Skip to content

Commit

Permalink
Merge pull request #38 from gunet/vid-auth-validity-check
Browse files Browse the repository at this point in the history
check validity of vid on vid auth comp
  • Loading branch information
kkmanos authored Sep 6, 2024
2 parents f6123aa + bb8e406 commit 021d713
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,13 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
const parsedPayload = JSON.parse(base64url.decode(payload)) as { vp: any };
const credential = parsedPayload.vp.verifiableCredential[0];

const [_credentialHeader, credentialPayload] = credential.split('.');
const [_credentialHeader, credentialPayload, _sig] = credential.split('.');

const parsedCredPayload = JSON.parse(base64url.decode(credentialPayload)) as any;
console.log("Parsed cred payload = ", parsedCredPayload)

console.log("Exp = ", parsedCredPayload.exp)
console.log("Now = ", Date.now() / 1000)
if (parsedCredPayload.exp < (Date.now() / 1000)) {
const { validityPeriod: { startingDate, endingDate }} = parsedCredPayload.vc.credentialSubject;

if (new Date(startingDate) > new Date() || new Date() > new Date(endingDate)) {
return { valid: false };
}

Expand All @@ -93,15 +92,16 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
.where("state.vid_auth_state = :vid_auth_state", { vid_auth_state: state })
.getOne();

if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["VID"] || !queryRes.raw_presentation) {
if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["PID"]) {
return;
}

const { valid } = await this.checkForInvalidCredentials(queryRes.raw_presentation);
const { valid } = await this.checkForInvalidCredentials(queryRes!.raw_presentation as string);
if (!valid) {
return await this.redirectToFailurePage(req, res, "Credential is expired");
return await this.redirectToFailurePage(req, res, "Credential is not valid");
}
const personalIdentifier = queryRes.claims["VID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null;
const personalIdentifier = queryRes.claims["PID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null;

if (!personalIdentifier) {
return;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import * as qrcode from 'qrcode';
import { openidForPresentationReceivingService, verifierConfigurationService } from "../../services/instances";
import { UserAuthenticationMethod } from "../../types/UserAuthenticationMethod.enum";
import { PresentationDefinitionTypeWithFormat } from "../verifier/VerifierConfigurationService";
import base64url from "base64url";

export class VIDAuthenticationComponent extends AuthenticationComponent {

Expand Down Expand Up @@ -55,6 +56,24 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
return true
}

private async checkForInvalidCredentials(vp_token: string): Promise<{ valid: boolean }> {
const [_header, payload, _] = vp_token.split('.');
const parsedPayload = JSON.parse(base64url.decode(payload)) as { vp: any };
const credential = parsedPayload.vp.verifiableCredential[0];

const [_credentialHeader, credentialPayload, _sig] = credential.split('.');

const parsedCredPayload = JSON.parse(base64url.decode(credentialPayload)) as any;

const { validityPeriod: { startingDate, endingDate }} = parsedCredPayload.vc.credentialSubject;

if (new Date(startingDate) > new Date() || new Date() > new Date(endingDate)) {
return { valid: false };
}

return { valid: true };
}

private async handleCallback(req: Request, res: Response): Promise<any> {
const state = req.query.state as string; // find the vp based on the state

Expand All @@ -75,7 +94,13 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["PID"]) {
return;
}

const { valid } = await this.checkForInvalidCredentials(queryRes!.raw_presentation as string);
if (!valid) {
return await this.redirectToFailurePage(req, res, "Credential is not valid");
}
const personalIdentifier = queryRes.claims["PID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null;

if (!personalIdentifier) {
return;
}
Expand All @@ -93,6 +118,14 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {

}

private async redirectToFailurePage(_req: Request, res: Response, msg: string) {
res.render('error', {
code: 100,
msg: msg,
locale: locale,
})
}

private async askForPresentation(req: Request, res: Response): Promise<any> {
if (req.body.state && req.method == "POST") {
console.log("Got state = ", req.body.state)
Expand Down

0 comments on commit 021d713

Please sign in to comment.