { JwsPayload, IJwtService } from '@sphereon/ssi-sdk-ext.jwt-service';
 import { UniqueDigitalCredential, ICredentialStore } from '@sphereon/ssi-sdk.credential-store';
-import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store';
+import { ICredentialLocaleBranding, Party, DidAuthConfig, Identity } from '@sphereon/ssi-sdk.data-store-types';
 import { IPDManager } from '@sphereon/ssi-sdk.pd-manager';
 import { ISDJwtPlugin } from '@sphereon/ssi-sdk.sd-jwt';
 import { HasherSync, PresentationSubmission, W3CVerifiablePresentation, OriginalVerifiableCredential } from '@sphereon/ssi-types';
@@ -533,7 +533,7 @@ type OnContactIdentityCreatedArgs = {
 type OnIdentifierCreatedArgs = {
     identifier: IIdentifier;
 };
-type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding>;
+type RequiredContext = IAgentContext<IContactManager & IDidAuthSiopOpAuthenticator & IDIDManager & IResolver & IIdentifierResolution & ICredentialStore & IIssuanceBranding & ISDJwtPlugin>;
 type Siopv2MachineContext = {
     url: string;

package/dist/index.js CHANGED Viewed

@@ -367,7 +367,7 @@ var plugin_schema_default = {
 // src/agent/DidAuthSiopOpAuthenticator.ts
 import { decodeUriAsJson } from "@sphereon/did-auth-siop";
-import { ConnectionType as ConnectionType2, CorrelationIdentifierType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
+import { ConnectionType as ConnectionType2, CorrelationIdentifierType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store-types";
 import { Loggers as Loggers4, CredentialRole as CredentialRole2 } from "@sphereon/ssi-types";
 import { v4 as uuidv4 } from "uuid";
@@ -1287,11 +1287,13 @@ var Siopv2Machine = class {
 };
 // src/services/Siopv2MachineService.ts
+import { calculateSdHash } from "@sphereon/pex/dist/main/lib/utils/index.js";
 import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
 import { isOID4VCIssuerIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
 import { encodeJoseBlob } from "@sphereon/ssi-sdk.core";
 import { verifiableCredentialForRoleFilter } from "@sphereon/ssi-sdk.credential-store";
-import { ConnectionType } from "@sphereon/ssi-sdk.data-store";
+import { ConnectionType } from "@sphereon/ssi-sdk.data-store-types";
+import { defaultGenerateDigest } from "@sphereon/ssi-sdk.sd-jwt";
 import { CredentialMapper as CredentialMapper3, CredentialRole, Loggers as Loggers3 } from "@sphereon/ssi-types";
 import { DcqlPresentation, DcqlQuery } from "dcql";
@@ -1333,6 +1335,7 @@ function convertToDcqlCredentials(credential, hasher) {
 __name(convertToDcqlCredentials, "convertToDcqlCredentials");
 // src/services/Siopv2MachineService.ts
+var CLOCK_SKEW = 120;
 var logger3 = Loggers3.DEFAULT.get(LOGGER_NAMESPACE);
 var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
   const { agent } = context;
@@ -1413,8 +1416,23 @@ var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType
       if (!originalVc) {
         continue;
       }
+      const decodedSdJwt = await CredentialMapper3.decodeSdJwtVcAsync(originalVc, defaultGenerateDigest);
+      const updatedSdJwt = updateSdJwtCredential(decodedSdJwt, request.requestObject?.getPayload()?.nonce, domain);
+      const presentationResult = await context.agent.createSdJwtPresentation({
+        presentation: updatedSdJwt.compactSdJwtVc,
+        kb: {
+          payload: {
+            ...updatedSdJwt.kbJwt?.payload,
+            // FIXME SSISDK-44
+            nonce: updatedSdJwt.kbJwt?.payload.nonce ?? request.requestObject.getPayload().nonce,
+            // FIXME SSISDK-44
+            aud: updatedSdJwt.kbJwt?.payload.aud ?? domain,
+            iat: updatedSdJwt.kbJwt?.payload?.iat ?? Math.floor(Date.now() / 1e3 - CLOCK_SKEW)
+          }
+        }
+      });
       if (originalVc) {
-        presentation[key] = originalVc;
+        presentation[key] = presentationResult.presentation;
       }
     }
   }
@@ -1507,6 +1525,31 @@ var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId,
   }
   return contacts[0].contact.displayName;
 }, "translateCorrelationIdToName");
+var updateSdJwtCredential = /* @__PURE__ */ __name((credential, nonce, aud) => {
+  const sdJwtCredential = credential;
+  const hashAlg = sdJwtCredential.signedPayload._sd_alg ?? "sha-256";
+  const sdHash = calculateSdHash(sdJwtCredential.compactSdJwtVc, hashAlg, defaultGenerateDigest);
+  const kbJwt = {
+    // alg MUST be set by the signer
+    header: {
+      typ: "kb+jwt"
+    },
+    payload: {
+      iat: Math.floor((/* @__PURE__ */ new Date()).getTime() / 1e3),
+      sd_hash: sdHash,
+      ...nonce && {
+        nonce
+      },
+      ...aud && {
+        aud
+      }
+    }
+  };
+  return {
+    ...sdJwtCredential,
+    kbJwt
+  };
+}, "updateSdJwtCredential");
 // src/agent/DidAuthSiopOpAuthenticator.ts
 var logger4 = Loggers4.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);