@openid4vc/openid4vp 0.3.0-alpha-20250304095426 → 0.3.0-alpha-20250307131618
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +50 -29
- package/dist/index.d.ts +50 -29
- package/dist/index.js +74 -2
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +78 -2
- package/dist/index.mjs.map +1 -1
- package/package.json +3 -3
package/dist/index.mjs
CHANGED
|
@@ -1055,7 +1055,7 @@ import { decodeBase64, encodeToUtf8String, parseIfJson } from "@openid4vc/utils"
|
|
|
1055
1055
|
import { z as z14 } from "zod";
|
|
1056
1056
|
var zTransactionEntry = z14.object({
|
|
1057
1057
|
type: z14.string(),
|
|
1058
|
-
credential_ids: z14.array(z14.string()).
|
|
1058
|
+
credential_ids: z14.array(z14.string()).nonempty(),
|
|
1059
1059
|
transaction_data_hashes_alg: z14.array(z14.string()).optional()
|
|
1060
1060
|
});
|
|
1061
1061
|
var zTransactionData = z14.array(zTransactionEntry);
|
|
@@ -1071,7 +1071,11 @@ function parseTransactionData(options) {
|
|
|
1071
1071
|
error_description: "Failed to parse transaction data."
|
|
1072
1072
|
});
|
|
1073
1073
|
}
|
|
1074
|
-
return parsedResult.data
|
|
1074
|
+
return parsedResult.data.map((decoded2, index) => ({
|
|
1075
|
+
transactionData: decoded2,
|
|
1076
|
+
encoded: transactionData[index],
|
|
1077
|
+
transactionDataIndex: index
|
|
1078
|
+
}));
|
|
1075
1079
|
}
|
|
1076
1080
|
|
|
1077
1081
|
// src/authorization-request/resolve-authorization-request.ts
|
|
@@ -1640,6 +1644,75 @@ var Openid4vpClient = class {
|
|
|
1640
1644
|
}
|
|
1641
1645
|
};
|
|
1642
1646
|
|
|
1647
|
+
// src/transaction-data/verify-transaction-data.ts
|
|
1648
|
+
import {
|
|
1649
|
+
HashAlgorithm,
|
|
1650
|
+
Oauth2ErrorCodes as Oauth2ErrorCodes11,
|
|
1651
|
+
Oauth2ServerErrorResponseError as Oauth2ServerErrorResponseError13
|
|
1652
|
+
} from "@openid4vc/oauth2";
|
|
1653
|
+
import { decodeUtf8String, encodeToBase64Url } from "@openid4vc/utils";
|
|
1654
|
+
async function verifyTransactionData(options) {
|
|
1655
|
+
const parsedTransactionData = parseTransactionData({
|
|
1656
|
+
transactionData: options.transactionData
|
|
1657
|
+
});
|
|
1658
|
+
const matchedEntries = [];
|
|
1659
|
+
for (const parsedEntry of parsedTransactionData) {
|
|
1660
|
+
const matchedEntry = await verifyTransactionDataEntry({
|
|
1661
|
+
entry: parsedEntry,
|
|
1662
|
+
callbacks: options.callbacks,
|
|
1663
|
+
credentials: options.credentials
|
|
1664
|
+
});
|
|
1665
|
+
matchedEntries.push(matchedEntry);
|
|
1666
|
+
}
|
|
1667
|
+
return matchedEntries;
|
|
1668
|
+
}
|
|
1669
|
+
async function verifyTransactionDataEntry({
|
|
1670
|
+
entry,
|
|
1671
|
+
credentials,
|
|
1672
|
+
callbacks
|
|
1673
|
+
}) {
|
|
1674
|
+
const allowedAlgs = entry.transactionData.transaction_data_hashes_alg ?? ["sha-256"];
|
|
1675
|
+
const supportedAlgs = allowedAlgs.filter(
|
|
1676
|
+
(alg) => Object.values(HashAlgorithm).includes(alg)
|
|
1677
|
+
);
|
|
1678
|
+
const hashes = {};
|
|
1679
|
+
for (const alg of supportedAlgs) {
|
|
1680
|
+
hashes[alg] = encodeToBase64Url(await callbacks.hash(decodeUtf8String(entry.encoded), alg));
|
|
1681
|
+
}
|
|
1682
|
+
for (const credentialId of entry.transactionData.credential_ids) {
|
|
1683
|
+
const transactionDataHashesCredential = credentials[credentialId];
|
|
1684
|
+
if (!transactionDataHashesCredential) continue;
|
|
1685
|
+
const alg = transactionDataHashesCredential.transaction_data_hashes_alg ?? "sha-256";
|
|
1686
|
+
const hash = hashes[alg];
|
|
1687
|
+
if (!allowedAlgs.includes(alg)) {
|
|
1688
|
+
throw new Oauth2ServerErrorResponseError13({
|
|
1689
|
+
error: Oauth2ErrorCodes11.InvalidTransactionData,
|
|
1690
|
+
error_description: `Transaction data entry with index ${entry.transactionDataIndex} is hashed using alg '${alg}'. However transaction data only allows alg values ${allowedAlgs.join(", ")}.`
|
|
1691
|
+
});
|
|
1692
|
+
}
|
|
1693
|
+
if (!hash) {
|
|
1694
|
+
throw new Oauth2ServerErrorResponseError13({
|
|
1695
|
+
error: Oauth2ErrorCodes11.InvalidTransactionData,
|
|
1696
|
+
error_description: `Transaction data entry with index ${entry.transactionDataIndex} is hashed using unsupported alg '${alg}'. This library only supports verification of transaction data hashes using alg values ${Object.values(HashAlgorithm).join(", ")}. Either verify the hashes outside of this library, or limit the allowed alg values to the ones supported by this library.`
|
|
1697
|
+
});
|
|
1698
|
+
}
|
|
1699
|
+
const credentialHashIndex = transactionDataHashesCredential.transaction_data_hashes.indexOf(hash);
|
|
1700
|
+
if (credentialHashIndex !== -1) {
|
|
1701
|
+
return {
|
|
1702
|
+
transactionDataEntry: entry,
|
|
1703
|
+
credentialId,
|
|
1704
|
+
hash,
|
|
1705
|
+
hashAlg: alg,
|
|
1706
|
+
credentialHashIndex
|
|
1707
|
+
};
|
|
1708
|
+
}
|
|
1709
|
+
}
|
|
1710
|
+
throw new Oauth2ServerErrorResponseError13({
|
|
1711
|
+
error: Oauth2ErrorCodes11.InvalidTransactionData,
|
|
1712
|
+
error_description: `Transaction data entry with index ${entry.transactionDataIndex} does not have a matching hash in any of the submitted credentials`
|
|
1713
|
+
});
|
|
1714
|
+
}
|
|
1715
|
+
|
|
1643
1716
|
// src/Openid4vpVerifier.ts
|
|
1644
1717
|
var Openid4vpVerifier = class {
|
|
1645
1718
|
constructor(options) {
|
|
@@ -1666,6 +1739,9 @@ var Openid4vpVerifier = class {
|
|
|
1666
1739
|
parseTransactionData(options) {
|
|
1667
1740
|
return parseTransactionData(options);
|
|
1668
1741
|
}
|
|
1742
|
+
verifyTransactionData(options) {
|
|
1743
|
+
return verifyTransactionData(options);
|
|
1744
|
+
}
|
|
1669
1745
|
};
|
|
1670
1746
|
|
|
1671
1747
|
// src/models/z-credential-formats.ts
|