diff --git a/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/IdentityHubCli.java b/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/IdentityHubCli.java index 5201fd9e1..09c4f1f80 100644 --- a/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/IdentityHubCli.java +++ b/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/IdentityHubCli.java @@ -58,6 +58,6 @@ private void init() { var objectMapper = new ObjectMapper(); var monitor = new ConsoleMonitor(); this.identityHubClient = new IdentityHubClientImpl(okHttpClient, objectMapper, monitor); - this.verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(objectMapper); + this.verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(objectMapper, monitor); } } diff --git a/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/ListVerifiableCredentialsCommand.java b/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/ListVerifiableCredentialsCommand.java index 8907de458..d3ce873b2 100644 --- a/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/ListVerifiableCredentialsCommand.java +++ b/client-cli/src/main/java/org/eclipse/dataspaceconnector/identityhub/cli/ListVerifiableCredentialsCommand.java @@ -44,6 +44,9 @@ class ListVerifiableCredentialsCommand implements Callable { public Integer call() throws Exception { var out = spec.commandLine().getOut(); var result = command.cli.identityHubClient.getVerifiableCredentials(command.cli.hubUrl); + if (result.failed()) { + throw new CliException("Failed to get verifiable credentials: " + result.getFailureDetail()); + } var vcs = result.getContent().stream() .map(this::getClaims) .collect(toList()); diff --git a/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/CliTestUtils.java b/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/CliTestUtils.java index a68bc991f..8e22d6a89 100644 --- a/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/CliTestUtils.java +++ b/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/CliTestUtils.java @@ -23,11 +23,13 @@ import org.eclipse.dataspaceconnector.identityhub.credentials.VerifiableCredentialsJwtService; import org.eclipse.dataspaceconnector.identityhub.credentials.VerifiableCredentialsJwtServiceImpl; import org.eclipse.dataspaceconnector.identityhub.credentials.model.VerifiableCredential; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import java.util.Map; import static org.eclipse.dataspaceconnector.identityhub.credentials.CryptoUtils.readPrivateEcKey; import static org.eclipse.dataspaceconnector.identityhub.credentials.CryptoUtils.readPublicEcKey; +import static org.mockito.Mockito.mock; class CliTestUtils { public static final String PUBLIC_KEY_PATH = "src/test/resources/test-public-key.pem"; @@ -35,7 +37,7 @@ class CliTestUtils { public static final PublicKeyWrapper PUBLIC_KEY; public static final PrivateKeyWrapper PRIVATE_KEY; private static final Faker FAKER = new Faker(); - private static final VerifiableCredentialsJwtService VC_JWT_SERVICE = new VerifiableCredentialsJwtServiceImpl(new ObjectMapper()); + private static final VerifiableCredentialsJwtService VC_JWT_SERVICE = new VerifiableCredentialsJwtServiceImpl(new ObjectMapper(), mock(Monitor.class)); static { try { diff --git a/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/VerifiableCredentialsCommandTest.java b/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/VerifiableCredentialsCommandTest.java index 70ce5a265..13e1a85a6 100644 --- a/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/VerifiableCredentialsCommandTest.java +++ b/client-cli/src/test/java/org/eclipse/dataspaceconnector/identityhub/cli/VerifiableCredentialsCommandTest.java @@ -22,6 +22,7 @@ import org.eclipse.dataspaceconnector.identityhub.client.IdentityHubClient; import org.eclipse.dataspaceconnector.identityhub.credentials.VerifiableCredentialsJwtServiceImpl; import org.eclipse.dataspaceconnector.identityhub.credentials.model.VerifiableCredential; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.ArgumentCaptor; @@ -65,7 +66,7 @@ class VerifiableCredentialsCommandTest { @BeforeEach void setUp() { app.identityHubClient = mock(IdentityHubClient.class); - app.verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(new ObjectMapper()); + app.verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(new ObjectMapper(), mock(Monitor.class)); app.hubUrl = HUB_URL; cmd.setOut(new PrintWriter(out)); cmd.setErr(new PrintWriter(err)); diff --git a/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtension.java b/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtension.java index bcf7b82f1..849da70bb 100644 --- a/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtension.java +++ b/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtension.java @@ -59,13 +59,14 @@ public JwtCredentialsVerifier createJwtVerifier(ServiceExtensionContext context) if (didPublicKeyResolver == null) { didPublicKeyResolver = context.getService(DidPublicKeyResolver.class); } + Monitor monitor = context.getService(Monitor.class); return new DidJwtCredentialsVerifier(didPublicKeyResolver, monitor); } @Provider public CredentialsVerifier createCredentialsVerifier(ServiceExtensionContext context) { var client = new IdentityHubClientImpl(httpClient, typeManager.getMapper(), monitor); - var verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(typeManager.getMapper()); + var verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(typeManager.getMapper(), monitor); return new IdentityHubCredentialsVerifier(client, monitor, jwtCredentialsVerifier, verifiableCredentialsJwtService); } } diff --git a/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/DidJwtCredentialsVerifier.java b/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/DidJwtCredentialsVerifier.java index 8aa4b99bc..c6a22002b 100644 --- a/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/DidJwtCredentialsVerifier.java +++ b/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/DidJwtCredentialsVerifier.java @@ -76,6 +76,7 @@ public boolean verifyClaims(SignedJWT jwt, String expectedSubject) { var requiredClaims = Set.of(ISSUER_CLAIM); var claimsVerifier = new DefaultJWTClaimsVerifier<>(exactMatchClaims, requiredClaims); + try { claimsVerifier.verify(jwtClaimsSet); } catch (BadJWTException e) { @@ -83,6 +84,7 @@ public boolean verifyClaims(SignedJWT jwt, String expectedSubject) { return false; } + monitor.debug(() -> "JWT claims verification successful"); return true; } @@ -90,10 +92,12 @@ private Result verifySignature(SignedJWT jwt, PublicKeyWrapper issuerPubli try { var verified = jwt.verify(issuerPublicKey.verifier()); if (!verified) { - return Result.failure("Invalid signature"); + return Result.failure("Invalid JWT signature"); } + monitor.debug(() -> "JWT signature verification successful"); return Result.success(); } catch (JOSEException e) { + monitor.warning("Unable to verify JWT token", e); return Result.failure("Unable to verify JWT token. " + e.getMessage()); } } diff --git a/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifier.java b/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifier.java index dc66ea988..988662f4e 100644 --- a/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifier.java +++ b/extensions/identity-hub-verifier/src/main/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifier.java @@ -14,14 +14,20 @@ package org.eclipse.dataspaceconnector.identityhub.verifier; +import com.nimbusds.jwt.SignedJWT; import org.eclipse.dataspaceconnector.iam.did.spi.credentials.CredentialsVerifier; import org.eclipse.dataspaceconnector.iam.did.spi.document.DidDocument; +import org.eclipse.dataspaceconnector.iam.did.spi.document.Service; import org.eclipse.dataspaceconnector.identityhub.client.IdentityHubClient; import org.eclipse.dataspaceconnector.identityhub.credentials.VerifiableCredentialsJwtService; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.response.StatusResult; import org.eclipse.dataspaceconnector.spi.result.AbstractResult; import org.eclipse.dataspaceconnector.spi.result.Result; +import org.jetbrains.annotations.NotNull; +import java.util.Collection; +import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -61,41 +67,75 @@ public IdentityHubCredentialsVerifier(IdentityHubClient identityHubClient, Monit */ @Override public Result> getVerifiedCredentials(DidDocument didDocument) { + monitor.debug(() -> "Retrieving verified credentials for " + didDocument.getId()); + var hubBaseUrl = getIdentityHubBaseUrl(didDocument); - if (hubBaseUrl.failed()) { - return Result.failure(hubBaseUrl.getFailureMessages()); + if (hubBaseUrl == null) { + var errorMessage = "Could not retrieve identity hub URL from DID document"; + monitor.severe(errorMessage); + return Result.failure(errorMessage); } - var jwts = identityHubClient.getVerifiableCredentials(hubBaseUrl.getContent()); - if (jwts.failed()) { - return Result.failure(jwts.getFailureMessages()); + monitor.debug(() -> String.format("Using identity hub URL: %s", hubBaseUrl)); + + var verifiableCredentials = identityHubClient.getVerifiableCredentials(hubBaseUrl); + if (verifiableCredentials.failed()) { + monitor.severe("Could not retrieve verifiable credentials from identity hub"); + return Result.failure(verifiableCredentials.getFailureMessages()); } - var verifiedJwt = jwts.getContent() + + monitor.debug(() -> String.format("Retrieved %s verifiable credentials from identity hub", verifiableCredentials.getContent().size())); + + var verifiedCredentials = verifyCredentials(verifiableCredentials, didDocument); + + monitor.debug(() -> String.format("Verified %s credentials", verifiedCredentials.size())); + + var claims = extractClaimsFromCredential(verifiedCredentials); + + return Result.success(claims); + } + + @NotNull + private List verifyCredentials(StatusResult> jwts, DidDocument didDocument) { + var result = jwts.getContent() .stream() - .filter(jwt -> jwtCredentialsVerifier.verifyClaims(jwt, didDocument.getId())) - .filter(jwtCredentialsVerifier::isSignedByIssuer); + .collect(partitioningBy((jwt) -> jwtCredentialsVerifier.verifyClaims(jwt, didDocument.getId()) && jwtCredentialsVerifier.isSignedByIssuer(jwt))); - var partitionedResult = verifiedJwt.map(verifiableCredentialsJwtService::extractCredential).collect(partitioningBy(AbstractResult::succeeded)); - var successfulResults = partitionedResult.get(true); - var failedResults = partitionedResult.get(false); + var successfulResults = result.get(true); + var failedResults = result.get(false); - failedResults.forEach(result -> monitor.warning(String.join(",", result.getFailureMessages()))); + if (!failedResults.isEmpty()) { + monitor.warning(String.format("Ignoring %s invalid verifiable credentials", failedResults.size())); + } + + return successfulResults; + } + + @NotNull + private Map extractClaimsFromCredential(List verifiedCredentials) { + var result = verifiedCredentials.stream() + .map(verifiableCredentialsJwtService::extractCredential) + .collect(partitioningBy(AbstractResult::succeeded)); + + var successfulResults = result.get(true); + var failedResults = result.get(false); - var claims = successfulResults.stream() + if (!failedResults.isEmpty()) { + failedResults.forEach(f -> monitor.warning("Invalid credentials: " + f.getFailureDetail())); + } + + return successfulResults.stream() .map(AbstractResult::getContent) .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); - - return Result.success(claims); } - private Result getIdentityHubBaseUrl(DidDocument didDocument) { - var hubBaseUrl = didDocument + private String getIdentityHubBaseUrl(DidDocument didDocument) { + return didDocument .getService() .stream() .filter(s -> s.getType().equals(IDENTITY_HUB_SERVICE_TYPE)) - .findFirst(); - - return hubBaseUrl.map(u -> Result.success(u.getServiceEndpoint())) - .orElse(Result.failure("Failed getting Identity Hub URL")); + .findFirst() + .map(Service::getServiceEndpoint) + .orElse(null); } } diff --git a/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtensionTest.java b/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtensionTest.java index c189d8a47..db60c8e36 100644 --- a/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtensionTest.java +++ b/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/CredentialsVerifierExtensionTest.java @@ -27,7 +27,6 @@ import org.eclipse.dataspaceconnector.identityhub.client.IdentityHubClientImpl; import org.eclipse.dataspaceconnector.junit.extensions.EdcExtension; import org.eclipse.dataspaceconnector.junit.testfixtures.TestUtils; -import org.eclipse.dataspaceconnector.spi.monitor.ConsoleMonitor; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.eclipse.dataspaceconnector.spi.result.Result; import org.junit.jupiter.api.BeforeEach; @@ -52,13 +51,13 @@ public class CredentialsVerifierExtensionTest { private static final Faker FAKER = new Faker(); private static final int PORT = getFreePort(); private static final String API_URL = String.format("http://localhost:%d/api/identity-hub", PORT); - private static final String CREDENTIAL_ISSUER = "did:web:testdid"; - private static final String SUBJECT = FAKER.internet().url(); + private static final String CREDENTIAL_ISSUER = "did:web:" + FAKER.internet().domainName(); + private static final String SUBJECT = "did:web:" + FAKER.internet().domainName(); private IdentityHubClient identityHubClient; @BeforeEach void setUp(EdcExtension extension) { - identityHubClient = new IdentityHubClientImpl(TestUtils.testOkHttpClient(), new ObjectMapper(), new ConsoleMonitor()); + identityHubClient = new IdentityHubClientImpl(TestUtils.testOkHttpClient(), new ObjectMapper(), mock(Monitor.class)); extension.registerServiceMock(Monitor.class, mock(Monitor.class)); extension.setConfiguration(Map.of("web.http.port", String.valueOf(PORT))); } diff --git a/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifierTest.java b/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifierTest.java index d5f31ae2c..d66621def 100644 --- a/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifierTest.java +++ b/extensions/identity-hub-verifier/src/test/java/org/eclipse/dataspaceconnector/identityhub/verifier/IdentityHubCredentialsVerifierTest.java @@ -58,7 +58,7 @@ public class IdentityHubCredentialsVerifierTest { private Monitor monitorMock = mock(Monitor.class); private IdentityHubClient identityHubClientMock = mock(IdentityHubClient.class); private JwtCredentialsVerifier jwtCredentialsVerifierMock = mock(JwtCredentialsVerifier.class); - private VerifiableCredentialsJwtServiceImpl verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(OBJECT_MAPPER); + private VerifiableCredentialsJwtServiceImpl verifiableCredentialsJwtService = new VerifiableCredentialsJwtServiceImpl(OBJECT_MAPPER, monitorMock); private CredentialsVerifier credentialsVerifier = new IdentityHubCredentialsVerifier(identityHubClientMock, monitorMock, jwtCredentialsVerifierMock, verifiableCredentialsJwtService); @Test @@ -111,7 +111,7 @@ public void getVerifiedClaims_hubUrlNotResolved() { // Assert assertThat(credentials.failed()).isTrue(); - assertThat(credentials.getFailureMessages()).containsExactly("Failed getting Identity Hub URL"); + assertThat(credentials.getFailureMessages()).containsExactly("Could not retrieve identity hub URL from DID document"); } @Test @@ -165,4 +165,5 @@ public void getVerifiedClaims_verifiableCredentialsWithMissingId() { assertThat(credentials.getContent().isEmpty()); verify(monitorMock, times(1)).warning(anyString()); } + } diff --git a/spi/identity-hub-spi/build.gradle.kts b/spi/identity-hub-spi/build.gradle.kts index 3536a5571..0bf6f07f5 100644 --- a/spi/identity-hub-spi/build.gradle.kts +++ b/spi/identity-hub-spi/build.gradle.kts @@ -26,6 +26,7 @@ val edcGroup: String by project val edcVersion: String by project val jupiterVersion: String by project val assertj: String by project +val mockitoVersion: String by project dependencies { api("org.jetbrains:annotations:${jetBrainsAnnotationsVersion}") @@ -40,6 +41,7 @@ dependencies { testFixturesImplementation("${edcGroup}:identity-did-crypto:${edcVersion}") testImplementation("org.junit.jupiter:junit-jupiter-api:${jupiterVersion}") testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:${jupiterVersion}") + testImplementation("org.mockito:mockito-core:${mockitoVersion}") testImplementation("org.assertj:assertj-core:${assertj}") testImplementation("com.github.javafaker:javafaker:${faker}") } diff --git a/spi/identity-hub-spi/src/main/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceImpl.java b/spi/identity-hub-spi/src/main/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceImpl.java index 8d33b081e..cfb1949de 100644 --- a/spi/identity-hub-spi/src/main/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceImpl.java +++ b/spi/identity-hub-spi/src/main/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceImpl.java @@ -22,6 +22,7 @@ import com.nimbusds.jwt.SignedJWT; import org.eclipse.dataspaceconnector.iam.did.spi.key.PrivateKeyWrapper; import org.eclipse.dataspaceconnector.identityhub.credentials.model.VerifiableCredential; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.eclipse.dataspaceconnector.spi.result.Result; import java.text.ParseException; @@ -32,9 +33,11 @@ public class VerifiableCredentialsJwtServiceImpl implements VerifiableCredentialsJwtService { private ObjectMapper objectMapper; + private Monitor monitor; - public VerifiableCredentialsJwtServiceImpl(ObjectMapper objectMapper) { + public VerifiableCredentialsJwtServiceImpl(ObjectMapper objectMapper, Monitor monitor) { this.objectMapper = objectMapper; + this.monitor = monitor; } @Override @@ -57,16 +60,19 @@ public SignedJWT buildSignedJwt(VerifiableCredential credential, String issuer, @Override public Result> extractCredential(SignedJWT jwt) { try { - var payload = jwt.getPayload().toJSONObject(); + var payload = jwt.getJWTClaimsSet().getClaims(); var vcObject = payload.get(VERIFIABLE_CREDENTIALS_KEY); if (vcObject == null) { return Result.failure(String.format("No %s field found", VERIFIABLE_CREDENTIALS_KEY)); } var verifiableCredential = objectMapper.convertValue(vcObject, VerifiableCredential.class); + monitor.debug(() -> "Extracted credentials from JWT"); + return Result.success(new AbstractMap.SimpleEntry<>(verifiableCredential.getId(), payload)); - } catch (RuntimeException e) { - return Result.failure(Objects.requireNonNullElseGet(e.getMessage(), () -> e.toString())); + } catch (ParseException | RuntimeException e) { + monitor.severe("Failure extracting credentials from JWT", e); + return Result.failure(Objects.requireNonNullElseGet(e.getMessage(), e::toString)); } } } diff --git a/spi/identity-hub-spi/src/test/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceTest.java b/spi/identity-hub-spi/src/test/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceTest.java index 93cc48540..e3599848e 100644 --- a/spi/identity-hub-spi/src/test/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceTest.java +++ b/spi/identity-hub-spi/src/test/java/org/eclipse/dataspaceconnector/identityhub/credentials/VerifiableCredentialsJwtServiceTest.java @@ -23,6 +23,7 @@ import org.eclipse.dataspaceconnector.iam.did.crypto.key.EcPrivateKeyWrapper; import org.eclipse.dataspaceconnector.iam.did.crypto.key.EcPublicKeyWrapper; import org.eclipse.dataspaceconnector.identityhub.credentials.model.VerifiableCredential; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -34,6 +35,7 @@ import static org.eclipse.dataspaceconnector.identityhub.credentials.VerifiableCredentialsJwtService.VERIFIABLE_CREDENTIALS_KEY; import static org.eclipse.dataspaceconnector.identityhub.junit.testfixtures.VerifiableCredentialTestUtil.generateEcKey; import static org.eclipse.dataspaceconnector.identityhub.junit.testfixtures.VerifiableCredentialTestUtil.generateVerifiableCredential; +import static org.mockito.Mockito.mock; public class VerifiableCredentialsJwtServiceTest { @@ -50,7 +52,7 @@ public void setUp() { var key = generateEcKey(); privateKey = new EcPrivateKeyWrapper(key); publicKey = new EcPublicKeyWrapper(key); - service = new VerifiableCredentialsJwtServiceImpl(OBJECT_MAPPER); + service = new VerifiableCredentialsJwtServiceImpl(OBJECT_MAPPER, mock(Monitor.class)); } @Test @@ -67,7 +69,7 @@ public void buildSignedJwt_success() throws Exception { boolean result = signedJwt.verify(publicKey.verifier()); assertThat(result).isTrue(); - assertThat(signedJwt.getJWTClaimsSet().toJSONObject()) + assertThat(signedJwt.getJWTClaimsSet().getClaims()) .containsEntry("iss", issuer) .containsEntry("sub", subject) .extractingByKey(VERIFIABLE_CREDENTIALS_KEY)