@@ -12,10 +12,16 @@ import type {
1212import { SimpleDigiCredsError } from '../../helpers/simpleDigiCredsError.ts' ;
1313import type { Uint8Array_ } from '../../helpers/types.ts' ;
1414
15- export async function verifyDeviceSigned ( { document, nonce, possibleOrigins } : {
15+ export async function verifyDeviceSigned ( {
16+ document,
17+ nonce,
18+ possibleOrigins,
19+ verifierPublicKeyJWK,
20+ } : {
1621 document : DecodedDocument ;
1722 nonce : string ;
1823 possibleOrigins : string [ ] ;
24+ verifierPublicKeyJWK ?: JsonWebKey ;
1925} ) : Promise < VerifiedDeviceSigned > {
2026 const issuerSigned = document . get ( 'issuerSigned' ) ;
2127 const deviceSigned = document . get ( 'deviceSigned' ) ;
@@ -35,9 +41,16 @@ export async function verifyDeviceSigned({ document, nonce, possibleOrigins }: {
3541 const dateValidUntil = new Date ( Date . parse ( validUntil ) ) ;
3642 const now = new Date ( Date . now ( ) ) ;
3743
38- if ( dateValidFrom > now || dateValidUntil < now ) {
44+ if ( dateValidFrom > now ) {
3945 throw new SimpleDigiCredsError ( {
40- message : `Credential is not yet valid or is expired` ,
46+ message : 'Credential is not yet valid' ,
47+ code : 'MdocVerificationError' ,
48+ } ) ;
49+ }
50+
51+ if ( dateValidUntil < now ) {
52+ throw new SimpleDigiCredsError ( {
53+ message : `Credential is expired` ,
4154 code : 'MdocVerificationError' ,
4255 } ) ;
4356 }
@@ -54,9 +67,11 @@ export async function verifyDeviceSigned({ document, nonce, possibleOrigins }: {
5467 let verified : boolean = false ;
5568 let verifiedOrigin : string = '' ;
5669 for ( const origin of possibleOrigins ) {
57- const clientID = `web-origin:${ origin } ` ;
58-
59- const sessionTranscript = await generateSessionTranscript ( origin , clientID , nonce ) ;
70+ const sessionTranscript = await generateSessionTranscript (
71+ origin ,
72+ nonce ,
73+ verifierPublicKeyJWK ,
74+ ) ;
6075
6176 const deviceSignedNameSpaces = deviceSigned . get ( 'nameSpaces' ) ;
6277
0 commit comments