From bb8e406371eb9b741d49d84928dffd673685b28a Mon Sep 17 00:00:00 2001 From: emmanouil koukoularis Date: Fri, 6 Sep 2024 15:37:15 +0300 Subject: [PATCH] check validity of vid on vid auth comp --- .../VIDAuthenticationComponent.ts | 18 +++++----- .../VIDAuthenticationComponent.ts | 33 +++++++++++++++++++ 2 files changed, 42 insertions(+), 9 deletions(-) diff --git a/wallet-enterprise-configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts b/wallet-enterprise-configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts index 6de4aea..8f7d8df 100644 --- a/wallet-enterprise-configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts +++ b/wallet-enterprise-configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts @@ -61,14 +61,13 @@ export class VIDAuthenticationComponent extends AuthenticationComponent { const parsedPayload = JSON.parse(base64url.decode(payload)) as { vp: any }; const credential = parsedPayload.vp.verifiableCredential[0]; - const [_credentialHeader, credentialPayload] = credential.split('.'); + const [_credentialHeader, credentialPayload, _sig] = credential.split('.'); const parsedCredPayload = JSON.parse(base64url.decode(credentialPayload)) as any; - console.log("Parsed cred payload = ", parsedCredPayload) - console.log("Exp = ", parsedCredPayload.exp) - console.log("Now = ", Date.now() / 1000) - if (parsedCredPayload.exp < (Date.now() / 1000)) { + const { validityPeriod: { startingDate, endingDate }} = parsedCredPayload.vc.credentialSubject; + + if (new Date(startingDate) > new Date() || new Date() > new Date(endingDate)) { return { valid: false }; } @@ -93,15 +92,16 @@ export class VIDAuthenticationComponent extends AuthenticationComponent { .where("state.vid_auth_state = :vid_auth_state", { vid_auth_state: state }) .getOne(); - if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["VID"] || !queryRes.raw_presentation) { + if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["PID"]) { return; } - const { valid } = await this.checkForInvalidCredentials(queryRes.raw_presentation); + const { valid } = await this.checkForInvalidCredentials(queryRes!.raw_presentation as string); if (!valid) { - return await this.redirectToFailurePage(req, res, "Credential is expired"); + return await this.redirectToFailurePage(req, res, "Credential is not valid"); } - const personalIdentifier = queryRes.claims["VID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null; + const personalIdentifier = queryRes.claims["PID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null; + if (!personalIdentifier) { return; } diff --git a/wallet-enterprise-configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts b/wallet-enterprise-configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts index 0b171ec..b864dc0 100644 --- a/wallet-enterprise-configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts +++ b/wallet-enterprise-configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts @@ -13,6 +13,7 @@ import * as qrcode from 'qrcode'; import { openidForPresentationReceivingService, verifierConfigurationService } from "../../services/instances"; import { UserAuthenticationMethod } from "../../types/UserAuthenticationMethod.enum"; import { PresentationDefinitionTypeWithFormat } from "../verifier/VerifierConfigurationService"; +import base64url from "base64url"; export class VIDAuthenticationComponent extends AuthenticationComponent { @@ -55,6 +56,24 @@ export class VIDAuthenticationComponent extends AuthenticationComponent { return true } + private async checkForInvalidCredentials(vp_token: string): Promise<{ valid: boolean }> { + const [_header, payload, _] = vp_token.split('.'); + const parsedPayload = JSON.parse(base64url.decode(payload)) as { vp: any }; + const credential = parsedPayload.vp.verifiableCredential[0]; + + const [_credentialHeader, credentialPayload, _sig] = credential.split('.'); + + const parsedCredPayload = JSON.parse(base64url.decode(credentialPayload)) as any; + + const { validityPeriod: { startingDate, endingDate }} = parsedCredPayload.vc.credentialSubject; + + if (new Date(startingDate) > new Date() || new Date() > new Date(endingDate)) { + return { valid: false }; + } + + return { valid: true }; + } + private async handleCallback(req: Request, res: Response): Promise { const state = req.query.state as string; // find the vp based on the state @@ -75,7 +94,13 @@ export class VIDAuthenticationComponent extends AuthenticationComponent { if (!authorizationServerState || !vp_token || !queryRes.claims || !queryRes.claims["PID"]) { return; } + + const { valid } = await this.checkForInvalidCredentials(queryRes!.raw_presentation as string); + if (!valid) { + return await this.redirectToFailurePage(req, res, "Credential is not valid"); + } const personalIdentifier = queryRes.claims["PID"].filter((claim) => claim.name == 'personalIdentifier')[0].value ?? null; + if (!personalIdentifier) { return; } @@ -93,6 +118,14 @@ export class VIDAuthenticationComponent extends AuthenticationComponent { } + private async redirectToFailurePage(_req: Request, res: Response, msg: string) { + res.render('error', { + code: 100, + msg: msg, + locale: locale, + }) + } + private async askForPresentation(req: Request, res: Response): Promise { if (req.body.state && req.method == "POST") { console.log("Got state = ", req.body.state)