org.eclipse.edc.identityhub.verifier.jwt.JwtCredentialEnvelopeVerifier Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of identity-hub-verifier-jwt Show documentation

edc :: identity-hub-verifier-jwt

There is a newer version: 0.3.1

Show newest version

/*
 *  Copyright (c) 2022 Microsoft Corporation
 *
 *  This program and the accompanying materials are made available under the
 *  terms of the Apache License, Version 2.0 which is available at
 *  https://www.apache.org/licenses/LICENSE-2.0
 *
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Contributors:
 *       Microsoft Corporation - initial API and implementation
 *
 */

package org.eclipse.edc.identityhub.verifier.jwt;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.SignedJWT;
import org.eclipse.edc.iam.did.spi.document.DidDocument;
import org.eclipse.edc.identityhub.credentials.jwt.JwtCredentialEnvelope;
import org.eclipse.edc.identityhub.spi.credentials.model.Credential;
import org.eclipse.edc.identityhub.spi.credentials.verifier.CredentialEnvelopeVerifier;
import org.eclipse.edc.spi.result.Result;
import org.jetbrains.annotations.NotNull;

/**
 * Implementation of a Verifiable Credentials verifier working with JWT format
 *
 * @see vc-data-model
 */
public class JwtCredentialEnvelopeVerifier implements CredentialEnvelopeVerifier {

    private final JwtCredentialsVerifier jwtCredentialsVerifier;

    private final ObjectMapper mapper;


    public JwtCredentialEnvelopeVerifier(JwtCredentialsVerifier jwtCredentialsVerifier, ObjectMapper mapper) {
        this.jwtCredentialsVerifier = jwtCredentialsVerifier;
        this.mapper = mapper;
    }

    @Override
    public Result verify(JwtCredentialEnvelope vc, DidDocument didDocument) {
        var jwt = vc.getJwt();
        var result = verifyJwtClaims(jwt, didDocument);
        if (result.failed()) {
            return Result.failure(result.getFailureMessages());
        }
        var signatureResult = verifySignature(jwt);

        if (signatureResult.failed()) {
            return Result.failure(signatureResult.getFailureMessages());
        }
        var verifiableCredentialResult = vc.toVerifiableCredential(mapper);
        if (verifiableCredentialResult.failed()) {
            return Result.failure(verifiableCredentialResult.getFailureMessages());
        }

        return Result.success(verifiableCredentialResult.getContent().getItem());
    }

    @NotNull
    private Result verifyJwtClaims(SignedJWT jwt, DidDocument didDocument) {
        var result = jwtCredentialsVerifier.verifyClaims(jwt, didDocument.getId());
        return result.succeeded() ? Result.success(jwt) : Result.failure(result.getFailureMessages());
    }

    @NotNull
    private Result verifySignature(SignedJWT jwt) {
        var result = jwtCredentialsVerifier.isSignedByIssuer(jwt);
        return result.succeeded() ? Result.success(jwt) : Result.failure(result.getFailureMessages());
    }
}