impierce · nanderstabel · Jun 26, 2024 · Jun 27, 2024 · Jun 27, 2024 · Jun 27, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/identity-wallet/Cargo.toml b/identity-wallet/Cargo.toml
@@ -19,6 +19,7 @@ identity_credential = { version = "1.3.0", default-features = false, features =
 ] }
 identity_eddsa_verifier = { version = "1.3.0" }
 identity_iota = { version = "1.3.0" }
+identity_jose = { version = "1.3.0" }
 iota_stronghold = { version = "=2.1.0" }
 stronghold_engine = "=2.0.0"
 anyhow = "1.0"
@@ -36,6 +37,7 @@ reqwest = { version = "0.11", default-features = false, features = [
     "rustls-tls",
 ] }
 serde = { version = "1.0", features = ["derive"] }
+serde_with = "3.8"
 sha256 = "1.4"
 strum = { version = "0.25", features = ["derive"] }
 thiserror = "1.0"

diff --git a/identity-wallet/bindings/user_prompt/CurrentUserPrompt.ts b/identity-wallet/bindings/user_prompt/CurrentUserPrompt.ts
@@ -1,4 +1,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ValidationResult } from "./ValidationResult";
 
-export type CurrentUserPrompt = { "type": "redirect", target: string, } | { "type": "password-required" } | { "type": "accept-connection", client_name: string, logo_uri?: string, redirect_uri: string, previously_connected: boolean, domain_validation: ValidationResult, } | { "type": "credential-offer", issuer_name: string, logo_uri?: string, credential_configurations: Record<string, any>, } | { "type": "share-credentials", client_name: string, logo_uri?: string, options: Array<string>, };
+export type CurrentUserPrompt = { "type": "redirect", target: string, } | { "type": "password-required" } | { "type": "accept-connection", client_name: string, logo_uri?: string, redirect_uri: string, previously_connected: boolean, domain_validation: ValidationResult, thuiswinkel_validation: ValidationResult, } | { "type": "credential-offer", issuer_name: string, logo_uri?: string, credential_configurations: Record<string, any>, } | { "type": "share-credentials", client_name: string, logo_uri?: string, options: Array<string>, };
diff --git a/identity-wallet/bindings/user_prompt/ValidationResult.ts b/identity-wallet/bindings/user_prompt/ValidationResult.ts
@@ -1,4 +1,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ValidationStatus } from "./ValidationStatus";
 
-export interface ValidationResult { status: ValidationStatus, message: string | null, }
+export interface ValidationResult { status: ValidationStatus, name?: string, logo_uri?: string, issuance_date?: string, message?: string, }
diff --git a/identity-wallet/src/state/did/mod.rs b/identity-wallet/src/state/did/mod.rs
@@ -1,3 +1,6 @@
 pub mod actions;
 pub mod reducers;
 pub mod validate_domain_linkage;
+// TODO(proj-e-commerce): This needs to be properly implemented. For now it just demonstrates how the Thuiswinkel
+// Waarborg would work in UniMe.
+pub mod validate_thuiswinkel_waarborg;
diff --git a/identity-wallet/src/state/did/validate_domain_linkage.rs b/identity-wallet/src/state/did/validate_domain_linkage.rs
@@ -4,12 +4,18 @@ use identity_eddsa_verifier::EdDSAJwsVerifier;
 use identity_iota::{core::FromJson, credential::JwtCredentialValidationOptions};
 use log::info;
 use serde::{Deserialize, Serialize};
+use serde_with::skip_serializing_none;
 use ts_rs::TS;
 
+#[skip_serializing_none]
 #[derive(Clone, Serialize, Deserialize, Debug, PartialEq, TS, Default)]
 #[ts(export, export_to = "bindings/user_prompt/ValidationResult.ts")]
 pub struct ValidationResult {
     pub(crate) status: ValidationStatus,
+    pub(crate) name: Option<String>,
+    #[ts(type = "string", optional)]
+    pub(crate) logo_uri: Option<url::Url>,
+    pub(crate) issuance_date: Option<String>,
     pub(crate) message: Option<String>,
 }
 
@@ -32,6 +38,7 @@ pub async fn validate_domain_linkage(url: url::Url, did: &str) -> ValidationResu
             return ValidationResult {
                 status: ValidationStatus::Unknown,
                 message: Some(e.to_string()),
+                ..Default::default()
             };
         }
     };
@@ -47,6 +54,7 @@ pub async fn validate_domain_linkage(url: url::Url, did: &str) -> ValidationResu
             return ValidationResult {
                 status: ValidationStatus::Unknown,
                 message: Some(e.to_string()),
+                ..Default::default()
             };
         }
     };
@@ -63,12 +71,13 @@ pub async fn validate_domain_linkage(url: url::Url, did: &str) -> ValidationResu
     if res.is_ok() {
         ValidationResult {
             status: ValidationStatus::Success,
-            message: None,
+            ..Default::default()
         }
     } else {
         ValidationResult {
             status: ValidationStatus::Failure,
             message: res.err().map(|e| e.to_string()),
+            ..Default::default()
         }
     }
 }
@@ -175,6 +184,7 @@ mod tests {
             ValidationResult {
                 status: ValidationStatus::Unknown,
                 message: Some("failed to decode JSON".to_string()),
+                ..Default::default()
             }
         );
     }
@@ -234,7 +244,8 @@ mod tests {
             result,
             ValidationResult {
                 status: ValidationStatus::Failure,
-                message: Some("invalid issuer DID".to_string())
+                message: Some("invalid issuer DID".to_string()),
+                ..Default::default()
             }
         );
     }
@@ -267,7 +278,8 @@ mod tests {
             result,
             ValidationResult {
                 status: ValidationStatus::Failure,
-                message: Some("invalid issuer DID".to_string())
+                message: Some("invalid issuer DID".to_string()),
+                ..Default::default()
             }
         );
     }

diff --git a/identity-wallet/src/state/did/validate_thuiswinkel_waarborg.rs b/identity-wallet/src/state/did/validate_thuiswinkel_waarborg.rs
@@ -0,0 +1,156 @@
+use std::str::FromStr;
+
+use crate::{
+    persistence::{download_asset, hash},
+    state::{
+        core_utils::helpers::get_unverified_jwt_claims,
+        did::validate_domain_linkage::{ValidationResult, ValidationStatus},
+    },
+};
+use did_manager::Resolver;
+use identity_iota::core::ToJson;
+use log::info;
+use serde_json::Value;
+
+pub async fn validate_thuiswinkel_waarborg(did: &str) -> ValidationResult {
+    let resolver = Resolver::new().await;
+
+    info!("Validating Thuiswinkel Waarborg");
+    info!("DID: {}", did);
+
+    // Resolve the Document from the DID.
+    let document = match resolver.resolve(did).await {
+        Ok(document) => document,
+        Err(e) => {
+            return ValidationResult {
+                status: ValidationStatus::Unknown,
+                message: Some(e.to_string()),
+                ..Default::default()
+            };
+        }
+    };
+
+    info!("Document: {:?}", document);
+
+    // Extract the URL of the Linked Verifiable Presentation from the Docoment.
+    let linked_verifiable_presentation_url = match document
+        .service()
+        .iter()
+        .find_map(|service| {
+            service
+                .type_()
+                .contains("LinkedVerifiablePresentation")
+                .then(|| service.service_endpoint())
+        })
+        .and_then(|service_endpoint| service_endpoint.to_json_value().ok())
+        .and_then(|service_endpoint| service_endpoint.get("origins").cloned())
+        .and_then(|origins| {
+            origins.as_array().and_then(|origins| {
+                origins
+                    .first()
+                    .and_then(|origin| origin.as_str().map(url::Url::from_str))
+            })
+        }) {
+        Some(Ok(linked_verifiable_presentation_url)) => linked_verifiable_presentation_url,
+        _ => {
+            return ValidationResult {
+                status: ValidationStatus::Unknown,
+                ..Default::default()
+            }
+        }
+    };
+
+    info!(
+        "Linked Verifiable Presentation URL: {}",
+        linked_verifiable_presentation_url
+    );
+
+    // Fetch the actual Linked Verifiable Presentation from the service endpoint.
+    let linked_verifiable_presentation_result =
+        fetch_linked_verifiable_presentation(linked_verifiable_presentation_url).await;
+
+    let linked_verifiable_presentation = match linked_verifiable_presentation_result {
+        Ok(linked_verifiable_presentation) => linked_verifiable_presentation,
+        Err(e) => {
+            return ValidationResult {
+                status: ValidationStatus::Unknown,
+                message: Some(e),
+                ..Default::default()
+            }
+        }
+    };
+
+    info!("Linked Verifiable Presentation: {}", linked_verifiable_presentation);
+
+    // Extract the `name` and `thuiswinkel_waarborg_image` from the Linked Verifiable Presentation to be displayed in
+    // the frontend.
+    let (name, thuiswinkel_waarborg_image, issuance_date) =
+        match get_unverified_jwt_claims(&serde_json::json!(linked_verifiable_presentation))
+            .get("vp")
+            .and_then(|vp| {
+                vp.get("verifiableCredential")
+                    .and_then(|verifiable_credentials| verifiable_credentials.as_array())
+            })
+            .and_then(|verifiable_credential| verifiable_credential.first().cloned())
+            .map(|verifiable_credential| get_unverified_jwt_claims(&verifiable_credential))
+            .and_then(|verifiable_credential| {
+                verifiable_credential.get("vc").and_then(|vc| {
+                    vc.get("credentialSubject").map(|credential_subject| {
+                        (
+                            credential_subject
+                                .get("name")
+                                .and_then(Value::as_str)
+                                .map(ToString::to_string),
+                            credential_subject
+                                .get("thuiswinkel_waarborg_image")
+                                .and_then(Value::as_str)
+                                .map(url::Url::parse),
+                            vc.get("issuanceDate").and_then(Value::as_str).map(ToString::to_string),
+                        )
+                    })
+                })
+            }) {
+            Some(display_properties) => {
+                if let Some(Ok(thuiswinkel_waarborg_image)) = display_properties.1 {
+                    let _ = download_asset(
+                        thuiswinkel_waarborg_image.clone(),
+                        &hash(thuiswinkel_waarborg_image.as_str()),
+                    )
+                    .await;
+                    (
+                        display_properties.0,
+                        Some(thuiswinkel_waarborg_image),
+                        display_properties.2,
+                    )
+                } else {
+                    (display_properties.0, None, display_properties.2)
+                }
+            }
+            None => {
+                return ValidationResult {
+                    status: ValidationStatus::Unknown,
+                    ..Default::default()
+                }
+            }
+        };
+
+    info!("Thuiswinkel Waarborg Name: {:?}", name);
+    info!("Thuiswinkel Waarborg Image: {:?}", thuiswinkel_waarborg_image);
+    info!("Thuiswinkel Waarborg Issuance Date: {:?}", issuance_date);
+
+    ValidationResult {
+        status: ValidationStatus::Success,
+        name,
+        logo_uri: thuiswinkel_waarborg_image,
+        issuance_date,
+        ..Default::default()
+    }
+}
+
+async fn fetch_linked_verifiable_presentation(url: url::Url) -> Result<String, String> {
+    // 1. Fetch the resource
+    let response = reqwest::get(url).await.map_err(|e| e.to_string())?;
+
+    // 2. Return the Linked Verifiable Presentation (as Jwt)
+    response.text().await.map_err(|e| e.to_string())
+}
diff --git a/identity-wallet/src/state/qr_code/reducers/read_authorization_request.rs b/identity-wallet/src/state/qr_code/reducers/read_authorization_request.rs
@@ -6,7 +6,10 @@ use crate::{
         connections::reducers::handle_siopv2_authorization_request::get_siopv2_client_name_and_logo_uri,
         core_utils::{helpers::get_unverified_jwt_claims, ConnectionRequest, CoreUtils},
         credentials::reducers::handle_oid4vp_authorization_request::get_oid4vp_client_name_and_logo_uri,
-        did::validate_domain_linkage::validate_domain_linkage,
+        did::{
+            validate_domain_linkage::validate_domain_linkage,
+            validate_thuiswinkel_waarborg::validate_thuiswinkel_waarborg,
+        },
         qr_code::actions::qrcode_scanned::QrCodeScanned,
         user_prompt::CurrentUserPrompt,
         AppState,
@@ -77,7 +80,10 @@ pub async fn read_authorization_request(state: AppState, action: Action) -> Resu
 
             let did = siopv2_authorization_request.body.client_id.as_str();
 
-            let domain_validation = validate_domain_linkage(url, did).await;
+            let domain_validation = Box::new(validate_domain_linkage(url, did).await);
+            // TODO(proj-e-commerce): This needs to be properly implemented. For now it just demonstrates how the Thuiswinkel
+            // Waarborg would work in UniMe.
+            let thuiswinkel_validation = Box::new(validate_thuiswinkel_waarborg(did).await);
 
             drop(state_guard);
 
@@ -92,6 +98,7 @@ pub async fn read_authorization_request(state: AppState, action: Action) -> Resu
                     redirect_uri,
                     previously_connected,
                     domain_validation,
+                    thuiswinkel_validation,
                 }),
                 ..state
             });

diff --git a/identity-wallet/src/state/user_prompt.rs b/identity-wallet/src/state/user_prompt.rs
@@ -28,7 +28,8 @@ pub enum CurrentUserPrompt {
         logo_uri: Option<String>,
         redirect_uri: String,
         previously_connected: bool,
-        domain_validation: ValidationResult,
+        domain_validation: Box<ValidationResult>,
+        thuiswinkel_validation: Box<ValidationResult>,
     },
     #[serde(rename = "credential-offer")]
     CredentialOffer {
@@ -72,10 +73,11 @@ mod tests {
             redirect_uri: "https://example.com".to_string(),
             previously_connected: false,
             domain_validation: Default::default(),
+            thuiswinkel_validation: Default::default(),
         };
         assert_eq!(
             serde_json::to_string(&prompt).unwrap(),
-            r#"{"type":"accept-connection","client_name":"Test Client","logo_uri":null,"redirect_uri":"https://example.com","previously_connected":false,"domain_validation":{"status":"Unknown","message":null}}"#
+            r#"{"type":"accept-connection","client_name":"Test Client","logo_uri":null,"redirect_uri":"https://example.com","previously_connected":false,"domain_validation":{"status":"Unknown"},"thuiswinkel_validation":{"status":"Unknown"}}"#
         );
     }
 }
diff --git a/unime/src-tauri/tauri.conf.json b/unime/src-tauri/tauri.conf.json
@@ -27,7 +27,7 @@
   "build": {
     "beforeDevCommand": "npm run dev",
     "beforeBuildCommand": "npm run build",
-    "devUrl": "http://localhost:5173",
+    "devUrl": "http://localhost:4173",
     "frontendDist": "../build"
   },
   "bundle": {

diff --git a/unime/src-tauri/tests/fixtures/states/accept_connection.json b/unime/src-tauri/tests/fixtures/states/accept_connection.json
@@ -15,6 +15,9 @@
     "domain_validation": {
       "status": "Unknown",
       "message": "error decoding response body: expected value at line 1 column 1"
+    },
+    "thuiswinkel_validation": {
+      "status": "Unknown"
     }
   }
 }
diff --git a/unime/src/i18n/de-DE/index.ts b/unime/src/i18n/de-DE/index.ts
@@ -289,7 +289,7 @@ const de = {
     },
   },
   DOMAIN_LINKAGE: {
-    TITLE: 'Verifiziert',
+    TITLE: 'Verifizierte Website',
     SUCCESS: 'UniMe konnte die Identität erfolgreich verifizieren, um dir einen sicheren Login zu ermöglichen.',
     FAILURE: 'UniMe konnte die Verknüpfung der Identität mit der Domain nicht überprüfen.',
     UNKNOWN: 'UniMe konnte keinen Nachweis über die verbundene Identität der Domain finden.',

diff --git a/unime/src/i18n/en/index.ts b/unime/src/i18n/en/index.ts
@@ -288,7 +288,7 @@ const en = {
     },
   },
   DOMAIN_LINKAGE: {
-    TITLE: 'Verified',
+    TITLE: 'Verified website',
     SUCCESS: 'UniMe successfully verified the identity to provide you with a secure login.',
     FAILURE: 'UniMe could not verify the linkage of the identity to the domain.',
     UNKNOWN: "UniMe could not find any proof of the domain's associated identity.",

diff --git a/unime/src/i18n/nl-NL/index.ts b/unime/src/i18n/nl-NL/index.ts
@@ -288,7 +288,7 @@ const nl = {
     },
   },
   DOMAIN_LINKAGE: {
-    TITLE: 'Geverifieerd',
+    TITLE: 'Geverifieerde website',
     SUCCESS: 'UniMe heeft de identiteit met succes geverifieerd om u een veilige login te geven.',
     FAILURE: 'UniMe kon de koppeling van de identiteit aan het domein niet verifiëren.',
     UNKNOWN: 'UniMe kon geen bewijs vinden van de bijbehorende identiteit van het domein.',