Skip to content
This repository was archived by the owner on Mar 27, 2024. It is now read-only.

Commit 2ef8b06

Browse files
author
Firas Qutishat
authored
fix: get DID uri from kid if exists (#3403)
Signed-off-by: Firas Qutishat <firas.qutishat@securekey.com> Signed-off-by: Firas Qutishat <firas.qutishat@securekey.com>
1 parent a3afb8a commit 2ef8b06

File tree

9 files changed

+39
-139
lines changed

9 files changed

+39
-139
lines changed

pkg/didcomm/protocol/middleware/presentproof/middlewares_test.go

Lines changed: 4 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -39,12 +39,13 @@ import (
3939
var pubKey = did.VerificationMethod{
4040
ID: "key-1",
4141
Value: []byte{
42-
61, 133, 23, 17, 77, 132, 169, 196, 47, 203, 19, 71, 145, 144, 92, 145,
43-
131, 101, 36, 251, 89, 216, 117, 140, 132, 226, 78, 187, 59, 58, 200, 255,
42+
4, 16, 126, 7, 23, 189, 115, 35, 32, 21, 198, 238, 70, 16, 248, 224, 89, 186, 32, 183, 203,
43+
165, 131, 195, 151, 195, 0, 166, 188, 161, 91, 84, 2, 110, 107, 201, 231, 131, 158, 200, 66, 150, 158, 47,
44+
18, 116, 124, 119, 239, 120, 165, 79, 150, 153, 183, 193, 209, 149, 230, 216, 19, 197, 26, 135, 19,
4445
},
4546
}
4647

47-
const vpJWS = "eyJhbGciOiJFZERTQSIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJqdGkiOiJ1cm46dXVpZDozOTc4MzQ0Zi04NTk2LTRjM2EtYTk3OC04ZmNhYmEzOTAzYzUiLCJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZVByZXNlbnRhdGlvbiIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbeyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImNyZWRlbnRpYWxTY2hlbWEiOltdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwidW5pdmVyc2l0eSI6Ik1JVCJ9LCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsIm5hbWUiOiJKYXlkZW4gRG9lIiwic3BvdXNlIjoiZGlkOmV4YW1wbGU6YzI3NmUxMmVjMjFlYmZlYjFmNzEyZWJjNmYxIn0sImV4cGlyYXRpb25EYXRlIjoiMjAyMC0wMS0wMVQxOToyMzoyNFoiLCJpZCI6Imh0dHA6Ly9leGFtcGxlLmVkdS9jcmVkZW50aWFscy8xODcyIiwiaXNzdWFuY2VEYXRlIjoiMjAxMC0wMS0wMVQxOToyMzoyNFoiLCJpc3N1ZXIiOnsiaWQiOiJkaWQ6ZXhhbXBsZTo3NmUxMmVjNzEyZWJjNmYxYzIyMWViZmViMWYiLCJuYW1lIjoiRXhhbXBsZSBVbml2ZXJzaXR5In0sInJlZmVyZW5jZU51bWJlciI6OC4zMjk0ODQ3ZSswNywidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl19XX19.RlO_1B-7qhQNwo2mmOFUWSa8A6hwaJrtq3q7yJDkKq4k6B-EJ-oyLNM6H_g2_nko2Yg9Im1CiROFm6nK12U_AQ" //nolint:lll
48+
const vpJWS = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSNrZXktMSJ9.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJqdGkiOiJ1cm46dXVpZDozOTc4MzQ0Zi04NTk2LTRjM2EtYTk3OC04ZmNhYmEzOTAzYzUiLCJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZVByZXNlbnRhdGlvbiIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbeyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImNyZWRlbnRpYWxTY2hlbWEiOltdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwidW5pdmVyc2l0eSI6Ik1JVCJ9LCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsIm5hbWUiOiJKYXlkZW4gRG9lIiwic3BvdXNlIjoiZGlkOmV4YW1wbGU6YzI3NmUxMmVjMjFlYmZlYjFmNzEyZWJjNmYxIn0sImV4cGlyYXRpb25EYXRlIjoiMjAyMC0wMS0wMVQxOToyMzoyNFoiLCJpZCI6Imh0dHA6Ly9leGFtcGxlLmVkdS9jcmVkZW50aWFscy8xODcyIiwiaXNzdWFuY2VEYXRlIjoiMjAxMC0wMS0wMVQxOToyMzoyNFoiLCJpc3N1ZXIiOnsiaWQiOiJkaWQ6ZXhhbXBsZTo3NmUxMmVjNzEyZWJjNmYxYzIyMWViZmViMWYiLCJuYW1lIjoiRXhhbXBsZSBVbml2ZXJzaXR5In0sInJlZmVyZW5jZU51bWJlciI6ODMyOTQ4NDcsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbCJdfV19fQ.3_YUGWINd75e5ijLpLNGJGVpg8-eSrEsPpwrKfiakx28OVoP0Hn1U4kGzT2WUzO32M9O7CsvxQMZBJvJNDnLSA" //nolint:lll
4849

4950
// nolint: gochecknoglobals
5051
var (
@@ -186,46 +187,6 @@ func TestSavePresentation(t *testing.T) {
186187
require.EqualError(t, SavePresentation(provider)(next).Handle(metadata), "myDID or theirDID is absent")
187188
})
188189

189-
t.Run("Success (no ID)", func(t *testing.T) {
190-
vpJWSNoID := "eyJhbGciOiJFZERTQSIsImtpZCI6IiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJkaWQ6ZXhhbXBsZTo0YTU3NTQ2OTczNDM2ZjZmNmM0YTRhNTc1NzMiLCJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZVByZXNlbnRhdGlvbiIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbeyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL2V4YW1wbGVzL3YxIl0sImNyZWRlbnRpYWxTY2hlbWEiOltdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwidW5pdmVyc2l0eSI6Ik1JVCJ9LCJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsIm5hbWUiOiJKYXlkZW4gRG9lIiwic3BvdXNlIjoiZGlkOmV4YW1wbGU6YzI3NmUxMmVjMjFlYmZlYjFmNzEyZWJjNmYxIn0sImV4cGlyYXRpb25EYXRlIjoiMjAyMC0wMS0wMVQxOToyMzoyNFoiLCJpZCI6Imh0dHA6Ly9leGFtcGxlLmVkdS9jcmVkZW50aWFscy8xODcyIiwiaXNzdWFuY2VEYXRlIjoiMjAxMC0wMS0wMVQxOToyMzoyNFoiLCJpc3N1ZXIiOnsiaWQiOiJkaWQ6ZXhhbXBsZTo3NmUxMmVjNzEyZWJjNmYxYzIyMWViZmViMWYiLCJuYW1lIjoiRXhhbXBsZSBVbml2ZXJzaXR5In0sInJlZmVyZW5jZU51bWJlciI6ODMyOTQ4NDcsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbCJdfV19fQ.VaULMC_bFEI46jPLX7T8BW9liQ88JfCu0BeAxUkEIqjk-K2GFAbrP1WOJyJIXZZ-5J_nM7LNZX6mxbmhcj--Dw" //nolint:lll
191-
192-
props := map[string]interface{}{
193-
myDIDKey: myDIDKey,
194-
theirDIDKey: theirDIDKey,
195-
}
196-
197-
metadata := mocks.NewMockMetadata(ctrl)
198-
metadata.EXPECT().StateName().Return(stateNamePresentationReceived)
199-
metadata.EXPECT().PresentationNames().Return(nil)
200-
metadata.EXPECT().Properties().Return(props)
201-
metadata.EXPECT().Message().Return(service.NewDIDCommMsgMap(presentproof.PresentationV2{
202-
Type: presentproof.PresentationMsgTypeV2,
203-
PresentationsAttach: []decorator.Attachment{
204-
{Data: decorator.AttachmentData{Base64: base64.StdEncoding.EncodeToString([]byte(vpJWSNoID))}},
205-
},
206-
}))
207-
208-
verifiableStore := mocksstore.NewMockStore(ctrl)
209-
verifiableStore.EXPECT().SavePresentation(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).
210-
Return(nil)
211-
212-
registry := mocksvdr.NewMockRegistry(ctrl)
213-
registry.EXPECT().Resolve("did:example:ebfeb1f712ebc6f1c276e12ec21").Return(
214-
&did.DocResolution{DIDDocument: &did.Doc{VerificationMethod: []did.VerificationMethod{pubKey}}}, nil)
215-
216-
loader, err := ldtestutil.DocumentLoader()
217-
require.NoError(t, err)
218-
219-
provider := mocks.NewMockProvider(ctrl)
220-
provider.EXPECT().VDRegistry().Return(registry).AnyTimes()
221-
provider.EXPECT().VerifiableStore().Return(verifiableStore)
222-
provider.EXPECT().JSONLDDocumentLoader().Return(loader)
223-
224-
require.NoError(t, SavePresentation(provider)(next).Handle(metadata))
225-
require.Equal(t, len(props["names"].([]string)), 1)
226-
require.NotEmpty(t, props["names"].([]string)[0])
227-
})
228-
229190
t.Run("Success v2", func(t *testing.T) {
230191
const vcName = "vc-name"
231192

pkg/doc/jwt/verifier.go

Lines changed: 6 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import (
1212
"crypto/x509"
1313
"errors"
1414
"fmt"
15+
"strings"
1516

1617
"github.com/square/go-jose/v3/json"
1718
"golang.org/x/crypto/ed25519"
@@ -29,8 +30,6 @@ const (
2930
signatureRS256 = "RS256"
3031
)
3132

32-
const issuerClaim = "iss"
33-
3433
// KeyResolver resolves public key based on what and kid.
3534
type KeyResolver interface {
3635

@@ -151,14 +150,13 @@ func verifySignature(resolver KeyResolver, signatureVerifier signatureVerifier,
151150
return fmt.Errorf("read claims from JSON Web Token: %w", err)
152151
}
153152

154-
issuer, err := getIssuerClaim(claims)
155-
if err != nil {
156-
return fmt.Errorf("read issuer claim: %w", err)
157-
}
158-
159153
kid, _ := joseHeaders.KeyID()
160154

161-
pubKey, err := resolver.Resolve(issuer, kid)
155+
if !strings.HasPrefix(kid, "did:") {
156+
return fmt.Errorf("kid %s is not DID", kid)
157+
}
158+
159+
pubKey, err := resolver.Resolve(strings.Split(kid, "#")[0], strings.Split(kid, "#")[1])
162160
if err != nil {
163161
return err
164162
}
@@ -206,17 +204,3 @@ func VerifyRS256(pubKey *verifier.PublicKey, message, signature []byte) error {
206204

207205
return rsa.VerifyPKCS1v15(pubKeyRsa, crypto.SHA256, hashed, signature)
208206
}
209-
210-
func getIssuerClaim(claims map[string]interface{}) (string, error) {
211-
v, ok := claims[issuerClaim]
212-
if !ok {
213-
return "", errors.New("issuer claim is not defined")
214-
}
215-
216-
s, ok := v.(string)
217-
if !ok {
218-
return "", errors.New("issuer claim is not a string")
219-
}
220-
221-
return s, nil
222-
}

pkg/doc/jwt/verifier_test.go

Lines changed: 8 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -38,13 +38,18 @@ func getTestKeyResolver(pubKey *verifier.PublicKey, err error) KeyResolver {
3838
func TestNewVerifier(t *testing.T) {
3939
r := require.New(t)
4040

41+
validHeaders := map[string]interface{}{
42+
"alg": "EdDSA",
43+
"kid": "did:123#key1",
44+
}
45+
4146
t.Run("Verify JWT signed by EdDSA", func(t *testing.T) {
4247
pubKey, privKey, err := ed25519.GenerateKey(rand.Reader)
4348
r.NoError(err)
4449

4550
signer := NewEd25519Signer(privKey)
4651

47-
token, err := NewSigned(&Claims{Issuer: "Mike"}, nil, signer)
52+
token, err := NewSigned(&Claims{Issuer: "Mike"}, validHeaders, signer)
4853
r.NoError(err)
4954
jws, err := token.Serialize(false)
5055
r.NoError(err)
@@ -64,7 +69,7 @@ func TestNewVerifier(t *testing.T) {
6469

6570
pubKey := &privKey.PublicKey
6671

67-
signer := NewRS256Signer(privKey, nil)
72+
signer := NewRS256Signer(privKey, validHeaders)
6873

6974
token, err := NewSigned(&Claims{Issuer: "Mike"}, nil, signer)
7075
r.NoError(err)
@@ -94,27 +99,14 @@ func TestBasicVerifier_Verify(t *testing.T) { // error corner cases
9499

95100
validHeaders := map[string]interface{}{
96101
"alg": "EdDSA",
102+
"kid": "did:123#key1",
97103
}
98104

99105
// Invalid claims
100106
err = v.Verify(validHeaders, []byte("invalid JSON claims"), nil, nil)
101107
r.Error(err)
102108
r.Contains(err.Error(), "read claims from JSON Web Token")
103109

104-
// Issuer claim is not defined
105-
claimsWithoutIssuer, err := json.Marshal(map[string]interface{}{})
106-
r.NoError(err)
107-
err = v.Verify(validHeaders, claimsWithoutIssuer, nil, nil)
108-
r.Error(err)
109-
r.Contains(err.Error(), "issuer claim is not defined")
110-
111-
// Issuer claim is not a string
112-
claimsWithInvalidIssuer, err := json.Marshal(map[string]interface{}{"iss": 444})
113-
r.NoError(err)
114-
err = v.Verify(validHeaders, claimsWithInvalidIssuer, nil, nil)
115-
r.Error(err)
116-
r.Contains(err.Error(), "issuer claim is not a string")
117-
118110
validClaims, err := json.Marshal(map[string]interface{}{"iss": "Bob"})
119111
r.NoError(err)
120112

pkg/doc/verifiable/credential_jws_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ func TestJWTCredClaimsMarshalJWS(t *testing.T) {
3030
require.NoError(t, err)
3131

3232
t.Run("Marshal signed JWT", func(t *testing.T) {
33-
jws, err := jwtClaims.MarshalJWS(RS256, signer, "any")
33+
jws, err := jwtClaims.MarshalJWS(RS256, signer, "did:123#key1")
3434
require.NoError(t, err)
3535

3636
vcBytes, err := decodeCredJWS(jws, true, func(issuerID, keyID string) (*verifier.PublicKey, error) {

0 commit comments

Comments
 (0)