feat: Added OIDC4VP logic for client_id_scheme = verifier_attestation #…

…2561
TalaoDAO · Apr 4, 2024 · ff48091 · ff48091
1 parent f7363dc
commit ff48091
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 3 deletions.
diff --git a/lib/app/shared/helper_functions/helper_functions.dart b/lib/app/shared/helper_functions/helper_functions.dart
@@ -1802,10 +1802,8 @@ Future<Map<String, dynamic>?> checkX509({
   required String encodedData,
   required String clientId,
   required JWTDecode jwtDecode,
+  required Map<String, dynamic> header,
 }) async {
-  final Map<String, dynamic> header =
-      decodeHeader(jwtDecode: jwtDecode, token: encodedData);
-
   final x5c = header['x5c'];
 
   if (x5c != null) {
@@ -1881,3 +1879,42 @@ Future<Map<String, dynamic>?> checkX509({
   }
   return null;
 }
+
+Future<Map<String, dynamic>?> checkVerifierAttestation({
+  required String clientId,
+  required JWTDecode jwtDecode,
+  required Map<String, dynamic> header,
+}) async {
+  final jwt = header['jwt'];
+
+  if (jwt == null) {
+    throw ResponseMessage(
+      data: {
+        'error': 'invalid_format',
+        'error_description': 'verifier_attestation scheme error',
+      },
+    );
+  }
+
+  final Map<String, dynamic> verifierAttestationPayload =
+      decodePayload(jwtDecode: jwtDecode, token: jwt.toString());
+
+  final sub = verifierAttestationPayload['sub'];
+  final cnf = verifierAttestationPayload['cnf'];
+
+  if (sub == null ||
+      sub != clientId ||
+      cnf == null ||
+      cnf is! Map<String, dynamic> ||
+      !cnf.containsKey('jwk') ||
+      cnf['jwk'] is! Map<String, dynamic>) {
+    throw ResponseMessage(
+      data: {
+        'error': 'invalid_format',
+        'error_description': 'verifier_attestation scheme error',
+      },
+    );
+  }
+
+  return cnf['jwk'] as Map<String, dynamic>;
+}
diff --git a/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart b/lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart
@@ -1089,11 +1089,20 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
         final clientIdScheme = payload['client_id_scheme'];
 
         if (clientIdScheme != null) {
+          final Map<String, dynamic> header =
+              decodeHeader(jwtDecode: jwtDecode, token: encodedData);
           if (clientIdScheme == 'x509_san_dns') {
             publicKeyJwk = await checkX509(
               clientId: clientId,
               encodedData: encodedData,
               jwtDecode: jwtDecode,
+              header: header,
+            );
+          } else if (clientIdScheme == 'verifier_attestation') {
+            publicKeyJwk = await checkVerifierAttestation(
+              clientId: clientId,
+              jwtDecode: jwtDecode,
+              header: header,
             );
           }
         }