From 84618a2933ffbfc87745b991c5f6c064c7647b64 Mon Sep 17 00:00:00 2001 From: Antonio Ivanovski Date: Tue, 18 Nov 2025 14:19:22 +0100 Subject: [PATCH 1/2] update cose-kit --- __tests__/issuing/deviceResponse.tests.ts | 4 +- .../issuing/deviceResponseWithMac.tests.ts | 10 +- __tests__/issuing/issuingMDoc.tests.ts | 4 +- .../deviceResponse.tests.ts.snap | 1796 ++++++++--------- .../deviceResponse2.tests.ts.snap | 11 +- .../__snapshots__/issuerSigned.tests.ts.snap | 11 +- __tests__/parser/deviceResponse.tests.ts | 17 +- __tests__/parser/deviceResponse2.tests.ts | 19 +- package-lock.json | 28 +- package.json | 2 +- src/mdoc/Verifier.ts | 47 +- src/mdoc/model/DeviceResponse.ts | 34 +- src/mdoc/model/Document.ts | 21 +- src/mdoc/utils.ts | 4 +- 14 files changed, 1012 insertions(+), 996 deletions(-) diff --git a/__tests__/issuing/deviceResponse.tests.ts b/__tests__/issuing/deviceResponse.tests.ts index 93e77ac..de30b34 100644 --- a/__tests__/issuing/deviceResponse.tests.ts +++ b/__tests__/issuing/deviceResponse.tests.ts @@ -126,7 +126,7 @@ describe('issuing a device response', () => { }); throw new Error('should not validate with different transcripts'); } catch (error) { - expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): Device signature must be valid'); + expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): signature verification failed'); } }); }); @@ -211,7 +211,7 @@ describe('issuing a device response', () => { }); throw new Error('should not validate with different transcripts'); } catch (error) { - expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): Device signature must be valid'); + expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): signature verification failed'); } }); }); diff --git a/__tests__/issuing/deviceResponseWithMac.tests.ts b/__tests__/issuing/deviceResponseWithMac.tests.ts index d6ca692..ea68a0b 100644 --- a/__tests__/issuing/deviceResponseWithMac.tests.ts +++ b/__tests__/issuing/deviceResponseWithMac.tests.ts @@ -1,6 +1,6 @@ import { randomFillSync } from 'node:crypto'; import * as jose from 'jose'; -import { COSEKeyFromJWK } from 'cose-kit'; +import { COSEKey } from 'cose-kit'; import { MDoc, Document, @@ -95,8 +95,8 @@ curves.forEach((c) => { const readerKeypair = await jose.generateKeyPair(c.alg, c.opts); const readerKey = await jose.exportJWK(readerKeypair.privateKey); const { d: _1, ...pubKey } = readerKey; - readerPrivateKey = COSEKeyFromJWK(readerKey); - readerPublicKey = COSEKeyFromJWK(pubKey); + readerPrivateKey = COSEKey.fromJWK(readerKey).encode(); + readerPublicKey = COSEKey.fromJWK(pubKey).encode(); } }); @@ -152,7 +152,7 @@ curves.forEach((c) => { }); throw new Error('should not validate with different transcripts'); } catch (error) { - expect(error.message).toMatch('Unable to verify deviceAuth MAC: Device MAC must be valid'); + expect(error.message).toMatch('Unable to verify deviceAuth MAC: signature verification failed'); } }); }); @@ -236,7 +236,7 @@ curves.forEach((c) => { }); throw new Error('should not validate with different transcripts'); } catch (error) { - expect(error.message).toMatch('Unable to verify deviceAuth MAC: Device MAC must be valid'); + expect(error.message).toMatch('Unable to verify deviceAuth MAC: signature verification failed'); } }); }); diff --git a/__tests__/issuing/issuingMDoc.tests.ts b/__tests__/issuing/issuingMDoc.tests.ts index fe82699..a8720b4 100644 --- a/__tests__/issuing/issuingMDoc.tests.ts +++ b/__tests__/issuing/issuingMDoc.tests.ts @@ -1,5 +1,5 @@ import * as jose from 'jose'; -import { COSEKeyToJWK } from 'cose-kit'; +import { COSEKey } from 'cose-kit'; import { MDoc, Document, @@ -101,7 +101,7 @@ describe('issuing an MDOC', () => { const { deviceKeyInfo } = parsedDocument.issuerSigned.issuerAuth.decodedPayload; expect(deviceKeyInfo?.deviceKey).toBeDefined(); const actual = typeof deviceKeyInfo !== 'undefined' && - COSEKeyToJWK(deviceKeyInfo.deviceKey); + COSEKey.import(deviceKeyInfo.deviceKey).toJWK(); expect(actual).toEqual(publicKeyJWK); }); diff --git a/__tests__/parser/__snapshots__/deviceResponse.tests.ts.snap b/__tests__/parser/__snapshots__/deviceResponse.tests.ts.snap index 54e4cc0..756c4d6 100644 --- a/__tests__/parser/__snapshots__/deviceResponse.tests.ts.snap +++ b/__tests__/parser/__snapshots__/deviceResponse.tests.ts.snap @@ -556,605 +556,359 @@ MDoc { "docType": "eu.europa.ec.eudiw.pid.1", "issuerSigned": { "issuerAuth": IssuerAuth { - "encodedProtectedHeaders": { + "payload": { "data": [ - 163, - 1, - 38, - 4, - 72, - 100, + 166, + 103, + 118, 101, - 109, - 111, - 45, - 107, - 105, - 100, - 24, - 33, - 89, - 2, - 12, - 48, - 130, - 2, - 8, - 48, - 130, - 1, - 175, - 160, - 3, - 2, - 1, - 2, - 2, - 20, - 59, - 198, - 143, - 46, - 104, - 15, - 146, - 151, - 95, - 37, - 160, - 125, - 4, - 22, - 111, + 114, 115, - 125, - 36, - 206, - 204, - 48, - 10, - 6, - 8, - 42, - 134, - 72, - 206, - 61, - 4, - 3, - 2, - 48, - 100, - 49, - 11, - 48, - 9, - 6, - 3, - 85, - 4, - 6, - 19, - 2, - 85, - 83, - 49, - 19, - 48, - 17, - 6, - 3, - 85, - 4, - 8, - 12, - 10, - 67, - 97, - 108, 105, - 102, 111, - 114, - 110, - 105, - 97, - 49, - 22, - 48, - 20, - 6, - 3, - 85, - 4, - 7, - 12, - 13, - 83, - 97, - 110, - 32, - 70, - 114, - 97, 110, 99, - 105, - 115, - 99, - 111, 49, - 19, + 46, 48, - 17, - 6, - 3, - 85, - 4, - 10, - 12, - 10, - 77, - 121, - 32, - 67, 111, - 109, - 112, - 97, - 110, - 121, - 49, - 19, - 48, - 17, - 6, - 3, - 85, - 4, - 3, - 12, - 10, - 109, - 121, - 115, + 100, 105, - 116, + 103, 101, - 46, - 99, + 115, + 116, + 65, + 108, + 103, 111, + 114, + 105, + 116, + 104, 109, - 48, - 30, - 23, - 13, - 50, - 51, - 48, - 56, - 51, - 48, - 49, - 53, - 53, - 55, - 52, - 52, - 90, - 23, - 13, + 102, + 115, + 104, + 97, 50, - 51, - 48, - 57, - 48, - 57, - 49, 53, - 53, - 55, - 52, - 52, - 90, - 48, - 100, - 49, - 11, - 48, - 9, - 6, - 3, - 85, - 4, - 6, - 19, - 2, - 85, - 83, - 49, - 19, - 48, - 17, - 6, - 3, - 85, - 4, - 8, - 12, - 10, - 67, + 54, + 108, + 118, 97, 108, + 117, + 101, + 68, 105, - 102, - 111, - 114, - 110, - 105, - 97, - 49, - 22, - 48, - 20, - 6, - 3, - 85, - 4, - 7, - 12, - 13, - 83, - 97, - 110, - 32, - 70, + 103, + 101, + 115, + 116, + 115, + 162, + 120, + 24, + 101, + 117, + 46, + 101, + 117, 114, + 111, + 112, 97, - 110, + 46, + 101, 99, + 46, + 101, + 117, + 100, 105, - 115, - 99, - 111, + 119, + 46, + 112, + 105, + 100, + 46, 49, - 19, - 48, - 17, - 6, - 3, - 85, - 4, - 10, - 12, - 10, - 77, - 121, + 165, + 0, + 88, 32, - 67, - 111, - 109, - 112, - 97, - 110, - 121, - 49, + 197, + 228, + 177, 19, - 48, - 17, - 6, - 3, - 85, - 4, - 3, - 12, - 10, - 109, - 121, - 115, - 105, - 116, - 101, + 95, + 154, + 250, + 131, + 189, + 204, 46, - 99, + 62, + 43, + 49, + 230, + 242, + 64, + 216, + 55, + 34, + 226, + 227, + 83, + 235, + 102, 111, - 109, - 48, - 89, - 48, - 19, - 6, - 7, - 42, - 134, - 72, - 206, - 61, - 2, + 247, + 35, + 163, + 230, + 91, + 220, 1, - 6, - 8, - 42, - 134, - 72, - 206, - 61, - 3, + 88, + 32, 1, - 7, - 3, - 66, + 244, + 172, + 245, 0, - 4, - 30, - 55, - 138, - 207, - 100, - 204, - 201, + 20, + 43, + 167, + 180, + 224, 149, - 62, - 147, - 42, - 28, - 89, - 150, - 132, - 208, 220, - 198, - 223, - 221, + 178, + 75, + 204, + 59, + 67, + 146, + 69, + 57, + 161, + 113, + 48, + 102, + 120, + 181, + 24, + 177, + 79, 187, - 6, - 218, - 196, - 137, - 7, - 71, - 60, - 244, - 50, - 234, - 80, - 12, - 91, - 58, - 47, - 93, - 248, - 218, - 54, + 186, + 61, + 2, + 88, + 32, + 173, + 159, + 168, 101, - 188, - 14, - 235, + 45, + 205, + 56, + 44, + 240, + 227, + 48, + 143, + 96, + 60, + 43, + 5, + 2, + 156, + 13, + 236, + 81, + 198, + 146, + 125, + 153, 173, - 165, - 228, - 214, - 74, - 39, - 97, - 210, - 221, - 136, - 195, - 103, - 40, - 94, - 8, - 141, - 226, - 39, + 3, + 115, + 198, + 19, + 66, + 125, + 3, + 88, + 32, + 233, 14, - 116, - 163, 63, 48, - 61, - 48, - 59, - 6, - 3, - 85, + 28, + 23, + 132, + 16, + 213, + 18, + 145, + 139, + 231, + 124, + 116, + 189, + 189, + 246, + 72, + 200, + 177, + 233, + 127, + 153, + 123, + 144, + 151, 29, - 17, + 126, + 126, + 97, + 236, 4, - 52, - 48, + 88, + 32, + 16, + 16, + 197, + 74, + 105, + 100, + 159, + 40, + 236, + 114, + 123, + 171, + 182, + 57, + 187, 50, - 134, - 48, - 104, - 116, - 116, - 112, - 115, - 58, - 47, - 47, + 220, + 87, + 232, + 182, + 125, + 217, + 15, + 125, + 45, + 110, + 44, + 241, + 195, + 246, + 21, 99, - 114, + 120, + 27, 101, - 100, + 117, + 46, 101, - 110, - 116, - 105, - 97, - 108, - 45, - 105, - 115, - 115, 117, - 101, 114, - 46, 111, - 105, - 100, + 112, + 97, + 46, + 101, 99, - 45, - 102, + 46, 101, + 117, 100, - 101, - 114, - 97, - 116, 105, - 111, - 110, + 119, 46, - 111, - 110, - 108, + 112, 105, - 110, - 101, - 48, - 10, - 6, - 8, - 42, - 134, - 72, - 206, - 61, - 4, - 3, - 2, - 3, - 71, - 0, - 48, - 68, - 2, + 100, + 46, + 105, + 116, + 46, + 49, + 161, + 5, + 88, 32, - 84, - 235, - 59, - 6, - 18, - 51, - 216, - 78, - 135, - 42, - 188, + 54, + 189, + 152, + 232, + 39, 143, - 181, - 163, - 57, - 61, - 193, - 134, - 149, - 183, - 126, - 227, - 179, - 91, - 98, - 148, - 104, - 125, - 247, - 6, - 229, - 90, - 2, - 32, - 63, - 233, - 114, - 55, - 0, - 212, - 153, - 153, - 230, - 169, - 241, - 93, - 77, - 225, + 23, 28, - 242, - 79, - 25, - 6, - 118, + 228, + 183, + 221, + 36, + 82, + 164, + 206, + 237, 86, - 220, - 55, - 117, - 253, - 216, - 168, - 114, - 4, - 130, - 28, - 251, - ], - "type": "Buffer", - }, - "payload": { - "data": [ - 166, - 103, - 118, + 217, + 80, + 69, + 235, + 203, + 231, + 112, + 191, + 68, + 97, + 108, + 100, + 222, + 13, + 248, + 109, + 100, 101, - 114, - 115, + 118, 105, - 111, - 110, 99, - 49, - 46, - 48, - 111, - 100, - 105, - 103, 101, - 115, - 116, - 65, - 108, - 103, + 75, + 101, + 121, + 73, + 110, + 102, 111, - 114, + 161, 105, - 116, - 104, - 109, - 102, - 115, - 104, - 97, - 50, - 53, - 54, - 108, - 118, - 97, - 108, - 117, + 100, 101, - 68, + 118, 105, + 99, + 101, + 75, + 101, + 121, + 246, 103, + 100, + 111, + 99, + 84, + 121, + 112, 101, - 115, - 116, - 115, - 162, 120, 24, 101, @@ -1181,393 +935,92 @@ MDoc { 100, 46, 49, - 165, - 0, - 88, - 32, - 197, - 228, - 177, - 19, - 95, - 154, - 250, - 131, - 189, - 204, - 46, - 62, - 43, - 49, - 230, - 242, - 64, - 216, - 55, - 34, - 226, - 227, - 83, - 235, + 108, + 118, + 97, + 108, + 105, + 100, + 105, + 116, + 121, + 73, + 110, 102, 111, - 247, - 35, 163, - 230, - 91, - 220, - 1, - 88, - 32, - 1, - 244, - 172, - 245, - 0, - 20, - 43, - 167, - 180, - 224, - 149, - 220, - 178, - 75, - 204, - 59, - 67, - 146, - 69, - 57, - 161, - 113, - 48, 102, - 120, - 181, - 24, - 177, - 79, - 187, - 186, - 61, - 2, - 88, - 32, - 173, - 159, - 168, + 115, + 105, + 103, + 110, 101, + 100, + 86, + 192, + 116, + 50, + 48, + 50, + 51, 45, - 205, - 56, - 44, - 240, - 227, 48, - 143, - 96, - 60, - 43, - 5, - 2, - 156, - 13, - 236, - 81, - 198, - 146, - 125, - 153, - 173, - 3, - 115, - 198, - 19, - 66, - 125, - 3, - 88, - 32, - 233, - 14, - 63, + 56, + 45, + 51, 48, - 28, - 23, - 132, - 16, - 213, - 18, - 145, - 139, - 231, - 124, - 116, - 189, - 189, - 246, - 72, - 200, - 177, - 233, - 127, - 153, - 123, - 144, - 151, - 29, - 126, - 126, + 84, + 49, + 53, + 58, + 53, + 55, + 58, + 52, + 52, + 90, + 105, + 118, 97, - 236, - 4, - 88, - 32, - 16, - 16, - 197, - 74, + 108, 105, 100, - 159, - 40, - 236, - 114, - 123, - 171, - 182, - 57, - 187, - 50, - 220, - 87, - 232, - 182, - 125, - 217, - 15, - 125, - 45, - 110, - 44, - 241, - 195, - 246, - 21, - 99, - 120, - 27, - 101, - 117, - 46, - 101, - 117, + 70, 114, 111, - 112, - 97, - 46, - 101, - 99, - 46, - 101, - 117, - 100, - 105, - 119, - 46, - 112, - 105, - 100, - 46, - 105, + 109, + 86, + 192, 116, - 46, + 50, + 48, + 50, + 51, + 45, + 48, + 56, + 45, + 51, + 48, + 84, 49, - 161, - 5, - 88, - 32, - 54, - 189, - 152, - 232, - 39, - 143, - 23, - 28, - 228, - 183, - 221, - 36, - 82, - 164, - 206, - 237, - 86, - 217, - 80, - 69, - 235, - 203, - 231, - 112, - 191, - 68, + 53, + 58, + 53, + 55, + 58, + 52, + 52, + 90, + 106, + 118, 97, 108, - 100, - 222, - 13, - 248, - 109, - 100, - 101, - 118, - 105, - 99, - 101, - 75, - 101, - 121, - 73, - 110, - 102, - 111, - 161, 105, 100, - 101, - 118, - 105, - 99, - 101, - 75, - 101, - 121, - 246, - 103, - 100, - 111, - 99, - 84, - 121, - 112, - 101, - 120, - 24, - 101, - 117, - 46, - 101, - 117, - 114, - 111, - 112, - 97, - 46, - 101, - 99, - 46, - 101, - 117, - 100, - 105, - 119, - 46, - 112, - 105, - 100, - 46, - 49, - 108, - 118, - 97, - 108, - 105, - 100, - 105, - 116, - 121, - 73, - 110, - 102, - 111, - 163, - 102, - 115, - 105, - 103, - 110, - 101, - 100, - 86, - 192, - 116, - 50, - 48, - 50, - 51, - 45, - 48, - 56, - 45, - 51, - 48, - 84, - 49, - 53, - 58, - 53, - 55, - 58, - 52, - 52, - 90, - 105, - 118, - 97, - 108, - 105, - 100, - 70, - 114, - 111, - 109, - 86, - 192, - 116, - 50, - 48, - 50, - 51, - 45, - 48, - 56, - 45, - 51, - 48, - 84, - 49, - 53, - 58, - 53, - 55, - 58, - 52, - 52, - 90, - 106, - 118, - 97, - 108, - 105, - 100, - 85, - 110, - 116, + 85, + 110, + 116, 105, 108, 86, @@ -1596,6 +1049,551 @@ MDoc { ], "type": "Buffer", }, + "protectedHeaders": Map { + 1 => -7, + 4 => { + "data": [ + 100, + 101, + 109, + 111, + 45, + 107, + 105, + 100, + ], + "type": "Buffer", + }, + 33 => { + "data": [ + 48, + 130, + 2, + 8, + 48, + 130, + 1, + 175, + 160, + 3, + 2, + 1, + 2, + 2, + 20, + 59, + 198, + 143, + 46, + 104, + 15, + 146, + 151, + 95, + 37, + 160, + 125, + 4, + 22, + 111, + 115, + 125, + 36, + 206, + 204, + 48, + 10, + 6, + 8, + 42, + 134, + 72, + 206, + 61, + 4, + 3, + 2, + 48, + 100, + 49, + 11, + 48, + 9, + 6, + 3, + 85, + 4, + 6, + 19, + 2, + 85, + 83, + 49, + 19, + 48, + 17, + 6, + 3, + 85, + 4, + 8, + 12, + 10, + 67, + 97, + 108, + 105, + 102, + 111, + 114, + 110, + 105, + 97, + 49, + 22, + 48, + 20, + 6, + 3, + 85, + 4, + 7, + 12, + 13, + 83, + 97, + 110, + 32, + 70, + 114, + 97, + 110, + 99, + 105, + 115, + 99, + 111, + 49, + 19, + 48, + 17, + 6, + 3, + 85, + 4, + 10, + 12, + 10, + 77, + 121, + 32, + 67, + 111, + 109, + 112, + 97, + 110, + 121, + 49, + 19, + 48, + 17, + 6, + 3, + 85, + 4, + 3, + 12, + 10, + 109, + 121, + 115, + 105, + 116, + 101, + 46, + 99, + 111, + 109, + 48, + 30, + 23, + 13, + 50, + 51, + 48, + 56, + 51, + 48, + 49, + 53, + 53, + 55, + 52, + 52, + 90, + 23, + 13, + 50, + 51, + 48, + 57, + 48, + 57, + 49, + 53, + 53, + 55, + 52, + 52, + 90, + 48, + 100, + 49, + 11, + 48, + 9, + 6, + 3, + 85, + 4, + 6, + 19, + 2, + 85, + 83, + 49, + 19, + 48, + 17, + 6, + 3, + 85, + 4, + 8, + 12, + 10, + 67, + 97, + 108, + 105, + 102, + 111, + 114, + 110, + 105, + 97, + 49, + 22, + 48, + 20, + 6, + 3, + 85, + 4, + 7, + 12, + 13, + 83, + 97, + 110, + 32, + 70, + 114, + 97, + 110, + 99, + 105, + 115, + 99, + 111, + 49, + 19, + 48, + 17, + 6, + 3, + 85, + 4, + 10, + 12, + 10, + 77, + 121, + 32, + 67, + 111, + 109, + 112, + 97, + 110, + 121, + 49, + 19, + 48, + 17, + 6, + 3, + 85, + 4, + 3, + 12, + 10, + 109, + 121, + 115, + 105, + 116, + 101, + 46, + 99, + 111, + 109, + 48, + 89, + 48, + 19, + 6, + 7, + 42, + 134, + 72, + 206, + 61, + 2, + 1, + 6, + 8, + 42, + 134, + 72, + 206, + 61, + 3, + 1, + 7, + 3, + 66, + 0, + 4, + 30, + 55, + 138, + 207, + 100, + 204, + 201, + 149, + 62, + 147, + 42, + 28, + 89, + 150, + 132, + 208, + 220, + 198, + 223, + 221, + 187, + 6, + 218, + 196, + 137, + 7, + 71, + 60, + 244, + 50, + 234, + 80, + 12, + 91, + 58, + 47, + 93, + 248, + 218, + 54, + 101, + 188, + 14, + 235, + 173, + 165, + 228, + 214, + 74, + 39, + 97, + 210, + 221, + 136, + 195, + 103, + 40, + 94, + 8, + 141, + 226, + 39, + 14, + 116, + 163, + 63, + 48, + 61, + 48, + 59, + 6, + 3, + 85, + 29, + 17, + 4, + 52, + 48, + 50, + 134, + 48, + 104, + 116, + 116, + 112, + 115, + 58, + 47, + 47, + 99, + 114, + 101, + 100, + 101, + 110, + 116, + 105, + 97, + 108, + 45, + 105, + 115, + 115, + 117, + 101, + 114, + 46, + 111, + 105, + 100, + 99, + 45, + 102, + 101, + 100, + 101, + 114, + 97, + 116, + 105, + 111, + 110, + 46, + 111, + 110, + 108, + 105, + 110, + 101, + 48, + 10, + 6, + 8, + 42, + 134, + 72, + 206, + 61, + 4, + 3, + 2, + 3, + 71, + 0, + 48, + 68, + 2, + 32, + 84, + 235, + 59, + 6, + 18, + 51, + 216, + 78, + 135, + 42, + 188, + 143, + 181, + 163, + 57, + 61, + 193, + 134, + 149, + 183, + 126, + 227, + 179, + 91, + 98, + 148, + 104, + 125, + 247, + 6, + 229, + 90, + 2, + 32, + 63, + 233, + 114, + 55, + 0, + 212, + 153, + 153, + 230, + 169, + 241, + 93, + 77, + 225, + 28, + 242, + 79, + 25, + 6, + 118, + 86, + 220, + 55, + 117, + 253, + 216, + 168, + 114, + 4, + 130, + 28, + 251, + ], + "type": "Buffer", + }, + }, "signature": { "data": [ 47, diff --git a/__tests__/parser/__snapshots__/deviceResponse2.tests.ts.snap b/__tests__/parser/__snapshots__/deviceResponse2.tests.ts.snap index 7db143e..0d70419 100644 --- a/__tests__/parser/__snapshots__/deviceResponse2.tests.ts.snap +++ b/__tests__/parser/__snapshots__/deviceResponse2.tests.ts.snap @@ -14,14 +14,6 @@ MDoc { "docType": "org.iso.18013.5.1.mDL", "issuerSigned": { "issuerAuth": IssuerAuth { - "encodedProtectedHeaders": { - "data": [ - 161, - 1, - 38, - ], - "type": "Buffer", - }, "payload": { "data": [ 166, @@ -711,6 +703,9 @@ MDoc { ], "type": "Buffer", }, + "protectedHeaders": Map { + 1 => -7, + }, "signature": { "data": [ 16, diff --git a/__tests__/parser/__snapshots__/issuerSigned.tests.ts.snap b/__tests__/parser/__snapshots__/issuerSigned.tests.ts.snap index 3235c76..e9a312a 100644 --- a/__tests__/parser/__snapshots__/issuerSigned.tests.ts.snap +++ b/__tests__/parser/__snapshots__/issuerSigned.tests.ts.snap @@ -8,14 +8,6 @@ MDoc { "docType": "org.iso.18013.5.1.mDL", "issuerSigned": { "issuerAuth": IssuerAuth { - "encodedProtectedHeaders": { - "data": [ - 161, - 1, - 38, - ], - "type": "Buffer", - }, "payload": { "data": [ 216, @@ -884,6 +876,9 @@ MDoc { ], "type": "Buffer", }, + "protectedHeaders": Map { + 1 => -7, + }, "signature": { "data": [ 69, diff --git a/__tests__/parser/deviceResponse.tests.ts b/__tests__/parser/deviceResponse.tests.ts index 6082758..53dad21 100644 --- a/__tests__/parser/deviceResponse.tests.ts +++ b/__tests__/parser/deviceResponse.tests.ts @@ -1,7 +1,6 @@ import { KeyLike, importJWK } from 'jose'; import { hex } from 'buffer-tag'; -import { parse } from '../../src'; -import { MDoc } from '../../src/mdoc/types'; +import { parse, type MDoc } from '../../src'; describe('parse DeviceResponse Example 1', () => { describe('parse', () => { @@ -9,6 +8,8 @@ describe('parse DeviceResponse Example 1', () => { let publicKey: KeyLike | Uint8Array; + const encodedDeviceResponse = hex`a36776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3185d818586ca4686469676573744944006672616e646f6d5820d80ce42acf60ffd13837e0ec68c1c4f1458dac6efb3da12033e526ada455913671656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313932322d30332d3133d8185864a4686469676573744944016672616e646f6d5820c0978011052e0ae610d220f7ac4a073090531981b7e155475563656066218cf171656c656d656e744964656e7469666965726d62697274685f636f756e7472796c656c656d656e7456616c7565624954d8185867a4686469676573744944026672616e646f6d582033f5bdc155ed1a33cc059219d18f58bb8829479f5d9aafd8a68953d4515a2c2e71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565684d61736365747469d8185869a4686469676573744944036672616e646f6d5820ecc9eb95ab24a841eb23168e20f21cd29aba53843d0fa7c1e221664a177fbb1a71656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c7565695261666661656c6c6fd8185864a4686469676573744944046672616e646f6d582065bc8496074eb6a046d6ef8dbdcd76b0e4a28c9a0ae7d36acb1b37ab559540d571656c656d656e744964656e7469666965726b62697274685f706c6163656c656c656d656e7456616c756564526f6d65781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185875a4686469676573744944056672616e646f6d582066934c5e016d90921a526d13bc27800db8b31743ab19d7c11ef00073e1453f6271656c656d656e744964656e7469666965726b7461785f69645f636f64656c656c656d656e7456616c75657554494e49542d5858585858585858585858585858586a697373756572417574688459021ea30126044864656d6f2d6b6964182159020c30820208308201afa00302010202143bc68f2e680f92975f25a07d04166f737d24cecc300a06082a8648ce3d0403023064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d301e170d3233303833303135353734345a170d3233303930393135353734345a3064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200041e378acf64ccc9953e932a1c599684d0dcc6dfddbb06dac48907473cf432ea500c5b3a2f5df8da3665bc0eebada5e4d64a2761d2dd88c367285e088de2270e74a33f303d303b0603551d1104343032863068747470733a2f2f63726564656e7469616c2d6973737565722e6f6964632d66656465726174696f6e2e6f6e6c696e65300a06082a8648ce3d0403020347003044022054eb3b061233d84e872abc8fb5a3393dc18695b77ee3b35b6294687df706e55a02203fe9723700d49999e6a9f15d4de11cf24f19067656dc3775fdd8a87204821cfba1182159020d30820209308201afa003020102021447e3653e858a6a4fc642706ddc15ad2c3bc542ad300a06082a8648ce3d0403023064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d301e170d3233303833303135353734345a170d3233303930393135353734345a3064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200041e378acf64ccc9953e932a1c599684d0dcc6dfddbb06dac48907473cf432ea500c5b3a2f5df8da3665bc0eebada5e4d64a2761d2dd88c367285e088de2270e74a33f303d303b0603551d1104343032863068747470733a2f2f63726564656e7469616c2d6973737565722e6f6964632d66656465726174696f6e2e6f6e6c696e65300a06082a8648ce3d04030203480030450221008edb1ccbe24f28073134873f9d8c5f155f0268aeb884222bbda06897be04543e022060bc420a61e38f612f68428896d1e3051a3b5ea638b9b414452caa1cf0c402185901e8a66776657273696f6e63312e306f646967657374416c676f726974686d667368613235366c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31a5005820c5e4b1135f9afa83bdcc2e3e2b31e6f240d83722e2e353eb666ff723a3e65bdc01582001f4acf500142ba7b4e095dcb24bcc3b43924539a171306678b518b14fbbba3d025820ad9fa8652dcd382cf0e3308f603c2b05029c0dec51c6927d99ad0373c613427d035820e90e3f301c178410d512918be77c74bdbdf648c8b1e97f997b90971d7e7e61ec0458201010c54a69649f28ec727babb639bb32dc57e8b67dd90f7d2d6e2cf1c3f61563781b65752e6575726f70612e65632e65756469772e7069642e69742e31a105582036bd98e8278f171ce4b7dd2452a4ceed56d95045ebcbe770bf44616c64de0df86d6465766963654b6579496e666fa1696465766963654b6579f667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c76616c6964697479496e666fa3667369676e656456c074323032332d30382d33305431353a35373a34345a6976616c696446726f6d56c074323032332d30382d33305431353a35373a34345a6a76616c6964556e74696c56c074323032382d30382d32385431353a35373a34345a58402f625f84fdc76048d99e68b3bcc2fe3fd8868824a83351cd123aff347652c5f397e6a2dc77a5d6cdfed365780a603013aed68af91f01127c8182f61addfe57526673746174757300`; + beforeAll(async () => { publicKey = await importJWK({ alg: 'ES256', @@ -17,15 +18,12 @@ describe('parse DeviceResponse Example 1', () => { x: 'HjeKz2TMyZU-kyocWZaE0NzG3927BtrEiQdHPPQy6lA', y: 'DFs6L1342jZlvA7rraXk1konYdLdiMNnKF4IjeInDnQ', }); + + parsed = parse(encodedDeviceResponse); }); // this is a Mobile Driver License randomly generated for the purpose of this test // signed with the randomly generated private key. - const encodedDeviceResponse = hex`a36776657273696f6e63312e3069646f63756d656e747381a267646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c6973737565725369676e6564a26a6e616d65537061636573a2781865752e6575726f70612e65632e65756469772e7069642e3185d818586ca4686469676573744944006672616e646f6d5820d80ce42acf60ffd13837e0ec68c1c4f1458dac6efb3da12033e526ada455913671656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313932322d30332d3133d8185864a4686469676573744944016672616e646f6d5820c0978011052e0ae610d220f7ac4a073090531981b7e155475563656066218cf171656c656d656e744964656e7469666965726d62697274685f636f756e7472796c656c656d656e7456616c7565624954d8185867a4686469676573744944026672616e646f6d582033f5bdc155ed1a33cc059219d18f58bb8829479f5d9aafd8a68953d4515a2c2e71656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565684d61736365747469d8185869a4686469676573744944036672616e646f6d5820ecc9eb95ab24a841eb23168e20f21cd29aba53843d0fa7c1e221664a177fbb1a71656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c7565695261666661656c6c6fd8185864a4686469676573744944046672616e646f6d582065bc8496074eb6a046d6ef8dbdcd76b0e4a28c9a0ae7d36acb1b37ab559540d571656c656d656e744964656e7469666965726b62697274685f706c6163656c656c656d656e7456616c756564526f6d65781b65752e6575726f70612e65632e65756469772e7069642e69742e3181d8185875a4686469676573744944056672616e646f6d582066934c5e016d90921a526d13bc27800db8b31743ab19d7c11ef00073e1453f6271656c656d656e744964656e7469666965726b7461785f69645f636f64656c656c656d656e7456616c75657554494e49542d5858585858585858585858585858586a697373756572417574688459021ea30126044864656d6f2d6b6964182159020c30820208308201afa00302010202143bc68f2e680f92975f25a07d04166f737d24cecc300a06082a8648ce3d0403023064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d301e170d3233303833303135353734345a170d3233303930393135353734345a3064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200041e378acf64ccc9953e932a1c599684d0dcc6dfddbb06dac48907473cf432ea500c5b3a2f5df8da3665bc0eebada5e4d64a2761d2dd88c367285e088de2270e74a33f303d303b0603551d1104343032863068747470733a2f2f63726564656e7469616c2d6973737565722e6f6964632d66656465726174696f6e2e6f6e6c696e65300a06082a8648ce3d0403020347003044022054eb3b061233d84e872abc8fb5a3393dc18695b77ee3b35b6294687df706e55a02203fe9723700d49999e6a9f15d4de11cf24f19067656dc3775fdd8a87204821cfba1182159020d30820209308201afa003020102021447e3653e858a6a4fc642706ddc15ad2c3bc542ad300a06082a8648ce3d0403023064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d301e170d3233303833303135353734345a170d3233303930393135353734345a3064310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d53616e204672616e636973636f31133011060355040a0c0a4d7920436f6d70616e793113301106035504030c0a6d79736974652e636f6d3059301306072a8648ce3d020106082a8648ce3d030107034200041e378acf64ccc9953e932a1c599684d0dcc6dfddbb06dac48907473cf432ea500c5b3a2f5df8da3665bc0eebada5e4d64a2761d2dd88c367285e088de2270e74a33f303d303b0603551d1104343032863068747470733a2f2f63726564656e7469616c2d6973737565722e6f6964632d66656465726174696f6e2e6f6e6c696e65300a06082a8648ce3d04030203480030450221008edb1ccbe24f28073134873f9d8c5f155f0268aeb884222bbda06897be04543e022060bc420a61e38f612f68428896d1e3051a3b5ea638b9b414452caa1cf0c402185901e8a66776657273696f6e63312e306f646967657374416c676f726974686d667368613235366c76616c756544696765737473a2781865752e6575726f70612e65632e65756469772e7069642e31a5005820c5e4b1135f9afa83bdcc2e3e2b31e6f240d83722e2e353eb666ff723a3e65bdc01582001f4acf500142ba7b4e095dcb24bcc3b43924539a171306678b518b14fbbba3d025820ad9fa8652dcd382cf0e3308f603c2b05029c0dec51c6927d99ad0373c613427d035820e90e3f301c178410d512918be77c74bdbdf648c8b1e97f997b90971d7e7e61ec0458201010c54a69649f28ec727babb639bb32dc57e8b67dd90f7d2d6e2cf1c3f61563781b65752e6575726f70612e65632e65756469772e7069642e69742e31a105582036bd98e8278f171ce4b7dd2452a4ceed56d95045ebcbe770bf44616c64de0df86d6465766963654b6579496e666fa1696465766963654b6579f667646f6354797065781865752e6575726f70612e65632e65756469772e7069642e316c76616c6964697479496e666fa3667369676e656456c074323032332d30382d33305431353a35373a34345a6976616c696446726f6d56c074323032332d30382d33305431353a35373a34345a6a76616c6964556e74696c56c074323032382d30382d32385431353a35373a34345a58402f625f84fdc76048d99e68b3bcc2fe3fd8868824a83351cd123aff347652c5f397e6a2dc77a5d6cdfed365780a603013aed68af91f01127c8182f61addfe57526673746174757300`; - - beforeAll(async () => { - parsed = await parse(encodedDeviceResponse); - }); it('should match the snapshot', () => { expect(parsed).toMatchSnapshot(); @@ -44,8 +42,9 @@ describe('parse DeviceResponse Example 1', () => { }); it('should verify the issuerAuth', async () => { - const r = await parsed.documents[0].issuerSigned.issuerAuth.verify(publicKey); - expect(r).toBeTruthy(); + await parsed.documents[0].issuerSigned.issuerAuth.verify(publicKey); + + // should not throw }); it('should decoded protected headers', () => { diff --git a/__tests__/parser/deviceResponse2.tests.ts b/__tests__/parser/deviceResponse2.tests.ts index 620b4ed..67d730c 100644 --- a/__tests__/parser/deviceResponse2.tests.ts +++ b/__tests__/parser/deviceResponse2.tests.ts @@ -7,6 +7,11 @@ describe('parse DeviceResponse Example 2', () => { let parsed: MDoc; let publicKey: KeyLike | Uint8Array; + // this is a Mobile Driver License randomly generated for the purpose of this test + // signed with the randomly generated private key. + const encodedDeviceResponse = hex`a36776657273696f6e63312e3069646f63756d656e747381a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a26d6f72672e616c65782e7465737481d8185859a4686469676573744944006672616e646f6d582028719f311bb3a1f97c6f568d6f471de66a26479a07688747ba7453abb9e0bc4871656c656d656e744964656e74696669657264636f6f6c6c656c656d656e7456616c7565f5716f72672e69736f2e31383031332e352e318bd8185865a4686469676573744944006672616e646f6d582011bb3d1442c3daeab05bc91b82241c9c2628fd3c456aed33accb4c0d17cf3bbd71656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565536d697468d8185863a4686469676573744944016672616e646f6d5820dd54235fbddbddac9bc7f4db7b35aa3281fd67b891a85cfcdce791f03c61106071656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565644a6f686ed818586ca4686469676573744944026672616e646f6d5820c606430947373fdf55afb3019f5a0ad0dcf688200ccd4460b66916cee8c5dbff71656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313938302d30362d3135d818586ca4686469676573744944036672616e646f6d5820958ec7c03b138d3cb579417179e1b04389a40d1bc1443dae648516dd9f60261f71656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323032332d30332d3031d818586da4686469676573744944046672616e646f6d582045abe3f572b1c021fc822541a5062877050c9217eb08b6e03a9f7616585b36ac71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032382d30332d3331d8185866a4686469676573744944056672616e646f6d5820925ce44adce713e000fc432df9a60a85a3e0595e2378e55b639eabca17e2bb6f71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565625553d818586aa4686469676573744944066672616e646f6d5820ab8fec3ad24e9ea6b782858919328866b4a458effe6c2529eab679a3fb0a7e6e71656c656d656e744964656e74696669657269617574686f726974796c656c656d656e7456616c75656c4e657720596f726b20444d56d818586fa4686469676573744944076672616e646f6d5820c126ece7b5a32f2f6036edae0800b05ef27ab55a1eaef1b02b75f889fcfcd33b71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c75656b30312d3333332d37303730d8185861a4686469676573744944086672616e646f6d582025f1a39ccd8acc7ca1f57cc4505ef13548b94bea791198dd2ffe8a61190ee14e71656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75656462737472d81858ada4686469676573744944096672616e646f6d582083bfaa80d22aa5b17deae2a58bb0aba80cccce9993e08b38d1e0c2dd23c6176d71656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756581a37576656869636c655f63617465676f72795f636f646561436a69737375655f646174656a323032332d30332d30316b6578706972795f646174656a323032382d30332d3331d8185878a46864696765737449440a6672616e646f6d58204db2cc1b7b5c1281b4ad0811948d1ba3a1c0a270e70ed0abbfdb15424f3da34d71656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c75656d7462642d75732e6e792e646d766a697373756572417574688443a10126a1044231315902aca66776657273696f6e63312e306f646967657374416c676f726974686d667368613235366c76616c756544696765737473a26d6f72672e616c65782e74657374a1613058206b7684282d4be8673224c28b265d786abee02f52aa39a2c9e069cbafab4e90e3716f72672e69736f2e31383031332e352e31ab61305820336dad83bacbb10c4e68928bfe68461f1509bfa016485454a4fb44265e1131f361315820ef5ab2dfab1d149db38f0042e5a81ced13c6535c8bb47dd4949259f34bcbab5d61325820dc88c9e97dce4f4adec211c9d48a28feee95b01828be8400d70499079af1f631613358208c5a3335d5e240512cef6d5fb434d17b2025d4d82d3b3fd8d28b70c059742f2261345820b095b9c40677a110794aca2d676c20d648cdad210a1afaf5a7751124645ca80f613558204af23f8175181cd3b42448cdffe4f3a23249968ed4939f7bc923370d40eac81061365820868270a4e3600d3b485691c80a2351f486bf923bfa4062e7970b38f90b2aff6c61375820550826a81410c5ae4525154b941cc5882df121420e548219b0e4c9cb8abdb06b61385820999f6f2c59285552823e08c195aaa55aff2959e307fea30992a94a25db5cc59f6139582072f084c7e796bb55e08550b56eef6c27492f9ffdca83fae7c607180d04e324616231305820ede29da07f1f9faca45c254cc735bb7b96ac4e8285c6ea39723be94ba968917f6d6465766963654b6579496e666fa1696465766963654b6579f767646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c76616c6964697479496e666fa3667369676e656456c074323032332d30392d31315432303a33383a30355a6976616c696446726f6d56c074323032332d30392d31315432303a33383a30355a6a76616c6964556e74696c56c074323032332d30392d31325430313a33383a30355a584010e6943c5475face861933d0f554f65e82621ab4414452f9fc13dc90685af8a791c2f9216c6075ba6acb7e49938b170018b33f70f812a1f6b784aa57a7af15fc6673746174757300`; + + beforeAll(async () => { publicKey = await importJWK({ kty: 'EC', @@ -14,16 +19,11 @@ describe('parse DeviceResponse Example 2', () => { y: 'WY_RWyq4KR7iLM0ZseIK9Apkt069aM1T5b5HZyEYiXE', crv: 'P-256', }); - }); - // this is a Mobile Driver License randomly generated for the purpose of this test - // signed with the randomly generated private key. - const encodedDeviceResponse = hex`a36776657273696f6e63312e3069646f63756d656e747381a267646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c6973737565725369676e6564a26a6e616d65537061636573a26d6f72672e616c65782e7465737481d8185859a4686469676573744944006672616e646f6d582028719f311bb3a1f97c6f568d6f471de66a26479a07688747ba7453abb9e0bc4871656c656d656e744964656e74696669657264636f6f6c6c656c656d656e7456616c7565f5716f72672e69736f2e31383031332e352e318bd8185865a4686469676573744944006672616e646f6d582011bb3d1442c3daeab05bc91b82241c9c2628fd3c456aed33accb4c0d17cf3bbd71656c656d656e744964656e7469666965726b66616d696c795f6e616d656c656c656d656e7456616c756565536d697468d8185863a4686469676573744944016672616e646f6d5820dd54235fbddbddac9bc7f4db7b35aa3281fd67b891a85cfcdce791f03c61106071656c656d656e744964656e7469666965726a676976656e5f6e616d656c656c656d656e7456616c7565644a6f686ed818586ca4686469676573744944026672616e646f6d5820c606430947373fdf55afb3019f5a0ad0dcf688200ccd4460b66916cee8c5dbff71656c656d656e744964656e7469666965726a62697274685f646174656c656c656d656e7456616c7565d903ec6a313938302d30362d3135d818586ca4686469676573744944036672616e646f6d5820958ec7c03b138d3cb579417179e1b04389a40d1bc1443dae648516dd9f60261f71656c656d656e744964656e7469666965726a69737375655f646174656c656c656d656e7456616c7565d903ec6a323032332d30332d3031d818586da4686469676573744944046672616e646f6d582045abe3f572b1c021fc822541a5062877050c9217eb08b6e03a9f7616585b36ac71656c656d656e744964656e7469666965726b6578706972795f646174656c656c656d656e7456616c7565d903ec6a323032382d30332d3331d8185866a4686469676573744944056672616e646f6d5820925ce44adce713e000fc432df9a60a85a3e0595e2378e55b639eabca17e2bb6f71656c656d656e744964656e7469666965726f69737375696e675f636f756e7472796c656c656d656e7456616c7565625553d818586aa4686469676573744944066672616e646f6d5820ab8fec3ad24e9ea6b782858919328866b4a458effe6c2529eab679a3fb0a7e6e71656c656d656e744964656e74696669657269617574686f726974796c656c656d656e7456616c75656c4e657720596f726b20444d56d818586fa4686469676573744944076672616e646f6d5820c126ece7b5a32f2f6036edae0800b05ef27ab55a1eaef1b02b75f889fcfcd33b71656c656d656e744964656e7469666965726f646f63756d656e745f6e756d6265726c656c656d656e7456616c75656b30312d3333332d37303730d8185861a4686469676573744944086672616e646f6d582025f1a39ccd8acc7ca1f57cc4505ef13548b94bea791198dd2ffe8a61190ee14e71656c656d656e744964656e74696669657268706f7274726169746c656c656d656e7456616c75656462737472d81858ada4686469676573744944096672616e646f6d582083bfaa80d22aa5b17deae2a58bb0aba80cccce9993e08b38d1e0c2dd23c6176d71656c656d656e744964656e7469666965727264726976696e675f70726976696c656765736c656c656d656e7456616c756581a37576656869636c655f63617465676f72795f636f646561436a69737375655f646174656a323032332d30332d30316b6578706972795f646174656a323032382d30332d3331d8185878a46864696765737449440a6672616e646f6d58204db2cc1b7b5c1281b4ad0811948d1ba3a1c0a270e70ed0abbfdb15424f3da34d71656c656d656e744964656e74696669657276756e5f64697374696e6775697368696e675f7369676e6c656c656d656e7456616c75656d7462642d75732e6e792e646d766a697373756572417574688443a10126a1044231315902aca66776657273696f6e63312e306f646967657374416c676f726974686d667368613235366c76616c756544696765737473a26d6f72672e616c65782e74657374a1613058206b7684282d4be8673224c28b265d786abee02f52aa39a2c9e069cbafab4e90e3716f72672e69736f2e31383031332e352e31ab61305820336dad83bacbb10c4e68928bfe68461f1509bfa016485454a4fb44265e1131f361315820ef5ab2dfab1d149db38f0042e5a81ced13c6535c8bb47dd4949259f34bcbab5d61325820dc88c9e97dce4f4adec211c9d48a28feee95b01828be8400d70499079af1f631613358208c5a3335d5e240512cef6d5fb434d17b2025d4d82d3b3fd8d28b70c059742f2261345820b095b9c40677a110794aca2d676c20d648cdad210a1afaf5a7751124645ca80f613558204af23f8175181cd3b42448cdffe4f3a23249968ed4939f7bc923370d40eac81061365820868270a4e3600d3b485691c80a2351f486bf923bfa4062e7970b38f90b2aff6c61375820550826a81410c5ae4525154b941cc5882df121420e548219b0e4c9cb8abdb06b61385820999f6f2c59285552823e08c195aaa55aff2959e307fea30992a94a25db5cc59f6139582072f084c7e796bb55e08550b56eef6c27492f9ffdca83fae7c607180d04e324616231305820ede29da07f1f9faca45c254cc735bb7b96ac4e8285c6ea39723be94ba968917f6d6465766963654b6579496e666fa1696465766963654b6579f767646f6354797065756f72672e69736f2e31383031332e352e312e6d444c6c76616c6964697479496e666fa3667369676e656456c074323032332d30392d31315432303a33383a30355a6976616c696446726f6d56c074323032332d30392d31315432303a33383a30355a6a76616c6964556e74696c56c074323032332d30392d31325430313a33383a30355a584010e6943c5475face861933d0f554f65e82621ab4414452f9fc13dc90685af8a791c2f9216c6075ba6acb7e49938b170018b33f70f812a1f6b784aa57a7af15fc6673746174757300`; - - beforeAll(async () => { - parsed = await parse(encodedDeviceResponse); + parsed = parse(encodedDeviceResponse); }); + it('should match the snapshot', () => { expect(parsed).toMatchSnapshot(); }); @@ -42,8 +42,9 @@ describe('parse DeviceResponse Example 2', () => { }); it('should verify the issuerAuth', async () => { - const r = await parsed.documents[0].issuerSigned.issuerAuth.verify(publicKey); - expect(r).toBeTruthy(); + await parsed.documents[0].issuerSigned.issuerAuth.verify(publicKey); + + // should not throw }); it('should decoded protected headers', () => { diff --git a/package-lock.json b/package-lock.json index 0518aad..6bb24c2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "buffer": "^6.0.3", "cbor-x": "^1.6.0", "compare-versions": "^6.0.0", - "cose-kit": "^1.7.1", + "cose-kit": "^3.0.0", "debug": "^4.3.4", "jose": "^4.15.5", "uncrypto": "^0.1.3" @@ -1920,6 +1920,12 @@ "node": "^14.15.0 || ^16.10.0 || >=18.0.0" } }, + "node_modules/@jfromaniello/typedmap": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@jfromaniello/typedmap/-/typedmap-1.4.1.tgz", + "integrity": "sha512-ezcaQW4xtkFehW6rCWOtSwv1bM2qRgyhC9H2RkkqfZlERCN8IpbHKA3hbr0HowX0YVrm6Bk0I8xOcVV2atJyXA==", + "license": "MIT" + }, "node_modules/@jridgewell/gen-mapping": { "version": "0.3.5", "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", @@ -3587,10 +3593,12 @@ "dev": true }, "node_modules/cose-kit": { - "version": "1.7.1", - "resolved": "https://registry.npmjs.org/cose-kit/-/cose-kit-1.7.1.tgz", - "integrity": "sha512-bfpEIporciHSdT1Y0q9S8XxuNySQApJJBZzpdAsJMelZVGNXuL+aL6/Dthq9QS8p+FId9Wj3T6QkUo15PyYe9Q==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cose-kit/-/cose-kit-3.0.0.tgz", + "integrity": "sha512-ktGpsK6R2r3ZhvxehJ055uq2c5IZ260Ow6FI9Aof9Bjpc2y0gfdwHs2xGTn4Rxk5BaWSELCg+3+U4ZcDqlRYCQ==", + "license": "MIT", "dependencies": { + "@jfromaniello/typedmap": "^1.4.0", "@peculiar/webcrypto": "^1.4.3", "cbor-x": "^1.5.4", "jose": "^4.14.6", @@ -9538,6 +9546,11 @@ "chalk": "^4.0.0" } }, + "@jfromaniello/typedmap": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@jfromaniello/typedmap/-/typedmap-1.4.1.tgz", + "integrity": "sha512-ezcaQW4xtkFehW6rCWOtSwv1bM2qRgyhC9H2RkkqfZlERCN8IpbHKA3hbr0HowX0YVrm6Bk0I8xOcVV2atJyXA==" + }, "@jridgewell/gen-mapping": { "version": "0.3.5", "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", @@ -10815,10 +10828,11 @@ "dev": true }, "cose-kit": { - "version": "1.7.1", - "resolved": "https://registry.npmjs.org/cose-kit/-/cose-kit-1.7.1.tgz", - "integrity": "sha512-bfpEIporciHSdT1Y0q9S8XxuNySQApJJBZzpdAsJMelZVGNXuL+aL6/Dthq9QS8p+FId9Wj3T6QkUo15PyYe9Q==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cose-kit/-/cose-kit-3.0.0.tgz", + "integrity": "sha512-ktGpsK6R2r3ZhvxehJ055uq2c5IZ260Ow6FI9Aof9Bjpc2y0gfdwHs2xGTn4Rxk5BaWSELCg+3+U4ZcDqlRYCQ==", "requires": { + "@jfromaniello/typedmap": "^1.4.0", "@peculiar/webcrypto": "^1.4.3", "cbor-x": "^1.5.4", "jose": "^4.14.6", diff --git a/package.json b/package.json index f402c26..b55bae7 100644 --- a/package.json +++ b/package.json @@ -70,7 +70,7 @@ "buffer": "^6.0.3", "cbor-x": "^1.6.0", "compare-versions": "^6.0.0", - "cose-kit": "^1.7.1", + "cose-kit": "^3.0.0", "debug": "^4.3.4", "jose": "^4.15.5", "uncrypto": "^0.1.3" diff --git a/src/mdoc/Verifier.ts b/src/mdoc/Verifier.ts index 0dddb7a..778acde 100644 --- a/src/mdoc/Verifier.ts +++ b/src/mdoc/Verifier.ts @@ -2,7 +2,7 @@ import { compareVersions } from 'compare-versions'; import { X509Certificate } from '@peculiar/x509'; import { importX509, JWK, KeyLike } from 'jose'; import { Buffer } from 'buffer'; -import { COSEKeyToJWK, Sign1, importCOSEKey } from 'cose-kit'; +import { COSEKey, Sign1 } from 'cose-kit'; import crypto from 'uncrypto'; import { MDoc } from './model/MDoc'; @@ -66,13 +66,23 @@ export class Verifier { } } - const verificationResult = verificationKey && await issuerAuth.verify(verificationKey); - onCheck({ - status: verificationResult ? 'PASSED' : 'FAILED', - check: 'Issuer signature must be valid', - id: VerificationAssessmentId.ISSUER_AUTH.IssuerSignatureValidity, - }); - + if (verificationKey) { + await issuerAuth.verify(verificationKey).then(() => { + onCheck({ + status: 'PASSED', + check: 'Issuer signature must be valid', + id: VerificationAssessmentId.ISSUER_AUTH.IssuerSignatureValidity, + }); + }, (error) => { + onCheck({ + status: 'FAILED', + check: 'Issuer signature must be valid', + id: VerificationAssessmentId.ISSUER_AUTH.IssuerSignatureValidity, + reason: error instanceof Error ? error.message : String(error), + }); + }); + } + // Validity const { validityInfo } = issuerAuth.decodedPayload; const now = new Date(); @@ -157,13 +167,13 @@ export class Verifier { } if (deviceAuth.deviceSignature) { - const deviceKey = await importCOSEKey(deviceKeyCoseKey); + const deviceKey = await COSEKey.import(deviceKeyCoseKey).toKeyLike(); // ECDSA/EdDSA authentication try { const ds = deviceAuth.deviceSignature; - const verificationResult = await new Sign1( + await new Sign1( ds.protectedHeaders, ds.unprotectedHeaders, deviceAuthenticationBytes, @@ -171,7 +181,7 @@ export class Verifier { ).verify(deviceKey); onCheck({ - status: verificationResult ? 'PASSED' : 'FAILED', + status: 'PASSED', check: 'Device signature must be valid', id: VerificationAssessmentId.DEVICE_AUTH.DeviceSignatureValidity, }); @@ -215,14 +225,12 @@ export class Verifier { options.sessionTranscriptBytes, ); - const isValid = await deviceAuth.deviceMac.verify( + await deviceAuth.deviceMac.verify( ephemeralMacKey, - undefined, - deviceAuthenticationBytes, + {detachedPayload: deviceAuthenticationBytes}, ); - onCheck({ - status: isValid ? 'PASSED' : 'FAILED', + status: 'PASSED', check: 'Device MAC must be valid', id: VerificationAssessmentId.DEVICE_AUTH.DeviceMacValidity, }); @@ -396,9 +404,8 @@ export class Verifier { const document = decoded.documents[0]; const { issuerAuth } = document.issuerSigned; - const issuerCert = issuerAuth.x5chain && - issuerAuth.x5chain.length > 0 && - new X509Certificate(issuerAuth.x5chain[0]); + const issuerCertBytes = issuerAuth.x5chain?.[0] + const issuerCert = issuerCertBytes && new X509Certificate(Uint8Array.from(issuerCertBytes)); const attributes = (await Promise.all(Object.keys(document.issuerSigned.nameSpaces).map(async (ns) => { const items = document.issuerSigned.nameSpaces[ns]; @@ -430,7 +437,7 @@ export class Verifier { if (document?.issuerSigned.issuerAuth) { const { deviceKeyInfo } = document.issuerSigned.issuerAuth.decodedPayload; if (deviceKeyInfo?.deviceKey) { - deviceKey = COSEKeyToJWK(deviceKeyInfo.deviceKey); + deviceKey = COSEKey.import(deviceKeyInfo.deviceKey).toJWK(); } } const disclosedAttributes = attributes.filter((attr) => attr.isValid).length; diff --git a/src/mdoc/model/DeviceResponse.ts b/src/mdoc/model/DeviceResponse.ts index bb9287a..e084441 100644 --- a/src/mdoc/model/DeviceResponse.ts +++ b/src/mdoc/model/DeviceResponse.ts @@ -1,5 +1,5 @@ import * as jose from 'jose'; -import { COSEKeyFromJWK, COSEKeyToJWK, Mac0, Sign1, importCOSEKey } from 'cose-kit'; +import { Mac0, Sign1, COSEKey, Headers, Algorithms, ProtectedHeaders, UnprotectedHeaders, MacAlgorithms } from 'cose-kit'; import { Buffer } from 'buffer'; import { InputDescriptor, PresentationDefinition } from './PresentationDefinition'; import { MDoc } from './MDoc'; @@ -10,7 +10,6 @@ import { IssuerSignedItem } from '../IssuerSignedItem'; import { parse } from '../parser'; import { calculateDeviceAutenticationBytes, calculateEphemeralMacKey } from '../utils'; import { DataItem, cborEncode } from '../../cbor'; -import COSEKeyToRAW from '../../cose/coseKey'; /** * A builder class for creating a device response. @@ -151,8 +150,8 @@ export class DeviceResponse { this.usingSessionTranscriptBytes( cborEncode( DataItem.fromData([ - new DataItem({ buffer: deviceEngagementBytes }), - new DataItem({ buffer: eReaderKeyBytes }), + new DataItem({ buffer: Uint8Array.from(deviceEngagementBytes) }), + new DataItem({ buffer: Uint8Array.from(eReaderKeyBytes) }), readerEngagementBytes, ]), ), @@ -186,7 +185,7 @@ export class DeviceResponse { if (devicePrivateKey instanceof Uint8Array) { this.devicePrivateKey = devicePrivateKey; } else { - this.devicePrivateKey = COSEKeyFromJWK(devicePrivateKey); + this.devicePrivateKey = COSEKey.fromJWK(devicePrivateKey).encode(); } this.alg = alg; this.useMac = false; @@ -209,7 +208,7 @@ export class DeviceResponse { if (devicePrivateKey instanceof Uint8Array) { this.devicePrivateKey = devicePrivateKey; } else { - this.devicePrivateKey = COSEKeyFromJWK(devicePrivateKey); + this.devicePrivateKey = COSEKey.fromJWK(devicePrivateKey).encode(); } this.ephemeralPublicKey = ephemeralPublicKey; this.macAlg = alg; @@ -270,7 +269,7 @@ export class DeviceResponse { deviceAuthenticationBytes: Uint8Array, sessionTranscriptBytes: any, ): Promise { - const { kid } = COSEKeyToJWK(this.devicePrivateKey); + const { kid } = COSEKey.import(this.devicePrivateKey).toJWK(); const ephemeralMacKey = await calculateEphemeralMacKey( this.devicePrivateKey, @@ -279,8 +278,8 @@ export class DeviceResponse { ); const mac = await Mac0.create( - { alg: this.macAlg }, - { kid }, + [[Headers.Algorithm, MacAlgorithms[this.macAlg]]], + [[Headers.KeyID, typeof kid === 'string' ? new TextEncoder().encode(kid) : kid]], deviceAuthenticationBytes, ephemeralMacKey, ); @@ -290,13 +289,18 @@ export class DeviceResponse { private async getDeviceAuthSign(cborData: Uint8Array): Promise { if (!this.devicePrivateKey) throw new Error('Missing devicePrivateKey'); - const key = await importCOSEKey(this.devicePrivateKey); - const { kid } = COSEKeyToJWK(this.devicePrivateKey); - + const coseKey = await COSEKey.import(this.devicePrivateKey); + const key = await coseKey.toKeyLike(); + const { kid } = coseKey.toJWK(); + + const protectedHeaders = new ProtectedHeaders(); + protectedHeaders.set(Headers.Algorithm, Algorithms[this.alg]); + const unprotectedHeaders = new UnprotectedHeaders(); + unprotectedHeaders.set(Headers.KeyID, typeof kid === 'string' ? new TextEncoder().encode(kid) : kid); const deviceSignature = await Sign1.sign( - { alg: this.alg }, - { kid }, - Buffer.from(cborData), + protectedHeaders, + unprotectedHeaders, + Uint8Array.from(cborData), key, ); return { deviceSignature }; diff --git a/src/mdoc/model/Document.ts b/src/mdoc/model/Document.ts index 4ad7d3d..8e6eaf6 100644 --- a/src/mdoc/model/Document.ts +++ b/src/mdoc/model/Document.ts @@ -1,5 +1,5 @@ import * as jose from 'jose'; -import { COSEKeyFromJWK, COSEKeyToJWK, ProtectedHeaders, UnprotectedHeaders } from 'cose-kit'; +import { COSEKey, ProtectedHeaders, UnprotectedHeaders, Headers, Algorithms } from 'cose-kit'; import { fromPEM } from '../utils'; import { DataItem, DateOnly, cborDecode, cborEncode } from '../../cbor'; import { IssuerSignedItem } from '../IssuerSignedItem'; @@ -108,7 +108,7 @@ export class Document { const deviceKeyCOSEKey = deviceKey instanceof Uint8Array ? deviceKey : - COSEKeyFromJWK(deviceKey); + COSEKey.fromJWK(deviceKey).encode(); const decodedCoseKey = cborDecode(deviceKeyCOSEKey); this.#deviceKeyInfo = { @@ -189,7 +189,7 @@ export class Document { } const issuerPrivateKeyJWK = params.issuerPrivateKey instanceof Uint8Array ? - COSEKeyToJWK(params.issuerPrivateKey) : + COSEKey.import(params.issuerPrivateKey).toJWK() : params.issuerPrivateKey; const issuerPrivateKey = await jose.importJWK(issuerPrivateKeyJWK); @@ -213,16 +213,19 @@ export class Document { }; const payload = cborEncode(DataItem.fromData(mso)); - const protectedHeader: ProtectedHeaders = { alg: params.alg }; - const unprotectedHeader: UnprotectedHeaders = { - kid: params.kid ?? issuerPrivateKeyJWK.kid, - x5chain: issuerCertificateChain.length === 1 ? issuerCertificateChain[0] : issuerCertificateChain, - }; + const protectedHeader: ProtectedHeaders = new ProtectedHeaders(); + protectedHeader.set(Headers.Algorithm, Algorithms[params.alg]); + + const unprotectedHeader: UnprotectedHeaders = new UnprotectedHeaders() + if (params.kid) { + unprotectedHeader.set(Headers.KeyID, typeof params.kid === 'string' ? new TextEncoder().encode(params.kid) : params.kid); + } + unprotectedHeader.set(Headers.X5Chain, issuerCertificateChain.length === 1 ? issuerCertificateChain[0] : issuerCertificateChain); const issuerAuth = await IssuerAuth.sign( protectedHeader, unprotectedHeader, - payload, + Uint8Array.from(payload), issuerPrivateKey, ); diff --git a/src/mdoc/utils.ts b/src/mdoc/utils.ts index 440043c..8a288ab 100644 --- a/src/mdoc/utils.ts +++ b/src/mdoc/utils.ts @@ -5,7 +5,7 @@ import { p521 } from '@noble/curves/p521'; import * as webcrypto from 'uncrypto'; import { Buffer } from 'buffer'; import hkdf from '@panva/hkdf'; -import { COSEKeyToJWK } from 'cose-kit'; +import { COSEKey } from 'cose-kit'; import { cborEncode, cborDecode } from '../cbor'; import { DataItem } from '../cbor/DataItem'; @@ -49,7 +49,7 @@ export const calculateEphemeralMacKey = async ( publicKey: Uint8Array | Map, sessionTranscriptBytes: Uint8Array, ): Promise => { - const { kty, crv } = COSEKeyToJWK(privateKey); + const { kty, crv } = COSEKey.import(privateKey).toJWK(); const privkey = COSEKeyToRAW(privateKey); // only d const pubkey = COSEKeyToRAW(publicKey); // 0x04 || x || y let ikm; From 0c8b635954a094a7301216b04567276672aadb67 Mon Sep 17 00:00:00 2001 From: Antonio Ivanovski Date: Tue, 18 Nov 2025 14:55:23 +0100 Subject: [PATCH 2/2] add multipaz test --- __tests__/example/multipazExample.tests.ts | 41 ++++++++++++++++++++++ package-lock.json | 13 +++---- 2 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 __tests__/example/multipazExample.tests.ts diff --git a/__tests__/example/multipazExample.tests.ts b/__tests__/example/multipazExample.tests.ts new file mode 100644 index 0000000..7e4328b --- /dev/null +++ b/__tests__/example/multipazExample.tests.ts @@ -0,0 +1,41 @@ +import { hex, base64url } from 'buffer-tag'; +import { Verifier } from '../../src/index'; + +const MULTIPAZ_ISSUER_CERTIFICATE = `-----BEGIN CERTIFICATE----- +MIICpjCCAi2gAwIBAgIQiiieDKBRbQvx4FJgTHQFbTAKBggqhkjOPQQDAzAuMR8wHQYDVQQDDBZP +V0YgTXVsdGlwYXogVEVTVCBJQUNBMQswCQYDVQQGDAJVUzAeFw0yNDEyMDEwMDAwMDBaFw0zNDEy +MDEwMDAwMDBaMC4xHzAdBgNVBAMMFk9XRiBNdWx0aXBheiBURVNUIElBQ0ExCzAJBgNVBAYMAlVT +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+QDye70m2O0llPXMjVjxVZz3m5k6agT+wih+L79b7jyq +Ul99sbeUnpxaLD+cmB3HK3twkA7fmVJSobBc+9CDhkh3mx6n+YoH5RulaSWThWBfMyRjsfVODkos +HLCDnbPVo4IBDjCCAQowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwTAYDVR0S +BEUwQ4ZBaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50 +aXR5LWNyZWRlbnRpYWwwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cHM6Ly9naXRodWIuY29tL29wZW53 +YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50aXR5LWNyZWRlbnRpYWwvY3JsMB0GA1UdDgQWBBSr +ZRvgVsKQU/Hdf2zkh75o3mDJ9TAfBgNVHSMEGDAWgBSrZRvgVsKQU/Hdf2zkh75o3mDJ9TAKBggq +hkjOPQQDAwNnADBkAjAtTLS7FfsbUe/SKlIhYgnDcD6fDgiUaUR4htNhFVHPA4d8OlUGqmof76xi +eBjEc9MCMGKk27tss0KCk93qaRsZ7NuAGWMSun6mraePJ7PUpaYz2/6zztu51kYK6NftObq4fw== +-----END CERTIFICATE-----` + +describe('example 1: valid device response with full disclosure', () => { + // const ephemeralReaderKey = hex`534b526561646572`; + const encodedSessionTranscript = hex`83f6f68358203f05353416dafae1024b7d3f112e8cd96f344ad8da02be6a97f3f3fd7e78b3df58208ee9a6ef6e23c192d1ac17ac716452a883caf32c01e241b231ed9c347c50688b78266e2d65623038616362372d373665642d346438302d383439362d366638383236326436363735`; + const deviceResponse = base64url`o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBld2V1LmV1cm9wYS5lYy5ldWRpLnBpZC4xbGlzc3VlclNpZ25lZKJqbmFtZVNwYWNlc6F3ZXUuZXVyb3BhLmVjLmV1ZGkucGlkLjGI2BhYWqRoZGlnZXN0SUQYGGZyYW5kb21QoNrqDE5lGi-PPT7KsJ-J23FlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVqTXVzdGVybWFubtgYWFOkaGRpZ2VzdElEFWZyYW5kb21QAM7TPipxg_bxRFn8eb1z6HFlbGVtZW50SWRlbnRpZmllcmpnaXZlbl9uYW1lbGVsZW1lbnRWYWx1ZWVFcmlrYdgYWFukaGRpZ2VzdElEFmZyYW5kb21QS48QY5x1NDgBUyUcB4pBa3FlbGVtZW50SWRlbnRpZmllcmpiaXJ0aF9kYXRlbGVsZW1lbnRWYWx1ZdkD7GoxOTcxLTA5LTAx2BhYW6RoZGlnZXN0SUQYGmZyYW5kb21QIRyF2kynZy-TAgksAYL-BXFlbGVtZW50SWRlbnRpZmllcmtiaXJ0aF9wbGFjZWxlbGVtZW50VmFsdWVrU2FtcGxlIENpdHnYGFhVpGhkaWdlc3RJRBRmcmFuZG9tUHK79UJ6mFGV7klMGf6EKNhxZWxlbWVudElkZW50aWZpZXJrbmF0aW9uYWxpdHlsZWxlbWVudFZhbHVlgmJaWmJYWtgYWF2kaGRpZ2VzdElEGBxmcmFuZG9tUDtIWbslgxJHODubfXmfQqpxZWxlbWVudElkZW50aWZpZXJrZXhwaXJ5X2RhdGVsZWxlbWVudFZhbHVl2QPsajIwMjgtMDktMDHYGFhspGhkaWdlc3RJRA9mcmFuZG9tUDC4FhFEAUe2sbefeltqlR1xZWxlbWVudElkZW50aWZpZXJxaXNzdWluZ19hdXRob3JpdHlsZWxlbWVudFZhbHVld1V0b3BpYSBDZW50cmFsIFJlZ2lzdHJ52BhYVqRoZGlnZXN0SUQYG2ZyYW5kb21Q8QbPRB57dLjAWN_FgzIaPnFlbGVtZW50SWRlbnRpZmllcm9pc3N1aW5nX2NvdW50cnlsZWxlbWVudFZhbHVlYlVTamlzc3VlckF1dGiEQ6EBJqEYIVkCjjCCAoowggIRoAMCAQICEH6yzGyyoBE155PMSBiojRowCgYIKoZIzj0EAwMwLjEfMB0GA1UEAwwWT1dGIE11bHRpcGF6IFRFU1QgSUFDQTELMAkGA1UEBgwCVVMwHhcNMjUwOTIyMTE0NDA3WhcNMjYxMjIxMTE0NDA3WjAsMR0wGwYDVQQDDBRPV0YgTXVsdGlwYXogVEVTVCBEUzELMAkGA1UEBgwCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAThaFjj5MVPbji5lwHPgJH9Sz-FANVNipgpr4kAVSnvdC1L0Ic0jjdJp2mqDfodMD9nyy2Peu3-xUtCO7h1MdsIo4IBETCCAQ0wHwYDVR0jBBgwFoAUq2Ub4FbCkFPx3X9s5Ie-aN5gyfUwDgYDVR0PAQH_BAQDAgeAMBUGA1UdJQEB_wQLMAkGByiBjF0FAQIwTAYDVR0SBEUwQ4ZBaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50aXR5LWNyZWRlbnRpYWwwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50aXR5LWNyZWRlbnRpYWwvY3JsMB0GA1UdDgQWBBQCRuCYeTUJYmQoCo_C6ClJM8vJ2TAKBggqhkjOPQQDAwNnADBkAjB2XfIOM9H1zzOtJlvTgDf7I-AzhMsees2fgaYvzmnSZ0zwOhdNzelgcXFAi9ZmhuECMFdFywsVzSw4a7hYOCa-xSNcQCQP2ASeoFxS6Syb-iNxXAhfJwCakEn4R3RrL_9JqVkFqtgYWQWlpmd2ZXJzaW9uYzEuMG9kaWdlc3RBbGdvcml0aG1nU0hBLTI1Nmdkb2NUeXBld2V1LmV1cm9wYS5lYy5ldWRpLnBpZC4xbHZhbHVlRGlnZXN0c6F3ZXUuZXVyb3BhLmVjLmV1ZGkucGlkLjG4IBgYWCCWlCYeyLWEmp8nP9t_XlqIRRxIxUobSaBmPeYKLxCfrRVYIIGmXTmzXMR9mMnUAKGiZDDPEgBAsNnt_c9xSw1Mh1wfFlggDc3APBVCjuC-FLdl2GAsFYzwiwAquX7HfADMk3z7wE0MWCA-QYZhfqkvLlIm23pkslSk9Wb3EqV--uEY9N7GdoNmMxFYIG-JB9-qxhMi0EdawnwyLOBw-U8K7YgY5aRNFxfWMzBmE1gg46aZNp_RTa7VJ4wN81kb1doL2jfYJsBsM6Ou76OSHUkYHVggHrTFp67MB1PzPZlfkL5QuPstPx10KFols_OVm6usPN8KWCAEPLa6MONnPFcCLXy_opwnzaOnVAt38sQCKB_QDmAtpBBYIBLm-fF2e69GGwO3Jup25VRzRb5VwIBhUPZmpv8HxeyCGBpYIFZJ_fxvsY-BECUACd3OxK93xk-ilgr_Qdtg3ecMdwn6DlggHaPfIpx2KmIQtb8N-fGcmvCcgopLGAgBnn-bkpEyQWwNWCArHV8IQN_t4IPa4I-_ThY6NTC1L10iLue1IvxjuPq_YRgfWCAqI9u-v1c3qsBqDDge3KHnodu54rs3WOsXqMj6Y5LVVRdYIGBdhOzVCy-WamjbOEMJp9xSPNl_Hv21C_OkkM8-EKDoGB5YIE37aBkGmQV80XZqmzXuSzN3FJpT_mC7_gl9Snx1pEUXElggWP7RaHPI_KkivPFLU_lMCnL9xoI4bU_v9LKnBlUkCGgBWCACGGKoHiOx7LrvKfX_FbUYOTK00nmikJYC9X5YEsHPKgdYILkgDLokWDBr8b0hRze0CCBscQoEcIz6hXngFruAF3iVC1ggKuvYCs8APsWKVXsBahoNzsQELBJRT-bkbBZVrva4JA4JWCBoG4Bgeq8RQnytpuul8MKftrZ3rZSZR1YZmEi6kqm9hgNYILT2hQ-aEVMtFp9sNh_tG7TOHRVZIh4e5YbxBvSWB5G4FFggdGb-Dljo6gkvL0PyRVVWK4STTbXNBj8oQb3XIPdFmdgFWCBLeiBKxWD3HJWG97AdLa-L-ahFVvGV_6a1lkX2l0B5YBgcWCBwUTa0tC6XXFjf27K0RVzM_3ar9XTu0KsC74tr18OsRA9YIFf_tSWsGk2Jhu0rK9vldJHoH0YcH0J2Vl0TtuNAHPwxAFgghbuhZyf7Vv5R5LAl7rcZvoHQj_en9FtkdAEjC60VfEcEWCD0iIkiwJhegg8nt2QQLv4WNQC2tj9efgJxV9dqr901YwhYIL7RlSK8y_r1R_GxVqMzH2SPCuiqI9CiZq6y7dVpHZLdGBtYINhc5-KE6QFQmZEEc7mLSYyEr6a-KQ3dpq9YhsLKBWjaBlggXm7T_jmHt9Jni7LM4Kd3t1-m7lBdP5WqubX5Z2nl6usCWCDQGn__ldo6DJiK_4LCTk7EZqpS9LLcC-RoVn4p-hAnVhgZWCCMq9lI60CXgGn3_95-5yyDQ2hFzWBlB9r7I9t0nEKH0G1kZXZpY2VLZXlJbmZvoWlkZXZpY2VLZXmkAQIgASFYIMQqkVk9duGfcYKy112VgkoLkwjU1c3zE6fWgfZA4aaNIlggwgC6nTrJH1XAkFMilJEZo8VdNxCJ8ERNNsImDIA5wF9sdmFsaWRpdHlJbmZvo2ZzaWduZWTAdDIwMjUtMDktMjNUMTA6NDQ6MTBaaXZhbGlkRnJvbcB0MjAyNS0wOS0yM1QxMDo0NDoxMFpqdmFsaWRVbnRpbMB0MjAyNi0wOS0yM1QxMTo0NDoxMFpYQE4aOJSvBtbx7dm9OPKnIIbKWGqErbm-au8rImes1C-XBfeR2SBi7xb3N6glaqZ04etCXfqPgkX5-bGSUOJKYDVsZGV2aWNlU2lnbmVkompuYW1lU3BhY2Vz2BhBoGpkZXZpY2VBdXRooW9kZXZpY2VTaWduYXR1cmWEQ6EBJqD2WEA84IhKZ5hHTQfbXEOaPaNyGU1nSMLldiLigj9K90qYC23szZgMK_adlIl2SZYyMM8Hamlo1aFEi5MqufSGS1wjZnN0YXR1cwA`; + const verifier = new Verifier([MULTIPAZ_ISSUER_CERTIFICATE]); + + it('should verify properly', async () => { + await verifier.verify(Uint8Array.from(deviceResponse), { + encodedSessionTranscript: Uint8Array.from(encodedSessionTranscript) + }); + }); + + it('should be able to verify without ephemeralReaderKey and encodedSessionTrasncript', async () => { + await verifier.verify(Uint8Array.from(deviceResponse), { + onCheck: (verification, original) => { + if (verification.category === 'DEVICE_AUTH') { + return; + } + original(verification); + }, + }); + }); +}); diff --git a/package-lock.json b/package-lock.json index 6bb24c2..19464aa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6052,9 +6052,10 @@ } }, "node_modules/jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==", + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", + "license": "MIT", "funding": { "url": "https://github.com/sponsors/panva" } @@ -12590,9 +12591,9 @@ "dev": true }, "jose": { - "version": "4.15.5", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.5.tgz", - "integrity": "sha512-jc7BFxgKPKi94uOvEmzlSWFFe2+vASyXaKUpdQKatWAESU2MWjDfFf0fdfc83CDKcA5QecabZeNLyfhe3yKNkg==" + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==" }, "js-tokens": { "version": "4.0.0",