@sphereon/ssi-sdk.credential-vcdm/dist/index.cjs.map

Plugin for working with W3C Verifiable Credentials DataModel 1 and 2 Credentials & Presentations.

{"version":3,"sources":["../src/index.ts","../src/message-handler.ts","../src/vcdmCredentialPlugin.ts","../src/functions.ts"],"sourcesContent":["/**\n * Provides a {@link @veramo/credential-w3c#CredentialPlugin | plugin} for the {@link @veramo/core#Agent} that\n * implements\n * {@link @veramo/core#ICredentialIssuer} interface.\n *\n * Provides a {@link @veramo/credential-w3c#W3cMessageHandler | plugin} for the\n * {@link @veramo/message-handler#MessageHandler} that verifies Credentials and Presentations in a message.\n *\n * @packageDocumentation\n */\nexport type * from './types'\nexport { W3cMessageHandler, MessageTypes } from './message-handler'\nimport { VcdmCredentialPlugin } from './vcdmCredentialPlugin'\n\n/**\n * @deprecated please use {@link VcdmCredentialPlugin} instead\n * @public\n */\nconst CredentialIssuer = VcdmCredentialPlugin\nexport { CredentialIssuer, VcdmCredentialPlugin }\n\n// For backward compatibility, re-export the plugin types that were moved to core in v4\nexport type { ICredentialIssuer, ICredentialVerifier } from '@veramo/core'\n\nexport * from './functions'\n","import type { IAgentContext, ICredentialVerifier, IResolver, VerifiableCredential, VerifiablePresentation } from '@veramo/core'\nimport { AbstractMessageHandler, Message } from '@veramo/message-handler'\nimport { asArray, computeEntryHash, decodeCredentialToObject, extractIssuer } from '@veramo/utils'\n\nimport {\n  normalizeCredential,\n  normalizePresentation,\n  validateJwtCredentialPayload,\n  validateJwtPresentationPayload, // @ts-ignore\n} from 'did-jwt-vc'\n\nimport { v4 as uuidv4 } from 'uuid'\nimport Debug from 'debug'\n\nconst debug = Debug('sphereon:vcdm:message-handler')\n\n/**\n * These types are used by `@veramo/data-store` when storing Verifiable Credentials and Presentations\n *\n * @internal\n */\nexport const MessageTypes = {\n  /** Represents a Verifiable Credential */\n  vc: 'w3c.vc',\n  /** Represents a Verifiable Presentation */\n  vp: 'w3c.vp',\n}\n\n/**\n * Represents the requirements that this plugin has.\n * The agent that is using this plugin is expected to provide these methods.\n *\n * This interface can be used for static type checks, to make sure your application is properly initialized.\n */\nexport type IContext = IAgentContext<IResolver & ICredentialVerifier>\n\n/**\n * An implementation of the {@link @veramo/message-handler#AbstractMessageHandler}.\n *\n * This plugin can handle incoming W3C Verifiable Credentials and Presentations and prepare them\n * for internal storage as {@link @veramo/message-handler#Message} types.\n *\n * The current version can only handle `JWT` encoded\n *\n * @remarks {@link @veramo/core#IDataStore | IDataStore }\n *\n * @public\n */\nexport class W3cMessageHandler extends AbstractMessageHandler {\n  async handle(message: Message, context: IContext): Promise<Message> {\n    const meta = message.getLastMetaData()\n\n    // console.log(JSON.stringify(message, null,  2))\n\n    //FIXME: messages should not be expected to be only JWT\n    if (meta?.type === 'JWT' && message.raw) {\n      const { data } = message\n\n      try {\n        validateJwtPresentationPayload(data)\n\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vp)\n        const presentation = normalizePresentation(message.raw)\n        const credentials = presentation.verifiableCredential\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = credentials\n\n        return message\n      } catch (e) {}\n\n      try {\n        validateJwtCredentialPayload(data)\n        //FIXME: flagging this for potential privacy leaks\n        debug('JWT is', MessageTypes.vc)\n        const credential = normalizeCredential(message.raw)\n\n        message.id = computeEntryHash(message.raw)\n        message.type = MessageTypes.vc\n        message.from = credential.issuer.id\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } catch (e) {}\n    }\n\n    // LDS Verification and Handling\n    if (message.type === MessageTypes.vc && message.data) {\n      // verify credential\n      const credential = message.data as VerifiableCredential\n\n      const result = await context.agent.verifyCredential({ credential })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vc\n        message.from = extractIssuer(credential)\n        message.to = credential.credentialSubject.id\n\n        if (credential.tag) {\n          message.threadId = credential.tag\n        }\n\n        message.createdAt = credential.issuanceDate\n        message.credentials = [credential]\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    if (message.type === MessageTypes.vp && message.data) {\n      // verify presentation\n      const presentation = message.data as VerifiablePresentation\n\n      // throws on error.\n      const result = await context.agent.verifyPresentation({\n        presentation,\n        // FIXME: HARDCODED CHALLENGE VERIFICATION FOR NOW\n        challenge: 'VERAMO',\n        domain: 'VERAMO',\n      })\n      if (result.verified) {\n        message.id = computeEntryHash(message.raw || message.id || uuidv4())\n        message.type = MessageTypes.vp\n        message.from = presentation.holder\n        // message.to = presentation.verifier?.[0]\n\n        if (presentation.tag) {\n          message.threadId = presentation.tag\n        }\n\n        // message.createdAt = presentation.issuanceDate\n        message.presentations = [presentation]\n        message.credentials = asArray(presentation.verifiableCredential).map(decodeCredentialToObject)\n        return message\n      } else {\n        throw new Error(result.error?.message)\n      }\n    }\n\n    return super.handle(message, context)\n  }\n}\n","import { asArray, type VerifiableCredentialSP, type VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'\nimport {\n  CredentialMapper,\n  IVerifyResult,\n  IVerifySingleResultItem,\n  OriginalVerifiableCredential,\n  W3CVerifiableCredential,\n  W3CVerifiablePresentation,\n} from '@sphereon/ssi-types'\nimport type { IAgentPlugin, IIdentifier, VerifiableCredential } from '@veramo/core'\nimport { schema } from '@veramo/core'\nimport Debug from 'debug'\nimport { isRevoked, preProcessCredentialPayload, preProcessPresentation } from './functions'\n\nimport type {\n  ICreateVerifiableCredentialLDArgs,\n  ICreateVerifiablePresentationLDArgs,\n  IVcdmCredentialPlugin,\n  IVcdmCredentialProvider,\n  IVcdmIssuerAgentContext,\n  IVcdmVerifierAgentContext,\n  IVerifyCredentialVcdmArgs,\n  IVerifyPresentationLDArgs,\n} from './types'\n\nconst debug = Debug('sphereon:ssi-sdk:vcdm')\n\n/**\n * A plugin that implements the {@link @sphereon/ssi-sdk.credential-vcdm#IVcdmCredentialPlugin} methods.\n *\n * @public\n */\nexport class VcdmCredentialPlugin implements IAgentPlugin {\n  readonly methods: IVcdmCredentialPlugin\n  readonly schema = {\n    components: {\n      schemas: {\n        ...schema.ICredentialIssuer.components.schemas,\n        ...schema.ICredentialVerifier.components.schemas,\n      },\n      methods: {\n        ...schema.ICredentialIssuer.components.methods,\n        ...schema.ICredentialVerifier.components.methods,\n      },\n    },\n  }\n  private issuers: IVcdmCredentialProvider[]\n\n  constructor(options: { issuers: IVcdmCredentialProvider[] }) {\n    this.issuers = options.issuers\n    this.methods = {\n      listUsableProofFormats: this.listUsableProofFormats.bind(this),\n      createVerifiableCredential: this.createVerifiableCredential.bind(this),\n      verifyCredential: this.verifyCredential.bind(this),\n      createVerifiablePresentation: this.createVerifiablePresentation.bind(this),\n      verifyPresentation: this.verifyPresentation.bind(this),\n    }\n  }\n\n  async listUsableProofFormats(did: IIdentifier, context: IVcdmIssuerAgentContext): Promise<string[]> {\n    const signingOptions: string[] = []\n    const keys = did.keys\n    for (const key of keys) {\n      for (const issuer of this.issuers) {\n        if (issuer.matchKeyForType(key)) {\n          signingOptions.push(issuer.getTypeProofFormat())\n        }\n      }\n    }\n    return signingOptions\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiableCredential} */\n  async createVerifiableCredential(args: ICreateVerifiableCredentialLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiableCredentialSP> {\n    let { proofFormat /* keyRef, removeOriginalFields, now , ...otherOptions */ } = args\n    const { credential, issuer, now } = preProcessCredentialPayload(args)\n\n    try {\n      await context.agent.didManagerGet({ did: issuer })\n    } catch (e) {\n      throw new Error(`invalid_argument: credential.issuer must be a DID managed by this agent. ${e}`)\n    }\n    try {\n      async function findAndIssueCredential(issuers: IVcdmCredentialProvider[]) {\n        for (const issuer of issuers) {\n          if (issuer.canIssueCredentialType({ proofFormat })) {\n            return await issuer.createVerifiableCredential({ ...args, credential, now }, context)\n          }\n        }\n        throw new Error(\n          `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        )\n      }\n\n      const verifiableCredential = await findAndIssueCredential(this.issuers)\n      return verifiableCredential\n    } catch (error) {\n      debug(error)\n      return Promise.reject(error)\n    }\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyCredential} */\n  async verifyCredential(args: IVerifyCredentialVcdmArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { credential, policies /*, ...otherOptions*/ } = args\n    let verifiedCredential: VerifiableCredential\n    let verificationResult: IVerifyResult\n\n    async function findAndVerifyCredential(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: credential as W3CVerifiableCredential })) {\n          return issuer.verifyCredential(args, context)\n        }\n      }\n      const uniform = CredentialMapper.toUniformCredential(args.credential as OriginalVerifiableCredential)\n      return Promise.reject(\n        Error(\n          `invalid_setup: No verifier found for the provided credential credential\n           type: ${JSON.stringify(uniform.type)} proof type \n           ${asArray(uniform.proof)?.[0]?.type} supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n        ),\n      )\n    }\n\n    verificationResult = await findAndVerifyCredential(this.issuers)\n    verifiedCredential = <VerifiableCredential>credential\n\n    if (policies?.credentialStatus !== false && (await isRevoked(verifiedCredential, context as any))) {\n      const results = verificationResult.results\n      const partialSingleResult: Partial<IVerifySingleResultItem> = Array.isArray(results)\n        ? results[0]\n        : {\n            credential: credential as OriginalVerifiableCredential,\n            verified: false,\n            log: [],\n          }\n      const result: IVerifySingleResultItem = {\n        ...partialSingleResult,\n        credential: credential as OriginalVerifiableCredential,\n        verified: false,\n        error: {\n          message: 'revoked: The credential was revoked by the issuer',\n          errorCode: 'revoked',\n        },\n        log: [...(partialSingleResult.log ?? []), { id: 'revocation_status', valid: false }],\n      }\n      verificationResult = {\n        ...verificationResult,\n        verified: false,\n        error: result.error,\n        results: [result],\n      }\n    }\n\n    return verificationResult\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialIssuer.createVerifiablePresentation} */\n  async createVerifiablePresentation(args: ICreateVerifiablePresentationLDArgs, context: IVcdmIssuerAgentContext): Promise<VerifiablePresentationSP> {\n    const { proofFormat } = args\n    const { presentation } = preProcessPresentation(args)\n\n    let verifiablePresentation: VerifiablePresentationSP\n\n    async function findAndCreatePresentation(issuers: IVcdmCredentialProvider[]) {\n      for (const issuer of issuers) {\n        if (issuer.canIssueCredentialType({ proofFormat })) {\n          return await issuer.createVerifiablePresentation({ ...args, presentation }, context)\n        }\n      }\n      throw new Error(\n        `invalid_setup: No issuer found for the requested proof format: ${proofFormat}, supported: ${issuers.map((i) => i.getTypeProofFormat()).join(',')}`,\n      )\n    }\n\n    verifiablePresentation = await findAndCreatePresentation(this.issuers)\n    return verifiablePresentation\n  }\n\n  /** {@inheritdoc @veramo/core#ICredentialVerifier.verifyPresentation} */\n  async verifyPresentation(args: IVerifyPresentationLDArgs, context: IVcdmVerifierAgentContext): Promise<IVerifyResult> {\n    let { presentation /*domain, challenge, fetchRemoteContexts, policies, ...otherOptions*/ } = args\n\n    async function findAndVerifyPresentation(issuers: IVcdmCredentialProvider[]): Promise<IVerifyResult> {\n      for (const issuer of issuers) {\n        if (issuer.canVerifyDocumentType({ document: presentation as W3CVerifiablePresentation })) {\n          return issuer.verifyPresentation(args, context)\n        }\n      }\n      throw new Error('invalid_setup: No verifier found for the provided presentation')\n    }\n\n    const result = await findAndVerifyPresentation(this.issuers)\n    return result\n  }\n}\n","import type {\n  CredentialPayload,\n  IAgentContext,\n  ICredentialStatusVerifier,\n  IDIDManager,\n  IIdentifier,\n  IResolver,\n  IssuerType,\n  PresentationPayload,\n  VerifiableCredential,\n  W3CVerifiableCredential,\n  W3CVerifiablePresentation,\n} from '@veramo/core'\nimport { _ExtendedIKey, isDefined, processEntryToArray } from '@veramo/utils'\nimport { decodeJWT } from 'did-jwt'\nimport {\n  addVcdmContextIfNeeded,\n  isVcdm1Credential,\n  isVcdm2Credential,\n  VCDM_CREDENTIAL_CONTEXT_V1,\n  VCDM_CREDENTIAL_CONTEXT_V2,\n} from '@sphereon/ssi-types'\nimport { ICreateVerifiablePresentationLDArgs } from './types'\nimport { getKey } from '@sphereon/ssi-sdk-ext.did-utils'\n\n/**\n * Decodes a credential or presentation and returns the issuer ID\n * `iss` from a JWT or `issuer`/`issuer.id` from a VC or `holder` from a VP\n *\n * @param input - the credential or presentation whose issuer/holder needs to be extracted.\n * @param options - options for the extraction\n *   removeParameters - Remove all DID parameters from the issuer ID\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function extractIssuer(\n  input?: W3CVerifiableCredential | W3CVerifiablePresentation | CredentialPayload | PresentationPayload | null,\n  options: { removeParameters?: boolean } = {},\n): string {\n  if (!isDefined(input)) {\n    return ''\n  } else if (typeof input === 'string') {\n    // JWT\n    try {\n      const { payload } = decodeJWT(input.split(`~`)[0])\n      const iss = payload.iss ?? ''\n      return !!options.removeParameters ? removeDIDParameters(iss) : iss\n    } catch (e: any) {\n      return ''\n    }\n  } else {\n    // JSON\n    let iss: IssuerType\n    if (input.issuer) {\n      iss = input.issuer\n    } else if (input.holder) {\n      iss = input.holder\n    } else {\n      iss = ''\n    }\n    if (typeof iss !== 'string') iss = iss.id ?? ''\n    return !!options.removeParameters ? removeDIDParameters(iss) : iss\n  }\n}\n\n/**\n * Remove all DID parameters from a DID url after the query part (?)\n *\n * @param did - the DID URL\n *\n * @beta This API may change without a BREAKING CHANGE notice.\n */\nexport function removeDIDParameters(did: string): string {\n  return did.replace(/\\?.*$/, '')\n}\n\nexport async function pickSigningKey(\n  { identifier, kmsKeyRef }: { identifier: IIdentifier; kmsKeyRef?: string },\n  context: IAgentContext<IResolver & IDIDManager>,\n): Promise<_ExtendedIKey> {\n  const key = await getKey({ identifier, vmRelationship: 'assertionMethod', kmsKeyRef: kmsKeyRef }, context)\n  return key\n}\n\nexport async function isRevoked(credential: VerifiableCredential, context: IAgentContext<ICredentialStatusVerifier>): Promise<boolean> {\n  if (!credential.credentialStatus) return false\n\n  if (typeof context.agent.checkCredentialStatus === 'function') {\n    const status = await context.agent.checkCredentialStatus({ credential })\n    return status?.revoked == true || status?.verified === false\n  }\n\n  throw new Error(`invalid_setup: The credential status can't be verified because there is no ICredentialStatusVerifier plugin installed.`)\n}\n\nexport function preProcessCredentialPayload({ credential, now = new Date() }: { credential: CredentialPayload; now?: number | Date }) {\n  const credentialContext = addVcdmContextIfNeeded(credential?.['@context'])\n  const isVdcm1 = isVcdm1Credential(credential)\n  const isVdcm2 = isVcdm2Credential(credential)\n  const credentialType = processEntryToArray(credential?.type, 'VerifiableCredential')\n  let issuanceDate = credential?.validFrom ?? credential?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  let expirationDate = credential?.validUntil ?? credential?.expirationDate\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const credentialPayload: CredentialPayload = {\n    ...credential,\n    '@context': credentialContext,\n    type: credentialType,\n    ...(isVdcm1 && { issuanceDate }),\n    ...(isVdcm1 && expirationDate && { expirationDate }),\n    ...(isVdcm2 && { validFrom: issuanceDate }),\n    ...(isVdcm2 && expirationDate && { validUntil: expirationDate }),\n  }\n  if (isVdcm1) {\n    delete credentialPayload.validFrom\n    delete credentialPayload.validUntil\n  } else if (isVdcm2) {\n    delete credentialPayload.issuanceDate\n    delete credentialPayload.expirationDate\n  }\n\n  // debug(JSON.stringify(credentialPayload))\n\n  const issuer = extractIssuer(credentialPayload, { removeParameters: true })\n  if (!issuer || typeof issuer === 'undefined') {\n    throw new Error('invalid_argument: args.credential.issuer must not be empty')\n  }\n  return { credential: credentialPayload, issuer, now }\n}\n\nexport function preProcessPresentation(args: ICreateVerifiablePresentationLDArgs) {\n  const { presentation, now = new Date() } = args\n  const credentials = presentation?.verifiableCredential ?? []\n  const v1Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V1))\n    ? VCDM_CREDENTIAL_CONTEXT_V1\n    : undefined\n  const v2Credential = credentials.find((cred) => typeof cred === 'object' && cred['@context'].includes(VCDM_CREDENTIAL_CONTEXT_V2))\n    ? VCDM_CREDENTIAL_CONTEXT_V2\n    : undefined\n  const presentationContext = addVcdmContextIfNeeded(\n    args?.presentation?.['@context'] ?? [],\n    v2Credential ?? v1Credential ?? VCDM_CREDENTIAL_CONTEXT_V2,\n  )\n  const presentationType = processEntryToArray(args?.presentation?.type, 'VerifiablePresentation')\n\n  let issuanceDate = presentation?.validFrom ?? presentation?.issuanceDate ?? (typeof now === 'number' ? new Date(now) : now).toISOString()\n  if (issuanceDate instanceof Date) {\n    issuanceDate = issuanceDate.toISOString()\n  }\n  const presentationPayload: PresentationPayload = {\n    ...presentation,\n    '@context': presentationContext,\n    type: presentationType,\n    ...(v1Credential && { issuanceDate }), // V1 only for JWT, but we remove it in the jsonld processor anyway\n    ...(v2Credential && { validFrom: issuanceDate }),\n  }\n  // Workaround for bug in TypeError: Cannot read property 'length' of undefined\n  //     at VeramoEd25519Signature2018.preSigningPresModification\n  /*if (!presentation.verifier) {\n        presentation.verifier = []\n      }*/\n\n  if (!isDefined(presentationPayload.holder) || !presentationPayload.holder) {\n    throw new Error('invalid_argument: args.presentation.holderDID must not be empty')\n  }\n  if (presentationPayload.verifiableCredential) {\n    presentationPayload.verifiableCredential = presentationPayload.verifiableCredential.map((cred) => {\n      // map JWT credentials to their canonical form\n      if (typeof cred !== 'string' && cred.proof.jwt) {\n        return cred.proof.jwt\n      } else {\n        return cred\n      }\n    })\n  }\n  return { presentation: presentationPayload, holder: removeDIDParameters(presentationPayload.holder) }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;uBAAAA;EAAA;;;;;;;;;ACCA,6BAAgD;AAChD,mBAAmF;AAEnF,wBAKO;AAEP,kBAA6B;AAC7B,mBAAkB;AAElB,IAAMC,YAAQC,aAAAA,SAAM,+BAAA;AAOb,IAAMC,eAAe;;EAE1BC,IAAI;;EAEJC,IAAI;AACN;AAsBO,IAAMC,oBAAN,cAAgCC,8CAAAA;EA/CvC,OA+CuCA;;;EACrC,MAAMC,OAAOC,SAAkBC,SAAqC;AAClE,UAAMC,OAAOF,QAAQG,gBAAe;AAKpC,QAAID,MAAME,SAAS,SAASJ,QAAQK,KAAK;AACvC,YAAM,EAAEC,KAAI,IAAKN;AAEjB,UAAI;AACFO,8DAA+BD,IAAAA;AAG/Bd,cAAM,UAAUE,aAAaE,EAAE;AAC/B,cAAMY,mBAAeC,yCAAsBT,QAAQK,GAAG;AACtD,cAAMK,cAAcF,aAAaG;AAEjCX,gBAAQY,SAAKC,+BAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAC5Bf,gBAAQgB,KAAKR,aAAaS,WAAW,CAAA;AAErC,YAAIT,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAEAlB,gBAAQoB,YAAYZ,aAAaa;AACjCrB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,cAAcA;AAEtB,eAAOV;MACT,SAASuB,GAAG;MAAC;AAEb,UAAI;AACFC,4DAA6BlB,IAAAA;AAE7Bd,cAAM,UAAUE,aAAaC,EAAE;AAC/B,cAAM8B,iBAAaC,uCAAoB1B,QAAQK,GAAG;AAElDL,gBAAQY,SAAKC,+BAAiBb,QAAQK,GAAG;AACzCL,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,OAAOW,WAAWE,OAAOf;AACjCZ,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,SAASuB,GAAG;MAAC;IACf;AAGA,QAAIvB,QAAQI,SAASV,aAAaC,MAAMK,QAAQM,MAAM;AAEpD,YAAMmB,aAAazB,QAAQM;AAE3B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMC,iBAAiB;QAAEN;MAAW,CAAA;AACjE,UAAII,OAAOG,UAAU;AACnBhC,gBAAQY,SAAKC,+BAAiBb,QAAQK,OAAOL,QAAQY,UAAMqB,YAAAA,IAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaC;AAC5BK,gBAAQc,WAAOoB,4BAAcT,UAAAA;AAC7BzB,gBAAQgB,KAAKS,WAAWG,kBAAkBhB;AAE1C,YAAIa,WAAWP,KAAK;AAClBlB,kBAAQmB,WAAWM,WAAWP;QAChC;AAEAlB,gBAAQoB,YAAYK,WAAWJ;AAC/BrB,gBAAQU,cAAc;UAACe;;AACvB,eAAOzB;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,QAAIA,QAAQI,SAASV,aAAaE,MAAMI,QAAQM,MAAM;AAEpD,YAAME,eAAeR,QAAQM;AAG7B,YAAMuB,SAAS,MAAM5B,QAAQ6B,MAAMO,mBAAmB;QACpD7B;;QAEA8B,WAAW;QACXC,QAAQ;MACV,CAAA;AACA,UAAIV,OAAOG,UAAU;AACnBhC,gBAAQY,SAAKC,+BAAiBb,QAAQK,OAAOL,QAAQY,UAAMqB,YAAAA,IAAAA,CAAAA;AAC3DjC,gBAAQI,OAAOV,aAAaE;AAC5BI,gBAAQc,OAAON,aAAaO;AAG5B,YAAIP,aAAaU,KAAK;AACpBlB,kBAAQmB,WAAWX,aAAaU;QAClC;AAGAlB,gBAAQsB,gBAAgB;UAACd;;AACzBR,gBAAQU,kBAAc8B,sBAAQhC,aAAaG,oBAAoB,EAAE8B,IAAIC,qCAAAA;AACrE,eAAO1C;MACT,OAAO;AACL,cAAM,IAAImC,MAAMN,OAAOO,OAAOpC,OAAAA;MAChC;IACF;AAEA,WAAO,MAAMD,OAAOC,SAASC,OAAAA;EAC/B;AACF;;;AC/JA,qBAAoF;AACpF,IAAA0C,oBAOO;AAEP,kBAAuB;AACvB,IAAAC,gBAAkB;;;ACElB,IAAAC,gBAA8D;AAC9D,qBAA0B;AAC1B,uBAMO;AAEP,yBAAuB;AAYhB,SAASC,eACdC,OACAC,UAA0C,CAAC,GAAC;AAE5C,MAAI,KAACC,yBAAUF,KAAAA,GAAQ;AACrB,WAAO;EACT,WAAW,OAAOA,UAAU,UAAU;AAEpC,QAAI;AACF,YAAM,EAAEG,QAAO,QAAKC,0BAAUJ,MAAMK,MAAM,GAAG,EAAE,CAAA,CAAE;AACjD,YAAMC,MAAMH,QAAQG,OAAO;AAC3B,aAAO,CAAC,CAACL,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;IACjE,SAASG,GAAQ;AACf,aAAO;IACT;EACF,OAAO;AAEL,QAAIH;AACJ,QAAIN,MAAMU,QAAQ;AAChBJ,YAAMN,MAAMU;IACd,WAAWV,MAAMW,QAAQ;AACvBL,YAAMN,MAAMW;IACd,OAAO;AACLL,YAAM;IACR;AACA,QAAI,OAAOA,QAAQ,SAAUA,OAAMA,IAAIM,MAAM;AAC7C,WAAO,CAAC,CAACX,QAAQM,mBAAmBC,oBAAoBF,GAAAA,IAAOA;EACjE;AACF;AA5BgBP,OAAAA,gBAAAA;AAqCT,SAASS,oBAAoBK,KAAW;AAC7C,SAAOA,IAAIC,QAAQ,SAAS,EAAA;AAC9B;AAFgBN;AAIhB,eAAsBO,eACpB,EAAEC,YAAYC,UAAS,GACvBC,SAA+C;AAE/C,QAAMC,MAAM,UAAMC,2BAAO;IAAEJ;IAAYK,gBAAgB;IAAmBJ;EAAqB,GAAGC,OAAAA;AAClG,SAAOC;AACT;AANsBJ;AAQtB,eAAsBO,UAAUC,YAAkCL,SAAiD;AACjH,MAAI,CAACK,WAAWC,iBAAkB,QAAO;AAEzC,MAAI,OAAON,QAAQO,MAAMC,0BAA0B,YAAY;AAC7D,UAAMC,SAAS,MAAMT,QAAQO,MAAMC,sBAAsB;MAAEH;IAAW,CAAA;AACtE,WAAOI,QAAQC,WAAW,QAAQD,QAAQE,aAAa;EACzD;AAEA,QAAM,IAAIC,MAAM,wHAAwH;AAC1I;AATsBR;AAWf,SAASS,4BAA4B,EAAER,YAAYS,MAAM,oBAAIC,KAAAA,EAAM,GAA0D;AAClI,QAAMC,wBAAoBC,yCAAuBZ,aAAa,UAAA,CAAW;AACzE,QAAMa,cAAUC,oCAAkBd,UAAAA;AAClC,QAAMe,cAAUC,oCAAkBhB,UAAAA;AAClC,QAAMiB,qBAAiBC,mCAAoBlB,YAAYmB,MAAM,sBAAA;AAC7D,MAAIC,eAAepB,YAAYqB,aAAarB,YAAYoB,iBAAiB,OAAOX,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKa,YAAW;AACnI,MAAIC,iBAAiBvB,YAAYwB,cAAcxB,YAAYuB;AAC3D,MAAIH,wBAAwBV,MAAM;AAChCU,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMG,oBAAuC;IAC3C,GAAGzB;IACH,YAAYW;IACZQ,MAAMF;IACN,GAAIJ,WAAW;MAAEO;IAAa;IAC9B,GAAIP,WAAWU,kBAAkB;MAAEA;IAAe;IAClD,GAAIR,WAAW;MAAEM,WAAWD;IAAa;IACzC,GAAIL,WAAWQ,kBAAkB;MAAEC,YAAYD;IAAe;EAChE;AACA,MAAIV,SAAS;AACX,WAAOY,kBAAkBJ;AACzB,WAAOI,kBAAkBD;EAC3B,WAAWT,SAAS;AAClB,WAAOU,kBAAkBL;AACzB,WAAOK,kBAAkBF;EAC3B;AAIA,QAAMpC,SAASX,eAAciD,mBAAmB;IAAEzC,kBAAkB;EAAK,CAAA;AACzE,MAAI,CAACG,UAAU,OAAOA,WAAW,aAAa;AAC5C,UAAM,IAAIoB,MAAM,4DAAA;EAClB;AACA,SAAO;IAAEP,YAAYyB;IAAmBtC;IAAQsB;EAAI;AACtD;AAlCgBD;AAoCT,SAASkB,uBAAuBC,MAAyC;AAC9E,QAAM,EAAEC,cAAcnB,MAAM,oBAAIC,KAAAA,EAAM,IAAKiB;AAC3C,QAAME,cAAcD,cAAcE,wBAAwB,CAAA;AAC1D,QAAMC,eAAeF,YAAYG,KAAK,CAACC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASC,2CAAAA,CAAAA,IAClGA,8CACAC;AACJ,QAAMC,eAAeR,YAAYG,KAAK,CAACC,SAAS,OAAOA,SAAS,YAAYA,KAAK,UAAA,EAAYC,SAASI,2CAAAA,CAAAA,IAClGA,8CACAF;AACJ,QAAMG,0BAAsB3B,yCAC1Be,MAAMC,eAAe,UAAA,KAAe,CAAA,GACpCS,gBAAgBN,gBAAgBO,2CAAAA;AAElC,QAAME,uBAAmBtB,mCAAoBS,MAAMC,cAAcT,MAAM,wBAAA;AAEvE,MAAIC,eAAeQ,cAAcP,aAAaO,cAAcR,iBAAiB,OAAOX,QAAQ,WAAW,IAAIC,KAAKD,GAAAA,IAAOA,KAAKa,YAAW;AACvI,MAAIF,wBAAwBV,MAAM;AAChCU,mBAAeA,aAAaE,YAAW;EACzC;AACA,QAAMmB,sBAA2C;IAC/C,GAAGb;IACH,YAAYW;IACZpB,MAAMqB;IACN,GAAIT,gBAAgB;MAAEX;IAAa;IACnC,GAAIiB,gBAAgB;MAAEhB,WAAWD;IAAa;EAChD;AAOA,MAAI,KAACzC,yBAAU8D,oBAAoBrD,MAAM,KAAK,CAACqD,oBAAoBrD,QAAQ;AACzE,UAAM,IAAImB,MAAM,iEAAA;EAClB;AACA,MAAIkC,oBAAoBX,sBAAsB;AAC5CW,wBAAoBX,uBAAuBW,oBAAoBX,qBAAqBY,IAAI,CAACT,SAAAA;AAEvF,UAAI,OAAOA,SAAS,YAAYA,KAAKU,MAAMC,KAAK;AAC9C,eAAOX,KAAKU,MAAMC;MACpB,OAAO;AACL,eAAOX;MACT;IACF,CAAA;EACF;AACA,SAAO;IAAEL,cAAca;IAAqBrD,QAAQH,oBAAoBwD,oBAAoBrD,MAAM;EAAE;AACtG;AA9CgBsC;;;AD1GhB,IAAMmB,aAAQC,cAAAA,SAAM,uBAAA;AAOb,IAAMC,uBAAN,MAAMA;EAhCb,OAgCaA;;;EACFC;EACAC,SAAS;IAChBC,YAAY;MACVC,SAAS;QACP,GAAGF,mBAAOG,kBAAkBF,WAAWC;QACvC,GAAGF,mBAAOI,oBAAoBH,WAAWC;MAC3C;MACAH,SAAS;QACP,GAAGC,mBAAOG,kBAAkBF,WAAWF;QACvC,GAAGC,mBAAOI,oBAAoBH,WAAWF;MAC3C;IACF;EACF;EACQM;EAER,YAAYC,SAAiD;AAC3D,SAAKD,UAAUC,QAAQD;AACvB,SAAKN,UAAU;MACbQ,wBAAwB,KAAKA,uBAAuBC,KAAK,IAAI;MAC7DC,4BAA4B,KAAKA,2BAA2BD,KAAK,IAAI;MACrEE,kBAAkB,KAAKA,iBAAiBF,KAAK,IAAI;MACjDG,8BAA8B,KAAKA,6BAA6BH,KAAK,IAAI;MACzEI,oBAAoB,KAAKA,mBAAmBJ,KAAK,IAAI;IACvD;EACF;EAEA,MAAMD,uBAAuBM,KAAkBC,SAAqD;AAClG,UAAMC,iBAA2B,CAAA;AACjC,UAAMC,OAAOH,IAAIG;AACjB,eAAWC,OAAOD,MAAM;AACtB,iBAAWE,UAAU,KAAKb,SAAS;AACjC,YAAIa,OAAOC,gBAAgBF,GAAAA,GAAM;AAC/BF,yBAAeK,KAAKF,OAAOG,mBAAkB,CAAA;QAC/C;MACF;IACF;AACA,WAAON;EACT;;EAGA,MAAMN,2BAA2Ba,MAAyCR,SAAmE;AAC3I,QAAI;MAAES;;IAAmE,IAAOD;AAChF,UAAM,EAAEE,YAAYN,QAAQO,IAAG,IAAKC,4BAA4BJ,IAAAA;AAEhE,QAAI;AACF,YAAMR,QAAQa,MAAMC,cAAc;QAAEf,KAAKK;MAAO,CAAA;IAClD,SAASW,GAAG;AACV,YAAM,IAAIC,MAAM,4EAA4ED,CAAAA,EAAG;IACjG;AACA,QAAI;AACF,qBAAeE,uBAAuB1B,SAAkC;AACtE,mBAAWa,WAAUb,SAAS;AAC5B,cAAIa,QAAOc,uBAAuB;YAAET;UAAY,CAAA,GAAI;AAClD,mBAAO,MAAML,QAAOT,2BAA2B;cAAE,GAAGa;cAAME;cAAYC;YAAI,GAAGX,OAAAA;UAC/E;QACF;AACA,cAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BlB,QAAQ4B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;MAEvJ;AATeJ;AAWf,YAAMK,uBAAuB,MAAML,uBAAuB,KAAK1B,OAAO;AACtE,aAAO+B;IACT,SAASC,OAAO;AACdzC,MAAAA,OAAMyC,KAAAA;AACN,aAAOC,QAAQC,OAAOF,KAAAA;IACxB;EACF;;EAGA,MAAM3B,iBAAiBY,MAAiCR,SAA4D;AAClH,QAAI;MAAEU;MAAYgB;;IAA4B,IAAOlB;AACrD,QAAImB;AACJ,QAAIC;AAEJ,mBAAeC,wBAAwBtC,SAAkC;AACvE,iBAAWa,UAAUb,SAAS;AAC5B,YAAIa,OAAO0B,sBAAsB;UAAEC,UAAUrB;QAAsC,CAAA,GAAI;AACrF,iBAAON,OAAOR,iBAAiBY,MAAMR,OAAAA;QACvC;MACF;AACA,YAAMgC,UAAUC,mCAAiBC,oBAAoB1B,KAAKE,UAAU;AACpE,aAAOc,QAAQC,OACbT,MACE;mBACSmB,KAAKC,UAAUJ,QAAQK,IAAI,CAAA;iBACjCC,wBAAQN,QAAQO,KAAK,IAAI,CAAA,GAAIF,IAAAA,eAAmB9C,QAAQ4B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM,CAAA;IAG/G;AAdeQ;AAgBfD,yBAAqB,MAAMC,wBAAwB,KAAKtC,OAAO;AAC/DoC,yBAA2CjB;AAE3C,QAAIgB,UAAUc,qBAAqB,SAAU,MAAMC,UAAUd,oBAAoB3B,OAAAA,GAAkB;AACjG,YAAM0C,UAAUd,mBAAmBc;AACnC,YAAMC,sBAAwDC,MAAMC,QAAQH,OAAAA,IACxEA,QAAQ,CAAA,IACR;QACEhC;QACAoC,UAAU;QACVC,KAAK,CAAA;MACP;AACJ,YAAMC,SAAkC;QACtC,GAAGL;QACHjC;QACAoC,UAAU;QACVvB,OAAO;UACL0B,SAAS;UACTC,WAAW;QACb;QACAH,KAAK;aAAKJ,oBAAoBI,OAAO,CAAA;UAAK;YAAEI,IAAI;YAAqBC,OAAO;UAAM;;MACpF;AACAxB,2BAAqB;QACnB,GAAGA;QACHkB,UAAU;QACVvB,OAAOyB,OAAOzB;QACdmB,SAAS;UAACM;;MACZ;IACF;AAEA,WAAOpB;EACT;;EAGA,MAAM/B,6BAA6BW,MAA2CR,SAAqE;AACjJ,UAAM,EAAES,YAAW,IAAKD;AACxB,UAAM,EAAE6C,aAAY,IAAKC,uBAAuB9C,IAAAA;AAEhD,QAAI+C;AAEJ,mBAAeC,0BAA0BjE,SAAkC;AACzE,iBAAWa,UAAUb,SAAS;AAC5B,YAAIa,OAAOc,uBAAuB;UAAET;QAAY,CAAA,GAAI;AAClD,iBAAO,MAAML,OAAOP,6BAA6B;YAAE,GAAGW;YAAM6C;UAAa,GAAGrD,OAAAA;QAC9E;MACF;AACA,YAAM,IAAIgB,MACR,kEAAkEP,WAAAA,gBAA2BlB,QAAQ4B,IAAI,CAACC,MAAMA,EAAEb,mBAAkB,CAAA,EAAIc,KAAK,GAAA,CAAA,EAAM;IAEvJ;AATemC;AAWfD,6BAAyB,MAAMC,0BAA0B,KAAKjE,OAAO;AACrE,WAAOgE;EACT;;EAGA,MAAMzD,mBAAmBU,MAAiCR,SAA4D;AACpH,QAAI;MAAEqD;;IAAgF,IAAO7C;AAE7F,mBAAeiD,0BAA0BlE,SAAkC;AACzE,iBAAWa,UAAUb,SAAS;AAC5B,YAAIa,OAAO0B,sBAAsB;UAAEC,UAAUsB;QAA0C,CAAA,GAAI;AACzF,iBAAOjD,OAAON,mBAAmBU,MAAMR,OAAAA;QACzC;MACF;AACA,YAAM,IAAIgB,MAAM,gEAAA;IAClB;AAPeyC;AASf,UAAMT,SAAS,MAAMS,0BAA0B,KAAKlE,OAAO;AAC3D,WAAOyD;EACT;AACF;;;AFjLA,IAAMU,mBAAmBC;","names":["extractIssuer","debug","Debug","MessageTypes","vc","vp","W3cMessageHandler","AbstractMessageHandler","handle","message","context","meta","getLastMetaData","type","raw","data","validateJwtPresentationPayload","presentation","normalizePresentation","credentials","verifiableCredential","id","computeEntryHash","from","holder","to","verifier","tag","threadId","createdAt","issuanceDate","presentations","e","validateJwtCredentialPayload","credential","normalizeCredential","issuer","credentialSubject","result","agent","verifyCredential","verified","uuidv4","extractIssuer","Error","error","verifyPresentation","challenge","domain","asArray","map","decodeCredentialToObject","import_ssi_types","import_debug","import_utils","extractIssuer","input","options","isDefined","payload","decodeJWT","split","iss","removeParameters","removeDIDParameters","e","issuer","holder","id","did","replace","pickSigningKey","identifier","kmsKeyRef","context","key","getKey","vmRelationship","isRevoked","credential","credentialStatus","agent","checkCredentialStatus","status","revoked","verified","Error","preProcessCredentialPayload","now","Date","credentialContext","addVcdmContextIfNeeded","isVdcm1","isVcdm1Credential","isVdcm2","isVcdm2Credential","credentialType","processEntryToArray","type","issuanceDate","validFrom","toISOString","expirationDate","validUntil","credentialPayload","preProcessPresentation","args","presentation","credentials","verifiableCredential","v1Credential","find","cred","includes","VCDM_CREDENTIAL_CONTEXT_V1","undefined","v2Credential","VCDM_CREDENTIAL_CONTEXT_V2","presentationContext","presentationType","presentationPayload","map","proof","jwt","debug","Debug","VcdmCredentialPlugin","methods","schema","components","schemas","ICredentialIssuer","ICredentialVerifier","issuers","options","listUsableProofFormats","bind","createVerifiableCredential","verifyCredential","createVerifiablePresentation","verifyPresentation","did","context","signingOptions","keys","key","issuer","matchKeyForType","push","getTypeProofFormat","args","proofFormat","credential","now","preProcessCredentialPayload","agent","didManagerGet","e","Error","findAndIssueCredential","canIssueCredentialType","map","i","join","verifiableCredential","error","Promise","reject","policies","verifiedCredential","verificationResult","findAndVerifyCredential","canVerifyDocumentType","document","uniform","CredentialMapper","toUniformCredential","JSON","stringify","type","asArray","proof","credentialStatus","isRevoked","results","partialSingleResult","Array","isArray","verified","log","result","message","errorCode","id","valid","presentation","preProcessPresentation","verifiablePresentation","findAndCreatePresentation","findAndVerifyPresentation","CredentialIssuer","VcdmCredentialPlugin"]}