Skip to content

Commit

Permalink
support jwt eddsa alg header
Browse files Browse the repository at this point in the history
  • Loading branch information
@patatoid
patatoid committed Nov 28, 2024
1 parent 4d95b09 commit 68dfa46
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 3 deletions.
14 changes: 13 additions & 1 deletion lib/boruta/verifiable_credentials.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,18 @@ defmodule Boruta.VerifiableCredentials do
end
end

defp verify_jwt({:jwk, jwk}, "EdDSA", jwt) do
signer = Joken.Signer.create("ES256", %{"pem" => jwk |> JOSE.JWK.from_map() |> JOSE.JWK.to_pem()})

case Token.verify(jwt, signer) do
{:ok, claims} ->
{:ok, jwk, claims}

_ ->
{:error, "Bad proof signature"}
end
end

defp verify_jwt({:jwk, jwk}, alg, jwt) do
signer = Joken.Signer.create(alg, %{"pem" => jwk |> JOSE.JWK.from_map() |> JOSE.JWK.to_pem()})

Expand Down Expand Up @@ -261,7 +273,7 @@ defmodule Boruta.VerifiableCredentials do
case Joken.peek_header(jwt) do
{:ok, %{"alg" => alg, "typ" => typ} = headers} ->
alg_check =
case alg =~ ~r/^(RS|ES)/ do
case alg =~ ~r/^(RS|ES|EdDSA)/ do
true ->
:ok

Expand Down
7 changes: 5 additions & 2 deletions lib/boruta/verifiable_presentations.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,8 +125,8 @@ defmodule Boruta.VerifiablePresentations do

defp validate_status_list(%{"vc" => %{"credentialStatus" => status}}) do
case Finch.build(:get, status["statusListCredential"]) |> Finch.request(OpenIDHttpClient) do
{:ok, %Finch.Response{status: 200, body: statuc_credential}} ->
case Joken.peek_claims(statuc_credential) do
{:ok, %Finch.Response{status: 200, body: status_credential}} ->
case Joken.peek_claims(status_credential) do
{:ok, %{"vc" => %{"credentialSubject" => status_list}}} ->
bit =
status_list["encodedList"]
Expand Down Expand Up @@ -209,6 +209,9 @@ defmodule Boruta.VerifiablePresentations do
{:ok, jwk :: map(), claims :: map()} | {:error, reason :: String.t()}
def validate_signature(jwt) when is_binary(jwt) do
case Joken.peek_header(jwt) do
{:ok, %{"alg" => "EdDSA"} = headers} ->
verify_jwt(extract_key(headers), "ES256", jwt)

{:ok, %{"alg" => alg} = headers} ->
verify_jwt(extract_key(headers), alg, jwt)

Expand Down

0 comments on commit 68dfa46

Please sign in to comment.