From 0ba979f8fc0eaa7a556935eac75dfcd0d1a6f96c Mon Sep 17 00:00:00 2001 From: Johannes Tuerk <72355192+JoTiTu@users.noreply.github.com> Date: Wed, 28 Feb 2024 15:44:20 +0100 Subject: [PATCH] Fix redirect uri null handling (#56) * add redirect_uri scheme Signed-off-by: Johannes Tuerk * fix bug when redirect_uri is null Signed-off-by: Johannes Tuerk * implement requested changes Signed-off-by: Johannes Tuerk * adjust oid4vp Signed-off-by: Kevin --------- Signed-off-by: Johannes Tuerk Signed-off-by: Kevin Co-authored-by: Kevin --- .../Vp/Models/AuthorizationRequest.cs | 6 ++++-- .../Models/AuthorizationResponseCallback.cs | 21 +++++++++++++++++++ .../OpenID4VC/Vp/Models/ClientIdScheme.cs | 13 +++++++++++- .../Vp/Services/Oid4VpClientService.cs | 8 +++---- .../OpenID4VC/Vp/Services/Oid4VpHaipClient.cs | 2 ++ 5 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationResponseCallback.cs diff --git a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationRequest.cs b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationRequest.cs index fc7c41f5..79a0db80 100644 --- a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationRequest.cs +++ b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationRequest.cs @@ -115,14 +115,16 @@ private static bool IsHaipConform(JObject authorizationRequestJson) var responseUri = authorizationRequestJson["response_uri"]!.ToString(); var responseMode = authorizationRequestJson["response_mode"]!.ToString(); var redirectUri = authorizationRequestJson["redirect_uri"]; - var clientIdScheme = authorizationRequestJson["client_id_scheme"]; + var clientIdScheme = authorizationRequestJson["client_id_scheme"]!.ToString(); + var clientId = authorizationRequestJson["client_id"]!.ToString(); return responseType == VpToken && responseMode == DirectPost && !string.IsNullOrEmpty(responseUri) && redirectUri is null - && clientIdScheme!.ToString() is X509SanDnsScheme or VerifierAttestationScheme; + && (clientIdScheme is X509SanDnsScheme or VerifierAttestationScheme + || clientIdScheme is RedirectUriScheme && clientId == responseUri); } } } diff --git a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationResponseCallback.cs b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationResponseCallback.cs new file mode 100644 index 00000000..4dd21030 --- /dev/null +++ b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/AuthorizationResponseCallback.cs @@ -0,0 +1,21 @@ +using System; +using Newtonsoft.Json; + +namespace Hyperledger.Aries.Features.OpenId4Vc.Vp.Models +{ + internal record AuthorizationResponseCallback + { + [JsonProperty("redirect_uri")] + private Uri? RedirectUri { get; } + + public static implicit operator Uri? (AuthorizationResponseCallback? response) => response?.RedirectUri; + + public static implicit operator AuthorizationResponseCallback (Uri redirectUri) => new (redirectUri); + + [JsonConstructor] + private AuthorizationResponseCallback(Uri redirectUri) + { + RedirectUri = redirectUri; + } + } +} diff --git a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/ClientIdScheme.cs b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/ClientIdScheme.cs index 4a9aef0c..23bec34b 100644 --- a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/ClientIdScheme.cs +++ b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Models/ClientIdScheme.cs @@ -21,7 +21,12 @@ public enum ClientIdSchemeValue /// /// The verifier attestation client ID scheme. /// - VerifierAttestation + VerifierAttestation, + + /// + /// The Redirect Uri scheme. + /// + RedirectUri } /// @@ -33,6 +38,11 @@ public enum ClientIdSchemeValue /// The X509 SAN DNS scheme. /// public const string X509SanDnsScheme = "x509_san_dns"; + + /// + /// The Redirect Uri scheme. + /// + public const string RedirectUriScheme = "redirect_uri"; /// /// The client ID scheme value. @@ -54,6 +64,7 @@ public static ClientIdScheme CreateClientIdScheme(string input) => input switch { X509SanDnsScheme => new ClientIdScheme(X509SanDns), + RedirectUriScheme => new ClientIdScheme(RedirectUri), VerifierAttestationScheme => throw new NotImplementedException("Verifier Attestation not yet implemented"), _ => throw new InvalidOperationException($"Client ID Scheme {input} is not supported") diff --git a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpClientService.cs b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpClientService.cs index a83b1d8e..81a57134 100644 --- a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpClientService.cs +++ b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpClientService.cs @@ -4,12 +4,12 @@ using System.Net.Http; using System.Threading.Tasks; using Hyperledger.Aries.Agents; +using Hyperledger.Aries.Extensions; using Hyperledger.Aries.Features.OpenId4Vc.Vp.Models; using Hyperledger.Aries.Features.OpenId4Vc.Vp.Services; using Hyperledger.Aries.Features.SdJwt.Models.Records; using Hyperledger.Aries.Features.SdJwt.Services.SdJwtVcHolderService; using static Newtonsoft.Json.JsonConvert; -using static Newtonsoft.Json.Linq.JObject; namespace Hyperledger.Aries.Features.OpenID4VC.Vp.Services { @@ -117,11 +117,9 @@ await httpClient.SendAsync( if (!responseMessage.IsSuccessStatusCode) throw new InvalidOperationException("Authorization Response could not be sent"); - var responseContent = await responseMessage.Content.ReadAsStringAsync(); + var redirectUriJson = await responseMessage.Content.ReadAsStringAsync(); - var redirectUri = string.IsNullOrEmpty(responseContent) - ? null - : new Uri(Parse(responseContent)["redirect_uri"]?.ToString()!); + var redirectUri = redirectUriJson?.ToObject(); var presentedCredentials = selectedCredentials .Select(credential => diff --git a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpHaipClient.cs b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpHaipClient.cs index 65d06f0c..66ed421c 100644 --- a/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpHaipClient.cs +++ b/src/Hyperledger.Aries/Features/OpenID4VC/Vp/Services/Oid4VpHaipClient.cs @@ -85,6 +85,8 @@ await httpClient.GetStringAsync(haipAuthorizationRequestUri.RequestUri) .ValidateTrustChain() .ValidateSanName() .ToAuthorizationRequest(), + RedirectUri => + requestObject.ToAuthorizationRequest(), VerifierAttestation => throw new NotImplementedException("Verifier Attestation not yet implemented"), _ =>