Module: HealthCards::Verification

Included in:

Verifier, Verifier

Defined in:

lib/health_cards/verification.rb

Overview

Logic for verifying a Payload JWS

Instance Method Summary

• #resolve_key(jws) ⇒ HealthCards::KeySet

  Resolve a key.

• #verify_using_key_set(verifiable, key_set = nil, resolve_keys: true) ⇒ Boolean

  Verify Health Card with given KeySet.

Instance Method Details

#resolve_key(jws) ⇒ HealthCards::KeySet

Resolve a key

Parameters:

• jws (HealthCards::JWS, String) —

  The JWS for which to resolve keys

Returns:

• (HealthCards::KeySet)

# File 'lib/health_cards/verification.rb', line 30

def resolve_key(jws)
  jwks_uri = URI("#{HealthCard.new(jws.to_s).issuer}/.well-known/jwks.json")
  res = Net::HTTP.get(jwks_uri)
  HealthCards::KeySet.from_jwks(res)
# Handle response if key is malformed or unreachable
rescue StandardError => e
  raise HealthCards::UnresolvableKeySetError, "Unable resolve a valid key from uri #{jwks_uri}: #{e.message}"
end

#verify_using_key_set(verifiable, key_set = nil, resolve_keys: true) ⇒ Boolean

Verify Health Card with given KeySet

Parameters:

• verifiable (HealthCards::JWS, String) —

  the health card to verify

• key_set (HealthCards::KeySet, nil) (defaults to: nil) —

  the KeySet from which keys should be taken or added

• resolve_keys (Boolean) (defaults to: true) —

  if keys should be resolved

Returns:

• (Boolean)

# File 'lib/health_cards/verification.rb', line 12

def verify_using_key_set(verifiable, key_set = nil, resolve_keys: true)
  jws = verifiable.is_a?(HealthCards::HealthCard) ? verifiable.jws : JWS.from_jws(verifiable)
  key_set ||= HealthCards::KeySet.new
  key_set.add_keys(resolve_key(jws)) if resolve_keys && key_set.find_key(jws.kid).nil?

  key = key_set.find_key(jws.kid)
  unless key
    raise MissingPublicKeyError,
          'Verifier does not contain public key that is able to verify this signature'
  end

  jws.public_key = key
  jws.verify
end