From f17d4c0725c9e6376612230cff830dff97ef7380 Mon Sep 17 00:00:00 2001 From: Tiago Nascimento Date: Wed, 12 Oct 2022 02:24:45 -0300 Subject: [PATCH] Add error when private key material present in did:jwk on dereference Signed-off-by: Tiago Nascimento --- did-jwk/src/lib.rs | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/did-jwk/src/lib.rs b/did-jwk/src/lib.rs index 612e33cc0..def5c1adb 100644 --- a/did-jwk/src/lib.rs +++ b/did-jwk/src/lib.rs @@ -8,6 +8,7 @@ use ssi_dids::{ Context, Contexts, DIDMethod, Document, Source, VerificationMethod, VerificationMethodMap, DEFAULT_CONTEXT, DIDURL, }; +use ssi_jwk::JWK; pub struct DIDJWK; @@ -51,7 +52,7 @@ impl DIDResolver for DIDJWK { } }; - let jwk = if let Ok(jwk) = serde_json::from_slice(&data) { + let jwk: JWK = if let Ok(jwk) = serde_json::from_slice(&data) { jwk } else { return ( @@ -64,6 +65,21 @@ impl DIDResolver for DIDJWK { None, ); }; + + let public_jwk = jwk.to_public(); + + if public_jwk != jwk { + return ( + ResolutionMetadata { + error: Some(ERROR_INVALID_DID.to_string()), + content_type: None, + property_set: None, + }, + None, + None, + ); + } + let vm_didurl = DIDURL { did: did.to_string(), fragment: Some("0".to_string()), @@ -245,4 +261,16 @@ mod tests { }; assert_eq!(public_key_jwk, jwk); } + + #[async_std::test] + async fn deny_private_key() { + let jwk = JWK::generate_ed25519().unwrap(); + let json = serde_jcs::to_string(&jwk).unwrap(); + let did = + "did:jwk:".to_string() + &multibase::encode(multibase::Base::Base64Url, &json)[1..]; + + let (res_meta, _object, _meta) = + dereference(&DIDJWK, &did, &DereferencingInputMetadata::default()).await; + assert!(res_meta.error.is_some()); + } }