Merge pull request #99 from eu-digital-identity-wallet/release/0.10.0

Sdjwt 11

Author: manpsarakis

Sources/TypeMetadata/TypeMetadataMerger.swift

@@ -25,6 +25,9 @@ package protocol TypeMetadataMergerType {
    *
    * The merging process prioritizes the properties of the first element in the array,
    * using subsequent elements to fill in missing values or merge collections.
+   *
+   * If a child type defines claim metadata with the same path as
+   * in the extended type, the child type's claim metadata will fully override the parent's.
    */
   func mergeMetadata(from metadataArray: [ResolvedTypeMetadata]) -> ResolvedTypeMetadata?
 }
@@ -53,19 +56,7 @@ struct TypeMetadataMerger: TypeMetadataMergerType {
         primary: result.claims,
         secondary: parent.claims,
         keySelector: \.path,
-        merge: { current, parent in
-          SdJwtVcTypeMetadata.ClaimMetadata(
-            path: current.path,
-            display: mergeByKey(
-              primary: current.display ?? [],
-              secondary: parent.display ?? [],
-              keySelector: \.lang,
-              merge: { current, _ in current }
-            ),
-            selectivelyDisclosable: current.selectivelyDisclosable,
-            svgId: current.svgId
-          )
-        }
+        merge: { current, _ in current }  
       )
 
       return ResolvedTypeMetadata(
@@ -123,5 +114,3 @@ struct TypeMetadataMerger: TypeMetadataMergerType {
     return merged
   }
 }
-
-

Sources/Utilities/SdJwtVcIssuerPublicKeySource.swift

@@ -19,6 +19,5 @@ import X509
 public enum SdJwtVcIssuerPublicKeySource {
   case metadata(iss: URL, kid: String?, fetcher: SdJwtVcIssuerMetaDataFetching)
   case x509CertChain(iss: URL, chain: [Certificate], trust: X509SDJWTVCCertificateTrust)
-  case didUrl(iss: String, kid: String?, loukup: LookupPublicKeysFromDIDDocument)
 }
 

Sources/Verifier/SDJWTVCVerifier.swift

@@ -21,25 +21,8 @@ import JSONWebSignature
 import JSONWebToken
 
 private let HTTPS_URI_SCHEME = "https"
-private let DID_URI_SCHEME = "did"
 private let SD_JWT_DC_TYPE = "dc+sd-jwt"
 
-/**
- * A protocol to look up public keys from DIDs/DID URLs.
- */
-public protocol LookupPublicKeysFromDIDDocument {
-  /**
-   * Asynchronously looks up public keys from a DID document based on a DID or DID URL.
-   *
-   * - Parameters:
-   *   - did: The DID identifier.
-   *   - didUrl: The DID URL (optional).
-   * - Returns: An array of JWKs (public keys) or `nil` if the lookup fails.
-   */
-  func lookup(did: String, didUrl: String?) async throws -> [JWK]?
-}
-
-
 /**
  * A protocol defining methods for verifying SD-JWTs
  */
@@ -103,12 +86,10 @@ protocol SdJwtVcVerifierType {
   * It can be one of the following:
   * - metadata: Fetch issuer metadata to get keys.
   * - x509: Use X.509 certificates for verification.
-  * - did: Use DID URLs to look up keys.
  */
 public enum VerificationMethod {
   case metadata(fetcher: SdJwtVcIssuerMetaDataFetching)
   case x509(trust: X509SDJWTVCCertificateTrust)
-  case did(lookup: LookupPublicKeysFromDIDDocument)
 }
 
 /**
@@ -306,7 +287,7 @@ public class SDJWTVCVerifier: SdJwtVcVerifierType {
 private extension SDJWTVCVerifier {
 
   /**
-   * Selects the issuer's public key from the JWS object based on metadata, X.509 certificates, or DID URLs.
+   * Selects the issuer's public key from the JWS object based on metadata, X.509 certificates.
    *
    * - Parameters:
    *   - jws: The JSON Web Signature object.
@@ -353,17 +334,6 @@ private extension SDJWTVCVerifier {
       return .failure(
         SDJWTVerifierError.invalidJwt
       )
-      
-    case .didUrl(let iss, let kid, let lookup):
-      guard let key = try await lookup.lookup(
-        did: iss,
-        didUrl: kid
-      )?.first(where: { $0.keyID == kid }) else {
-        return .failure(
-          SDJWTVerifierError.invalidJwt
-        )
-      }
-      return .success(key)
     }
   }
 
@@ -403,13 +373,6 @@ private extension SDJWTVCVerifier {
         chain: certChain,
         trust: trust
       )
-      
-    case .did(lookup: let lookup):
-      return .didUrl(
-        iss: iss,
-        kid: jws.protectedHeader.keyID,
-        loukup: lookup
-      )
     }
   }
 

Tests/Mocks/LookupPublicKeysFromDIDDocumentMock.swift

@@ -189,6 +189,62 @@ final class TypeMetadataMergerTests: XCTestCase {
     XCTAssertEqual(mergedClaim?.svgId, "child_svg") // child wins
     XCTAssertEqual(mergedClaim?.display?.first?.label, "Child Label") // child's display wins
   }
+
+  func test_mergeMetadata_withConflictingClaimPath_childFullyOverridesParentDisplay() {
+    
+    let childClaim = SdJwtVcTypeMetadata.ClaimMetadata(
+      path: ClaimPath([.claim(name: "same_path")]),
+      display: [
+        SdJwtVcTypeMetadata.ClaimDisplay(lang: "en", label: "Child Label EN")
+      ],
+      selectivelyDisclosable: .always,
+      svgId: "child_svg"
+    )
+    
+    let parentClaim = SdJwtVcTypeMetadata.ClaimMetadata(
+      path: ClaimPath([.claim(name: "same_path")]),
+      display: [
+        SdJwtVcTypeMetadata.ClaimDisplay(lang: "en", label: "Parent Label EN"),
+        SdJwtVcTypeMetadata.ClaimDisplay(lang: "fr", label: "Parent Label FR")
+      ],
+      selectivelyDisclosable: .never,
+      svgId: "parent_svg"
+    )
+    
+    let child = ResolvedTypeMetadata(
+      vct: "child_vct",
+      name: nil,
+      description: nil,
+      displays: [],
+      claims: [childClaim]
+    )
+    
+    let parent = ResolvedTypeMetadata(
+      vct: "parent_vct",
+      name: nil,
+      description: nil,
+      displays: [],
+      claims: [parentClaim]
+    )
+    
+    let merged = TypeMetadataMerger().mergeMetadata(from: [child, parent])
+    
+    // Child claim fully overrides parent
+    XCTAssertEqual(merged?.claims.count, 1)
+    let mergedClaim = merged?.claims.first
+    
+    // Only child's displays should be present (no French from parent)
+    XCTAssertEqual(mergedClaim?.display?.count, 1)
+    XCTAssertEqual(mergedClaim?.display?.first?.lang, "en")
+    XCTAssertEqual(mergedClaim?.display?.first?.label, "Child Label EN")
+    
+    // Parent's French display should NOT be present
+    XCTAssertFalse(mergedClaim?.display?.contains(where: { $0.lang == "fr" }) ?? true)
+    
+    // All child properties win
+    XCTAssertEqual(mergedClaim?.selectivelyDisclosable, .always)
+    XCTAssertEqual(mergedClaim?.svgId, "child_svg")
+  }
 
   func test_mergeMetadata_parentDisplaysAppended() {
     let childDisplay = SdJwtVcTypeMetadata.DisplayMetadata(

Tests/TypeMetadata/TypeMetadataMergerTests.swift

@@ -36,14 +36,6 @@ final class VcVerifierTest: XCTestCase {
         extension: "json"
       ))))
 
-  private let didVerifier = SDJWTVCVerifier( verificationMethod: .did(
-    lookup: LookupPublicKeysFromDIDDocumentMock()
-  ))
-  
-  
-    
-  
-  
   override func setUp() async throws {
   }
 
@@ -137,30 +129,6 @@ final class VcVerifierTest: XCTestCase {
     XCTAssertNoThrow(try result.get())
   }
 
-  func testVerifyIssuance_WithValidSDJWT_WithDID_ShouldSucceed() async throws {
-    
-    // Given
-    let sdJwtString = SDJWTConstants.did_sd_jwt.clean()
-    
-    // When
-    let result = try await didVerifier.verifyIssuance(unverifiedSdJwt: sdJwtString)
-    
-    // Then
-    XCTAssertNoThrow(try result.get())
-  }
-  
-  func testVerifyIssuance_WithValidSDJWT_WithDID_AndConfiguration_ShouldSucceed() async throws {
-    
-    // Given
-    let sdJwtString = SDJWTConstants.did_sd_jwt.clean()
-    
-    // When
-    let result = try await didVerifier.verifyIssuance(unverifiedSdJwt: sdJwtString)
-    
-    // Then
-    XCTAssertNoThrow(try result.get())
-  }
-  
   func testVerifyIssuance_WithValidSDJWTFlattendedJSON_Withx509Header_ShouldSucceed() async throws {
 
     // Given