[INJIVER-1523] Fixed LSH comments - updated ReadMe, added design doc, fixed Code Rabbit comments from PR 230 for CWT

[jaswanthkumartw]

Summary by CodeRabbit

• Documentation
  • Added comprehensive CWT-VC documentation covering validation and cryptographic verification flows, public key resolution, supported signature type (COSE_Sign1) and algorithms (ES256, EdDSA), and required claim checks.
  • Updated the Supported VC Formats table to include the new cwt_vc entry with signature/verification details.
• Chores
  • Updated Kotlin build dependencies to use an updated CBOR library artifact and version.

[coderabbitai]

Warning

Rate limit exceeded

@jaswanthkumartw has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 24 minutes and 21 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

Walkthrough

Adds CWT-VC (CBOR Web Token) support: new cwt-vc credential format entry, comprehensive docs describing validation and cryptographic verification flows, new public types (CwtVerifiableCredential, CwtValidator, CwtVerifier, CredentialFormat.CWT_VC), and a dependency rename for the CBOR library plus a build dependency update.

Changes

Cohort / File(s)	Summary
VC Format Table Update README.md	Added cwt_vc / cwt-vc entry to Supported VC Formats table: COSE_Sign1 (CWT), algorithms ES256 and EdDSA, proof type COSE_Sign1.
CWT-VC Documentation & Public API doc/cwt-vc-verification-support.md	New documentation covering public key resolution, validation and verification flows for CWT-VC; documents new public API elements (CredentialFormat.CWT_VC, CwtVerifiableCredential, CwtValidator, CwtVerifier) and registration in CredentialVerifierFactory; includes structure/claims rules and sequence diagrams.
Build & Dependency Changes vc-verifier/kotlin/gradle/libs.versions.toml, vc-verifier/kotlin/vcverifier/build.gradle.kts	Renamed COSE-related library alias to upokecenter-cbor and added cborLibrary version 4.5.6; updated dependency usage to libs.upokecenter.cbor in module build file.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant VerifierFactory
    participant CwtVC as CwtVerifiableCredential
    participant Validator as CwtValidator
    participant Verifier as CwtVerifier
    participant JWKS as Issuer JWKS (HTTP)
    participant Crypto as Crypto Lib

    Client->>VerifierFactory: submit credential (cwt-vc)
    VerifierFactory->>CwtVC: instantiate handler
    CwtVC->>Validator: validate structure & claims
    Validator-->>CwtVC: validation result
    alt validation OK
      CwtVC->>Verifier: request signature verification
      Verifier->>JWKS: resolve issuer public key (.well-known/jwks.json)
      JWKS-->>Verifier: public key (COSE/JWK)
      Verifier->>Crypto: verify COSE_Sign1 signature with key
      Crypto-->>Verifier: verification result
      Verifier-->>CwtVC: verification result
      CwtVC-->>Client: final verdict (valid/invalid)
    else validation failed
      CwtVC-->>Client: validation error
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• [INJIVER-1369] Document CWT VC support and limitations #222: Adds CWT-VC support (CredentialFormat enum, CwtVerifiableCredential, CwtValidator/CwtVerifier) matching the documented API and flows.
• [INJIVER-1369] Enforce CWT tag (61) and unwrap before COSE signature verification #221: Adjusts CwtVerifier verification flow (CWT tag-61 enforcement and COSE bytes extraction) which overlaps verifier behavior here.
• [INJIVER-1369] using com.authlete:cbor libray and add the unit tests #219: Modifies COSE/CBOR parsing and verifier wiring and updates dependency mapping relevant to the new CBOR library usage.

Suggested reviewers

• mayuradesh
• swatigoel

Poem

🐰 In moonlit code I nuzzle bytes and keys,

CWT-VCs hop through CBOR fields with ease,
COSE_Sign1 whispers a tidy rhyme,
I fetch the pubkey, check the signature in time,
🥕 A rabbit cheers: verifications done—huzzah!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title references code changes (LSH comments, ReadMe updates, design doc, CWT) that are partially present in the changeset, but the phrasing is generic and misleading—it mentions 'Fixed Code Rabbit comments from PR 230' without clearly indicating the main change is adding CWT-VC verification support documentation and updating dependencies.	Revise the title to clearly highlight the primary change: add CWT-VC verification support, update README with CWT-VC format, and update CBOR library dependencies. For example: 'Add CWT-VC verification support documentation and update README'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@doc/cwt-vc-verification-support.md`:
- Line 41: The headings use extra spaces after the '###' marker which violates
MD019; update the two headings "Sequence diagram - validation process" and the
other heading at the second location so the markers have exactly one space
(change '###  Sequence diagram - validation process' to '### Sequence diagram -
validation process' and similarly remove the extra space for the other heading)
to satisfy markdownlint.
- Around line 74-97: Update the sequence diagram and narrative so structural and
claims checks are attributed to CwtValidator, not CwtVerifier: have
CwtVerifiableCredential -> CwtValidator: validate CWT (decode hex, check CBOR
Tag 61, validate COSE_Sign1 structure, extract claims/issuer/kid), then on
success call CwtVerifier: verify signature (CoseSign1 + resolved public key via
PublicKeyResolverFactory) and return true/false; remove steps in the diagram
that show CwtVerifier re-validating structure or extracting claims and update
any accompanying text to state that CwtValidator.validate() does
structure/claims validation and CwtVerifier.verify() only performs signature
verification.