Skip to content

Commit

Permalink
feat(credential): allow choose proof purpose when signing
Browse files Browse the repository at this point in the history
  • Loading branch information
@bdeneux
bdeneux committed Aug 19, 2024
1 parent 6832b9a commit b30ff57
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions client/credential/sign.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ const (
flagOverwrite = "overwrite"
flagDate = "date"
flagSchemaMap = "schema-map"
flagPurpose = "purpose"
)

const (
Expand Down Expand Up @@ -65,6 +66,9 @@ It will read a verifiable credential from a file (or stdin), sign it, and print
"Multiple mappings can be provided by repeating the flag. Example usage: "+
"--%[1]s originalURI1=alternativeURI1 --%[1]s originalURI2=alternativeURI2",
flagSchemaMap))
cmd.Flags().String(flagPurpose, "assertionMethod", "Proof that describes credential purpose, helps prevent it from being misused for some other purpose."+
"Example of commonly used proof purpose values: "+
"authentication, assertionMethod, keyAgreement, capabilityDelegation, capabilityInvocation.")

_ = cmd.MarkFlagRequired(flags.FlagFrom)

Expand Down Expand Up @@ -120,7 +124,13 @@ func runSignCmd(cmd *cobra.Command, args []string) error {
if err != nil {
return err
}
err = signVerifiableCredential(documentLoader, vc, signer, date)

purpose, err := cmd.Flags().GetString(flagPurpose)
if err != nil {
return err
}

err = signVerifiableCredential(documentLoader, vc, signer, date, purpose)
if err != nil {
return errorsmod.Wrapf(sdkerr.ErrInvalidRequest, "failed to sign: %v", err)
}
Expand Down Expand Up @@ -245,7 +255,7 @@ func loadVerifiableCredential(documentLoader ld.DocumentLoader, bs []byte) (*ver
}

func signVerifiableCredential(
documentLoader ld.DocumentLoader, vc *verifiable.Credential, signer KeyringSigner, date time.Time,
documentLoader ld.DocumentLoader, vc *verifiable.Credential, signer KeyringSigner, date time.Time, purpose string,
) error {
didKeyID, err := signer.DIDKeyID()
if err != nil {
Expand All @@ -265,6 +275,7 @@ func signVerifiableCredential(
Suite: ed25519signature2020.New(suite.WithSigner(signer)),
SignatureRepresentation: verifiable.SignatureProofValue,
VerificationMethod: didKeyID,
Purpose: purpose,
}, jsonld.WithDocumentLoader(documentLoader))
case *secp256k1.PubKey:
return vc.AddLinkedDataProof(&verifiable.LinkedDataProofContext{
Expand All @@ -273,6 +284,7 @@ func signVerifiableCredential(
Suite: ecdsasecp256k1signature2019.New(suite.WithSigner(signer)),
SignatureRepresentation: verifiable.SignatureJWS,
VerificationMethod: didKeyID,
Purpose: purpose,
}, jsonld.WithDocumentLoader(documentLoader))
default:
return fmt.Errorf("invalid pubkey type: %s; expected oneof %+q",
Expand Down

0 comments on commit b30ff57

Please sign in to comment.