Replace logic with sdk functions

go.mod

@@ -4,7 +4,7 @@ go 1.20
 
 require (
 	github.com/BurntSushi/toml v1.3.2
-	github.com/TBD54566975/ssi-sdk v0.0.4-alpha.0.20230629211408-d0031cf86600
+	github.com/TBD54566975/ssi-sdk v0.0.4-alpha.0.20230707203029-1bbf9c13be59
 	github.com/alicebob/miniredis/v2 v2.30.4
 	github.com/ardanlabs/conf v1.5.0
 	github.com/benbjohnson/clock v1.3.5
@@ -42,7 +42,7 @@ require (
 	go.opentelemetry.io/otel/sdk v1.16.0
 	go.opentelemetry.io/otel/trace v1.16.0
 	golang.org/x/crypto v0.10.0
-	golang.org/x/term v0.9.0
+	golang.org/x/term v0.10.0
 	google.golang.org/api v0.129.0
 	gopkg.in/go-playground/validator.v9 v9.31.0
 	gopkg.in/h2non/gock.v1 v1.1.2
@@ -163,7 +163,7 @@ require (
 	golang.org/x/mod v0.10.0 // indirect
 	golang.org/x/net v0.11.0 // indirect
 	golang.org/x/oauth2 v0.9.0 // indirect
-	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/sys v0.10.0 // indirect
 	golang.org/x/text v0.10.0 // indirect
 	golang.org/x/tools v0.9.3 // indirect
 	google.golang.org/appengine v1.6.7 // indirect

go.sum

@@ -46,8 +46,8 @@ github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
 github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
-github.com/TBD54566975/ssi-sdk v0.0.4-alpha.0.20230629211408-d0031cf86600 h1:POzVbjLxtQYQGVGaU95uQtUvhf3djJsAAWrADV6Ou4Y=
-github.com/TBD54566975/ssi-sdk v0.0.4-alpha.0.20230629211408-d0031cf86600/go.mod h1:yPkVO9MCC/kRu+lut3jllhnCV0gEqSubaaSVT7xLSOs=
+github.com/TBD54566975/ssi-sdk v0.0.4-alpha.0.20230707203029-1bbf9c13be59 h1:O7GtPvUMsbJYFGx+In7ai1Sxm7gQaF7fenwlovpYbvs=
+github.com/TBD54566975/ssi-sdk v0.0.4-alpha.0.20230707203029-1bbf9c13be59/go.mod h1:yPkVO9MCC/kRu+lut3jllhnCV0gEqSubaaSVT7xLSOs=
 github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
 github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302 h1:uvdUDbHQHO85qeSydJtItA4T55Pw6BtAejd0APRJOCE=
 github.com/alicebob/gopher-json v0.0.0-20230218143504-906a9b012302/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
@@ -697,16 +697,16 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
+golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
-golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
-golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

internal/credential/verification.go

@@ -47,47 +47,17 @@ func NewCredentialValidator(didResolver resolution.Resolver, schemaResolver sche
 	}, nil
 }
 
-// TODO(gabe) consider moving this verification logic to the sdk https://github.com/TBD54566975/ssi-service/issues/122
-
 // VerifyJWTCredential first parses and checks the signature on the given JWT credential. Next, it runs
 // a set of static verification checks on the credential as per the credential service's configuration.
 func (v Validator) VerifyJWTCredential(ctx context.Context, token keyaccess.JWT) error {
-	// first, parse the token to see if it contains a valid verifiable credential
-	gotHeaders, _, cred, err := integrity.ParseVerifiableCredentialFromJWT(token.String())
-	if err != nil {
-		return sdkutil.LoggingErrorMsg(err, "could not parse credential from JWT")
-	}
-
-	kid, ok := gotHeaders.Get(jws.KeyIDKey)
-	if !ok {
-		return sdkutil.LoggingNewError("could not find key ID in JWT headers")
-	}
-	jwtKID, ok := kid.(string)
-	if !ok {
-		return sdkutil.LoggingNewErrorf("could not convert key ID to string: %v", kid)
-	}
-
-	// resolve the issuer's key material
-	issuerDID, ok := cred.Issuer.(string)
-	if !ok {
-		return sdkutil.LoggingNewErrorf("could not convert issuer to string: %v", cred.Issuer)
-	}
-	pubKey, err := didint.ResolveKeyForDID(ctx, v.didResolver, issuerDID, jwtKID)
+	_, err := integrity.VerifyJWTCredential(ctx, token.String(), v.didResolver)
 	if err != nil {
-		return sdkutil.LoggingError(err)
+		return errors.Wrap(err, "verifying JWT credential")
 	}
-
-	// construct a signature validator from the verification information
-	verifier, err := keyaccess.NewJWKKeyAccessVerifier(issuerDID, jwtKID, pubKey)
+	_, _, cred, err := integrity.ParseVerifiableCredentialFromJWT(token.String())
 	if err != nil {
-		return sdkutil.LoggingErrorMsg(err, "could not create validator")
+		return errors.Wrap(err, "parsing vc from jwt")
 	}
-
-	// verify the signature on the credential
-	if err = verifier.Verify(token); err != nil {
-		return sdkutil.LoggingErrorMsg(err, "could not verify credential's signature")
-	}
-
 	return v.staticValidationChecks(ctx, *cred)
 }
 

pkg/server/server_credential_test.go

@@ -811,7 +811,7 @@ func TestCredentialAPI(t *testing.T) {
 				assert.NoError(ttt, err)
 				assert.NotEmpty(ttt, verifyResp)
 				assert.False(ttt, verifyResp.Verified)
-				assert.Contains(ttt, verifyResp.Reason, "could not parse credential from JWT")
+				assert.Contains(ttt, verifyResp.Reason, "parsing JWT: parsing credential token: invalid JWT")
 			})
 
 			tt.Run("Test Create Revocable Credential", func(ttt *testing.T) {