fix(sd-jwt): get the issuerDidUrl from the sd-jwt itself

Signed-off-by: Berend Sliedrecht <blu3beri@proton.me>

packages/sd-jwt/package.json

@@ -28,7 +28,7 @@
     "@aries-framework/core": "^0.4.2",
     "class-transformer": "0.5.1",
     "class-validator": "0.14.0",
-    "jwt-sd": "^0.0.1-alpha.19"
+    "jwt-sd": "^0.0.1-alpha.20"
   },
   "devDependencies": {
     "@hyperledger/aries-askar-nodejs": "^0.1.0",

packages/sd-jwt/src/SdJwtOptions.ts

@@ -37,7 +37,6 @@ export type SdJwtPresentOptions = {
  */
 export type SdJwtVerifyOptions = {
   holderDidUrl: string
-  issuerDidUrl: string
   verifierDid: string
   requiredClaimKeys?: Array<string>
 }

packages/sd-jwt/src/SdJwtService.ts

@@ -260,7 +260,7 @@ export class SdJwtService {
   >(
     agentContext: AgentContext,
     sdJwtCompact: string,
-    { verifierDid, requiredClaimKeys, holderDidUrl, issuerDidUrl }: SdJwtVerifyOptions
+    { verifierDid, requiredClaimKeys, holderDidUrl }: SdJwtVerifyOptions
   ): Promise<{ sdJwtRecord: SdJwtRecord<Header, Payload>; validation: SdJwtVcVerificationResult }> {
     const sdJwt = SdJwtVc.fromCompact<Header, Payload>(sdJwtCompact)
 
@@ -272,20 +272,25 @@ export class SdJwtService {
       throw new SdJwtError('Keybinding is required for verification of the sd-jwt-vc')
     }
 
+    sdJwt.keyBinding.assertClaimInPayload('aud', verifierDid)
+
     const { verificationMethod: holderVerificationMethod } = await this.resolveDidUrl(agentContext, holderDidUrl)
     const holderKey = getKeyFromVerificationMethod(holderVerificationMethod)
     const holderKeyJwk = getJwkFromKey(holderKey).toJson()
 
-    const { verificationMethod: issuerVerificationMethod } = await this.resolveDidUrl(agentContext, issuerDidUrl)
-    const issuerKey = getKeyFromVerificationMethod(issuerVerificationMethod)
-
-    sdJwt.keyBinding.assertClaimInPayload('aud', verifierDid)
     sdJwt.assertClaimInPayload('cnf', { jwk: holderKeyJwk })
 
+    sdJwt.assertClaimInHeader('kid')
+    sdJwt.assertClaimInPayload('iss')
+
+    const issuerKid = sdJwt.getClaimInHeader<string>('kid')
+    const issuerDid = sdJwt.getClaimInPayload<string>('iss')
+
     // TODO: is there a more AFJ way of doing this?
-    const [did, keyId] = issuerDidUrl.split('#')
-    sdJwt.assertClaimInHeader('kid', keyId)
-    sdJwt.assertClaimInPayload('iss', did)
+    const issuerDidUrl = `${issuerDid}#${issuerKid}`
+
+    const { verificationMethod: issuerVerificationMethod } = await this.resolveDidUrl(agentContext, issuerDidUrl)
+    const issuerKey = getKeyFromVerificationMethod(issuerVerificationMethod)
 
     const verificationResult = await sdJwt.verify(this.verifier(agentContext, issuerKey), requiredClaimKeys)
 

packages/sd-jwt/src/__tests__/SdJwtService.test.ts

@@ -437,7 +437,6 @@ describe('SdJwtService', () => {
 
       const { validation } = await sdJwtService.verify(agent.context, presentation, {
         verifierDid,
-        issuerDidUrl,
         holderDidUrl,
         requiredClaimKeys: ['claim'],
       })
@@ -468,7 +467,6 @@ describe('SdJwtService', () => {
       const { validation } = await sdJwtService.verify(agent.context, presentation, {
         verifierDid,
         holderDidUrl,
-        issuerDidUrl,
         requiredClaimKeys: ['type', 'cnf', 'claim', 'iat'],
       })
 
@@ -497,7 +495,6 @@ describe('SdJwtService', () => {
 
       const { validation } = await sdJwtService.verify(agent.context, presentation, {
         verifierDid,
-        issuerDidUrl,
         holderDidUrl,
         requiredClaimKeys: [
           'type',

yarn.lock

@@ -7911,10 +7911,10 @@ jwt-decode@^3.1.2:
   resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-3.1.2.tgz#3fb319f3675a2df0c2895c8f5e9fa4b67b04ed59"
   integrity sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A==
 
-jwt-sd@^0.0.1-alpha.19:
-  version "0.0.1-alpha.19"
-  resolved "https://registry.yarnpkg.com/jwt-sd/-/jwt-sd-0.0.1-alpha.19.tgz#99f3f256e67bb1d46f9b3f9505dfeb27158dd562"
-  integrity sha512-3qIBKIzDOP98ExF4oovfgB0mO8jUHrJBS+LbhArBYIUHT93okiaEOU5UAGawtgHifJsLOlxpqI5UR+6Wt07Wug==
+jwt-sd@^0.0.1-alpha.20:
+  version "0.0.1-alpha.20"
+  resolved "https://registry.yarnpkg.com/jwt-sd/-/jwt-sd-0.0.1-alpha.20.tgz#2f04a0523c71c12d1a5b2a118219ec9d26baaee9"
+  integrity sha512-hyX0sibzRhvKRYdCeCz4INbC9+//l+ZC8EpZOIzDrrDkHF4a4vTXXHV3N/BNHUBJvXCIpBVus+poPa08I6bP5A==
   dependencies:
     buffer "^6.0.3"