[fix] added some comments

eu-digital-identity-wallet · Oct 1, 2024 · c8ba2d2 · c8ba2d2
1 parent c0b687a
commit c8ba2d2
Show file tree

Hide file tree

Showing 3 changed files with 97 additions and 21 deletions.
diff --git a/Sources/Utilities/Extensions/Certificate+Extensions.swift b/Sources/Utilities/Extensions/Certificate+Extensions.swift
@@ -16,7 +16,17 @@
 import Foundation
 import X509
 
+/// Extension for the `SubjectAlternativeNames` structure provided by X.509 library.
+/// This extension provides utility methods for extracting DNS names and URIs from the
+/// subject alternative names (SAN) field of an X.509 certificate.
 extension SubjectAlternativeNames {
+
+  /// Extracts the DNS names from the subject alternative names (SAN) field of a certificate.
+  ///
+  /// This function iterates over all general names in the `SubjectAlternativeNames` structure
+  /// and extracts only those that are DNS names (`.dnsName`). It returns these names as an array of strings.
+  ///
+  /// - Returns: An array of DNS names found in the subject alternative names field, or an empty array if no DNS names are present.
   func rawSubjectAlternativeNames() -> [String] {
     self.compactMap { generalName in
       switch generalName {
@@ -27,6 +37,12 @@ extension SubjectAlternativeNames {
     }
   }
 
+  /// Extracts the Uniform Resource Identifiers (URIs) from the subject alternative names (SAN) field of a certificate.
+  ///
+  /// This function iterates over all general names in the `SubjectAlternativeNames` structure
+  /// and extracts only those that are URIs (`.uniformResourceIdentifier`). It returns these URIs as an array of strings.
+  ///
+  /// - Returns: An array of URIs found in the subject alternative names field, or an empty array if no URIs are present.
   func rawUniformResourceIdentifiers() -> [String] {
     self.compactMap { generalName in
       switch generalName {

diff --git a/Sources/Utilities/TrustFunctions.swift b/Sources/Utilities/TrustFunctions.swift
@@ -18,27 +18,21 @@ import X509
 import SwiftyJSON
 
 func parseCertificates(from chain: [String]) -> [Certificate] {
-  chain.compactMap { serializedCertificate in
-    guard let serializedData = Data(base64Encoded: serializedCertificate) else {
-      return nil
-    }
-
-    if let string = String(data: serializedData, encoding: .utf8) {
-      guard let data = Data(base64Encoded: string.removeCertificateDelimiters()) else {
-        return nil
-      }
-      let derBytes = [UInt8](data)
-      return try? Certificate(derEncoded: derBytes)
-    } else {
-      let derBytes = [UInt8](serializedData)
-      return try? Certificate(derEncoded: derBytes)
-    }
-  }
+  processChain(chain)
 }
 
 func parseCertificates(from data: Data) -> [Certificate] {
   let header = try? JSON(data: data)
   let chain = header?["x5c"].array?.compactMap { $0.stringValue } ?? []
+  return processChain(chain)
+}
+
+func parseCertificateData(_ data: Data) -> [String] {
+  let header = try? JSON(data: data)
+  return header?["x5c"].array?.compactMap { $0.stringValue } ?? []
+}
+
+fileprivate func processChain(_ chain: [String]) -> [Certificate] {
   return chain.compactMap { serializedCertificate in
     guard let serializedData = Data(base64Encoded: serializedCertificate) else {
       return nil
@@ -56,8 +50,3 @@ func parseCertificates(from data: Data) -> [Certificate] {
     }
   }
 }
-
-func parseCertificateData(_ data: Data) -> [String] {
-  let header = try? JSON(data: data)
-  return header?["x5c"].array?.compactMap { $0.stringValue } ?? []
-}
diff --git a/Sources/Verifier/SDJWTVCVerifier.swift b/Sources/Verifier/SDJWTVCVerifier.swift
@@ -28,24 +28,67 @@ private let SD_JWT_VC_TYPE = "vc+sd-jwt"
  * A protocol to look up public keys from DIDs/DID URLs.
  */
 public protocol LookupPublicKeysFromDIDDocument {
+  /**
+   * Asynchronously looks up public keys from a DID document based on a DID or DID URL.
+   *
+   * - Parameters:
+   *   - did: The DID identifier.
+   *   - didUrl: The DID URL (optional).
+   * - Returns: An array of JWKs (public keys) or `nil` if the lookup fails.
+   */
   func lookup(did: String, didUrl: String?) async -> [JWK]?
 }
 
+/**
+ * A protocol defining methods for verifying SD-JWTs
+ */
 protocol SdJwtVcVerifierType {
+
+  /**
+   * Verifies the issuance of an SD-JWT from a serialized string.
+   *
+   * - Parameter unverifiedSdJwt: The unverified SD-JWT in string format.
+   * - Returns: A `Result` containing either the verified `SignedSDJWT` or an error.
+   */
   func verifyIssuance(
     unverifiedSdJwt: String
   ) async throws -> Result<SignedSDJWT, any Error>
+
+  /**
+   * Verifies the issuance of an SD-JWT from a `JSON` object.
+   *
+   * - Parameter unverifiedSdJwt: The unverified SD-JWT in `JSON` format.
+   * - Returns: A `Result` containing either the verified `SignedSDJWT` or an error.
+   */
   func verifyIssuance(
     unverifiedSdJwt: JSON
   ) async throws -> Result<SignedSDJWT, any Error>
 }
 
+/**
+ * A class for verifying SD-JWT Verifiable Credentials.
+ * This class verifies SD-JWT VCs by validating the JWT's signatures and
+ * using trust chains and metadata fetching.
+ */
 public class SDJWTVCVerifier: SdJwtVcVerifierType {
 
+  /// X.509 certificate trust configuration used for verifying certificates.
   private let trust: X509CertificateTrust
+
+  /// Optional service for fetching public keys from DID documents.
   private let lookup: LookupPublicKeysFromDIDDocument?
+
+  /// Service for fetching issuer metadata such as public keys.
   private let fetcher: any SdJwtVcIssuerMetaDataFetching
 
+  /**
+   * Initializes the `SDJWTVCVerifier` with dependencies for metadata fetching, certificate trust, and public key lookup.
+   *
+   * - Parameters:
+   *   - fetcher: A service responsible for fetching issuer metadata.
+   *   - trust: The X.509 trust configuration.
+   *   - lookup: Optional service for looking up public keys from DIDs or DID URLs.
+   */
   public init(
     fetcher: SdJwtVcIssuerMetaDataFetching = SdJwtVcIssuerMetaDataFetcher(
       urlSession: .shared
@@ -58,6 +101,12 @@ public class SDJWTVCVerifier: SdJwtVcVerifierType {
     self.lookup = lookup
   }
 
+  /**
+   * Verifies the issuance of an SD-JWT VC.
+   *
+   * - Parameter unverifiedSdJwt: The unverified SD-JWT in string format.
+   * - Returns: A `Result` containing either the verified `SignedSDJWT` or an error.
+   */
   func verifyIssuance(
     unverifiedSdJwt: String
   ) async throws -> Result<SignedSDJWT, any Error> {
@@ -86,6 +135,12 @@ public class SDJWTVCVerifier: SdJwtVcVerifierType {
     }
   }
 
+  /**
+   * Verifies the issuance of an SD-JWT VC.
+   *
+   * - Parameter unverifiedSdJwt: The unverified SD-JWT in `JSON` format.
+   * - Returns: A `Result` containing either the verified `SignedSDJWT` or an error.
+   */
   func verifyIssuance(
     unverifiedSdJwt: JSON
   ) async throws -> Result<SignedSDJWT, any Error> {
@@ -122,6 +177,16 @@ public class SDJWTVCVerifier: SdJwtVcVerifierType {
 }
 
 private extension SDJWTVCVerifier {
+
+  /**
+   * Selects the issuer's public key from the JWS object based on metadata, X.509 certificates, or DID URLs.
+   *
+   * - Parameters:
+   *   - jws: The JSON Web Signature object.
+   *   - trust: The X.509 trust configuration.
+   *   - lookup: Optional service for looking up public keys from DID documents.
+   * - Returns: A `Result` containing either the selected `JWK` or an error.
+   */
   func issuerJwsKeySelector(
     jws: JWS,
     trust: X509CertificateTrust,
@@ -170,6 +235,12 @@ private extension SDJWTVCVerifier {
     }
   }
 
+  /**
+   * Determines the source of the issuer's public key from the JWS object.
+   *
+   * - Parameter jws: The JSON Web Signature object.
+   * - Returns: An optional `SdJwtVcIssuerPublicKeySource` object.
+   */
   func keySource(jws: JWS) throws -> SdJwtVcIssuerPublicKeySource? {
 
     guard let iss = try? jws.iss() else {