feat: allow signing credential with local resolved DID. Especially ha…

…ndy for did:web that is not yet published/exposed

packages/oid4vci-issuer-rest-api/package.json

@@ -36,10 +36,10 @@
     "@sphereon/did-uni-client": "^0.6.0",
     "@sphereon/pex": "2.1.0",
     "@sphereon/pex-models": "^2.0.3",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.13.0",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.13.1-next.7",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.vc-handler-ld-local": "workspace:*",
     "@types/body-parser": "^1.19.2",

packages/oid4vci-issuer-store/package.json

@@ -15,7 +15,7 @@
   },
   "dependencies": {
     "@sphereon/oid4vci-common": "0.6.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.kv-store-temp": "workspace:*",
     "@types/uuid": "^9.0.1",
     "@veramo/core": "4.2.0",

packages/oid4vci-issuer/package.json

@@ -16,7 +16,7 @@
   "dependencies": {
     "@sphereon/oid4vci-common": "0.6.0",
     "@sphereon/oid4vci-issuer": "0.6.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-sdk.kv-store-temp": "workspace:*",
     "@sphereon/ssi-sdk.oid4vci-issuer-store": "workspace:*",

packages/oid4vci-issuer/src/functions.ts

@@ -12,7 +12,7 @@ import { IIssuerOptions, IRequiredContext } from './types/IOID4VCIIssuer'
 
 export function getJwtVerifyCallback({ verifyOpts }: { verifyOpts?: JWTVerifyOptions }, _context: IRequiredContext) {
   return async (args: { jwt: string; kid?: string }): Promise<JwtVerifyResult<DIDDocument>> => {
-    const resolver = getAgentResolver(_context, { uniresolverFallback: true })
+    const resolver = getAgentResolver(_context, { resolverResolution: true, uniresolverResolution: true, localResolution: true })
     verifyOpts = { ...verifyOpts, resolver: verifyOpts?.resolver } // Resolver seperately as that is a function
     if (!verifyOpts?.resolver || typeof verifyOpts?.resolver?.resolve !== 'function') {
       verifyOpts.resolver = resolver

packages/presentation-exchange/package.json

@@ -16,7 +16,7 @@
   "dependencies": {
     "@sphereon/pex": "2.1.0",
     "@sphereon/pex-models": "^2.0.3",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.kv-store-temp": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",
     "@veramo/core": "4.2.0"

packages/siopv2-oid4vp-op-auth/package.json

@@ -17,7 +17,7 @@
     "@sphereon/did-auth-siop": "0.3.2-unstable.8",
     "@sphereon/pex": "2.1.0",
     "@sphereon/pex-models": "2.0.2",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-sdk.presentation-exchange": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",

packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts

@@ -116,7 +116,9 @@ export class OpSession {
     return await (await this.getAuthorizationRequest()).authorizationRequest.mergedPayloads()
   }
   public async sendAuthorizationResponse(args: IOpsSendSiopAuthorizationResponseArgs): Promise<Response> {
-    const resolveOpts: ResolveOpts = this.options.resolveOpts ?? { resolver: new AgentDIDResolver(this.context, true) }
+    const resolveOpts: ResolveOpts = this.options.resolveOpts ?? {
+      resolver: new AgentDIDResolver(this.context, { uniresolverResolution: true, localResolution: true, resolverResolution: true }),
+    }
     if (!resolveOpts.subjectSyntaxTypesSupported || resolveOpts.subjectSyntaxTypesSupported.length === 0) {
       resolveOpts.subjectSyntaxTypesSupported = await this.getSupportedDIDMethods(true)
     }

packages/siopv2-oid4vp-op-auth/src/session/functions.ts

@@ -74,7 +74,12 @@ export async function createOPBuilder({
     .withExpiresIn(opOptions.expiresIn ?? 300)
     .withCheckLinkedDomain(opOptions.checkLinkedDomains ?? CheckLinkedDomain.IF_PRESENT)
     .withCustomResolver(
-      opOptions.resolveOpts?.resolver ?? new AgentDIDResolver(context, opOptions.resolveOpts?.noUniversalResolverFallback !== false)
+      opOptions.resolveOpts?.resolver ??
+        new AgentDIDResolver(context, {
+          uniresolverResolution: opOptions.resolveOpts?.noUniversalResolverFallback !== true,
+          localResolution: true,
+          resolverResolution: true,
+        })
     )
     .withEventEmitter(eventEmitter)
     .withRegistration({

packages/siopv2-oid4vp-rp-auth/package.json

@@ -16,7 +16,7 @@
   "dependencies": {
     "@sphereon/did-auth-siop": "0.3.2-unstable.8",
     "@sphereon/pex": "2.1.0",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-sdk.kv-store-temp": "workspace:*",
     "@sphereon/ssi-sdk.presentation-exchange": "workspace:*",

packages/siopv2-oid4vp-rp-auth/src/agent/SIOPv2RP.ts

@@ -53,7 +53,7 @@ export class SIOPv2RP implements IAgentPlugin {
     if (!this.opts.defaultOpts.didOpts.resolveOpts?.resolver || typeof this.opts.defaultOpts.didOpts.resolveOpts.resolver.resolve !== 'function') {
       this.opts.defaultOpts.didOpts.resolveOpts = {
         ...this.opts.defaultOpts.didOpts.resolveOpts,
-        resolver: getAgentResolver(context, { uniresolverFallback: true }),
+        resolver: getAgentResolver(context, { uniresolverResolution: true, resolverResolution: true, localResolution: true }),
       }
     }
   }
@@ -184,7 +184,11 @@ export class SIOPv2RP implements IAgentPlugin {
         rpOpts.didOpts = { ...rpOpts.didOpts }
         rpOpts.didOpts.resolveOpts = { ...rpOpts.didOpts.resolveOpts }
         console.log('Using agent DID resolver for RP instance with definition id ' + args.definitionId)
-        rpOpts.didOpts.resolveOpts.resolver = getAgentResolver(context, { uniresolverFallback: true })
+        rpOpts.didOpts.resolveOpts.resolver = getAgentResolver(context, {
+          uniresolverResolution: true,
+          localResolution: true,
+          resolverResolution: true,
+        })
       }
 
       /*const definition = args.definition ?? (definitionId ? await context.agent.pexStoreGetDefinition({
@@ -229,7 +233,9 @@ export class SIOPv2RP implements IAgentPlugin {
       if (!options.didOpts.resolveOpts || typeof options.didOpts.resolveOpts.resolver?.resolve !== 'function') {
         options.didOpts.resolveOpts = {
           ...this.opts.defaultOpts.didOpts.resolveOpts,
-          resolver: this.opts.defaultOpts.didOpts?.resolveOpts?.resolver ?? getAgentResolver(context, { uniresolverFallback: true }),
+          resolver:
+            this.opts.defaultOpts.didOpts?.resolveOpts?.resolver ??
+            getAgentResolver(context, { localResolution: true, resolverResolution: true, uniresolverResolution: true }),
         }
       }
     }

packages/siopv2-oid4vp-rp-auth/src/functions.ts

@@ -105,7 +105,8 @@ export async function createRPBuilder(args: {
     .withResponseMode(rpOpts.responseMode ?? ResponseMode.POST)
     .withResponseType(ResponseType.ID_TOKEN, PropertyTarget.REQUEST_OBJECT)
     .withCustomResolver(
-      rpOpts.didOpts.resolveOpts?.resolver ?? new AgentDIDResolver(context, rpOpts.didOpts.resolveOpts?.noUniversalResolverFallback !== false)
+      rpOpts.didOpts.resolveOpts?.resolver ??
+        new AgentDIDResolver(context, { uniresolverResolution: rpOpts.didOpts.resolveOpts?.noUniversalResolverFallback !== true })
     )
     .withClientId(did, PropertyTarget.REQUEST_OBJECT)
     // todo: move to options fill/correct method

packages/siopv2-oid4vp-rp-rest-api/package.json

@@ -42,7 +42,7 @@
     "@sphereon/did-uni-client": "^0.6.0",
     "@sphereon/pex": "2.1.0",
     "@sphereon/pex-models": "^2.0.3",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.1-next.7",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.vc-handler-ld-local": "workspace:*",
     "@types/body-parser": "^1.19.2",

packages/uni-resolver-registrar-api/package.json

@@ -11,9 +11,9 @@
     "start:dev": "ts-node __tests__/agent.ts"
   },
   "dependencies": {
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-express-support": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",
@@ -30,8 +30,8 @@
   },
   "devDependencies": {
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.0",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.13.1-next.7",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.vc-handler-ld-local": "workspace:*",
     "@types/body-parser": "^1.19.2",

packages/vc-handler-ld-local/package.json

@@ -25,19 +25,19 @@
     "@mattrglobal/jsonld-signatures-bbs": "^1.1.1",
     "@sphereon/ed25519-signature-2018": "0.7.0-unstable.6",
     "@sphereon/isomorphic-webcrypto": "^2.4.0-unstable.4",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-utils": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.key-utils": "0.13.1-next.7",
     "@sphereon/ssi-sdk.core": "workspace:*",
     "@sphereon/ssi-types": "workspace:*",
-    "@transmute/ed25519-key-pair": "0.7.0-unstable.80",
-    "@transmute/jose-ld": "0.7.0-unstable.80",
-    "@transmute/json-web-signature": "0.7.0-unstable.80",
-    "@transmute/jsonld": "^0.0.4",
-    "@transmute/jsonld-document-loader": "^0.7.0-unstable.80",
-    "@transmute/secp256k1-key-pair": "0.7.0-unstable.80",
-    "@transmute/security-context": "0.7.0-unstable.80",
-    "@transmute/vc-status-rl-2020": "0.7.0-unstable.80",
-    "@transmute/web-crypto-key-pair": "0.7.0-unstable.80",
+    "@transmute/ed25519-key-pair": "0.7.0-unstable.81",
+    "@transmute/jose-ld": "0.7.0-unstable.81",
+    "@transmute/json-web-signature": "0.7.0-unstable.81",
+    "@transmute/jsonld": "^0.1.0",
+    "@transmute/jsonld-document-loader": "^0.7.0-unstable.81",
+    "@transmute/secp256k1-key-pair": "0.7.0-unstable.81",
+    "@transmute/security-context": "0.7.0-unstable.81",
+    "@transmute/vc-status-rl-2020": "0.7.0-unstable.81",
+    "@transmute/web-crypto-key-pair": "0.7.0-unstable.81",
     "@veramo/core": "4.2.0",
     "@veramo/utils": "4.2.0",
     "credentials-context": "^2.0.0",
@@ -51,10 +51,10 @@
   },
   "devDependencies": {
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-provider-key": "0.13.0",
-    "@sphereon/ssi-sdk-ext.did-provider-lto": "0.13.0",
-    "@sphereon/ssi-sdk-ext.key-manager": "0.13.0",
-    "@sphereon/ssi-sdk-ext.kms-local": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-provider-key": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.did-provider-lto": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.key-manager": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.kms-local": "0.13.1-next.7",
     "@sphereon/ssi-sdk.agent-config": "workspace:*",
     "@transmute/lds-ecdsa-secp256k1-recovery2020": "^0.0.7",
     "@types/nock": "^11.1.0",

packages/vc-handler-ld-local/src/agent/CredentialHandlerLDLocal.ts

@@ -1,5 +1,17 @@
+import { getAgentResolver, mapIdentifierKeysToDocWithJwkSupport } from '@sphereon/ssi-sdk-ext.did-utils'
 import { VerifiableCredentialSP, VerifiablePresentationSP } from '@sphereon/ssi-sdk.core'
-import { CredentialPayload, IAgentContext, IAgentPlugin, IIdentifier, IKey, IResolver, PresentationPayload } from '@veramo/core'
+import { IVerifyResult } from '@sphereon/ssi-types'
+import {
+  CredentialPayload,
+  DIDDocument,
+  IAgentContext,
+  IAgentPlugin,
+  IDIDManager,
+  IIdentifier,
+  IKey,
+  IResolver,
+  PresentationPayload,
+} from '@veramo/core'
 import { AbstractPrivateKeyStore } from '@veramo/key-manager'
 import { _ExtendedIKey, extractIssuer, isDefined, MANDATORY_CREDENTIAL_CONTEXT, OrPromise, processEntryToArray, RecordLike } from '@veramo/utils'
 import Debug from 'debug'
@@ -17,8 +29,6 @@ import {
   IVerifyCredentialLDArgs,
   IVerifyPresentationLDArgs,
 } from '../types'
-import { mapIdentifierKeysToDocWithJwkSupport } from '@sphereon/ssi-sdk-ext.did-utils'
-import { IVerifyResult } from '@sphereon/ssi-types'
 
 const debug = Debug('sphereon:ssi-sdk:ld-credential-module-local')
 
@@ -104,7 +114,7 @@ export class CredentialHandlerLDLocal implements IAgentPlugin {
     }
     try {
       const { managedKey, verificationMethod } = await this.getSigningKey(identifier, args.keyRef)
-      const { signingKey, verificationMethodId } = await this.findSigningKeyWithId(context, identifier, args.keyRef)
+      const { signingKey, verificationMethodId } = await this.findSigningKeyWithId(context, identifier, { keyRef: args.keyRef })
       return await this.ldCredentialModule.issueLDVerifiableCredential(
         credential,
         identifier.did,
@@ -180,7 +190,7 @@ export class CredentialHandlerLDLocal implements IAgentPlugin {
     }
     try {
       const { managedKey, verificationMethod } = await this.getSigningKey(identifier, args.keyRef)
-      const { signingKey, verificationMethodId } = await this.findSigningKeyWithId(context, identifier, args.keyRef)
+      const { signingKey, verificationMethodId } = await this.findSigningKeyWithId(context, identifier, { keyRef: args.keyRef })
 
       return await this.ldCredentialModule.signLDVerifiablePresentation(
         presentation,
@@ -219,13 +229,21 @@ export class CredentialHandlerLDLocal implements IAgentPlugin {
   }
 
   private async findSigningKeyWithId(
-    context: IAgentContext<IResolver>,
+    context: IAgentContext<IResolver & IDIDManager>,
     identifier: IIdentifier,
-    keyRef?: string
+    opts?: {
+      keyRef?: string
+      didDocument?: DIDDocument
+    }
   ): Promise<{ signingKey: IKey; verificationMethodId: string }> {
+    const keyRef = opts?.keyRef
     debug(`Retrieving signing key for id ${identifier.did} keyref ${keyRef}...`)
-    // @ts-ignore
-    const extendedKeys: _ExtendedIKey[] = await mapIdentifierKeysToDocWithJwkSupport(identifier, 'verificationMethod', context)
+    const didDocument =
+      opts?.didDocument ??
+      (await getAgentResolver(context)
+        .resolve(identifier.did)
+        .then((result) => result.didDocument ?? undefined))
+    const extendedKeys: _ExtendedIKey[] = await mapIdentifierKeysToDocWithJwkSupport(identifier, 'verificationMethod', context, didDocument)
     const supportedTypes = this.ldCredentialModule.ldSuiteLoader.getAllSignatureSuiteTypes()
     let signingKey: _ExtendedIKey | undefined
     if (keyRef) {

packages/vc-handler-ld-local/src/types/types.ts

@@ -163,7 +163,7 @@ export interface IVerifyPresentationLDArgs {
  *
  * @beta This API is likely to change without a BREAKING CHANGE notice
  */
-export type IRequiredContext = IAgentContext<IResolver & Pick<IDIDManager, 'didManagerGet'> & Pick<IKeyManager, 'keyManagerGet' | 'keyManagerSign'>>
+export type IRequiredContext = IAgentContext<IResolver & IDIDManager & Pick<IKeyManager, 'keyManagerGet' | 'keyManagerSign'>>
 
 export type ContextDoc = {
   '@context': string | Record<string, any>

packages/w3c-vc-api/package.json

@@ -32,8 +32,8 @@
   },
   "devDependencies": {
     "@sphereon/did-uni-client": "^0.6.0",
-    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.0",
-    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.13.0",
+    "@sphereon/ssi-sdk-ext.did-provider-jwk": "0.13.1-next.7",
+    "@sphereon/ssi-sdk-ext.did-resolver-jwk": "0.13.1-next.7",
     "@sphereon/ssi-sdk.data-store": "workspace:*",
     "@sphereon/ssi-sdk.vc-handler-ld-local": "workspace:*",
     "@types/body-parser": "^1.19.2",