Use the Trusted DIDs field instead of automatic approval. (#73)

spruceid · Jan 8, 2025 · b6a6026 · b6a6026
1 parent efc51de
commit b6a6026
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/MobileSdkRs/Sources/MobileSdkRs/mobile_sdk_rs.swift b/MobileSdkRs/Sources/MobileSdkRs/mobile_sdk_rs.swift
@@ -1428,6 +1428,8 @@ open class Holder:
     }
     /**
      * Uses VDC collection to retrieve the credentials for a given presentation definition.
+     *
+     * If no trusted DIDs are provided then all DIDs are trusted.
      */
 public convenience init(vdcCollection: VdcCollection, trustedDids: [String], signer: PresentationSigner, contextMap: [String: String]?)async throws  {
     let pointer =
@@ -1462,6 +1464,8 @@ public convenience init(vdcCollection: VdcCollection, trustedDids: [String], sig
      *
      * This constructor will use the provided credentials for the presentation,
      * instead of searching for credentials in the VDC collection.
+     *
+     * If no trusted DIDs are provided then all DIDs are trusted.
      */
 public static func newWithCredentials(providedCredentials: [ParsedCredential], trustedDids: [String], signer: PresentationSigner, contextMap: [String: String]?)async throws  -> Holder {
     return
@@ -11459,10 +11463,10 @@ private var initializationResult: InitializationResult = {
     if (uniffi_mobile_sdk_rs_checksum_constructor_didmethodutils_new() != 22235) {
         return InitializationResult.apiChecksumMismatch
     }
-    if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new() != 64916) {
+    if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new() != 8787) {
         return InitializationResult.apiChecksumMismatch
     }
-    if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new_with_credentials() != 28515) {
+    if (uniffi_mobile_sdk_rs_checksum_constructor_holder_new_with_credentials() != 30103) {
         return InitializationResult.apiChecksumMismatch
     }
     if (uniffi_mobile_sdk_rs_checksum_constructor_ihttpclient_new_async() != 55307) {

diff --git a/src/oid4vp/holder.rs b/src/oid4vp/holder.rs
@@ -45,7 +45,6 @@ pub struct Holder {
     pub(crate) client: openid4vp::core::util::ReqwestClient,
 
     /// A list of trusted DIDs.
-    #[allow(dead_code)]
     pub(crate) trusted_dids: Vec<String>,
 
     /// Provide optional credentials to the holder instance.
@@ -76,6 +75,8 @@ impl Holder {
     }
 
     /// Uses VDC collection to retrieve the credentials for a given presentation definition.
+    ///
+    /// If no trusted DIDs are provided then all DIDs are trusted.
     #[uniffi::constructor]
     pub async fn new(
         vdc_collection: Arc<VdcCollection>,
@@ -102,6 +103,8 @@ impl Holder {
     ///
     /// This constructor will use the provided credentials for the presentation,
     /// instead of searching for credentials in the VDC collection.
+    ///
+    /// If no trusted DIDs are provided then all DIDs are trusted.
     #[uniffi::constructor]
     pub async fn new_with_credentials(
         provided_credentials: Vec<Arc<ParsedCredential>>,
@@ -278,15 +281,16 @@ impl RequestVerifier for Holder {
         let resolver: VerificationMethodDIDResolver<DIDWeb, AnyJwkMethod> =
             VerificationMethodDIDResolver::new(DIDWeb);
 
-        // NOTE: This is temporary solution that will allow any DID to be
-        // trusted. This will be replaced by the trust manager in the future.
-        let client_id = decoded_request.client_id();
+        let trusted_dids = match self.trusted_dids.as_slice() {
+            [] => None,
+            dids => Some(dids),
+        };
 
         verify_with_resolver(
             &self.metadata,
             decoded_request,
             request_jwt,
-            Some(&[client_id.0.clone()]),
+            trusted_dids,
             &resolver,
         )
         .await?;