Skip to content

Commit

Permalink
more patch fixes
Browse files Browse the repository at this point in the history
Signed-off-by: Timo Glastra <[email protected]>
  • Loading branch information
TimoGlastra committed Aug 27, 2024
1 parent 785091b commit 921d0db
Show file tree
Hide file tree
Showing 8 changed files with 200 additions and 215 deletions.
1 change: 0 additions & 1 deletion agent/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
"@sphereon/did-auth-siop": "file:./sphereon-did-auth-siop-0.16.0.tgz"
},
"patchedDependencies": {
"@sphereon/did-auth-siop@file:sphereon-did-auth-siop-0.16.0.tgz": "patches/@[email protected]",
"@credo-ts/[email protected]": "patches/@[email protected]",
"@credo-ts/[email protected]": "patches/@[email protected]"
}
Expand Down
File renamed without changes.
File renamed without changes.
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@
"@sphereon/did-auth-siop": "file:./sphereon-did-auth-siop-0.16.0.tgz"
},
"patchedDependencies": {
"@credo-ts/core@0.5.11-pr-1996-20240826150533": "patches/@credo-ts__core@0.5.11-pr-1996-20240826150533.patch",
"@credo-ts/openid4vc@0.5.11-pr-1996-20240826150533": "patches/@credo-ts__openid4vc@0.5.11-pr-1996-20240826150533.patch"
"@credo-ts/openid4vc@0.5.11-pr-1996-20240827124430": "patches/@credo-ts__openid4vc@0.5.11-pr-1996-20240827124430.patch",
"@credo-ts/core@0.5.11-pr-1996-20240827124430": "patches/@credo-ts__core@0.5.11-pr-1996-20240827124430.patch"
}
}
}
67 changes: 67 additions & 0 deletions patches/@[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
diff --git a/build/modules/sd-jwt-vc/SdJwtVcOptions.d.ts b/build/modules/sd-jwt-vc/SdJwtVcOptions.d.ts
index de5fe62881d049c4030125e0a4cc8ca38de41be9..1c1a48e75f081f2f52bddd0a970544e7438c77f2 100644
--- a/build/modules/sd-jwt-vc/SdJwtVcOptions.d.ts
+++ b/build/modules/sd-jwt-vc/SdJwtVcOptions.d.ts
@@ -90,4 +90,5 @@ export type SdJwtVcVerifyOptions = {
nonce: string;
};
requiredClaimKeys?: Array<string>;
+ verifyHs256Callback?: (key: Key, data: Uint8Array, signatureBase64Url: string) => Promise<string>
};
diff --git a/build/modules/sd-jwt-vc/SdJwtVcService.js b/build/modules/sd-jwt-vc/SdJwtVcService.js
index add911d9570edcad9945c4819bfc56cf6f715201..90f49bad702beb85194a0a7895dc9a9f8ad66b8c 100644
--- a/build/modules/sd-jwt-vc/SdJwtVcService.js
+++ b/build/modules/sd-jwt-vc/SdJwtVcService.js
@@ -112,7 +112,7 @@ let SdJwtVcService = class SdJwtVcService {
throw new SdJwtVcError_1.SdJwtVcError(`The 'iss' claim in the payload does not match a 'SAN-URI' name and the domain extracted from the HTTPS URI does not match a 'SAN-DNS' name in the x5c certificate.`);
}
}
- async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys }) {
+ async verify(agentContext, { compactSdJwtVc, keyBinding, requiredClaimKeys, verifyHs256Callback }) {
const sdjwt = new sd_jwt_vc_1.SDJwtVcInstance(this.getBaseSdJwtConfig(agentContext));
const verificationResult = {
isValid: false,
@@ -142,7 +142,7 @@ let SdJwtVcService = class SdJwtVcService {
const holderBinding = this.parseHolderBindingFromCredential(sdJwtVc);
const holder = holderBinding ? await this.extractKeyFromHolderBinding(agentContext, holderBinding) : undefined;
sdjwt.config({
- verifier: this.verifier(agentContext, issuer.key),
+ verifier: this.verifier(agentContext, issuer.key, verifyHs256Callback),
kbVerifier: holder ? this.verifier(agentContext, holder.key) : undefined,
});
const requiredKeys = requiredClaimKeys ? [...requiredClaimKeys, 'vct'] : ['vct'];
@@ -261,10 +261,19 @@ let SdJwtVcService = class SdJwtVcService {
/**
* @todo validate the JWT header (alg)
*/
- verifier(agentContext, key) {
+ verifier(agentContext, key, verifyHs256Callback) {
return async (message, signatureBase64Url) => {
- if (!key) {
- throw new SdJwtVcError_1.SdJwtVcError('The public key used to verify the signature is missing');
+ if (!key && !verifyHs256Callback) {
+ throw new SdJwtVcError_1.SdJwtVcError('The public key, or verifyHs256Callback, used to verify the signature is missing');
+ }
+
+ const [header] = message.split(".")
+ if(header) {
+ const parsedHeader = utils_2.TypedArrayEncoder.fromBase64(header).toString()
+ const { alg } = JSON.parse(parsedHeader)
+ if(alg === "DVS-P256-SHA256-HS256") {
+ return await verifyHs256Callback(key, new Uint8Array(utils_2.TypedArrayEncoder.fromString(message)), signatureBase64Url)
+ }
}
return await agentContext.wallet.verify({
signature: utils_2.TypedArrayEncoder.fromBase64(signatureBase64Url),
@@ -373,6 +382,11 @@ let SdJwtVcService = class SdJwtVcService {
didUrl,
};
}
+ if(iss.startsWith('http')) {
+ return {
+ method: 'http'
+ }
+ }
throw new SdJwtVcError_1.SdJwtVcError("Unsupported 'iss' value. Only did is supported at the moment.");
}
parseHolderBindingFromCredential(sdJwtVc) {
142 changes: 0 additions & 142 deletions patches/@[email protected]

This file was deleted.

73 changes: 73 additions & 0 deletions patches/@[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
diff --git a/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js b/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js
index 1d35b8285d451933101b686de77cfe8780976516..cce871816074d5c0eb7fdab994a88afb67b99dad 100644
--- a/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js
+++ b/build/openid4vc-verifier/OpenId4VcSiopVerifierService.js
@@ -107,6 +107,7 @@ let OpenId4VcSiopVerifierService = class OpenId4VcSiopVerifierService {
state,
requestByReferenceURI: hostedAuthorizationRequestUri,
jwtIssuer,
+ additionalPayloadClaims: options.additionalPayloadClaims
});
// NOTE: it's not possible to set the uri scheme when using the RP to create an auth request, only lower level
// functions allow this. So we need to replace the uri scheme manually.
@@ -363,6 +364,7 @@ let OpenId4VcSiopVerifierService = class OpenId4VcSiopVerifierService {
audience: options.audience,
nonce: options.nonce,
},
+ verifyHs256Callback: options.verifyHs256Callback
});
isValid = verificationResult.verification.isValid;
}
diff --git a/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts b/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts
index 5abfb1bc5710849f656085593c77f3ab3898e4b7..b0bd7238fe142f47bb6526d3cb01ba97b98b16e8 100644
--- a/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts
+++ b/build/openid4vc-verifier/OpenId4VcSiopVerifierServiceOptions.d.ts
@@ -18,12 +18,15 @@ export interface OpenId4VcSiopCreateAuthorizationRequestOptions {
presentationExchange?: {
definition: DifPresentationExchangeDefinitionV2;
};
+
+ additionalPayloadClaims?: Record<string, unknown>
}
export interface OpenId4VcSiopVerifyAuthorizationResponseOptions {
/**
* The authorization response received from the OpenID Provider (OP).
*/
authorizationResponse: OpenId4VcSiopAuthorizationResponsePayload;
+ verifyHs256Callback?: (key: Key, data: Uint8Array, signatureInBase64url: string) => Promise<boolean>
}
export interface OpenId4VcSiopCreateAuthorizationRequestReturn {
authorizationRequest: string;
diff --git a/build/openid4vc-verifier/router/authorizationEndpoint.js b/build/openid4vc-verifier/router/authorizationEndpoint.js
index a523a1e668863929f49b50fea6786e42955e5149..b9430b6ac375640d9a78c82e4cd334cf90e0483b 100644
--- a/build/openid4vc-verifier/router/authorizationEndpoint.js
+++ b/build/openid4vc-verifier/router/authorizationEndpoint.js
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
exports.configureAuthorizationEndpoint = configureAuthorizationEndpoint;
const router_1 = require("../../shared/router");
const OpenId4VcSiopVerifierService_1 = require("../OpenId4VcSiopVerifierService");
+const core_1 = require("@credo-ts/core");
function configureAuthorizationEndpoint(router, config) {
router.post(config.endpointPath, async (request, response, next) => {
const { agentContext, verifier } = (0, router_1.getRequestContext)(request);
@@ -16,6 +17,12 @@ function configureAuthorizationEndpoint(router, config) {
authorizationResponse,
verifierId: verifier.verifierId,
});
+ let verifyHs256Callback = undefined
+ const parsedAuthorizationRequest = core_1.Jwt.fromSerializedJwt(verificationSession.authorizationRequestJwt)
+ const rpEphPub = parsedAuthorizationRequest.payload.additionalClaims.rp_eph_pub
+ if(rpEphPub !== null && rpEphPub !== void 0) {
+ verifyHs256Callback = config.verifyHs256Callback(agentContext, rpEphPub.jwk)
+ }
if (!verificationSession) {
agentContext.config.logger.warn(`No verification session found for incoming authorization response for verifier ${verifier.verifierId}`);
return (0, router_1.sendErrorResponse)(response, agentContext.config.logger, 404, 'invalid_request', null);
@@ -23,6 +30,7 @@ function configureAuthorizationEndpoint(router, config) {
await openId4VcVerifierService.verifyAuthorizationResponse(agentContext, {
authorizationResponse: request.body,
verificationSession,
+ verifyHs256Callback: verifyHs256Callback
});
response.status(200).send();
}
Loading

0 comments on commit 921d0db

Please sign in to comment.