fix: Fix DID handling in OP session

Sphereon-Opensource · Feb 18, 2023 · 926e358 · 926e358
1 parent 1db71de
commit 926e358
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 17 deletions.
diff --git a/packages/did-auth-siop-op-authenticator/src/session/OpSession.ts b/packages/did-auth-siop-op-authenticator/src/session/OpSession.ts
@@ -16,6 +16,8 @@ import {
   VerifyAuthorizationRequestOpts,
   PresentationLocation,
   SigningAlgo,
+  SupportedVersion,
+  ResolveOpts,
 } from '@sphereon/did-auth-siop'
 import { SubmissionRequirementMatch } from '@sphereon/pex'
 import { IVerifiableCredential, IVerifiablePresentation, parseDid } from '@sphereon/ssi-types'
@@ -121,39 +123,45 @@ export class OpSession {
 
   public async verifySiopAuthorizationRequestURI(args: IOpsVerifySiopAuthorizationRequestUriArgs): Promise<VerifiedAuthorizationRequest> {
     // TODO fix supported dids structure https://sphereon.atlassian.net/browse/MYC-141
+
+    //fixme: registration can also be something else these days: client_metadata
     const didMethodsSupported = args.requestURI.registration?.did_methods_supported as string[]
     let didMethods: string[]
     if (didMethodsSupported && didMethodsSupported.length) {
       didMethods = didMethodsSupported.map((value: string) => value.split(':')[1])
     } else {
       // RP mentioned no didMethods, meaning we have to let it up to the RP to see whether it will work
-      if (this.supportedDidMethods) {
-        didMethods = [parseDid(this.identifier.did).method, ...this.supportedDidMethods]
-      } else {
-        didMethods = [parseDid(this.identifier.did).method]
-      }
+      didMethods = this.getAgentSupportedDIDMethods()
     }
 
-    const resolveOpts = this.resolver ? { resolver: this.resolver } : { didMethods }
+    const resolveOpts: ResolveOpts = this.resolver ? { resolver: this.resolver } : { subjectSyntaxTypesSupported: didMethods }
     const options: VerifyAuthorizationRequestOpts = {
       verification: {
         mode: VerificationMode.INTERNAL,
         resolveOpts,
       },
       nonce: args.requestURI.authorizationRequestPayload.nonce,
+      supportedVersions: [SupportedVersion.SIOPv2_ID1, SupportedVersion.SIOPv2_D11, SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1],
     }
 
     return this.op!.verifyAuthorizationRequest(args.requestURI.requestObjectJwt!, options).catch((error: string | undefined) =>
       Promise.reject(new Error(error))
     )
   }
 
+  private getAgentSupportedDIDMethods() {
+    if (this.supportedDidMethods) {
+      return [parseDid(this.identifier.did).method, ...this.supportedDidMethods]
+    } else {
+      return [parseDid(this.identifier.did).method]
+    }
+  }
+
   public async sendSiopAuthorizationResponse(args: IOpsSendSiopAuthorizationResponseArgs): Promise<Response> {
+    const resolveOpts: ResolveOpts = this.resolver ? { resolver: this.resolver } : { subjectSyntaxTypesSupported: this.getAgentSupportedDIDMethods() }
     const verification: Verification = {
       mode: VerificationMode.INTERNAL,
-      resolveOpts: {
-        resolver: this.resolver,
-      },
+      resolveOpts,
     }
 
     return this.op!.createAuthorizationResponse(args.verifiedAuthorizationRequest, {

diff --git a/packages/did-utils/src/x509-utils.ts b/packages/did-utils/src/x509-utils.ts
@@ -17,7 +17,10 @@ export function pemCertChainTox5c(cert: string, maxDepth?: number): string[] {
    * `maxdepth` The maximum number of certificates to use from the chain.
    */
 
-  const intermediate = cert.replace(/-----[^\n]+\n?/gm, ',').replace(/\n/g, '').replace(/\r/g, '')
+  const intermediate = cert
+    .replace(/-----[^\n]+\n?/gm, ',')
+    .replace(/\n/g, '')
+    .replace(/\r/g, '')
   let x5c = intermediate.split(',').filter(function (c) {
     return c.length > 0
   })

diff --git a/packages/vc-handler-ld-local/src/ld-credential-module.ts b/packages/vc-handler-ld-local/src/ld-credential-module.ts
@@ -53,7 +53,7 @@ export class LdCredentialModule {
     key: IKey,
     verificationMethodId: string,
     purpose: typeof ProofPurpose = new CredentialIssuancePurpose(),
-    context: IAgentContext<RequiredAgentMethods>,
+    context: IAgentContext<RequiredAgentMethods>
   ): Promise<VerifiableCredentialSP> {
     debug(`Issue VC method called for ${key.kid}...`)
     const suite = this.ldSuiteLoader.getSignatureSuiteForKeyType(key.type, key.meta?.verificationMethod?.type)
@@ -96,10 +96,10 @@ export class LdCredentialModule {
     purpose: typeof ProofPurpose = !challenge && !domain
       ? new AssertionProofPurpose()
       : new AuthenticationProofPurpose({
-        domain,
-        challenge,
-      }),
-    context: IAgentContext<RequiredAgentMethods>,
+          domain,
+          challenge,
+        }),
+    context: IAgentContext<RequiredAgentMethods>
   ): Promise<VerifiablePresentationSP> {
     const suite = this.ldSuiteLoader.getSignatureSuiteForKeyType(key.type, key.meta?.verificationMethod?.type)
     const documentLoader = this.ldDocumentLoader.getLoader(context, true)
@@ -129,7 +129,7 @@ export class LdCredentialModule {
     context: IAgentContext<IResolver>,
     fetchRemoteContexts = false,
     purpose: typeof ProofPurpose = new AssertionProofPurpose(),
-    checkStatus?: Function,
+    checkStatus?: Function
   ): Promise<boolean> {
     const verificationSuites = this.getAllVerificationSuites()
     this.ldSuiteLoader.getAllSignatureSuites().forEach((suite) => suite.preVerificationCredModification(credential))
@@ -178,7 +178,7 @@ export class LdCredentialModule {
     presentationPurpose: typeof ProofPurpose = !challenge && !domain
       ? new AssertionProofPurpose()
       : new AuthenticationProofPurpose({ domain, challenge }),
-    checkStatus?: Function,
+    checkStatus?: Function
     //AssertionProofPurpose()
   ): Promise<boolean> {
     // console.log(JSON.stringify(presentation, null, 2))