Skip to content

Commit

Permalink
feat: checking kb header value (#133)
Browse files Browse the repository at this point in the history
Signed-off-by: Lukas <[email protected]>
Signed-off-by: Mirko Mollik <[email protected]>
  • Loading branch information
lukasjhan authored and cre8 committed Mar 8, 2024
1 parent 6a3498c commit cd2991b
Showing 1 changed file with 18 additions and 9 deletions.
27 changes: 18 additions & 9 deletions packages/core/src/kbjwt.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
import { Base64urlEncode, SDJWTException } from '@sd-jwt/utils';
import { Jwt } from './jwt';
import { JwtPayload, kbHeader, kbPayload, KbVerifier } from '@sd-jwt/types';
import {
JwtPayload,
KB_JWT_TYP,
kbHeader,
kbPayload,
KbVerifier,
} from '@sd-jwt/types';

export class KBJwt<
Header extends kbHeader = kbHeader,
Expand All @@ -9,23 +15,26 @@ export class KBJwt<
// Checking the validity of the key binding jwt
// the type unknown is not good, but we don't know at this point how to get the public key of the signer, this is defined in the kbVerifier
public async verifyKB(values: { verifier: KbVerifier; payload: JwtPayload }) {
if (!this.header || !this.payload || !this.signature) {
throw new SDJWTException('Verify Error: Invalid JWT');
}

if (
!this.header?.alg ||
!this.header.alg ||
this.header.alg === 'none' ||
!this.header.typ ||
!this.payload?.iat ||
!this.payload?.aud ||
!this.payload?.nonce ||
this.header.typ !== KB_JWT_TYP ||
!this.payload.iat ||
!this.payload.aud ||
!this.payload.nonce ||
// this is for backward compatibility with version 06
!(
this.payload?.sd_hash ||
this.payload.sd_hash ||
(this.payload as Record<string, unknown> | undefined)?._sd_hash
)
) {
throw new SDJWTException('Invalid Key Binding Jwt');
}
if (!this.header || !this.payload || !this.signature) {
throw new SDJWTException('Verify Error: Invalid JWT');
}

const header = Base64urlEncode(JSON.stringify(this.header));
const payload = Base64urlEncode(JSON.stringify(this.payload));
Expand Down

0 comments on commit cd2991b

Please sign in to comment.