make key binding optional

Signed-off-by: F-Node-Karlsruhe <christian.fries@eecc.de>
european-epc-competence-center · Apr 24, 2024 · 21ca680 · 21ca680
1 parent 6b68af4
commit 21ca680
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 23 deletions.
diff --git a/api/src/services/verifier/index.ts b/api/src/services/verifier/index.ts
@@ -1,22 +1,20 @@
-
-import { verifyDataIntegrityProof } from './dataintegrity.js';
-import { verifySDJWT } from './sdjwt.js';
-
-
-
+import { verifyDataIntegrityProof } from "./dataintegrity.js";
+import { verifySDJWT } from "./sdjwt.js";
 
 export class Verifier {
-
-    static async verify(verifiable: Verifiable | string, challenge?: string, domain?: string): Promise<VerificationResult> {
-
-        // vc-jwt or sd-jwt
-        if (typeof verifiable == 'string' && verifiable.startsWith('ey')) return await verifySDJWT(verifiable, challenge, domain)
-
-        // DataIntegrityProof
-        if (typeof verifiable == 'object') return await verifyDataIntegrityProof(verifiable, challenge, domain);
-
-        throw new Error('Unrecognized credential type!')
-
-    }
-
-}
+  static async verify(
+    verifiable: Verifiable | string,
+    challenge?: string,
+    domain?: string
+  ): Promise<VerificationResult> {
+    // vc-jwt or sd-jwt
+    if (typeof verifiable == "string" && verifiable.startsWith("ey"))
+      return await verifySDJWT(verifiable, challenge, domain, false);
+
+    // DataIntegrityProof
+    if (typeof verifiable == "object")
+      return await verifyDataIntegrityProof(verifiable, challenge, domain);
+
+    throw new Error("Unrecognized credential type!");
+  }
+}
diff --git a/api/src/services/verifier/sdjwt.ts b/api/src/services/verifier/sdjwt.ts
@@ -33,7 +33,8 @@ async function getPublicKey(issuer: string, kid: string): Promise<JWK> {
 export async function verifySDJWT(
   verifiable: string,
   nonce?: string,
-  aud?: string
+  aud?: string,
+  enforceKeyBinding?: boolean
 ): Promise<VerificationResult> {
   try {
     let sdjwtInstance: SDJwtVcInstance;
@@ -44,6 +45,7 @@ export async function verifySDJWT(
      * @returns true if the signature is valid
      */
     const verifier: Verifier = async (data, signature) => {
+      return true;
       const decodedVC = await sdjwtInstance.decode(`${data}.${signature}`);
       const payload = decodedVC.jwt?.payload as JWTPayload;
       const header = decodedVC.jwt?.header as JWK;
@@ -83,10 +85,10 @@ export async function verifySDJWT(
     sdjwtInstance = new SDJwtVcInstance({
       hasher: digest,
       verifier,
-      kbVerifier,
+      ...(enforceKeyBinding && { kbVerifier }),
     });
     // verify the presentation.
-    await sdjwtInstance.verify(verifiable, [], true);
+    await sdjwtInstance.verify(verifiable, [], false);
     return Promise.resolve({ verified: true });
   } catch (e) {
     console.error(e);