fix: types

src/@types/IssuerSignature.ts

@@ -1,28 +1,51 @@
+/**
+ * Represents a JSON Web Token (JWT) used in cryptographic operations.
+ */
 export interface JWT {
-  kty: string
+  kty: string // Key type (e.g., 'EC' for Elliptic Curve)
-  d: string
+  d: string // Private key (base64url encoded)
-  crv: string
+  crv: string // Cryptographic curve (e.g., 'secp256k1')
-  kid: string
+  kid: string // Key ID
-  x: string
+  x: string // X-coordinate of the public key (base64url encoded)
 }
 
+/**
+ * Represents a key used by an issuer to sign credentials.
+ */
 export interface IssuerKey {
-  type: string
+  type: string // Type of the key (e.g., 'JWK')
-  jwk: JWT
+  jwk: JWT // The JSON Web Token associated with the issuer's key
 }
 
+/**
+ * Represents the result of signing a credential.
+ */
 export interface SignedCredential {
-  jws: string
+  jws: string // JSON Web Signature (JWS) of the credential
-  header: Record<string, any>
+  header: Record<string, any> // Protected header used in the JWS
-  issuer: string
+  issuer: string // DID or public key of the issuer
 }
 
-export interface IssuerKeyJWK {
+/**
-  kty: string
+ * Represents the common properties of a JSON Web Key (JWK).
-  crv: string
+ */
-  d: string
+interface BaseJWK {
-  x: string
+  kty: string // Key type (e.g., 'EC' for Elliptic Curve)
-  y: string
+  crv: string // Cryptographic curve (e.g., 'secp256k1')
-  alg: string
+  x: string // X-coordinate of the public key (base64url encoded)
-  use: string
+  y: string // Y-coordinate of the public key (base64url encoded)
+  alg: string // Algorithm used (e.g., 'ES256K')
+  use: string // Intended use of the key (e.g., 'sig' for signing)
 }
+
+/**
+ * Represents a JSON Web Key (JWK) for private signing operations.
+ */
+export interface IssuerKeyJWK extends BaseJWK {
+  d: string // Private key (base64url encoded)
+}
+
+/**
+ * Represents a JSON Web Key (JWK) for public verification operations.
+ */
+export interface IssuerPublicKeyJWK extends BaseJWK {}

src/utils/SignDDO.ts

@@ -1,6 +1,11 @@
-import { base64url, importJWK, JWTPayload, jwtVerify, SignJWT } from 'jose'
+import { importJWK, JWTPayload, jwtVerify, SignJWT } from 'jose'
 import axios from 'axios'
-import { IssuerKey, IssuerKeyJWK, SignedCredential } from '../@types/IssuerSignature'
+import {
+  IssuerKey,
+  IssuerKeyJWK,
+  IssuerPublicKeyJWK,
+  SignedCredential
+} from '../@types/IssuerSignature'
 
 /**
  * Signs a verifiable credential using Walt.id's issuer API.
@@ -66,32 +71,15 @@ export async function signCredential(
 /**
  * Verifies a verifiable credential's JWS using the issuer's public key.
  * @param {string} jws - The JSON Web Signature (JWS) to verify.
- * @param {string} issuerPublicKey - The public key of the issuer in hexadecimal format.
+ * @param {IssuerPublicKeyJWK} issuerPublicKeyJWK - The public key JWK of the issuer.
  * @returns {Promise<JWTPayload>} - The verified payload of the credential.
  * @throws {Error} If the verification fails.
  */
 export async function verifyCredential(
   jws: string,
-  issuerPublicKey: string
+  issuerPublicKeyJWK: IssuerPublicKeyJWK
 ): Promise<JWTPayload> {
-  const publicKeyBuffer = Buffer.from(issuerPublicKey.substring(2), 'hex')
+  const key = await importJWK(issuerPublicKeyJWK, 'ES256K')
-  const xBuffer = publicKeyBuffer.slice(1, 33)
-  const yBuffer = publicKeyBuffer.slice(33, 65)
-
-  const x = base64url.encode(xBuffer as any as Uint8Array)
-  const y = base64url.encode(yBuffer as any as Uint8Array)
-
-  const publicJwk = {
-    kty: 'EC',
-    crv: 'secp256k1',
-    x,
-    y,
-    alg: 'ES256K',
-    use: 'sig'
-  }
-
-  const key = await importJWK(publicJwk, 'ES256K')
-
   try {
     const { payload } = await jwtVerify(jws, key)
     return payload

test/unit/SignDDO.test.ts

@@ -2,7 +2,7 @@ import { assert } from 'chai'
 import { ethers } from 'ethers'
 import { base64url } from 'jose'
 import { signCredential, verifyCredential } from '../../src/utils'
-import { IssuerKeyJWK } from '../../src/@types/IssuerSignature'
+import { IssuerKeyJWK, IssuerPublicKeyJWK } from '../../src/@types/IssuerSignature'
 
 const mockVerifiableCredential = {
   '@context': ['https://www.w3.org/2018/credentials/v1'],
@@ -18,7 +18,6 @@ describe('Credential Signing and Verification Functions', () => {
       const privateKey =
         '0xc494c6e5def4bab63ac29eed19a134c130355f74f019bc74b8f4389df2837a57'
       const wallet = new ethers.Wallet(privateKey)
-      const { publicKey } = wallet._signingKey()
       const privateKeyBuffer = Buffer.from(privateKey.substring(2), 'hex')
       const publicKeyHex = wallet._signingKey().publicKey
       const publicKeyBuffer = Buffer.from(publicKeyHex.substring(2), 'hex')
@@ -44,7 +43,16 @@ describe('Credential Signing and Verification Functions', () => {
         publicKeyHex
       )
 
-      const payload = await verifyCredential(jws, publicKey)
+      const publicJwk = {
+        kty: 'EC',
+        crv: 'secp256k1',
+        x,
+        y,
+        alg: 'ES256K',
+        use: 'sig'
+      }
+
+      const payload = await verifyCredential(jws, publicJwk)
       assert.deepEqual(
         {
           type: payload.type,
@@ -95,8 +103,23 @@ describe('Credential Signing and Verification Functions', () => {
         publicKey
       )
 
+      const invalidPublicKeyBuffer = Buffer.from(invalidPublicKey.substring(2), 'hex')
+      const invalidXBuffer = invalidPublicKeyBuffer.slice(1, 33)
+      const invalidYBuffer = invalidPublicKeyBuffer.slice(33, 65)
+
+      const invalidX = base64url.encode(invalidXBuffer as any as Uint8Array)
+      const invalidY = base64url.encode(invalidYBuffer as any as Uint8Array)
+      const publicJwk: IssuerPublicKeyJWK = {
+        kty: 'EC',
+        crv: 'secp256k1',
+        x: invalidX,
+        y: invalidY,
+        alg: 'ES256K',
+        use: 'sig'
+      }
+
       try {
-        await verifyCredential(jws, invalidPublicKey)
+        await verifyCredential(jws, publicJwk)
         assert.fail('Expected error to be thrown')
       } catch (error) {
         assert.include(