UNPKG

@sphereon/openid4vci-client

Version:

OpenID for Verifiable Credential Issuance (OpenID4VCI) client

105 lines • 10.4 kB

JavaScript

"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.createProofOfPossession = void 0; const debug_1 = __importDefault(require("debug")); const types_1 = require("../types"); const debug = (0, debug_1.default)('sphereon:openid4vci:token'); /** * * - proofOfPossessionCallback: JWTSignerCallback * Mandatory if you want to create (sign) ProofOfPossession * - proofOfPossessionVerifierCallback?: JWTVerifyCallback * If exists, verifies the ProofOfPossession * - proofOfPossessionCallbackArgs: ProofOfPossessionCallbackArgs * arguments needed for signing ProofOfPossession * @param callbacks: * - proofOfPossessionCallback: JWTSignerCallback * Mandatory to create (sign) ProofOfPossession * - proofOfPossessionVerifierCallback?: JWTVerifyCallback * If exists, verifies the ProofOfPossession * @param kid: the kid refers to a DID URL which identifies a particular key in the DID Document that the Credential shall be bound to * @param endpointMetadata * - Mandatory for signing the ProofOfPossession * @param jwtArgs * @param clientId * - Optional, clientId of the party requesting the credential */ const createProofOfPossession = (callbacks, jwtProps, existingJwt) => __awaiter(void 0, void 0, void 0, function* () { if (!callbacks.signCallback) { debug(`no jwt signer callback or arguments supplied!`); throw new Error(types_1.BAD_PARAMS); } const signerArgs = createJWT(jwtProps, existingJwt); const jwt = yield callbacks.signCallback(signerArgs, signerArgs.header.kid); const proof = { proof_type: types_1.ProofType.JWT, jwt, }; try { partiallyValidateJWS(jwt); if (callbacks.verifyCallback) { debug(`Calling supplied verify callback....`); yield callbacks.verifyCallback({ jwt, kid: signerArgs.header.kid }); debug(`Supplied verify callback return success result`); } } catch (_a) { debug(`JWS was not valid`); throw new Error(types_1.JWS_NOT_VALID); } debug(`Proof of Possession JWT:\r\n${jwt}`); return proof; }); exports.createProofOfPossession = createProofOfPossession; const partiallyValidateJWS = (jws) => { if (jws.split('.').length !== 3 || !jws.startsWith('ey')) { throw new Error(types_1.JWS_NOT_VALID); } }; const createJWT = (jwtProps, existingJwt) => { var _a, _b, _c, _d, _e, _f, _g, _h; const aud = getJwtProperty('aud', true, jwtProps.issuer, (_a = existingJwt === null || existingJwt === void 0 ? void 0 : existingJwt.payload) === null || _a === void 0 ? void 0 : _a.aud); const iss = getJwtProperty('iss', false, jwtProps.clientId, (_b = existingJwt === null || existingJwt === void 0 ? void 0 : existingJwt.payload) === null || _b === void 0 ? void 0 : _b.iss); const jti = getJwtProperty('jti', false, jwtProps.jti, (_c = existingJwt === null || existingJwt === void 0 ? void 0 : existingJwt.payload) === null || _c === void 0 ? void 0 : _c.jti); const nonce = getJwtProperty('nonce', false, jwtProps.nonce, (_d = existingJwt === null || existingJwt === void 0 ? void 0 : existingJwt.payload) === null || _d === void 0 ? void 0 : _d.nonce); // Officially this is required, but some implementations don't have it const alg = getJwtProperty('alg', false, jwtProps.alg, (_e = existingJwt === null || existingJwt === void 0 ? void 0 : existingJwt.header) === null || _e === void 0 ? void 0 : _e.alg, 'ES256'); const kid = getJwtProperty('kid', true, jwtProps.kid, (_f = existingJwt === null || existingJwt === void 0 ? void 0 : existingJwt.header) === null || _f === void 0 ? void 0 : _f.kid); const jwt = existingJwt ? existingJwt : {}; const now = +new Date(); const jwtPayload = Object.assign(Object.assign({ aud, iat: ((_g = jwt.payload) === null || _g === void 0 ? void 0 : _g.iat) ? jwt.payload.iat : now / 1000 - 60, exp: ((_h = jwt.payload) === null || _h === void 0 ? void 0 : _h.exp) ? jwt.payload.exp : now / 1000 + 10 * 60, nonce }, (iss ? { iss } : {})), (jti ? { jti } : {})); const jwtHeader = { typ: 'JWT', alg, kid, }; return { payload: Object.assign(Object.assign({}, jwt.payload), jwtPayload), header: Object.assign(Object.assign({}, jwt.header), jwtHeader), }; }; const getJwtProperty = (propertyName, required, option, jwtProperty, defaultValue) => { if (option && jwtProperty && option !== jwtProperty) { throw Error(`Cannot have a property '${propertyName}' with value '${option}' and different JWT value '${jwtProperty}' at the same time`); } let result = jwtProperty ? jwtProperty : option; if (!result) { if (required) { throw Error(`No ${propertyName} property provided either in a JWT or as option`); } result = defaultValue; } return result; }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUHJvb2ZVdGlsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vbGliL2Z1bmN0aW9ucy9Qcm9vZlV0aWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsa0RBQTBCO0FBRzFCLG9DQUFnSTtBQUVoSSxNQUFNLEtBQUssR0FBRyxJQUFBLGVBQUssRUFBQywyQkFBMkIsQ0FBQyxDQUFDO0FBRWpEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBbUJHO0FBQ0ksTUFBTSx1QkFBdUIsR0FBRyxDQUNyQyxTQUFxQyxFQUNyQyxRQUFtQixFQUNuQixXQUFpQixFQUNXLEVBQUU7SUFDOUIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUU7UUFDM0IsS0FBSyxDQUFDLCtDQUErQyxDQUFDLENBQUM7UUFDdkQsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQkFBVSxDQUFDLENBQUM7S0FDN0I7SUFDRCxNQUFNLFVBQVUsR0FBRyxTQUFTLENBQUMsUUFBUSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0lBQ3BELE1BQU0sR0FBRyxHQUFHLE1BQU0sU0FBUyxDQUFDLFlBQVksQ0FBQyxVQUFVLEVBQUUsVUFBVSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUM1RSxNQUFNLEtBQUssR0FBRztRQUNaLFVBQVUsRUFBRSxpQkFBUyxDQUFDLEdBQUc7UUFDekIsR0FBRztLQUNKLENBQUM7SUFFRixJQUFJO1FBQ0Ysb0JBQW9CLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDMUIsSUFBSSxTQUFTLENBQUMsY0FBYyxFQUFFO1lBQzVCLEtBQUssQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFDO1lBQzlDLE1BQU0sU0FBUyxDQUFDLGNBQWMsQ0FBQyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsVUFBVSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1lBQ3BFLEtBQUssQ0FBQyxnREFBZ0QsQ0FBQyxDQUFDO1NBQ3pEO0tBQ0Y7SUFBQyxXQUFNO1FBQ04sS0FBSyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQkFBYSxDQUFDLENBQUM7S0FDaEM7SUFDRCxLQUFLLENBQUMsK0JBQStCLEdBQUcsRUFBRSxDQUFDLENBQUM7SUFDNUMsT0FBTyxLQUFLLENBQUM7QUFDZixDQUFDLENBQUEsQ0FBQztBQTdCVyxRQUFBLHVCQUF1QiwyQkE2QmxDO0FBRUYsTUFBTSxvQkFBb0IsR0FBRyxDQUFDLEdBQVcsRUFBUSxFQUFFO0lBQ2pELElBQUksR0FBRyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRTtRQUN4RCxNQUFNLElBQUksS0FBSyxDQUFDLHFCQUFhLENBQUMsQ0FBQztLQUNoQztBQUNILENBQUMsQ0FBQztBQVdGLE1BQU0sU0FBUyxHQUFHLENBQUMsUUFBbUIsRUFBRSxXQUFpQixFQUFPLEVBQUU7O0lBQ2hFLE1BQU0sR0FBRyxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEVBQUUsTUFBQSxXQUFXLGFBQVgsV0FBVyx1QkFBWCxXQUFXLENBQUUsT0FBTywwQ0FBRSxHQUFHLENBQUMsQ0FBQztJQUNwRixNQUFNLEdBQUcsR0FBRyxjQUFjLENBQUMsS0FBSyxFQUFFLEtBQUssRUFBRSxRQUFRLENBQUMsUUFBUSxFQUFFLE1BQUEsV0FBVyxhQUFYLFdBQVcsdUJBQVgsV0FBVyxDQUFFLE9BQU8sMENBQUUsR0FBRyxDQUFDLENBQUM7SUFDdkYsTUFBTSxHQUFHLEdBQUcsY0FBYyxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsUUFBUSxDQUFDLEdBQUcsRUFBRSxNQUFBLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxPQUFPLDBDQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQ2xGLE1BQU0sS0FBSyxHQUFHLGNBQWMsQ0FBQyxPQUFPLEVBQUUsS0FBSyxFQUFFLFFBQVEsQ0FBQyxLQUFLLEVBQUUsTUFBQSxXQUFXLGFBQVgsV0FBVyx1QkFBWCxXQUFXLENBQUUsT0FBTywwQ0FBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLHNFQUFzRTtJQUNqSyxNQUFNLEdBQUcsR0FBRyxjQUFjLENBQUMsS0FBSyxFQUFFLEtBQUssRUFBRSxRQUFRLENBQUMsR0FBRyxFQUFFLE1BQUEsV0FBVyxhQUFYLFdBQVcsdUJBQVgsV0FBVyxDQUFFLE1BQU0sMENBQUUsR0FBRyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzFGLE1BQU0sR0FBRyxHQUFHLGNBQWMsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFLFFBQVEsQ0FBQyxHQUFHLEVBQUUsTUFBQSxXQUFXLGFBQVgsV0FBVyx1QkFBWCxXQUFXLENBQUUsTUFBTSwwQ0FBRSxHQUFHLENBQUMsQ0FBQztJQUNoRixNQUFNLEdBQUcsR0FBRyxXQUFXLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO0lBQzNDLE1BQU0sR0FBRyxHQUFHLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQztJQUN4QixNQUFNLFVBQVUsaUNBQ2QsR0FBRyxFQUNILEdBQUcsRUFBRSxDQUFBLE1BQUEsR0FBRyxDQUFDLE9BQU8sMENBQUUsR0FBRyxFQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLElBQUksR0FBRyxFQUFFLEVBQ3pELEdBQUcsRUFBRSxDQUFBLE1BQUEsR0FBRyxDQUFDLE9BQU8sMENBQUUsR0FBRyxFQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLElBQUksR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUM5RCxLQUFLLElBQ0YsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxHQUNwQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQ3hCLENBQUM7SUFFRixNQUFNLFNBQVMsR0FBd0I7UUFDckMsR0FBRyxFQUFFLEtBQUs7UUFDVixHQUFHO1FBQ0gsR0FBRztLQUNKLENBQUM7SUFDRixPQUFPO1FBQ0wsT0FBTyxrQ0FBTyxHQUFHLENBQUMsT0FBTyxHQUFLLFVBQVUsQ0FBRTtRQUMxQyxNQUFNLGtDQUFPLEdBQUcsQ0FBQyxNQUFNLEdBQUssU0FBUyxDQUFFO0tBQ3hDLENBQUM7QUFDSixDQUFDLENBQUM7QUFFRixNQUFNLGNBQWMsR0FBRyxDQUNyQixZQUFvQixFQUNwQixRQUFpQixFQUNqQixNQUFlLEVBQ2YsV0FBb0IsRUFDcEIsWUFBcUIsRUFDRCxFQUFFO0lBQ3RCLElBQUksTUFBTSxJQUFJLFdBQVcsSUFBSSxNQUFNLEtBQUssV0FBVyxFQUFFO1FBQ25ELE1BQU0sS0FBSyxDQUFDLDJCQUEyQixZQUFZLGlCQUFpQixNQUFNLDhCQUE4QixXQUFXLG9CQUFvQixDQUFDLENBQUM7S0FDMUk7SUFDRCxJQUFJLE1BQU0sR0FBRyxXQUFXLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDO0lBQ2hELElBQUksQ0FBQyxNQUFNLEVBQUU7UUFDWCxJQUFJLFFBQVEsRUFBRTtZQUNaLE1BQU0sS0FBSyxDQUFDLE1BQU0sWUFBWSxpREFBaUQsQ0FBQyxDQUFDO1NBQ2xGO1FBQ0QsTUFBTSxHQUFHLFlBQVksQ0FBQztLQUN2QjtJQUNELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUMsQ0FBQyJ9