From 150a252644ca7d26e8a1ae40bff51f0c7ee1891d Mon Sep 17 00:00:00 2001 From: Berend Sliedrecht Date: Tue, 31 Oct 2023 10:46:41 +0100 Subject: [PATCH] fix(sd-jwt): get the issuerDidUrl from the sd-jwt itself Signed-off-by: Berend Sliedrecht --- packages/sd-jwt/package.json | 2 +- packages/sd-jwt/src/SdJwtOptions.ts | 1 - packages/sd-jwt/src/SdJwtService.ts | 21 ++++++++++++------- .../sd-jwt/src/__tests__/SdJwtService.test.ts | 3 --- yarn.lock | 8 +++---- 5 files changed, 18 insertions(+), 17 deletions(-) diff --git a/packages/sd-jwt/package.json b/packages/sd-jwt/package.json index fce29b2fda..bdcd3605a8 100644 --- a/packages/sd-jwt/package.json +++ b/packages/sd-jwt/package.json @@ -28,7 +28,7 @@ "@aries-framework/core": "^0.4.2", "class-transformer": "0.5.1", "class-validator": "0.14.0", - "jwt-sd": "^0.0.1-alpha.19" + "jwt-sd": "^0.0.1-alpha.20" }, "devDependencies": { "@hyperledger/aries-askar-nodejs": "^0.1.0", diff --git a/packages/sd-jwt/src/SdJwtOptions.ts b/packages/sd-jwt/src/SdJwtOptions.ts index 7a5b0cfbea..60eda8ff59 100644 --- a/packages/sd-jwt/src/SdJwtOptions.ts +++ b/packages/sd-jwt/src/SdJwtOptions.ts @@ -37,7 +37,6 @@ export type SdJwtPresentOptions = { */ export type SdJwtVerifyOptions = { holderDidUrl: string - issuerDidUrl: string verifierDid: string requiredClaimKeys?: Array } diff --git a/packages/sd-jwt/src/SdJwtService.ts b/packages/sd-jwt/src/SdJwtService.ts index b82f54119b..52925ac8ab 100644 --- a/packages/sd-jwt/src/SdJwtService.ts +++ b/packages/sd-jwt/src/SdJwtService.ts @@ -260,7 +260,7 @@ export class SdJwtService { >( agentContext: AgentContext, sdJwtCompact: string, - { verifierDid, requiredClaimKeys, holderDidUrl, issuerDidUrl }: SdJwtVerifyOptions + { verifierDid, requiredClaimKeys, holderDidUrl }: SdJwtVerifyOptions ): Promise<{ sdJwtRecord: SdJwtRecord; validation: SdJwtVcVerificationResult }> { const sdJwt = SdJwtVc.fromCompact(sdJwtCompact) @@ -272,20 +272,25 @@ export class SdJwtService { throw new SdJwtError('Keybinding is required for verification of the sd-jwt-vc') } + sdJwt.keyBinding.assertClaimInPayload('aud', verifierDid) + const { verificationMethod: holderVerificationMethod } = await this.resolveDidUrl(agentContext, holderDidUrl) const holderKey = getKeyFromVerificationMethod(holderVerificationMethod) const holderKeyJwk = getJwkFromKey(holderKey).toJson() - const { verificationMethod: issuerVerificationMethod } = await this.resolveDidUrl(agentContext, issuerDidUrl) - const issuerKey = getKeyFromVerificationMethod(issuerVerificationMethod) - - sdJwt.keyBinding.assertClaimInPayload('aud', verifierDid) sdJwt.assertClaimInPayload('cnf', { jwk: holderKeyJwk }) + sdJwt.assertClaimInHeader('kid') + sdJwt.assertClaimInPayload('iss') + + const issuerKid = sdJwt.getClaimInHeader('kid') + const issuerDid = sdJwt.getClaimInPayload('iss') + // TODO: is there a more AFJ way of doing this? - const [did, keyId] = issuerDidUrl.split('#') - sdJwt.assertClaimInHeader('kid', keyId) - sdJwt.assertClaimInPayload('iss', did) + const issuerDidUrl = `${issuerDid}#${issuerKid}` + + const { verificationMethod: issuerVerificationMethod } = await this.resolveDidUrl(agentContext, issuerDidUrl) + const issuerKey = getKeyFromVerificationMethod(issuerVerificationMethod) const verificationResult = await sdJwt.verify(this.verifier(agentContext, issuerKey), requiredClaimKeys) diff --git a/packages/sd-jwt/src/__tests__/SdJwtService.test.ts b/packages/sd-jwt/src/__tests__/SdJwtService.test.ts index e7b9c783b5..29414cdf35 100644 --- a/packages/sd-jwt/src/__tests__/SdJwtService.test.ts +++ b/packages/sd-jwt/src/__tests__/SdJwtService.test.ts @@ -437,7 +437,6 @@ describe('SdJwtService', () => { const { validation } = await sdJwtService.verify(agent.context, presentation, { verifierDid, - issuerDidUrl, holderDidUrl, requiredClaimKeys: ['claim'], }) @@ -468,7 +467,6 @@ describe('SdJwtService', () => { const { validation } = await sdJwtService.verify(agent.context, presentation, { verifierDid, holderDidUrl, - issuerDidUrl, requiredClaimKeys: ['type', 'cnf', 'claim', 'iat'], }) @@ -497,7 +495,6 @@ describe('SdJwtService', () => { const { validation } = await sdJwtService.verify(agent.context, presentation, { verifierDid, - issuerDidUrl, holderDidUrl, requiredClaimKeys: [ 'type', diff --git a/yarn.lock b/yarn.lock index 05f9ca73ad..9f0ffaafff 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7911,10 +7911,10 @@ jwt-decode@^3.1.2: resolved "https://registry.yarnpkg.com/jwt-decode/-/jwt-decode-3.1.2.tgz#3fb319f3675a2df0c2895c8f5e9fa4b67b04ed59" integrity sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A== -jwt-sd@^0.0.1-alpha.19: - version "0.0.1-alpha.19" - resolved "https://registry.yarnpkg.com/jwt-sd/-/jwt-sd-0.0.1-alpha.19.tgz#99f3f256e67bb1d46f9b3f9505dfeb27158dd562" - integrity sha512-3qIBKIzDOP98ExF4oovfgB0mO8jUHrJBS+LbhArBYIUHT93okiaEOU5UAGawtgHifJsLOlxpqI5UR+6Wt07Wug== +jwt-sd@^0.0.1-alpha.20: + version "0.0.1-alpha.20" + resolved "https://registry.yarnpkg.com/jwt-sd/-/jwt-sd-0.0.1-alpha.20.tgz#2f04a0523c71c12d1a5b2a118219ec9d26baaee9" + integrity sha512-hyX0sibzRhvKRYdCeCz4INbC9+//l+ZC8EpZOIzDrrDkHF4a4vTXXHV3N/BNHUBJvXCIpBVus+poPa08I6bP5A== dependencies: buffer "^6.0.3"