-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathpresentation_jwt.go
123 lines (98 loc) · 2.89 KB
/
presentation_jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
Copyright SecureKey Technologies Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package verifiable
import (
"encoding/json"
"fmt"
"github.com/trustbloc/vc-go/jwt"
)
// JWTPresClaims is JWT Claims extension by Verifiable Presentation (with custom "vp" claim).
type JWTPresClaims struct {
*jwt.Claims
Presentation rawPresentation `json:"vp,omitempty"`
}
func (jpc *JWTPresClaims) refineFromJWTClaims() {
raw := jpc.Presentation
if jpc.Issuer != "" {
raw[vpFldHolder] = jpc.Issuer
}
if jpc.ID != "" {
raw[vpFldID] = jpc.ID
}
}
// newJWTPresClaims creates JWT Claims of VP with an option to minimize certain fields put into "vp" claim.
func newJWTPresClaims(vp *Presentation, audience []string, minimizeVP bool) (*JWTPresClaims, error) {
// currently jwt encoding supports only single subject.([]Subject) (by the spec)
jwtClaims := &jwt.Claims{
Issuer: vp.Holder, // iss
ID: vp.ID, // jti
}
if len(audience) > 0 {
jwtClaims.Audience = audience
}
var (
rawVP rawPresentation
err error
)
if minimizeVP {
vpCopy := *vp
vpCopy.ID = ""
vpCopy.Holder = ""
rawVP, err = vpCopy.raw()
} else {
rawVP, err = vp.raw()
}
if err != nil {
return nil, err
}
presClaims := &JWTPresClaims{
Claims: jwtClaims,
Presentation: rawVP,
}
return presClaims, nil
}
// JWTPresClaimsUnmarshaller parses JWT of certain type to JWT Claims containing "vp" (Presentation) claim.
type JWTPresClaimsUnmarshaller func(vpJWT string) (*JWTPresClaims, error)
// decodePresJWT parses JWT from the specified bytes array in compact format using the unmarshaller.
// It returns decoded Verifiable Presentation refined by JWT Claims in raw byte array and rawPresentation form.
func decodePresJWT(vpJWT string, unmarshaller JWTPresClaimsUnmarshaller) ([]byte, rawPresentation, error) {
presClaims, err := unmarshaller(vpJWT)
if err != nil {
return nil, nil, fmt.Errorf("decode Verifiable Presentation JWT claims: %w", err)
}
// Apply VC-related claims from JWT.
presClaims.refineFromJWTClaims()
vpRaw := presClaims.Presentation
rawBytes, err := json.Marshal(vpRaw)
if err != nil {
return nil, nil, fmt.Errorf("marshal \"vp\" claim of JWT: %w", err)
}
return rawBytes, vpRaw, nil
}
// CreateJWTVP creates a JWT presentation from the given presentation.
func (vp *Presentation) CreateJWTVP(
aud []string,
signatureAlg JWSAlgorithm,
signer jwt.ProofCreator,
keyID string,
minimizeVP bool,
) (*Presentation, error) {
jwtClaims, err := vp.JWTClaims(aud, minimizeVP)
if err != nil {
return nil, fmt.Errorf("failed to create JWT claims: %w", err)
}
jws, err := jwtClaims.MarshalJWS(signatureAlg, signer, keyID)
if err != nil {
return nil, fmt.Errorf("failed to marshal JWS: %w", err)
}
vp2 := vp.Clone()
vp2.CWT = nil
vp2.JWT = jws
return vp2, nil
}
// IsJWT checks whether the Presentation is a JWT.
func (vp *Presentation) IsJWT() bool {
return vp.JWT != ""
}