Fix the presentation submission in the oid4vp-rs e2e test.

Cargo.toml

@@ -25,7 +25,7 @@ serde_cbor = "0.11.2"
 serde_json = "1.0.107"
 serde_qs = "0.12.0"
 serde_urlencoded = "0.7.1"
-ssi = "0.7.0"
+ssi = "0.8.1"
 thiserror = "1.0.49"
 tokio = "1.32.0"
 tracing = "0.1.37"

src/core/authorization_request/verification/did.rs

@@ -6,17 +6,29 @@ use crate::core::{
 use anyhow::{bail, Context, Result};
 use base64::prelude::*;
 use serde_json::{Map, Value as Json};
-use ssi::did_resolve::{resolve_key, DIDResolver};
+use ssi::{
+    dids::{DIDResolver, VerificationMethodDIDResolver},
+    jwk::JWKResolver,
+    verification_methods::{
+        GenericVerificationMethod, InvalidVerificationMethod, MaybeJwkVerificationMethod,
+        VerificationMethodSet,
+    },
+};
 
 /// Default implementation of request validation for `client_id_scheme` `did`.
-pub async fn verify_with_resolver(
+pub async fn verify_with_resolver<M>(
     wallet_metadata: &WalletMetadata,
     request_object: &AuthorizationRequestObject,
     request_jwt: String,
     trusted_dids: Option<&[String]>,
-    resolver: &dyn DIDResolver,
-) -> Result<()> {
-    let (headers_b64, _, _) = ssi::jws::split_jws(&request_jwt)?;
+    resolver: &VerificationMethodDIDResolver<impl DIDResolver, M>,
+) -> Result<()>
+where
+    M: MaybeJwkVerificationMethod
+        + VerificationMethodSet
+        + TryFrom<GenericVerificationMethod, Error = InvalidVerificationMethod>,
+{
+    let (headers_b64, _, _) = ssi::claims::jws::split_jws(&request_jwt)?;
 
     let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
         .decode(headers_b64)
@@ -64,11 +76,12 @@ pub async fn verify_with_resolver(
         }
     }
 
-    let jwk = resolve_key(&kid, resolver)
+    let jwk = resolver
+        .fetch_public_jwk(Some(&kid))
         .await
-        .context("unable to resolve verification method from 'kid' header")?;
+        .context("unable to fetch JWK from 'kid' header")?;
 
-    let _: Json = ssi::jwt::decode_verify(&request_jwt, &jwk)
+    let _: Json = ssi::claims::jwt::decode_verify(&request_jwt, &jwk)
         .context("request signature could not be verified")?;
 
     Ok(())

src/core/authorization_request/verification/mod.rs

@@ -105,9 +105,10 @@ pub(crate) async fn verify_request<W: Wallet + ?Sized>(
     wallet: &W,
     jwt: String,
 ) -> Result<AuthorizationRequestObject> {
-    let request: AuthorizationRequestObject = ssi::jwt::decode_unverified::<UntypedObject>(&jwt)
-        .context("unable to decode Authorization Request Object JWT")?
-        .try_into()?;
+    let request: AuthorizationRequestObject =
+        ssi::claims::jwt::decode_unverified::<UntypedObject>(&jwt)
+            .context("unable to decode Authorization Request Object JWT")?
+            .try_into()?;
 
     validate_request_against_metadata(wallet, &request).await?;
 

src/core/authorization_request/verification/x509_san.rs

@@ -28,7 +28,7 @@ pub fn validate<V: Verifier>(
     trusted_roots: Option<&[Certificate]>,
 ) -> Result<()> {
     let client_id = request_object.client_id().0.as_str();
-    let (headers_b64, body_b64, sig_b64) = ssi::jws::split_jws(&request_jwt)?;
+    let (headers_b64, body_b64, sig_b64) = ssi::claims::jws::split_jws(&request_jwt)?;
 
     let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
         .decode(headers_b64)

src/presentation_exchange.rs

@@ -84,6 +84,16 @@ pub enum ConstraintsLimitDisclosure {
     Preferred,
 }
 
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
+pub enum VerifiableFormat {
+    #[serde(rename = "jwt_vc_json")]
+    JwtVcJson,
+    #[serde(rename = "jwt_vp_json")]
+    JwtVpJson,
+    #[serde(rename = "ldp_vc")]
+    LdpVc,
+}
+
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
 pub struct PresentationSubmission {
     pub id: String,
@@ -94,9 +104,9 @@ pub struct PresentationSubmission {
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
 pub struct DescriptorMap {
     pub id: String,
-    pub format: String, // TODO should be enum of supported formats
+    pub format: VerifiableFormat,
     pub path: String,
-    //pub path_nested: Option<Box<DescriptorMap>>,
+    pub path_nested: Option<Box<DescriptorMap>>,
 }
 
 #[derive(Deserialize)]

src/verifier/client.rs

@@ -1,10 +1,17 @@
-use std::{fmt::Debug, sync::Arc};
+use std::{fmt::Debug, str::FromStr, sync::Arc};
 
 use anyhow::{bail, Context as _, Result};
 use async_trait::async_trait;
 use base64::prelude::*;
 use serde_json::{json, Value as Json};
-use ssi::did_resolve::DIDResolver;
+use ssi::{
+    dids::{DIDBuf, DIDResolver, VerificationMethodDIDResolver, DID},
+    jwk::JWKResolver,
+    verification_methods::{
+        GenericVerificationMethod, InvalidVerificationMethod, MaybeJwkVerificationMethod,
+        VerificationMethodSet,
+    },
+};
 use tracing::debug;
 use x509_cert::{
     der::Encode,
@@ -40,20 +47,26 @@ pub struct DIDClient {
 }
 
 impl DIDClient {
-    pub async fn new(
+    pub async fn new<M>(
         vm: String,
         signer: Arc<dyn RequestSigner + Send + Sync>,
-        resolver: &dyn DIDResolver,
-    ) -> Result<Self> {
+        resolver: &VerificationMethodDIDResolver<impl DIDResolver, M>,
+    ) -> Result<Self>
+    where
+        M: MaybeJwkVerificationMethod
+            + VerificationMethodSet
+            + TryFrom<GenericVerificationMethod, Error = InvalidVerificationMethod>,
+    {
         let (id, _f) = vm.rsplit_once('#').context(format!(
             "expected a DID verification method, received '{vm}'"
         ))?;
 
-        let key = ssi::did_resolve::resolve_key(&vm, resolver)
+        let key = resolver
+            .fetch_public_jwk(Some(&vm))
             .await
             .context("unable to resolve key from verification method")?;
 
-        if &key != signer.jwk() {
+        if &*key != signer.jwk() {
             bail!(
                 "verification method resolved from DID document did not match public key of signer"
             )

tests/jwt_vc.rs

@@ -1,4 +1,4 @@
-use std::sync::Arc;
+use std::{str::FromStr, sync::Arc};
 
 use anyhow::{Context, Result};
 use async_trait::async_trait;
@@ -22,7 +22,11 @@ use oid4vp::{
     wallet::Wallet,
 };
 use serde_json::json;
-use ssi::did::DIDMethod;
+use ssi::{
+    dids::{VerificationMethodDIDResolver, DIDJWK},
+    prelude::AnyMethod,
+    JWK,
+};
 
 pub async fn wallet_verifier() -> (JwtVcWallet, Arc<Verifier>) {
     let verifier_did = "did:key:zDnaeaDj3YpPR4JXos2kCCNPS86hdELeN5PZh97KGkoFzUtGn".to_owned();
@@ -36,11 +40,14 @@ pub async fn wallet_verifier() -> (JwtVcWallet, Arc<Verifier>) {
         )
         .unwrap(),
     );
+
+    let resolver = VerificationMethodDIDResolver::new(DIDJWK);
+
     let client = Arc::new(
-        oid4vp::verifier::client::DIDClient::new(
+        oid4vp::verifier::client::DIDClient::new::<AnyMethod>(
             verifier_did_vm.clone(),
             signer.clone(),
-            DIDKey.to_resolver(),
+            &resolver,
         )
         .await
         .unwrap(),
@@ -125,12 +132,14 @@ impl RequestVerifier for JwtVcWallet {
         decoded_request: &AuthorizationRequestObject,
         request_jwt: String,
     ) -> Result<()> {
-        did::verify_with_resolver(
+        let resolver = VerificationMethodDIDResolver::new(DIDJWK);
+
+        did::verify_with_resolver::<AnyMethod>(
             self.metadata(),
             decoded_request,
             request_jwt,
             Some(self.trusted_dids()),
-            DIDKey.to_resolver(),
+            &resolver,
         )
         .await
     }