Cre8/issue36 (#80)

* fix: add webauthn for testing Signed-off-by: Mirko Mollik <[email protected]> * Add support for ed25519 keys Fixes #36 Signed-off-by: Mirko Mollik <[email protected]> * fix: building api response Signed-off-by: Mirko Mollik <[email protected]> --------- Signed-off-by: Mirko Mollik <[email protected]> Signed-off-by: Mirko Mollik <[email protected]>
openwallet-foundation-labs · Jul 9, 2024 · ed97b66 · ed97b66
1 parent b5780a5
commit ed97b66
Show file tree

Hide file tree

Showing 25 changed files with 1,224 additions and 1,170 deletions.
diff --git a/apps/holder-backend/src/app/oid4vc/oid4vp/dto/submission-request.dto.ts b/apps/holder-backend/src/app/oid4vc/oid4vp/dto/submission-request.dto.ts
@@ -1,13 +1,42 @@
-import { AuthenticationResponseJSON } from '@simplewebauthn/types';
+import {
+  AuthenticationExtensionsClientOutputs,
+  AuthenticatorAssertionResponseJSON,
+  AuthenticatorAttachment,
+  AuthenticationResponseJSON as IAuthenticationResponseJSON,
+} from '@simplewebauthn/types';
+import {
+  IsOptional,
+  IsString,
+  ValidateNested,
+  IsObject,
+} from 'class-validator';
+import { Type } from 'class-transformer';
+import { ApiProperty } from '@nestjs/swagger';
 
-export class CredentialSelection {
-  [key: string]: string;
+class AuthenticationResponseJSON implements IAuthenticationResponseJSON {
+  id: string;
+  rawId: string;
+  response: AuthenticatorAssertionResponseJSON;
+  @ApiProperty({ enum: ['cross-platform', 'platform'] })
+  authenticatorAttachment?: AuthenticatorAttachment;
+  clientExtensionResults: AuthenticationExtensionsClientOutputs;
+  type: 'public-key';
+}
+export class AuthSubmission {
+  @IsString()
+  session: string;
+
+  @ValidateNested()
+  @Type(() => AuthenticationResponseJSON)
+  response: AuthenticationResponseJSON;
 }
 
 export class SubmissionRequest {
-  auth?: {
-    session: string;
-    response: AuthenticationResponseJSON;
-  };
-  values: CredentialSelection;
+  @IsOptional()
+  @ValidateNested()
+  @Type(() => AuthSubmission)
+  auth?: AuthSubmission;
+
+  @IsObject()
+  values: Record<string, string>;
 }
diff --git a/apps/holder-backend/src/app/oid4vc/oid4vp/oid4vp.service.ts b/apps/holder-backend/src/app/oid4vc/oid4vp/oid4vp.service.ts
@@ -16,7 +16,6 @@ import {
 import { SdJwtDecodedVerifiableCredentialWithKbJwtInput } from '@sphereon/pex';
 import { v4 as uuid } from 'uuid';
 import { Oid4vpParseRepsonse } from './dto/parse-response.dto';
-import { CredentialSelection } from './dto/submission-request.dto';
 import { Oid4vpParseRequest } from './dto/parse-request.dto';
 import { Session } from './session';
 import { CompactSdJwtVc } from '@sphereon/ssi-types';
@@ -138,7 +137,7 @@ export class Oid4vpService {
   async accept(
     sessionId: string,
     user: string,
-    value: CredentialSelection
+    value: Record<string, string>
   ): Promise<void> {
     // get the session, throw an error if not found
     const session = this.sessions.get(sessionId);

diff --git a/apps/issuer-backend/src/app/app.module.ts b/apps/issuer-backend/src/app/app.module.ts
@@ -4,6 +4,7 @@ import { ConfigModule } from '@nestjs/config';
 import * as Joi from 'joi';
 import {
   AuthModule,
+  CRYPTO_VALIDATION_SCHEMA,
   KEY_VALIDATION_SCHEMA,
   KeyModule,
   OIDC_VALIDATION_SCHEMA,
@@ -29,6 +30,7 @@ import { IssuerModule } from './issuer/issuer.module';
         //TODO: we only need this, when we configured datbase type, not file type
         ...DB_VALIDATION_SCHEMA,
         ...KEY_VALIDATION_SCHEMA,
+        ...CRYPTO_VALIDATION_SCHEMA,
         ...OIDC_VALIDATION_SCHEMA,
       }),
     }),

diff --git a/apps/issuer-backend/src/app/issuer/issuer.service.ts b/apps/issuer-backend/src/app/issuer/issuer.service.ts
@@ -6,12 +6,11 @@ import {
 } from '@nestjs/common';
 import { HttpAdapterHost } from '@nestjs/core';
 import { ExpressAdapter } from '@nestjs/platform-express';
-import { ES256, digest, generateSalt } from '@sd-jwt/crypto-nodejs';
+import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
 import { SDJwtVcInstance, SdJwtVcPayload } from '@sd-jwt/sd-jwt-vc';
 import {
   CredentialRequestSdJwtVc,
   Jwt,
-  Alg,
   JwtVerifyResult,
   CredentialOfferSession,
   CNonceState,
@@ -37,7 +36,11 @@ import {
 import { IssuerDataService } from './issuer-data.service';
 import { SessionRequestDto } from './dto/session-request.dto';
 import { CredentialsService } from '../credentials/credentials.service';
-import { KeyService } from '@credhub/relying-party-shared';
+import {
+  CryptoImplementation,
+  CryptoService,
+  KeyService,
+} from '@credhub/relying-party-shared';
 import { IssuerMetadata } from './types';
 import { StatusService } from '../status/status.service';
 import { SessionResponseDto } from './dto/session-response.dto';
@@ -52,15 +55,20 @@ interface CredentialDataSupplierInput {
 export class IssuerService implements OnModuleInit {
   private express: ExpressSupport;
   vcIssuer: VcIssuer<DIDDocument>;
+
+  private crypto: CryptoImplementation;
+
   constructor(
     private adapterHost: HttpAdapterHost<ExpressAdapter>,
     @Inject('KeyService') private keyService: KeyService,
     private issuerDataService: IssuerDataService,
     private credentialsService: CredentialsService,
     private statusService: StatusService,
-    private configService: ConfigService
+    private configService: ConfigService,
+    private cryptoService: CryptoService
   ) {
     this.express = this.getExpressInstance();
+    this.crypto = this.cryptoService.getCrypto();
   }
   async onModuleInit() {
     await this.init();
@@ -148,16 +156,15 @@ export class IssuerService implements OnModuleInit {
   }
 
   async init() {
-    // get verifier. Only ES256 is supported for now.
-    const verifier = await ES256.getVerifier(
+    const verifier = await this.crypto.getVerifier(
       await this.keyService.getPublicKey()
     );
 
     // crearre the sd-jwt instance with the required parameters.
     const sdjwt = new SDJwtVcInstance({
       signer: this.keyService.signer,
       verifier,
-      signAlg: 'ES256',
+      signAlg: this.crypto.alg,
       hasher: digest,
       hashAlg: 'SHA-256',
       saltGenerator: generateSalt,
@@ -199,7 +206,7 @@ export class IssuerService implements OnModuleInit {
     const signerCallback = async (jwt: Jwt): Promise<string> => {
       return this.keyService.signJWT(jwt.payload, {
         ...jwt.header,
-        alg: Alg.ES256,
+        alg: this.crypto.alg,
         kid: await this.keyService.getKid(),
       });
     };

diff --git a/apps/verifier-backend/src/app/app.module.ts b/apps/verifier-backend/src/app/app.module.ts
@@ -5,6 +5,7 @@ import * as Joi from 'joi';
 import { VerifierModule } from './verifier/verifier.module';
 import {
   AuthModule,
+  CRYPTO_VALIDATION_SCHEMA,
   DB_VALIDATION_SCHEMA,
   DbModule,
   KeyModule,
@@ -26,6 +27,7 @@ import { TemplatesModule } from './templates/templates.module';
           .default('development'),
         CREDENTIALS_FOLDER: Joi.string().required(),
         ...OIDC_VALIDATION_SCHEMA,
+        ...CRYPTO_VALIDATION_SCHEMA,
         ...DB_VALIDATION_SCHEMA,
       }),
     }),

diff --git a/apps/verifier-backend/src/app/verifier/relying-party-manager.service.ts b/apps/verifier-backend/src/app/verifier/relying-party-manager.service.ts
@@ -1,5 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
-import { ES256, digest } from '@sd-jwt/crypto-nodejs';
+import { digest } from '@sd-jwt/crypto-nodejs';
 import {
   JWK,
   JWTPayload,
@@ -29,6 +29,7 @@ import {
   encodeDidJWK,
   JWkResolver,
   KeyService,
+  CryptoService,
 } from '@credhub/relying-party-shared';
 import { ResolverService } from '../resolver/resolver.service';
 import { HttpService } from '@nestjs/axios';
@@ -49,6 +50,7 @@ export class RelyingPartyManagerService {
     private resolverService: ResolverService,
     private configService: ConfigService,
     private httpSerivce: HttpService,
+    private cryptoService: CryptoService,
     private templateService: TemplatesService
   ) {
     this.sessionManager = new InMemoryRPSessionManager(this.eventEmitter, {
@@ -198,7 +200,9 @@ export class RelyingPartyManagerService {
             payload,
             header
           );
-          const verify = await ES256.getVerifier(publicKey);
+          //get the verifier based on the algorithm
+          const crypto = this.cryptoService.getCrypto(header.alg as string);
+          const verify = await crypto.getVerifier(publicKey);
           return verify(data, signature);
         };
 

diff --git a/libs/holder-shared/src/lib/api/.openapi-generator/FILES b/libs/holder-shared/src/lib/api/.openapi-generator/FILES
@@ -13,6 +13,8 @@ encoder.ts
 git_push.sh
 index.ts
 model/acceptRequestDto.ts
+model/authSubmission.ts
+model/authenticationResponseJSON.ts
 model/createCredentialDto.ts
 model/cred.ts
 model/credentialIssuer.ts
@@ -31,6 +33,7 @@ model/registrationResponse.ts
 model/relyingParty.ts
 model/setting.ts
 model/settingResponse.ts
+model/submissionRequest.ts
 model/txCodeInfo.ts
 model/updateSettingsDto.ts
 model/verifyRequestClaim.ts