fix: improve dcql support

Author: auer-martin

packages/core/package.json

@@ -26,7 +26,7 @@
   },
   "dependencies": {
     "@digitalcredentials/jsonld": "^6.0.0",
-    "dcql": "^0.2.11",
+    "dcql": "^0.2.13",
     "@digitalcredentials/jsonld-signatures": "^9.4.0",
     "@digitalcredentials/vc": "^6.0.1",
     "@multiformats/base-x": "^4.0.1",

packages/core/src/modules/dcql/DcqlService.ts

@@ -1,6 +1,6 @@
 import type { AgentContext } from '../../agent'
 
-import { DcqlCredentialRepresentation, DcqlMdocRepresentation, DcqlQuery, DcqlSdJwtVcRepresentation } from 'dcql'
+import { DcqlCredential, DcqlMdocCredential, DcqlQuery, DcqlSdJwtVcCredential } from 'dcql'
 import { injectable } from 'tsyringe'
 
 import { JsonValue } from '../../types'
@@ -34,7 +34,7 @@ export class DcqlService {
    */
   private async queryCredentialsForDcqlQuery(
     agentContext: AgentContext,
-    dcqlQuery: DcqlQuery
+    dcqlQuery: DcqlQuery.Input
   ): Promise<Array<SdJwtVcRecord | W3cCredentialRecord | MdocRecord>> {
     const w3cCredentialRepository = agentContext.dependencyManager.resolve(W3cCredentialRepository)
 
@@ -47,47 +47,83 @@ export class DcqlService {
 
     const allRecords: Array<SdJwtVcRecord | W3cCredentialRecord | MdocRecord> = []
 
-    // query the wallet ourselves first to avoid the need to query the pex library for all
-    // credentials for every proof request
     const w3cCredentialRecords =
       formats.has('jwt_vc_json') || formats.has('jwt_vc_json-ld')
         ? await w3cCredentialRepository.getAll(agentContext)
         : []
     allRecords.push(...w3cCredentialRecords)
 
-    const sdJwtVcApi = this.getSdJwtVcApi(agentContext)
-    const sdJwtVcRecords = formats.has('vc+sd-jwt') ? await sdJwtVcApi.getAll() : []
-    allRecords.push(...sdJwtVcRecords)
+    // query the wallet ourselves first to avoid the need to query the pex library for all
+    // credentials for every proof request
+    const mdocDoctypes = dcqlQuery.credentials
+      .filter((credentialQuery) => credentialQuery.format === 'mso_mdoc')
+      .map((c) => c.meta?.doctype_value)
+    const allMdocCredentialQueriesSpecifyDoctype = mdocDoctypes.every((doctype) => doctype)
 
     const mdocApi = this.getMdocApi(agentContext)
-    const mdocRecords = formats.has('mso_mdoc') ? await mdocApi.getAll() : []
-    allRecords.push(...mdocRecords)
+    if (allMdocCredentialQueriesSpecifyDoctype) {
+      const mdocRecords = await mdocApi.findAllByQuery({
+        $or: mdocDoctypes.map((docType) => ({
+          docType: docType as string,
+        })),
+      })
+      allRecords.push(...mdocRecords)
+    } else {
+      const mdocRecords = await mdocApi.getAll()
+      allRecords.push(...mdocRecords)
+    }
+
+    // query the wallet ourselves first to avoid the need to query the pex library for all
+    // credentials for every proof request
+    const sdJwtVctValues = dcqlQuery.credentials
+      .filter((credentialQuery) => credentialQuery.format === 'vc+sd-jwt')
+      .flatMap((c) => c.meta?.vct_values)
+
+    const allSdJwtVcQueriesSpecifyDoctype = sdJwtVctValues.every((vct) => vct)
+
+    const sdJwtVcApi = this.getSdJwtVcApi(agentContext)
+    if (allSdJwtVcQueriesSpecifyDoctype) {
+      const sdjwtVcRecords = await sdJwtVcApi.findAllByQuery({
+        $or: sdJwtVctValues.map((vct) => ({
+          vct: vct as string,
+        })),
+      })
+      allRecords.push(...sdjwtVcRecords)
+    } else {
+      const sdJwtVcRecords = await sdJwtVcApi.getAll()
+      allRecords.push(...sdJwtVcRecords)
+    }
 
     return allRecords
   }
 
-  public async getCredentialsForRequest(agentContext: AgentContext, dcqlQuery: DcqlQuery): Promise<DcqlQueryResult> {
+  public async getCredentialsForRequest(
+    agentContext: AgentContext,
+    dcqlQuery: DcqlQuery.Input
+  ): Promise<DcqlQueryResult> {
     const credentialRecords = await this.queryCredentialsForDcqlQuery(agentContext, dcqlQuery)
 
-    const mappedCredentials: DcqlCredentialRepresentation[] = credentialRecords.map((record) => {
+    const dcqlCredentials: DcqlCredential[] = credentialRecords.map((record) => {
       if (record.type === 'MdocRecord') {
         return {
-          docType: record.getTags().docType,
+          credentialFormat: 'mso_mdoc',
+          doctype: record.getTags().docType,
           namespaces: Mdoc.fromBase64Url(record.base64Url).issuerSignedNamespaces,
-        } satisfies DcqlMdocRepresentation
+        } satisfies DcqlMdocCredential
       } else if (record.type === 'SdJwtVcRecord') {
         return {
+          credentialFormat: 'vc+sd-jwt',
           vct: record.getTags().vct,
           claims: this.getSdJwtVcApi(agentContext).fromCompact(record.compactSdJwtVc)
-            .prettyClaims as DcqlSdJwtVcRepresentation.Claims,
-        } satisfies DcqlSdJwtVcRepresentation
+            .prettyClaims as DcqlSdJwtVcCredential.Claims,
+        } satisfies DcqlSdJwtVcCredential
       } else {
         // TODO:
         throw new DcqlError('W3C credentials are not supported yet')
       }
     })
 
-    const queryResult = DcqlQuery.query(dcqlQuery, mappedCredentials)
+    const queryResult = DcqlQuery.query(DcqlQuery.parse(dcqlQuery), dcqlCredentials)
     const matchesWithRecord = Object.fromEntries(
       Object.entries(queryResult.credential_matches).map(([credential_query_id, result]) => {
         return [credential_query_id, { ...result, record: credentialRecords[result.credential_index] }]

packages/core/src/modules/dcql/models/index.ts

@@ -4,25 +4,31 @@ import type { MdocRecord } from '../../mdoc'
 import type { SdJwtVcRecord } from '../../sd-jwt-vc'
 import type { W3cCredentialRecord } from '../../vc'
 import type {
-  DcqlQueryResult as InternalDcqlQueryResult,
-  DcqlPresentationRecord as _DcqlPresentationRecord,
+  DcqlQueryResult as _DcqlQueryResult,
+  DcqlQuery as _DcqlQuery,
+  DcqlCredential as _DcqlCredential,
+  DcqlMdocCredential as _DcqlMdocCredential,
+  DcqlW3cVcCredential as _DcqlW3cVcCredential,
+  DcqlSdJwtVcCredential as _DcqlSdJwtVcCredential,
+  DcqlPresentation as _DcqlPresentation,
+  DcqlPresentationResult as _DcqlPresentationResult,
 } from 'dcql'
 
-export type {
-  DcqlQuery,
-  DcqlCredentialRepresentation,
-  DcqlMdocRepresentation,
-  DcqlSdJwtVcRepresentation,
-  DcqlPresentationQuery as DcqlPresentationQueryResult,
-} from 'dcql'
+export type DcqlQuery = _DcqlQuery.Input
+export type DcqlCredential = _DcqlCredential.Model['Input']
+export type DcqlMdocCredential = _DcqlMdocCredential.Model['Input']
+export type DcqlSdJwtVcCredential = _DcqlSdJwtVcCredential.Model['Input']
+export type DcqlW3cVcCredential = _DcqlW3cVcCredential.Model['Input']
 
-export type DcqlMatchWithRecord = InternalDcqlQueryResult.CredentialMatch & {
+export type DcqlMatchWithRecord = {
   record: W3cCredentialRecord | SdJwtVcRecord | MdocRecord
-}
+} & _DcqlQueryResult['credential_matches'][number]
 
-export type DcqlQueryResult = Omit<InternalDcqlQueryResult, 'credential_matches'> & {
+export type DcqlQueryResult = Omit<_DcqlQueryResult.Input, 'credential_matches'> & {
   credential_matches: Record<string, DcqlMatchWithRecord>
 }
 
-export type DcqlEncodedPresentations = _DcqlPresentationRecord
+export type DcqlEncodedPresentations = _DcqlPresentation.Input
 export type DcqlPresentation = Record<string, VerifiablePresentation>
+
+export type DcqlPresentationResult = _DcqlPresentationResult.Input

packages/core/src/modules/dcql/utils/DcqlPresentationsToCreate.ts

@@ -1,6 +1,6 @@
 import type { SdJwtVcRecord } from '../../sd-jwt-vc'
 import type { DcqlCredentialsForRequest } from '../models'
-import type { DcqlSdJwtVcRepresentation, DcqlW3cVcRepresentation, DcqlMdocRepresentation } from 'dcql'
+import type { DcqlSdJwtVcCredential, DcqlMdocCredential, DcqlW3cVcCredential } from 'dcql'
 
 import { MdocRecord } from '../../mdoc'
 import { W3cCredentialRecord, ClaimFormat } from '../../vc'
@@ -10,14 +10,14 @@ export interface DcqlSdJwtVcPresentationToCreate {
   claimFormat: ClaimFormat.SdJwtVc
   subjectIds: [] // subject is included in the cnf of the sd-jwt and automatically extracted by PEX
   credentialRecord: SdJwtVcRecord
-  disclosedPayload: DcqlSdJwtVcRepresentation.Claims
+  disclosedPayload: DcqlSdJwtVcCredential.Claims
 }
 
 export interface DcqlJwtVpPresentationToCreate {
   claimFormat: ClaimFormat.JwtVp
   subjectIds: [string] // only one subject id supported for JWT VP
   credentialRecord: W3cCredentialRecord
-  disclosedPayload: DcqlW3cVcRepresentation.Claims
+  disclosedPayload: DcqlW3cVcCredential.Claims
 }
 
 export interface DcqlLdpVpPresentationToCreate {
@@ -26,14 +26,14 @@ export interface DcqlLdpVpPresentationToCreate {
   // support yet for adding multiple proofs to an LDP-VP
   subjectIds: undefined | [string]
   credentialRecord: W3cCredentialRecord
-  disclosedPayload: DcqlW3cVcRepresentation.Claims
+  disclosedPayload: DcqlW3cVcCredential.Claims
 }
 
 export interface DcqlMdocPresentationToCreate {
   claimFormat: ClaimFormat.MsoMdoc
   subjectIds: []
   credentialRecord: MdocRecord
-  disclosedPayload: DcqlMdocRepresentation.NameSpaces
+  disclosedPayload: DcqlMdocCredential.NameSpaces
 }
 
 export type DcqlPresentationToCreate = Record<
@@ -55,21 +55,21 @@ export function dcqlGetPresentationsToCreate(
           match.credentialRecord.credential.claimFormat === ClaimFormat.JwtVc ? ClaimFormat.JwtVp : ClaimFormat.LdpVp,
         subjectIds: [match.credentialRecord.credential.credentialSubjectIds[0]],
         credentialRecord: match.credentialRecord,
-        disclosedPayload: match.disclosedPayload as DcqlW3cVcRepresentation.Claims,
+        disclosedPayload: match.disclosedPayload as DcqlW3cVcCredential.Claims,
       }
     } else if (match.credentialRecord instanceof MdocRecord) {
       presentationsToCreate[credentialQueryId] = {
         claimFormat: ClaimFormat.MsoMdoc,
         subjectIds: [],
         credentialRecord: match.credentialRecord,
-        disclosedPayload: match.disclosedPayload as DcqlMdocRepresentation.NameSpaces,
+        disclosedPayload: match.disclosedPayload as DcqlMdocCredential.NameSpaces,
       }
     } else {
       presentationsToCreate[credentialQueryId] = {
         claimFormat: ClaimFormat.SdJwtVc,
         subjectIds: [],
         credentialRecord: match.credentialRecord,
-        disclosedPayload: match.disclosedPayload as DcqlW3cVcRepresentation.Claims,
+        disclosedPayload: match.disclosedPayload as DcqlW3cVcCredential.Claims,
       }
     }
   }

packages/openid4vc/package.json

@@ -27,7 +27,7 @@
   },
   "dependencies": {
     "@credo-ts/core": "workspace:*",
-    "@sphereon/did-auth-siop": "https://gitpkg.vercel.app/animo/OID4VC/packages/siop-oid4vp?funke",
+    "@sphereon/did-auth-siop": "link:/../../../CODE/OID4VC/packages/siop-oid4vp",
     "@sphereon/oid4vc-common": "0.16.1-fix.173",
     "@sphereon/ssi-types": "0.30.2-next.135",
     "class-transformer": "^0.5.1",

packages/openid4vc/src/openid4vc-holder/OpenId4vcSiopHolderService.ts

@@ -138,7 +138,7 @@ export class OpenId4VcSiopHolderService {
         })
 
         dcqlOptions = {
-          encodedPresentations: await this.dcqlService.getEncodedPresentations(dcqlPresentation),
+          dcqlPresentation: await this.dcqlService.getEncodedPresentations(dcqlPresentation),
         }
 
         if (wantsIdToken && !openIdTokenIssuer) {

packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierService.ts

@@ -59,10 +59,10 @@ import {
   RevocationVerification,
   RP,
   SupportedVersion,
-  assertValidDcqlPresentationRecord,
+  assertValidDcqlPresentationResult,
 } from '@sphereon/did-auth-siop'
 import {
-  extractPresentationRecordFromDcqlVpToken,
+  extractDcqlPresentationFromDcqlVpToken,
   extractPresentationsFromVpToken,
 } from '@sphereon/did-auth-siop/dist/authorization-response/OpenID4VP'
 import { filter, first, firstValueFrom, map, timeout } from 'rxjs'
@@ -375,20 +375,20 @@ export class OpenId4VcSiopVerifierService {
     if (dcqlQuery) {
       const dcqlQueryVpToken = authorizationResponse.payload.vp_token
       const dcqlPresentation = Object.fromEntries(
-        Object.entries(
-          extractPresentationRecordFromDcqlVpToken(dcqlQueryVpToken as string, { hasher: Hasher.hash })
-        ).map(([key, value]) => {
-          return [key, getVerifiablePresentationFromSphereonWrapped(value)]
-        })
+        Object.entries(extractDcqlPresentationFromDcqlVpToken(dcqlQueryVpToken as string, { hasher: Hasher.hash })).map(
+          ([key, value]) => {
+            return [key, getVerifiablePresentationFromSphereonWrapped(value)]
+          }
+        )
       )
 
-      const presentationQueryResult = await assertValidDcqlPresentationRecord(
+      const presentationQueryResult = await assertValidDcqlPresentationResult(
         authorizationResponse.payload.vp_token as string,
         dcqlQuery,
         { hasher: Hasher.hash }
       )
 
-      dcql = { presentation: dcqlPresentation, presentationQueryResult }
+      dcql = { presentation: dcqlPresentation, presentationResult: presentationQueryResult }
     }
 
     if (!idToken && !(presentationExchange || dcqlQuery)) {

packages/openid4vc/src/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.ts

@@ -13,7 +13,7 @@ import type {
   DcqlQuery,
   DcqlPresentation,
   DifPexPresentationWithDescriptor,
-  DcqlPresentationQueryResult,
+  DcqlPresentationResult,
 } from '@credo-ts/core'
 
 export type ResponseMode = 'direct_post' | 'direct_post.jwt'
@@ -81,7 +81,7 @@ export interface OpenId4VcSiopVerifiedAuthorizationResponsePresentationExchange
 
 export interface OpenId4VcSiopVerifiedAuthorizationResponseDcql {
   presentation: DcqlPresentation
-  presentationQueryResult: DcqlPresentationQueryResult
+  presentationResult: DcqlPresentationResult
 }
 
 /**

packages/openid4vc/tests/openid4vc.e2e.test.ts

@@ -2330,16 +2330,16 @@ describe('OpenId4Vc', () => {
             typed: true,
             success: true,
             output: {
-              docType: 'org.eu.university',
+              doctype: 'org.eu.university',
+              credentialFormat: 'mso_mdoc',
               namespaces: {
                 'eu.europa.ec.eudi.pid.1': {
                   name: 'John Doe',
                   degree: 'bachelor',
                 },
               },
             },
-            issues: undefined,
-            credential_index: 1,
+            credential_index: 0,
             claim_set_index: undefined,
             all: expect.any(Array),
             record: expect.any(MdocRecord),
@@ -2348,13 +2348,13 @@ describe('OpenId4Vc', () => {
             typed: true,
             success: true,
             output: {
+              credentialFormat: 'vc+sd-jwt',
               vct: 'OpenBadgeCredential',
               claims: {
                 university: 'innsbruck',
               },
             },
-            issues: undefined,
-            credential_index: 0,
+            credential_index: 1,
             claim_set_index: undefined,
             all: expect.any(Array),
             record: expect.any(SdJwtVcRecord),