From c92a9d3eb521e20e00d4669702bf16e2f8b7c6b1 Mon Sep 17 00:00:00 2001 From: matteo-cristino Date: Fri, 8 Mar 2024 13:37:07 +0100 Subject: [PATCH] feat: integrate post to credential_issuer/credential in chain --- ...s_credential_request_to_api_credential.zen | 81 +++++++++++++++++++ ...holder_request_authorizationCode.data.json | 9 ++- ...holder_request_authorizationCode.keys.json | 9 ++- wallet/holder_request_authorizationCode.zen | 25 +++++- 4 files changed, 119 insertions(+), 5 deletions(-) create mode 100644 wallet/7_holder_sends_credential_request_to_api_credential.zen diff --git a/wallet/7_holder_sends_credential_request_to_api_credential.zen b/wallet/7_holder_sends_credential_request_to_api_credential.zen new file mode 100644 index 0000000..04fbeda --- /dev/null +++ b/wallet/7_holder_sends_credential_request_to_api_credential.zen @@ -0,0 +1,81 @@ +scenario 'w3c': DPoP + +# keys +Given I have a 'keyring' +Given I have a 'string' named 'client_id' + +# data +Given I have a 'string' named 'format' inside 'oauth_flow_parameters' +Given I have a 'string' named 'vct' inside 'oauth_flow_parameters' +Given I have a 'string' named 'Authorization' inside 'oauth_flow_parameters' +Given I have a 'string' named 'credential_endpoint' inside 'oauth_flow_parameters' +Given I have a 'string' named 'resource' inside '!external-qr-code-content' + +Given I have a 'string' named 'access_token' +Given I have a 'string' named 'c_nonce' + + +When I create jwk of es256 public key + +When I copy 'resource' to 'aud' + +If I verify 'resource' has suffix '/' +When I split the rightmost '1' bytes of 'resource' +Endif +When I append 'credential_endpoint' to 'resource' +and I rename 'resource' to 'authorization_server_credential_endpoint' + +## 1. Create proof-payload + +When I create the 'string dictionary' named 'proof-payload' + +When I create the timestamp +When I rename the 'timestamp' to 'iat' + +When I move 'iat' in 'proof-payload' + +When I rename the 'client_id' to 'iss' +When I move 'iss' in 'proof-payload' +When I move 'aud' in 'proof-payload' + +When I rename the 'c_nonce' to 'nonce' +When I move 'nonce' in 'proof-payload' + +## end 1. + +## 2. create proof-header + +When I create the 'string dictionary' named 'proof-header' +When I set 'alg' to 'ES256' as 'string' +When I set 'typ' to 'open4vci-proof+jwt' as 'string' + +When I move 'alg' in 'proof-header' +When I move 'typ' in 'proof-header' +When I move 'jwk' in 'proof-header' + +## end 2, + +# 3. create jws from proof-header and proof-payload and create proof + +When I create the 'string dictionary' named 'proof' + +When I create the jws signature of header 'proof-header' and payload 'proof-payload' +When I rename the 'jws signature' to 'jwt' + +When I move 'jwt' in 'proof' +When I set 'proof_type' to 'jwt' as 'string' +When I move 'proof_type' in 'proof' + +## end 3. +When I create the 'string dictionary' named 'headers' +When I append 'access_token' to 'Authorization' +and I move 'Authorization' in 'headers' + +When I create the 'string dictionary' named 'data' +and I move 'proof' in 'data' +and I move 'vct' in 'data' +and I move 'format' in 'data' + +Then print the 'data' +Then print the 'authorization_server_credential_endpoint' +Then print the 'headers' \ No newline at end of file diff --git a/wallet/holder_request_authorizationCode.data.json b/wallet/holder_request_authorizationCode.data.json index 93c9351..5801678 100644 --- a/wallet/holder_request_authorizationCode.data.json +++ b/wallet/holder_request_authorizationCode.data.json @@ -10,6 +10,7 @@ "par_endpoint": "/par", "token_endpoint": "/token", "grant_type": "authorization_code", + "credential_endpoint": "/credential", "jwt-body-params": { "response_type": "code", "code_challenge_method": "S256", @@ -17,6 +18,10 @@ "redirectUris": [ "https://didroom.com/" ] - } + }, + "format": "vc+sd-jwt", + "vct": "SD_JWT_VC_Auth1", + "Authorization": "BEARER " } -} \ No newline at end of file +} + diff --git a/wallet/holder_request_authorizationCode.keys.json b/wallet/holder_request_authorizationCode.keys.json index bf7c11b..535aeab 100644 --- a/wallet/holder_request_authorizationCode.keys.json +++ b/wallet/holder_request_authorizationCode.keys.json @@ -8,12 +8,18 @@ "code_path": "code", "data_path": "data", "code_verifier_path": "code_verifier", + "access_token_path": "access_token", + "c_nonce_path": "c_nonce", + "headers_path": "headers", "authorization_server_endpoint_par_path": "authorization_server_endpoint_par", "authorization_server_authorize_endpoint_path": "authorization_server_authorize_endpoint", "!authorization_server_token_endpoint_path": "!authorization_server_token_endpoint", + "authorization_server_credential_endpoint_path": "authorization_server_credential_endpoint", "r.code_path": "result.code", "r.request_uri_path": "result.request_uri", "r.expires_in_path": "result.expires_in", + "r.access_token": "result.access_token", + "r.c_nonce": "result.c_nonce", "zen_1_path": "wallet/1_holder_to_par_on_authz_server.zen", "zen_3_path": "wallet/3_holder_fetch_request_uri.zen", "zen_5_path": "wallet/5_holder_sends_authorizationCode_and_more_to_api_token.zen", @@ -31,5 +37,6 @@ "client_id": "did:dyne:sandbox.signroom:PTDvvQn1iWQiVxkfsDnUid8FbieKbHq46Qs8c9CZx67", "zen_1": "Scenario 'http' : create GET\nScenario 'w3c' : create JWS\n\nGiven I have a 'string dictionary' named '!external-qr-code-content'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'client_id'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'par_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'keyring'\n\n\n#- create Code Verifier (rng in url64) (used in step 7)\nWhen I create the random object of '256' bits\nWhen I write the string '' in 'code_verifier'\nWhen I append the 'url64' of 'random_object' to 'code_verifier'\n\n# - create Code Challenge (sha256 of Code Verifier printed in url64 ) (sent to /PAR)\nWhen I create the hash of 'code_verifier'\nWhen I write the string '' in 'code_challenge'\nWhen I append the 'url64' of 'hash' to 'code_challenge'\n\n# - create ClientSecret\nWhen I create the 'url64 dictionary' \nWhen I rename the 'url64 dictionary' to 'jws payload'\n\nWhen I copy 'code_challenge' in 'jws payload'\nWhen I create jws header for p256 signature\n\nWhen I create jws signature of header 'jws header' and payload 'jws payload'\nWhen I rename the 'jws signature' to 'clientSecret'\n\n\n# - pickup stuff from jwt-body\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I pickup from path 'jwt-body-params.response_type'\nWhen I pickup from path 'jwt-body-params.state'\nWhen I pickup from path 'jwt-body-params.code_challenge_method'\n\n# - fix redirectUris\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\n# - pickup stuff drom qrcode\nWhen I pickup from path '!external-qr-code-content.scope'\nWhen I pickup from path '!external-qr-code-content.resource'\n\n# - create par endpoint\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif\nWhen I append 'par_endpoint' to 'authorization_server' \nand I rename 'authorization_server' to 'authorization_server_endpoint_par'\n\n# - create par post body\nWhen I create the 'string dictionary' named 'data'\nand I move 'response_type' in 'data'\nand I move 'client_id' in 'data'\nand I move 'clientSecret' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_challenge' in 'data'\nand I move 'code_challenge_method' in 'data'\nand I move 'state' in 'data'\nand I move 'scope' in 'data'\nand I move 'resource' in 'data'\n\nthen print the 'authorization_server_endpoint_par'\nthen print the 'data'\n\n# this needs to saved into a state for later usage\n# code verifier will be sent authz server in a later stage\nthen print the 'code_verifier'\n", "zen_3": "Scenario 'http': url\n# keys\nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'request_uri'\nGiven I have a 'number' named 'expires_in'\nGiven I have a 'string dictionary' named 'oauth_flow_parameters'\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\nGiven I have a 'string' named 'authorize_endpoint' inside 'oauth_flow_parameters'\n# Given I have a 'string' named 'authorize_endpoint' inside '!external-qr-code-content'\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'authorize_endpoint' to 'authorization_server' \nWhen I rename the 'authorization_server' to 'authorization_server_authorize_endpoint'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'request_uri' in 'data'\nand I move 'client_id' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_authorize_endpoint'\n", - "zen_5": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'grant_type' inside 'oauth_flow_parameters'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'token_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\n\n\nGiven I have a 'string' named 'code_verifier'\nGiven I have a 'string' named 'code'\n\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\nWhen I create jwk of es256 public key \n\nWhen I create the random 'ramdom_jti'\nWhen I write the string '' in 'jti'\nWhen I append the 'url64' of 'ramdom_jti' to 'jti'\n\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'token_endpoint' to 'authorization_server' \nWhen I copy 'authorization_server' to '!authorization_server_token_endpoint'\nWhen I rename the 'authorization_server' to 'htu'\n\n# jti: randomBytes(16).toString('base64url'),\n# htm: 'POST',\n# htu: 'https://server.example.com/token',\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I set 'htm' to 'POST' as 'string'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'dpop+jwt' as 'string'\n\nWhen I create the 'string dictionary' named 'DPoP-payload'\nWhen I move 'iat' in 'DPoP-payload'\nWhen I move 'jti' in 'DPoP-payload'\nWhen I move 'htu' in 'DPoP-payload'\nWhen I move 'htm' in 'DPoP-payload'\n\nWhen I create the 'string dictionary' named 'DPoP-header'\nWhen I move 'alg' in 'DPoP-header'\nWhen I move 'typ' in 'DPoP-header'\nWhen I move 'jwk' in 'DPoP-header'\n\nWhen I create the jws signature of header 'DPoP-header' and payload 'DPoP-payload'\n\nWhen I rename the 'jws signature' to 'DPoP'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'DPoP' in 'data'\nand I move 'client_id' in 'data'\nand I move 'code' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_verifier' in 'data'\nand I move 'grant_type' in 'data'\n\nThen print the 'data'\nThen print the '!authorization_server_token_endpoint'\n" + "zen_5": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'grant_type' inside 'oauth_flow_parameters'\nGiven I have a 'string dictionary' named 'jwt-body-params' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'token_endpoint' inside 'oauth_flow_parameters'\n\nGiven I have a 'string' named 'authorization_server' inside '!external-qr-code-content'\n\n\nGiven I have a 'string' named 'code_verifier'\nGiven I have a 'string' named 'code'\n\nWhen I pickup from path 'jwt-body-params.redirectUris'\nWhen I create the copy of element '1' from array 'redirectUris'\nWhen I rename the 'copy' to 'redirect_uri'\n\nWhen I create jwk of es256 public key \n\nWhen I create the random 'ramdom_jti'\nWhen I write the string '' in 'jti'\nWhen I append the 'url64' of 'ramdom_jti' to 'jti'\n\n\n\nIf I verify 'authorization_server' has suffix '/'\nWhen I split the rightmost '1' bytes of 'authorization_server'\nEndif \n\nWhen I append 'token_endpoint' to 'authorization_server' \nWhen I copy 'authorization_server' to '!authorization_server_token_endpoint'\nWhen I rename the 'authorization_server' to 'htu'\n\n# jti: randomBytes(16).toString('base64url'),\n# htm: 'POST',\n# htu: 'https://server.example.com/token',\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I set 'htm' to 'POST' as 'string'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'dpop+jwt' as 'string'\n\nWhen I create the 'string dictionary' named 'DPoP-payload'\nWhen I move 'iat' in 'DPoP-payload'\nWhen I move 'jti' in 'DPoP-payload'\nWhen I move 'htu' in 'DPoP-payload'\nWhen I move 'htm' in 'DPoP-payload'\n\nWhen I create the 'string dictionary' named 'DPoP-header'\nWhen I move 'alg' in 'DPoP-header'\nWhen I move 'typ' in 'DPoP-header'\nWhen I move 'jwk' in 'DPoP-header'\n\nWhen I create the jws signature of header 'DPoP-header' and payload 'DPoP-payload'\n\nWhen I rename the 'jws signature' to 'DPoP'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'DPoP' in 'data'\nand I move 'client_id' in 'data'\nand I move 'code' in 'data'\nand I move 'redirect_uri' in 'data'\nand I move 'code_verifier' in 'data'\nand I move 'grant_type' in 'data'\n\nThen print the 'data'\nThen print the '!authorization_server_token_endpoint'\n", + "zen_7": "scenario 'w3c': DPoP\n\n# keys\nGiven I have a 'keyring' \nGiven I have a 'string' named 'client_id'\n\n# data\nGiven I have a 'string' named 'format' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'vct' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'Authorization' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'credential_endpoint' inside 'oauth_flow_parameters'\nGiven I have a 'string' named 'resource' inside '!external-qr-code-content'\n\nGiven I have a 'string' named 'access_token'\nGiven I have a 'string' named 'c_nonce'\n\n\nWhen I create jwk of es256 public key \n\nWhen I copy 'resource' to 'aud'\n\nIf I verify 'resource' has suffix '/'\nWhen I split the rightmost '1' bytes of 'resource'\nEndif \nWhen I append 'credential_endpoint' to 'resource'\nand I rename 'resource' to 'authorization_server_credential_endpoint'\n\n## 1. Create proof-payload\n\nWhen I create the 'string dictionary' named 'proof-payload'\n\nWhen I create the timestamp\nWhen I rename the 'timestamp' to 'iat'\n\nWhen I move 'iat' in 'proof-payload'\n\nWhen I rename the 'client_id' to 'iss'\nWhen I move 'iss' in 'proof-payload'\nWhen I move 'aud' in 'proof-payload'\n\nWhen I rename the 'c_nonce' to 'nonce'\nWhen I move 'nonce' in 'proof-payload'\n\n## end 1.\n\n## 2. create proof-header\n\nWhen I create the 'string dictionary' named 'proof-header'\nWhen I set 'alg' to 'ES256' as 'string'\nWhen I set 'typ' to 'open4vci-proof+jwt' as 'string'\n\nWhen I move 'alg' in 'proof-header'\nWhen I move 'typ' in 'proof-header'\nWhen I move 'jwk' in 'proof-header'\n\n## end 2, \n\n# 3. create jws from proof-header and proof-payload and create proof\n\nWhen I create the 'string dictionary' named 'proof'\n\nWhen I create the jws signature of header 'proof-header' and payload 'proof-payload'\nWhen I rename the 'jws signature' to 'jwt'\n\nWhen I move 'jwt' in 'proof'\nWhen I set 'proof_type' to 'jwt' as 'string'\nWhen I move 'proof_type' in 'proof'\n\n## end 3.\nWhen I create the 'string dictionary' named 'headers'\nWhen I append 'access_token' to 'Authorization'\nand I move 'Authorization' in 'headers'\n\nWhen I create the 'string dictionary' named 'data'\nand I move 'proof' in 'data'\nand I move 'vct' in 'data'\nand I move 'format' in 'data'\n\nThen print the 'data'\nThen print the 'authorization_server_credential_endpoint'\nThen print the 'headers'\n" } \ No newline at end of file diff --git a/wallet/holder_request_authorizationCode.zen b/wallet/holder_request_authorizationCode.zen index 524dfde..1da73b4 100644 --- a/wallet/holder_request_authorizationCode.zen +++ b/wallet/holder_request_authorizationCode.zen @@ -57,8 +57,29 @@ Given I send object 'zen_5_output' and send path 'data_path' and manipulate and Given I send object 'zen_5_output' and send path '!authorization_server_token_endpoint_path' and manipulate and get and output into '!authorization_server_token_endpoint' # execute post 5 -Given I connect to '!authorization_server_token_endpoint' and send object 'post_5' and do post and output into '!authorization_server_token_endpoint_path_response' +Given I connect to '!authorization_server_token_endpoint' and send object 'post_5' and do post and output into '!authorization_server_token_endpoint_response' + +# add results to data +Given I send object '!authorization_server_token_endpoint_response' and send path 'r.access_token' and manipulate and get and output into 'access_token' +Given I send object '!authorization_server_token_endpoint_response' and send path 'r.c_nonce' and manipulate and get and output into 'c_nonce' +Given I send object 'data' and send path 'access_token_path' and send value 'access_token' and manipulate and set and output into 'data' +Given I send object 'data' and send path 'c_nonce_path' and send value 'c_nonce' and manipulate and set and output into 'data' + +####### +# execute zen_7 +####### +# Given I send path 'zen_7_path' and read verbatim file content and output into 'zen_7' +Given I send keys 'keys' and send data 'data' and send script 'zen_7' and execute zencode and output into 'zen_7_output' + +# extract post parameters +Given I send object 'zen_7_output' and send path 'data_path' and manipulate and get and output into 'post_7' +Given I send object 'zen_7_output' and send path 'authorization_server_credential_endpoint_path' and manipulate and get and output into 'authorization_server_credential_endpoint' +Given I send object 'zen_7_output' and send path 'headers_path' and manipulate and get and output into 'headers' + +# set header to authorization +# execute post 7 +Given I connect to 'authorization_server_credential_endpoint' and send object 'post_7' and send headers 'headers' and do post and output into 'authorization_server_credential_endpoint_response' # read accessToken_jwt -Given I have a 'string dictionary' in path '!authorization_server_token_endpoint_path_response.result' +Given I have a 'string dictionary' in path 'authorization_server_credential_endpoint_response.result' Then print the data