[BUG] Cannot use custom issuer: invalid_signature: Signature invalid for JWT
francesco-plt opened this issue · comments
Current Behavior
import { getResolver } from '@ayanworks/polygon-did-resolver';
import { ES256KSigner } from "did-jwt";
import { verifyCredential, Issuer, createVerifiableCredentialJwt } from 'did-jwt-vc';
import { Resolver, DIDResolver } from 'did-resolver';
// ...
const claim: JwtCredentialPayload = {
sub: subDid,
nbf: Math.floor(Date.now() / 1000),
vc: {
'@context': ['https://www.w3.org/2018/credentials/v1'],
type: ['VerifiableCredential'],
credentialSubject: {
degree: {
type: 'BachelorDegree',
name: 'Baccalauréat en musiques numériques'
}
}
}
}
const issuer = {
did: issuerDid,
alg: 'ES256K',
signer: ES256KSigner(hexToBytes(issuerPrivateKey))
} as Issuer;
const vcJwt = await createVerifiableCredentialJwt(claim, issuer);
const resolver = new Resolver(getResolver());
const verificationStatus = await Did.verifyVC(vc, resolver);
What is the current behavior?
Expected Behavior
The verification of the credential should work as expected.
Failure Information
Instead the verification fails with error:
Uncaught Error Error: invalid_signature: Signature invalid for JWT
at verifyES256K (node_modules/did-jwt-vc/node_modules/did-jwt/lib/index.module.js:718:22)
The resolver works fine, I tested it with resolver.resolve(did)
and it was able to retrieve the correct DID document.
The snippet from the compiled the library which is failing is the following one:
function verifyES256K(data, signature, authenticators) {
const hash = sha256(data);
const sigObj = toSignatureObject(signature);
const fullPublicKeys = authenticators.filter(({
ethereumAddress,
blockchainAccountId
}) => {
return typeof ethereumAddress === 'undefined' && typeof blockchainAccountId === 'undefined';
});
const blockchainAddressKeys = authenticators.filter(({
ethereumAddress,
blockchainAccountId
}) => {
return typeof ethereumAddress !== 'undefined' || typeof blockchainAccountId !== 'undefined';
});
let signer = fullPublicKeys.find(pk => {
try {
const pubBytes = extractPublicKeyBytes(pk);
return secp256k1.keyFromPublic(pubBytes).verify(hash, sigObj);
} catch (err) {
return false;
}
});
if (!signer && blockchainAddressKeys.length > 0) {
signer = verifyRecoverableES256K(data, signature, blockchainAddressKeys);
}
if (!signer) throw new Error('invalid_signature: Signature invalid for JWT');
return signer;
}
the source is at:
It fails because the signer
variable is undefined. It looks like its failing to retrieve the public key of the issuer from its DID document.
I'm unable to reproduce this issue. It's likely a problem with the resolver.
Can you please provide a minimal project where this error can be observed?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.