-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate-jwt-vc-json.rb
More file actions
159 lines (128 loc) · 3.47 KB
/
generate-jwt-vc-json.rb
File metadata and controls
159 lines (128 loc) · 3.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/usr/bin/env ruby
#
# INSTALL
# -------
#
# chmod +x generate-jwt-vc-json.rb
#
# USAGE
# -----
#
# generate-jwt-vc-json.rb
# --key={PRIVATE_KEY_IN_JWK_FORMAT} # -k {PRIVATE_KEY_IN_JWK_FORMAT}
# --vc={VC_IN_JSON_FORMAT} # -v {VC_IN_JSON_FORMAT}
#
# AUTHORS
# -------
#
# Jan Vereecken <ciao@janvereecken.com>
#
# CHANGELOG
# -------
# 2024-10-04
# - Initial release
#
require 'bundler/inline'
gemfile do
source 'https://rubygems.org'
gem 'json-jwt'
gem 'optparse'
end
require 'securerandom'
require 'time'
#------------------------------------------------------------
# main
#------------------------------------------------------------
def main(args)
# Process the command line options.
options = Options.process(args)
# Prepare the payload of the jwt_vc_json credential.
payload = build_payload(options)
# Generate a JWS by signing with the key.
jwt_vc_json = sign(payload, options.key)
# Write the jwt_vc_json credential to standard output.
puts jwt_vc_json
end
#------------------------------------------------------------
# Prepare the payload of the jwt_vc_json credential.
#------------------------------------------------------------
def build_payload(options)
{
vc: options.vc,
iss: options.vc[:issuer],
nbf: Time.parse(options.vc[:issuanceDate]).to_i,
jti: options.vc[:id],
sub: options.vc[:credentialSubject][:id]
}
end
#------------------------------------------------------------
# Generate a JWS by signing with the key.
#------------------------------------------------------------
def sign(payload, jwk)
# Prepare a JWT with the header and the payload.
jwt = JSON::JWT.new(payload)
# Sign the JWT with the key and convert it to JWS.
jwt.sign(jwk).to_s
end
#------------------------------------------------------------
# Command line options
#------------------------------------------------------------
class Options < OptionParser
DESC_KEY = "A file containing a private key in the JWK format."
DESC_VC = "A file containing a verifiable credential in JSON format."
attr_reader :key, :vc
def initialize
super
@key = nil
@vc = nil
self.on('-k FILE', '--key=FILE', DESC_KEY) do |file|
@key = self.read_jwk(file)
end
self.on('-v FILE', '--vc=FILE', DESC_VC) do |file|
@vc = read_vc(file)
end
end
private
def read_jwk(file)
json = File.read(file)
hash = JSON.parse(json, {symbolize_names: true})
JSON::JWK.new(hash)
end
def read_vc(file)
json = File.read(file)
JSON.parse(json, {symbolize_names: true})
end
def error_if_missing(value, option)
if value.nil?
raise OptionParser::ParseError.new "'#{option}' is missing."
end
end
public
def verify
error_if_missing(@key, '--key=FILE')
error_if_missing(@vc, '--vc=FILE')
end
def self.process(args)
options = Options.new
options.parse(args)
options.verify()
return options
end
end
#------------------------------------------------------------
# Extension of the json-jwt library
#------------------------------------------------------------
module JSON
class JWT
# Override the 'sign' method not to include 'kid'.
def sign(private_key_or_secret, algorithm = :autodetect)
jws = JWS.new self
jws.alg = algorithm
jws.sign! private_key_or_secret
end
end
end
#------------------------------------------------------------
# Entry Point
#------------------------------------------------------------
main(ARGV)