From feda636a592a36a5e6511c90084724c7524f0125 Mon Sep 17 00:00:00 2001
From: Bibash Shrestha <bibashshrestha@gmail.com>
Date: Thu, 11 Apr 2024 18:47:27 +0545
Subject: [PATCH] fix: Improve to solve regression test

---
 .../helper_functions/helper_functions.dart    |  3 --
 .../get_credential_manifest_from_altme.dart   |  1 -
 .../profile/models/profile_setting.dart       | 17 +++++-
 .../cubit/qr_code_scan_cubit.dart             | 53 ++++++++-----------
 lib/scan/cubit/scan_cubit.dart                |  7 ++-
 packages/oidc4vc/lib/src/oidc4vc.dart         | 11 ++--
 6 files changed, 52 insertions(+), 40 deletions(-)

diff --git a/lib/app/shared/helper_functions/helper_functions.dart b/lib/app/shared/helper_functions/helper_functions.dart
index 9067280fc..21dc41c58 100644
--- a/lib/app/shared/helper_functions/helper_functions.dart
+++ b/lib/app/shared/helper_functions/helper_functions.dart
@@ -693,7 +693,6 @@ Future<
   final OpenIdConfiguration openIdConfiguration = await oidc4vc.getOpenIdConfig(
     baseUrl: issuer,
     isAuthorizationServer: false,
-    oidc4vciDraftType: oidc4vciDraftType,
   );
 
   if (preAuthorizedCode == null) {
@@ -718,7 +717,6 @@ Future<
     authorizationServerConfiguration = await oidc4vc.getOpenIdConfig(
       baseUrl: authorizationServer,
       isAuthorizationServer: true,
-      oidc4vciDraftType: oidc4vciDraftType,
     );
   }
 
@@ -969,7 +967,6 @@ Future<bool?> isEBSIV3ForVerifiers({
         await oidc4vc.getOpenIdConfig(
       baseUrl: clientId,
       isAuthorizationServer: false,
-      oidc4vciDraftType: oidc4vciDraftType,
     );
 
     final subjectTrustFrameworksSupported =
diff --git a/lib/dashboard/home/tab_bar/credentials/helper_functions/get_credential_manifest_from_altme.dart b/lib/dashboard/home/tab_bar/credentials/helper_functions/get_credential_manifest_from_altme.dart
index 9c3be9da2..f909ffd4f 100644
--- a/lib/dashboard/home/tab_bar/credentials/helper_functions/get_credential_manifest_from_altme.dart
+++ b/lib/dashboard/home/tab_bar/credentials/helper_functions/get_credential_manifest_from_altme.dart
@@ -11,7 +11,6 @@ Future<CredentialManifest> getCredentialManifestFromAltMe({
   final OpenIdConfiguration openIdConfiguration = await oidc4vc.getOpenIdConfig(
     baseUrl: 'https://issuer.talao.co',
     isAuthorizationServer: false,
-    oidc4vciDraftType: oidc4vciDraftType,
   );
   final JsonPath credentialManifetPath = JsonPath(r'$..credential_manifest');
   final credentialManifest = CredentialManifest.fromJson(
diff --git a/lib/dashboard/profile/models/profile_setting.dart b/lib/dashboard/profile/models/profile_setting.dart
index d206a9438..009cfb116 100644
--- a/lib/dashboard/profile/models/profile_setting.dart
+++ b/lib/dashboard/profile/models/profile_setting.dart
@@ -570,7 +570,12 @@ class CustomOidc4VcProfile extends Equatable {
   @JsonKey(name: 'client_secret')
   final String? clientSecret;
   final bool cryptoHolderBinding;
-  final DidKeyType defaultDid;
+  final DidKeyType
+      defaultDid; //TODO(bibash): temporary solution to avoid who have chosen 12
+  @JsonKey(
+    includeFromJson: true,
+    fromJson: oidc4vciDraftFromJson,
+  )
   final OIDC4VCIDraftType oidc4vciDraft;
   final OIDC4VPDraftType oidc4vpDraft;
   final bool scope;
@@ -587,6 +592,16 @@ class CustomOidc4VcProfile extends Equatable {
 
   Map<String, dynamic> toJson() => _$CustomOidc4VcProfileToJson(this);
 
+  static OIDC4VCIDraftType oidc4vciDraftFromJson(dynamic value) {
+    if (value == '11') {
+      return OIDC4VCIDraftType.draft11;
+    } else if (value == '12' || value == '13') {
+      return OIDC4VCIDraftType.draft13;
+    } else {
+      throw Exception();
+    }
+  }
+
   CustomOidc4VcProfile copyWith({
     ClientAuthentication? clientAuthentication,
     bool? credentialManifestSupport,
diff --git a/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart b/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart
index 186e4a808..3db598acc 100644
--- a/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart
+++ b/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart
@@ -659,29 +659,22 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
     }
 
     final redirectUri = state.uri!.queryParameters['redirect_uri'];
+    final responseUri = state.uri!.queryParameters['response_uri'];
     final clientId = state.uri!.queryParameters['client_id'];
     final isClientIdUrl = isURL(clientId.toString());
 
     /// id_token only
     if (isIDTokenOnly(responseType)) {
-      if (redirectUri == null) {
+      if (redirectUri == null && responseUri == null) {
         throw ResponseMessage(
           data: {
             'error': 'invalid_request',
-            'error_description': 'The redirect_uri is missing.',
+            'error_description':
+                'Only response_uri or redirect_uri is required.',
           },
         );
       }
 
-      // if (isUrl && redirectUri != clientId) {
-      //   throw ResponseMessage(
-      //     data: {
-      //       'error': 'invalid_request',
-      //  'error_description': 'The client_id must be equal to redirect_uri.',
-      //     },
-      //   );
-      // }
-
       if (isSecurityHigh && !keys.contains('nonce')) {
         throw ResponseMessage(
           data: {
@@ -717,8 +710,6 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
         );
       }
 
-      final responseUri = state.uri!.queryParameters['response_uri'];
-
       if (responseMode == 'direct_post') {
         final bothPresent = redirectUri != null && responseUri != null;
         final bothAbsent = redirectUri == null && responseUri == null;
@@ -747,7 +738,7 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
       if (isSecurityHigh &&
           responseUri != null &&
           isClientIdUrl &&
-          responseUri != clientId) {
+          !responseUri.contains(clientId.toString())) {
         throw ResponseMessage(
           data: {
             'error': 'invalid_request',
@@ -762,7 +753,7 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
       if (isSecurityHigh &&
           redirectUri != null &&
           isClientIdUrl &&
-          redirectUri != clientId) {
+          !redirectUri.contains(clientId.toString())) {
         throw ResponseMessage(
           data: {
             'error': 'invalid_request',
@@ -1107,21 +1098,23 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
               jwtDecode: jwtDecode,
             );
           }
-        }
 
-        final VerificationType isVerified = await verifyEncodedData(
-          issuer: clientId,
-          jwtDecode: jwtDecode,
-          jwt: encodedData,
-          publicKeyJwk: publicKeyJwk,
-        );
+          if (publicKeyJwk != null) {
+            final VerificationType isVerified = await verifyEncodedData(
+              issuer: clientId,
+              jwtDecode: jwtDecode,
+              jwt: encodedData,
+              publicKeyJwk: publicKeyJwk,
+            );
 
-        if (isVerified != VerificationType.verified) {
-          return emitError(
-            ResponseMessage(
-              message: ResponseString.RESPONSE_STRING_invalidRequest,
-            ),
-          );
+            if (isVerified != VerificationType.verified) {
+              return emitError(
+                ResponseMessage(
+                  message: ResponseString.RESPONSE_STRING_invalidRequest,
+                ),
+              );
+            }
+          }
         }
 
         emit(state.acceptHost());
@@ -1142,6 +1135,7 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
     try {
       emit(state.loading());
       final redirectUri = state.uri!.queryParameters['redirect_uri'];
+      final responseUri = state.uri!.queryParameters['response_uri'];
 
       final clientId = state.uri!.queryParameters['client_id'] ?? '';
 
@@ -1173,7 +1167,7 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
         privateKey: privateKey,
         did: did,
         kid: kid,
-        redirectUri: redirectUri!,
+        redirectUri: redirectUri ?? responseUri!,
         nonce: nonce,
         stateValue: stateValue,
         clientType: customOidc4vcProfile.clientType,
@@ -1313,7 +1307,6 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
           final openIdConfiguration = await oidc4vc.getOpenIdConfig(
             baseUrl: issuer,
             isAuthorizationServer: false,
-            oidc4vciDraftType: customOidc4vcProfile.oidc4vciDraft,
           );
 
           if (savedAccessToken == null) {
diff --git a/lib/scan/cubit/scan_cubit.dart b/lib/scan/cubit/scan_cubit.dart
index 35e1c3966..5ac04adca 100644
--- a/lib/scan/cubit/scan_cubit.dart
+++ b/lib/scan/cubit/scan_cubit.dart
@@ -213,7 +213,12 @@ class ScanCubit extends Cubit<ScanState> {
 
         final dynamic credential = await client.post(
           uri.toString(),
-          data: data,
+          data: {
+            'subject_id': did,
+            'presentation': presentations.length > 1
+                ? jsonEncode(presentations)
+                : presentations,
+          },
         );
 
         final dynamic jsonCredential =
diff --git a/packages/oidc4vc/lib/src/oidc4vc.dart b/packages/oidc4vc/lib/src/oidc4vc.dart
index 78ca960dc..53f322b87 100644
--- a/packages/oidc4vc/lib/src/oidc4vc.dart
+++ b/packages/oidc4vc/lib/src/oidc4vc.dart
@@ -151,7 +151,6 @@ class OIDC4VC {
       final openIdConfiguration = await getOpenIdConfig(
         baseUrl: issuer,
         isAuthorizationServer: false,
-        oidc4vciDraftType: oidc4vciDraftType,
       );
 
       final authorizationEndpoint = await readAuthorizationEndPoint(
@@ -793,7 +792,6 @@ class OIDC4VC {
       final authorizationServerConfiguration = await getOpenIdConfig(
         baseUrl: authorizationServer,
         isAuthorizationServer: true,
-        oidc4vciDraftType: oidc4vciDraftType,
       );
 
       if (authorizationServerConfiguration.tokenEndpoint != null) {
@@ -820,7 +818,6 @@ class OIDC4VC {
       final authorizationServerConfiguration = await getOpenIdConfig(
         baseUrl: authorizationServer,
         isAuthorizationServer: true,
-        oidc4vciDraftType: oidc4vciDraftType,
       );
 
       if (authorizationServerConfiguration.authorizationEndpoint != null) {
@@ -1579,8 +1576,14 @@ class OIDC4VC {
   Future<OpenIdConfiguration> getOpenIdConfig({
     required String baseUrl,
     required bool isAuthorizationServer,
-    OIDC4VCIDraftType? oidc4vciDraftType,
   }) async {
+    ///for OIDC4VCI, the server is an issuer the metadata are all in th
+    ////openid-issuer-configuration or some are in the /openid-configuration
+    ///(token endpoint etc,) and other are in the /openid-credential-issuer
+    ///(credential supported) for OIDC4VP and SIOPV2, the serve is a client,
+    ///the wallet is the suthorization server the verifier metadata are in
+    ////openid-configuration
+
     final url = '$baseUrl/.well-known/openid-configuration';
 
     if (!isAuthorizationServer) {