Merge remote-tracking branch 'origin/feature/DIIPv4' into feature/DIIPv4

Author: sanderPostma

packages/client/lib/__tests__/EBSIE2E.spec.test.ts

@@ -4,7 +4,7 @@ import { CredentialMapper } from '@sphereon/ssi-types'
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment
 //@ts-ignore
 import { from } from '@trust/keyto'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 import pkg from 'debug'
 const { debug: Debug } = pkg
 import { base64url, importJWK, JWK, SignJWT } from 'jose'

packages/client/lib/__tests__/MattrE2E.spec.test.ts

@@ -1,6 +1,6 @@
 import { Alg, Jwt } from '@sphereon/oid4vci-common'
 import { CredentialMapper } from '@sphereon/ssi-types'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 import { importJWK, JWK, SignJWT } from 'jose'
 import { describe, expect, it } from 'vitest'
 

packages/client/lib/__tests__/SphereonE2E.spec.test.ts

@@ -4,7 +4,7 @@ import { uuidv4 } from '@sphereon/oid4vc-common'
 import { Alg, Jwt, ProofOfPossessionCallbacks } from '@sphereon/oid4vci-common'
 import { CredentialMapper } from '@sphereon/ssi-types'
 import * as didts from '@transmute/did-key.js'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 import { importJWK, JWK, SignJWT } from 'jose'
 import { describe, expect, it } from 'vitest'
 

packages/client/lib/functions/CredentialOfferCommons.ts

@@ -6,7 +6,7 @@ import {
   PRE_AUTH_GRANT_LITERAL,
   UniformCredentialOfferRequest,
 } from '@sphereon/oid4vci-common'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 
 export function isUriEncoded(str: string): boolean {
   const pattern = /%[0-9A-F]{2}/i

packages/oid4vci-common/lib/functions/HttpUtils.ts

@@ -1,5 +1,5 @@
 import { Loggers } from '@sphereon/ssi-types'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 
 import { Encoding, OpenIDResponse } from '../types'
 

packages/siop-oid4vp/lib/__tests__/IT.spec.ts

@@ -1755,3 +1755,75 @@ describe.skip('RP and OP interaction should', () => {
     expect(resState?.status).toBe('error')
   })
 })
+
+
+describe('credential_sets tests', () => {
+  it('DCQL credential_sets: happy flow (single required option is satisfied)', () => {
+    const queryWithSet: DcqlQuery.Input = {
+      credentials: [
+        {
+          id: 'credA',
+          format: 'ldp_vc',
+          meta: {
+            type_values: [
+              ['https://www.w3.org/2018/credentials#VerifiableCredential'],
+              ['PermanentResidentCard']
+            ]
+          },
+          claims: [{ path: ['givenName'], values: ['JANE'] }]
+        }
+      ],
+      credential_sets: [
+        {
+          options: [['credA']],
+          required: true,
+          purpose: 'must include credA'
+        }
+      ]
+    }
+
+    const parsed = DcqlQuery.parse(queryWithSet)
+    DcqlQuery.validate(parsed) // validates structure + credential_sets references
+
+    const dcqlCredential: DcqlW3cVcCredential = {
+      credential_format: 'ldp_vc',
+      claims: (getVCs()[0].credentialSubject as { [x: string]: Json }),
+      type: getVCs()[0].type,
+      cryptographic_holder_binding: true
+    }
+
+    const result: DcqlQueryResult = DcqlQuery.query(parsed, [dcqlCredential])
+
+    // set is satisfied and matching_options should include ['credA']
+    expect(result.can_be_satisfied).toBe(true)
+    expect(result.credential_sets?.[0].matching_options).toEqual([['credA']])
+  })
+
+  it('DCQL credential_sets: invalid rule (references unknown credential id) fails validation', () => {
+    const queryWithBadSet: DcqlQuery.Input = {
+      credentials: [
+        {
+          id: 'credA',
+          format: 'ldp_vc',
+          meta: {
+            type_values: [
+              ['https://www.w3.org/2018/credentials#VerifiableCredential'],
+              ['PermanentResidentCard']
+            ]
+          },
+          claims: [{ path: ['givenName'], values: ['JANE'] }]
+        }
+      ],
+      credential_sets: [
+        {
+          // This option references a non-existent credential query id
+          options: [['does_not_exist']],
+          required: true
+        }
+      ]
+    }
+
+    const parsed = DcqlQuery.parse(queryWithBadSet)
+    expect(() => DcqlQuery.validate(parsed)).toThrowError(/Credential set contains undefined credential id/i)
+  })
+})

packages/siop-oid4vp/lib/__tests__/e2e/mattr.launchpad.spec.ts

@@ -3,7 +3,7 @@ import { PresentationSignCallBackParams } from '@sphereon/pex'
 import { W3CVerifiablePresentation } from '@sphereon/ssi-types'
 import { DcqlPresentation, DcqlQuery, DcqlQueryResult, DcqlW3cVcCredential } from 'dcql'
 import * as ed25519 from '@transmute/did-key-ed25519'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 import { DIDDocument, DIDResolutionResult } from 'did-resolver'
 import { importJWK, JWK, SignJWT } from 'jose'
 // eslint-disable-next-line @typescript-eslint/ban-ts-comment

packages/siop-oid4vp/lib/authorization-response/Dcql.ts

@@ -57,7 +57,7 @@ export class Dcql {
       opts: {
         hasher?: HasherSync
       },
-  ) => {
+  ) : DcqlPresentationResult.Output => {
     const dcqlPresentation = Object.fromEntries(
         // FIXME SSISDK-41
         Object.entries(extractDcqlPresentationFromDcqlVpToken(record, opts)).map(([queryId, p]) => {

packages/siop-oid4vp/lib/authorization-response/OpenID4VP.ts

@@ -13,7 +13,7 @@ import {DcqlPresentation, DcqlQuery} from 'dcql'
 import {verifyRevocation} from '../helpers'
 import {AuthorizationResponse} from './AuthorizationResponse'
 import {Dcql} from './Dcql'
-import {RevocationVerification, VerifiedOpenID4VPSubmission} from '../types'
+import {PresentationSubmission, RevocationVerification, VerifiedOpenID4VPSubmission} from '../types'
 import {VerifyAuthorizationResponseOpts,} from './types'
 
 export const extractNonceFromWrappedVerifiablePresentation = (wrappedVp: WrappedVerifiablePresentation): string | undefined => {
@@ -50,6 +50,7 @@ export const verifyPresentations = async (
   verifyOpts: VerifyAuthorizationResponseOpts,
 ): Promise<{ dcql: VerifiedOpenID4VPSubmission }> => {
   const dcqlQuery = DcqlQuery.parse(verifyOpts.dcqlQuery ?? authorizationResponse?.authorizationRequest.payload.dcql_query as DcqlQuery)
+  DcqlQuery.validate(dcqlQuery)
   const dcqlPresentation = extractDcqlPresentationFromDcqlVpToken(authorizationResponse.payload.vp_token as string, { hasher: verifyOpts.hasher })
 
   const wrappedPresentations = Object.values(dcqlPresentation)
@@ -59,7 +60,7 @@ export const verifyPresentations = async (
       ),
     )
 
-    await Dcql.assertValidDcqlPresentationResult(authorizationResponse.payload.vp_token as string, dcqlQuery, { hasher: verifyOpts.hasher })
+    const dcqlPresentationResult = await Dcql.assertValidDcqlPresentationResult(authorizationResponse.payload.vp_token as string, dcqlQuery, { hasher: verifyOpts.hasher })
 
     if (verifiedPresentations.some((verified) => !verified)) {
       const message = verifiedPresentations
@@ -95,13 +96,13 @@ export const verifyPresentations = async (
     }
   }
 
-  return { dcql: { nonce, presentation: dcqlPresentation, dcqlQuery } }
+  return { dcql: { nonce, presentation: dcqlPresentation, dcqlQuery , dcqlPresentationResult} }
 }
 
 export const extractDcqlPresentationFromDcqlVpToken = (
   vpToken: DcqlPresentation.Input | string,
   opts?: { hasher?: HasherSync },
-): { [credentialQueryId: string]: WrappedVerifiablePresentation } => {
+): PresentationSubmission => {
   return Object.fromEntries(
       Object.entries(DcqlPresentation.parse(vpToken)).map(([credentialQueryId, vp]) => [
         credentialQueryId,

packages/siop-oid4vp/lib/helpers/HttpUtils.ts

@@ -1,5 +1,5 @@
 import { Loggers } from '@sphereon/ssi-types'
-import { fetch } from 'cross-fetch'
+import fetch from 'cross-fetch'
 import { ContentType, SIOPErrors, SIOPResonse } from '../types'
 
 const logger = Loggers.DEFAULT.get('sphereon:siopv2:http')