@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth 0.34.1-feature.SSISDK.58.host.nonce.endpoint.194 → 0.34.1-feature.SSISDK.62.218

package/dist/index.js

@@ -336,6 +336,7 @@ var plugin_schema_default = {
 import { AuthorizationResponseStateStatus, decodeUriAsJson } from "@sphereon/did-auth-siop";
 import { getAgentResolver as getAgentResolver2 } from "@sphereon/ssi-sdk-ext.did-utils";
 import { shaHasher as defaultHasher2 } from "@sphereon/ssi-sdk.core";
+import { validate as isValidUUID } from "uuid";
 import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
 import { DcqlQuery } from "dcql";
 
@@ -351,7 +352,7 @@ function getRequestVersion(rpOptions) {
   if (Array.isArray(rpOptions.supportedVersions) && rpOptions.supportedVersions.length > 0) {
     return rpOptions.supportedVersions[0];
   }
-  return SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1;
+  return SupportedVersion.OID4VP_v1;
 }
 __name(getRequestVersion, "getRequestVersion");
 function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
@@ -366,6 +367,33 @@ function getWellKnownDIDVerifyCallback(siopIdentifierOpts, context) {
   };
 }
 __name(getWellKnownDIDVerifyCallback, "getWellKnownDIDVerifyCallback");
+function getDcqlQueryLookupCallback(context) {
+  async function dcqlQueryLookup(queryId, version, tenantId) {
+    const result = await context.agent.pdmGetDefinitions({
+      filter: [
+        {
+          queryId,
+          ...tenantId && {
+            tenantId
+          },
+          ...version && {
+            version
+          }
+        },
+        {
+          id: queryId
+        }
+      ]
+    });
+    if (result && result.length > 0) {
+      return result[0].query;
+    }
+    return Promise.reject(Error(`No dcql query found for queryId ${queryId}`));
+  }
+  __name(dcqlQueryLookup, "dcqlQueryLookup");
+  return dcqlQueryLookup;
+}
+__name(getDcqlQueryLookupCallback, "getDcqlQueryLookupCallback");
 function getPresentationVerificationCallback(idOpts, context) {
   async function presentationVerificationCallback(args, presentationSubmission) {
     if (CredentialMapper.isSdJwtEncoded(args)) {
@@ -405,27 +433,8 @@ function getPresentationVerificationCallback(idOpts, context) {
 }
 __name(getPresentationVerificationCallback, "getPresentationVerificationCallback");
 async function createRPBuilder(args) {
-  const { rpOpts, pexOpts, context } = args;
+  const { rpOpts, context } = args;
   const { identifierOpts } = rpOpts;
-  let definition = args.definition;
-  let dcqlQuery = args.dcql;
-  if (!definition && pexOpts && pexOpts.queryId) {
-    const presentationDefinitionItems = await context.agent.pdmGetDefinitions({
-      filter: [
-        {
-          queryId: pexOpts.queryId,
-          version: pexOpts.version,
-          tenantId: pexOpts.tenantId
-        }
-      ]
-    });
-    if (presentationDefinitionItems.length > 0) {
-      const presentationDefinitionItem = presentationDefinitionItems[0];
-      if (!dcqlQuery && presentationDefinitionItem.dcqlPayload) {
-        dcqlQuery = presentationDefinitionItem.dcqlPayload.dcqlQuery;
-      }
-    }
-  }
   const didMethods = identifierOpts.supportedDIDMethods ?? await getAgentDIDMethods(context);
   const eventEmitter = rpOpts.eventEmitter ?? new EventEmitter();
   const defaultClientMetadata = {
@@ -480,16 +489,15 @@ async function createRPBuilder(args) {
   const builder = RP.builder({
     requestVersion: getRequestVersion(rpOpts)
   }).withScope("openid", PropertyTarget.REQUEST_OBJECT).withResponseMode(rpOpts.responseMode ?? ResponseMode.POST).withResponseType(ResponseType.VP_TOKEN, PropertyTarget.REQUEST_OBJECT).withSupportedVersions(rpOpts.supportedVersions ?? [
-    SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
-    SupportedVersion.SIOPv2_ID1,
-    SupportedVersion.SIOPv2_D11
+    SupportedVersion.OID4VP_v1,
+    SupportedVersion.SIOPv2_OID4VP_D28
   ]).withEventEmitter(eventEmitter).withSessionManager(rpOpts.sessionManager ?? new InMemoryRPSessionManager(eventEmitter)).withClientMetadata(rpOpts.clientMetadataOpts ?? defaultClientMetadata, PropertyTarget.REQUEST_OBJECT).withVerifyJwtCallback(rpOpts.verifyJwtCallback ? rpOpts.verifyJwtCallback : getVerifyJwtCallback({
     resolver,
     verifyOpts: {
       wellknownDIDVerifyCallback: getWellKnownDIDVerifyCallback(rpOpts.identifierOpts, context),
       checkLinkedDomain: "if_present"
     }
-  }, context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
+  }, context)).withDcqlQueryLookup(getDcqlQueryLookupCallback(context)).withRevocationVerification(RevocationVerification.NEVER).withPresentationVerification(getPresentationVerificationCallback(identifierOpts.idOpts, context));
   const oidfOpts = identifierOpts.oidfOpts;
   if (oidfOpts && isExternalIdentifierOIDFEntityIdOpts(oidfOpts)) {
     builder.withEntityId(oidfOpts.identifier, PropertyTarget.REQUEST_OBJECT);
@@ -502,9 +510,6 @@ async function createRPBuilder(args) {
   if (hasher) {
     builder.withHasher(hasher);
   }
-  if (dcqlQuery) {
-    builder.withDcqlQuery(dcqlQuery);
-  }
   if (rpOpts.responseRedirectUri) {
     builder.withResponseRedirectUri(rpOpts.responseRedirectUri);
   }
@@ -577,17 +582,16 @@ var RPInstance = class {
     __name(this, "RPInstance");
   }
   _rp;
-  _pexOptions;
+  _presentationOptions;
   _rpOptions;
   constructor({ rpOpts, pexOpts }) {
     this._rpOptions = rpOpts;
-    this._pexOptions = pexOpts;
+    this._presentationOptions = pexOpts;
   }
   async get(context) {
     if (!this._rp) {
       const builder = await createRPBuilder({
         rpOpts: this._rpOptions,
-        pexOpts: this._pexOptions,
         context
       });
       this._rp = builder.build();
@@ -597,20 +601,8 @@ var RPInstance = class {
   get rpOptions() {
     return this._rpOptions;
   }
-  get pexOptions() {
-    return this._pexOptions;
-  }
-  hasDefinition() {
-    return this.definitionId !== void 0;
-  }
-  get definitionId() {
-    return this.pexOptions?.queryId;
-  }
-  async getPresentationDefinition(context) {
-    return this.definitionId ? await context.agent.pexStoreGetDefinition({
-      definitionId: this.definitionId,
-      tenantId: this.pexOptions?.tenantId
-    }) : void 0;
+  get presentationOptions() {
+    return this._presentationOptions;
   }
   async createAuthorizationRequestURI(createArgs, context) {
     const { correlationId, queryId, claims, requestByReferenceURI, responseURI, responseURIType, callback } = createArgs;
@@ -727,6 +719,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestURI(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       responseRedirectURI: createArgs.responseRedirectURI,
       ...createArgs.useQueryIdInstance === true && {
         queryId: createArgs.queryId
@@ -735,6 +728,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async createAuthorizationRequestPayloads(createArgs, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: true,
       queryId: createArgs.queryId
     }, context).then((rp) => rp.createAuthorizationRequest(createArgs, context)).then(async (request) => {
       const authRequest = {
@@ -747,11 +741,13 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopGetRequestState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.getRequestStateByCorrelationId(args.correlationId, args.errorOnNotFound)));
   }
   async siopGetResponseState(args, context) {
     const rpInstance = await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context);
     const authorizationResponseState = await rpInstance.get(context).then((rp) => rp.sessionManager.getResponseStateByCorrelationId(args.correlationId, args.errorOnNotFound));
@@ -809,6 +805,7 @@ var SIOPv2RP = class _SIOPv2RP {
       throw Error(`Only 'authorization_request_created' status is supported for this method at this point`);
     }
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then(async (rp2) => {
       await rp2.signalAuthRequestRetrieved({
@@ -820,6 +817,7 @@ var SIOPv2RP = class _SIOPv2RP {
   }
   async siopDeleteState(args, context) {
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.sessionManager.deleteStateForCorrelationId(args.correlationId))).then(() => true);
   }
@@ -829,6 +827,7 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     const authResponse = typeof args.authorizationResponse === "string" ? decodeUriAsJson(args.authorizationResponse) : args.authorizationResponse;
     return await this.getRPInstance({
+      createWhenNotPresent: false,
       queryId: args.queryId
     }, context).then((rp) => rp.get(context).then((rp2) => rp2.verifyAuthorizationResponse(authResponse, {
       correlationId: args.correlationId,
@@ -873,9 +872,37 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return void 0;
   }
-  async getRPInstance({ queryId, responseRedirectURI }, context) {
-    const instanceId = queryId ?? _SIOPv2RP._DEFAULT_OPTS_KEY;
-    if (!this.instances.has(instanceId)) {
+  async getRPInstance({ createWhenNotPresent, queryId, responseRedirectURI }, context) {
+    let rpInstanceId = _SIOPv2RP._DEFAULT_OPTS_KEY;
+    let rpInstance;
+    if (queryId) {
+      if (this.instances.has(queryId)) {
+        rpInstanceId = queryId;
+        rpInstance = this.instances.get(rpInstanceId);
+      } else if (isValidUUID(queryId)) {
+        try {
+          const pd = await context.agent.pdmGetDefinition({
+            itemId: queryId
+          });
+          if (this.instances.has(pd.queryId)) {
+            rpInstanceId = pd.queryId;
+            rpInstance = this.instances.get(rpInstanceId);
+          }
+        } catch (ignore) {
+        }
+      }
+      if (createWhenNotPresent) {
+        rpInstanceId = queryId;
+      } else {
+        rpInstance = this.instances.get(rpInstanceId);
+      }
+    } else {
+      rpInstance = this.instances.get(rpInstanceId);
+    }
+    if (!rpInstance) {
+      if (!createWhenNotPresent) {
+        return Promise.reject(`No RP instance found for key ${rpInstanceId}`);
+      }
       const instanceOpts = this.getInstanceOpts(queryId);
       const rpOpts = await this.getRPOptions(context, {
         queryId,
@@ -897,12 +924,12 @@ var SIOPv2RP = class _SIOPv2RP {
           resolverResolution: true
         });
       }
-      this.instances.set(instanceId, new RPInstance({
+      rpInstance = new RPInstance({
         rpOpts,
         pexOpts: instanceOpts
-      }));
+      });
+      this.instances.set(rpInstanceId, rpInstance);
     }
-    const rpInstance = this.instances.get(instanceId);
     if (responseRedirectURI) {
       rpInstance.rpOptions.responseRedirectUri = responseRedirectURI;
     }
@@ -944,20 +971,20 @@ var SIOPv2RP = class _SIOPv2RP {
     }
     return options;
   }
-  getInstanceOpts(definitionId) {
+  getInstanceOpts(queryId) {
     if (!this.opts.instanceOpts) return void 0;
-    const instanceOpt = definitionId ? this.opts.instanceOpts.find((i) => i.queryId === definitionId) : void 0;
-    return instanceOpt ?? this.getDefaultOptions(definitionId);
+    const instanceOpt = queryId ? this.opts.instanceOpts.find((i) => i.queryId === queryId) : void 0;
+    return instanceOpt ?? this.getDefaultOptions(queryId);
   }
-  getDefaultOptions(definitionId) {
+  getDefaultOptions(queryId) {
     if (!this.opts.instanceOpts) return void 0;
     const defaultOptions = this.opts.instanceOpts.find((i) => i.queryId === "default");
     if (defaultOptions) {
       const clonedOptions = {
         ...defaultOptions
       };
-      if (definitionId !== void 0) {
-        clonedOptions.queryId = definitionId;
+      if (queryId !== void 0) {
+        clonedOptions.queryId = queryId;
       }
       return clonedOptions;
     }