Support x5c validation

[tanguilp]

My understanding is that with the x5c (and jwk) header parameters there's no need to specify a key when verifying. That would be a verify/1 function in JWS module.

Specification: https://tools.ietf.org/html/rfc7515#section-4.1.6

I've seen it in the wild, for example FIDO2 metadata are published in such JWTs (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-service-v2.0-id-20180227.html#metadata-toc-object-processing-rules).

[tanguilp]

Actually if you are willing to give me some guidelines I'd be willing to try to implement it and propose a patch.

[sjmadsen]

Another instance in the wild: the JWTs delivered by Apple's App Store Server Notifications v2 utilize a certificate chain in the x5c header parameter.

[behe]

If somebody else finds this issue when trying to validate App Store Server Notifications v2, this is how this can be done:

# Extract certificates from the x5c field in the header
%{"x5c" => x5c} =
  jws
  |> JOSE.JWS.peek_protected()
  |> Jason.decode!()

# Base64 decode and reverse them to the format expected by the verify function
cert_chain =
  Enum.map(x5c, &Base.decode64!/1)
  |> Enum.reverse()

# Verify certificate chain and extract the public key
%Req.Response{body: trusted_cert} =
  Req.get!("https://www.apple.com/certificateauthority/AppleRootCA-G3.cer")

{:ok, {{_key_oid_name, public_key_type, public_key_params}, _policy_tree}} =
  :public_key.pkix_path_validation(trusted_cert, cert_chain, [])

public _key = {public_key_type, public_key_params}

# Convert the public key into a JSON Web Key
jwk = JOSE.JWK.from_key(public_key)
# Verify the signature of the JWS
{true, payload, _jose_jws_protected_details} = JOSE.JWS.verify(jwk, jws)