-
Notifications
You must be signed in to change notification settings - Fork 384
/
client.go
139 lines (111 loc) · 3.81 KB
/
client.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
package bertyvcissuer
import (
"context"
"crypto"
crand "crypto/rand"
"encoding/base64"
"encoding/json"
"fmt"
"io"
"net/http"
"net/url"
"time"
"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
"github.com/piprate/json-gold/ld"
"berty.tech/berty/v2/go/pkg/errcode"
"berty.tech/berty/v2/go/pkg/verifiablecredstypes"
)
const DefaultRedirectURI = "berty://vc"
type Client struct {
serverRoot string
redirectURI string
httpClient *http.Client
state string
bertyURL string
}
func NewClient(serverRoot string) *Client {
return &Client{
serverRoot: serverRoot,
redirectURI: DefaultRedirectURI,
httpClient: http.DefaultClient,
}
}
func (c *Client) Init(ctx context.Context, bertyURL string, accountPriv crypto.Signer) (string, error) {
c.state = base64.RawURLEncoding.EncodeToString([]byte(time.Now().String()))
c.bertyURL = bertyURL
req, err := http.NewRequestWithContext(ctx, http.MethodGet, fmt.Sprintf("%s/%s?%s=%s&%s=%s&%s=%s", c.serverRoot, PathChallenge, ParamBertyID, url.QueryEscape(bertyURL), ParamRedirectURI, url.QueryEscape(c.redirectURI), ParamState, url.QueryEscape(c.state)), nil)
if err != nil {
return "", errcode.ErrInternal.Wrap(err)
}
res, err := c.httpClient.Do(req)
if err != nil {
return "", errcode.ErrStreamRead.Wrap(err)
}
resBytes, err := io.ReadAll(res.Body)
if err != nil {
return "", errcode.ErrStreamRead.Wrap(err)
}
_ = res.Body.Close()
if res.StatusCode != http.StatusOK {
return "", errcode.ErrInternal.Wrap(fmt.Errorf(string(resBytes)))
}
challengeStruct := &verifiablecredstypes.AccountCryptoChallenge{}
err = json.Unmarshal(resBytes, challengeStruct)
if err != nil {
return "", errcode.ErrDeserialization.Wrap(err)
}
challenge, err := base64.URLEncoding.DecodeString(challengeStruct.Challenge)
if err != nil {
return "", errcode.ErrDeserialization.Wrap(err)
}
challengeSig, err := accountPriv.Sign(crand.Reader, challenge, crypto.Hash(0))
if err != nil {
return "", errcode.ErrCryptoSignature.Wrap(err)
}
return fmt.Sprintf("%s/%s?&%s=%s&%s=%s", c.serverRoot, PathAuthenticate, ParamChallenge, challengeStruct.Challenge, ParamChallengeSig, base64.URLEncoding.EncodeToString(challengeSig)), nil
}
func (c *Client) Complete(uri string) (string, string, error) {
parsedURI, err := url.Parse(uri)
if err != nil {
return "", "", errcode.ErrInvalidInput.Wrap(err)
}
if parsedURI.Query().Get(ParamState) != c.state {
return "", "", errcode.ErrInvalidInput.Wrap(fmt.Errorf("unexpected state value"))
}
credentialsStr := parsedURI.Query().Get(ParamCredentials)
if len(credentialsStr) == 0 {
return "", "", errcode.ErrInvalidInput.Wrap(fmt.Errorf("missing credentials value"))
}
credentials, err := base64.StdEncoding.DecodeString(credentialsStr)
if err != nil {
return "", "", errcode.ErrDeserialization.Wrap(err)
}
parsedCredential, err := verifiable.ParseCredential(
credentials,
verifiable.WithPublicKeyFetcher(EmbeddedPublicKeyFetcher),
verifiable.WithJSONLDDocumentLoader(ld.NewDefaultDocumentLoader(http.DefaultClient)),
)
if err != nil {
return "", "", errcode.ErrDeserialization.Wrap(err)
}
if c.bertyURL != parsedCredential.ID {
return "", "", errcode.ErrInvalidInput.Wrap(fmt.Errorf("credential is not delivered for the current berty url (%s != %s)", c.bertyURL, parsedCredential.ID))
}
identifier, err := extractSubjectFromVC(parsedCredential)
if err != nil {
return "", "", errcode.ErrInvalidInput.Wrap(err)
}
return string(credentials), identifier, nil
}
func extractSubjectFromVC(credential *verifiable.Credential) (string, error) {
if credential.Subject == nil {
return "", errcode.ErrNotFound
}
if subjectList, ok := credential.Subject.([]verifiable.Subject); ok {
if len(subjectList) == 0 {
return "", errcode.ErrNotFound
}
return subjectList[0].ID, nil
}
return "", errcode.ErrNotFound
}