fix: implement ES256 verification

[nanderstabel]

Description of change

Please write a summary of your changes and why you made them.

Blocked by

• refactor: implement IssuanceServices for signing and verifying #98

Links to any relevant issues

Closes #102

How the change has been tested

To test against UniMe:

UniCore

1. Copy the file agent_application/example.config.yaml into a file named agent_application/config.yaml
2. Replace:

signing_algorithms_supported:
  eddsa:
    preferred: true
    enabled: true

with:

signing_algorithms_supported:
  es256:
    preferred: true
    enabled: true

3. Run the Docker container ( you might need to set the UNICORE__URL environment variable first, e.g.: http://192.168.1.127:3033):

• cd agent_application/docker
• docker compose up --build

4. In a separate terminal run these commands to create a Credential Offer (again, make sure the UNICORE__URL variable is set):

• Create a Credential

curl --location "${UNICORE__URL}/v0/credentials" --header "Content-Type: application/json" --data '{
    "offerId":"001",
    "credentialConfigurationId": "w3c_vc_credential",
    "credential": {
        "credentialSubject": {
            "first_name": "Ferris",
            "last_name": "Crabman",
            "dob": "1982-01-01"
        }
    }
}'

• Create the Offer

curl --location "${UNICORE__URL}/v0/offers" --header 'Content-Type: application/json' --data '{
    "offerId": "001"
}'

5. Copy the string that the endpoint returns

UniMe

6. build UniMe from this branch: feat: add support for ES256 signature algorithm identity-wallet#236

• cargo tauri dev

7. Select Shenrons profile (in dev mode)
8. Hit scan and paste the string obtained in step 5, then hit 'Process QR Code'
9. Accept Credential

The transfer should be successful.

Extra validation

by searching through the log messages from UniCore for this:

issuer::credential: Request Body: {"format":"jwt_vc_json","credential_definition":{"type":["VerifiableCredential"]},"proof":{"proof_type":"jwt","jwt":

You can verify that the Proof of Possession JWT that UniMe sent to UniCore that its header should look something like this:

{
  "typ": "openid4vci-proof+jwt",
  "alg": "ES256", <--- ES256
  "kid": "did:jwk:eyJhbGciOiJFUzI1NiIsImNydiI6IlAtMjU2Iiwia2lkIjoiTnNxRWpJMFlyeHd0dURPTnp3OEhFMmNOZEVERnV4WUY4M3FKVE85bkI1RSIsImt0eSI6IkVDIiwieCI6Ik1YY0I1NG9xZEVnXzFQTm1Fajk0djRLVGNoS3hpN3hXckkxTVlMVTNKMjQiLCJ5IjoiSnN4WnVZTXBMSEVjeUVNalUwXzRiVGhlcDc0M1B3cWlhaFloaWxoQ2RZbyJ9#0"
}

Also when searching for

INFO HTTP Request {method=POST path="/openid4vci/credential"}: agent_api_rest: Response Body: {"credential":

you can find the actual returned credential and that its header also contains "alg": "ES256"

Definition of Done checklist

Add an x to the boxes that are relevant to your changes.

• I have followed the contribution guidelines for this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• I have successfully tested this change in a docker environment

[github-actions]

🎉 This PR is included in version 1.0.0-beta.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 1.0.0-alpha.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀