inji
diff --git a/‎Sources/OpenID4VP/AuthorizationResponse/AuthorizationResponseHandler.swift‎
Lines changed: 1 addition & 1 deletion b/‎Sources/OpenID4VP/AuthorizationResponse/AuthorizationResponseHandler.swift‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/UnsignedVPToken.swift‎
Lines changed: 3 additions & 1 deletion b/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/UnsignedVPToken.swift‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/UnsignedVPTokenBuilder.swift‎
Lines changed: 3 additions & 3 deletions b/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/UnsignedVPTokenBuilder.swift‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/types/LdpVP/UnsignedLdpVPTokenBuilder.swift‎
Lines changed: 16 additions & 13 deletions b/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/types/LdpVP/UnsignedLdpVPTokenBuilder.swift‎
Lines changed: 16 additions & 13 deletions
diff --git a/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/types/Mdoc/UnsignedMdocVPTokenBuilder.swift‎
Lines changed: 37 additions & 57 deletions b/‎Sources/OpenID4VP/AuthorizationResponse/UnsignedVPToken/types/Mdoc/UnsignedMdocVPTokenBuilder.swift‎
Lines changed: 37 additions & 57 deletions
@@ -7,7 +7,7 @@ public class AuthorizationResponseHandler {
     private var formatToCredentialInputDescriptorMapping: [FormatType: [CredentialInputDescriptorMapping]] = [:]
     private var credentialToCredentialQueryIdMappingsGroupedByFormat: [FormatType: [CredentialToCredentialQueryIdMapping]] = [:]
 
-    private var unsignedVPTokenResults: [FormatType: (vpTokenSigningPayload: Any?, unsignedVPTokens: [UnsignedVPToken])] = [:]
+    private var unsignedVPTokenResults: [FormatType: (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken])] = [:]
     private var specVersion: SpecVersion = .v1
     private let walletConfig: WalletConfig
 
 
@@ -1,19 +1,21 @@
 import Foundation
 
 public struct UnsignedVPToken: Codable {
-
+    public let id: String
     public let format: FormatType
     public let holderKeyReference: String
     public let signatureAlgorithm: String
     // Base64 encoded byte array of the actual data to sign
     public let dataToSign: Data
 
     public init(
+        id: String,
         format: FormatType,
         holderKeyReference: String,
         signatureAlgorithm: String,
         dataToSign: Data
     ) {
+        self.id = id
         self.format = format
         self.holderKeyReference = holderKeyReference
         self.signatureAlgorithm = signatureAlgorithm
 
@@ -1,12 +1,12 @@
 import Foundation
 
-typealias VPTokenSigningPayload = Any
+typealias VPTokenSigningPayload = [String: Any]
 
 protocol UnsignedVPTokenBuilder {
     var specVersion: SpecVersion { get }
     var authorizationRequest: AuthorizationRequest { get }
     var walletConfig: WalletConfig { get }
-    func build(credentialInputDescriptorMappings: inout [CredentialInputDescriptorMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload?, unsignedVPTokens: [UnsignedVPToken])
+    func build(credentialInputDescriptorMappings: inout [CredentialInputDescriptorMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken])
 
-    func build(credentialToCredentialQueryIdMappings: inout [CredentialToCredentialQueryIdMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload?, unsignedVPTokens: [UnsignedVPToken])
+    func build(credentialToCredentialQueryIdMappings: inout [CredentialToCredentialQueryIdMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken])
 }
@@ -22,7 +22,7 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
         self.walletConfig = walletConfig
     }
 
-    func build(credentialInputDescriptorMappings: inout [CredentialInputDescriptorMapping]) async throws -> (vpTokenSigningPayload: Any?, unsignedVPTokens: [UnsignedVPToken]) {
+    func build(credentialInputDescriptorMappings: inout [CredentialInputDescriptorMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken]) {
         guard (authorizationRequest as? AuthorizationPresentationExchangeRequest) != nil else {
             throw InvalidData(message: "Expected AuthorizationPresentationExchangeRequest for Presentation Exchange flow", className: className)
         }
@@ -32,9 +32,9 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
 
         for index in 0..<credentialInputDescriptorMappings.count {
             var credentialInputDescriptorMapping = credentialInputDescriptorMappings[index]
-            let uuid = UUIDGenerator.generateUUID()
+            let identifier = UUIDGenerator.generateUUID()
 
-            credentialInputDescriptorMapping.identifier = uuid
+            credentialInputDescriptorMapping.identifier = identifier
             credentialInputDescriptorMapping.nestedPath = "$.\(Self.internalPath)[0]"
             credentialInputDescriptorMappings[index] = credentialInputDescriptorMapping
 
@@ -46,12 +46,13 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
             let result = try extractHolderAndSignatureSuite(credential)
 
             let (vpTokenSigningPayload, unsignedVPToken) = try await buildPayloadAndUnsignedVPToken(
+                identifier: identifier,
                 with: verifiableCredentials,
                 signatureSuite: result.signatureSuite,
                 holder: sanitize(result.holder)
             )
 
-            vpTokenSigningPayloads[uuid] = vpTokenSigningPayload
+            vpTokenSigningPayloads[identifier] = vpTokenSigningPayload
             if let unsignedVPToken = unsignedVPToken {
                 unsignedVPTokens.append(unsignedVPToken)
             }
@@ -61,7 +62,7 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
         return (vpTokenSigningPayloads, unsignedVPTokens)
     }
 
-    func build(credentialToCredentialQueryIdMappings: inout [CredentialToCredentialQueryIdMapping]) async throws -> (vpTokenSigningPayload: Any?, unsignedVPTokens: [UnsignedVPToken]) {
+    func build(credentialToCredentialQueryIdMappings: inout [CredentialToCredentialQueryIdMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken]) {
         guard let authorizationRequest = authorizationRequest as? AuthorizationDcqlRequest else {
             throw InvalidData(message: "Expected AuthorizationDcqlRequest for DCQL flow", className: className)
         }
@@ -70,9 +71,9 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
 
         for index in 0..<credentialToCredentialQueryIdMappings.count {
             var credentialToCredentialQueryIdMapping = credentialToCredentialQueryIdMappings[index]
-            let uuid = UUIDGenerator.generateUUID()
+            let identifier = UUIDGenerator.generateUUID()
 
-            credentialToCredentialQueryIdMapping.identifier = uuid
+            credentialToCredentialQueryIdMapping.identifier = identifier
             credentialToCredentialQueryIdMappings[index] = credentialToCredentialQueryIdMapping
 
             let (credential, credentialQueryId) = (credentialToCredentialQueryIdMapping.credential, credentialToCredentialQueryIdMapping.credentialQueryId)
@@ -84,18 +85,19 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
             }()
 
             if(!mappedCredentialQuery.requireCryptographicHolderBinding) {
-                vpTokenSigningPayloads[uuid] = .vc(LdpVCToken(verifiableCredential: credential))
+                vpTokenSigningPayloads[identifier] = .vc(LdpVCToken(verifiableCredential: credential))
                 continue
             }
 
-            let result = mappedCredentialQuery.requireCryptographicHolderBinding ? try extractHolderAndSignatureSuite(credential) : nil
+            let result = try extractHolderAndSignatureSuite(credential)
             let (vpTokenSigningPayload, unsignedVPToken) = try await buildPayloadAndUnsignedVPToken(
+                identifier: identifier,
                 with: verifiableCredentials,
-                signatureSuite: result?.signatureSuite,
-                holder: sanitize(result?.holder)
+                signatureSuite: result.signatureSuite,
+                holder: sanitize(result.holder)
             )
 
-            vpTokenSigningPayloads[uuid] = vpTokenSigningPayload
+            vpTokenSigningPayloads[identifier] = vpTokenSigningPayload
             if let unsignedVPToken = unsignedVPToken {
                 unsignedVPTokens.append(unsignedVPToken)
             }
@@ -105,7 +107,7 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
         return (vpTokenSigningPayloads, unsignedVPTokens)
     }
 
-    private func buildPayloadAndUnsignedVPToken(with credentials: [AnyCodable], signatureSuite: String?, holder: String?) async throws -> (vpTokenSigningPayload: LdpVP, unsignedVPToken: UnsignedVPToken?) {
+    private func buildPayloadAndUnsignedVPToken(identifier: String, with credentials: [AnyCodable], signatureSuite: String?, holder: String?) async throws -> (vpTokenSigningPayload: LdpVP, unsignedVPToken: UnsignedVPToken?) {
         var context: [String] = ["https://www.w3.org/2018/credentials/v1"]
         if signatureSuite == SignatureSuite.ed25519Signature2020.rawValue {
             context.append("https://w3id.org/security/suites/ed25519-2020/v1")
@@ -180,6 +182,7 @@ class UnsignedLdpVPTokenBuilder: UnsignedVPTokenBuilder {
 
 
         let unsignedVPToken = UnsignedVPToken(
+            id: identifier,
             format: .ldp_vc,
             holderKeyReference: holder,
             signatureAlgorithm: signatureAlgorithm,
 
@@ -26,87 +26,62 @@ struct UnsignedMdocVPTokenBuilder: UnsignedVPTokenBuilder {
     }
 
 
-    func build(credentialInputDescriptorMappings: inout [CredentialInputDescriptorMapping]) async throws -> (vpTokenSigningPayload: Any?, unsignedVPTokens: [UnsignedVPToken]) {
-        var docTypeToDeviceAuthenticationBytes: [String: String] = [:]
+    func build(credentialInputDescriptorMappings: inout [CredentialInputDescriptorMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken]) {
+        var uuidToDeviceAuthenticationBytes: [String: String] = [:]
         var unsignedVPTokens: [UnsignedVPToken] = []
-
+        
         let sessionTranscript = try getSessionTranscript()
         let deviceNamespacesBytes = getDeviceNamespacesBytes()
-
+        
+        var existingDocTypes: Set<String> = []
+        
         for index in 0..<credentialInputDescriptorMappings.count {
             let credentialInputDescriptorMapping = credentialInputDescriptorMappings[index]
-            let (docType, deviceAuthentication, unsignedVPToken) = try await buildPayloadAndUnsignedVPToken(
+            let (_, _, unsignedVPToken) = try await buildPayloadAndUnsignedVPToken(
                 with: credentialInputDescriptorMapping.credential,
                 sessionTranscript: sessionTranscript,
                 deviceNamespacesBytes: deviceNamespacesBytes,
-                docTypeToDeviceAuthenticationBytes: docTypeToDeviceAuthenticationBytes,
-                updateIdentifier: { docTypeString in
-                    credentialInputDescriptorMappings[index].identifier = docTypeString
-                }
+                uuidToDeviceAuthenticationBytes: &uuidToDeviceAuthenticationBytes,
+                updateIdentifier: { identifier in
+                    credentialInputDescriptorMappings[index].identifier = identifier
+                },
+                existingDocTypes: &existingDocTypes
             )
 
-            docTypeToDeviceAuthenticationBytes[docType] = deviceAuthentication
             unsignedVPTokens.append(unsignedVPToken)
         }
-
-
-        unsignedVPTokens = []
-        for docType in docTypeToDeviceAuthenticationBytes.keys.sorted() {
-             let mapping = credentialInputDescriptorMappings.first(where: { $0.identifier == docType })!
-             let mdocCredential = mapping.credential.value as! String
-             let (keyRef, alg) = try resolveMdocKeyAndAlg(mdocCredential)
-             unsignedVPTokens.append(UnsignedVPToken(
-                format: .mso_mdoc,
-                holderKeyReference: keyRef,
-                signatureAlgorithm: alg,
-                dataToSign: Data((docTypeToDeviceAuthenticationBytes[docType]!).utf8)
-             ))
-        }
-
+        
         return (
-            vpTokenSigningPayload: docTypeToDeviceAuthenticationBytes,
+            vpTokenSigningPayload: uuidToDeviceAuthenticationBytes,
             unsignedVPTokens: unsignedVPTokens
         )
     }
 
-    func build(credentialToCredentialQueryIdMappings: inout [CredentialToCredentialQueryIdMapping]) async throws -> (vpTokenSigningPayload: Any?, unsignedVPTokens: [UnsignedVPToken]) {
-        var docTypeToDeviceAuthenticationBytes: [String: String] = [:]
+    func build(credentialToCredentialQueryIdMappings: inout [CredentialToCredentialQueryIdMapping]) async throws -> (vpTokenSigningPayload: VPTokenSigningPayload, unsignedVPTokens: [UnsignedVPToken]) {
+        var uuidToDeviceAuthenticationBytes: [String: String] = [:]
         var unsignedVPTokens: [UnsignedVPToken] = []
-
+        
         let sessionTranscript = try getSessionTranscript()
         let deviceNamespacesBytes = getDeviceNamespacesBytes()
-
+        var existingDocTypes: Set<String> = []
+        
         for index in 0..<credentialToCredentialQueryIdMappings.count {
             let credentialToCredentialQueryIdMapping = credentialToCredentialQueryIdMappings[index]
-            let (docType, deviceAuthentication, unsignedVPToken) = try await buildPayloadAndUnsignedVPToken(
+            let (_, _, unsignedVPToken) = try await buildPayloadAndUnsignedVPToken(
                 with: credentialToCredentialQueryIdMapping.credential,
                 sessionTranscript: sessionTranscript,
                 deviceNamespacesBytes: deviceNamespacesBytes,
-                docTypeToDeviceAuthenticationBytes: docTypeToDeviceAuthenticationBytes,
-                updateIdentifier: { docTypeString in
-                    credentialToCredentialQueryIdMappings[index].identifier = docTypeString
-                }
-                )
+                uuidToDeviceAuthenticationBytes: &uuidToDeviceAuthenticationBytes,
+                updateIdentifier: { identifier in
+                    credentialToCredentialQueryIdMappings[index].identifier = identifier
+                }, existingDocTypes: &existingDocTypes
+            )
 
-            docTypeToDeviceAuthenticationBytes[docType] = deviceAuthentication
             unsignedVPTokens.append(unsignedVPToken)
         }
-
-        unsignedVPTokens = []
-        for docType in docTypeToDeviceAuthenticationBytes.keys.sorted() {
-             let mapping = credentialToCredentialQueryIdMappings.first(where: { $0.identifier == docType })!
-             let mdocCredential = mapping.credential.value as! String
-             let (keyRef, alg) = try resolveMdocKeyAndAlg(mdocCredential)
-             unsignedVPTokens.append(UnsignedVPToken(
-                format: .mso_mdoc,
-                holderKeyReference: keyRef,
-                signatureAlgorithm: alg,
-                dataToSign: Data((docTypeToDeviceAuthenticationBytes[docType]!).utf8)
-             ))
-        }
-
+        
         return (
-            vpTokenSigningPayload: docTypeToDeviceAuthenticationBytes,
+            vpTokenSigningPayload: uuidToDeviceAuthenticationBytes,
             unsignedVPTokens: unsignedVPTokens
         )
     }
@@ -131,19 +106,21 @@ struct UnsignedMdocVPTokenBuilder: UnsignedVPTokenBuilder {
     private func buildPayloadAndUnsignedVPToken(with credential: AnyCodable,
                                                 sessionTranscript: CBOR,
                                                 deviceNamespacesBytes: CBOR,
-                                                docTypeToDeviceAuthenticationBytes: [String: String],
-                                                updateIdentifier: (String) -> Void
+                                                uuidToDeviceAuthenticationBytes: inout [String: String],
+                                                updateIdentifier: (String) -> Void,
+                                                existingDocTypes: inout Set<String>
     ) async throws -> (docType: String, deviceAuthenticationBytes: String, unsignedVPToken: UnsignedVPToken) {
         let (mdocCredential, decodedMdocCredential) = try decodeMdoc(credential, className: Self.className)
 
         let (docType, docTypeString) = try extractMdocDocType(from: decodedMdocCredential, className: Self.className)
 
-        if docTypeToDeviceAuthenticationBytes[docTypeString] != nil {
+        if existingDocTypes.contains(docTypeString) {
             throw InvalidData(
                 message: "Duplicate Mdoc Credentials with same doctype found",
                 className: Self.className
             )
         }
+        existingDocTypes.insert(docTypeString)
 
         let deviceAuthentication = CBOR.array([
             .utf8String("DeviceAuthentication"),
@@ -154,15 +131,18 @@ struct UnsignedMdocVPTokenBuilder: UnsignedVPTokenBuilder {
 
         let wrapped = wrapCBORInputWithTag24(input: deviceAuthentication)!
         let dataToSign = cborToByteString(cbor: wrapped)
+        let identifier = UUIDGenerator.generateUUID()
 
-        updateIdentifier(docTypeString)
+        updateIdentifier(identifier)
+        uuidToDeviceAuthenticationBytes[identifier] = dataToSign
 
         let (keyRef, alg) = try resolveMdocKeyAndAlg(mdocCredential)
 
         return (
             docTypeString,
             dataToSign,
             UnsignedVPToken(
+                id: identifier,
                 format: .mso_mdoc,
                 holderKeyReference: keyRef,
                 signatureAlgorithm: alg,
@@ -183,7 +163,7 @@ struct UnsignedMdocVPTokenBuilder: UnsignedVPTokenBuilder {
             case .draft23:
                 let clientIdToHash = CBOR.array([.utf8String(authorizationRequest.clientId), .utf8String(mdocGeneratedNonce)])
                 let clientIdHash = CBOR.byteString(sha256Hash(from: clientIdToHash))
-
+                
                 let responseUriToHash = CBOR.array([.utf8String(responseUri), .utf8String(mdocGeneratedNonce)])
                 let responseUriHash = CBOR.byteString(sha256Hash(from: responseUriToHash))
                 return CBOR.array([clientIdHash, responseUriHash, .utf8String(authorizationRequest.nonce)])