fix the iat claim when creating a keybinding JWT in `getKeyBindingJ…

…WT` (#24) Co-authored-by: Vijay Shiyani <[email protected]>
Meeco · Feb 14, 2024 · c7d48f5 · c7d48f5
1 parent 909f3c7
commit c7d48f5
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,9 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project (loosely) adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## 1.0.2 - 2024-02-14
+
+### Fixed
+
+- fix the `iat` claim when creating a keybinding JWT in `getKeyBindingJWT` method
+
 ## 1.0.1 - 2024-02-14
 
-### FIX
+### Fixed
 
 - Correct the wellKnownPath in URL formation in `getIssuerPublicKeyFromWellKnownURI` utility function
 

diff --git a/demo/holder.ts b/demo/holder.ts
@@ -1,4 +1,5 @@
-import { KeyBindingVerifier, Signer, decodeJWT } from '@meeco/sd-jwt';
+import { KeyBindingVerifier, Signer, base64encode, decodeJWT } from '@meeco/sd-jwt';
+import { createHash } from 'crypto';
 import { JWK, JWTHeaderParameters, JWTPayload, KeyLike, SignJWT, importJWK, jwtVerify } from 'jose';
 import { Holder, SDJWTVCError, SignerConfig, supportedAlgorithm } from '../dev/src';
 
@@ -10,6 +11,14 @@ const signerCallbackFn = function (privateKey: Uint8Array | KeyLike): Signer {
   };
 };
 
+export const hasherFnResolver = (alg: string) => {
+  const hasher = (data: string): string => {
+    const digest = createHash(alg).update(data).digest();
+    return base64encode(digest);
+  };
+  return Promise.resolve(hasher);
+};
+
 const keyBindingVerifierCallbackFn = function (): KeyBindingVerifier {
   return async (kbjwt: string, holderJWK: JWK) => {
     const { header } = decodeJWT(kbjwt);
@@ -45,7 +54,7 @@ async function main() {
     alg: supportedAlgorithm.ES256,
     callback: signerCallbackFn(pk),
   };
-  const holder = new Holder(signer);
+  const holder = new Holder(signer, hasherFnResolver);
 
   const issuedSDJWT =
     'eyJ0eXAiOiJ2YytzZC1qd3QiLCJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MDE3MzE2NTM4NDUsImNuZiI6eyJqd2siOnsia3R5IjoiRUMiLCJ4Ijoickg3T2xtSHFkcE5PUjJQMjhTN3Vyb3hBR2sxMzIxTnNneGdwNHhfUGlldyIsInkiOiJXR0NPSm1BN25Uc1hQOUF6X210TnkwalQ3bWRNQ21TdFRmU080RGpSc1NnIiwiY3J2IjoiUC0yNTYifX0sImlzcyI6Imh0dHA6Ly9pc3N1ZXIudXJsL2p3a3MiLCJ2Y3QiOiJodHRwczovL2NyZWRlbnRpYWxzLmV4YW1wbGUuY29tL2lkZW50aXR5X2NyZWRlbnRpYWwiLCJfc2QiOlsiN29JR0VBWWZ1R0dXTzdrMmhZbHhEQVlOTF9OdHZiVWhjRFd1dF9yNjVMcyIsIkpuNTl2SFBoVVFoRkNVUGh2d3R4cTNVTjhOb2NMXzdDaDJZeWhHVzFuU3MiLCJTa09FXzVzQktzTG9GMnRMbWhvcmo4cm1yeUlNc1FhTTJVai1VcW55YzFzIiwiVUFzc0l6S1RGMFZnUTFLM3ZLWVpOVm9uR29RTDJ6cmR3eDN0V25taUpnZyIsImNmZXd6dGZJeFBYX0hlRzNtRzBDTUs4TDJWSVVDcGZlSGRtSzhnMzJnNVkiLCJlNDRkVUdFZUJqY2xodEN0QnJBbUM4czVuMENBWnNOUm85dk5LTUdMdmhJIiwiaEE5VGg5elhZdVFwMF9IYTdqb09NbVRpVHhVcjdLdnNnSU5zb0pPT09IOCIsIm5xMDE3UWJnYk9HcWptSktMOU1tT1F2aWxFbHRNOGFEUHNZQnVMbkZDc1kiLCJvbUk2S2ZyckpzbDhhQnZWODV0T0lIQWQzcXpxM2pQbWlqVlp3RXVBRkI0Il0sIl9zZF9hbGciOiJzaGEyNTYifQ.ioLFasOlNizRDImDxxP1rvOLX0cf9010up2zhzA6EqTRhc5Cpy9qxCWPu5G1tOWicNqysPqi88ATqD4HRD_zRg~WyJTa0MwMXpMZXZnbDEwakpYIiwiZ2l2ZW5fbmFtZSIsIkpvaG4iXQ~WyJRbmZJVE9GUDdrcjhQcUpWIiwiZmFtaWx5X25hbWUiLCJEb2UiXQ~WyJudXpYZzRMZEhDRWQyMlRMIiwiZW1haWwiLCJqb2huZG9lQGV4YW1wbGUuY29tIl0~WyJQb2RwWmF3Q3ZUbW03TGNSIiwicGhvbmVfbnVtYmVyIiwiKzEtMjAyLTU1NS0wMTAxIl0~WyJwZVhLajk0TU5DaEc3TkZLIiwiYWRkcmVzcyIseyJzdHJlZXRfYWRkcmVzcyI6IjEyMyBNYWluIFN0IiwibG9jYWxpdHkiOiJBbnl0b3duIiwicmVnaW9uIjoiQW55c3RhdGUiLCJjb3VudHJ5IjoiVVMifV0~WyJERTdPdThRNE54aXI3ZmRnIiwiYmlydGhkYXRlIiwiMTk0MC0wMS0wMSJd~WyJnQTdUWUJyWnR3VjZMZFlFIiwiaXNfb3Zlcl8xOCIsdHJ1ZV0~WyJ3bFdOSVBmREcxWHNCSW13IiwiaXNfb3Zlcl8yMSIsdHJ1ZV0~WyJWNTY5S2ZzYUFCamFaU0tVIiwiaXNfb3Zlcl82NSIsdHJ1ZV0~';

diff --git a/demo/issuer.ts b/demo/issuer.ts
@@ -60,7 +60,7 @@ async function main() {
   };
 
   const payload: CreateSDJWTPayload = {
-    iat: Date.now(),
+    iat: Math.floor(Date.now() / 1000),
     cnf: {
       jwk: holderPublicKey,
     },

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@meeco/sd-jwt-vc",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "SD-JWT VC implementation in typescript",
   "scripts": {
     "build": "tsc",

diff --git a/src/holder.ts b/src/holder.ts
@@ -70,7 +70,7 @@ export class Holder {
         aud: audience,
         nonce,
         sd_hash: sdHash,
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
       };
 
       const signature: string = await this.signer.callback(protectedHeader, presentSDJWTPayload);

diff --git a/src/issuer.spec.ts b/src/issuer.spec.ts
@@ -42,7 +42,7 @@ describe('Issuer', () => {
     };
 
     const payload: CreateSDJWTPayload = {
-      iat: Date.now(),
+      iat: Math.floor(Date.now() / 1000),
       cnf: {
         jwk: holderPublicKey,
       },
@@ -148,7 +148,7 @@ describe('Issuer', () => {
   describe('validateSDJWTPayload', () => {
     it('should throw an error if iss is missing', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: {},
         },
@@ -161,7 +161,7 @@ describe('Issuer', () => {
 
     it('should throw an error if iss is not a valid URL', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: {},
         },
@@ -202,7 +202,7 @@ describe('Issuer', () => {
 
     it('should throw an error if cnf is missing', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         iss: 'https://valid.issuer.url',
       };
 
@@ -213,7 +213,7 @@ describe('Issuer', () => {
 
     it('should throw an error if cnf.jwk is missing', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {},
         iss: 'https://valid.issuer.url',
       };
@@ -225,7 +225,7 @@ describe('Issuer', () => {
 
     it('should throw an error if cnf.jwk is not an object', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: 'invalid-jwk',
         },
@@ -239,7 +239,7 @@ describe('Issuer', () => {
 
     it('should throw an error if cnf.jwk is missing kty', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: {
             crv: 'P-256',
@@ -255,7 +255,7 @@ describe('Issuer', () => {
 
     it('should throw an error if vct is not a valid String', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: {
             kty: 'EC',
@@ -273,7 +273,7 @@ describe('Issuer', () => {
 
     it('should throw an error if vct is not a valid url', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: {
             kty: 'EC',
@@ -291,7 +291,7 @@ describe('Issuer', () => {
 
     it('should not throw an error if all properties are valid', () => {
       const sdJWTPayload = {
-        iat: Date.now(),
+        iat: Math.floor(Date.now() / 1000),
         cnf: {
           jwk: {
             kty: 'EC',