From b6a602613d50ef0e1eb5032f6b0f6f8f415f4676 Mon Sep 17 00:00:00 2001 From: Jacob Date: Wed, 8 Jan 2025 10:02:14 +0000 Subject: [PATCH] Use the Trusted DIDs field instead of automatic approval. (#73) --- .../Sources/MobileSdkRs/mobile_sdk_rs.swift | 8 ++++++-- src/oid4vp/holder.rs | 14 +++++++++----- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/MobileSdkRs/Sources/MobileSdkRs/mobile_sdk_rs.swift b/MobileSdkRs/Sources/MobileSdkRs/mobile_sdk_rs.swift index 9edd53f..914c26b 100644 --- a/MobileSdkRs/Sources/MobileSdkRs/mobile_sdk_rs.swift +++ b/MobileSdkRs/Sources/MobileSdkRs/mobile_sdk_rs.swift @@ -1428,6 +1428,8 @@ open class Holder: } /** * Uses VDC collection to retrieve the credentials for a given presentation definition. + * + * If no trusted DIDs are provided then all DIDs are trusted. */ public convenience init(vdcCollection: VdcCollection, trustedDids: [String], signer: PresentationSigner, contextMap: [String: String]?)async throws { let pointer = @@ -1462,6 +1464,8 @@ public convenience init(vdcCollection: VdcCollection, trustedDids: [String], sig * * This constructor will use the provided credentials for the presentation, * instead of searching for credentials in the VDC collection. + * + * If no trusted DIDs are provided then all DIDs are trusted. */ public static func newWithCredentials(providedCredentials: [ParsedCredential], trustedDids: [String], signer: PresentationSigner, contextMap: [String: String]?)async throws -> Holder { return @@ -11459,10 +11463,10 @@ private var initializationResult: InitializationResult = { if (uniffi_mobile_sdk_rs_checksum_constructor_didmethodutils_new() != 22235) { return InitializationResult.apiChecksumMismatch } - if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new() != 64916) { + if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new() != 8787) { return InitializationResult.apiChecksumMismatch } - if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new_with_credentials() != 28515) { + if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new_with_credentials() != 30103) { return InitializationResult.apiChecksumMismatch } if (uniffi_mobile_sdk_rs_checksum_constructor_ihttpclient_new_async() != 55307) { diff --git a/src/oid4vp/holder.rs b/src/oid4vp/holder.rs index fdc6a7f..85da92b 100644 --- a/src/oid4vp/holder.rs +++ b/src/oid4vp/holder.rs @@ -45,7 +45,6 @@ pub struct Holder { pub(crate) client: openid4vp::core::util::ReqwestClient, /// A list of trusted DIDs. - #[allow(dead_code)] pub(crate) trusted_dids: Vec, /// Provide optional credentials to the holder instance. @@ -76,6 +75,8 @@ impl Holder { } /// Uses VDC collection to retrieve the credentials for a given presentation definition. + /// + /// If no trusted DIDs are provided then all DIDs are trusted. #[uniffi::constructor] pub async fn new( vdc_collection: Arc, @@ -102,6 +103,8 @@ impl Holder { /// /// This constructor will use the provided credentials for the presentation, /// instead of searching for credentials in the VDC collection. + /// + /// If no trusted DIDs are provided then all DIDs are trusted. #[uniffi::constructor] pub async fn new_with_credentials( provided_credentials: Vec>, @@ -278,15 +281,16 @@ impl RequestVerifier for Holder { let resolver: VerificationMethodDIDResolver = VerificationMethodDIDResolver::new(DIDWeb); - // NOTE: This is temporary solution that will allow any DID to be - // trusted. This will be replaced by the trust manager in the future. - let client_id = decoded_request.client_id(); + let trusted_dids = match self.trusted_dids.as_slice() { + [] => None, + dids => Some(dids), + }; verify_with_resolver( &self.metadata, decoded_request, request_jwt, - Some(&[client_id.0.clone()]), + trusted_dids, &resolver, ) .await?;