include patches in package

Signed-off-by: Berend Sliedrecht <[email protected]>

agent/Dockerfile

@@ -11,6 +11,8 @@ WORKDIR /app
 FROM base AS prod-deps
 COPY tsconfig.json /app/tsconfig.json
 
+COPY patches patches
+
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --prod
 
 FROM base AS build
@@ -26,4 +28,4 @@ COPY --from=prod-deps /app/node_modules /app/node_modules
 COPY --from=build /app/dist /app/dist
 
 EXPOSE 3000
-CMD [ "pnpm", "start" ]
+CMD [ "pnpm", "start" ]

agent/package.json

@@ -22,5 +22,11 @@
     "build": "tsc -p tsconfig.json",
     "start": "node dist/server.js",
     "dev": "tsx watch -r dotenv/config src/server.ts dotenv_config_path=.env.development"
+  },
+  "pnpm": {
+    "patchedDependencies": {
+      "@sphereon/[email protected]": "patches/@[email protected]",
+      "@credo-ts/[email protected]": "patches/@[email protected]"
+    }
   }
 }

agent/patches/@credo-ts__openid4vc@0.5.10-alpha-20240801095850.patch

@@ -0,0 +1,48 @@
+diff --git a/build/shared/utils.js b/build/shared/utils.js
+index 36037ab98cf59f64b56d107aef9b2eb02b491c60..7eccc2ab99d396366299138df8d99376ca35696c 100644
+--- a/build/shared/utils.js
++++ b/build/shared/utils.js
+@@ -64,9 +64,10 @@ function getCreateJwtCallback(agentContext) {
+             return jws;
+         }
+         else if (jwtIssuer.method === 'jwk') {
+-            const key = (0, core_1.getJwkFromJson)(jwtIssuer.jwk).key;
++            const jwk = core_1.getJwkFromJson(jwtIssuer.jwk);
++            const key = jwk.key;
+             const jws = await jwsService.createJwsCompact(agentContext, {
+-                protectedHeaderOptions: jwt.header,
++                protectedHeaderOptions: Object.assign(jwt.header, { jwk, alg: jwtIssuer.alg }),
+                 payload: core_1.JwtPayload.fromJson(jwt.payload),
+                 key,
+             });
+@@ -75,7 +76,7 @@ function getCreateJwtCallback(agentContext) {
+         else if (jwtIssuer.method === 'x5c') {
+             const key = core_1.X509Service.getLeafCertificate(agentContext, { certificateChain: jwtIssuer.x5c }).publicKey;
+             const jws = await jwsService.createJwsCompact(agentContext, {
+-                protectedHeaderOptions: jwt.header,
++                protectedHeaderOptions: Object.assign(jwt.header, { jwk: undefined, alg: jwtIssuer.alg }),
+                 payload: core_1.JwtPayload.fromJson(jwt.payload),
+                 key,
+             });
+@@ -102,17 +103,19 @@ async function openIdTokenIssuerToJwtIssuer(agentContext, openId4VcTokenIssuer)
+         const leafCertificate = core_1.X509Service.getLeafCertificate(agentContext, {
+             certificateChain: openId4VcTokenIssuer.x5c,
+         });
++        const jwk = (0, core_1.getJwkFromKey)(leafCertificate.publicKey);
++        const alg = jwk.supportedSignatureAlgorithms[0]
+         if (!issuer.startsWith('https://')) {
+             throw new core_1.CredoError('The X509 certificate issuer must be a HTTPS URI.');
+         }
+         if ((_b = leafCertificate.sanUriNames) === null || _b === void 0 ? void 0 : _b.includes(issuer)) {
+-            return Object.assign(Object.assign({}, openId4VcTokenIssuer), { clientIdScheme: 'x509_san_uri' });
++            return Object.assign(Object.assign({}, openId4VcTokenIssuer), { clientIdScheme: 'x509_san_uri', alg });
+         }
+         else {
+             if (!((_c = leafCertificate.sanDnsNames) === null || _c === void 0 ? void 0 : _c.includes((0, core_1.getDomainFromUrl)(issuer)))) {
+                 throw new Error(`The 'iss' claim in the payload does not match a 'SAN-URI' or 'SAN-DNS' name in the x5c certificate.`);
+             }
+-            return Object.assign(Object.assign({}, openId4VcTokenIssuer), { clientIdScheme: 'x509_san_dns' });
++            return Object.assign(Object.assign({}, openId4VcTokenIssuer), { clientIdScheme: 'x509_san_dns', alg });
+         }
+     }
+     return openId4VcTokenIssuer;

agent/patches/@sphereon__did-auth-siop@0.15.1-next.4.patch

@@ -0,0 +1,25 @@
+diff --git a/dist/request-object/RequestObject.js b/dist/request-object/RequestObject.js
+index dc3a12be88d9ecf399433b42cbc93b46bccfef0d..359f45a7c4fc49fce2a8b67f2b9f596a1440b79c 100644
+--- a/dist/request-object/RequestObject.js
++++ b/dist/request-object/RequestObject.js
+@@ -92,7 +92,6 @@ class RequestObject {
+                 else if (jwtIssuer.method === 'x5c') {
+                     this.payload.iss = jwtIssuer.issuer;
+                     this.payload.client_id = jwtIssuer.issuer;
+-                    this.payload.redirect_uri = jwtIssuer.issuer;
+                     this.payload.client_id_scheme = jwtIssuer.clientIdScheme;
+                     const header = { x5c: jwtIssuer.x5c, typ: 'JWT' };
+                     this.jwt = yield this.opts.createJwtCallback(jwtIssuer, { header, payload: this.payload });
+diff --git a/dist/types/JwtVerifier.js b/dist/types/JwtVerifier.js
+index 90ecefe0c7b0859b05af643e5d7d88b271821e03..78eb1a0f24e79bead215b0ce507c17d230792791 100644
+--- a/dist/types/JwtVerifier.js
++++ b/dist/types/JwtVerifier.js
+@@ -57,7 +57,7 @@ const getJwkVerifier = (jwt, options) => __awaiter(void 0, void 0, void 0, funct
+     if (selfComputedJwkThumbPrintUri !== jwkThumbPrintUri) {
+         throw new Error(`${Errors_1.default.INVALID_JWT} '${type}' contains an invalid sub_jwk claim.`);
+     }
+-    return { method: 'jwk', type, jwk: jwt.header.jwk, jwkThumbprint: jwt.payload.sub_jwk };
++    return { method: 'jwk', type, jwk: jwt.header.jwk, jwkThumbprint: jwt.payload.sub_jwk, alg: jwt.header.alg };
+ });
+ exports.getJwkVerifier = getJwkVerifier;
+ const getJwtVerifierWithContext = (jwt, options) => __awaiter(void 0, void 0, void 0, function* () {