From d78af16ce4439a313ceff31593013a1a35fd428e Mon Sep 17 00:00:00 2001
From: Enrico Marconi <enrico.marconi@hotmail.it>
Date: Mon, 19 Aug 2024 12:23:51 +0200
Subject: [PATCH 1/5] wasm bindings for ecdsa verifier

---
 bindings/wasm/Cargo.toml                      |   1 +
 bindings/wasm/docs/api-reference.md           | 205 ++++++++++--------
 .../wasm/src/verification/jws_verifier.rs     |  42 ++++
 3 files changed, 163 insertions(+), 85 deletions(-)

diff --git a/bindings/wasm/Cargo.toml b/bindings/wasm/Cargo.toml
index 9e264b3b6d..b9828d91b7 100644
--- a/bindings/wasm/Cargo.toml
+++ b/bindings/wasm/Cargo.toml
@@ -21,6 +21,7 @@ bls12_381_plus = "=0.8.15"
 console_error_panic_hook = { version = "0.1" }
 futures = { version = "0.3" }
 identity_eddsa_verifier = { path = "../../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
+identity_ecdsa_verifier = { path = "../../identity_ecdsa_verifier", default-features = false, features = ["es256", "es256k"] }
 js-sys = { version = "0.3.61" }
 json-proof-token = "0.3.4"
 proc_typescript = { version = "0.1.0", path = "./proc_typescript" }
diff --git a/bindings/wasm/docs/api-reference.md b/bindings/wasm/docs/api-reference.md
index db03dc07ec..95b36ee6e3 100644
--- a/bindings/wasm/docs/api-reference.md
+++ b/bindings/wasm/docs/api-reference.md
@@ -52,6 +52,10 @@ See: <a href="https://identity.foundation/.well-known/resources/did-configuratio
 <dt><a href="#Duration">Duration</a></dt>
 <dd><p>A span of time.</p>
 </dd>
+<dt><a href="#EcDSAJwsVerifier">EcDSAJwsVerifier</a></dt>
+<dd><p>An implementor of <code>IJwsVerifier</code> that can handle the
+<code>EcDSA</code> algorithm.</p>
+</dd>
 <dt><a href="#EdDSAJwsVerifier">EdDSAJwsVerifier</a></dt>
 <dd><p>An implementor of <code>IJwsVerifier</code> that can handle the
 <code>EdDSA</code> algorithm.</p>
@@ -252,31 +256,9 @@ working with storage backed DID documents.</p>
 ## Members
 
 <dl>
-<dt><a href="#PresentationProofAlgorithm">PresentationProofAlgorithm</a></dt>
-<dd></dd>
-<dt><a href="#ProofAlgorithm">ProofAlgorithm</a></dt>
-<dd></dd>
-<dt><a href="#StatusCheck">StatusCheck</a></dt>
-<dd><p>Controls validation behaviour when checking whether or not a credential has been revoked by its
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a>.</p>
-</dd>
-<dt><a href="#Strict">Strict</a></dt>
-<dd><p>Validate the status if supported, reject any unsupported
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
-<p>Only <code>RevocationBitmap2022</code> is currently supported.</p>
-<p>This is the default.</p>
-</dd>
-<dt><a href="#SkipUnsupported">SkipUnsupported</a></dt>
-<dd><p>Validate the status if supported, skip any unsupported
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
-</dd>
-<dt><a href="#SkipAll">SkipAll</a></dt>
-<dd><p>Skip all status checks.</p>
+<dt><a href="#StatusPurpose">StatusPurpose</a></dt>
+<dd><p>Purpose of a <a href="#StatusList2021">StatusList2021</a>.</p>
 </dd>
-<dt><a href="#SerializationType">SerializationType</a></dt>
-<dd></dd>
-<dt><a href="#MethodRelationship">MethodRelationship</a></dt>
-<dd></dd>
 <dt><a href="#SubjectHolderRelationship">SubjectHolderRelationship</a></dt>
 <dd><p>Declares how credential subjects must relate to the presentation holder.</p>
 <p>See also the <a href="https://www.w3.org/TR/vc-data-model/#subject-holder-relationships">Subject-Holder Relationship</a> section of the specification.</p>
@@ -291,13 +273,20 @@ This variant is the default.</p>
 <dt><a href="#Any">Any</a></dt>
 <dd><p>The holder is not required to have any kind of relationship to any credential subject.</p>
 </dd>
-<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
+<dt><a href="#ProofAlgorithm">ProofAlgorithm</a></dt>
 <dd></dd>
-<dt><a href="#StatusPurpose">StatusPurpose</a></dt>
-<dd><p>Purpose of a <a href="#StatusList2021">StatusList2021</a>.</p>
-</dd>
 <dt><a href="#StateMetadataEncoding">StateMetadataEncoding</a></dt>
 <dd></dd>
+<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
+<dd></dd>
+<dt><a href="#PayloadType">PayloadType</a></dt>
+<dd></dd>
+<dt><a href="#PresentationProofAlgorithm">PresentationProofAlgorithm</a></dt>
+<dd></dd>
+<dt><a href="#MethodRelationship">MethodRelationship</a></dt>
+<dd></dd>
+<dt><a href="#SerializationType">SerializationType</a></dt>
+<dd></dd>
 <dt><a href="#FailFast">FailFast</a></dt>
 <dd><p>Declares when validation should return if an error occurs.</p>
 </dd>
@@ -307,12 +296,6 @@ This variant is the default.</p>
 <dt><a href="#FirstError">FirstError</a></dt>
 <dd><p>Return after the first error occurs.</p>
 </dd>
-<dt><a href="#PayloadType">PayloadType</a></dt>
-<dd></dd>
-<dt><a href="#MethodRelationship">MethodRelationship</a></dt>
-<dd></dd>
-<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
-<dd></dd>
 <dt><a href="#StatusCheck">StatusCheck</a></dt>
 <dd><p>Controls validation behaviour when checking whether or not a credential has been revoked by its
 <a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a>.</p>
@@ -343,9 +326,6 @@ This variant is the default.</p>
 <p>This function does not check whether <code>alg = EdDSA</code> in the protected header. Callers are expected to assert this
 prior to calling the function.</p>
 </dd>
-<dt><a href="#start">start()</a></dt>
-<dd><p>Initializes the console error panic hook for better error messages</p>
-</dd>
 <dt><a href="#encodeB64">encodeB64(data)</a> ⇒ <code>string</code></dt>
 <dd><p>Encode the given bytes in url-safe base64.</p>
 </dd>
@@ -1913,6 +1893,43 @@ Deserializes an instance from a JSON object.
 | --- | --- |
 | json | <code>any</code> | 
 
+<a name="EcDSAJwsVerifier"></a>
+
+## EcDSAJwsVerifier
+An implementor of `IJwsVerifier` that can handle the
+`EcDSA` algorithm.
+
+**Kind**: global class  
+
+* [EcDSAJwsVerifier](#EcDSAJwsVerifier)
+    * [new EcDSAJwsVerifier()](#new_EcDSAJwsVerifier_new)
+    * [.verify(alg, signingInput, decodedSignature, publicKey)](#EcDSAJwsVerifier+verify)
+
+<a name="new_EcDSAJwsVerifier_new"></a>
+
+### new EcDSAJwsVerifier()
+Constructs an EcDSAJwsVerifier.
+
+<a name="EcDSAJwsVerifier+verify"></a>
+
+### ecDSAJwsVerifier.verify(alg, signingInput, decodedSignature, publicKey)
+Verify a JWS signature secured with the `EcDSA` algorithm.
+Only the `ES256` and `ES256K` curves are supported for now.
+
+# Warning
+
+This function does not check the `alg` property in the protected header. Callers are expected to assert this
+prior to calling the function.
+
+**Kind**: instance method of [<code>EcDSAJwsVerifier</code>](#EcDSAJwsVerifier)  
+
+| Param | Type |
+| --- | --- |
+| alg | <code>JwsAlgorithm</code> | 
+| signingInput | <code>Uint8Array</code> | 
+| decodedSignature | <code>Uint8Array</code> | 
+| publicKey | [<code>Jwk</code>](#Jwk) | 
+
 <a name="EdDSAJwsVerifier"></a>
 
 ## EdDSAJwsVerifier
@@ -3224,7 +3241,7 @@ Utility functions for validating JPT credentials.
 <a name="JptCredentialValidatorUtils.extractIssuer"></a>
 
 ### JptCredentialValidatorUtils.extractIssuer(credential) ⇒ [<code>CoreDID</code>](#CoreDID)
-Utility for extracting the issuer field of a [`Credential`](`Credential`) as a DID.
+Utility for extracting the issuer field of a [Credential](#Credential) as a DID.
 # Errors
 Fails if the issuer field is not a valid DID.
 
@@ -5450,7 +5467,8 @@ Supported verification method types.
     * _static_
         * [.Ed25519VerificationKey2018()](#MethodType.Ed25519VerificationKey2018) ⇒ [<code>MethodType</code>](#MethodType)
         * [.X25519KeyAgreementKey2019()](#MethodType.X25519KeyAgreementKey2019) ⇒ [<code>MethodType</code>](#MethodType)
-        * [.JsonWebKey()](#MethodType.JsonWebKey) ⇒ [<code>MethodType</code>](#MethodType)
+        * ~~[.JsonWebKey()](#MethodType.JsonWebKey)~~
+        * [.JsonWebKey2020()](#MethodType.JsonWebKey2020) ⇒ [<code>MethodType</code>](#MethodType)
         * [.custom(type_)](#MethodType.custom) ⇒ [<code>MethodType</code>](#MethodType)
         * [.fromJSON(json)](#MethodType.fromJSON) ⇒ [<code>MethodType</code>](#MethodType)
 
@@ -5482,7 +5500,13 @@ Deep clones the object.
 **Kind**: static method of [<code>MethodType</code>](#MethodType)  
 <a name="MethodType.JsonWebKey"></a>
 
-### MethodType.JsonWebKey() ⇒ [<code>MethodType</code>](#MethodType)
+### ~~MethodType.JsonWebKey()~~
+***Deprecated***
+
+**Kind**: static method of [<code>MethodType</code>](#MethodType)  
+<a name="MethodType.JsonWebKey2020"></a>
+
+### MethodType.JsonWebKey2020() ⇒ [<code>MethodType</code>](#MethodType)
 A verification method for use with JWT verification as prescribed by the [Jwk](#Jwk)
 in the `publicKeyJwk` entry.
 
@@ -7529,46 +7553,11 @@ Deserializes an instance from a JSON object.
 | --- | --- |
 | json | <code>any</code> | 
 
+<a name="StatusPurpose"></a>
 
-**Kind**: global variable  
-<a name="StatusCheck"></a>
-
-## StatusCheck
-Controls validation behaviour when checking whether or not a credential has been revoked by its
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+## StatusPurpose
+Purpose of a [StatusList2021](#StatusList2021).
 
-**Kind**: global variable  
-<a name="Strict"></a>
-
-## Strict
-Validate the status if supported, reject any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-Only `RevocationBitmap2022` is currently supported.
-
-This is the default.
-
-**Kind**: global variable  
-<a name="SkipUnsupported"></a>
-
-## SkipUnsupported
-Validate the status if supported, skip any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-**Kind**: global variable  
-<a name="SkipAll"></a>
-
-## SkipAll
-Skip all status checks.
-
-**Kind**: global variable  
-<a name="SerializationType"></a>
-
-## SerializationType
-**Kind**: global variable  
-<a name="MethodRelationship"></a>
-
-## MethodRelationship
 **Kind**: global variable  
 <a name="SubjectHolderRelationship"></a>
 
@@ -7596,12 +7585,35 @@ The holder must match the subject only for credentials where the [`nonTransferab
 ## Any
 The holder is not required to have any kind of relationship to any credential subject.
 
-## StateMetadataEncoding
+**Kind**: global variable  
+<a name="ProofAlgorithm"></a>
+
+## ProofAlgorithm
 **Kind**: global variable  
 <a name="StateMetadataEncoding"></a>
 
 ## StateMetadataEncoding
 **Kind**: global variable  
+<a name="CredentialStatus"></a>
+
+## CredentialStatus
+**Kind**: global variable  
+<a name="PayloadType"></a>
+
+## PayloadType
+**Kind**: global variable  
+<a name="PresentationProofAlgorithm"></a>
+
+## PresentationProofAlgorithm
+**Kind**: global variable  
+<a name="MethodRelationship"></a>
+
+## MethodRelationship
+**Kind**: global variable  
+<a name="SerializationType"></a>
+
+## SerializationType
+**Kind**: global variable  
 <a name="FailFast"></a>
 
 ## FailFast
@@ -7620,6 +7632,35 @@ Return all errors that occur during validation.
 Return after the first error occurs.
 
 **Kind**: global variable  
+<a name="StatusCheck"></a>
+
+## StatusCheck
+Controls validation behaviour when checking whether or not a credential has been revoked by its
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+
+**Kind**: global variable  
+<a name="Strict"></a>
+
+## Strict
+Validate the status if supported, reject any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+Only `RevocationBitmap2022` is currently supported.
+
+This is the default.
+
+**Kind**: global variable  
+<a name="SkipUnsupported"></a>
+
+## SkipUnsupported
+Validate the status if supported, skip any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+**Kind**: global variable  
+<a name="SkipAll"></a>
+
+## SkipAll
+Skip all status checks.
 
 **Kind**: global variable  
 <a name="verifyEd25519"></a>
@@ -7644,12 +7685,6 @@ prior to calling the function.
 | decodedSignature | <code>Uint8Array</code> | 
 | publicKey | [<code>Jwk</code>](#Jwk) | 
 
-<a name="start"></a>
-
-## start()
-Initializes the console error panic hook for better error messages
-
-**Kind**: global function  
 <a name="encodeB64"></a>
 
 ## encodeB64(data) ⇒ <code>string</code>
diff --git a/bindings/wasm/src/verification/jws_verifier.rs b/bindings/wasm/src/verification/jws_verifier.rs
index 6113674828..d7c4e4368d 100644
--- a/bindings/wasm/src/verification/jws_verifier.rs
+++ b/bindings/wasm/src/verification/jws_verifier.rs
@@ -3,6 +3,7 @@
 
 use identity_eddsa_verifier::Ed25519Verifier;
 use identity_eddsa_verifier::EdDSAJwsVerifier;
+use identity_ecdsa_verifier::EcDSAJwsVerifier;
 use identity_iota::verification::jws::JwsAlgorithm;
 use identity_iota::verification::jws::JwsVerifier;
 use identity_iota::verification::jws::VerificationInput;
@@ -80,3 +81,44 @@ impl WasmEdDSAJwsVerifier {
     EdDSAJwsVerifier::default().verify(input, &publicKey.0).wasm_result()
   }
 }
+
+/// An implementor of `IJwsVerifier` that can handle the
+/// `EcDSA` algorithm.
+#[wasm_bindgen(js_name = EcDSAJwsVerifier)]
+pub struct WasmEcDSAJwsVerifier();
+
+#[wasm_bindgen(js_class = EcDSAJwsVerifier)]
+#[allow(clippy::new_without_default)]
+impl WasmEcDSAJwsVerifier {
+  /// Constructs an EcDSAJwsVerifier.
+  #[wasm_bindgen(constructor)]
+  pub fn new() -> Self {
+    Self()
+  }
+
+  /// Verify a JWS signature secured with the `EcDSA` algorithm.
+  /// Only the `ES256` and `ES256K` curves are supported for now.
+  ///
+  /// # Warning
+  ///
+  /// This function does not check the `alg` property in the protected header. Callers are expected to assert this
+  /// prior to calling the function.
+  #[wasm_bindgen]
+  #[allow(non_snake_case)]
+  pub fn verify(
+    &self,
+    alg: WasmJwsAlgorithm,
+    signingInput: &[u8],
+    decodedSignature: &[u8],
+    publicKey: &WasmJwk,
+  ) -> Result<(), JsValue> {
+    let alg: JwsAlgorithm = JwsAlgorithm::try_from(alg)?;
+    let input: VerificationInput = VerificationInput {
+      alg,
+      signing_input: signingInput.into(),
+      decoded_signature: decodedSignature.into(),
+    };
+    EcDSAJwsVerifier::default().verify(input, &publicKey.0).wasm_result()
+  }
+}
+

From a56d5a258d6f08e0f7bb1b840e4ba8c9a51d9e47 Mon Sep 17 00:00:00 2001
From: Enrico Marconi <enrico.marconi@hotmail.it>
Date: Mon, 19 Aug 2024 16:56:22 +0200
Subject: [PATCH 2/5] make signature verifier optional, defaulting to a
 compound verifier

---
 .../credential/domain_linkage_validator.rs    |  6 +--
 .../jwt_credential_validator.rs               |  2 +-
 .../sd_jwt_validator.rs                       |  2 +-
 .../jwt_presentation_validator.rs             |  2 +-
 bindings/wasm/src/did/wasm_core_document.rs   |  2 +-
 bindings/wasm/src/iota/iota_document.rs       |  2 +-
 .../src/verification/custom_verification.rs   | 47 ++++++++++++-------
 7 files changed, 37 insertions(+), 26 deletions(-)

diff --git a/bindings/wasm/src/credential/domain_linkage_validator.rs b/bindings/wasm/src/credential/domain_linkage_validator.rs
index a38639d853..a71da00675 100644
--- a/bindings/wasm/src/credential/domain_linkage_validator.rs
+++ b/bindings/wasm/src/credential/domain_linkage_validator.rs
@@ -24,11 +24,11 @@ pub struct WasmJwtDomainLinkageValidator {
 #[wasm_bindgen(js_class = JwtDomainLinkageValidator)]
 impl WasmJwtDomainLinkageValidator {
   /// Creates a new {@link JwtDomainLinkageValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise the default which is capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmJwtDomainLinkageValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtDomainLinkageValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmJwtDomainLinkageValidator {
       validator: JwtDomainLinkageValidator::with_signature_verifier(signature_verifier),
diff --git a/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs b/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
index 9434a6d521..ed45f4d683 100644
--- a/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
+++ b/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
@@ -41,7 +41,7 @@ impl WasmJwtCredentialValidator {
   /// algorithm will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmJwtCredentialValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtCredentialValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmJwtCredentialValidator(JwtCredentialValidator::with_signature_verifier(signature_verifier))
   }
diff --git a/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs b/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
index 812b25414b..a0fd231243 100644
--- a/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
+++ b/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
@@ -33,7 +33,7 @@ impl WasmSdJwtCredentialValidator {
   /// algorithm will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmSdJwtCredentialValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmSdJwtCredentialValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmSdJwtCredentialValidator(SdJwtCredentialValidator::with_signature_verifier(
       signature_verifier,
diff --git a/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs b/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
index 40a44f916b..6940662836 100644
--- a/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
+++ b/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
@@ -27,7 +27,7 @@ impl WasmJwtPresentationValidator {
   /// algorithm will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
-  pub fn new(signatureVerifier: IJwsVerifier) -> WasmJwtPresentationValidator {
+  pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtPresentationValidator {
     let signature_verifier = WasmJwsVerifier::new(signatureVerifier);
     WasmJwtPresentationValidator(JwtPresentationValidator::with_signature_verifier(signature_verifier))
   }
diff --git a/bindings/wasm/src/did/wasm_core_document.rs b/bindings/wasm/src/did/wasm_core_document.rs
index 0fe08e6675..47303c2d6d 100644
--- a/bindings/wasm/src/did/wasm_core_document.rs
+++ b/bindings/wasm/src/did/wasm_core_document.rs
@@ -508,7 +508,7 @@ impl WasmCoreDocument {
     &self,
     jws: &WasmJws,
     options: &WasmJwsVerificationOptions,
-    signatureVerifier: IJwsVerifier,
+    signatureVerifier: Option<IJwsVerifier>,
     detachedPayload: Option<String>,
   ) -> Result<WasmDecodedJws> {
     let jws_verifier = WasmJwsVerifier::new(signatureVerifier);
diff --git a/bindings/wasm/src/iota/iota_document.rs b/bindings/wasm/src/iota/iota_document.rs
index 777a00e679..cb935ee29e 100644
--- a/bindings/wasm/src/iota/iota_document.rs
+++ b/bindings/wasm/src/iota/iota_document.rs
@@ -397,7 +397,7 @@ impl WasmIotaDocument {
     &self,
     jws: &WasmJws,
     options: &WasmJwsVerificationOptions,
-    signatureVerifier: IJwsVerifier,
+    signatureVerifier: Option<IJwsVerifier>,
     detachedPayload: Option<String>,
   ) -> Result<WasmDecodedJws> {
     let jws_verifier = WasmJwsVerifier::new(signatureVerifier);
diff --git a/bindings/wasm/src/verification/custom_verification.rs b/bindings/wasm/src/verification/custom_verification.rs
index 4c82d8dcfe..f5934a901d 100644
--- a/bindings/wasm/src/verification/custom_verification.rs
+++ b/bindings/wasm/src/verification/custom_verification.rs
@@ -1,6 +1,9 @@
 // Copyright 2020-2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+use identity_ecdsa_verifier::EcDSAJwsVerifier;
+use identity_eddsa_verifier::EdDSAJwsVerifier;
+use identity_iota::verification::jws::JwsAlgorithm;
 use identity_iota::verification::jws::JwsVerifier;
 use identity_iota::verification::jws::SignatureVerificationError;
 use identity_iota::verification::jws::SignatureVerificationErrorKind;
@@ -12,10 +15,10 @@ use crate::jose::WasmJwk;
 /// Wrapper that enables custom TS JWS signature verification plugins to be used where the
 /// JwsVerifier trait is required. Falls back to the default implementation if a custom
 /// implementation was not passed.
-pub(crate) struct WasmJwsVerifier(IJwsVerifier);
+pub(crate) struct WasmJwsVerifier(Option<IJwsVerifier>);
 
 impl WasmJwsVerifier {
-  pub(crate) fn new(verifier: IJwsVerifier) -> Self {
+  pub(crate) fn new(verifier: Option<IJwsVerifier>) -> Self {
     Self(verifier)
   }
 }
@@ -26,22 +29,30 @@ impl JwsVerifier for WasmJwsVerifier {
     input: identity_iota::verification::jws::VerificationInput,
     public_key: &identity_iota::verification::jwk::Jwk,
   ) -> Result<(), identity_iota::verification::jws::SignatureVerificationError> {
-    let VerificationInput {
-      alg,
-      signing_input,
-      decoded_signature,
-    } = input;
-    let verification_result = IJwsVerifier::verify(
-      &self.0,
-      alg.name().to_owned(),
-      signing_input.into(),
-      decoded_signature.into(),
-      WasmJwk(public_key.to_owned()),
-    );
-    // Convert error
-    crate::error::stringify_js_error(verification_result).map_err(|error_string| {
-      SignatureVerificationError::new(SignatureVerificationErrorKind::Unspecified).with_custom_message(error_string)
-    })
+    if let Some(verifier) = &self.0 {
+      let VerificationInput {
+        alg,
+        signing_input,
+        decoded_signature,
+      } = input;
+      let verification_result = IJwsVerifier::verify(
+        verifier,
+        alg.name().to_owned(),
+        signing_input.into(),
+        decoded_signature.into(),
+        WasmJwk(public_key.to_owned()),
+      );
+      // Convert error
+      crate::error::stringify_js_error(verification_result).map_err(|error_string| {
+        SignatureVerificationError::new(SignatureVerificationErrorKind::Unspecified).with_custom_message(error_string)
+      })
+    } else {
+      match input.alg {
+        JwsAlgorithm::EdDSA => EdDSAJwsVerifier::default().verify(input, public_key),
+        JwsAlgorithm::ES256 | JwsAlgorithm::ES256K => EcDSAJwsVerifier::default().verify(input, public_key),
+        _ => Err(identity_iota::verification::jws::SignatureVerificationErrorKind::UnsupportedAlg.into())
+      }
+    }
   }
 }
 #[wasm_bindgen(typescript_custom_section)]

From f3fef08a8f79e9741c32851ffe4fe6910dbe6a8d Mon Sep 17 00:00:00 2001
From: Enrico Marconi <enrico.marconi@hotmail.it>
Date: Tue, 20 Aug 2024 10:28:32 +0200
Subject: [PATCH 3/5] update comments on new default wasm jws verifier

---
 bindings/wasm/docs/api-reference.md           | 206 +++++++++---------
 .../credential/domain_linkage_validator.rs    |   2 +-
 .../jwt_credential_validator.rs               |   4 +-
 .../sd_jwt_validator.rs                       |   4 +-
 .../jwt_presentation_validator.rs             |   4 +-
 bindings/wasm/src/did/wasm_core_document.rs   |   5 +-
 bindings/wasm/src/iota/iota_document.rs       |   5 +-
 .../src/verification/custom_verification.rs   |   4 +-
 8 files changed, 118 insertions(+), 116 deletions(-)

diff --git a/bindings/wasm/docs/api-reference.md b/bindings/wasm/docs/api-reference.md
index 95b36ee6e3..4a2af4d0b6 100644
--- a/bindings/wasm/docs/api-reference.md
+++ b/bindings/wasm/docs/api-reference.md
@@ -256,8 +256,22 @@ working with storage backed DID documents.</p>
 ## Members
 
 <dl>
-<dt><a href="#StatusPurpose">StatusPurpose</a></dt>
-<dd><p>Purpose of a <a href="#StatusList2021">StatusList2021</a>.</p>
+<dt><a href="#StatusCheck">StatusCheck</a></dt>
+<dd><p>Controls validation behaviour when checking whether or not a credential has been revoked by its
+<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a>.</p>
+</dd>
+<dt><a href="#Strict">Strict</a></dt>
+<dd><p>Validate the status if supported, reject any unsupported
+<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
+<p>Only <code>RevocationBitmap2022</code> is currently supported.</p>
+<p>This is the default.</p>
+</dd>
+<dt><a href="#SkipUnsupported">SkipUnsupported</a></dt>
+<dd><p>Validate the status if supported, skip any unsupported
+<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
+</dd>
+<dt><a href="#SkipAll">SkipAll</a></dt>
+<dd><p>Skip all status checks.</p>
 </dd>
 <dt><a href="#SubjectHolderRelationship">SubjectHolderRelationship</a></dt>
 <dd><p>Declares how credential subjects must relate to the presentation holder.</p>
@@ -273,19 +287,14 @@ This variant is the default.</p>
 <dt><a href="#Any">Any</a></dt>
 <dd><p>The holder is not required to have any kind of relationship to any credential subject.</p>
 </dd>
-<dt><a href="#ProofAlgorithm">ProofAlgorithm</a></dt>
-<dd></dd>
-<dt><a href="#StateMetadataEncoding">StateMetadataEncoding</a></dt>
-<dd></dd>
-<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
-<dd></dd>
-<dt><a href="#PayloadType">PayloadType</a></dt>
-<dd></dd>
 <dt><a href="#PresentationProofAlgorithm">PresentationProofAlgorithm</a></dt>
 <dd></dd>
-<dt><a href="#MethodRelationship">MethodRelationship</a></dt>
+<dt><a href="#StatusPurpose">StatusPurpose</a></dt>
+<dd><p>Purpose of a <a href="#StatusList2021">StatusList2021</a>.</p>
+</dd>
+<dt><a href="#ProofAlgorithm">ProofAlgorithm</a></dt>
 <dd></dd>
-<dt><a href="#SerializationType">SerializationType</a></dt>
+<dt><a href="#CredentialStatus">CredentialStatus</a></dt>
 <dd></dd>
 <dt><a href="#FailFast">FailFast</a></dt>
 <dd><p>Declares when validation should return if an error occurs.</p>
@@ -296,23 +305,14 @@ This variant is the default.</p>
 <dt><a href="#FirstError">FirstError</a></dt>
 <dd><p>Return after the first error occurs.</p>
 </dd>
-<dt><a href="#StatusCheck">StatusCheck</a></dt>
-<dd><p>Controls validation behaviour when checking whether or not a credential has been revoked by its
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a>.</p>
-</dd>
-<dt><a href="#Strict">Strict</a></dt>
-<dd><p>Validate the status if supported, reject any unsupported
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
-<p>Only <code>RevocationBitmap2022</code> is currently supported.</p>
-<p>This is the default.</p>
-</dd>
-<dt><a href="#SkipUnsupported">SkipUnsupported</a></dt>
-<dd><p>Validate the status if supported, skip any unsupported
-<a href="https://www.w3.org/TR/vc-data-model/#status"><code>credentialStatus</code></a> types.</p>
-</dd>
-<dt><a href="#SkipAll">SkipAll</a></dt>
-<dd><p>Skip all status checks.</p>
-</dd>
+<dt><a href="#StateMetadataEncoding">StateMetadataEncoding</a></dt>
+<dd></dd>
+<dt><a href="#SerializationType">SerializationType</a></dt>
+<dd></dd>
+<dt><a href="#PayloadType">PayloadType</a></dt>
+<dd></dd>
+<dt><a href="#MethodRelationship">MethodRelationship</a></dt>
+<dd></dd>
 </dl>
 
 ## Functions
@@ -326,15 +326,15 @@ This variant is the default.</p>
 <p>This function does not check whether <code>alg = EdDSA</code> in the protected header. Callers are expected to assert this
 prior to calling the function.</p>
 </dd>
+<dt><a href="#start">start()</a></dt>
+<dd><p>Initializes the console error panic hook for better error messages</p>
+</dd>
 <dt><a href="#encodeB64">encodeB64(data)</a> ⇒ <code>string</code></dt>
 <dd><p>Encode the given bytes in url-safe base64.</p>
 </dd>
 <dt><a href="#decodeB64">decodeB64(data)</a> ⇒ <code>Uint8Array</code></dt>
 <dd><p>Decode the given url-safe base64-encoded slice into its raw bytes.</p>
 </dd>
-<dt><a href="#start">start()</a></dt>
-<dd><p>Initializes the console error panic hook for better error messages</p>
-</dd>
 </dl>
 
 <a name="CoreDID"></a>
@@ -558,7 +558,7 @@ if the object is being concurrently modified.
         * [.resolveMethod(query, [scope])](#CoreDocument+resolveMethod) ⇒ [<code>VerificationMethod</code>](#VerificationMethod) \| <code>undefined</code>
         * [.attachMethodRelationship(didUrl, relationship)](#CoreDocument+attachMethodRelationship) ⇒ <code>boolean</code>
         * [.detachMethodRelationship(didUrl, relationship)](#CoreDocument+detachMethodRelationship) ⇒ <code>boolean</code>
-        * [.verifyJws(jws, options, signatureVerifier, [detachedPayload])](#CoreDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+        * [.verifyJws(jws, options, [signatureVerifier], [detachedPayload])](#CoreDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
         * [.revokeCredentials(serviceQuery, indices)](#CoreDocument+revokeCredentials)
         * [.unrevokeCredentials(serviceQuery, indices)](#CoreDocument+unrevokeCredentials)
         * [.clone()](#CoreDocument+clone) ⇒ [<code>CoreDocument</code>](#CoreDocument)
@@ -832,7 +832,7 @@ Detaches the given relationship from the given method, if the method exists.
 
 <a name="CoreDocument+verifyJws"></a>
 
-### coreDocument.verifyJws(jws, options, signatureVerifier, [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+### coreDocument.verifyJws(jws, options, [signatureVerifier], [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
 Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
 verifying EdDSA signatures.
@@ -849,7 +849,7 @@ or set explicitly in the `options`.
 | --- | --- |
 | jws | [<code>Jws</code>](#Jws) | 
 | options | [<code>JwsVerificationOptions</code>](#JwsVerificationOptions) | 
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 | [detachedPayload] | <code>string</code> \| <code>undefined</code> | 
 
 <a name="CoreDocument+revokeCredentials"></a>
@@ -2211,7 +2211,7 @@ if the object is being concurrently modified.
         * [.resolveMethod(query, [scope])](#IotaDocument+resolveMethod) ⇒ [<code>VerificationMethod</code>](#VerificationMethod) \| <code>undefined</code>
         * [.attachMethodRelationship(didUrl, relationship)](#IotaDocument+attachMethodRelationship) ⇒ <code>boolean</code>
         * [.detachMethodRelationship(didUrl, relationship)](#IotaDocument+detachMethodRelationship) ⇒ <code>boolean</code>
-        * [.verifyJws(jws, options, signatureVerifier, [detachedPayload])](#IotaDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+        * [.verifyJws(jws, options, [signatureVerifier], [detachedPayload])](#IotaDocument+verifyJws) ⇒ [<code>DecodedJws</code>](#DecodedJws)
         * [.pack()](#IotaDocument+pack) ⇒ <code>Uint8Array</code>
         * [.packWithEncoding(encoding)](#IotaDocument+packWithEncoding) ⇒ <code>Uint8Array</code>
         * [.metadata()](#IotaDocument+metadata) ⇒ [<code>IotaDocumentMetadata</code>](#IotaDocumentMetadata)
@@ -2452,7 +2452,7 @@ Detaches the given relationship from the given method, if the method exists.
 
 <a name="IotaDocument+verifyJws"></a>
 
-### iotaDocument.verifyJws(jws, options, signatureVerifier, [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
+### iotaDocument.verifyJws(jws, options, [signatureVerifier], [detachedPayload]) ⇒ [<code>DecodedJws</code>](#DecodedJws)
 Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
 verifying EdDSA signatures.
@@ -2468,7 +2468,7 @@ take place.
 | --- | --- |
 | jws | [<code>Jws</code>](#Jws) | 
 | options | [<code>JwsVerificationOptions</code>](#JwsVerificationOptions) | 
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 | [detachedPayload] | <code>string</code> \| <code>undefined</code> | 
 
 <a name="IotaDocument+pack"></a>
@@ -4549,7 +4549,7 @@ A type for decoding and validating [Credential](#Credential).
 **Kind**: global class  
 
 * [JwtCredentialValidator](#JwtCredentialValidator)
-    * [new JwtCredentialValidator(signatureVerifier)](#new_JwtCredentialValidator_new)
+    * [new JwtCredentialValidator([signatureVerifier])](#new_JwtCredentialValidator_new)
     * _instance_
         * [.validate(credential_jwt, issuer, options, fail_fast)](#JwtCredentialValidator+validate) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
         * [.verifySignature(credential, trustedIssuers, options)](#JwtCredentialValidator+verifySignature) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
@@ -4564,7 +4564,7 @@ A type for decoding and validating [Credential](#Credential).
 
 <a name="new_JwtCredentialValidator_new"></a>
 
-### new JwtCredentialValidator(signatureVerifier)
+### new JwtCredentialValidator([signatureVerifier])
 Creates a new [JwtCredentialValidator](#JwtCredentialValidator). If a `signatureVerifier` is provided it will be used when
 verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
 algorithm will be used.
@@ -4572,7 +4572,7 @@ algorithm will be used.
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="JwtCredentialValidator+validate"></a>
 
@@ -4743,21 +4743,21 @@ A validator for a Domain Linkage Configuration and Credentials.
 **Kind**: global class  
 
 * [JwtDomainLinkageValidator](#JwtDomainLinkageValidator)
-    * [new JwtDomainLinkageValidator(signatureVerifier)](#new_JwtDomainLinkageValidator_new)
+    * [new JwtDomainLinkageValidator([signatureVerifier])](#new_JwtDomainLinkageValidator_new)
     * [.validateLinkage(issuer, configuration, domain, options)](#JwtDomainLinkageValidator+validateLinkage)
     * [.validateCredential(issuer, credentialJwt, domain, options)](#JwtDomainLinkageValidator+validateCredential)
 
 <a name="new_JwtDomainLinkageValidator_new"></a>
 
-### new JwtDomainLinkageValidator(signatureVerifier)
+### new JwtDomainLinkageValidator([signatureVerifier])
 Creates a new [JwtDomainLinkageValidator](#JwtDomainLinkageValidator). If a `signatureVerifier` is provided it will be used when
-verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-algorithm will be used.
+verifying decoded JWS signatures, otherwise the default which is capable of handling the `EdDSA`, `ES256`, `ES256K`
+algorithms will be used.
 
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="JwtDomainLinkageValidator+validateLinkage"></a>
 
@@ -4907,7 +4907,7 @@ Deserializes an instance from a JSON object.
 **Kind**: global class  
 
 * [JwtPresentationValidator](#JwtPresentationValidator)
-    * [new JwtPresentationValidator(signatureVerifier)](#new_JwtPresentationValidator_new)
+    * [new JwtPresentationValidator([signatureVerifier])](#new_JwtPresentationValidator_new)
     * _instance_
         * [.validate(presentationJwt, holder, validation_options)](#JwtPresentationValidator+validate) ⇒ [<code>DecodedJwtPresentation</code>](#DecodedJwtPresentation)
     * _static_
@@ -4916,7 +4916,7 @@ Deserializes an instance from a JSON object.
 
 <a name="new_JwtPresentationValidator_new"></a>
 
-### new JwtPresentationValidator(signatureVerifier)
+### new JwtPresentationValidator([signatureVerifier])
 Creates a new [JwtPresentationValidator](#JwtPresentationValidator). If a `signatureVerifier` is provided it will be used when
 verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
 algorithm will be used.
@@ -4924,7 +4924,7 @@ algorithm will be used.
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="JwtPresentationValidator+validate"></a>
 
@@ -6432,14 +6432,14 @@ A type for decoding and validating [Credential](#Credential).
 **Kind**: global class  
 
 * [SdJwtCredentialValidator](#SdJwtCredentialValidator)
-    * [new SdJwtCredentialValidator(signatureVerifier)](#new_SdJwtCredentialValidator_new)
+    * [new SdJwtCredentialValidator([signatureVerifier])](#new_SdJwtCredentialValidator_new)
     * [.validateCredential(sd_jwt, issuer, options, fail_fast)](#SdJwtCredentialValidator+validateCredential) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
     * [.verifySignature(credential, trustedIssuers, options)](#SdJwtCredentialValidator+verifySignature) ⇒ [<code>DecodedJwtCredential</code>](#DecodedJwtCredential)
     * [.validateKeyBindingJwt(sdJwt, holder, options)](#SdJwtCredentialValidator+validateKeyBindingJwt) ⇒ [<code>KeyBindingJwtClaims</code>](#KeyBindingJwtClaims)
 
 <a name="new_SdJwtCredentialValidator_new"></a>
 
-### new SdJwtCredentialValidator(signatureVerifier)
+### new SdJwtCredentialValidator([signatureVerifier])
 Creates a new `SdJwtCredentialValidator`. If a `signatureVerifier` is provided it will be used when
 verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
 algorithm will be used.
@@ -6447,7 +6447,7 @@ algorithm will be used.
 
 | Param | Type |
 | --- | --- |
-| signatureVerifier | <code>IJwsVerifier</code> | 
+| [signatureVerifier] | <code>IJwsVerifier</code> \| <code>undefined</code> | 
 
 <a name="SdJwtCredentialValidator+validateCredential"></a>
 
@@ -7553,10 +7553,35 @@ Deserializes an instance from a JSON object.
 | --- | --- |
 | json | <code>any</code> | 
 
-<a name="StatusPurpose"></a>
+<a name="StatusCheck"></a>
 
-## StatusPurpose
-Purpose of a [StatusList2021](#StatusList2021).
+## StatusCheck
+Controls validation behaviour when checking whether or not a credential has been revoked by its
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+
+**Kind**: global variable  
+<a name="Strict"></a>
+
+## Strict
+Validate the status if supported, reject any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+Only `RevocationBitmap2022` is currently supported.
+
+This is the default.
+
+**Kind**: global variable  
+<a name="SkipUnsupported"></a>
+
+## SkipUnsupported
+Validate the status if supported, skip any unsupported
+[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+
+**Kind**: global variable  
+<a name="SkipAll"></a>
+
+## SkipAll
+Skip all status checks.
 
 **Kind**: global variable  
 <a name="SubjectHolderRelationship"></a>
@@ -7586,33 +7611,23 @@ The holder must match the subject only for credentials where the [`nonTransferab
 The holder is not required to have any kind of relationship to any credential subject.
 
 **Kind**: global variable  
-<a name="ProofAlgorithm"></a>
-
-## ProofAlgorithm
-**Kind**: global variable  
-<a name="StateMetadataEncoding"></a>
-
-## StateMetadataEncoding
-**Kind**: global variable  
-<a name="CredentialStatus"></a>
+<a name="PresentationProofAlgorithm"></a>
 
-## CredentialStatus
+## PresentationProofAlgorithm
 **Kind**: global variable  
-<a name="PayloadType"></a>
+<a name="StatusPurpose"></a>
 
-## PayloadType
-**Kind**: global variable  
-<a name="PresentationProofAlgorithm"></a>
+## StatusPurpose
+Purpose of a [StatusList2021](#StatusList2021).
 
-## PresentationProofAlgorithm
 **Kind**: global variable  
-<a name="MethodRelationship"></a>
+<a name="ProofAlgorithm"></a>
 
-## MethodRelationship
+## ProofAlgorithm
 **Kind**: global variable  
-<a name="SerializationType"></a>
+<a name="CredentialStatus"></a>
 
-## SerializationType
+## CredentialStatus
 **Kind**: global variable  
 <a name="FailFast"></a>
 
@@ -7632,36 +7647,21 @@ Return all errors that occur during validation.
 Return after the first error occurs.
 
 **Kind**: global variable  
-<a name="StatusCheck"></a>
-
-## StatusCheck
-Controls validation behaviour when checking whether or not a credential has been revoked by its
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status).
+<a name="StateMetadataEncoding"></a>
 
+## StateMetadataEncoding
 **Kind**: global variable  
-<a name="Strict"></a>
-
-## Strict
-Validate the status if supported, reject any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
-
-Only `RevocationBitmap2022` is currently supported.
-
-This is the default.
+<a name="SerializationType"></a>
 
+## SerializationType
 **Kind**: global variable  
-<a name="SkipUnsupported"></a>
-
-## SkipUnsupported
-Validate the status if supported, skip any unsupported
-[`credentialStatus`](https://www.w3.org/TR/vc-data-model/#status) types.
+<a name="PayloadType"></a>
 
+## PayloadType
 **Kind**: global variable  
-<a name="SkipAll"></a>
-
-## SkipAll
-Skip all status checks.
+<a name="MethodRelationship"></a>
 
+## MethodRelationship
 **Kind**: global variable  
 <a name="verifyEd25519"></a>
 
@@ -7685,6 +7685,12 @@ prior to calling the function.
 | decodedSignature | <code>Uint8Array</code> | 
 | publicKey | [<code>Jwk</code>](#Jwk) | 
 
+<a name="start"></a>
+
+## start()
+Initializes the console error panic hook for better error messages
+
+**Kind**: global function  
 <a name="encodeB64"></a>
 
 ## encodeB64(data) ⇒ <code>string</code>
@@ -7707,9 +7713,3 @@ Decode the given url-safe base64-encoded slice into its raw bytes.
 | --- | --- |
 | data | <code>Uint8Array</code> | 
 
-<a name="start"></a>
-
-## start()
-Initializes the console error panic hook for better error messages
-
-**Kind**: global function  
diff --git a/bindings/wasm/src/credential/domain_linkage_validator.rs b/bindings/wasm/src/credential/domain_linkage_validator.rs
index a71da00675..37674e21b7 100644
--- a/bindings/wasm/src/credential/domain_linkage_validator.rs
+++ b/bindings/wasm/src/credential/domain_linkage_validator.rs
@@ -24,7 +24,7 @@ pub struct WasmJwtDomainLinkageValidator {
 #[wasm_bindgen(js_class = JwtDomainLinkageValidator)]
 impl WasmJwtDomainLinkageValidator {
   /// Creates a new {@link JwtDomainLinkageValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
   /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
diff --git a/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs b/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
index ed45f4d683..b6a26c35d5 100644
--- a/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
+++ b/bindings/wasm/src/credential/jwt_credential_validation/jwt_credential_validator.rs
@@ -37,8 +37,8 @@ pub struct WasmJwtCredentialValidator(JwtCredentialValidator<WasmJwsVerifier>);
 #[wasm_bindgen(js_class = JwtCredentialValidator)]
 impl WasmJwtCredentialValidator {
   /// Creates a new {@link JwtCredentialValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
   pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtCredentialValidator {
diff --git a/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs b/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
index a0fd231243..a8342c9aec 100644
--- a/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
+++ b/bindings/wasm/src/credential/jwt_credential_validation/sd_jwt_validator.rs
@@ -29,8 +29,8 @@ pub struct WasmSdJwtCredentialValidator(SdJwtCredentialValidator<WasmJwsVerifier
 #[wasm_bindgen(js_class = SdJwtCredentialValidator)]
 impl WasmSdJwtCredentialValidator {
   /// Creates a new `SdJwtCredentialValidator`. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
   pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmSdJwtCredentialValidator {
diff --git a/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs b/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
index 6940662836..640f96c2ef 100644
--- a/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
+++ b/bindings/wasm/src/credential/jwt_presentation_validation/jwt_presentation_validator.rs
@@ -23,8 +23,8 @@ pub struct WasmJwtPresentationValidator(JwtPresentationValidator<WasmJwsVerifier
 #[wasm_bindgen(js_class = JwtPresentationValidator)]
 impl WasmJwtPresentationValidator {
   /// Creates a new {@link JwtPresentationValidator}. If a `signatureVerifier` is provided it will be used when
-  /// verifying decoded JWS signatures, otherwise the default which is only capable of handling the `EdDSA`
-  /// algorithm will be used.
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   #[wasm_bindgen(constructor)]
   #[allow(non_snake_case)]
   pub fn new(signatureVerifier: Option<IJwsVerifier>) -> WasmJwtPresentationValidator {
diff --git a/bindings/wasm/src/did/wasm_core_document.rs b/bindings/wasm/src/did/wasm_core_document.rs
index 47303c2d6d..0666659496 100644
--- a/bindings/wasm/src/did/wasm_core_document.rs
+++ b/bindings/wasm/src/did/wasm_core_document.rs
@@ -494,8 +494,9 @@ impl WasmCoreDocument {
   // ===========================================================================
 
   /// Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
-  ///  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
-  /// verifying EdDSA signatures.
+  /// If a `signatureVerifier` is provided it will be used when
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   ///
   /// Regardless of which options are passed the following conditions must be met in order for a verification attempt to
   /// take place.
diff --git a/bindings/wasm/src/iota/iota_document.rs b/bindings/wasm/src/iota/iota_document.rs
index cb935ee29e..1747f82e6e 100644
--- a/bindings/wasm/src/iota/iota_document.rs
+++ b/bindings/wasm/src/iota/iota_document.rs
@@ -384,8 +384,9 @@ impl WasmIotaDocument {
   // ===========================================================================
 
   /// Decodes and verifies the provided JWS according to the passed `options` and `signatureVerifier`.
-  ///  If no `signatureVerifier` argument is provided a default verifier will be used that is (only) capable of
-  /// verifying EdDSA signatures.
+  /// If a `signatureVerifier` is provided it will be used when
+  /// verifying decoded JWS signatures, otherwise a default verifier capable of handling the `EdDSA`, `ES256`, `ES256K`
+  /// algorithms will be used.
   ///
   /// Regardless of which options are passed the following conditions must be met in order for a verification attempt to
   /// take place.
diff --git a/bindings/wasm/src/verification/custom_verification.rs b/bindings/wasm/src/verification/custom_verification.rs
index f5934a901d..590026ba31 100644
--- a/bindings/wasm/src/verification/custom_verification.rs
+++ b/bindings/wasm/src/verification/custom_verification.rs
@@ -13,8 +13,8 @@ use wasm_bindgen::prelude::*;
 use crate::jose::WasmJwk;
 
 /// Wrapper that enables custom TS JWS signature verification plugins to be used where the
-/// JwsVerifier trait is required. Falls back to the default implementation if a custom
-/// implementation was not passed.
+/// JwsVerifier trait is required. Falls back to the default implementation capable of handling
+/// EdDSA (ED25519), ES256, ES256K if a custom implementation is not passed.
 pub(crate) struct WasmJwsVerifier(Option<IJwsVerifier>);
 
 impl WasmJwsVerifier {

From 7f8de6d30eef36962881d0056807342f2245ca65 Mon Sep 17 00:00:00 2001
From: Enrico Marconi <enrico.marconi@hotmail.it>
Date: Mon, 2 Sep 2024 14:58:40 +0200
Subject: [PATCH 4/5] cargo fmt

---
 bindings/wasm/src/verification/custom_verification.rs | 2 +-
 bindings/wasm/src/verification/jws_verifier.rs        | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/bindings/wasm/src/verification/custom_verification.rs b/bindings/wasm/src/verification/custom_verification.rs
index 590026ba31..9fe2f9e8b7 100644
--- a/bindings/wasm/src/verification/custom_verification.rs
+++ b/bindings/wasm/src/verification/custom_verification.rs
@@ -50,7 +50,7 @@ impl JwsVerifier for WasmJwsVerifier {
       match input.alg {
         JwsAlgorithm::EdDSA => EdDSAJwsVerifier::default().verify(input, public_key),
         JwsAlgorithm::ES256 | JwsAlgorithm::ES256K => EcDSAJwsVerifier::default().verify(input, public_key),
-        _ => Err(identity_iota::verification::jws::SignatureVerificationErrorKind::UnsupportedAlg.into())
+        _ => Err(identity_iota::verification::jws::SignatureVerificationErrorKind::UnsupportedAlg.into()),
       }
     }
   }
diff --git a/bindings/wasm/src/verification/jws_verifier.rs b/bindings/wasm/src/verification/jws_verifier.rs
index d7c4e4368d..bd016910c8 100644
--- a/bindings/wasm/src/verification/jws_verifier.rs
+++ b/bindings/wasm/src/verification/jws_verifier.rs
@@ -1,9 +1,9 @@
 // Copyright 2020-2023 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+use identity_ecdsa_verifier::EcDSAJwsVerifier;
 use identity_eddsa_verifier::Ed25519Verifier;
 use identity_eddsa_verifier::EdDSAJwsVerifier;
-use identity_ecdsa_verifier::EcDSAJwsVerifier;
 use identity_iota::verification::jws::JwsAlgorithm;
 use identity_iota::verification::jws::JwsVerifier;
 use identity_iota::verification::jws::VerificationInput;
@@ -121,4 +121,3 @@ impl WasmEcDSAJwsVerifier {
     EcDSAJwsVerifier::default().verify(input, &publicKey.0).wasm_result()
   }
 }
-

From 1c5d6a6164262e5754ff244962fdbf9c805e062b Mon Sep 17 00:00:00 2001
From: Enrico Marconi <enrico.marconi@hotmail.it>
Date: Wed, 4 Sep 2024 09:22:36 +0200
Subject: [PATCH 5/5] dprint fmt

---
 bindings/wasm/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bindings/wasm/Cargo.toml b/bindings/wasm/Cargo.toml
index b9828d91b7..38d50d63b2 100644
--- a/bindings/wasm/Cargo.toml
+++ b/bindings/wasm/Cargo.toml
@@ -20,8 +20,8 @@ async-trait = { version = "0.1", default-features = false }
 bls12_381_plus = "=0.8.15"
 console_error_panic_hook = { version = "0.1" }
 futures = { version = "0.3" }
-identity_eddsa_verifier = { path = "../../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
 identity_ecdsa_verifier = { path = "../../identity_ecdsa_verifier", default-features = false, features = ["es256", "es256k"] }
+identity_eddsa_verifier = { path = "../../identity_eddsa_verifier", default-features = false, features = ["ed25519"] }
 js-sys = { version = "0.3.61" }
 json-proof-token = "0.3.4"
 proc_typescript = { version = "0.1.0", path = "./proc_typescript" }