[openwallet-foundation#49]fix: generate key binding jwt in present (o…

…penwallet-foundation#50) Signed-off-by: Lukas <[email protected]>
cre8 · Feb 6, 2024 · c340de4 · c340de4
1 parent b43afa7
commit c340de4
Show file tree

Hide file tree

Showing 4 changed files with 133 additions and 50 deletions.
diff --git a/examples/kb.ts b/examples/kb.ts
@@ -26,18 +26,18 @@ export const createKeyPair = () => {
     sd_hash: '1234',
   };
 
-  const encodedSdjwt = await sdjwt.issue(claims, privateKey, disclosureFrame, {
+  const encodedSdjwt = await sdjwt.issue(claims, privateKey, disclosureFrame);
+  console.log('encodedSdjwt:', encodedSdjwt);
+  const sdjwttoken = sdjwt.decode(encodedSdjwt);
+  console.log(sdjwttoken);
+
+  const presentedSdJwt = await sdjwt.present(encodedSdjwt, ['id'], {
     kb: {
       alg: 'EdDSA',
       payload: kbPayload,
       privateKey,
     },
   });
-  console.log('encodedSdjwt:', encodedSdjwt);
-  const sdjwttoken = sdjwt.decode(encodedSdjwt);
-  console.log(sdjwttoken);
-
-  const presentedSdJwt = await sdjwt.present(encodedSdjwt, ['id']);
 
   const verified = await sdjwt.verify(
     presentedSdJwt,

diff --git a/src/index.ts b/src/index.ts
@@ -5,10 +5,13 @@ import { KBJwt } from './kbjwt';
 import { SDJwt, pack } from './sdjwt';
 import {
   DisclosureFrame,
+  KBOptionWithSigner,
+  KBOptions,
   KB_JWT_TYP,
   SDJWTCompact,
   SDJWTConfig,
   SD_JWT_TYP,
+  Signer,
   kbPayload,
 } from './type';
 import { KeyLike } from 'jose';
@@ -46,19 +49,33 @@ export class SDJwtInstance {
     return new SDJwtInstance(userConfig);
   }
 
-  private async createKBJwt(
-    payload: kbPayload,
-    privateKey: Uint8Array | KeyLike,
-    alg: string,
-  ): Promise<KBJwt> {
+  private isKBOptionsWithSigner(
+    options: KBOptions,
+  ): options is KBOptionWithSigner {
+    if ((options as KBOptionWithSigner).signer) {
+      return true;
+    }
+    return false;
+  }
+
+  private async createKBJwt(options: KBOptions): Promise<KBJwt> {
+    const { alg, payload } = options;
     const kbJwt = new KBJwt({
       header: {
         typ: KB_JWT_TYP,
         alg,
       },
       payload,
     });
-    await kbJwt.sign(privateKey);
+
+    if (this.isKBOptionsWithSigner(options)) {
+      const { signer } = options;
+      await kbJwt.signWithSigner(signer);
+    } else {
+      const { privateKey } = options;
+      await kbJwt.sign(privateKey);
+    }
+
     return kbJwt;
   }
 
@@ -70,11 +87,6 @@ export class SDJwtInstance {
       header?: object;
       sign_alg?: string;
       hash_alg?: string;
-      kb?: {
-        alg: string;
-        payload: kbPayload;
-        privateKey: Uint8Array | KeyLike;
-      };
     },
   ): Promise<SDJWTCompact> {
     const haser =
@@ -103,18 +115,9 @@ export class SDJwtInstance {
     });
     await jwt.sign(privateKey);
 
-    const kbJwt = options?.kb
-      ? await this.createKBJwt(
-          options.kb.payload,
-          options.kb.privateKey,
-          options.kb.alg,
-        )
-      : undefined;
-
     const sdJwt = new SDJwt({
       jwt,
       disclosures,
-      kbJwt,
     });
 
     return sdJwt.encodeSDJwt();
@@ -123,9 +126,17 @@ export class SDJwtInstance {
   public async present(
     encodedSDJwt: string,
     presentationKeys?: string[],
+    options?: {
+      kb?: KBOptions;
+    },
   ): Promise<SDJWTCompact> {
     if (!presentationKeys) return encodedSDJwt;
     const sdjwt = SDJwt.fromEncode(encodedSDJwt);
+
+    const kbJwt = options?.kb ? await this.createKBJwt(options.kb) : undefined;
+
+    sdjwt.kbJwt = kbJwt;
+
     return sdjwt.present(presentationKeys.sort());
   }
 

diff --git a/src/test/index.spec.ts b/src/test/index.spec.ts
@@ -1,4 +1,4 @@
-import sdjwt from '../index';
+import sdjwt, { Signer } from '../index';
 import Crypto from 'node:crypto';
 
 describe('index', () => {
@@ -9,7 +9,7 @@ describe('index', () => {
     expect(SDJwtInstance).toBeDefined();
   });
 
-  test('issue kbJwt', async () => {
+  test('kbJwt', async () => {
     const { privateKey } = Crypto.generateKeyPairSync('ed25519');
     const credential = await sdjwt.issue(
       {
@@ -19,21 +19,58 @@ describe('index', () => {
       {
         _sd: ['foo'],
       },
-      {
-        kb: {
-          alg: 'EdDSA',
-          payload: {
-            sd_hash: 'sha-256',
-            aud: '1',
-            iat: 1,
-            nonce: '342',
-          },
-          privateKey,
+    );
+
+    expect(credential).toBeDefined();
+
+    const presentation = await sdjwt.present(credential, ['foo'], {
+      kb: {
+        alg: 'EdDSA',
+        payload: {
+          sd_hash: 'sha-256',
+          aud: '1',
+          iat: 1,
+          nonce: '342',
         },
+        privateKey,
+      },
+    });
+
+    expect(presentation).toBeDefined();
+  });
+
+  test('kbJwt with custom signer', async () => {
+    const { privateKey } = Crypto.generateKeyPairSync('ed25519');
+    const testSigner: Signer = async (data: string) => {
+      const sig = Crypto.sign(null, Buffer.from(data), privateKey);
+      return Buffer.from(sig).toString('base64url');
+    };
+    const credential = await sdjwt.issue(
+      {
+        foo: 'bar',
+      },
+      privateKey,
+      {
+        _sd: ['foo'],
       },
     );
 
     expect(credential).toBeDefined();
+
+    const presentation = await sdjwt.present(credential, ['foo'], {
+      kb: {
+        alg: 'EdDSA',
+        payload: {
+          sd_hash: 'sha-256',
+          aud: '1',
+          iat: 1,
+          nonce: '342',
+        },
+        signer: testSigner,
+      },
+    });
+
+    expect(presentation).toBeDefined();
   });
 
   test('verify failed', async () => {
@@ -46,18 +83,6 @@ describe('index', () => {
       {
         _sd: ['foo'],
       },
-      {
-        kb: {
-          alg: 'EdDSA',
-          payload: {
-            sd_hash: 'sha-256',
-            aud: '1',
-            iat: 1,
-            nonce: '342',
-          },
-          privateKey,
-        },
-      },
     );
 
     try {
@@ -69,4 +94,36 @@ describe('index', () => {
       expect(e).toBeDefined();
     }
   });
+
+  test('verify failed with kbJwt', async () => {
+    const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
+    const credential = await sdjwt.issue(
+      {
+        foo: 'bar',
+      },
+      privateKey,
+      {
+        _sd: ['foo'],
+      },
+    );
+
+    const presentation = await sdjwt.present(credential, ['foo'], {
+      kb: {
+        alg: 'EdDSA',
+        payload: {
+          sd_hash: '',
+          aud: '1',
+          iat: 1,
+          nonce: '342',
+        },
+        privateKey,
+      },
+    });
+
+    try {
+      await sdjwt.verify(presentation, publicKey);
+    } catch (e) {
+      expect(e).toBeDefined();
+    }
+  });
 });
diff --git a/src/type.ts b/src/type.ts
@@ -1,3 +1,4 @@
+import { KeyLike } from 'jose';
 import { Jwt } from './jwt';
 
 export const SD_SEPARATOR = '~';
@@ -28,6 +29,20 @@ export type kbPayload = {
 
 export type KeyBinding = Jwt<kbHeader, kbPayload>;
 
+export type KBOptionWithKey = {
+  alg: string;
+  payload: kbPayload;
+  privateKey: Uint8Array | KeyLike;
+};
+
+export type KBOptionWithSigner = {
+  alg: string;
+  payload: kbPayload;
+  signer: Signer;
+};
+
+export type KBOptions = KBOptionWithKey | KBOptionWithSigner;
+
 export type OrPromise<T> = T | Promise<T>;
 
 export type Signer = (data: string) => OrPromise<string>;