-
Notifications
You must be signed in to change notification settings - Fork 197
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
6824d8e
commit 414eb97
Showing
5 changed files
with
166 additions
and
116 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
import type { Nullable, com } from '@sphereon/kmp-mdl-mdoc' | ||
|
||
import { type AgentContext } from '../..' | ||
|
||
type ICoseKeyCbor = com.sphereon.cbor.cose.ICoseKeyCbor | ||
type ICoseCallbackServiceJS = com.sphereon.crypto.ICoseCryptoCallbackJS | ||
type KeyInfo = com.sphereon.crypto.IKeyInfo<com.sphereon.cbor.cose.ICoseKeyCbor> | ||
type CoseSign1Cbor<CborType, JsonType> = com.sphereon.cbor.cose.CoseSign1InputCbor<CborType, JsonType> | ||
type IKey = com.sphereon.cbor.cose.IKey | ||
type IVerifySignatureResult<KeyType extends IKey> = com.sphereon.crypto.IVerifySignatureResult<KeyType> | ||
|
||
/** | ||
* This class can be used for Cose signing and sigature verification. | ||
* Either have an instance per trustedCerts and verification invocation or use a single instance and provide the trusted certs in the method argument | ||
* | ||
* The class is also registered with the low-level mDL/mdoc Kotlin Multiplatform library | ||
* Next to the specific function for the library it exports a more powerful version of the same verification method as well | ||
*/ | ||
export class MdocCoseCallbackService implements ICoseCallbackServiceJS { | ||
public constructor() {} | ||
public async sign1<CborType, JsonType>( | ||
coseCborInput: CoseSign1Cbor<CborType, JsonType>, | ||
keyInfo: Nullable<KeyInfo> | ||
): Promise<com.sphereon.cbor.cose.CoseSign1Cbor<CborType, JsonType>> { | ||
throw new Error('not yet implemented') | ||
//if (!keyInfo?.key) { | ||
//throw new MdocError('Missing key in mdoc cose sign callback') | ||
//} | ||
//const jwk = getJwkFromJson(keyInfo.key.toJson()) | ||
//const key = jwk.key | ||
|
||
//if (!coseCborInput.payload) { | ||
//throw new MdocError('Missing payload in mdoc cose sign callback.') | ||
//} | ||
|
||
//const data = TypedArrayEncoder.fromHex(coseCborInput.payload.toHexString()) | ||
//const signedPayload = await this.agentContext.wallet.sign({ data, key }) | ||
|
||
//// TODO: I CANNOT IMAGE THIS IS TRUE | ||
//return new com.sphereon.cbor.cose.CoseSign1Cbor( | ||
//coseCborInput.protectedHeader, | ||
//coseCborInput.unprotectedHeader, | ||
//coseCborInput.payload, | ||
//new com.sphereon.cbor.CborByteString(new Int8Array(signedPayload)) | ||
//) | ||
} | ||
|
||
/** | ||
* This method is the implementation used within the mDL/Mdoc library | ||
*/ | ||
public async verify1<CborType, JsonType>( | ||
input: CoseSign1Cbor<CborType, JsonType>, | ||
keyInfo: Nullable<KeyInfo> | ||
): Promise<IVerifySignatureResult<ICoseKeyCbor>> { | ||
return { | ||
error: false, | ||
keyInfo: undefined, | ||
name: 'cose-verification success', | ||
critical: false, | ||
message: 'cose-signature successfully validated', | ||
} satisfies IVerifySignatureResult<ICoseKeyCbor> | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
import type { AgentContext } from '../..' | ||
import type { com, Nullable } from '@sphereon/kmp-mdl-mdoc' | ||
|
||
import { X509Certificate } from '../x509/X509Certificate' | ||
import { X509Service } from '../x509/X509Service' | ||
|
||
type IX509CallbackServiceJS = com.sphereon.crypto.IX509ServiceJS | ||
|
||
type IKey = com.sphereon.cbor.cose.IKey | ||
type IX509VerificationResult<KeyType extends IKey> = com.sphereon.crypto.IX509VerificationResult<KeyType> | ||
|
||
/** | ||
* This class can be used for X509 validations. | ||
* Either have an instance per trustedCerts and verification invocation or use a single instance and provide the trusted certs in the method argument | ||
* | ||
* The class is also registered with the low-level mDL/mdoc Kotlin Multiplatform library | ||
* Next to the specific function for the library it exports a more powerful version of the same verification method as well | ||
*/ | ||
export class MdocX509CallbackService implements IX509CallbackServiceJS { | ||
public constructor(private agentContext: AgentContext, private trustedCertificates: [string, ...string[]]) {} | ||
|
||
/** | ||
* This method is the implementation used within the mDL/Mdoc library | ||
*/ | ||
public async verifyCertificateChainJS<KeyType extends IKey>( | ||
chainDER: Nullable<Int8Array[]> | ||
): Promise<IX509VerificationResult<KeyType>> { | ||
if (!chainDER) { | ||
return { | ||
name: 'x509-verification invalid parameters', | ||
message: 'Missing ChainDER parameter when verifying the Certificate chain.', | ||
critical: true, | ||
error: true, | ||
} satisfies IX509VerificationResult<IKey> | ||
} | ||
|
||
try { | ||
const certificateChain = chainDER.map((value) => | ||
X509Certificate.fromRawCertificate(new Uint8Array(value)).toString('base64url') | ||
) | ||
|
||
await X509Service.validateCertificateChain(this.agentContext, { certificateChain }) | ||
const leafCertificate = X509Service.getLeafCertificate(this.agentContext, { certificateChain }) | ||
|
||
return { | ||
publicKey: leafCertificate.publicKey as unknown as undefined, // TODO: | ||
publicKeyAlgorithm: undefined, | ||
publicKeyParams: undefined, | ||
name: 'x509-verification success', | ||
message: 'x509-chain successfully validated', | ||
critical: false, | ||
error: false, | ||
} satisfies IX509VerificationResult<IKey> | ||
} catch (error) { | ||
return { | ||
name: 'x509-verification failed', | ||
message: | ||
error instanceof Error | ||
? error.message | ||
: 'An unknown error occurred during x509 certificate chain validation.', | ||
critical: true, | ||
error: true, | ||
} satisfies IX509VerificationResult<IKey> | ||
} | ||
} | ||
|
||
public getTrustedCerts = () => { | ||
return this.trustedCertificates | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters