feat: iat disclosable

Author: peppelinux

examples/complex_eidas/specification.yml

@@ -1,4 +1,5 @@
 user_claims:
+  !sd iat: 11
   verified_claims:
     verification:
       trust_framework: eidas
@@ -33,5 +34,5 @@ holder_disclosed_claims:
       {
         "verification": { "evidence": [] },
         "claims": { "gender": null, "place_of_birth": { "country": null } },
-      },
+      }
   }

examples/settings.yml

@@ -28,4 +28,4 @@ expiry_seconds: 86400000  # 1000 days
 random_seed: 0
 
 iat: 1683000000  # Tue May 02 2023 04:00:00 GMT+0000
-exp: 1883000000  # Sat Sep 01 2029 23:33:20 GMT+0000
+exp: 1883000000  # Sat Sep 01 2029 23:33:20 GMT+0000

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "sd-jwt"
-version = "0.10.4"
+version = "0.11.0"
 description = "The reference implementation of the IETF SD-JWT specification."
 authors = ["Daniel Fett <[email protected]>"]
 readme = "README.md"

src/sd_jwt/__init__.py

@@ -1 +1 @@
-__version__ = "0.10.4"
+__version__ = "0.11.0"

src/sd_jwt/bin/demo.py

@@ -307,4 +307,4 @@ def cb_get_issuer_key(issuer):
         sys.exit(0)
 
 if __name__ == "__main__":
-    run()
+    run()

src/sd_jwt/bin/generate.py

@@ -7,8 +7,10 @@
 
 
 import argparse
+import datetime
 import logging
 import sys
+
 from typing import Dict
 from pathlib import Path
 
@@ -29,6 +31,19 @@
 # Set logging to stdout
 logging.basicConfig(stream=sys.stdout, level=logging.INFO)
 
+def get_value_from_disclosables(attr_name, testcase):
+    _res = None
+    try:
+        _res = testcase['user_claims'][
+            [
+                k for k,v in testcase['user_claims'].items()
+                if hasattr(k, "value") and k.value == attr_name
+            ][0]
+        ]
+    except IndexError:
+        pass
+
+    return _res
 
 def generate_test_case_data(settings: Dict, testcase_path: Path, type: str):
     seed = settings["random_seed"]
@@ -42,12 +57,22 @@ def generate_test_case_data(settings: Dict, testcase_path: Path, type: str):
     extra_header_parameters = testcase.get("extra_header_parameters", {})
 
     claims = {}
+
+    _iat = get_value_from_disclosables("iat", testcase)
+
+    iat = _iat or settings.get("iat", int(datetime.datetime.utcnow().timestamp()))
+    exp = iat + (settings.get("exp_delta_minutes", 60) * 60)
+    
     if include_default_claims:
         claims = {
             "iss": settings["identifiers"]["issuer"],
-            "iat": settings["iat"],
-            "exp": settings["exp"],
+            "exp": settings.get("exp", exp)
         }
+    else:
+        claims = dict()
+
+    if not _iat:
+        claims['iat'] = iat
 
     claims.update(testcase["user_claims"])
 

src/sd_jwt/verifier.py

@@ -112,9 +112,9 @@ def _verify_key_binding_jwt(
         # Reassemble the SD-JWT in compact format and check digest
         if self._serialization_format == "compact":
             string_to_hash = self._combine(
-                        self._unverified_input_sd_jwt,
-                        *self._input_disclosures,
-                        ""
+                self._unverified_input_sd_jwt,
+                *self._input_disclosures,
+                ""
             )
             expected_sd_jwt_presentation_hash = self._b64hash(string_to_hash.encode("ascii"))
 

tests/testcases/settings.yml

@@ -27,5 +27,7 @@ expiry_seconds: 86400000  # 1000 days
 
 random_seed: 0
 
+exp_delta_seconds: 60
+
 iat: 1683000000  # Tue May 02 2023 04:00:00 GMT+0000
-exp: 1883000000  # Sat Sep 01 2029 23:33:20 GMT+0000
+exp: 1883000000  # Sat Sep 01 2029 23:33:20 GMT+0000