@blamejs/core 0.8.59 → 0.8.64

package/lib/auth/sd-jwt-vc-holder.js

@@ -128,16 +128,32 @@ function create(opts) {
       throw new AuthError("auth-sd-jwt-vc/bad-token",
         "holder.store: sdJwt is required");
     }
+    if (spec.keyAttestation !== undefined && spec.keyAttestation !== null) {
+      // OpenID4VCI key-attestation extension — operator-supplied JWT
+      // signed by the holder-device attestation issuer (TEE / Apple
+      // App Attest / Play Integrity / FIDO MDS3 anchor). Stored
+      // verbatim; surfaced in present()'s key-binding header so the
+      // verifier can validate the holder-key provenance alongside
+      // the cnf-bound presentation. Refuse anything that doesn't
+      // look like a JWS (3 dot-separated segments).
+      if (typeof spec.keyAttestation !== "string" ||
+          spec.keyAttestation.split(".").length !== 3) {
+        throw new AuthError("auth-sd-jwt-vc/bad-key-attestation",
+          "holder.store: keyAttestation must be a JWS-compact-serialized JWT (3 dot-separated segments)");
+      }
+    }
     var record = {
-      id:        spec.id,
-      sdJwt:     spec.sdJwt,
-      vct:       spec.vct || null,
-      issuer:    spec.issuer || null,
-      receivedAt: Date.now(),
+      id:             spec.id,
+      sdJwt:          spec.sdJwt,
+      vct:            spec.vct || null,
+      issuer:         spec.issuer || null,
+      keyAttestation: spec.keyAttestation || null,
+      receivedAt:     Date.now(),
     };
     await opts.storage.put(spec.id, record);
     _emitAudit("auth.sdJwtVc.holder.stored", "success", {
       id: spec.id, vct: record.vct, issuer: record.issuer,
+      hasKeyAttestation: !!record.keyAttestation,
     });
     _emitMetric("stored");
     return record;
@@ -153,6 +169,10 @@ function create(opts) {
       throw new AuthError("auth-sd-jwt-vc/credential-not-found",
         "holder.present: credentialId \"" + spec.credentialId + "\" not found in storage");
     }
+    // Operator may override the stored key_attestation per
+    // presentation (e.g., a fresh attestation token bound to the
+    // verifier nonce + audience for higher-AAL flows).
+    var keyAttestation = spec.keyAttestation || record.keyAttestation || null;
     var presentation = sdJwtVcCore().present({
       sdJwt:               record.sdJwt,
       disclosedClaimNames: spec.disclosedClaimNames || [],
@@ -160,11 +180,13 @@ function create(opts) {
       nonce:               spec.nonce || null,
       holderKey:           opts.holderKey,
       algorithm:           algorithm,
+      keyAttestation:      keyAttestation,
     });
     _emitAudit("auth.sdJwtVc.holder.presented", "success", {
-      credentialId: spec.credentialId,
-      audience:     spec.audience || null,
-      disclosed:    (spec.disclosedClaimNames || []).length,
+      credentialId:       spec.credentialId,
+      audience:           spec.audience || null,
+      disclosed:          (spec.disclosedClaimNames || []).length,
+      hasKeyAttestation:  !!keyAttestation,
     });
     _emitMetric("presented");
     return presentation;

package/lib/auth/sd-jwt-vc.js

@@ -271,6 +271,7 @@ function present(opts) {
   validateOpts(opts, [
     "sdJwt", "disclosedClaimNames", "audience",
     "nonce", "holderKey", "algorithm", "issuedAt",
+    "keyAttestation",
   ], "auth.sdJwtVc.present");
 
   validateOpts.requireNonEmptyString(opts.sdJwt,
@@ -324,6 +325,16 @@ function present(opts) {
       sd_hash:  sdHash,
     };
     var kbHeader = { alg: algorithm, typ: "kb+jwt" };
+    if (typeof opts.keyAttestation === "string" && opts.keyAttestation.length > 0) {
+      // OpenID4VCI key-attestation extension. The attestation JWT
+      // travels in the KB-JWT header so a verifier with no extra
+      // round-trip can validate the holder-key provenance (TEE /
+      // hardware-backed key) alongside the cnf-bound key-binding
+      // signature. Operators wanting per-presentation freshness
+      // mint a new attestation per audience+nonce on the holder
+      // device and pass it via opts.keyAttestation.
+      kbHeader.key_attestation = opts.keyAttestation;
+    }
     var kbJwt = _signJwt(kbHeader, kbPayload, opts.holderKey, algorithm);
     presentation += kbJwt;
   }
@@ -343,6 +354,7 @@ async function verify(presentation, opts) {
     "issuerKeyResolver", "audience", "nonce",
     "now", "expectedVct", "maxClockSkewSec",
     "requireKeyBinding",
+    "keyAttestationVerifier", "requireKeyAttestation",
   ], "auth.sdJwtVc.verify");
 
   if (typeof presentation !== "string" || presentation.length === 0) {
@@ -438,6 +450,7 @@ async function verify(presentation, opts) {
   // 4. Optionally verify Key Binding JWT
   var kbValidated = false;
   var holderKey = null;
+  var keyAttestationClaims = null;
   if (jwtParsed.payload.cnf && jwtParsed.payload.cnf.jwk) {
     holderKey = jwtParsed.payload.cnf.jwk;
   }
@@ -488,6 +501,46 @@ async function verify(presentation, opts) {
         "verify: KB-JWT iat is in the future");
     }
     kbValidated = true;
+
+    // OpenID4VCI key-attestation extension: the holder may include
+    // a key_attestation JWT in the KB-JWT header. The framework
+    // surfaces it for the operator-supplied verifier callback so
+    // policy decisions about TEE provenance / hardware-backed-key
+    // requirement / app-attest origin / FIDO MDS3 anchor stay in
+    // the operator's hands. The framework does NOT trust-anchor
+    // resolve attestation issuers itself — the operator's
+    // verifier picks the right anchor for the use case.
+    if (typeof kbHeaderObj.key_attestation === "string" &&
+        kbHeaderObj.key_attestation.length > 0) {
+      if (typeof opts.keyAttestationVerifier !== "function") {
+        if (opts.requireKeyAttestation === true) {
+          throw new AuthError("auth-sd-jwt-vc/no-attestation-verifier",
+            "verify: requireKeyAttestation=true but no keyAttestationVerifier supplied");
+        }
+        // No verifier — surface the raw token and let the caller
+        // skip; we don't trust an attestation we can't verify.
+      } else {
+        try {
+          keyAttestationClaims = await opts.keyAttestationVerifier({
+            jwt:        kbHeaderObj.key_attestation,
+            holderKey:  holderKey,
+            audience:   opts.audience || null,
+            nonce:      opts.nonce || null,
+          });
+        } catch (e) {
+          throw new AuthError("auth-sd-jwt-vc/attestation-verify-failed",
+            "verify: keyAttestationVerifier rejected the attestation: " +
+            ((e && e.message) || String(e)));
+        }
+        if (!keyAttestationClaims || typeof keyAttestationClaims !== "object") {
+          throw new AuthError("auth-sd-jwt-vc/attestation-empty",
+            "verify: keyAttestationVerifier returned no claims (must return the verified attestation payload)");
+        }
+      }
+    } else if (opts.requireKeyAttestation === true) {
+      throw new AuthError("auth-sd-jwt-vc/missing-key-attestation",
+        "verify: requireKeyAttestation=true but KB-JWT carries no key_attestation header");
+    }
   } else if (opts.requireKeyBinding) {
     throw new AuthError("auth-sd-jwt-vc/missing-kb",
       "verify: KB-JWT required (requireKeyBinding=true) but not present");
@@ -502,13 +555,14 @@ async function verify(presentation, opts) {
   });
 
   return {
-    valid:           true,
-    claims:          resolved,
-    disclosedClaims: disclosedClaims,
-    issuerHeader:    jwtParsed.header,
-    issuerPayload:   jwtParsed.payload,
-    holderKey:       holderKey,
-    kbValidated:     kbValidated,
+    valid:                 true,
+    claims:                resolved,
+    disclosedClaims:       disclosedClaims,
+    issuerHeader:          jwtParsed.header,
+    issuerPayload:         jwtParsed.payload,
+    holderKey:             holderKey,
+    kbValidated:           kbValidated,
+    keyAttestationClaims:  keyAttestationClaims,
   };
 }