WIP

impierce · Oct 18, 2024 · bd2ca9c · bd2ca9c
1 parent b34a93d
commit bd2ca9c
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 11 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -20,11 +20,16 @@ rust-version = "1.76.0"
 
 [workspace.dependencies]
 did_manager = { git = "https://git@github.com/impierce/did-manager.git", tag = "v1.0.0-beta.3" }
-siopv2 = { git = "https://git@github.com/impierce/openid4vc.git", rev = "12fed14" }
-oid4vci = { git = "https://git@github.com/impierce/openid4vc.git", rev = "12fed14" }
-oid4vc-core = { git = "https://git@github.com/impierce/openid4vc.git", rev = "12fed14" }
-oid4vc-manager = { git = "https://git@github.com/impierce/openid4vc.git", rev = "12fed14" }
-oid4vp = { git = "https://git@github.com/impierce/openid4vc.git", rev = "12fed14" }
+siopv2 = { git = "https://git@github.com/impierce/openid4vc.git", rev = "b4b7a56" }
+oid4vci = { git = "https://git@github.com/impierce/openid4vc.git", rev = "b4b7a56" }
+oid4vc-core = { git = "https://git@github.com/impierce/openid4vc.git", rev = "b4b7a56" }
+oid4vc-manager = { git = "https://git@github.com/impierce/openid4vc.git", rev = "b4b7a56" }
+oid4vp = { git = "https://git@github.com/impierce/openid4vc.git", rev = "b4b7a56" }
+# siopv2 = { path = "../openid4vc/siopv2" }
+# oid4vci = { path = "../openid4vc/oid4vci"}
+# oid4vc-core = { path = "../openid4vc/oid4vc-core"}
+# oid4vc-manager = { path = "../openid4vc/oid4vc-manager" }
+# oid4vp = { path = "../openid4vc/oid4vp" }
 
 async-trait = "0.1"
 axum = { version = "0.7", features = ["tracing"] }

diff --git a/agent_shared/src/verifier.rs b/agent_shared/src/verifier.rs
@@ -0,0 +1,45 @@
+use std::str::FromStr as _;
+
+use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
+use identity_iota::{
+    core::{FromJson as _, ToJson as _},
+    verification::{
+        jwk::Jwk,
+        jws::{JwsVerifier, SignatureVerificationError, VerificationInput},
+    },
+};
+use jsonwebtoken::{crypto::verify, Algorithm, DecodingKey, Validation};
+
+/// This `Verifier` uses `jsonwebtoken` under the hood to verify verification input.
+pub struct Verifier;
+impl JwsVerifier for Verifier {
+    fn verify(&self, input: VerificationInput, public_key: &Jwk) -> Result<(), SignatureVerificationError> {
+        let algorithm = Algorithm::from_str(&input.alg.to_string()).unwrap();
+
+        println!("public_key: {:?}", public_key);
+
+        // Convert the `Jwk` first into a `jsonwebtoken::jwk::Jwk` and then into a `DecodingKey`.
+        let decoding_key = public_key
+            .to_json()
+            .ok()
+            .and_then(|public_key| jsonwebtoken::jwk::Jwk::from_json(&public_key).ok())
+            .and_then(|jwk| DecodingKey::from_jwk(&jwk).ok())
+            .unwrap();
+
+        let mut validation = Validation::new(algorithm);
+        validation.validate_aud = false;
+        validation.required_spec_claims.clear();
+
+        println!("validation: {:?}", validation);
+
+        verify(
+            &URL_SAFE_NO_PAD.encode(input.decoded_signature),
+            &input.signing_input,
+            &decoding_key,
+            algorithm,
+        )
+        .unwrap();
+
+        Ok(())
+    }
+}