-
Notifications
You must be signed in to change notification settings - Fork 204
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(x509): added test to create self-signed certificate with Curve …
…Ed25519 Signed-off-by: Berend Sliedrecht <[email protected]>
- Loading branch information
1 parent
2110e4a
commit 31a791f
Showing
6 changed files
with
161 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
diff --git a/packages/openid4vc/src/openid4vc-holder/OpenId4VcHolderApi.ts b/packages/openid4vc/src/openid4vc-holder/OpenId4VcHolderApi.ts | ||
index 99461b99..8789d22e 100644 | ||
--- a/packages/openid4vc/src/openid4vc-holder/OpenId4VcHolderApi.ts | ||
+++ b/packages/openid4vc/src/openid4vc-holder/OpenId4VcHolderApi.ts | ||
@@ -160,13 +160,24 @@ export class OpenId4VcHolderApi { | ||
* @param options.tokenResponse Obtained through @see requestAccessToken | ||
*/ | ||
public async requestCredentials(options: OpenId4VciRequestCredentialOptions) { | ||
- const { resolvedCredentialOffer, cNonce, accessToken, ...credentialRequestOptions } = options | ||
+ const { | ||
+ resolvedCredentialOffer, | ||
+ cNonce, | ||
+ accessToken, | ||
+ additionalProofOfPossessionPayloadClaims, | ||
+ additionalCredentialRequestPayloadClaims, | ||
+ customFormat, | ||
+ ...credentialRequestOptions | ||
+ } = options | ||
|
||
return this.openId4VciHolderService.acceptCredentialOffer(this.agentContext, { | ||
resolvedCredentialOffer, | ||
acceptCredentialOfferOptions: credentialRequestOptions, | ||
+ customFormat, | ||
accessToken, | ||
cNonce, | ||
+ additionalProofOfPossessionPayloadClaims, | ||
+ additionalCredentialRequestPayloadClaims, | ||
}) | ||
} | ||
|
||
diff --git a/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts b/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts | ||
index 748a2847..7161cb61 100644 | ||
--- a/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts | ||
+++ b/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderService.ts | ||
@@ -312,9 +312,18 @@ export class OpenId4VciHolderService { | ||
accessToken?: string | ||
cNonce?: string | ||
clientId?: string | ||
+ additionalProofOfPossessionPayloadClaims?: Record<string, unknown> | ||
+ additionalCredentialRequestPayloadClaims?: Record<string, unknown> | ||
+ customFormat?: string | ||
} | ||
) { | ||
- const { resolvedCredentialOffer, acceptCredentialOfferOptions } = options | ||
+ const { | ||
+ resolvedCredentialOffer, | ||
+ acceptCredentialOfferOptions, | ||
+ additionalProofOfPossessionPayloadClaims, | ||
+ customFormat, | ||
+ additionalCredentialRequestPayloadClaims, | ||
+ } = options | ||
const { metadata, version, offeredCredentials } = resolvedCredentialOffer | ||
|
||
const { credentialsToRequest, credentialBindingResolver, verifyCredentialStatus } = acceptCredentialOfferOptions | ||
@@ -394,6 +403,11 @@ export class OpenId4VciHolderService { | ||
.withEndpointMetadata(metadata) | ||
.withAlg(signatureAlgorithm) | ||
|
||
+ if (additionalProofOfPossessionPayloadClaims) { | ||
+ // @ts-expect-error: header can be empty is it won't be used and we only care about the payload claims | ||
+ proofOfPossessionBuilder.withJwt({ header: {}, payload: additionalProofOfPossessionPayloadClaims }) | ||
+ } | ||
+ | ||
// TODO: what if auth flow using did, and the did is different from client id. We now use the client_id | ||
if (credentialBinding.method === 'did') { | ||
proofOfPossessionBuilder.withClientId(parseDid(credentialBinding.didUrl).did).withKid(credentialBinding.didUrl) | ||
@@ -424,11 +438,17 @@ export class OpenId4VciHolderService { | ||
.withCredentialEndpoint(metadata.credential_endpoint) | ||
.withToken(tokenResponse.access_token) | ||
|
||
+ if (customFormat) { | ||
+ credentialRequestBuilder.withFormat(customFormat) | ||
+ } | ||
+ | ||
const credentialRequestClient = credentialRequestBuilder.build() | ||
const credentialResponse = await credentialRequestClient.acquireCredentialsUsingProof({ | ||
proofInput: proofOfPossession, | ||
credentialTypes: getTypesFromCredentialSupported(offeredCredentialConfiguration), | ||
- format: offeredCredentialConfiguration.format, | ||
+ format: customFormat ? undefined : offeredCredentialConfiguration.format, | ||
+ // @ts-expect-error: custom patched file | ||
+ additionalRequestClaims: additionalCredentialRequestPayloadClaims, | ||
}) | ||
|
||
newCNonce = credentialResponse.successBody?.c_nonce | ||
diff --git a/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderServiceOptions.ts b/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderServiceOptions.ts | ||
index 8b15fe97..9af2ac99 100644 | ||
--- a/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderServiceOptions.ts | ||
+++ b/packages/openid4vc/src/openid4vc-holder/OpenId4VciHolderServiceOptions.ts | ||
@@ -117,6 +117,10 @@ export interface OpenId4VciCredentialRequestOptions extends Omit<OpenId4VciAccep | ||
* The client id used for authorization. Only required if authorization_code flow was used. | ||
*/ | ||
clientId?: string | ||
+ | ||
+ additionalProofOfPossessionPayloadClaims?: Record<string, unknown> | ||
+ additionalCredentialRequestPayloadClaims?: Record<string, unknown> | ||
+ customFormat?: string | ||
} | ||
|
||
/** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters