interface changes

transmute-industries · Jul 2, 2024 · fd0cbdb · fd0cbdb
1 parent 607885d
commit fd0cbdb
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 23 deletions.
diff --git a/src/cr1/types.ts b/src/cr1/types.ts
@@ -158,19 +158,28 @@ export type SecuredContentType = {
   content: Uint8Array
 }
 
+export type VerifierResolutionRequest = {
+  type: SupportedCredentialFormats | SupportedPresentationFormats | SupportedJwtSignatureFormats | SupportedSdJwtSignatureFormats | SupportedCoseSign1Formats
+  content: Uint8Array
+  purpose: ValidatorResolutionPurpose
+}
+
 export type VerifierResolver = {
-  resolve: (req: SecuredContentType) => Promise<PublicKeyWithContentType>
+  resolve: (req: VerifierResolutionRequest) => Promise<PublicKeyWithContentType>
 }
 
 export type RequestVerifier = {
   resolver: VerifierResolver
 }
 
 
+export type ValidatorResolutionPurpose = 'schema-validation' | 'status-check' | 'verification-material'
+
 export type ValidatorContentType = {
   id?: string
   type: any
   content?: Uint8Array
+  purpose: ValidatorResolutionPurpose
 }
 
 

diff --git a/src/cr1/validator/index.ts b/src/cr1/validator/index.ts
@@ -41,6 +41,7 @@ export const validator = ({ resolver }: RequestValidator) => {
               // prefer to resolve this one by id, instead of content
               id: schema.id,
               type: 'application/schema+json',
+              purpose: 'schema-validation'
             })
             if (credentialSchema === true) {
               validation.schema[schema.id] = { validation: 'ignored' } as any
@@ -77,7 +78,8 @@ export const validator = ({ resolver }: RequestValidator) => {
             const statusListCredential = await resolver.resolve({
               // prefer to resolve this one by id, instead of content
               id: status.statusListCredential,
-              type: type // we do not support mixed type credential and status lists!
+              type: type, // we do not support mixed type credential and status lists!
+              purpose: 'status-check'
             })
             const verified = await verifier({ resolver }).verify<BitstringStatusListCredential>(statusListCredential)
             // confirm purpose matches

diff --git a/src/cr1/verifier/verifier.ts b/src/cr1/verifier/verifier.ts
@@ -23,7 +23,7 @@ const acceptableAudience = (expectedAud: string, receivedAud: string | string[])
 }
 
 const verifyJwt = async ({ resolver }: RequestVerifier, { type, content, audience, nonce }: RequestVerify) => {
-  const key = await resolver.resolve({ type, content })
+  const key = await resolver.resolve({ type, content, purpose: 'verification-material' })
   const publicKey = await importKeyLike(key)
   const jwt = decoder.decode(content)
   const { payload } = await jose.jwtVerify(jwt, publicKey, {
@@ -46,7 +46,8 @@ const verifyCoseSign1
         resolve: async () => {
           const key = await resolver.resolve({
             type,
-            content
+            content,
+            purpose: 'verification-material'
           })
           return importJWK(key)
         }
@@ -86,7 +87,8 @@ const verifySdJwtCredential = async ({ resolver }: RequestVerifier, { type, cont
       resolve: async () => {
         const key = await resolver.resolve({
           type,
-          content
+          content,
+          purpose: 'verification-material'
         })
         return importJWK(key)
       }
@@ -106,7 +108,8 @@ const verifySdJwtPresentation = async ({ resolver }: RequestVerifier, { type, co
       resolve: async () => {
         const key = await resolver.resolve({
           type,
-          content // same a token
+          content, // same a token
+          purpose: 'verification-material'
         })
         return importJWK(key)
       }

diff --git a/test/json-schema-tests/optional-schema-validation.test.ts b/test/json-schema-tests/optional-schema-validation.test.ts
@@ -66,25 +66,15 @@ credentialSubject:
 it("can disable schema validation", async () => {
   const validator = await transmute.validator({
     resolver: {
-      resolve: async (opts: any) => {
-        // console.log(opts)
-        const { id, type, content } = opts
-        // Resolve external resources according to verifier policy
-        // In this case, we return inline exampes...
-        if (id === `${baseURL}/schemas/product-passport`) {
+      resolve: async ({ purpose }) => {
+        if (purpose === 'schema-validation') {
           return true; // resolving the special case "true" ignores validation
         }
-        if (content != undefined && type === `application/vc+ld+json+jwt`) {
-          const { kid } = jose.decodeProtectedHeader(
-            transmute.text.decoder.decode(content)
-          );
-          // lookup public key on a resolver
-          if (kid === `did:example:123#key-42`) {
-            return {
-              type: "application/jwk+json",
-              content: publicKey,
-            };
-          }
+        if (purpose === 'verification-material') {
+          return {
+            type: "application/jwk+json",
+            content: publicKey,
+          };
         }
         throw new Error("Resolver option not supported.");
       },