openid4vp alpha

.changeset/brave-cars-deny.md

@@ -0,0 +1,5 @@
+---
+'@credo-ts/core': minor
+---
+
+`createDeviceResponse` now returns bytes and not base64 encoded bytes

.changeset/cool-pets-grab.md

@@ -0,0 +1,9 @@
+---
+'@credo-ts/anoncreds': minor
+'@credo-ts/askar': minor
+'@credo-ts/core': minor
+---
+
+- Rely on Uint8Array instead of Buffer for internal key bytes representation
+- Remove dependency on external Big Number libraries
+- Default to use of uncompressed keys for Secp256k1, Secp256r1, Secp384r1 and Secp521r1

.changeset/cuddly-jobs-learn.md

@@ -0,0 +1,5 @@
+---
+'@credo-ts/openid4vc': minor
+---
+
+fix: typo statefull -> stateful in configuration of OpenID4VCI module

.changeset/cyan-parents-relax.md

@@ -0,0 +1,9 @@
+---
+'@credo-ts/anoncreds': patch
+'@credo-ts/askar': patch
+'@credo-ts/core': patch
+---
+
+- Remove usage of Big Number libraries and rely on native implementations
+- By default rely on uncompressed keys instead of compressed (for P256, P384, P521 and K256)
+- Utilze Uint8Array more instead of Buffer (i.e. for internally representing a key)

.changeset/eleven-deers-rush.md

@@ -0,0 +1,5 @@
+---
+'@credo-ts/core': minor
+---
+
+refactor: split async `getData` method on x509 certificate to sync `.data` getter and async `getThumbprint` method

.changeset/hungry-singers-grin.md

@@ -0,0 +1,5 @@
+---
+'@credo-ts/openid4vc': minor
+---
+
+feat(openid4vc): openid4vp alpha

.changeset/nice-laws-kneel.md

@@ -0,0 +1,5 @@
+---
+'@credo-ts/openid4vc': minor
+---
+
+feat(openid4vc): add support for new dcql query syntax for oid4vp

.changeset/serious-rivers-clap.md

@@ -0,0 +1,6 @@
+---
+'@credo-ts/askar': patch
+'@credo-ts/core': patch
+---
+
+feat: support A128CBC-HS256 encryption algorithm for JWE

.changeset/smooth-balloons-breathe.md

@@ -0,0 +1,6 @@
+---
+'@credo-ts/indy-sdk-to-askar-migration': minor
+'@credo-ts/askar': minor
+---
+
+- depend on @openwallet-foundation/askar instead of @hyperledger/aries-askar

.changeset/tame-stringrays-wash.md

@@ -0,0 +1,5 @@
+---
+'@credo-ts/core': patch
+---
+
+feat: add `claimFormat` to `Mdoc`, `MdocDeviceResponse` and `SdJwtVc` to allow for easier type narrowing

.changeset/wet-pianos-walk.md

@@ -0,0 +1,7 @@
+---
+"@credo-ts/cheqd": patch
+---
+
+fix(cheqd): cheqd revocationRegistryDefinition resource name
+
+Creating two revocation registries with same name would lead to updating the resource. Adding credential definition tag in the resource name fixes this issue

.github/workflows/continuous-integration.yml

@@ -17,7 +17,7 @@ env:
 # "When concurrency is specified at the job level, order is not guaranteed for jobs or runs that queue within 5 minutes of each other."
 concurrency:
   # Cancel previous runs that are not completed yet
-  group: ${{ github.workflow }}-${{ github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
   cancel-in-progress: true
 
 jobs:

demo-openid/package.json

@@ -17,9 +17,9 @@
   },
   "dependencies": {
     "@hyperledger/anoncreds-nodejs": "^0.2.2",
-    "@hyperledger/aries-askar-nodejs": "^0.2.3",
     "@hyperledger/indy-vdr-nodejs": "^0.2.2",
     "@koa/bodyparser": "^5.1.1",
+    "@openwallet-foundation/askar-nodejs": "^0.3.1",
     "express": "^4.18.1",
     "inquirer": "^8.2.5",
     "jose": "^5.3.0",

demo-openid/src/Holder.ts

@@ -1,10 +1,13 @@
-import type { OpenId4VciResolvedCredentialOffer, OpenId4VcSiopResolvedAuthorizationRequest } from '@credo-ts/openid4vc'
+import type {
+  OpenId4VciMetadata,
+  OpenId4VciResolvedCredentialOffer,
+  OpenId4VcSiopResolvedAuthorizationRequest,
+} from '@credo-ts/openid4vc'
 
 import { AskarModule } from '@credo-ts/askar'
 import {
   W3cJwtVerifiableCredential,
   W3cJsonLdVerifiableCredential,
-  DifPresentationExchangeService,
   Mdoc,
   DidKey,
   DidJwk,
@@ -17,14 +20,14 @@ import {
   OpenId4VciAuthorizationFlow,
   preAuthorizedCodeGrantIdentifier,
 } from '@credo-ts/openid4vc'
-import { ariesAskar } from '@hyperledger/aries-askar-nodejs'
+import { askar } from '@openwallet-foundation/askar-nodejs'
 
 import { BaseAgent } from './BaseAgent'
 import { greenText, Output } from './OutputClass'
 
 function getOpenIdHolderModules() {
   return {
-    askar: new AskarModule({ ariesAskar }),
+    askar: new AskarModule({ askar }),
     openId4VcHolder: new OpenId4VcHolderModule(),
     x509: new X509Module({
       getTrustedCertificatesForVerification: (agentContext, { certificateChain, verification }) => {
@@ -64,7 +67,7 @@ export class Holder extends BaseAgent<ReturnType<typeof getOpenIdHolderModules>>
     return await this.agent.modules.openId4VcHolder.resolveCredentialOffer(credentialOffer)
   }
 
-  public async resolveIssuerMetadata(credentialIssuer: string) {
+  public async resolveIssuerMetadata(credentialIssuer: string): Promise<OpenId4VciMetadata> {
     return await this.agent.modules.openId4VcHolder.resolveIssuerMetadata(credentialIssuer)
   }
 
@@ -192,21 +195,27 @@ export class Holder extends BaseAgent<ReturnType<typeof getOpenIdHolderModules>>
   }
 
   public async acceptPresentationRequest(resolvedPresentationRequest: OpenId4VcSiopResolvedAuthorizationRequest) {
-    const presentationExchangeService = this.agent.dependencyManager.resolve(DifPresentationExchangeService)
-
-    if (!resolvedPresentationRequest.presentationExchange) {
-      throw new Error('Missing presentation exchange on resolved authorization request')
+    if (!resolvedPresentationRequest.presentationExchange && !resolvedPresentationRequest.dcql) {
+      throw new Error('Missing presentation exchange or dcql on resolved authorization request')
     }
 
     const submissionResult = await this.agent.modules.openId4VcHolder.acceptSiopAuthorizationRequest({
       authorizationRequest: resolvedPresentationRequest.authorizationRequest,
-      presentationExchange: {
-        credentials: presentationExchangeService.selectCredentialsForRequest(
-          resolvedPresentationRequest.presentationExchange.credentialsForRequest
-        ),
-      },
+      presentationExchange: resolvedPresentationRequest.presentationExchange
+        ? {
+            credentials: this.agent.modules.openId4VcHolder.selectCredentialsForPresentationExchangeRequest(
+              resolvedPresentationRequest.presentationExchange.credentialsForRequest
+            ),
+          }
+        : undefined,
+      dcql: resolvedPresentationRequest.dcql
+        ? {
+            credentials: this.agent.modules.openId4VcHolder.selectCredentialsForDcqlRequest(
+              resolvedPresentationRequest.dcql.queryResult
+            ),
+          }
+        : undefined,
     })
-
     return submissionResult.serverResponse
   }
 

demo-openid/src/HolderInquirer.ts

@@ -5,7 +5,7 @@ import type {
   OpenId4VciResolvedCredentialOffer,
 } from '@credo-ts/openid4vc'
 
-import { DifPresentationExchangeService, Mdoc } from '@credo-ts/core'
+import { Mdoc } from '@credo-ts/core'
 import { preAuthorizedCodeGrantIdentifier } from '@credo-ts/openid4vc'
 import console, { clear } from 'console'
 import { textSync } from 'figlet'
@@ -217,24 +217,47 @@ export class HolderInquirer extends BaseInquirer {
     const proofRequestUri = await this.inquireInput('Enter proof request: ')
     this.resolvedPresentationRequest = await this.holder.resolveProofRequest(proofRequestUri)
 
-    const presentationDefinition = this.resolvedPresentationRequest?.presentationExchange?.definition
-    console.log(greenText(`Presentation Purpose: '${presentationDefinition?.purpose}'`))
-
-    if (this.resolvedPresentationRequest?.presentationExchange?.credentialsForRequest.areRequirementsSatisfied) {
-      const selectedCredentials = Object.values(
-        this.holder.agent.dependencyManager
-          .resolve(DifPresentationExchangeService)
-          .selectCredentialsForRequest(this.resolvedPresentationRequest.presentationExchange.credentialsForRequest)
-      ).flatMap((e) => e)
+    if (this.resolvedPresentationRequest.presentationExchange) {
+      const presentationDefinition = this.resolvedPresentationRequest.presentationExchange.definition
       console.log(
-        greenText(
-          `All requirements for creating the presentation are satisfied. The following credentials will be shared`,
-          true
-        )
+        greenText(`Received DIF Presentation Exchange request with purpose: '${presentationDefinition.purpose}'`)
       )
-      selectedCredentials.forEach(this.printCredential)
-    } else {
-      console.log(redText(`No credentials available that satisfy the proof request.`))
+
+      if (this.resolvedPresentationRequest.presentationExchange.credentialsForRequest.areRequirementsSatisfied) {
+        const selectedCredentials = Object.values(
+          this.holder.agent.modules.openId4VcHolder.selectCredentialsForPresentationExchangeRequest(
+            this.resolvedPresentationRequest.presentationExchange.credentialsForRequest
+          )
+        ).flatMap((e) => e)
+        console.log(
+          greenText(
+            `All requirements for creating the presentation are satisfied. The following credentials will be shared`,
+            true
+          )
+        )
+        selectedCredentials.forEach(this.printCredential)
+      } else {
+        console.log(redText(`No credentials available that satisfy the proof request.`))
+      }
+    } else if (this.resolvedPresentationRequest.dcql) {
+      console.log(greenText('Received DCQL request'))
+
+      if (this.resolvedPresentationRequest.dcql.queryResult.canBeSatisfied) {
+        const selectedCredentials = Object.values(
+          this.holder.agent.modules.openId4VcHolder.selectCredentialsForDcqlRequest(
+            this.resolvedPresentationRequest.dcql.queryResult
+          )
+        ).flatMap((e) => e.credentialRecord)
+        console.log(
+          greenText(
+            `All requirements for creating the presentation are satisfied. The following credentials will be shared`,
+            true
+          )
+        )
+        selectedCredentials.forEach(this.printCredential)
+      } else {
+        console.log(redText(`No credentials available that satisfy the proof request.`))
+      }
     }
   }
 

demo-openid/src/Issuer.ts

@@ -33,7 +33,7 @@ import {
   OpenId4VcVerifierModule,
   OpenId4VciCredentialFormatProfile,
 } from '@credo-ts/openid4vc'
-import { ariesAskar } from '@hyperledger/aries-askar-nodejs'
+import { askar } from '@openwallet-foundation/askar-nodejs'
 import { Router } from 'express'
 
 import { BaseAgent } from './BaseAgent'
@@ -206,7 +206,7 @@ export class Issuer extends BaseAgent<{
       port,
       name,
       modules: {
-        askar: new AskarModule({ ariesAskar }),
+        askar: new AskarModule({ askar }),
         openId4VcVerifier: new OpenId4VcVerifierModule({
           baseUrl: `${url}/oid4vp`,
           router: openId4VpRouter,