-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add VerifiablePresentation Creation, Signing, and Verification #184
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #184 +/- ##
==========================================
+ Coverage 78.96% 79.65% +0.68%
==========================================
Files 33 36 +3
Lines 1930 2079 +149
Branches 265 309 +44
==========================================
+ Hits 1524 1656 +132
- Misses 274 281 +7
- Partials 132 142 +10
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good stuff!
Would suggest increasing coverage for edge cases/errors.
credentials/src/main/kotlin/web5/sdk/credentials/VerifiablePresentation.kt
Outdated
Show resolved
Hide resolved
credentials/src/main/kotlin/web5/sdk/credentials/VerifiablePresentation.kt
Show resolved
Hide resolved
credentials/src/main/kotlin/web5/sdk/credentials/VerifiablePresentation.kt
Outdated
Show resolved
Hide resolved
credentials/src/main/kotlin/web5/sdk/credentials/VerifiablePresentation.kt
Outdated
Show resolved
Hide resolved
credentials/src/test/kotlin/web5/sdk/credentials/VerifiablePresentationTest.kt
Outdated
Show resolved
Hide resolved
credentials/src/test/kotlin/web5/sdk/credentials/VerifiablePresentationTest.kt
Outdated
Show resolved
Hide resolved
…sentationTest.kt Co-authored-by: Andres Uribe <[email protected]>
additionalData?.plus("verifiableCredential" to vcJwts) ?: mapOf("verifiableCredential" to vcJwts) | ||
|
||
val vpDataModel = VpDataModel.builder() | ||
.id(URI.create("urn:uuid:${UUID.randomUUID()}")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are we following this id pattern everywhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup its on the vc id too
* } | ||
* ``` | ||
*/ | ||
public fun verify(vpJwt: String) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this might have some complexity. for example, I could make a presentation definition where I'm specifically requesting expired credentials. this check would fail, since JWT validation fails if the exp
property is in the past
I don't think you need to worry about this now, but it may be worth adding a note
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm good to think about..
we could just simply throw in an acceptExpired
flag but we should find all the edge cases
import web5.sdk.dids.findAssertionMethodById | ||
import java.security.SignatureException | ||
|
||
private const val JsonWebKey2020 = "JsonWebKey2020" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this needs to be updated to JsonWebKey
TBD54566975/web5-spec#73
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes I'll make another PR that does this, since we will need to update lots of test vectors too
val didResolutionResult = DidResolvers.resolve(did.uri) | ||
val assertionMethod = didResolutionResult.didDocument.findAssertionMethodById(assertionMethodId) | ||
|
||
// TODO: ensure that publicKeyJwk is not null |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
todos with issue tags or add the require?
val algorithm = publicKeyJwk.algorithm | ||
val jwsAlgorithm = JWSAlgorithm.parse(algorithm.toString()) | ||
|
||
val kid = when (assertionMethod.id.isAbsolute) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could this be a ternary statement?
"Signature verification failed: Expected JWS header to contain alg and kid" | ||
} | ||
|
||
val verificationMethodId = jwt.header.keyID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
noting that these can be different
for example we may have a key id as a JWK thumbprint but a verification method ID as did:example:abcd#key-1
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
few not blocking comments, nice job!
Added sign comments in its own issue - #190 |
Overview
Add VerifiablePresentation Creation, Signing, and Verification
Description
This provides functionalities to sign, verify, and create presentations, offering a concise API to work with JWT representations of verifiable presentations and ensuring that the signatures and claims within those JWTs can be validated.
Create VP Example:
Sign VP Example:
After signing this will create a vp that looks something like this: