EUDI SD-JWT/eu.europa.ec.eudi.sdjwt.vc/sdJwtVcSignatureVerifier

sdJwtVcSignatureVerifier

fun sdJwtVcSignatureVerifier(httpClientFactory: KtorHttpClientFactory? = null, trust: X509CertificateTrust? = null, lookup: LookupPublicKeysFromDIDDocument? = null): JwtSignatureVerifier<SignedJWT>(source)

Factory method for producing a SD-JWT-VC specific signature verifier. This verifier will get the Issuer's public key from the JWT part of the SD-JWT. In particular,

If iss claim is an HTTPS URI and there is no x5c in the header, SD-JWT-VC metadata will be used
If iss claim is an HTTPS URI and there is a x5c claim key will be extracted from the leaf certificate, if it is trusted & it contains a SAN DNS equal to iss FQDN
If iss claim is an HTTPS URI and there is a x5c claim key will be extracted from the leaf certificate, if it is trusted & it contains a SAN URI equal to iss
If iss claim is a DID the key will be extracted by resolving it.

In addition, the verifier will ensure that typ claim is equal to vc+sd-jwt

Return

a SD-JWT-VC specific signature verifier as described above

Parameters

httpClientFactory

a factory for getting http clients, used while interacting with issuer

trust

a function that accepts a chain of certificates (contents of x5c claim) and indicates whether is trusted or not. If it is not provided, defaults to X509CertificateTrust.None

lookup

an optional way of looking up public keys from DID Documents. A null value indicates that holder doesn't support DIDs