Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifier simplification. #559

Merged
merged 5 commits into from
Jul 3, 2024
Merged

Verifier simplification. #559

merged 5 commits into from
Jul 3, 2024

Conversation

timothee-haudebourg
Copy link
Contributor

@timothee-haudebourg timothee-haudebourg commented Jun 28, 2024
edited
Loading

Currently the VerifiableClaims::verify function (or more precisely verify_with) takes a "verifier" and an "environment". The "verifier" is in fact a public key resolver (W3C verification method resolver or JWK resolver, etc), while the environment provides any other resource required to validate the claims and signature.

I realized there is no real reason to separate the resolver from the environment. Merging them into a single verifier allows us to remove an input argument to many functions (including VerifiableClaims::verify) and remove a type parameter to some traits. This is the purpose of this PR.

Here is an overview of the changes:

  • Remove the environment argument in VerifiableClaims::verify, the verifier is now the "environment".
  • Remove the VerifiableClaims::verify_with, now unnecessary.
  • Add a ResolverEnvironment trait implemented by any type providing a public key resolver (similar to other *Environment traits).
  • Add a Verifier type, implementing ResolverEnvironment and all the commonly used *Environment traits. This is the default built-in verifier type that works with most verifiable claims. It replaces the old VerificationEnvironment type.
  • Rename Validate into ValidateClaims.
  • Remove the verifier argument from ValidateProof. Now ValidateClaims and ValidateProof are completely symmetrical.
  • Rename JWSVerifier into JWKResolver. This makes the function of this trait clearer: its a type that can resolve a key id into a JWK. Just like VerificationMethodResolver resolves a key id into a W3C verification method.

The only downside is that the verify function must take an actual verifier as parameter, and not just the public key resolver. A verifier can be built from a resolver using Verifier::from_resolver. It's one more step, but I also think it makes more sense while making customizing the verifier easier. For instance its possible to customize the JSON-LD context loader while constructing the verifier with one line:

// Create verifier with custom LD loader.
let verifier = Verifier::from_resolver(my_resolver).with_json_ld_loader(my_custom_loader);

// Verify the claims.
vc.verify(&verifier).await;

Before, you would need to construct your own verification environment and use verify_with instead of verify.

@timothee-haudebourg
Copy link
Contributor Author

Also, I renamed the DIDResolver::with_default_options function into into_vm_resolver to make it clear that it turns a DID resolver into a verification method resolver.

@timothee-haudebourg timothee-haudebourg marked this pull request as ready for review June 28, 2024 16:01
sbihel
sbihel reviewed Jun 28, 2024
View reviewed changes
crates/claims/core/src/verification/proof.rs Show resolved Hide resolved
crates/claims/core/src/verification/mod.rs Outdated
@@ -98,3 +93,135 @@ pub enum Invalid {
#[error("invalid proof: {0}")]
Proof(#[from] InvalidProof),
}

/// Public key resolver environment.
pub trait ResolverEnvironment {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know if environment is the right term. In SIWE for example, you provide "verification parameters" which can include a different time from now

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that's the same idea with the *Environment traits. For now we have DateTimeEnvironment, ResolverEnvironment, ContextLoaderEnvironment and Eip712TypesEnvironment, and probably more in the future. I agree "Environment" may not be the best term, but I couldn't come up with a better one yet. Maybe "Provider".

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After talking about it with Jacob, we decided to use Provider instead of Environment

@timothee-haudebourg
Merge context and verifier.
069e61b 
Add `ResolverEnvironment`.
Rename `Validate` into `ValidateClaims` trait.
@timothee-haudebourg
Fix formatting.
87486d3
@timothee-haudebourg
Rename with_default_options into into_vm_resolver.
9cf2496
@timothee-haudebourg
Rename *Environment traits into *Provider traits.
d22cb27 
Rename `Verifier` type into `VerificationParameters`.
Add dedicated `verify` methods for secured claims types (`CompactJWS`, `DecodedJWS` and `DataIntegrity`).
Add documentation.
@timothee-haudebourg
Copy link
Contributor Author

I've renamed all the *Environment traits into *Provider, added a dedicated verify function for each secured claim type (CompactJWS, DecodedJWS and DataIntegrity), renamed Verifier into VerificationParameters and added more documentation about verification parameters.

@timothee-haudebourg timothee-haudebourg merged commit 30f29a9 into main Jul 3, 2024
4 checks passed
@timothee-haudebourg timothee-haudebourg deleted the simplify-verifier branch July 3, 2024 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sbihel sbihel sbihel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timothee-haudebourg @sbihel