# SD-JWT Holder-Verifier Scenarios

## Usecase: Certification of Registration credential in Domain Name Validation

## 0.0 Basic setup

In [36]:
import asyncio
from rich.console import Console

console = Console()
loop = asyncio.get_event_loop()

## 1.0 Holder receives and stores the credential from issuer

In [37]:
credential_from_issuer = "eyJhbGciOiJFUzI1NiJ9.eyJfc2QiOlsid0tvd2dmclU4c0RPU1p4RjRKMW5IbnhTeGFLdWpGUUxBMW1DYmlNYlRpOCIsIkhXcDJoN1ZaRGpyX0NBbjVSZnppQUdxNEVXQTNkYnZEeHltdWdMSzZZOUkiLCJmeDJfMG0wSFJJdWMxVWZJT1B1RjFuVmJYc2pkQVBqQlhRdjdPM3lTVzlVIiwiaTczTF9PUHRETi1GUXU0cWxaOGhmOF8zbXBNbXUyc1EtdlVIcGtpWTNTOCIsIlpMN1Z0bUtDOEZFSGNuNWtzM0I5VDVYN0Vsdk1LWWIybTF2Rl9XcWlINHciLCJ2UGpkX0hEVHZZd3VDMkJNV1VyTFVDZV9YR3FXZ2VkZXJaYl9rQ0RDR05FIiwibjVCdUVHMzhQajJ1Tl8tS0swbFdoWjZlUjRGaWZob0pqUXloTDljbXdkOCJdLCJfc2RfYWxnIjoic2hhLTI1NiIsImV4cCI6MTY4NzM2NTc2NSwiaWF0IjoxNjg3MzYyMTY1LCJpc3MiOiJodHRwczovL2lzc3Vlci5pZ3JhbnQuaW8ifQ.QIBrtcJPFvzMKknT4VG7ymBmRF6_IwYTI0eBG0ezwQw1qvg7O6JcqKmXttkztQxiU-ubZSgfH9-uKDAVvedRtA~WyJiMWMwYzJhNGE3ODQ1MmYxY2MwMDEwMjFlMGZhYzJlZiIsICJsZWdhbFN0YXR1cyIsICJBQ1RJVkUiXQ~WyJhNzQ5MmIwMzc1MGI0YzI1YjMwZjE2ZmRkNGRiODVlOCIsICJsZWdhbEZvcm0iLCAiQWt0aWVib2xhZyJd~WyJlNjEyNTc5NTg2Yzg3OWZhMmM4N2U5YWRlZGZiNWViNCIsICJhY3Rpdml0eSIsICJDb25zdHJ1Y3Rpb24gSW5kdXN0cnkiXQ~WyJkYTJhOGRlNDM0YjcyMDYzZmI2OTk3ZTgxYjMzNWIxMiIsICJvcmdOdW1iZXIiLCAiNTU5MTMzLTI3MjAiXQ~WyI5ODY3MDA1OTJhYjQzODVhZjM1ZDcwODQ4YjY1NjQ3YSIsICJyZWdpc3RyYXRpb25EYXRlIiwgIjIwMDUtMTAtMTgiXQ~WyIzYWY4ZDUwYTk4ODVjODAyNzA2YzEwYmFlYTUwMjRmOSIsICJyZWdpc3RlcmVkQWRkcmVzcyIsIHsiZnVsbEFkZHJlc3MiOiAiMTIzIE1haW4gU3QiLCAidGhvcm91Z2hGYXJlIjogIlN2ZWF2XHUwMGU0Z2VuIiwgInBvc3ROYW1lIjogIlN0b2NraG9sbSIsICJsb2NhdG9yRGVzaWduYXRvciI6ICIxMTEgMzQiLCAiY29kZSI6ICI0OCIsICJhZG1pblVuaXRMZXZlbDEiOiAiU0UifV0~WyI0N2IyNDlhZWMwYjk3ZjY1NTdkMGIxN2IzN2ExOTZmYiIsICJhdHRlc3RhdGlvblZhbGlkaXR5IiwgIjMxLURlYy0yMDIyIl0"

## 2.0 Holder decodes the credential to see the disclosures and SD-JWT

In [38]:
import base64
import json

disclosures = credential_from_issuer.split("~")[1:]
sd_jwt = credential_from_issuer.split("~")[0]

console.log("Number of disclosures", len(disclosures))

# Decode disclosures
decoded_disclosures = []
certificate_of_registration_credential = {}
for disclosure in disclosures:
    decoded_disclosure = json.loads(base64.urlsafe_b64decode(disclosure + "=" * (-len(disclosure) % 4)).decode("utf-8"))
    claim_key = decoded_disclosure[1]
    claim_value = decoded_disclosure[2]
    certificate_of_registration_credential[claim_key] = claim_value
    decoded_disclosures.append(decoded_disclosure)
console.log("Decoded disclosures", decoded_disclosures)
console.log("Certificate of registration credential", certificate_of_registration_credential)


# Decode SD-JWT
# TODO: Get the public key from issuer and verify token
sd_jwt_header_base64, sd_jwt_payload_base64, sd_jwt_signature_base64 = sd_jwt.split(".")
sd_jwt_payload = json.loads(base64.urlsafe_b64decode(sd_jwt_payload_base64 + "=" * (-len(sd_jwt_payload_base64) % 4)).decode("utf-8"))

console.log("SD-JWT payload", sd_jwt_payload)


## 3.0 Holder verifies the disclosures against _sd digests

In [39]:
import hashlib
import base64

disclosure_membership_check = []
for disclosure in disclosures:
    sha256_hash = hashlib.sha256()
    sha256_hash.update(disclosure.encode('utf-8'))
    sha256_digest = sha256_hash.digest()
    disclosure_sha_256 = base64.urlsafe_b64encode(sha256_digest).decode('utf-8').rstrip("=")
    disclosure_membership_check.append(disclosure_sha_256 in sd_jwt_payload["_sd"])

console.log("Disclosure membership check", disclosure_membership_check)

## 4.0 Verifier requests for disclosures of legalStatus and legalForm claims

In [42]:
from collections import namedtuple
from ebsi_wallet.util import generate_disclosure_content_and_base64

SelectedClaim = namedtuple('SelectedClaim', ['claim_key', 'claim_value'])

verifier_request = ["legalStatus", "legalForm"]

selected_claims = [
    SelectedClaim(claim_key="legalStatus", claim_value=certificate_of_registration_credential["legalStatus"]),
    SelectedClaim(claim_key="legalForm", claim_value=certificate_of_registration_credential["legalForm"]),
]

console.log("Selected claims", selected_claims)


Disclosure = namedtuple('Disclosure', ['content', 'content_base64'])

disclosures = []
for selected_claim in selected_claims:
    disclosure, disclosure_base64 = generate_disclosure_content_and_base64(selected_claim.claim_key, certificate_of_registration_credential)
    disclosures.append(Disclosure(content=disclosure, content_base64=disclosure_base64))

console.log("Disclosures", disclosures)



## 6.0 Create combined format for presentation (a.k.a presentation to verifier)

*Note: Format is `<SD-JWT>~<Disclosure 1>~<Disclosure 2>~...~<Disclosure M>~<optional Holder Binding JWT>`*

In [43]:
combined_format_for_issuance = sd_jwt

for disclosure in disclosures:
    combined_format_for_issuance += "~" + disclosure.content_base64

print("Combined format for issuance : ", combined_format_for_issuance)

Combined format for issuance :  eyJhbGciOiJFUzI1NiJ9.eyJfc2QiOlsid0tvd2dmclU4c0RPU1p4RjRKMW5IbnhTeGFLdWpGUUxBMW1DYmlNYlRpOCIsIkhXcDJoN1ZaRGpyX0NBbjVSZnppQUdxNEVXQTNkYnZEeHltdWdMSzZZOUkiLCJmeDJfMG0wSFJJdWMxVWZJT1B1RjFuVmJYc2pkQVBqQlhRdjdPM3lTVzlVIiwiaTczTF9PUHRETi1GUXU0cWxaOGhmOF8zbXBNbXUyc1EtdlVIcGtpWTNTOCIsIlpMN1Z0bUtDOEZFSGNuNWtzM0I5VDVYN0Vsdk1LWWIybTF2Rl9XcWlINHciLCJ2UGpkX0hEVHZZd3VDMkJNV1VyTFVDZV9YR3FXZ2VkZXJaYl9rQ0RDR05FIiwibjVCdUVHMzhQajJ1Tl8tS0swbFdoWjZlUjRGaWZob0pqUXloTDljbXdkOCJdLCJfc2RfYWxnIjoic2hhLTI1NiIsImV4cCI6MTY4NzM2NTc2NSwiaWF0IjoxNjg3MzYyMTY1LCJpc3MiOiJodHRwczovL2lzc3Vlci5pZ3JhbnQuaW8ifQ.QIBrtcJPFvzMKknT4VG7ymBmRF6_IwYTI0eBG0ezwQw1qvg7O6JcqKmXttkztQxiU-ubZSgfH9-uKDAVvedRtA~WyI3OGYzNTYwZjNmOWMwMzQzY2E5YmZlNWQ3MDM5YjZiNiIsICJsZWdhbFN0YXR1cyIsICJBQ1RJVkUiXQ~WyIzMTQwNGMxNWFjZDk5MWI3ZmFjNTVjNTkzMGNkZmZiNSIsICJsZWdhbEZvcm0iLCAiQWt0aWVib2xhZyJd
