From 5fdbd6597ce1fa00ba914e56810fc3f4f8ec06b8 Mon Sep 17 00:00:00 2001 From: Niels Klomp Date: Fri, 14 Jun 2024 10:42:05 +0200 Subject: [PATCH] feat: implement Oid4VP authorization token support --- .../ebsiAuthorizationClientrAgentLogic.ts | 12 +- packages/ebsi-authorization-client/agent.yml | 11 + .../ebsi-authorization-client/package.json | 13 +- .../plugin.schema.json | 209 ++++++++++---- .../src/agent/EBSIAuthorizationClient.ts | 264 +++++++++++------- .../src/types/IEBSIAuthorizationClient.ts | 33 ++- .../presentation-exchange/src/functions.ts | 31 +- packages/siopv2-oid4vp-op-auth/agent.yml | 2 +- .../src/session/OID4VP.ts | 4 +- .../src/session/OpSession.ts | 14 +- .../src/session/functions.ts | 4 +- .../src/types/IDidAuthSiopOpAuthenticator.ts | 1 + packages/ssi-types/__tests__/logging.test.ts | 7 +- pnpm-lock.yaml | 152 +++++++--- 14 files changed, 508 insertions(+), 249 deletions(-) diff --git a/packages/ebsi-authorization-client/__tests__/shared/ebsiAuthorizationClientrAgentLogic.ts b/packages/ebsi-authorization-client/__tests__/shared/ebsiAuthorizationClientrAgentLogic.ts index 2dc016443..4b5a37a77 100644 --- a/packages/ebsi-authorization-client/__tests__/shared/ebsiAuthorizationClientrAgentLogic.ts +++ b/packages/ebsi-authorization-client/__tests__/shared/ebsiAuthorizationClientrAgentLogic.ts @@ -11,7 +11,7 @@ import { fetch } from 'cross-fetch' import express, { Application, NextFunction, Request, Response } from 'express' import { importJWK, JWK, SignJWT } from 'jose' import * as http from 'node:http' -import { EBSIScope, IEBSIAuthorizationClient, ScopeByDefinition } from '../../src' +import { EbsiEnvironment, IEBSIAuthorizationClient, ScopeByDefinition } from '../../src' type ConfiguredAgent = TAgent @@ -241,12 +241,12 @@ export default (testContext: { getAgent: () => ConfiguredAgent; setup: () => Pro }) .sign(importedJwk) console.log(`URL: ${url}&request=${urlWithRequest}`) - const result = await fetch(`${url}&request=${urlWithRequest}`) - console.log(await result.text()) + /* const result = await fetch(`${url}&request=${urlWithRequest}`) + console.log(await result.text())*/ }) it.skip('Should retrieve the discovery metadata', async () => { - await expect(agent.ebsiAuthASDiscoveryMetadataGet()).resolves.toEqual({ + await expect(agent.ebsiAuthASDiscoveryMetadataGet({ environment: EbsiEnvironment.PILOT })).resolves.toEqual({ authorization_endpoint: 'https://api-pilot.ebsi.eu/authorisation/v4/authorize', grant_types_supported: ['vp_token'], id_token_signing_alg_values_supported: ['none'], @@ -304,7 +304,7 @@ export default (testContext: { getAgent: () => ConfiguredAgent; setup: () => Pro }) it.skip('should retrieve the presentation definition to onboard', async () => { - await expect(agent.ebsiAuthPresentationDefinitionGet({ scope: EBSIScope.didr_invite })).resolves.toEqual({ + await expect(agent.ebsiAuthPresentationDefinitionGet({ scope: 'didr_invite' })).resolves.toEqual({ format: { jwt_vp: { alg: ['ES256', 'ES256K'], @@ -352,7 +352,7 @@ export default (testContext: { getAgent: () => ConfiguredAgent; setup: () => Pro definitionId: ScopeByDefinition.didr_invite_presentation, did: identifier.did, kid: `${identifier.did}#${id.keys[1].kid}`, - scope: EBSIScope.didr_invite, + scope: 'didr_invite', }), ).resolves.toEqual({}) }) diff --git a/packages/ebsi-authorization-client/agent.yml b/packages/ebsi-authorization-client/agent.yml index 4a080ef41..99e1aa468 100644 --- a/packages/ebsi-authorization-client/agent.yml +++ b/packages/ebsi-authorization-client/agent.yml @@ -121,4 +121,15 @@ agent: plugins: - $ref: /keyManager - $ref: /didManager + - $require: '@veramo/data-store#DataStore' + $args: + - $ref: /dbConnection + - $require: '@veramo/data-store#DataStoreORM' + $args: + - $ref: /dbConnection + - $require: '@veramo/credential-w3c#CredentialPlugin' - $require: './packages/ebsi-authorization-client/dist#EBSIAuthorizationClient' + - $require: ./packages/presentation-exchange/dist#PresentationExchange + - $require: ./packages/siopv2-oid4vp-op-auth/dist#DidAuthSiopOpAuthenticator +# $args: +# - presentationSignCallback: { } diff --git a/packages/ebsi-authorization-client/package.json b/packages/ebsi-authorization-client/package.json index 6074f256d..feb4128cd 100644 --- a/packages/ebsi-authorization-client/package.json +++ b/packages/ebsi-authorization-client/package.json @@ -18,6 +18,7 @@ "@sphereon/did-auth-siop": "0.6.4", "@sphereon/pex": "^3.3.3", "@sphereon/pex-models": "^2.2.4", + "@sphereon/ssi-sdk.presentation-exchange": "workspace:*", "@sphereon/ssi-sdk.oid4vci-holder": "workspace:*", "@sphereon/ssi-sdk.siopv2-oid4vp-op-auth": "workspace:*", "@sphereon/ssi-types": "workspace:*", @@ -28,12 +29,12 @@ "uuidv4": "^6.2.13" }, "devDependencies": { - "@sphereon/oid4vci-client": "0.10.3", - "@sphereon/oid4vci-common": "0.10.3", - "@sphereon/ssi-sdk-ext.did-provider-ebsi": "^0.18.2", - "@sphereon/ssi-sdk-ext.key-manager": "^0.18.2", - "@sphereon/ssi-sdk-ext.key-utils": "0.19.0", - "@sphereon/ssi-sdk-ext.kms-local": "^0.18.2", + "@sphereon/oid4vci-client": "0.10.4-next.31", + "@sphereon/oid4vci-common": "0.10.4-next.31", + "@sphereon/ssi-sdk-ext.did-provider-ebsi": "0.20.1-unstable.3", + "@sphereon/ssi-sdk-ext.key-manager": "0.20.1-unstable.3", + "@sphereon/ssi-sdk-ext.key-utils": "0.20.1-unstable.3", + "@sphereon/ssi-sdk-ext.kms-local": "0.20.1-unstable.3", "@sphereon/ssi-sdk.agent-config": "workspace:*", "@transmute/json-web-signature": "0.7.0-unstable.81", "@types/express": "^4.17.21", diff --git a/packages/ebsi-authorization-client/plugin.schema.json b/packages/ebsi-authorization-client/plugin.schema.json index 5e1add342..66ae26a7c 100644 --- a/packages/ebsi-authorization-client/plugin.schema.json +++ b/packages/ebsi-authorization-client/plugin.schema.json @@ -11,9 +11,6 @@ "definitionId": { "$ref": "#/components/schemas/ScopeByDefinition" }, - "domain": { - "type": "string" - }, "did": { "type": "string" }, @@ -27,11 +24,26 @@ "$ref": "#/components/schemas/ApiOpts" } }, - "required": ["vc", "definitionId", "did", "kid", "scope"] + "required": [ + "vc", + "definitionId", + "did", + "kid", + "scope" + ] }, "ScopeByDefinition": { "type": "string", - "enum": ["didr_invite", "didr_write", "tir_invite", "tir_write", "timestamp_write", "tnt_authorise", "tnt_create", "tnt_write"] + "enum": [ + "didr_invite", + "didr_write", + "tir_invite", + "tir_write", + "timestamp_write", + "tnt_authorise", + "tnt_create", + "tnt_write" + ] }, "EBSIScope": { "type": "string", @@ -61,7 +73,12 @@ }, "EbsiEnvironment": { "type": "string", - "enum": ["pilot", "conformance", "mock", "issuer"], + "enum": [ + "pilot", + "conformance", + "mock", + "issuer" + ], "description": "Environment" }, "GetAccessTokenResponse": { @@ -96,7 +113,12 @@ "$ref": "#/components/schemas/ApiOpts" } }, - "required": ["access_token", "token_type", "scope", "id_token"] + "required": [ + "access_token", + "token_type", + "scope", + "id_token" + ] }, "TokenType": { "type": "string", @@ -123,14 +145,7 @@ } }, "GetOIDProviderMetadataResponse": { - "anyOf": [ - { - "$ref": "#/components/schemas/EBSIOIDMetadata" - }, - { - "$ref": "#/components/schemas/ExceptionResponse" - } - ] + "$ref": "#/components/schemas/EBSIOIDMetadata" }, "EBSIOIDMetadata": { "anyOf": [ @@ -1279,47 +1294,94 @@ }, "Schema": { "type": "string", - "enum": ["openid:", "openid-vc:"] + "enum": [ + "openid:", + "openid-vc:" + ] }, "ResponseIss": { "type": "string", - "enum": ["https://self-issued.me", "https://self-issued.me/v2", "https://self-issued.me/v2/openid-vc"] + "enum": [ + "https://self-issued.me", + "https://self-issued.me/v2", + "https://self-issued.me/v2/openid-vc" + ] }, "ResponseType": { "type": "string", - "enum": ["id_token", "vp_token"] + "enum": [ + "id_token", + "vp_token" + ] }, "Scope": { "type": "string", - "enum": ["openid", "openid did_authn", "profile", "email", "address", "phone"] + "enum": [ + "openid", + "openid did_authn", + "profile", + "email", + "address", + "phone" + ] }, "SubjectType": { "type": "string", - "enum": ["public", "pairwise"] + "enum": [ + "public", + "pairwise" + ] }, "SigningAlgo": { "type": "string", - "enum": ["EdDSA", "RS256", "PS256", "ES256", "ES256K"] + "enum": [ + "EdDSA", + "RS256", + "PS256", + "ES256", + "ES256K" + ] }, "ResponseMode": { "type": "string", - "enum": ["fragment", "form_post", "post", "direct_post", "query"] + "enum": [ + "fragment", + "form_post", + "post", + "direct_post", + "query" + ] }, "GrantType": { "type": "string", - "enum": ["authorization_code", "implicit"] + "enum": [ + "authorization_code", + "implicit" + ] }, "AuthenticationContextReferences": { "type": "string", - "enum": ["phr", "phrh"] + "enum": [ + "phr", + "phrh" + ] }, "TokenEndpointAuthMethod": { "type": "string", - "enum": ["client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt"] + "enum": [ + "client_secret_post", + "client_secret_basic", + "client_secret_jwt", + "private_key_jwt" + ] }, "ClaimType": { "type": "string", - "enum": ["normal", "aggregated", "distributed"] + "enum": [ + "normal", + "aggregated", + "distributed" + ] }, "Format": { "type": "object", @@ -1372,7 +1434,9 @@ } } }, - "required": ["alg"] + "required": [ + "alg" + ] }, "LdpObject": { "type": "object", @@ -1384,7 +1448,9 @@ } } }, - "required": ["proof_type"] + "required": [ + "proof_type" + ] }, "DiObject": { "type": "object", @@ -1402,7 +1468,10 @@ } } }, - "required": ["proof_type", "cryptosuite"] + "required": [ + "proof_type", + "cryptosuite" + ] }, "SdJwtObject": { "type": "object", @@ -1423,7 +1492,10 @@ }, "IdTokenType": { "type": "string", - "enum": ["subject_signed", "attester_signed"] + "enum": [ + "subject_signed", + "attester_signed" + ] }, "GetOIDProviderJwksResponse": { "anyOf": [ @@ -1445,7 +1517,9 @@ } } }, - "required": ["keys"] + "required": [ + "keys" + ] }, "JWK": { "type": "object", @@ -1563,17 +1637,12 @@ "$ref": "#/components/schemas/ApiOpts" } }, - "required": ["scope"] + "required": [ + "scope" + ] }, "GetPresentationDefinitionResponse": { - "anyOf": [ - { - "$ref": "#/components/schemas/GetPresentationDefinitionSuccessResponse" - }, - { - "$ref": "#/components/schemas/ExceptionResponse" - } - ] + "$ref": "#/components/schemas/GetPresentationDefinitionSuccessResponse" }, "GetPresentationDefinitionSuccessResponse": { "type": "object", @@ -1606,7 +1675,10 @@ "type": "object" } }, - "required": ["id", "input_descriptors"] + "required": [ + "id", + "input_descriptors" + ] }, "SubmissionRequirement": { "type": "object", @@ -1639,11 +1711,16 @@ } } }, - "required": ["rule"] + "required": [ + "rule" + ] }, "Rules": { "type": "string", - "enum": ["all", "pick"] + "enum": [ + "all", + "pick" + ] }, "InputDescriptorV2": { "type": "object", @@ -1676,7 +1753,10 @@ "$ref": "#/components/schemas/ConstraintsV2" } }, - "required": ["id", "constraints"] + "required": [ + "id", + "constraints" + ] }, "Issuance": { "type": "object", @@ -1721,7 +1801,10 @@ }, "Optionality": { "type": "string", - "enum": ["required", "preferred"] + "enum": [ + "required", + "preferred" + ] }, "Statuses": { "type": "object", @@ -1747,7 +1830,11 @@ }, "Directives": { "type": "string", - "enum": ["required", "allowed", "disallowed"] + "enum": [ + "required", + "allowed", + "disallowed" + ] }, "FieldV2": { "type": "object", @@ -1777,7 +1864,9 @@ "type": "boolean" } }, - "required": ["path"] + "required": [ + "path" + ] }, "FilterV2": { "type": "object", @@ -1840,13 +1929,22 @@ "$ref": "#/components/schemas/FilterV2BaseItems" } }, - "required": ["type"] + "required": [ + "type" + ] }, "OneOfNumberStringBoolean": { - "type": ["boolean", "number", "string"] + "type": [ + "boolean", + "number", + "string" + ] }, "OneOfNumberString": { - "type": ["number", "string"] + "type": [ + "number", + "string" + ] }, "FilterV2Base": { "type": "object", @@ -1971,7 +2069,9 @@ "$ref": "#/components/schemas/FilterV2BaseItems" } }, - "required": ["type"] + "required": [ + "type" + ] }, "HolderSubject": { "type": "object", @@ -1986,7 +2086,10 @@ "$ref": "#/components/schemas/Optionality" } }, - "required": ["field_id", "directive"] + "required": [ + "field_id", + "directive" + ] } }, "methods": { @@ -2029,4 +2132,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/ebsi-authorization-client/src/agent/EBSIAuthorizationClient.ts b/packages/ebsi-authorization-client/src/agent/EBSIAuthorizationClient.ts index 7eec65c52..af2db57d7 100644 --- a/packages/ebsi-authorization-client/src/agent/EBSIAuthorizationClient.ts +++ b/packages/ebsi-authorization-client/src/agent/EBSIAuthorizationClient.ts @@ -1,123 +1,173 @@ -import { IAgentPlugin } from '@veramo/core' -import { ApiOpts, EBSIAuthAccessTokenGetArgs, EbsiEnvironment, EBSIOIDMetadata, EBSIScope, IRequiredContext, schema } from '../index' import { - ExceptionResponse, - GetAccessTokenArgs, - GetAccessTokenResponse, - GetOIDProviderJwksResponse, - GetOIDProviderMetadataResponse, - GetPresentationDefinitionArgs, - GetPresentationDefinitionResponse, - IEBSIAuthorizationClient, -} from '../types/IEBSIAuthorizationClient' + CheckLinkedDomain, + PresentationDefinitionLocation, + PresentationDefinitionWithLocation, + SupportedVersion +} from '@sphereon/did-auth-siop' +import {CredentialMapper} from '@sphereon/ssi-types' +import {IAgentPlugin} from '@veramo/core' import fetch from 'cross-fetch' +import { + ApiOpts, + EBSIAuthAccessTokenGetArgs, + EbsiEnvironment, + EBSIOIDMetadata, + GetPresentationDefinitionSuccessResponse, + IRequiredContext, + schema, +} from '../index' +import { + ExceptionResponse, + GetAccessTokenArgs, + GetAccessTokenResponse, + GetOIDProviderJwksResponse, + GetOIDProviderMetadataResponse, + GetPresentationDefinitionArgs, + GetPresentationDefinitionResponse, + IEBSIAuthorizationClient, +} from '../types/IEBSIAuthorizationClient' //const encodeBase64url = (input: string): string => u8a.toString(u8a.fromString(input), 'base64url') export class EBSIAuthorizationClient implements IAgentPlugin { - readonly schema = schema.IEBSIAuthorizationClient - readonly methods: IEBSIAuthorizationClient = { - ebsiAuthASDiscoveryMetadataGet: this.ebsiAuthASDiscoveryMetadataGet.bind(this), - ebsiAuthASJwksGet: this.ebsiAuthASJwksGet.bind(this), - ebsiAuthPresentationDefinitionGet: this.ebsiAuthPresentationDefinitionGet.bind(this), - ebsiAuthAccessTokenGet: this.ebsiAuthAccessTokenGet.bind(this), - } + readonly schema = schema.IEBSIAuthorizationClient + readonly methods: IEBSIAuthorizationClient = { + ebsiAuthASDiscoveryMetadataGet: this.ebsiAuthASDiscoveryMetadataGet.bind(this), + ebsiAuthASJwksGet: this.ebsiAuthASJwksGet.bind(this), + ebsiAuthPresentationDefinitionGet: this.ebsiAuthPresentationDefinitionGet.bind(this), + ebsiAuthAccessTokenGet: this.ebsiAuthAccessTokenGet.bind(this), + } + + private async ebsiAuthASDiscoveryMetadataGet(args?: ApiOpts): Promise { + const url = await this.getDiscoveryEndpoint(args) + return await ( + await fetch(url, { + method: 'GET', + headers: { + Accept: 'application/json', + }, + }) + ).json() + } + + private async ebsiAuthASJwksGet(args?: ApiOpts): Promise { + const discoveryMetadata: EBSIOIDMetadata = await this.ebsiAuthASDiscoveryMetadataGet(args) + return await ( + await fetch(`${discoveryMetadata.jwks_uri}`, { + method: 'GET', + headers: { + Accept: 'application/jwk-set+json', + }, + }) + ).json() + } - private async ebsiAuthASDiscoveryMetadataGet(args?: ApiOpts): Promise { - const url = await this.getDiscoveryEndpoint(args) - return await ( - await fetch(url, { - method: 'GET', - headers: { - Accept: 'application/json', - }, - }) - ).json() - } + private async ebsiAuthPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise { + const {scope, apiOpts} = args + const discoveryMetadata: EBSIOIDMetadata = await this.ebsiAuthASDiscoveryMetadataGet(apiOpts) + return (await ( + await fetch(`${discoveryMetadata.presentation_definition_endpoint}?scope=openid%20${scope}`, { + method: 'GET', + headers: { + Accept: 'application/json', + }, + }) + ).json()) satisfies GetPresentationDefinitionSuccessResponse + } - private async ebsiAuthASJwksGet(args?: ApiOpts): Promise { - const discoveryMetadata: EBSIOIDMetadata = await this.ebsiAuthASDiscoveryMetadataGet(args) - return await ( - await fetch(`${discoveryMetadata.jwks_uri}`, { - method: 'GET', - headers: { - Accept: 'application/jwk-set+json', - }, - }) - ).json() - } + private async ebsiAuthAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise { + const {vc, scope, kid, did, definitionId, apiOpts} = args + console.log(vc, scope, kid, did, definitionId) + const metadataResponse = await this.ebsiAuthASDiscoveryMetadataGet(args.apiOpts) + const definitionResponse = await this.ebsiAuthPresentationDefinitionGet(args) + const pexResult = await context.agent.pexDefinitionFilterCredentials({ + presentationDefinition: definitionResponse, + credentialFilterOpts: {verifiableCredentials: [vc]}, + }) + const definition = { + definition: definitionResponse, + location: PresentationDefinitionLocation.TOPLEVEL_PRESENTATION_DEF, + version: SupportedVersion.SIOPv2_D11, + } satisfies PresentationDefinitionWithLocation + const opSesssion = await context.agent.siopRegisterOPSession({ + requestJwtOrUri: '', // Siop assumes we use an auth request, which we don't have in this case + op: {checkLinkedDomains: CheckLinkedDomain.NEVER}, + providedPresentationDefinitions: [definition], + }) + const oid4vp = await opSesssion.getOID4VP([did]) + const vp = await oid4vp.createVerifiablePresentation( + {definition, credentials: pexResult.filteredCredentials}, + { + proofOpts: {domain: metadataResponse.issuer, nonce: Date().toString()}, + holderDID: did, + identifierOpts: {identifier: did, kid}, + skipDidResolution: scope === 'didr_invite' + }, + ) - private async ebsiAuthPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise { - const { scope, apiOpts } = args - const discoveryMetadata: EBSIOIDMetadata = await this.ebsiAuthASDiscoveryMetadataGet(apiOpts) - const ebsiScope = Object.keys(EBSIScope)[Object.values(EBSIScope).indexOf(scope)] - return await ( - await fetch(`${discoveryMetadata.presentation_definition_endpoint}?scope=openid%20${ebsiScope}`, { - method: 'GET', - headers: { - Accept: 'application/json', - }, - }) - ).json() - } + const accessToken = await this.getAccessTokenResponse({ + grant_type: 'vp_token', + vp_token: CredentialMapper.toCompactJWT(vp.verifiablePresentation), + scope, + presentation_submission: vp.presentationSubmission, + apiOpts, + }) //FIXME - private async ebsiAuthAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise { - const { vc, domain, scope, kid, did, definitionId, apiOpts } = args - console.log(vc, domain, scope, kid, did, definitionId) - return this.getAccessToken({ grant_type: 'vp_token', vp_token: '', scope, presentation_submission: {} as any, apiOpts }) //FIXME - // - // - // const metadataResponse = await this.ebsiAuthASDiscoveryMetadataGet() - // if ('status' in metadataResponse) { - // throw Error(JSON.stringify(metadataResponse)) - // } - // - // const tokenResponse = await this.getAccessToken({ - // grant_type: 'vp_token', - // vp_token: vpJwt.verifiablePresentation as CompactJWT, - // presentation_submission: vpJwt.presentationSubmission, - // scope, - // }) - // if ('status' in tokenResponse) { - // throw new Error(JSON.stringify(tokenResponse)) - // } - } + console.log(JSON.stringify(accessToken)) + return accessToken + // + // + // const metadataResponse = await this.ebsiAuthASDiscoveryMetadataGet() + // if ('status' in metadataResponse) { + // throw Error(JSON.stringify(metadataResponse)) + // } + // + // const tokenResponse = await this.getAccessToken({ + // grant_type: 'vp_token', + // vp_token: vpJwt.verifiablePresentation as CompactJWT, + // presentation_submission: vpJwt.presentationSubmission, + // scope, + // }) + // if ('status' in tokenResponse) { + // throw new Error(JSON.stringify(tokenResponse)) + // } + } - private async getAccessToken(args: GetAccessTokenArgs): Promise { - const { grant_type = 'vp_token', scope, vp_token, presentation_submission, apiOpts } = args - const discoveryMetadata: EBSIOIDMetadata = await this.ebsiAuthASDiscoveryMetadataGet(apiOpts) - return await ( - await fetch(`${discoveryMetadata.token_endpoint}`, { - method: 'POST', - headers: { - ContentType: 'application/x-www-form-urlencoded', - Accept: 'application/json', - }, - body: new URLSearchParams({ - grant_type, - scope: `openid ${scope}`, - vp_token, - presentation_submission: JSON.stringify(presentation_submission), - }), - }) - ).json() - } + private async getAccessTokenResponse(args: GetAccessTokenArgs): Promise { + const {grant_type = 'vp_token', scope, vp_token, presentation_submission, apiOpts} = args + const discoveryMetadata: EBSIOIDMetadata = await this.ebsiAuthASDiscoveryMetadataGet(apiOpts) + return await ( + await fetch(`${discoveryMetadata.token_endpoint}`, { + method: 'POST', + headers: { + ContentType: 'application/x-www-form-urlencoded', + Accept: 'application/json', + }, + body: new URLSearchParams({ + grant_type, + scope: `openid ${scope}`, + vp_token, + presentation_submission: JSON.stringify(presentation_submission), + }), + }) + ).json() + } - private async getUrl(args?: { environment?: EbsiEnvironment; version?: string }): Promise { - const { environment, version } = args ?? { environment: EbsiEnvironment.CONFORMANCE, version: 'v3' } - if (environment === EbsiEnvironment.MOCK) { - return `https://api-conformance.ebsi.eu/conformance/${version}/auth-mock` - } else if (environment === EbsiEnvironment.ISSUER) { - return `https://api-conformance.ebsi.eu/conformance/${version}/issuer-mock` + private async getUrl(args?: { environment?: EbsiEnvironment; version?: string }): Promise { + const {environment, version} = args ?? {environment: EbsiEnvironment.CONFORMANCE, version: 'v3'} + if (environment === EbsiEnvironment.MOCK) { + return `https://api-conformance.ebsi.eu/conformance/${version}/auth-mock` + } else if (environment === EbsiEnvironment.ISSUER) { + return `https://api-conformance.ebsi.eu/conformance/${version}/issuer-mock` + } + return `https://api-${environment}.ebsi.eu/authorisation/${version}` } - return `https://api-${environment}.ebsi.eu/authorisation/${version}` - } - private async getDiscoveryEndpoint(args?: ApiOpts): Promise { - const { environment, version } = args ?? { environment: EbsiEnvironment.CONFORMANCE, version: 'v3' } - if (environment === EbsiEnvironment.ISSUER) { - return `${await this.getUrl({ environment, version })}/.well-known/openid-credential-issuer` + private async getDiscoveryEndpoint(args?: ApiOpts): Promise { + const {environment, version} = {environment: EbsiEnvironment.CONFORMANCE, version: 'v4', ...args} + if (environment === EbsiEnvironment.ISSUER) { + return `${await this.getUrl({environment, version})}/.well-known/openid-credential-issuer` + } + return `${await this.getUrl({environment, version})}/.well-known/openid-configuration` } - return `${await this.getUrl({ environment, version })}/.well-known/openid-configuration` - } } diff --git a/packages/ebsi-authorization-client/src/types/IEBSIAuthorizationClient.ts b/packages/ebsi-authorization-client/src/types/IEBSIAuthorizationClient.ts index 095d89654..f78f8368b 100644 --- a/packages/ebsi-authorization-client/src/types/IEBSIAuthorizationClient.ts +++ b/packages/ebsi-authorization-client/src/types/IEBSIAuthorizationClient.ts @@ -1,3 +1,4 @@ +import { IPresentationExchange } from '@sphereon/ssi-sdk.presentation-exchange' import { IAgentContext, IDIDManager, IKeyManager, IPluginMethodMap } from '@veramo/core' import { Format, PresentationDefinitionV2 } from '@sphereon/pex-models' import { DiscoveryMetadataPayload, JWK } from '@sphereon/did-auth-siop' @@ -12,6 +13,7 @@ import { PresentationSubmission } from '@sphereon/ssi-types' export enum EbsiEnvironment { PILOT = 'pilot', CONFORMANCE = 'conformance', + // FIXME: How are these all of sudden 'environments'!!! MOCK = 'mock', ISSUER = 'issuer', } @@ -21,17 +23,16 @@ export enum EbsiEnvironment { * @readonly * @enum {string} */ -export enum EBSIScope { - didr_write = 'didr_write', - didr_invite = 'didr_invite', - tir_write = 'tir_write', - tir_invite = 'tir_invite', - timestamp_write = 'timestamp_write', - tnt_authorise = 'tnt_authorise', - tnt_create = 'tnt_create', - tnt_write = 'tnt_write', - did_authn = 'did_authn', -} +export type EBSIScope = + | 'didr_write' + | 'didr_invite' + | 'tir_write' + | 'tir_invite' + | 'timestamp_write' + | 'tnt_authorise' + | 'tnt_create' + | 'tnt_write' + | 'did_authn' export enum ScopeByDefinition { didr_invite_presentation = 'didr_invite', @@ -50,8 +51,11 @@ export enum TokenType { export interface IEBSIAuthorizationClient extends IPluginMethodMap { ebsiAuthASDiscoveryMetadataGet(args?: ApiOpts): Promise + ebsiAuthASJwksGet(args?: ApiOpts): Promise + ebsiAuthPresentationDefinitionGet(args: GetPresentationDefinitionArgs): Promise + ebsiAuthAccessTokenGet(args: EBSIAuthAccessTokenGetArgs, context: IRequiredContext): Promise } @@ -151,7 +155,6 @@ export interface GetAccessTokenArgs { export interface EBSIAuthAccessTokenGetArgs { vc: string definitionId: ScopeByDefinition - domain?: string did: string kid: string scope: EBSIScope @@ -194,8 +197,8 @@ export interface ExceptionResponse { instance?: URL | string } -export type GetOIDProviderMetadataResponse = EBSIOIDMetadata | ExceptionResponse +export type GetOIDProviderMetadataResponse = EBSIOIDMetadata export type GetOIDProviderJwksResponse = GetOIDProviderJwksSuccessResponse | ExceptionResponse -export type GetPresentationDefinitionResponse = GetPresentationDefinitionSuccessResponse | ExceptionResponse +export type GetPresentationDefinitionResponse = GetPresentationDefinitionSuccessResponse export type GetAccessTokenResponse = GetAccessTokenSuccessResponse | ExceptionResponse -export type IRequiredContext = IAgentContext +export type IRequiredContext = IAgentContext diff --git a/packages/presentation-exchange/src/functions.ts b/packages/presentation-exchange/src/functions.ts index b0303b101..b063a07f9 100644 --- a/packages/presentation-exchange/src/functions.ts +++ b/packages/presentation-exchange/src/functions.ts @@ -1,7 +1,8 @@ import { dereferenceDidKeysWithJwkSupport, getAgentResolver, getIdentifier, getKey, IIdentifierOpts } from '@sphereon/ssi-sdk-ext.did-utils' +import { _NormalizedVerificationMethod } from '@veramo/utils' import { IPEXPresentationSignCallback, IRequiredContext } from './types/IPresentationExchange' import { IPresentationDefinition } from '@sphereon/pex' -import { PresentationPayload, ProofFormat } from '@veramo/core' +import {IKey, PresentationPayload, ProofFormat} from '@veramo/core' import { CredentialMapper, Optional, OriginalVerifiablePresentation, W3CVerifiablePresentation } from '@sphereon/ssi-types' import { Format } from '@sphereon/pex-models' @@ -9,6 +10,7 @@ export async function createPEXPresentationSignCallback( args: { idOpts: IIdentifierOpts fetchRemoteContexts?: boolean + skipDidResolution?: boolean format?: Format | ProofFormat domain?: string challenge?: string @@ -58,12 +60,25 @@ export async function createPEXPresentationSignCallback( if (!presentation.holder) { presentation.holder = id.did } - const key = await getKey(id, 'authentication', context, idOpts.kid) - const didResolution = await getAgentResolver(context).resolve(idOpts.identifier.did) - const vms = await dereferenceDidKeysWithJwkSupport(didResolution.didDocument!, idOpts.verificationMethodSection ?? 'authentication', context) - const vm = vms.find((vm) => vm.publicKeyHex === key.publicKeyHex) - if (!vm) { - throw Error(`Could not resolve DID document or match signing key to did ${idOpts.identifier.did}`) + let key: IKey | undefined + + if (args.skipDidResolution) { + key = id.keys.find((key) => !idOpts.kid || key.kid === idOpts.kid || `${id.did}#${key.kid}` === idOpts.kid) + } else { + key = await getKey(id, 'authentication', context, idOpts.kid) + } + + if (!key) { + throw Error(`Could not determine key to use ${JSON.stringify(idOpts)}`) + } + let vm: _NormalizedVerificationMethod | undefined = undefined + if (args.skipDidResolution !== true) { + const didResolution = await getAgentResolver(context).resolve(idOpts.identifier.did) + const vms = await dereferenceDidKeysWithJwkSupport(didResolution.didDocument!, idOpts.verificationMethodSection ?? 'authentication', context) + vm = vms.find((vm) => vm.publicKeyHex === key.publicKeyHex) + if (!vm) { + throw Error(`Could not resolve DID document or match signing key to did ${idOpts.identifier.did}`) + } } const proofFormat = determineProofFormat({ format, presentationDefinition }) @@ -73,7 +88,7 @@ export async function createPEXPresentationSignCallback( } if (proofFormat === 'jwt') { header = { - kid: vm.id, + kid: vm?.id ?? key.kid.includes('#') ? key.kid : `${id.did}#${key.kid}`, } if (presentation.verifier || !presentation.aud) { presentation.aud = Array.isArray(presentation.verifier) ? presentation.verifier : presentation.verifier ?? domain ?? args.domain diff --git a/packages/siopv2-oid4vp-op-auth/agent.yml b/packages/siopv2-oid4vp-op-auth/agent.yml index f78f74ed5..bc176709a 100644 --- a/packages/siopv2-oid4vp-op-auth/agent.yml +++ b/packages/siopv2-oid4vp-op-auth/agent.yml @@ -117,7 +117,7 @@ agent: - schemaValidation: false plugins: - $ref: /didResolver - - $require: ./packages/siopv2-openid4vp-op-auth/dist#DidAuthSiopOpAuthenticator + - $require: ./packages/siopv2-oid4vp-op-auth/dist#DidAuthSiopOpAuthenticator $args: - presentationSignCallback: {} - $require: '@veramo/data-store#DataStore' diff --git a/packages/siopv2-oid4vp-op-auth/src/session/OID4VP.ts b/packages/siopv2-oid4vp-op-auth/src/session/OID4VP.ts index ac53e984e..93eedddb3 100644 --- a/packages/siopv2-oid4vp-op-auth/src/session/OID4VP.ts +++ b/packages/siopv2-oid4vp-op-auth/src/session/OID4VP.ts @@ -28,7 +28,7 @@ export class OID4VP { } public async getPresentationDefinitions(): Promise { - const definitions = (await this.session.getAuthorizationRequest()).presentationDefinitions + const definitions = await this.session.getPresentationDefinitions() if (definitions) { PresentationExchange.assertValidPresentationDefinitionWithLocations(definitions) } @@ -63,6 +63,7 @@ export class OID4VP { restrictToDIDMethods?: string[] proofOpts?: ProofOptions identifierOpts?: IIdentifierOpts + skipDidResolution?: boolean holderDID?: string subjectIsHolder?: boolean applyFilter?: boolean @@ -117,6 +118,7 @@ export class OID4VP { domain: proofOptions.domain, challenge: proofOptions.challenge, format: opts?.restrictToFormats ?? selectedVerifiableCredentials.definition.definition.format, + skipDidResolution: opts?.skipDidResolution, }) const presentationResult = await this.getPresentationExchange(vcs.credentials, this.allDIDs).createVerifiablePresentation( vcs.definition.definition, diff --git a/packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts b/packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts index 34b5cdb14..994d45ccf 100644 --- a/packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts +++ b/packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts @@ -1,6 +1,7 @@ import { - PresentationExchangeResponseOpts, CheckLinkedDomain, + PresentationDefinitionWithLocation, + PresentationExchangeResponseOpts, ResolveOpts, URI, Verification, @@ -26,12 +27,14 @@ export class OpSession { private verifiedAuthorizationRequest?: VerifiedAuthorizationRequest | undefined private _nonce?: string private _state?: string + private readonly _providedPresentationDefinitions?: PresentationDefinitionWithLocation[] private constructor(options: Required) { this.id = options.sessionId this.options = options.op this.context = options.context this.requestJwtOrUri = options.requestJwtOrUri + this._providedPresentationDefinitions = options.providedPresentationDefinitions } public static async init(options: Required): Promise { @@ -187,10 +190,17 @@ export class OpSession { } public async hasPresentationDefinitions(): Promise { - const defs = (await this.getAuthorizationRequest()).presentationDefinitions + const defs = this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions return defs !== undefined && defs.length > 0 } + public async getPresentationDefinitions(): Promise | undefined> { + if (!(await this.hasPresentationDefinitions())) { + throw Error(`No presentation definitions found`) + } + return this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions + } + public async getOID4VP(allDIDs?: string[]): Promise { return await OID4VP.init(this, allDIDs ?? (await this.getSupportedDIDs())) } diff --git a/packages/siopv2-oid4vp-op-auth/src/session/functions.ts b/packages/siopv2-oid4vp-op-auth/src/session/functions.ts index cc8ed1b06..dbf64bd62 100644 --- a/packages/siopv2-oid4vp-op-auth/src/session/functions.ts +++ b/packages/siopv2-oid4vp-op-auth/src/session/functions.ts @@ -25,12 +25,14 @@ export async function createOID4VPPresentationSignCallback({ challenge, format, context, + skipDidResolution, }: { presentationSignCallback?: PresentationSignCallback idOpts: IIdentifierOpts domain?: string challenge?: string fetchRemoteContexts?: boolean + skipDidResolution?: boolean format?: Format context: IRequiredContext }): Promise { @@ -38,7 +40,7 @@ export async function createOID4VPPresentationSignCallback({ return presentationSignCallback } - return createPEXPresentationSignCallback({ idOpts, fetchRemoteContexts, domain, challenge, format }, context) + return createPEXPresentationSignCallback({ idOpts, fetchRemoteContexts, domain, challenge, format, skipDidResolution }, context) } export async function createOPBuilder({ diff --git a/packages/siopv2-oid4vp-op-auth/src/types/IDidAuthSiopOpAuthenticator.ts b/packages/siopv2-oid4vp-op-auth/src/types/IDidAuthSiopOpAuthenticator.ts index ee90e17e1..55b57fa11 100644 --- a/packages/siopv2-oid4vp-op-auth/src/types/IDidAuthSiopOpAuthenticator.ts +++ b/packages/siopv2-oid4vp-op-auth/src/types/IDidAuthSiopOpAuthenticator.ts @@ -40,6 +40,7 @@ export interface IOpSessionArgs { sessionId?: string requestJwtOrUri: string | URI + providedPresentationDefinitions?: Array // identifier: IIdentifier context: IRequiredContext op?: IOPOptions diff --git a/packages/ssi-types/__tests__/logging.test.ts b/packages/ssi-types/__tests__/logging.test.ts index 3a04a41cc..37ec34a9a 100644 --- a/packages/ssi-types/__tests__/logging.test.ts +++ b/packages/ssi-types/__tests__/logging.test.ts @@ -1,13 +1,10 @@ -import {Loggers, LogMethod} from '../src' +import { Loggers, LogMethod } from '../src' describe('Simple logging', () => { - it('Should be able to log without providing options for a new namespace', () => { - Loggers.DEFAULT.get(''+ Date.now()) - .log('Random test') + Loggers.DEFAULT.get('' + Date.now()).log('Random test') }) - it('Should perform a debug package log', () => { Loggers.DEFAULT.options('debug_pkg', { methods: [LogMethod.DEBUG_PKG] }) .get('debug_pkg') diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 135ad1855..9b68d87cd 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -470,6 +470,9 @@ importers: '@sphereon/ssi-sdk.oid4vci-holder': specifier: workspace:* version: link:../oid4vci-holder + '@sphereon/ssi-sdk.presentation-exchange': + specifier: workspace:* + version: link:../presentation-exchange '@sphereon/ssi-sdk.siopv2-oid4vp-op-auth': specifier: workspace:* version: link:../siopv2-oid4vp-op-auth @@ -499,17 +502,17 @@ importers: specifier: 0.10.4-next.31 version: 0.10.4-next.31 '@sphereon/ssi-sdk-ext.did-provider-ebsi': - specifier: ^0.18.2 - version: 0.18.2 + specifier: 0.20.1-unstable.3 + version: 0.20.1-unstable.3(msrcrypto@1.5.8) '@sphereon/ssi-sdk-ext.key-manager': - specifier: ^0.18.2 - version: 0.18.2(msrcrypto@1.5.8) + specifier: 0.20.1-unstable.3 + version: 0.20.1-unstable.3(msrcrypto@1.5.8) '@sphereon/ssi-sdk-ext.key-utils': - specifier: 0.19.0 - version: 0.19.0(msrcrypto@1.5.8) + specifier: 0.20.1-unstable.3 + version: 0.20.1-unstable.3(msrcrypto@1.5.8) '@sphereon/ssi-sdk-ext.kms-local': - specifier: ^0.18.2 - version: 0.18.2(msrcrypto@1.5.8) + specifier: 0.20.1-unstable.3 + version: 0.20.1-unstable.3(msrcrypto@1.5.8) '@sphereon/ssi-sdk.agent-config': specifier: workspace:* version: link:../agent-config @@ -3120,6 +3123,10 @@ packages: resolution: {integrity: sha512-rE0Pygv0sEZ4vBWHlAgJLGDU7Pm8xoO6p3wsEceb7GYAjScrOHpEo8KK/eVkAcnSM+slAEtXjA2JpdjLp4fJQQ==} dev: true + /@adraffy/ens-normalize@1.10.1: + resolution: {integrity: sha512-96Z2IP3mYmF1Xg2cDm8f1gWGf/HUVedQ3FMifV4kG/PQ4yEP51xDtRAEfhVNt5f/uzpNkZHwWQuUcu6D6K+Ekw==} + dev: true + /@ampproject/remapping@2.3.0: resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==} engines: {node: '>=6.0.0'} @@ -6029,6 +6036,12 @@ packages: dev: true optional: true + /@noble/curves@1.2.0: + resolution: {integrity: sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw==} + dependencies: + '@noble/hashes': 1.2.0 + dev: true + /@noble/curves@1.3.0: resolution: {integrity: sha512-t01iSXPuN+Eqzb4eBX0S5oubSqXbK/xXa1Ne18Hj8f9pStxztHCE2gfboSp/dZRLSqfuLpRK2nDXDK+W9puocA==} dependencies: @@ -7389,22 +7402,31 @@ packages: - supports-color dev: false - /@sphereon/ssi-sdk-ext.did-provider-ebsi@0.18.2: - resolution: {integrity: sha512-OdfRQE/OuDU5YiayNUXKEapLrJIDSVcnpm8+RFvMoOpF8OpAFBaEiKcUxPon+oZ6jJT8oQMVgmjTk7aZ1QnwDw==} + /@sphereon/ssi-sdk-ext.did-provider-ebsi@0.20.1-unstable.3(msrcrypto@1.5.8): + resolution: {integrity: sha512-Zd07W9Akl3CGQuFLBUMdN7R3D8vYi0U7aWpvqoVocLAHUsMZ6QAq/W+EvHxKaNQtlKoFu6UNKClM2ofe8scp7A==} dependencies: '@ethersproject/random': 5.7.0 - '@sphereon/ssi-sdk-ext.did-resolver-ebsi': 0.18.0 - '@transmute/did-key-bls12381': 0.3.0-unstable.10 + '@sphereon/ssi-sdk-ext.did-resolver-ebsi': 0.20.1-unstable.3 + '@sphereon/ssi-sdk-ext.key-utils': 0.20.1-unstable.3(msrcrypto@1.5.8) '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) '@veramo/did-manager': 4.2.0 '@veramo/did-provider-key': 4.2.0 - debug: 4.3.4 + cross-fetch: 4.0.0 + debug: 4.3.5 did-resolver: 4.1.0 + ethers: 6.13.0 multiformats: 9.9.0 uint8arrays: 3.1.1 transitivePeerDependencies: + - bufferutil - encoding + - expo + - expo-crypto + - msrcrypt + - msrcrypto + - react-native-securerandom - supports-color + - utf-8-validate dev: true /@sphereon/ssi-sdk-ext.did-provider-jwk@0.20.0(msrcrypto@1.5.8): @@ -7473,8 +7495,8 @@ packages: - typescript dev: true - /@sphereon/ssi-sdk-ext.did-resolver-ebsi@0.18.0: - resolution: {integrity: sha512-J5Wr+unaBAvR5zezs4hJ5IW6oHdDHLIv3kPKT0Pc5LhaVIjgfhAY5BdIgW3tyCGu9Dy5/VCcjUNKxUVDSOfQag==} + /@sphereon/ssi-sdk-ext.did-resolver-ebsi@0.20.1-unstable.3: + resolution: {integrity: sha512-1tbxsEILT9ZPQ+SQMsdwPI9FJ0l15vd2fgLetoSBdsswW+toQ7UIByvaM0WpN2tG//gtB/ELLyuwSJPcN/YnDQ==} dependencies: cross-fetch: 3.1.8 did-resolver: 4.1.0 @@ -7554,12 +7576,12 @@ packages: - supports-color dev: false - /@sphereon/ssi-sdk-ext.did-utils@0.18.2(msrcrypto@1.5.8): - resolution: {integrity: sha512-ODzXNujWTL8eB4c1AA98wmKp3UGh0hUb+F5axmqHymqF+ip3lzTezWg1P3UmmFQwg6c+bUq2UOsm33Ox10SnTQ==} + /@sphereon/ssi-sdk-ext.did-utils@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): + resolution: {integrity: sha512-iRTJE8yOIak1UgYByvrzfiAhHmW3PTZCf7eMFUE/oS5N8zsMsRJeQb3ELxIOJpqXwE7YA0KXzO/0QrJ16CH8vA==} dependencies: '@ethersproject/transactions': 5.7.0 '@sphereon/did-uni-client': 0.6.3 - '@sphereon/ssi-sdk-ext.key-utils': 0.18.2(msrcrypto@1.5.8) + '@sphereon/ssi-sdk-ext.key-utils': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) '@sphereon/ssi-sdk.core': link:packages/ssi-sdk-core '@stablelib/ed25519': 1.0.3 '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) @@ -7576,14 +7598,13 @@ packages: - msrcrypto - react-native-securerandom - supports-color - dev: true - /@sphereon/ssi-sdk-ext.did-utils@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): - resolution: {integrity: sha512-iRTJE8yOIak1UgYByvrzfiAhHmW3PTZCf7eMFUE/oS5N8zsMsRJeQb3ELxIOJpqXwE7YA0KXzO/0QrJ16CH8vA==} + /@sphereon/ssi-sdk-ext.did-utils@0.20.1-unstable.3(msrcrypto@1.5.8): + resolution: {integrity: sha512-DAw7Rsl7aI36rbLx6CKrFGif1LiN8QCrcC+V7cTpYhxIo9Z9ArqZ28X3T08RQrsntWYdaqO+oqVnap5PNrue5A==} dependencies: '@ethersproject/transactions': 5.7.0 '@sphereon/did-uni-client': 0.6.3 - '@sphereon/ssi-sdk-ext.key-utils': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) + '@sphereon/ssi-sdk-ext.key-utils': 0.20.1-unstable.3(msrcrypto@1.5.8) '@sphereon/ssi-sdk.core': link:packages/ssi-sdk-core '@stablelib/ed25519': 1.0.3 '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) @@ -7600,11 +7621,12 @@ packages: - msrcrypto - react-native-securerandom - supports-color + dev: true - /@sphereon/ssi-sdk-ext.key-manager@0.18.2(msrcrypto@1.5.8): - resolution: {integrity: sha512-gua4qlY0eYzJutalGh8In5x0FB3I7idspwtUO+mTcPbtiOl4mvwzq3z3bVaLXXrVRtkj7MGJviXCLFRGCvwh4Q==} + /@sphereon/ssi-sdk-ext.key-manager@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): + resolution: {integrity: sha512-HnE3EWWebzPOhFh+Wz5cnB/ORxSsWCLVgxnLB9fRWlNXySpRn/aShj30zGL8qlgQzciqX5nMWMe+Bq4wd63Mhw==} dependencies: - '@sphereon/ssi-sdk-ext.kms-local': 0.18.2(msrcrypto@1.5.8) + '@sphereon/ssi-sdk-ext.kms-local': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) '@veramo/key-manager': 4.2.0 transitivePeerDependencies: @@ -7616,12 +7638,11 @@ packages: - msrcrypto - react-native-securerandom - supports-color - dev: true - /@sphereon/ssi-sdk-ext.key-manager@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): - resolution: {integrity: sha512-HnE3EWWebzPOhFh+Wz5cnB/ORxSsWCLVgxnLB9fRWlNXySpRn/aShj30zGL8qlgQzciqX5nMWMe+Bq4wd63Mhw==} + /@sphereon/ssi-sdk-ext.key-manager@0.20.1-unstable.3(msrcrypto@1.5.8): + resolution: {integrity: sha512-rFcjGopZozbxd+f+B0uEYmZqzMpVQb8LzmWjW3smTGUMsqYvcLQyJcaLPMQjOG3xJzKUv3Zw5blKy8yOBxWojA==} dependencies: - '@sphereon/ssi-sdk-ext.kms-local': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) + '@sphereon/ssi-sdk-ext.kms-local': 0.20.1-unstable.3(msrcrypto@1.5.8) '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) '@veramo/key-manager': 4.2.0 transitivePeerDependencies: @@ -7633,6 +7654,7 @@ packages: - msrcrypto - react-native-securerandom - supports-color + dev: true /@sphereon/ssi-sdk-ext.key-utils@0.18.2(msrcrypto@1.5.8): resolution: {integrity: sha512-C7gBp4lhpIr+R8hQngu6h6okbYtffRK123T2Gt389pn176BHh6HzFdxDffxSq5MTEL5gwaXcCDdPHjuWEZ/5gQ==} @@ -7659,9 +7681,10 @@ packages: - msrcrypto - react-native-securerandom - supports-color + dev: false - /@sphereon/ssi-sdk-ext.key-utils@0.19.0(msrcrypto@1.5.8): - resolution: {integrity: sha512-CzOymQxFhqn6XuvpBRPvE4BeUZFYDWmVVMPK7UKf8Rqlgc5rLzChm+BKeGt5Qf3ModijY/p7o9Az13zzweGk+A==} + /@sphereon/ssi-sdk-ext.key-utils@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): + resolution: {integrity: sha512-SGS0x2juCWnjxlMEkJ45My2ayzVHMV/kwgSQYDUmGv2iSqc96GrVWHfI3mmB3YWdV03ygVohSkIUZoloWteZBw==} dependencies: '@ethersproject/random': 5.7.0 '@sphereon/isomorphic-webcrypto': 2.4.1-unstable.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) @@ -7670,7 +7693,7 @@ packages: '@stablelib/sha512': 1.0.1 '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) base64url: 3.0.1 - debug: 4.3.4 + debug: 4.3.5 did-resolver: 4.1.0 elliptic: 6.5.4 lodash.isplainobject: 4.0.6 @@ -7685,10 +7708,9 @@ packages: - msrcrypto - react-native-securerandom - supports-color - dev: true - /@sphereon/ssi-sdk-ext.key-utils@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): - resolution: {integrity: sha512-SGS0x2juCWnjxlMEkJ45My2ayzVHMV/kwgSQYDUmGv2iSqc96GrVWHfI3mmB3YWdV03ygVohSkIUZoloWteZBw==} + /@sphereon/ssi-sdk-ext.key-utils@0.20.1-unstable.3(msrcrypto@1.5.8): + resolution: {integrity: sha512-D25gIRqwQQcVzRd1qsZcHU63mM0uuVV8bIAyUx1nd/jKQS5k96LVUFXlAWb/6A7wvpmLPvSc0Zw9gv3dNVgNUg==} dependencies: '@ethersproject/random': 5.7.0 '@sphereon/isomorphic-webcrypto': 2.4.1-unstable.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) @@ -7712,9 +7734,10 @@ packages: - msrcrypto - react-native-securerandom - supports-color + dev: true - /@sphereon/ssi-sdk-ext.kms-local@0.18.2(msrcrypto@1.5.8): - resolution: {integrity: sha512-tZQvBY551AK+9576xE4AxYT4h2/sOFzQEBtK7ihQnBvnECw7SaFpSf4d7caqNeoYqDZN0xBfy0aF/AwbYpbA7A==} + /@sphereon/ssi-sdk-ext.kms-local@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): + resolution: {integrity: sha512-+xWP8GeSPUcpdQYLnI848GAnmyiCXB8GWupR09Uds1ibXnA3fsIzDxJ1miQ3CqZ9YlS2ZAwOOhtVNcWyb+fR+w==} peerDependencies: '@mattrglobal/bbs-signatures': ^1.3.1 peerDependenciesMeta: @@ -7722,8 +7745,8 @@ packages: optional: true dependencies: '@sphereon/isomorphic-webcrypto': 2.4.1-unstable.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) - '@sphereon/ssi-sdk-ext.did-utils': 0.18.2(msrcrypto@1.5.8) - '@sphereon/ssi-sdk-ext.key-utils': 0.18.2(msrcrypto@1.5.8) + '@sphereon/ssi-sdk-ext.did-utils': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) + '@sphereon/ssi-sdk-ext.key-utils': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) '@trust/keyto': 2.0.0-alpha1 '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) '@veramo/key-manager': 4.2.0 @@ -7738,10 +7761,9 @@ packages: - msrcrypto - react-native-securerandom - supports-color - dev: true - /@sphereon/ssi-sdk-ext.kms-local@0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1): - resolution: {integrity: sha512-+xWP8GeSPUcpdQYLnI848GAnmyiCXB8GWupR09Uds1ibXnA3fsIzDxJ1miQ3CqZ9YlS2ZAwOOhtVNcWyb+fR+w==} + /@sphereon/ssi-sdk-ext.kms-local@0.20.1-unstable.3(msrcrypto@1.5.8): + resolution: {integrity: sha512-B9O8LI7l0MyS31IFzfCXqROxLxsdG99GN8/Fm3msxN+g4YbHv67uC/reYBKUb/46EbKMO1e+1dBBfYYjVwBfyg==} peerDependencies: '@mattrglobal/bbs-signatures': ^1.3.1 peerDependenciesMeta: @@ -7749,8 +7771,8 @@ packages: optional: true dependencies: '@sphereon/isomorphic-webcrypto': 2.4.1-unstable.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) - '@sphereon/ssi-sdk-ext.did-utils': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) - '@sphereon/ssi-sdk-ext.key-utils': 0.20.0(msrcrypto@1.5.8)(react-native-securerandom@1.0.1) + '@sphereon/ssi-sdk-ext.did-utils': 0.20.1-unstable.3(msrcrypto@1.5.8) + '@sphereon/ssi-sdk-ext.key-utils': 0.20.1-unstable.3(msrcrypto@1.5.8) '@trust/keyto': 2.0.0-alpha1 '@veramo/core': 4.2.0(patch_hash=c5oempznsz4br5w3tcuk2i2mau) '@veramo/key-manager': 4.2.0 @@ -7765,6 +7787,7 @@ packages: - msrcrypto - react-native-securerandom - supports-color + dev: true /@sphereon/vc-status-list@7.0.0-next.0: resolution: {integrity: sha512-4GIZq12SXbEbO4vCh5TwWzWk7tviDUP8aOzRGsEw6UW2344qZ31CLsU+bHurdnG4OlLRyosv4khN1ha6OiJHZQ==} @@ -8724,6 +8747,10 @@ packages: dependencies: '@types/node': 18.19.31 + /@types/node@18.15.13: + resolution: {integrity: sha512-N+0kuo9KgrUQ1Sn/ifDXsvg0TTleP7rIy4zOBGECxAljqvqfqpTfzx0Q1NUedOixRMBfe2Whhb056a42cWs26Q==} + dev: true + /@types/node@18.15.3: resolution: {integrity: sha512-p6ua9zBxz5otCmbpb5D3U4B5Nanw6Pk3PPyX05xnxbB/fRv71N7CPmORg7uAD5P70T0xmx1pzAx/FUfa5X+3cw==} dev: true @@ -9721,6 +9748,10 @@ packages: /aes-js@3.0.0: resolution: {integrity: sha512-H7wUZRn8WpTq9jocdxQ2c8x2sKo9ZVmzfRE13GiNJXfp7NcKYEdvl3vspKjXox6RIG2VtaRe4JFvxG4rqp2Zuw==} + /aes-js@4.0.0-beta.5: + resolution: {integrity: sha512-G965FqalsNyrPqgEGON7nIx1e/OVENSgiEIzyC63haUMuvNnwIgIjMs52hlTCKhkBny7A2ORNlfY9Zu+jmGk1Q==} + dev: true + /agent-base@6.0.2: resolution: {integrity: sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==} engines: {node: '>= 6.0.0'} @@ -12608,6 +12639,22 @@ packages: - utf-8-validate dev: false + /ethers@6.13.0: + resolution: {integrity: sha512-+yyQQQWEntY5UVbCv++guA14RRVFm1rSnO1GoLFdrK7/XRWMoktNgyG9UjwxrQqGBfGyFKknNZ81YpUS2emCgg==} + engines: {node: '>=14.0.0'} + dependencies: + '@adraffy/ens-normalize': 1.10.1 + '@noble/curves': 1.2.0 + '@noble/hashes': 1.2.0 + '@types/node': 18.15.13 + aes-js: 4.0.0-beta.5 + tslib: 2.4.0 + ws: 8.5.0 + transitivePeerDependencies: + - bufferutil + - utf-8-validate + dev: true + /ethjs-util@0.1.6: resolution: {integrity: sha512-CUnVOQq7gSpDHZVVrQW8ExxUETWrnrvXYvYz55wOU8Uj4VCgw56XC2B/fVqQN+f7gmrnRHSLVnFAwsCuNwji8w==} engines: {node: '>=6.5.0', npm: '>=3'} @@ -20238,6 +20285,10 @@ packages: resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==} dev: true + /tslib@2.4.0: + resolution: {integrity: sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==} + dev: true + /tslib@2.6.2: resolution: {integrity: sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==} @@ -21236,6 +21287,19 @@ packages: utf-8-validate: optional: true + /ws@8.5.0: + resolution: {integrity: sha512-BWX0SWVgLPzYwF8lTzEy1egjhS4S4OEAHfsO8o65WOVsrnSRGaSiUaa9e0ggGlkMTtBlmOpEXiie9RUcBO86qg==} + engines: {node: '>=10.0.0'} + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: ^5.0.2 + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + dev: true + /xml-name-validator@3.0.0: resolution: {integrity: sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw==} dev: true