Add utils for processing verifiable presentations #2094
Conversation
src/vc_util/src/lib.rs
Outdated
| @@ -184,6 +296,10 @@ fn extract_id_alias(claims: &JwtClaims<Value>) -> Result<AliasTuple, JwtValidati | |||
| let id_alias = principal_for_did(alias).map_err(|_| { | |||
| inconsistent_jwt_claims("malformed \"has_id_alias\" claim in id_alias JWT vc") | |||
| })?; | |||
| println!( | |||
There was a problem hiding this comment.
Left over from debugging?
There was a problem hiding this comment.
Oops, indeed. Removed now.
| .ok_or(PresentationVerificationError::Unknown( | ||
| "missing id_alias vc".to_string(), | ||
| ))?; | ||
| let alias_tuple = get_verified_id_alias_from_jws( |
There was a problem hiding this comment.
Looking again at get_verified_id_alias_from_jws, I think it should check exp as well.
There was a problem hiding this comment.
Agreed, but for this we'd need generation of test-data on-the-fly (or some long-lived test VCs), so I've filed a ticket for that.
| .ok_or(PresentationVerificationError::Unknown( | ||
| "missing requested vc".to_string(), | ||
| ))?; | ||
| let claims = verify_credential_jws_with_canister_id( |
There was a problem hiding this comment.
Similar to above verify_credential_jws_with_canister_id should check iss and exp as well.
There was a problem hiding this comment.
Agreed for exp, not so sure for iss, as this depends on the context. I added a note to the ticket.
There was a problem hiding this comment.
Thanks for the review @frederikrothenberger , will merge when CI is happy.
src/vc_util/src/lib.rs
Outdated
| @@ -184,6 +296,10 @@ fn extract_id_alias(claims: &JwtClaims<Value>) -> Result<AliasTuple, JwtValidati | |||
| let id_alias = principal_for_did(alias).map_err(|_| { | |||
| inconsistent_jwt_claims("malformed \"has_id_alias\" claim in id_alias JWT vc") | |||
| })?; | |||
| println!( | |||
There was a problem hiding this comment.
Oops, indeed. Removed now.
| .ok_or(PresentationVerificationError::Unknown( | ||
| "missing id_alias vc".to_string(), | ||
| ))?; | ||
| let alias_tuple = get_verified_id_alias_from_jws( |
There was a problem hiding this comment.
Agreed, but for this we'd need generation of test-data on-the-fly (or some long-lived test VCs), so I've filed a ticket for that.
| .ok_or(PresentationVerificationError::Unknown( | ||
| "missing requested vc".to_string(), | ||
| ))?; | ||
| let claims = verify_credential_jws_with_canister_id( |
There was a problem hiding this comment.
Agreed for exp, not so sure for iss, as this depends on the context. I added a note to the ticket.
Add to
vc_utila functionverify_ii_presentation_jwt_with_canister_idsto verify presentations that are delivered to RP during the attribute sharing flow on the IC.