Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Created an issuer verification of an EBSI issued credential #236

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

feat: Created an issuer verification of an EBSI issued credential #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
333b395
feat: Created an issuer verification of an EBSI issued credential
zoemaas Sep 9, 2024
402e250
refactor: Refactored the EBSI credential issuer verification
zoemaas Sep 10, 2024
cab5464
refactor: Added tests and fixed issues with the returned promises
zoemaas Sep 11, 2024
a55c186
Merge branch 'develop' of https://github.com/Sphereon-Opensource/SSI-…
zoemaas Sep 11, 2024
bb7cee0
refactor: Added tests and fixed issues with the returned promises
zoemaas Sep 12, 2024
46624fe
refactor: Refactored error handling and moved the issuer types to a p…
zoemaas Sep 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 70 additions & 0 deletions packages/oid4vci-holder/__tests__/EBSIFunctions.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
import {verifyEBSICredentialIssuer} from "../src/agent/OID4VCIHolder";
import {CredentialMapper} from "@sphereon/ssi-types";
import {IssuerType} from "../src";

const nock = require("nock")

const BASE_URL = 'https://api-conformance.ebsi.eu'
const GET_VALID_ISSUER_URI = '/trusted-issuers-registry/v4/issuers/did:ebsi:ziDnioxYYLW1a3qUbqTFz4W'
const GET_INVALID_ISSUER_URI = '/trusted-issuers-registry/v4/issuers/invalid_issuer'

describe('EBSI Functions', () => {
describe('verifyEBSICredentialIssuer', () => {

const validIssuerResult = {
did: "did:ebsi:ziDnioxYYLW1a3qUbqTFz4W",
attributes: [{
hash: "test",
body: "eyJ0eXAiOiJKV1QiLCJraWQiOiIxODNkY2E4NDRiNzM5OGM4MTQ0ZTJiMzk5OWM3MzA2Y2I3OTYzMDJhZWQxNDdkNjY4ZmI2ZmI5YmE0OTZkNTBkIiwiYWxnIjoiRVMyNTZLIn0.eyJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aURuaW94WVlMVzFhM3FVYnFURno0VyIsImlhdCI6MTcxNDQxMzA4OCwianRpIjoidXJuOnV1aWQ6NWZiN2Q5OGItMTA4Yy00YmMwLTlmZmMtYzY5Zjg0ZWQ3ODhmIiwibmJmIjoxNzE0NDEzMDg4LCJleHAiOjE3NDU5NDkwODgsInN1YiI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDo1ZmI3ZDk4Yi0xMDhjLTRiYzAtOWZmYy1jNjlmODRlZDc4OGYiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Ub09uYm9hcmQiXSwiaXNzdWFuY2VEYXRlIjoiMjAyNC0wNC0yOVQxNzo1MToyOFoiLCJpc3N1ZWQiOiIyMDI0LTA0LTI5VDE3OjUxOjI4WiIsInZhbGlkRnJvbSI6IjIwMjQtMDQtMjlUMTc6NTE6MjhaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA0LTI5VDE3OjUxOjI4WiIsImlzc3VlciI6ImRpZDplYnNpOnppRG5pb3hZWUxXMWEzcVVicVRGejRXIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZWJzaTp6ZXliQWlKeHpVVXJXUTFZTTUxU1kzNSIsImFjY3JlZGl0ZWRGb3IiOltdfSwidGVybXNPZlVzZSI6eyJpZCI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidHlwZSI6Iklzc3VhbmNlQ2VydGlmaWNhdGUifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vYXBpLXBpbG90LmVic2kuZXUvdHJ1c3RlZC1zY2hlbWFzLXJlZ2lzdHJ5L3YyL3NjaGVtYXMvejNNZ1VGVWtiNzIydXE0eDNkdjV5QUptbk5tekRGZUs1VUM4eDgzUW9lTEpNIiwidHlwZSI6IkZ1bGxKc29uU2NoZW1hVmFsaWRhdG9yMjAyMSJ9fX0.QWNWTWlrbUpLcFJaLVBGczQ0U3Mxb200Mk4yb3JzWndsTXp3REpHTTMxSUM2WG5ZVXJ0ZlY4RHFTbVQtaXBIMEdLSDZhclFEcGtrbXZTTy1NenYxWEE",
issuerType: "RootTAO",
tao: "did:ebsi:zeybAiJxzUUrWQ1YM51SY35",
rootTao: "did:ebsi:ziDnioxYYLW1a3qUbqTFz4W"
}]
}

const notIssuerResult = {
did: "did:ebsi:ziDnioxYYLW1a3qUbqTFz4W",
attributes: [{
hash: "test",
body: "eyJ0eXAiOiJKV1QiLCJraWQiOiIxODNkY2E4NDRiNzM5OGM4MTQ0ZTJiMzk5OWM3MzA2Y2I3OTYzMDJhZWQxNDdkNjY4ZmI2ZmI5YmE0OTZkNTBkIiwiYWxnIjoiRVMyNTZLIn0.eyJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aURuaW94WVlMVzFhM3FVYnFURno0VyIsImlhdCI6MTcxNDQxMzA4OCwianRpIjoidXJuOnV1aWQ6NWZiN2Q5OGItMTA4Yy00YmMwLTlmZmMtYzY5Zjg0ZWQ3ODhmIiwibmJmIjoxNzE0NDEzMDg4LCJleHAiOjE3NDU5NDkwODgsInN1YiI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDo1ZmI3ZDk4Yi0xMDhjLTRiYzAtOWZmYy1jNjlmODRlZDc4OGYiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Ub09uYm9hcmQiXSwiaXNzdWFuY2VEYXRlIjoiMjAyNC0wNC0yOVQxNzo1MToyOFoiLCJpc3N1ZWQiOiIyMDI0LTA0LTI5VDE3OjUxOjI4WiIsInZhbGlkRnJvbSI6IjIwMjQtMDQtMjlUMTc6NTE6MjhaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA0LTI5VDE3OjUxOjI4WiIsImlzc3VlciI6ImRpZDplYnNpOnppRG5pb3hZWUxXMWEzcVVicVRGejRXIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZWJzaTp6ZXliQWlKeHpVVXJXUTFZTTUxU1kzNSIsImFjY3JlZGl0ZWRGb3IiOltdfSwidGVybXNPZlVzZSI6eyJpZCI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidHlwZSI6Iklzc3VhbmNlQ2VydGlmaWNhdGUifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vYXBpLXBpbG90LmVic2kuZXUvdHJ1c3RlZC1zY2hlbWFzLXJlZ2lzdHJ5L3YyL3NjaGVtYXMvejNNZ1VGVWtiNzIydXE0eDNkdjV5QUptbk5tekRGZUs1VUM4eDgzUW9lTEpNIiwidHlwZSI6IkZ1bGxKc29uU2NoZW1hVmFsaWRhdG9yMjAyMSJ9fX0.QWNWTWlrbUpLcFJaLVBGczQ0U3Mxb200Mk4yb3JzWndsTXp3REpHTTMxSUM2WG5ZVXJ0ZlY4RHFTbVQtaXBIMEdLSDZhclFEcGtrbXZTTy1NenYxWEE",
issuerType: "Revoked or Undefined",
tao: "did:ebsi:zeybAiJxzUUrWQ1YM51SY35",
rootTao: "did:ebsi:ziDnioxYYLW1a3qUbqTFz4W"
}]
}

it(`should return the issuer's did and attributes if the issuer is valid`, async () => {
nock(BASE_URL)
.get(GET_VALID_ISSUER_URI)
.reply(200, JSON.stringify(validIssuerResult))
await expect(verifyEBSICredentialIssuer({
wrappedVc: CredentialMapper.toWrappedVerifiableCredential("eyJ0eXAiOiJKV1QiLCJraWQiOiIxODNkY2E4NDRiNzM5OGM4MTQ0ZTJiMzk5OWM3MzA2Y2I3OTYzMDJhZWQxNDdkNjY4ZmI2ZmI5YmE0OTZkNTBkIiwiYWxnIjoiRVMyNTZLIn0.eyJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aURuaW94WVlMVzFhM3FVYnFURno0VyIsImlhdCI6MTcxNDQxMzA4OCwianRpIjoidXJuOnV1aWQ6NWZiN2Q5OGItMTA4Yy00YmMwLTlmZmMtYzY5Zjg0ZWQ3ODhmIiwibmJmIjoxNzE0NDEzMDg4LCJleHAiOjE3NDU5NDkwODgsInN1YiI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDo1ZmI3ZDk4Yi0xMDhjLTRiYzAtOWZmYy1jNjlmODRlZDc4OGYiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Ub09uYm9hcmQiXSwiaXNzdWFuY2VEYXRlIjoiMjAyNC0wNC0yOVQxNzo1MToyOFoiLCJpc3N1ZWQiOiIyMDI0LTA0LTI5VDE3OjUxOjI4WiIsInZhbGlkRnJvbSI6IjIwMjQtMDQtMjlUMTc6NTE6MjhaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA0LTI5VDE3OjUxOjI4WiIsImlzc3VlciI6ImRpZDplYnNpOnppRG5pb3hZWUxXMWEzcVVicVRGejRXIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZWJzaTp6ZXliQWlKeHpVVXJXUTFZTTUxU1kzNSIsImFjY3JlZGl0ZWRGb3IiOltdfSwidGVybXNPZlVzZSI6eyJpZCI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidHlwZSI6Iklzc3VhbmNlQ2VydGlmaWNhdGUifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vYXBpLXBpbG90LmVic2kuZXUvdHJ1c3RlZC1zY2hlbWFzLXJlZ2lzdHJ5L3YyL3NjaGVtYXMvejNNZ1VGVWtiNzIydXE0eDNkdjV5QUptbk5tekRGZUs1VUM4eDgzUW9lTEpNIiwidHlwZSI6IkZ1bGxKc29uU2NoZW1hVmFsaWRhdG9yMjAyMSJ9fX0.QWNWTWlrbUpLcFJaLVBGczQ0U3Mxb200Mk4yb3JzWndsTXp3REpHTTMxSUM2WG5ZVXJ0ZlY4RHFTbVQtaXBIMEdLSDZhclFEcGtrbXZTTy1NenYxWEE"),
issuerType: ['RootTAO']
})).resolves.toEqual(validIssuerResult)
})

it(`should throw an Error if the issuer type is not RootTAO, TAO or TI`, async () => {
const issuerType: IssuerType[] = ['RootTAO', 'TAO', 'TI']
nock(BASE_URL)
.get(GET_VALID_ISSUER_URI)
.reply(200, JSON.stringify(notIssuerResult))
await expect(verifyEBSICredentialIssuer({
wrappedVc: CredentialMapper.toWrappedVerifiableCredential("eyJ0eXAiOiJKV1QiLCJraWQiOiIxODNkY2E4NDRiNzM5OGM4MTQ0ZTJiMzk5OWM3MzA2Y2I3OTYzMDJhZWQxNDdkNjY4ZmI2ZmI5YmE0OTZkNTBkIiwiYWxnIjoiRVMyNTZLIn0.eyJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aURuaW94WVlMVzFhM3FVYnFURno0VyIsImlhdCI6MTcxNDQxMzA4OCwianRpIjoidXJuOnV1aWQ6NWZiN2Q5OGItMTA4Yy00YmMwLTlmZmMtYzY5Zjg0ZWQ3ODhmIiwibmJmIjoxNzE0NDEzMDg4LCJleHAiOjE3NDU5NDkwODgsInN1YiI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDo1ZmI3ZDk4Yi0xMDhjLTRiYzAtOWZmYy1jNjlmODRlZDc4OGYiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Ub09uYm9hcmQiXSwiaXNzdWFuY2VEYXRlIjoiMjAyNC0wNC0yOVQxNzo1MToyOFoiLCJpc3N1ZWQiOiIyMDI0LTA0LTI5VDE3OjUxOjI4WiIsInZhbGlkRnJvbSI6IjIwMjQtMDQtMjlUMTc6NTE6MjhaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA0LTI5VDE3OjUxOjI4WiIsImlzc3VlciI6ImRpZDplYnNpOnppRG5pb3hZWUxXMWEzcVVicVRGejRXIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZWJzaTp6ZXliQWlKeHpVVXJXUTFZTTUxU1kzNSIsImFjY3JlZGl0ZWRGb3IiOltdfSwidGVybXNPZlVzZSI6eyJpZCI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidHlwZSI6Iklzc3VhbmNlQ2VydGlmaWNhdGUifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vYXBpLXBpbG90LmVic2kuZXUvdHJ1c3RlZC1zY2hlbWFzLXJlZ2lzdHJ5L3YyL3NjaGVtYXMvejNNZ1VGVWtiNzIydXE0eDNkdjV5QUptbk5tekRGZUs1VUM4eDgzUW9lTEpNIiwidHlwZSI6IkZ1bGxKc29uU2NoZW1hVmFsaWRhdG9yMjAyMSJ9fX0.QWNWTWlrbUpLcFJaLVBGczQ0U3Mxb200Mk4yb3JzWndsTXp3REpHTTMxSUM2WG5ZVXJ0ZlY4RHFTbVQtaXBIMEdLSDZhclFEcGtrbXZTTy1NenYxWEE"),
issuerType: issuerType
})).rejects.toThrowError(Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`))
})

it(`should throw an Error if the issuer's did is not provided`, async () => {
await expect(verifyEBSICredentialIssuer({
wrappedVc: CredentialMapper.toWrappedVerifiableCredential("eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjE4M2RjYTg0NGI3Mzk4YzgxNDRlMmIzOTk5YzczMDZjYjc5NjMwMmFlZDE0N2Q2NjhmYjZmYjliYTQ5NmQ1MGQifQ.eyJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aURuaW94WVlMVzFhM3FVYnFURno0VyIsImlhdCI6MTcxNDQxMzA4OCwianRpIjoidXJuOnV1aWQ6NWZiN2Q5OGItMTA4Yy00YmMwLTlmZmMtYzY5Zjg0ZWQ3ODhmIiwibmJmIjoxNzE0NDEzMDg4LCJleHAiOjE3NDU5NDkwODgsInN1YiI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDo1ZmI3ZDk4Yi0xMDhjLTRiYzAtOWZmYy1jNjlmODRlZDc4OGYiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Ub09uYm9hcmQiXSwiaXNzdWFuY2VEYXRlIjoiMjAyNC0wNC0yOVQxNzo1MToyOFoiLCJpc3N1ZWQiOiIyMDI0LTA0LTI5VDE3OjUxOjI4WiIsInZhbGlkRnJvbSI6IjIwMjQtMDQtMjlUMTc6NTE6MjhaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA0LTI5VDE3OjUxOjI4WiIsImlzc3VlciI6IiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOmVic2k6emV5YkFpSnh6VVVyV1ExWU01MVNZMzUiLCJhY2NyZWRpdGVkRm9yIjpbXX0sInRlcm1zT2ZVc2UiOnsiaWQiOiJkaWQ6ZWJzaTp6ZXliQWlKeHpVVXJXUTFZTTUxU1kzNSIsInR5cGUiOiJJc3N1YW5jZUNlcnRpZmljYXRlIn0sImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtc2NoZW1hcy1yZWdpc3RyeS92Mi9zY2hlbWFzL3ozTWdVRlVrYjcyMnVxNHgzZHY1eUFKbW5ObXpERmVLNVVDOHg4M1FvZUxKTSIsInR5cGUiOiJGdWxsSnNvblNjaGVtYVZhbGlkYXRvcjIwMjEifX19.OFcZ-7iqoP_LmxTWqM9rR4aOK8VPyKyRJ2R8MD6m1jT2LzyqMVKzX__EF6e0ghs73l-nVtJBIu28QFsMFxAODg")
})).rejects.toThrowError(Error("The issuer of the VC is required to be present"))
})

it(`should throw an Error if the issuer's did is invalid`, async () => {
nock(BASE_URL).get(GET_INVALID_ISSUER_URI).reply(400)
await expect(verifyEBSICredentialIssuer({
wrappedVc: CredentialMapper.toWrappedVerifiableCredential("eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjE4M2RjYTg0NGI3Mzk4YzgxNDRlMmIzOTk5YzczMDZjYjc5NjMwMmFlZDE0N2Q2NjhmYjZmYjliYTQ5NmQ1MGQifQ.eyJpc3N1ZXIiOiJkaWQ6ZWJzaTp6aURuaW94WVlMVzFhM3FVYnFURno0VyIsImlhdCI6MTcxNDQxMzA4OCwianRpIjoidXJuOnV1aWQ6NWZiN2Q5OGItMTA4Yy00YmMwLTlmZmMtYzY5Zjg0ZWQ3ODhmIiwibmJmIjoxNzE0NDEzMDg4LCJleHAiOjE3NDU5NDkwODgsInN1YiI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiXSwiaWQiOiJ1cm46dXVpZDo1ZmI3ZDk4Yi0xMDhjLTRiYzAtOWZmYy1jNjlmODRlZDc4OGYiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiVmVyaWZpYWJsZUF0dGVzdGF0aW9uIiwiVmVyaWZpYWJsZUF1dGhvcmlzYXRpb25Ub09uYm9hcmQiXSwiaXNzdWFuY2VEYXRlIjoiMjAyNC0wNC0yOVQxNzo1MToyOFoiLCJpc3N1ZWQiOiIyMDI0LTA0LTI5VDE3OjUxOjI4WiIsInZhbGlkRnJvbSI6IjIwMjQtMDQtMjlUMTc6NTE6MjhaIiwiZXhwaXJhdGlvbkRhdGUiOiIyMDI1LTA0LTI5VDE3OjUxOjI4WiIsImlzc3VlciI6ImludmFsaWRfaXNzdWVyIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZWJzaTp6ZXliQWlKeHpVVXJXUTFZTTUxU1kzNSIsImFjY3JlZGl0ZWRGb3IiOltdfSwidGVybXNPZlVzZSI6eyJpZCI6ImRpZDplYnNpOnpleWJBaUp4elVVcldRMVlNNTFTWTM1IiwidHlwZSI6Iklzc3VhbmNlQ2VydGlmaWNhdGUifSwiY3JlZGVudGlhbFNjaGVtYSI6eyJpZCI6Imh0dHBzOi8vYXBpLXBpbG90LmVic2kuZXUvdHJ1c3RlZC1zY2hlbWFzLXJlZ2lzdHJ5L3YyL3NjaGVtYXMvejNNZ1VGVWtiNzIydXE0eDNkdjV5QUptbk5tekRGZUs1VUM4eDgzUW9lTEpNIiwidHlwZSI6IkZ1bGxKc29uU2NoZW1hVmFsaWRhdG9yMjAyMSJ9fX0.r0kAeMRrwn8lQNJakAmfWRtLmRQdRbULNjbbvTPsirpVGmN5O0V9O7eQ7_S4sHTF8p_AShSanv4MLvtRfCvg1A")
})).rejects.toThrowError('The issuer of the VC cannot be trusted')
})
})
})
33 changes: 31 additions & 2 deletions packages/oid4vci-holder/src/agent/OID4VCIHolder.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ import { OID4VCIMachine } from '../machine/oid4vciMachine'
import {
AddContactIdentityArgs,
AddIssuerBrandingArgs,
AssertValidCredentialsArgs,
AssertValidCredentialsArgs, Attribute,
createCredentialsToSelectFromArgs,
CredentialToAccept,
CredentialToSelectFromResult,
Expand All @@ -84,7 +84,7 @@ import {
StartResult,
StoreCredentialBrandingArgs,
StoreCredentialsArgs,
VerificationResult,
VerificationResult, VerifyEBSICredentialIssuerArgs, VerifyEBSICredentialIssuerResult,
} from '../types/IOID4VCIHolder'
import {
getBasicIssuerLocaleBranding,
Expand All @@ -97,6 +97,7 @@ import {
verifyCredentialToAccept,
} from './OID4VCIHolderService'

import 'cross-fetch/polyfill'
/**
* {@inheritDoc IOID4VCIHolder}
*/
Expand Down Expand Up @@ -189,6 +190,30 @@ export function signCallback(
}
}

export async function verifyEBSICredentialIssuer(args: VerifyEBSICredentialIssuerArgs): Promise<VerifyEBSICredentialIssuerResult> {
const { wrappedVc, issuerType = ['TI'] } = args

const issuer = wrappedVc.decoded?.iss ?? (typeof wrappedVc.decoded?.vc?.issuer === 'string' ? wrappedVc.decoded?.vc?.issuer : wrappedVc.decoded?.vc?.issuer?.existingInstanceId)

if (!issuer) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why are you using an approach that we have never used?

Return a promise reject with an error so you do not have to list undefined as a result type. Or resolve undefined if that is an okay outcome. Not a reject with undefined. That makes no sense.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactored error handling

throw Error("The issuer of the VC is required to be present")
}

const url = `https://api-conformance.ebsi.eu/trusted-issuers-registry/v4/issuers/${issuer}`;
const response = await fetch(url)
if (response.status !== 200) {
throw Error('The issuer of the VC cannot be trusted')
}

const payload = await response.json()

if (!payload.attributes.some((a: Attribute) => issuerType.includes(a.issuerType))) {
throw Error(`The issuer type is required to be one of: ${issuerType.join(', ')}`)
}

return payload
}

export class OID4VCIHolder implements IAgentPlugin {
readonly eventTypes: Array<OID4VCIHolderEvent> = [
OID4VCIHolderEvent.CONTACT_IDENTITY_CREATED,
Expand Down Expand Up @@ -235,12 +260,14 @@ export class OID4VCIHolder implements IAgentPlugin {
private readonly onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>
private readonly onCredentialStored?: (args: OnCredentialStoredArgs) => Promise<void>
private readonly onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>
private readonly onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>

constructor(options?: OID4VCIHolderOptions) {
const {
onContactIdentityCreated,
onCredentialStored,
onIdentifierCreated,
onVerifyEBSICredentialIssuer,
vcFormatPreferences,
jsonldCryptographicSuitePreferences,
didMethodPreferences,
Expand All @@ -266,6 +293,7 @@ export class OID4VCIHolder implements IAgentPlugin {
this.onContactIdentityCreated = onContactIdentityCreated
this.onCredentialStored = onCredentialStored
this.onIdentifierCreated = onIdentifierCreated
this.onVerifyEBSICredentialIssuer = onVerifyEBSICredentialIssuer
}

public async onEvent(event: any, context: RequiredContext): Promise<void> {
Expand Down Expand Up @@ -745,6 +773,7 @@ export class OID4VCIHolder implements IAgentPlugin {
credentialsToAccept.map((credentialToAccept) =>
verifyCredentialToAccept({
mappedCredential: credentialToAccept,
onVerifyEBSICredentialIssuer: this.onVerifyEBSICredentialIssuer,
context,
}),
),
Expand Down
14 changes: 12 additions & 2 deletions packages/oid4vci-holder/src/agent/OID4VCIHolderService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ export const selectCredentialLocaleBranding = async (
}

export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArgs): Promise<VerificationResult> => {
const { mappedCredential, hasher, context } = args
const { mappedCredential, hasher, onVerifyEBSICredentialIssuer, context } = args

const credential = mappedCredential.credentialToAccept.credentialResponse.credential as OriginalVerifiableCredential
if (!credential) {
Expand All @@ -135,7 +135,17 @@ export const verifyCredentialToAccept = async (args: VerifyCredentialToAcceptArg
) {
// TODO: Skipping VC validation for EBSI conformance issued credential, as their Issuer is not present in the ledger (sigh)
if (JSON.stringify(wrappedVC.decoded).includes('vc:ebsi:conformance')) {
return { source: wrappedVC, error: undefined, result: true, subResults: [] } satisfies VerificationResult
return {source: wrappedVC, error: undefined, result: true, subResults: []} satisfies VerificationResult
}

if (onVerifyEBSICredentialIssuer) {
try {
await onVerifyEBSICredentialIssuer({
wrappedVc: wrappedVC
})
} catch(e) {
return {source: wrappedVC, error: e.message, result: true, subResults: []} satisfies VerificationResult
}
}
}

Expand Down
23 changes: 23 additions & 0 deletions packages/oid4vci-holder/src/types/IOID4VCIHolder.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ export type OID4VCIHolderOptions = {
onContactIdentityCreated?: (args: OnContactIdentityCreatedArgs) => Promise<void>
onCredentialStored?: (args: OnCredentialStoredArgs) => Promise<void>
onIdentifierCreated?: (args: OnIdentifierCreatedArgs) => Promise<void>
onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>
vcFormatPreferences?: Array<string>
jsonldCryptographicSuitePreferences?: Array<string>
defaultAuthorizationRequestOptions?: AuthorizationRequestOpts
Expand Down Expand Up @@ -164,6 +165,7 @@ export enum SupportedLanguage {

export type VerifyCredentialToAcceptArgs = {
mappedCredential: MappedCredentialToAccept
onVerifyEBSICredentialIssuer?: (args: VerifyEBSICredentialIssuerArgs) => Promise<VerifyEBSICredentialIssuerResult>
hasher?: Hasher
context: RequiredContext
}
Expand Down Expand Up @@ -602,4 +604,25 @@ export type RequiredContext = IAgentContext<
IKeyManager &
ISDJwtPlugin
>

export type IssuerType = 'RootTAO' | 'TAO' | 'TI' | 'Revoked or Undefined'

export type VerifyEBSICredentialIssuerArgs = {
wrappedVc: WrappedVerifiableCredential,
issuerType?: IssuerType[]
}

export type Attribute = {
hash: string
body: string
issuerType: IssuerType
tao: string
rootTao: string
}

export type VerifyEBSICredentialIssuerResult = {
did: string
attributes: Attribute[]
}

export type DidAgents = TAgent<IResolver & IDIDManager>