From b80b1cfd1174d1af8e6deeda4796e9bbc6bc084b Mon Sep 17 00:00:00 2001
From: Zoe Maas <zmaas@sphereon.com>
Date: Thu, 28 Nov 2024 11:29:54 +0100
Subject: [PATCH 1/5] chore: Added jwt payload to the externalOIDFIdentifier.ts

---
 .../src/functions/externalOIDFIdentifier.ts                  | 5 ++++-
 .../src/types/externalIdentifierTypes.ts                     | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
index fcc20bc2..25efff67 100644
--- a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
+++ b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
@@ -42,6 +42,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
   const errorList: Record<TrustedAnchor, ErrorMessage> = {}
   const jwkInfos: Array<ExternalJwkInfo> = []
 
+  let payload: string | undefined
   for (const trustAnchor of trustAnchors) {
     const resolveResult = await context.agent.resolveTrustChain({
       entityIdentifier: identifier,
@@ -70,6 +71,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
         continue
       }
 
+      payload = JSON.parse(jwtVerifyResult.jws.payload)
       const signature = jwtVerifyResult.jws.signatures[0]
       if (signature.identifier.jwks.length === 0) {
         errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'
@@ -88,6 +90,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
     trustedAnchors: Array.from(trustedAnchors),
     ...(Object.keys(errorList).length > 0 && { errorList }),
     jwks: jwkInfos,
-    trustEstablished: trustedAnchors.size > 0
+    jwtPayload: payload,
+    trustEstablished: trustedAnchors.size > 0,
   }
 }
diff --git a/packages/identifier-resolution/src/types/externalIdentifierTypes.ts b/packages/identifier-resolution/src/types/externalIdentifierTypes.ts
index ddb64159..d92d902c 100644
--- a/packages/identifier-resolution/src/types/externalIdentifierTypes.ts
+++ b/packages/identifier-resolution/src/types/externalIdentifierTypes.ts
@@ -165,6 +165,7 @@ export interface ExternalIdentifierOIDFEntityIdResult extends IExternalIdentifie
   method: 'entity_id'
   trustedAnchors: Array<TrustedAnchor>
   errorList?: Record<TrustedAnchor, ErrorMessage>
+  jwtPayload?: string
   trustEstablished: boolean
 }
 

From 8c2ba7951e23650a8b2df0a20db13109357fc284 Mon Sep 17 00:00:00 2001
From: Zoe Maas <zmaas@sphereon.com>
Date: Thu, 28 Nov 2024 14:41:40 +0100
Subject: [PATCH 2/5] fix: Fixed jwt decoding

---
 .../src/functions/externalOIDFIdentifier.ts                    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
index 25efff67..9844d83b 100644
--- a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
+++ b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
@@ -9,6 +9,7 @@ import { IAgentContext } from '@veramo/core'
 import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
 import { IJwsValidationResult } from '../types/IJwtService'
+import {decodeBase64url} from "@veramo/utils";
 
 /**
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
@@ -71,7 +72,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
         continue
       }
 
-      payload = JSON.parse(jwtVerifyResult.jws.payload)
+      payload = JSON.parse(decodeBase64url(jwtVerifyResult.jws.payload))
       const signature = jwtVerifyResult.jws.signatures[0]
       if (signature.identifier.jwks.length === 0) {
         errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'

From 67b5af10a1af66aaa03c225c0303cd323a2d5c80 Mon Sep 17 00:00:00 2001
From: Zoe Maas <zmaas@sphereon.com>
Date: Thu, 28 Nov 2024 15:52:35 +0100
Subject: [PATCH 3/5] fix: Fixed jwt type

---
 .../src/functions/externalOIDFIdentifier.ts            | 10 +++++-----
 .../src/types/externalIdentifierTypes.ts               |  3 ++-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
index 9844d83b..f7ac6335 100644
--- a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
+++ b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
@@ -5,10 +5,10 @@ import {
   ExternalJwkInfo,
   TrustedAnchor,
 } from '../types'
-import { IAgentContext } from '@veramo/core'
-import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
-import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
-import { IJwsValidationResult } from '../types/IJwtService'
+import {IAgentContext} from '@veramo/core'
+import {IOIDFClient} from '@sphereon/ssi-sdk.oidf-client'
+import {contextHasPlugin} from '@sphereon/ssi-sdk.agent-config'
+import {IJwsValidationResult, JwsPayload} from '../types/IJwtService'
 import {decodeBase64url} from "@veramo/utils";
 
 /**
@@ -43,7 +43,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
   const errorList: Record<TrustedAnchor, ErrorMessage> = {}
   const jwkInfos: Array<ExternalJwkInfo> = []
 
-  let payload: string | undefined
+  let payload: JwsPayload | undefined
   for (const trustAnchor of trustAnchors) {
     const resolveResult = await context.agent.resolveTrustChain({
       entityIdentifier: identifier,
diff --git a/packages/identifier-resolution/src/types/externalIdentifierTypes.ts b/packages/identifier-resolution/src/types/externalIdentifierTypes.ts
index d92d902c..98acf04b 100644
--- a/packages/identifier-resolution/src/types/externalIdentifierTypes.ts
+++ b/packages/identifier-resolution/src/types/externalIdentifierTypes.ts
@@ -13,6 +13,7 @@ import {
   isX5cIdentifier,
   JwkInfo,
 } from './common'
+import {JwsPayload} from "./IJwtService";
 
 /**
  * Use whenever we need to resolve an external identifier. We can pass in kids, DIDs, and x5chains
@@ -165,7 +166,7 @@ export interface ExternalIdentifierOIDFEntityIdResult extends IExternalIdentifie
   method: 'entity_id'
   trustedAnchors: Array<TrustedAnchor>
   errorList?: Record<TrustedAnchor, ErrorMessage>
-  jwtPayload?: string
+  jwtPayload?: JwsPayload
   trustEstablished: boolean
 }
 

From 9afc4871e65ef851cd4c479ace388c0651243dca Mon Sep 17 00:00:00 2001
From: Zoe Maas <zmaas@sphereon.com>
Date: Tue, 3 Dec 2024 17:19:31 +0100
Subject: [PATCH 4/5] refactor: Replaced @veramo/utils with uint8arrays

---
 .../src/functions/externalOIDFIdentifier.ts                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
index f7ac6335..5d16b305 100644
--- a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
+++ b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
@@ -9,7 +9,7 @@ import {IAgentContext} from '@veramo/core'
 import {IOIDFClient} from '@sphereon/ssi-sdk.oidf-client'
 import {contextHasPlugin} from '@sphereon/ssi-sdk.agent-config'
 import {IJwsValidationResult, JwsPayload} from '../types/IJwtService'
-import {decodeBase64url} from "@veramo/utils";
+import * as u8a from 'uint8arrays'
 
 /**
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships
@@ -72,7 +72,7 @@ export async function resolveExternalOIDFEntityIdIdentifier(
         continue
       }
 
-      payload = JSON.parse(decodeBase64url(jwtVerifyResult.jws.payload))
+      payload = JSON.parse(u8a.toString(u8a.fromString(jwtVerifyResult.jws.payload, 'base64url')))
       const signature = jwtVerifyResult.jws.signatures[0]
       if (signature.identifier.jwks.length === 0) {
         errorList[trustAnchor] = 'No JWK was present in the trust anchor signature'

From f1862bf57b3488fffaad2222174ed6927e5e3a05 Mon Sep 17 00:00:00 2001
From: Zoe Maas <zmaas@sphereon.com>
Date: Tue, 3 Dec 2024 17:23:44 +0100
Subject: [PATCH 5/5] fix: merging issue

---
 .../src/functions/externalOIDFIdentifier.ts                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
index dd787f9b..e7db5722 100644
--- a/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
+++ b/packages/identifier-resolution/src/functions/externalOIDFIdentifier.ts
@@ -2,7 +2,7 @@ import { ErrorMessage, ExternalIdentifierOIDFEntityIdOpts, ExternalIdentifierOID
 import { IAgentContext } from '@veramo/core'
 import { IOIDFClient } from '@sphereon/ssi-sdk.oidf-client'
 import { contextHasPlugin } from '@sphereon/ssi-sdk.agent-config'
-import { IJwsValidationResult } from '../types/IJwtService'
+import {IJwsValidationResult, JwsPayload} from '../types/IJwtService'
 import * as u8a from 'uint8arrays'
 /**
  * Resolves an OIDF Entity ID against multiple trust anchors to establish trusted relationships