Merge pull request #406 from openwallet-foundation-labs/fix/dc-api-sdk

Fix/dc-api-sdk

Author: cre8

apps/backend/src/issuer/configuration/credentials/credential-config/credential-config.service.ts

@@ -131,18 +131,6 @@ export class CredentialConfigService {
             (config as CredentialConfig).cert = cert;
         }
 
-        //check if status revocation is enabled and if yes, ensure a status list is available
-        if (config.statusManagement) {
-            const hasEntries = await this.statusListService.hasStillFreeEntries(
-                tenantId,
-                config.id,
-            );
-            if (!hasEntries) {
-                // Create a new shared list if no available list exists
-                await this.statusListService.createNewList(tenantId);
-            }
-        }
-
         await this.store(tenantId, config);
     }
 

apps/backend/src/verifier/oid4vp/oid4vp.service.ts

@@ -138,9 +138,7 @@ export class Oid4vpService {
                 payload: {
                     response_type: "vp_token",
                     client_id: "x509_hash:" + certHash,
-                    response_uri: session.useDcApi
-                        ? undefined
-                        : `${host}/${session.id}/oid4vp`,
+                    response_uri: `${host}/${session.id}/oid4vp`,
                     response_mode: session.useDcApi
                         ? "dc_api.jwt"
                         : "direct_post.jwt",

apps/backend/src/verifier/presentations/credential/base-verifier.service.ts

@@ -126,7 +126,7 @@ export abstract class BaseVerifierService {
      * @returns Hex-encoded thumbprint
      */
     protected async getThumbprint(cert: x509.X509Certificate): Promise<string> {
-        const buffer = await cert.getThumbprint();
+        const buffer = await cert.getThumbprint("SHA-256");
         return Array.from(new Uint8Array(buffer))
             .map((b) => b.toString(16).padStart(2, "0"))
             .join("");

apps/backend/test/utils.ts

@@ -655,7 +655,7 @@ export async function setupPresentationTestApp(): Promise<PresentationTestContex
 
     // Import statuslist key and cert
     const statusListKey = readConfig<KeyImportDto>(
-        join(configFolder, "root/keys/status-list.json"),
+        join(configFolder, "root/keys/sign.json"),
     );
 
     await expectRequest(
@@ -669,7 +669,7 @@ export async function setupPresentationTestApp(): Promise<PresentationTestContex
     const statusListCert = readConfig<CertImportDto>(
         join(
             configFolder,
-            "root/certs/certificate-0f6e186f-9763-49ec-8d93-6cb801ded7a4-config.json",
+            "root/certs/certificate-b6db7c84-776e-4998-9d40-ac599a4ea1fc-config.json",
         ),
     );
 

apps/client/src/app/session-management/session-management-show/session-management-show.component.ts

@@ -10,7 +10,7 @@ import { MatTooltipModule } from '@angular/material/tooltip';
 import { ActivatedRoute, Router, RouterModule } from '@angular/router';
 import { FlexLayoutModule } from 'ngx-flexible-layout';
 import * as QRCode from 'qrcode';
-import { Session } from '@eudiplo/sdk-core';
+import { Session, isDcApiAvailable, type DigitalCredentialResponse } from '@eudiplo/sdk-core';
 import { SessionManagementService } from '../session-management.service';
 import { HttpClient } from '@angular/common/http';
 import { firstValueFrom } from 'rxjs';
@@ -116,51 +116,81 @@ export class SessionManagementShowComponent implements OnInit, OnDestroy {
   }
 
   async getDcApiCall() {
-    if (!this.session?.requestUrl) return;
+    if (!this.session?.requestObject) {
+      this.snackBar.open('No request object available for DC API', 'Close', { duration: 3000 });
+      return;
+    }
 
-    if (
-      !('credentials' in navigator) ||
-      !('get' in navigator.credentials) ||
-      !('DigitalCredential' in window)
-    ) {
+    if (!isDcApiAvailable()) {
       console.warn('Digital Credentials API not available — handing off via deep link.');
+      this.snackBar.open('Digital Credentials API not available in this browser', 'Close', {
+        duration: 3000,
+      });
       return;
     }
 
-    console.log('Calling Digital Credentials API (signed)…');
-    console.log({
-      mediation: 'required',
-      digital: {
-        requests: [
-          { protocol: 'openid4vp-v1-signed', data: { request: this.session.requestObject } },
-        ],
-      },
-    });
-    const dcResponse = await navigator.credentials
-      .get({
+    try {
+      console.log('Calling Digital Credentials API (signed)…');
+
+      // Call the Digital Credentials API
+      const credential = (await navigator.credentials.get({
         mediation: 'required',
         digital: {
           requests: [
-            { protocol: 'openid4vp-v1-signed', data: { request: this.session.requestObject } },
+            {
+              protocol: 'openid4vp-v1-signed',
+              data: { request: this.session.requestObject },
+            },
           ],
         },
-      } as CredentialRequestOptions)
-      .catch((err) => {
-        console.error(err);
-        throw err;
-      });
-    console.log('Digital Credentials API response:', dcResponse);
+      } as CredentialRequestOptions)) as DigitalCredentialResponse | null;
+
+      console.log('Digital Credentials API response:', credential);
+
+      if (!credential) {
+        throw new Error('No response from Digital Credentials API');
+      }
+
+      if (credential.data?.error) {
+        console.error('Wallet protocol error:', credential.data.error, credential.data);
+        throw new Error(
+          `${credential.data.error}${credential.data.error_description ? `: ${credential.data.error_description}` : ''}`
+        );
+      }
+
+      // Extract response_uri from the request object and submit
+      const responseUri = decodeJwt<{ response_uri?: string }>(
+        this.session.requestObject
+      ).response_uri;
+
+      if (!responseUri) {
+        throw new Error('No response_uri found in request object');
+      }
+
+      const submitRes = await firstValueFrom(
+        this.httpClient.post(responseUri, { ...credential.data, sendResponse: true })
+      );
+
+      console.log('Verifier response:', submitRes);
+      this.snackBar.open('Presentation submitted successfully!', 'Close', { duration: 3000 });
 
-    if (dcResponse?.data?.error) {
-      console.error('Wallet protocol error:', dcResponse.data.error, dcResponse.data);
-      throw new Error(dcResponse.data.error);
+      // Refresh the session to show updated status
+      await this.loadSession(this.session.id);
+    } catch (error) {
+      console.error('DC API error:', error);
+      this.snackBar.open(
+        `DC API error: ${error instanceof Error ? error.message : 'Unknown error'}`,
+        'Close',
+        { duration: 5000 }
+      );
     }
+  }
 
-    const responseUri = decodeJwt<any>(this.session.requestObject!).response_uri;
-    const submitRes = await firstValueFrom(
-      this.httpClient.post(responseUri, { ...dcResponse!.data, sendResponse: true })
-    );
-    console.log('Verifier response:', submitRes);
+  /**
+   * Check if the Digital Credentials API is available
+   */
+  isDcApiAvailable(): boolean {
+    return isDcApiAvailable();
   }
 
   getStatusClass(status: any): string {

assets/config/root/certs/certificate-0f6e186f-9763-49ec-8d93-6cb801ded7a4-config.json

@@ -1,7 +1,7 @@
 {
   "id": "b6db7c84-776e-4998-9d40-ac599a4ea1fc",
   "keyId": "dbb65456-c358-46c1-bb5b-c777ef72c1d3",
-  "description": "Self-signed certificate (access, signing) for tenant Root Tenant",
+  "description": "Self-signed certificate (access, signing, statusList) for tenant Root Tenant",
   "crt": "-----BEGIN CERTIFICATE-----\nMIIBiTCCATCgAwIBAgIBATAKBggqhkjOPQQDAjAjMQswCQYDVQQGEwJERTEUMBIG\nA1UEAxMLUm9vdCBUZW5hbnQwHhcNMjYwMTAzMTczMTAyWhcNMjcwMTAzMTczMTAy\nWjAjMQswCQYDVQQGEwJERTEUMBIGA1UEAxMLUm9vdCBUZW5hbnQwWTATBgcqhkjO\nPQIBBggqhkjOPQMBBwNCAAQceSRtSApKSSpeYvy62X5MtYiDwJhBLhY8nyP+c7jh\njNTSWNC095hLrnC0AmSVjawO31VvMqUeGX+XLrvOTY0so1UwUzAiBgNVHREEGzAZ\nghdzZXJ2aWNlLmV1ZGktd2FsbGV0LmRldjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0O\nBBYEFG9BfgN82iWP/ERGyroyefQsnUtkMAoGCCqGSM49BAMCA0cAMEQCIECyGfF/\nNtZi/x8rwmcTi4xURmlkMLsPJhDRqFwbsGWrAiAjHVDTHiVsNyKSCDGZYDeI4mN0\nXSjy5D8WPahXZeUINQ==\n-----END CERTIFICATE-----",
   "certUsageTypes": [
     "access",