fix:resolved sd-jwt issuance related issues

[shitrerohit]

What?

Return key id when import x5c certificate
Attach keyId when we store the sd-jwt credential with P-256 signer option

Summary by CodeRabbit

• Bug Fixes

  • Enhanced certificate handling for credential issuance flows to properly track and return key identifiers alongside certificate data.

• Refactor

  • Streamlined certificate parsing logic to consolidate certificate usage and improve key identification in credential flows.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

📝 Walkthrough

Walkthrough

The changes refactor X.509 certificate import and processing logic to extract and return key identifiers alongside certificates. Type imports are optimized, and certificate/key handling flows now track and return keyId metadata from imported certificates.

Changes

Cohort / File(s)	Summary
Import Statement Optimization src/controllers/x509/crypto-util.ts	Converted KeyObject to type-only import and added separate value import for createPrivateKey to clarify runtime vs. type-only dependencies.
Certificate and Key Identifier Handling src/controllers/x509/x509.service.ts, src/utils/oid4vc-agent.ts	Modified ImportX509Certificates and related flows to declare key variables outside try blocks, extract keyId during certificate import, and update return signatures to include keyId alongside issuerCertificate. Introduced conditional certificate parsing in SdJwtDc and MsoMdoc flows with single parsed certificate usage instead of mapping multiple entries. Removed legacy holder default logic.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Certificates now carry their IDs with pride,
KeyIds extracted and bundled inside,
Type imports refined, the logic runs clean,
X.509 dancing between layers unseen! 🔐

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title describes fixing SD-JWT issuance issues, which aligns with the main changes: returning keyId when importing certificates and attaching keyId to SD-JWT credentials.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/oid4vc-issuance-changes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[shitrerohit]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/utils/oid4vc-agent.ts`:
- Around line 189-197: The code indexes issuerx509certificate[0] without
checking for an empty array which can pass undefined to
X509Service.parseCertificate; update the branch where
issuerDidVerificationMethod is falsy to first verify issuerx509certificate is an
array with length > 0, otherwise throw a clear Error mentioning
credentialConfigurationId, and only then call X509Service.parseCertificate and
set parsedCertificate.publicJwk.keyId (same change should be applied to the
similar block around the other occurrence referenced at line ~219); reference
symbols: issuerx509certificate, issuerDidVerificationMethod,
X509Service.parseCertificate, parsedCertificate, credential.signerOptions.keyId,
credentialConfigurationId.

[sonarqubecloud]

Quality Gate passed

Issues
93 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[GHkrishna]

I think we can remove this

[GHkrishna]

Maybe we can add a TODO here, for the code to be un-commented in the future

[GHkrishna]

Can we remove this comment if it's purpose is served?

[GHkrishna]

Not sure, why we have commented this??

[GHkrishna]

Is it not necessary for us to delete issuer??

[GHkrishna]

Why have we changed this?

[GHkrishna]

Do we not need this code for now?

[GHkrishna]

Can we remove if it has been tested??