Skip to content

Support newer EUDIPLO version #951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Magnus-Kuhn wants to merge 6 commits into
base: release/openid4vc
Choose a base branch
from
+251 −104
Draft

Support newer EUDIPLO version #951

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ca7c54a
test: update eudiplo
Magnus-Kuhn Feb 4, 2026
13d25e5
test: try another tenant
Magnus-Kuhn Feb 4, 2026
1219fca
fix: allow AES128GCM
Magnus-Kuhn Feb 4, 2026
0feb6b0
test: fix eudiplo tests
Magnus-Kuhn Feb 5, 2026
03e8498
Merge branch 'release/openid4vc' into update-eudiplo
mergify[bot] Feb 5, 2026
c43ccf5
Merge branch 'release/openid4vc' into update-eudiplo
mergify[bot] Feb 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .dev/compose.openid4vc.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ services:

connector:
image: ghcr.io/nmshd/connector:7.3.0-openid4vc.1@sha256:4be31417d10d67454d7732949601a2136417fefc78107e3751eccea7946a7aca
ports:
- "8080:80"
environment:
CUSTOM_CONFIG_LOCATION: "/config.json"
transportLibrary__baseUrl: "http://consumer-api:8080"
Expand Down
5 changes: 5 additions & 0 deletions .dev/service-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,5 +19,10 @@
},
"cors": {
"origin": "*"
},
"eudiplo": {
"baseUrl": "http://127.0.0.1:3000",
"user": "test-admin",
"password": "57c9cd444bf402b2cc1f5a0d2dafd3955bd9042c0372db17a4ede2d5fbda88e5"
}
}
52 changes: 52 additions & 0 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 6 additions & 3 deletions packages/consumption/src/modules/openid4vc/local/EnmeshedHolderKeyManagmentService.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
if (operation.operation === "deleteKey") {
return true;
}
if (operation.operation === "encrypt") {
if (operation.operation === "encrypt" && ["A128GCM", "A256GCM"].includes(operation.encryption.algorithm)) {
return true;
}
return false;
Expand Down Expand Up @@ -342,7 +342,7 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic

public async encrypt(agentContext: AgentContext, options: Kms.KmsEncryptOptions): Promise<Kms.KmsEncryptReturn> {
try {
// encryption via A-256-GCM
// encryption via A-128-GCM/A-256-GCM
// we will call the services side bob and the incoming side alice
if (options.key.keyAgreement === undefined) {
throw new Error("Key agreement is undefined");
Expand All @@ -351,11 +351,14 @@ export class EnmshedHolderKeyManagmentService implements Kms.KeyManagementServic
throw new Error("Key agreement keyId is undefined");
}

const algorithm = options.encryption.algorithm;
const keyLength = options.encryption.algorithm === "A128GCM" ? 128 : 256;

// 1. derive the shared secret via ECDH-ES
const sharedSecret = await this.ecdhEs(options.key.keyAgreement.keyId, options.key.keyAgreement.externalPublicJwk);
agentContext.config.logger.debug(`EKM: Derived shared secret for encryption using ECDH-ES`);
// 2. Concat KDF to form the final key
const derivedKey = this.concatKdf(sharedSecret, 256, "A256GCM", options.key.keyAgreement);
const derivedKey = this.concatKdf(sharedSecret, keyLength, algorithm, options.key.keyAgreement);
// 3. Encrypt the data via AES-256-GCM using libsodium

// create nonce
Expand Down
5 changes: 4 additions & 1 deletion ...itemProcessors/shareAuthorizationRequest/ShareAuthorizationRequestRequestItemProcessor.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,10 @@ export class ShareAuthorizationRequestRequestItemProcessor extends GenericReques
const attribute = (await this.consumptionController.attributes.getLocalAttribute(parsedParams.attributeId)) as OwnIdentityAttribute | undefined;
if (!attribute) throw TransportCoreErrors.general.recordNotFound(LocalAttribute, parsedParams.attributeId.toString());

await this.consumptionController.openId4Vc.acceptAuthorizationRequest(resolvedAuthorizationRequest.authorizationRequest, attribute);
const acceptResult = await this.consumptionController.openId4Vc.acceptAuthorizationRequest(resolvedAuthorizationRequest.authorizationRequest, attribute);
if (acceptResult.status !== 200) {
throw ConsumptionCoreErrors.requests.invalidAcceptParameters("The presentation was not successful. Try again later or select a different credential.");
}

return AcceptResponseItem.from({ result: ResponseItemResult.Accepted });
}
Expand Down
1 change: 1 addition & 0 deletions packages/runtime/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@
"@js-soft/docdb-access-loki": "1.4.0",
"@js-soft/docdb-access-mongo": "1.4.0",
"@js-soft/node-logger": "1.2.1",
"@nmshd/connector-sdk": "^7.3.0",
"@types/elliptic": "^6.4.18",
"@types/json-stringify-safe": "^5.0.3",
"@types/lodash": "^4.17.23",
Expand Down
Loading
Loading