feat: Check sd-jwt VC x5c in credential details #2569

lib/app/shared/helper_functions/helper_functions.dart

@@ -1800,9 +1800,8 @@ List<dynamic> collectSdValues(Map<String, dynamic> data) {
 
 Future<Map<String, dynamic>?> checkX509({
   required String encodedData,
-  required String clientId,
-  required JWTDecode jwtDecode,
   required Map<String, dynamic> header,
+  required String clientId,
 }) async {
   final x5c = header['x5c'];
 
@@ -1882,25 +1881,11 @@ Future<Map<String, dynamic>?> checkX509({
 
 Future<Map<String, dynamic>?> checkVerifierAttestation({
   required String clientId,
-  required JWTDecode jwtDecode,
+  required Map<String, dynamic> payload,
   required Map<String, dynamic> header,
 }) async {
-  final jwt = header['jwt'];
-
-  if (jwt == null) {
-    throw ResponseMessage(
-      data: {
-        'error': 'invalid_format',
-        'error_description': 'verifier_attestation scheme error',
-      },
-    );
-  }
-
-  final Map<String, dynamic> verifierAttestationPayload =
-      decodePayload(jwtDecode: jwtDecode, token: jwt.toString());
-
-  final sub = verifierAttestationPayload['sub'];
-  final cnf = verifierAttestationPayload['cnf'];
+  final sub = payload['sub'];
+  final cnf = payload['cnf'];
 
   if (sub == null ||
       sub != clientId ||

lib/dashboard/home/tab_bar/credentials/detail/cubit/credential_details_cubit.dart

@@ -178,10 +178,27 @@ class CredentialDetailsCubit extends Cubit<CredentialDetailsState> {
       }
 
       if (item.jwt != null) {
+        final jwt = item.jwt!;
+        final Map<String, dynamic> payload = jwtDecode.parseJwt(jwt);
+        final Map<String, dynamic> header =
+            decodeHeader(jwtDecode: jwtDecode, token: jwt);
+
+        Map<String, dynamic>? publicKeyJwk;
+
+        final x5c = header['x5c'];
+        if (x5c != null && x5c is List) {
+          publicKeyJwk = await checkX509(
+            encodedData: jwt,
+            header: header,
+            clientId: payload['iss'].toString(),
+          );
+        }
+
         final VerificationType isVerified = await verifyEncodedData(
           issuer: item.issuer,
           jwtDecode: jwtDecode,
-          jwt: item.jwt!,
+          jwt: jwt,
+          publicKeyJwk: publicKeyJwk,
         );
 
         if (isVerified == VerificationType.verified) {

lib/dashboard/qr_code/qr_code_scan/cubit/qr_code_scan_cubit.dart

@@ -1061,7 +1061,7 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
 
     if (isSecurityEnabled) {
       final Map<String, dynamic> payload =
-          decodePayload(jwtDecode: jwtDecode, token: encodedData as String);
+          jwtDecode.parseJwt(encodedData as String);
 
       final String clientId = payload['client_id'].toString();
 
@@ -1091,17 +1091,28 @@ class QRCodeScanCubit extends Cubit<QRCodeScanState> {
         if (clientIdScheme != null) {
           final Map<String, dynamic> header =
               decodeHeader(jwtDecode: jwtDecode, token: encodedData);
+
           if (clientIdScheme == 'x509_san_dns') {
             publicKeyJwk = await checkX509(
               clientId: clientId,
               encodedData: encodedData,
-              jwtDecode: jwtDecode,
               header: header,
             );
           } else if (clientIdScheme == 'verifier_attestation') {
+            final jwt = header['jwt'];
+
+            if (jwt == null) {
+              throw ResponseMessage(
+                data: {
+                  'error': 'invalid_format',
+                  'error_description': 'verifier_attestation scheme error',
+                },
+              );
+            }
+
             publicKeyJwk = await checkVerifierAttestation(
               clientId: clientId,
-              jwtDecode: jwtDecode,
+              payload: payload,
               header: header,
             );
           }