check validity of vid on vid auth comp

gunet · Sep 6, 2024 · bb8e406 · bb8e406
1 parent 3572185
commit bb8e406
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 9 deletions.
diff --git a/...configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts b/...configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts
@@ -61,14 +61,13 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 		const parsedPayload = JSON.parse(base64url.decode(payload)) as { vp: any };
 		const credential = parsedPayload.vp.verifiableCredential[0];
 
-		const [_credentialHeader, credentialPayload] = credential.split('.');
+		const [_credentialHeader, credentialPayload, _sig] = credential.split('.');
 
 		const parsedCredPayload = JSON.parse(base64url.decode(credentialPayload)) as any;
-		console.log("Parsed cred payload = ", parsedCredPayload)
 
-		console.log("Exp = ", parsedCredPayload.exp)
-		console.log("Now = ", Date.now() / 1000)
-		if (parsedCredPayload.exp < (Date.now() / 1000)) {
+		const { validityPeriod: { startingDate, endingDate }} = parsedCredPayload.vc.credentialSubject;
+
+		if (new Date(startingDate) > new Date() || new Date() > new Date(endingDate)) {
 			return { valid: false };
 		}
 
@@ -93,15 +92,16 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 			.where("state.vid_auth_state = :vid_auth_state", { vid_auth_state: state })
 			.getOne();
 
-		if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["VID"] || !queryRes.raw_presentation) {
+		if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["PID"]) {
 			return;
 		}
 
-		const { valid } = await this.checkForInvalidCredentials(queryRes.raw_presentation);
+		const { valid } = await this.checkForInvalidCredentials(queryRes!.raw_presentation as string);
 		if (!valid) {
-			return await this.redirectToFailurePage(req, res, "Credential is expired");
+			return await this.redirectToFailurePage(req, res, "Credential is not valid");
 		}
-		const personalIdentifier = queryRes.claims["VID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null;
+		const personalIdentifier = queryRes.claims["PID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null;
+
 		if (!personalIdentifier) {
 			return;
 		}

diff --git a/...configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts b/...configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts
@@ -13,6 +13,7 @@ import * as qrcode from 'qrcode';
 import { openidForPresentationReceivingService, verifierConfigurationService } from "../../services/instances";
 import { UserAuthenticationMethod } from "../../types/UserAuthenticationMethod.enum";
 import { PresentationDefinitionTypeWithFormat } from "../verifier/VerifierConfigurationService";
+import base64url from "base64url";
 
 export class VIDAuthenticationComponent extends AuthenticationComponent {
 
@@ -55,6 +56,24 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 		return true
 	}
 
+	private async checkForInvalidCredentials(vp_token: string): Promise<{ valid: boolean }> {
+		const [_header, payload, _] = vp_token.split('.');
+		const parsedPayload = JSON.parse(base64url.decode(payload)) as { vp: any };
+		const credential = parsedPayload.vp.verifiableCredential[0];
+
+		const [_credentialHeader, credentialPayload, _sig] = credential.split('.');
+
+		const parsedCredPayload = JSON.parse(base64url.decode(credentialPayload)) as any;
+
+		const { validityPeriod: { startingDate, endingDate }} = parsedCredPayload.vc.credentialSubject;
+
+		if (new Date(startingDate) > new Date() || new Date() > new Date(endingDate)) {
+			return { valid: false };
+		}
+
+		return { valid: true };
+	}
+
 	private async handleCallback(req: Request, res: Response): Promise<any> {
 		const state = req.query.state as string; // find the vp based on the state
 
@@ -75,7 +94,13 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 		if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["PID"]) {
 			return;
 		}
+
+		const { valid } = await this.checkForInvalidCredentials(queryRes!.raw_presentation as string);
+		if (!valid) {
+			return await this.redirectToFailurePage(req, res, "Credential is not valid");
+		}
 		const personalIdentifier = queryRes.claims["PID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null;
+
 		if (!personalIdentifier) {
 			return;
 		}
@@ -93,6 +118,14 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 
 	}
 
+	private async redirectToFailurePage(_req: Request, res: Response, msg: string) {
+		res.render('error', {
+			code: 100,
+			msg: msg,
+			locale: locale,
+		})
+	}
+
 	private async askForPresentation(req: Request, res: Response): Promise<any> {
 		if (req.body.state && req.method == "POST") {
 			console.log("Got state = ", req.body.state)