From 2084d23885bf7274be107689796ae5a588b373b4 Mon Sep 17 00:00:00 2001 From: sanderPostma Date: Thu, 6 Feb 2025 17:35:00 +0100 Subject: [PATCH] chore: _sd_alg to lowercase sha-256 --- packages/oid4vci-issuer/src/functions.ts | 2 ++ packages/sd-jwt/src/action-handler.ts | 23 ++++++++++++----------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/packages/oid4vci-issuer/src/functions.ts b/packages/oid4vci-issuer/src/functions.ts index 3b7209e3e..b35d53120 100644 --- a/packages/oid4vci-issuer/src/functions.ts +++ b/packages/oid4vci-issuer/src/functions.ts @@ -256,6 +256,8 @@ export async function getCredentialSignerCallback( // TODO check, looks like sdJwtPayload and credentialStatusVC is the same return Promise.reject(Error('slAddStatusToSdJwtCredential did not return a status_list')) } + + // Update statusListId & statusListIndex back to the credential session TODO SSISDK-4 This is not a clean way to do this. if (statusLists && statusLists.length > 0) { const statusList = statusLists[0] statusList.statusListId = credentialStatusVC.status.status_list.uri diff --git a/packages/sd-jwt/src/action-handler.ts b/packages/sd-jwt/src/action-handler.ts index 101f762a5..cc3bf3d5f 100644 --- a/packages/sd-jwt/src/action-handler.ts +++ b/packages/sd-jwt/src/action-handler.ts @@ -9,11 +9,7 @@ import { decodeBase64url } from '@veramo/utils' import Debug from 'debug' import { defaultGenerateDigest, defaultGenerateSalt, defaultVerifySignature } from './defaultCallbacks' import { funkeTestCA, sphereonCA } from './trustAnchors' -import { - assertValidTypeMetadata, - fetchUrlWithErrorHandling, - validateIntegrity -} from './utils' +import { assertValidTypeMetadata, fetchUrlWithErrorHandling, validateIntegrity } from './utils' import { Claims, FetchSdJwtTypeMetadataFromVctUrlArgs, @@ -32,7 +28,7 @@ import { SdJWTImplementation, SdJwtVerifySignature, SignKeyArgs, - SignKeyResult + SignKeyResult, } from './types' const debug = Debug('@sphereon/ssi-sdk.sd-jwt') @@ -115,7 +111,7 @@ export class SDJwtPlugin implements IAgentPlugin { hasher: this.registeredImplementations.hasher, saltGenerator: this.registeredImplementations.saltGenerator, signAlg: alg ?? 'ES256', - hashAlg: 'SHA-256', + hashAlg: 'sha-256', }) const credential = await sdjwt.issue(args.credentialPayload, args.disclosureFrame as DisclosureFrame, { @@ -255,7 +251,13 @@ export class SDJwtPlugin implements IAgentPlugin { * @param signature - The signature * @returns */ - async verify(sdjwt: SDJwtVcInstance, context: IRequiredContext, data: string, signature: string, opts?: {x5cValidation?: X509CertificateChainValidationOpts}): Promise { + async verify( + sdjwt: SDJwtVcInstance, + context: IRequiredContext, + data: string, + signature: string, + opts?: { x5cValidation?: X509CertificateChainValidationOpts }, + ): Promise { const decodedVC = await sdjwt.decode(`${data}.${signature}`) const issuer: string = ((decodedVC.jwt as Jwt).payload as Record).iss as string const header = (decodedVC.jwt as Jwt).header as Record @@ -271,7 +273,7 @@ export class SDJwtPlugin implements IAgentPlugin { chain: x5c, trustAnchors: Array.from(trustAnchors), // TODO: Defaults to allowing untrusted certs! Fine for now, not when wallets go mainstream - opts: opts?.x5cValidation ?? {trustRootWhenNoAnchors: true, allowNoTrustAnchorsFound: true}, + opts: opts?.x5cValidation ?? { trustRootWhenNoAnchors: true, allowNoTrustAnchorsFound: true }, }) if (certificateValidationResult.error || !certificateValidationResult?.certificateChain) { @@ -346,7 +348,7 @@ export class SDJwtPlugin implements IAgentPlugin { * @returns */ async fetchSdJwtTypeMetadataFromVctUrl(args: FetchSdJwtTypeMetadataFromVctUrlArgs, context: IRequiredContext): Promise { - const {vct, opts} = args + const { vct, opts } = args const url = new URL(vct) const response = await fetchUrlWithErrorHandling(url.toString()) @@ -391,5 +393,4 @@ export class SDJwtPlugin implements IAgentPlugin { } return parts[2].split('#')[0] } - }