Giters

decentralized-identity / did-jwt-vc

Create and verify W3C Verifiable Credentials and Presentations in JWT format

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[BUG] Cannot use custom issuer: invalid_signature: Signature invalid for JWT

francesco-plt opened this issue · comments

commented

Current Behavior

import { getResolver } from '@ayanworks/polygon-did-resolver';
import { ES256KSigner } from "did-jwt";
import { verifyCredential, Issuer, createVerifiableCredentialJwt } from 'did-jwt-vc';
import { Resolver, DIDResolver } from 'did-resolver';

// ...
const claim: JwtCredentialPayload = {
    sub: subDid,
    nbf: Math.floor(Date.now() / 1000),
    vc: {
        '@context': ['https://www.w3.org/2018/credentials/v1'],
        type: ['VerifiableCredential'],
        credentialSubject: {
            degree: {
                type: 'BachelorDegree',
                name: 'Baccalauréat en musiques numériques'
            }
        }
    }
}
const issuer = {
    did: issuerDid,
    alg: 'ES256K',
    signer: ES256KSigner(hexToBytes(issuerPrivateKey))
} as Issuer;
const vcJwt = await createVerifiableCredentialJwt(claim, issuer);

const resolver = new Resolver(getResolver());
const verificationStatus = await Did.verifyVC(vc, resolver);

What is the current behavior?

Expected Behavior

The verification of the credential should work as expected.

Failure Information

Instead the verification fails with error:

Uncaught Error Error: invalid_signature: Signature invalid for JWT
    at verifyES256K (node_modules/did-jwt-vc/node_modules/did-jwt/lib/index.module.js:718:22)

The resolver works fine, I tested it with resolver.resolve(did) and it was able to retrieve the correct DID document.

The snippet from the compiled the library which is failing is the following one:

function verifyES256K(data, signature, authenticators) {
  const hash = sha256(data);
  const sigObj = toSignatureObject(signature);
  const fullPublicKeys = authenticators.filter(({
    ethereumAddress,
    blockchainAccountId
  }) => {
    return typeof ethereumAddress === 'undefined' && typeof blockchainAccountId === 'undefined';
  });
  const blockchainAddressKeys = authenticators.filter(({
    ethereumAddress,
    blockchainAccountId
  }) => {
    return typeof ethereumAddress !== 'undefined' || typeof blockchainAccountId !== 'undefined';
  });
  let signer = fullPublicKeys.find(pk => {
    try {
      const pubBytes = extractPublicKeyBytes(pk);
      return secp256k1.keyFromPublic(pubBytes).verify(hash, sigObj);
    } catch (err) {
      return false;
    }
  });

  if (!signer && blockchainAddressKeys.length > 0) {
    signer = verifyRecoverableES256K(data, signature, blockchainAddressKeys);
  }

  if (!signer) throw new Error('invalid_signature: Signature invalid for JWT');
  return signer;
}

the source is at:

https://github.com/decentralized-identity/did-jwt/blob/37fae8d8a150f83dde9d6e0a8d62214c813a669c/src/VerifierAlgorithm.ts#L92-L121

It fails because the signer variable is undefined. It looks like its failing to retrieve the public key of the issuer from its DID document.

commented

I'm unable to reproduce this issue. It's likely a problem with the resolver.
Can you please provide a minimal project where this error can be observed?

commented

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.