feat: verify mint keyset id when getting keys

crates/cdk/src/nuts/nut02.rs

@@ -43,6 +43,9 @@ pub enum Error {
     /// Unknown version
     #[error("NUT02: Unknown Version")]
     UnknownVersion,
+    /// Keyset id does not match
+    #[error("Keyset id incorrect")]
+    IncorrectKeysetId,
     /// Slice Error
     #[error(transparent)]
     Slice(#[from] TryFromSliceError),
@@ -242,6 +245,19 @@ pub struct KeySet {
     pub keys: Keys,
 }
 
+impl KeySet {
+    /// Verify the keyset is matches keys
+    pub fn verify_id(&self) -> Result<(), Error> {
+        let keys_id: Id = (&self.keys).into();
+
+        if keys_id != self.id {
+            return Err(Error::IncorrectKeysetId);
+        }
+
+        Ok(())
+    }
+}
+
 #[cfg(feature = "mint")]
 impl From<MintKeySet> for KeySet {
     fn from(keyset: MintKeySet) -> Self {

crates/cdk/src/wallet/keysets.rs

@@ -21,6 +21,8 @@ impl Wallet {
                 .get_mint_keyset(self.mint_url.clone().try_into()?, keyset_id)
                 .await?;
 
+            keys.verify_id()?;
+
             self.localstore.add_keys(keys.keys.clone()).await?;
 
             keys.keys