Fix the presentation submission in the oid4vp-rs e2e test.

Cargo.toml

@@ -18,14 +18,18 @@ async-trait = "0.1.73"
 base64 = "0.21.4"
 did-web = "0.2.2"
 http = "1.1.0"
+jsonpath_lib = "0.3.0"
 p256 = { version = "0.13.2", features = ["jwk"], optional = true }
 reqwest = { version = "0.12.5", features = ["rustls-tls"], optional = true }
 serde = "1.0.188"
 serde_cbor = "0.11.2"
 serde_json = "1.0.107"
 serde_qs = "0.12.0"
 serde_urlencoded = "0.7.1"
-ssi = "0.7.0"
+ssi = "0.8.1"
+# ssi-claims = "0.1.0"
+# ssi-dids-core = "0.1.0"
+# ssi-jwk = "0.2.1"
 thiserror = "1.0.49"
 tokio = "1.32.0"
 tracing = "0.1.37"

src/core/authorization_request/verification/did.rs

@@ -6,17 +6,29 @@ use crate::core::{
 use anyhow::{bail, Context, Result};
 use base64::prelude::*;
 use serde_json::{Map, Value as Json};
-use ssi::did_resolve::{resolve_key, DIDResolver};
+use ssi::{
+    dids::{DIDResolver, VerificationMethodDIDResolver},
+    jwk::JWKResolver,
+    verification_methods::{
+        GenericVerificationMethod, InvalidVerificationMethod, MaybeJwkVerificationMethod,
+        VerificationMethodSet,
+    },
+};
 
 /// Default implementation of request validation for `client_id_scheme` `did`.
 pub async fn verify_with_resolver(
     wallet_metadata: &WalletMetadata,
     request_object: &AuthorizationRequestObject,
     request_jwt: String,
     trusted_dids: Option<&[String]>,
-    resolver: &dyn DIDResolver,
+    resolver: &VerificationMethodDIDResolver<
+        impl DIDResolver,
+        impl MaybeJwkVerificationMethod
+            + VerificationMethodSet
+            + TryFrom<GenericVerificationMethod, Error = InvalidVerificationMethod>,
+    >,
 ) -> Result<()> {
-    let (headers_b64, _, _) = ssi::jws::split_jws(&request_jwt)?;
+    let (headers_b64, _, _) = ssi::claims::jws::split_jws(&request_jwt)?;
 
     let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
         .decode(headers_b64)
@@ -64,11 +76,12 @@ pub async fn verify_with_resolver(
         }
     }
 
-    let jwk = resolve_key(&kid, resolver)
+    let jwk = resolver
+        .fetch_public_jwk(Some(&kid))
         .await
-        .context("unable to resolve verification method from 'kid' header")?;
+        .context("unable to resolve key from verification method")?;
 
-    let _: Json = ssi::jwt::decode_verify(&request_jwt, &jwk)
+    let _: Json = ssi::claims::jwt::decode_verify(&request_jwt, &jwk)
         .context("request signature could not be verified")?;
 
     Ok(())

src/core/authorization_request/verification/mod.rs

@@ -105,9 +105,10 @@ pub(crate) async fn verify_request<W: Wallet + ?Sized>(
     wallet: &W,
     jwt: String,
 ) -> Result<AuthorizationRequestObject> {
-    let request: AuthorizationRequestObject = ssi::jwt::decode_unverified::<UntypedObject>(&jwt)
-        .context("unable to decode Authorization Request Object JWT")?
-        .try_into()?;
+    let request: AuthorizationRequestObject =
+        ssi::claims::jwt::decode_unverified::<UntypedObject>(&jwt)
+            .context("unable to decode Authorization Request Object JWT")?
+            .try_into()?;
 
     validate_request_against_metadata(wallet, &request).await?;
 

src/core/authorization_request/verification/x509_san.rs

@@ -28,7 +28,7 @@ pub fn validate<V: Verifier>(
     trusted_roots: Option<&[Certificate]>,
 ) -> Result<()> {
     let client_id = request_object.client_id().0.as_str();
-    let (headers_b64, body_b64, sig_b64) = ssi::jws::split_jws(&request_jwt)?;
+    let (headers_b64, body_b64, sig_b64) = ssi::claims::jws::split_jws(&request_jwt)?;
 
     let headers_json_bytes = BASE64_URL_SAFE_NO_PAD
         .decode(headers_b64)

src/core/response/mod.rs

@@ -108,8 +108,8 @@ mod test {
         let object: UntypedObject = serde_json::from_value(json!(
             {
                 "presentation_submission": {
-                    "id": "id",
-                    "definition_id": "definition_id",
+                    "id": "d05a7f51-ac09-43af-8864-e00f0175f2c7",
+                    "definition_id": "f619e64a-8f80-4b71-8373-30cf07b1e4f2",
                     "descriptor_map": []
                 },
                 "vp_token": "string"
@@ -119,7 +119,7 @@ mod test {
         let response = UnencodedAuthorizationResponse::try_from(object).unwrap();
         assert_eq!(
             response.into_x_www_form_urlencoded().unwrap(),
-            "presentation_submission=%7B%22definition_id%22%3A%22definition_id%22%2C%22descriptor_map%22%3A%5B%5D%2C%22id%22%3A%22id%22%7D&vp_token=string",
+            "presentation_submission=%7B%22id%22%3A%22d05a7f51-ac09-43af-8864-e00f0175f2c7%22%2C%22definition_id%22%3A%22f619e64a-8f80-4b71-8373-30cf07b1e4f2%22%2C%22descriptor_map%22%3A%5B%5D%7D&vp_token=string",
         )
     }
 }

src/json_schema_validation.rs

@@ -0,0 +1,204 @@
+use anyhow::{bail, Context, Result};
+use serde::{Deserialize, Serialize};
+use serde_json::Value;
+use std::collections::HashMap;
+
+// TODO: Consider using `Value` type from `serde_json`
+#[derive(Debug, Clone, Deserialize, Serialize, PartialEq, Eq)]
+#[serde(rename_all = "lowercase")]
+pub enum SchemaType {
+    String,
+    Number,
+    Integer,
+    Boolean,
+    Array,
+    Object,
+}
+
+/// Schema Validator is a JSON Schema descriptor used to evaluate the return value of a JsonPath
+/// expression, used by the presentation definition constraints field to ensure the property value
+/// meets the expected schema.
+///
+/// For more information, see the field constraints filter property:
+///
+/// https://identity.foundation/presentation-exchange/spec/v2.0.0/#input-descriptor-object
+#[derive(Debug, Clone, Deserialize, Serialize)]
+pub struct SchemaValidator {
+    #[serde(rename = "type")]
+    schema_type: SchemaType,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    min_length: Option<usize>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    max_length: Option<usize>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pattern: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    minimum: Option<f64>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    maximum: Option<f64>,
+    #[serde(skip_serializing_if = "Vec::is_empty", default)]
+    required: Vec<String>,
+    #[serde(skip_serializing_if = "HashMap::is_empty", default)]
+    properties: HashMap<String, Box<SchemaValidator>>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    items: Option<Box<SchemaValidator>>,
+}
+
+impl PartialEq for SchemaValidator {
+    fn eq(&self, other: &Self) -> bool {
+        self.schema_type == other.schema_type
+            && self.min_length == other.min_length
+            && self.max_length == other.max_length
+            && self.pattern == other.pattern
+            && self.minimum == other.minimum
+            && self.maximum == other.maximum
+            && self.required == other.required
+            && self.properties == other.properties
+            && self.items == other.items
+    }
+}
+
+impl Eq for SchemaValidator {}
+
+impl SchemaValidator {
+    pub fn validate(&self, value: &Value) -> Result<()> {
+        match self.schema_type {
+            SchemaType::String => self.validate_string(value),
+            SchemaType::Number => self.validate_number(value),
+            SchemaType::Integer => self.validate_integer(value),
+            SchemaType::Boolean => self.validate_boolean(value),
+            SchemaType::Array => self.validate_array(value),
+            SchemaType::Object => self.validate_object(value),
+        }
+    }
+
+    pub fn validate_string(&self, value: &Value) -> Result<()> {
+        let s = value.as_str().context("Expected a string")?;
+
+        if let Some(min_length) = self.min_length {
+            if s.len() < min_length {
+                bail!(
+                    "String length {} is less than minimum {}",
+                    s.len(),
+                    min_length
+                );
+            }
+        }
+
+        if let Some(max_length) = self.max_length {
+            if s.len() > max_length {
+                bail!(
+                    "String length {} is greater than maximum {}",
+                    s.len(),
+                    max_length
+                );
+            }
+        }
+
+        if let Some(pattern) = &self.pattern {
+            // Note: In a real implementation, you'd use a regex library here
+            if !s.contains(pattern) {
+                bail!("String does not match pattern: {}", pattern);
+            }
+        }
+
+        Ok(())
+    }
+
+    pub fn validate_number(&self, value: &Value) -> Result<()> {
+        let n = value.as_f64().context("Expected a number")?;
+
+        if let Some(minimum) = self.minimum {
+            if n < minimum {
+                bail!("Number {} is less than minimum {}", n, minimum);
+            }
+        }
+
+        if let Some(maximum) = self.maximum {
+            if n > maximum {
+                bail!("Number {} is greater than maximum {}", n, maximum);
+            }
+        }
+
+        Ok(())
+    }
+
+    pub fn validate_integer(&self, value: &Value) -> Result<()> {
+        let n = value.as_i64().context("Expected an integer")?;
+
+        if let Some(minimum) = self.minimum {
+            if (n as f64) < minimum {
+                bail!("Integer {} is less than minimum {}", n, minimum);
+            }
+        }
+
+        if let Some(maximum) = self.maximum {
+            if n as f64 > maximum {
+                bail!("Integer {} is greater than maximum {}", n, maximum);
+            }
+        }
+
+        Ok(())
+    }
+
+    pub fn validate_boolean(&self, value: &Value) -> Result<()> {
+        if !value.is_boolean() {
+            bail!("Expected a boolean".to_string());
+        }
+        Ok(())
+    }
+
+    pub fn validate_array(&self, value: &Value) -> Result<()> {
+        let arr = value.as_array().context("Expected an array")?;
+
+        if let Some(min_length) = self.min_length {
+            if arr.len() < min_length {
+                bail!(
+                    "Array length {} is less than minimum {}",
+                    arr.len(),
+                    min_length
+                );
+            }
+        }
+
+        if let Some(max_length) = self.max_length {
+            if arr.len() > max_length {
+                bail!(
+                    "Array length {} is greater than maximum {}",
+                    arr.len(),
+                    max_length
+                );
+            }
+        }
+
+        if let Some(item_validator) = &self.items {
+            for (index, item) in arr.iter().enumerate() {
+                item_validator
+                    .validate(item)
+                    .context(format!("Error in array item {}", index))?;
+            }
+        }
+
+        Ok(())
+    }
+
+    pub fn validate_object(&self, value: &Value) -> Result<()> {
+        let obj = value.as_object().context("Expected an object")?;
+
+        for required_prop in &self.required {
+            if !obj.contains_key(required_prop) {
+                bail!("Missing required property: {}", required_prop);
+            }
+        }
+
+        for (prop_name, prop_validator) in &self.properties {
+            if let Some(prop_value) = obj.get(prop_name) {
+                prop_validator
+                    .validate(prop_value)
+                    .context(format!("Error in property {}", prop_name))?;
+            }
+        }
+
+        Ok(())
+    }
+}

src/lib.rs

@@ -1,4 +1,5 @@
 pub mod core;
+mod json_schema_validation;
 pub mod presentation_exchange;
 mod utils;
 pub mod verifier;