@sphereon/ssi-sdk.credential-validation 0.37.2-next.34 → 0.37.2-next.46
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +22 -12
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +22 -12
- package/dist/index.js.map +1 -1
- package/package.json +9 -9
- package/src/agent/CredentialValidation.ts +29 -12
|
@@ -2,7 +2,6 @@ import mdocPkg from '@sphereon/kmp-mdoc-core'
|
|
|
2
2
|
import { IVerifySdJwtVcResult } from '@sphereon/ssi-sdk.sd-jwt'
|
|
3
3
|
import {
|
|
4
4
|
CredentialMapper,
|
|
5
|
-
ICoseKeyJson,
|
|
6
5
|
ICredentialSchemaType,
|
|
7
6
|
IVerifyResult,
|
|
8
7
|
OriginalVerifiableCredential,
|
|
@@ -26,6 +25,7 @@ import {
|
|
|
26
25
|
VerifySDJWTCredentialArgs,
|
|
27
26
|
} from '../index'
|
|
28
27
|
import IVerifySignatureResult = mdocPkg.com.sphereon.crypto.generic.IVerifySignatureResult
|
|
28
|
+
import ICoseKeyJson = mdocPkg.com.sphereon.crypto.cose.ICoseKeyJson
|
|
29
29
|
import decodeFrom = mdocPkg.com.sphereon.kmp.decodeFrom
|
|
30
30
|
import IssuerSignedCbor = mdocPkg.com.sphereon.mdoc.data.device.IssuerSignedCbor
|
|
31
31
|
import { defaultHasher } from '@sphereon/ssi-sdk.core'
|
|
@@ -176,17 +176,34 @@ export class CredentialValidation implements IAgentPlugin {
|
|
|
176
176
|
private async cvVerifyMdoc(args: VerifyMdocCredentialArgs, context: RequiredContext): Promise<VerificationResult> {
|
|
177
177
|
const { credential } = args
|
|
178
178
|
|
|
179
|
-
const
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
}
|
|
179
|
+
const rawBytes = decodeFrom(credential, mdocPkg.com.sphereon.kmp.Encoding.BASE64URL)
|
|
180
|
+
// Stash raw mdoc bytes so @sphereon/ssi-sdk.mdl-mdoc's verify1Async can rebuild Sig_structure
|
|
181
|
+
// from the untouched protected/payload bytes, working around the kmp-mdoc-core UTF-8 string
|
|
182
|
+
// round-trip that corrupts binary protected-header values (e.g. a bstr kid).
|
|
183
|
+
const u8Raw: Uint8Array =
|
|
184
|
+
rawBytes instanceof Uint8Array
|
|
185
|
+
? rawBytes
|
|
186
|
+
: ArrayBuffer.isView(rawBytes)
|
|
187
|
+
? new Uint8Array((rawBytes as ArrayBufferView).buffer, (rawBytes as ArrayBufferView).byteOffset, (rawBytes as ArrayBufferView).byteLength)
|
|
188
|
+
: Uint8Array.from((rawBytes as unknown as number[]).map((b) => b & 0xff))
|
|
189
|
+
const g = globalThis as unknown as { __sphereon_mdoc_raw_bytes?: Uint8Array }
|
|
190
|
+
const prevRaw = g.__sphereon_mdoc_raw_bytes
|
|
191
|
+
g.__sphereon_mdoc_raw_bytes = u8Raw
|
|
192
|
+
let verification: IVerifySignatureResult<ICoseKeyJson>
|
|
193
|
+
try {
|
|
194
|
+
const issuerSigned = IssuerSignedCbor.Static.cborDecode(rawBytes)
|
|
195
|
+
verification = await context.agent.mdocVerifyIssuerSigned({ input: issuerSigned.toJson().issuerAuth }).catch((error: Error) => {
|
|
196
|
+
console.error(error)
|
|
197
|
+
return {
|
|
198
|
+
name: 'mdoc',
|
|
199
|
+
critical: true,
|
|
200
|
+
error: true,
|
|
201
|
+
message: error.message ?? 'Mdoc Issuer Signed VC could not be verified',
|
|
202
|
+
} satisfies IVerifySignatureResult<ICoseKeyJson>
|
|
203
|
+
})
|
|
204
|
+
} finally {
|
|
205
|
+
g.__sphereon_mdoc_raw_bytes = prevRaw
|
|
206
|
+
}
|
|
190
207
|
|
|
191
208
|
return {
|
|
192
209
|
source: CredentialMapper.toWrappedVerifiableCredential(credential as OriginalVerifiableCredential, { hasher: defaultHasher }),
|