Skip to content

Commit

Permalink
update validation logic
Browse files Browse the repository at this point in the history 
Signed-off-by: Mirko Mollik <mirko.mollik@fit.fraunhofer.de>
  • Loading branch information
@cre8
cre8 committed Mar 8, 2024
1 parent 7f987b0 commit 642c7ee
Show file tree
Hide file tree
Showing 2 changed files with 108 additions and 8 deletions.
16 changes: 8 additions & 8 deletions packages/core/src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,11 @@ export class SDJwtInstance {
}

//validate disclosureFrame according to https://www.ietf.org/archive/id/draft-ietf-oauth-sd-jwt-vc-01.html#section-3.2.2.2
if (disclosureFrame?._sd) {
if (
disclosureFrame?._sd &&
Array.isArray(disclosureFrame._sd) &&
disclosureFrame._sd.length > 0
) {
const reservedNames = [
'iss',
'iat',
Expand All @@ -116,15 +120,11 @@ export class SDJwtInstance {
'status',
];
// check if there is any reserved names in the disclosureFrame._sd array
const reservedNamesInDisclosureFrame = Object.keys(
disclosureFrame._sd,
const reservedNamesInDisclosureFrame = (
disclosureFrame._sd as string[]
).filter((key) => reservedNames.includes(key));
if (reservedNamesInDisclosureFrame.length > 0) {
throw new SDJWTException(
`Invalid disclosureFrame: reserved names in _sd array: ${reservedNamesInDisclosureFrame.join(
', ',
)}`,
);
throw new SDJWTException('Cannot disclose protected field');
}
}

Expand Down
100 changes: 100 additions & 0 deletions packages/core/src/test/index.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ import { Signer, Verifier } from '@sd-jwt/types';
import Crypto from 'node:crypto';
import { describe, expect, test } from 'vitest';
import { digest, generateSalt } from '@sd-jwt/crypto-nodejs';
import { SDJWTException } from '@sd-jwt/utils';

export const createSignerVerifier = () => {
const { privateKey, publicKey } = Crypto.generateKeyPairSync('ed25519');
Expand Down Expand Up @@ -41,6 +42,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -75,6 +79,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -107,6 +114,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -145,6 +155,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -185,6 +198,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -212,6 +228,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand All @@ -232,6 +251,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand All @@ -253,6 +275,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -280,6 +305,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -318,6 +346,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand Down Expand Up @@ -354,6 +385,9 @@ describe('index', () => {
const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
Expand All @@ -376,4 +410,70 @@ describe('index', () => {
expect(e).toBeDefined();
}
});

test('kbSignAlg not found', async () => {
const { signer, verifier } = createSignerVerifier();
const sdjwt = new SDJwtInstance({
signer,
verifier,
hasher: digest,
saltGenerator: generateSalt,
kbSigner: signer,
signAlg: 'EdDSA',
});

const credential = await sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo'],
},
);

const presentation = sdjwt.present(credential, ['foo'], {
kb: {
payload: {
sd_hash: 'sha-256',
aud: '1',
iat: 1,
nonce: '342',
},
},
});
expect(presentation).rejects.toThrow(
'Key Binding sign algorithm not specified',
);
});

test('hasher is not found', () => {
const sdjwt = new SDJwtInstance({});
expect(sdjwt.keys('')).rejects.toThrow('Hasher not found');
});

test('try to disclose a procted field', async () => {
const { signer } = createSignerVerifier();
const sdjwt = new SDJwtInstance({
signer,
hasher: digest,
saltGenerator: generateSalt,
signAlg: 'EdDSA',
});

const credential = sdjwt.issue(
{
foo: 'bar',
iss: 'Issuer',
iat: new Date().getTime(),
vct: '',
},
{
_sd: ['foo', 'iss'],
},
);
expect(credential).rejects.toThrow('Cannot disclose protected field');
});
});

0 comments on commit 642c7ee

Please sign in to comment.