Merge pull request #273 from Sphereon-Opensource/fixes/SDK-43_hasher-…

…for-sd-jwt fixes/SDK-43_hasher-for-sd-jwt
Sphereon-Opensource · Nov 14, 2024 · be4ab1b · be4ab1b
2 parents c1fc0a7 + 142778a
commit be4ab1b
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 43 deletions.
diff --git a/packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts b/packages/siopv2-oid4vp-op-auth/src/session/OpSession.ts
@@ -16,13 +16,22 @@ import { ResolveOpts } from '@sphereon/did-auth-siop-adapter'
 import { JwtIssuer } from '@sphereon/oid4vc-common'
 import { getAgentDIDMethods, getAgentResolver } from '@sphereon/ssi-sdk-ext.did-utils'
 import { encodeBase64url } from '@sphereon/ssi-sdk.core'
-import { CompactSdJwtVc, CredentialMapper, parseDid, PresentationSubmission, W3CVerifiablePresentation } from '@sphereon/ssi-types'
+import {
+  CompactSdJwtVc,
+  CredentialMapper,
+  Hasher,
+  OriginalVerifiableCredential,
+  parseDid,
+  PresentationSubmission,
+  W3CVerifiablePresentation,
+} from '@sphereon/ssi-types'
 import { IIdentifier, IVerifyResult, TKeyType } from '@veramo/core'
 import Debug from 'debug'
 import { v4 } from 'uuid'
 import { IOPOptions, IOpSessionArgs, IOpSessionGetOID4VPArgs, IOpsSendSiopAuthorizationResponseArgs, IRequiredContext } from '../types'
 import { createOP } from './functions'
 import { OID4VP } from './OID4VP'
+import { PEX } from '@sphereon/pex'
 
 const debug = Debug(`sphereon:sdk:siop:op-session`)
 
@@ -302,17 +311,13 @@ export class OpSession {
     const verification: Verification = {
       presentationVerificationCallback: this.createPresentationVerificationCallback(this.context),
     }
-
     const request = await this.getAuthorizationRequest()
     const hasDefinitions = await this.hasPresentationDefinitions()
     if (hasDefinitions) {
       const totalInputDescriptors = request.presentationDefinitions?.reduce((sum, pd) => {
         return sum + pd.definition.input_descriptors.length
       }, 0)
-      const totalVCs = args.verifiablePresentations?.reduce((sum, vp) => {
-        const uvp = CredentialMapper.toUniformPresentation(vp)
-        return sum + (uvp.verifiableCredential?.length ?? 0)
-      }, 0)
+      const totalVCs = args.verifiablePresentations ? this.countVCsInAllVPs(args.verifiablePresentations, args.hasher) : 0
 
       if (!request.presentationDefinitions || !args.verifiablePresentations || totalVCs !== totalInputDescriptors) {
         throw Error(
@@ -361,6 +366,19 @@ export class OpSession {
       return response
     }
   }
+
+  private countVCsInAllVPs(verifiablePresentations: W3CVerifiablePresentation[], hasher?: Hasher) {
+    return verifiablePresentations.reduce((sum, vp) => {
+      const uvp = CredentialMapper.toUniformPresentation(vp, { hasher: hasher ?? this.options.hasher })
+      if (uvp.verifiableCredential?.length) {
+        return sum + uvp.verifiableCredential?.length
+      }
+      if (!PEX.allowMultipleVCsPerPresentation(uvp.verifiableCredential as Array<OriginalVerifiableCredential>)) {
+        return sum + 1
+      }
+      return sum
+    }, 0)
+  }
 }
 
 function convertDidMethod(didMethod: string, didPrefix?: boolean): string {

diff --git a/packages/siopv2-oid4vp-op-auth/src/types/IDidAuthSiopOpAuthenticator.ts b/packages/siopv2-oid4vp-op-auth/src/types/IDidAuthSiopOpAuthenticator.ts
@@ -122,6 +122,7 @@ export interface IOpsSendSiopAuthorizationResponseArgs {
   // verifiedAuthorizationRequest: VerifiedAuthorizationRequest
   presentationSubmission?: PresentationSubmission
   verifiablePresentations?: W3CVerifiablePresentation[]
+  hasher?: Hasher
 }
 
 export enum events {
@@ -158,6 +159,7 @@ export interface IOPOptions {
   presentationSignCallback?: PresentationSignCallback
 
   resolveOpts?: ResolveOpts
+  hasher?: Hasher
 }
 
 /*

diff --git a/packages/ssi-types/src/mapper/credential-mapper.ts b/packages/ssi-types/src/mapper/credential-mapper.ts
@@ -162,12 +162,13 @@ export class CredentialMapper {
         deviceResponse = originalPresentation
       }
 
-      const mdocCredentials = deviceResponse.documents
-        ?.map((doc) => CredentialMapper.toWrappedVerifiableCredential(doc, opts) as WrappedMdocCredential)
-      if (!mdocCredentials || mdocCredentials.length === 0 ) {
+      const mdocCredentials = deviceResponse.documents?.map(
+        (doc) => CredentialMapper.toWrappedVerifiableCredential(doc, opts) as WrappedMdocCredential
+      )
+      if (!mdocCredentials || mdocCredentials.length === 0) {
         throw new Error('could not extract any mdoc credentials from mdoc device response')
       }
-      
+
       return {
         type: CredentialMapper.isMsoMdocDecodedPresentation(originalPresentation) ? OriginalType.MSO_MDOC_DECODED : OriginalType.MSO_MDOC_ENCODED,
         format: 'mso_mdoc',
@@ -616,7 +617,7 @@ export class CredentialMapper {
 
   static toUniformPresentation(
     presentation: OriginalVerifiablePresentation,
-    opts?: { maxTimeSkewInMS?: number; addContextIfMissing?: boolean }
+    opts?: { maxTimeSkewInMS?: number; addContextIfMissing?: boolean; hasher?: Hasher }
   ): IVerifiablePresentation {
     if (CredentialMapper.isSdJwtDecodedCredential(presentation)) {
       throw new Error('Converting SD-JWT VC to uniform VP is not supported.')
@@ -631,7 +632,7 @@ export class CredentialMapper {
         'Could not determine original presentation, probably it was a converted JWT presentation, that is now missing the JWT value in the proof'
       )
     }
-    const decoded = CredentialMapper.decodeVerifiablePresentation(original)
+    const decoded = CredentialMapper.decodeVerifiablePresentation(original, opts?.hasher)
     const isJwtEncoded: boolean = CredentialMapper.isJwtEncoded(original)
     const isJwtDecoded: boolean = CredentialMapper.isJwtDecodedPresentation(original)
     const uniformPresentation =

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml