fix: changed namespace validation check

hypersign-protocol · Apr 19, 2023 · 2a41872 · 2a41872
1 parent cbaedc0
commit 2a41872
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 97 deletions.
diff --git a/x/ssi/keeper/msg_server_create_did.go b/x/ssi/keeper/msg_server_create_did.go
@@ -25,7 +25,8 @@ func (k msgServer) CreateDID(goCtx context.Context, msg *types.MsgCreateDID) (*t
 	}
 
 	// Validate namespace in DID Document
-	if err := didDocNamespaceValidation(k, ctx, msgDidDocument); err != nil {
+	chainNamespace := k.GetChainNamespace(&ctx)
+	if err := types.DidChainNamespaceValidation(msgDidDocument, chainNamespace); err != nil {
 		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
 	}
 

diff --git a/x/ssi/keeper/msg_server_update_did.go b/x/ssi/keeper/msg_server_update_did.go
@@ -26,7 +26,8 @@ func (k msgServer) UpdateDID(goCtx context.Context, msg *types.MsgUpdateDID) (*t
 	}
 
 	// Validate namespace in DID Document
-	if err := didDocNamespaceValidation(k, ctx, msgDidDocument); err != nil {
+	chainNamespace := k.GetChainNamespace(&ctx)
+	if err := types.DidChainNamespaceValidation(msgDidDocument, chainNamespace); err != nil {
 		return nil, sdkerrors.Wrap(types.ErrInvalidDidDoc, err.Error())
 	}
 

diff --git a/x/ssi/keeper/namespace.go b/x/ssi/keeper/namespace.go
diff --git a/x/ssi/types/chain_namespace_validation.go b/x/ssi/types/chain_namespace_validation.go
@@ -0,0 +1,62 @@
+package types
+
+import (
+	"fmt"
+)
+
+func chainNamespaceValidation(docId string, validChainNamespace string) error {
+	documentChainNamespace := getDocumentChainNamespace(docId)
+	if documentChainNamespace != validChainNamespace {
+		return fmt.Errorf(
+			"expected namespace for id %v to be %v, got %v",
+			docId,
+			validChainNamespace,
+			documentChainNamespace,
+		)
+	} else {
+		return nil
+	}
+}
+
+// DidDocNamespaceValidation validates the namespace in Did Document
+func DidChainNamespaceValidation(didDoc *Did, validChainNamespace string) error {
+	// Subject ID check
+	if err := chainNamespaceValidation(didDoc.Id, validChainNamespace); err != nil {
+		return err
+	}
+
+	// Controllers check
+	for _, controller := range didDoc.Controller {
+		if err := chainNamespaceValidation(controller, validChainNamespace); err != nil {
+			return err
+		}
+	}
+
+	// Verification Method ID checks
+	for _, vm := range didDoc.VerificationMethod {
+		didId, _ := GetElementsFromDidUrl(vm.Id)
+		if err := chainNamespaceValidation(didId, validChainNamespace); err != nil {
+			return err
+		}
+	}
+
+	// Verification Relationships check
+	vmRelationshipList := [][]string{
+		didDoc.Authentication,
+		didDoc.AssertionMethod,
+		didDoc.KeyAgreement,
+		didDoc.CapabilityDelegation,
+		didDoc.CapabilityInvocation,
+	}
+
+	for _, vmRelationship := range vmRelationshipList {
+		// didUrl check and presence in verification methods
+		for _, id := range vmRelationship {
+			if err := chainNamespaceValidation(id, validChainNamespace); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/x/ssi/types/diddoc_validation.go b/x/ssi/types/diddoc_validation.go
@@ -7,12 +7,12 @@ import (
 
 // isValidDidDoc checks if the DID Id is valid
 func isValidDidDocId(id string) error {
-	inputDocumentIdentifier, err := getDidDocumentIdentifier(id)
+	inputDocumentIdentifier, err := getDocumentIdentifier(id)
 	if err != nil {
 		return err
 	}
 
-	inputDidMethod, err := getDidDocumentMethod(id)
+	inputDidMethod, err := getDocumentMethod(id)
 	if err != nil {
 		return err
 	}

diff --git a/x/ssi/types/utils.go b/x/ssi/types/utils.go
@@ -61,42 +61,53 @@ func checkDuplicateItems(list []string) string {
 	return ""
 }
 
-func getDidDocumentIdentifier(didId string) (string, error) {
-	didIdElements := strings.Split(didId, ":")
+func getDocumentChainNamespace(docId string) string {
+	docIdElements := strings.Split(docId, ":")
+
+	// Non Blockchain Account ID MSI
+	if len(docIdElements) == 4 || len(docIdElements) == 6 {
+		return docIdElements[2]
+	} else {
+		return ""
+	}
+}
+
+func getDocumentIdentifier(docId string) (string, error) {
+	docIdElements := strings.Split(docId, ":")
 
-	if len(didIdElements) < 1 {
-		return "", fmt.Errorf("invalid DID Id: %v", didId)
+	if len(docIdElements) < 1 {
+		return "", fmt.Errorf("invalid document Id: %v", docId)
 	}
 
-	return didIdElements[0], nil
+	return docIdElements[0], nil
 }
 
-func getDidDocumentMethod(didId string) (string, error) {
-	didIdElements := strings.Split(didId, ":")
+func getDocumentMethod(docId string) (string, error) {
+	docIdElements := strings.Split(docId, ":")
 
-	if len(didIdElements) < 2 {
-		return "", fmt.Errorf("invalid DID Id: %v", didId)
+	if len(docIdElements) < 2 {
+		return "", fmt.Errorf("invalid document Id: %v", docId)
 	}
 
-	return didIdElements[1], nil
+	return docIdElements[1], nil
 }
 
-// GetMethodSpecificIdAndType extracts the method-specific-id from DID Id and which of following
+// GetMethodSpecificIdAndType extracts the method-specific-id from Document Id and which of following
 // types it belongs to:
 //
 // 1. CAIP-10 Blockchain Account ID
 //
 // 2. String consisting of Alphanumeric, dot (.) and hyphen (-) characters only
 func GetMethodSpecificIdAndType(didId string) (string, string, error) {
-	didIdElements := strings.Split(didId, ":")
+	docIdElements := strings.Split(didId, ":")
 	var methodSpecificId string
 	var methodSpecificIdCondition string
 
 	if getMSIBlockchainAccountIdCondition(didId) {
-		methodSpecificId = strings.Join(didIdElements[(len(didIdElements)-3):], ":")
+		methodSpecificId = strings.Join(docIdElements[(len(docIdElements)-3):], ":")
 		methodSpecificIdCondition = MSIBlockchainAccountId
 	} else if getMSINonBlockchainAccountIdCondition(didId) {
-		methodSpecificId = didIdElements[len(didIdElements)-1]
+		methodSpecificId = docIdElements[len(docIdElements)-1]
 		methodSpecificIdCondition = MSINonBlockchainAccountId
 	} else {
 		return "", "", fmt.Errorf(