Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change IotaDocument::verify_document from a static function to a method #675

Merged
merged 3 commits into from
Feb 25, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions bindings/wasm/.cargo/config.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[build]
target = "wasm32-unknown-unknown"
43 changes: 21 additions & 22 deletions bindings/wasm/docs/api-reference.md
Original file line number Diff line number Diff line change
Expand Up @@ -888,14 +888,14 @@ with the given Document.
* [.signPresentation(data, args, options)](#Document+signPresentation) ⇒ [<code>Presentation</code>](#Presentation)
* [.signData(data, args, options)](#Document+signData) ⇒ <code>any</code>
* [.verifyData(data, options)](#Document+verifyData) ⇒ <code>boolean</code>
* [.verifyDocument(signed)](#Document+verifyDocument)
* [.diff(other, message_id, key, method_query)](#Document+diff) ⇒ [<code>DiffMessage</code>](#DiffMessage)
* [.verifyDiff(diff)](#Document+verifyDiff)
* [.mergeDiff(diff)](#Document+mergeDiff)
* [.integrationIndex()](#Document+integrationIndex) ⇒ <code>string</code>
* [.toJSON()](#Document+toJSON) ⇒ <code>any</code>
* _static_
* [.fromVerificationMethod(method)](#Document.fromVerificationMethod) ⇒ [<code>Document</code>](#Document)
* [.verifyDocument(signed, signer)](#Document.verifyDocument)
* [.verifyRootDocument(document)](#Document.verifyRootDocument)
* [.diffIndex(message_id)](#Document.diffIndex) ⇒ <code>string</code>
* [.fromJSON(json)](#Document.fromJSON) ⇒ [<code>Document</code>](#Document)
Expand Down Expand Up @@ -1144,6 +1144,26 @@ Verifies the authenticity of `data` using the target verification method.
| data | <code>any</code> |
| options | [<code>VerifierOptions</code>](#VerifierOptions) |

<a name="Document+verifyDocument"></a>

### document.verifyDocument(signed)
Verifies that the signature on the DID document `signed` was generated by a valid method from
this DID document.

# Errors

Fails if:
- The signature proof section is missing in the `signed` document.
- The method is not found in this document.
- An unsupported verification method is used.
- The signature verification operation fails.

**Kind**: instance method of [<code>Document</code>](#Document)

| Param | Type |
| --- | --- |
| signed | [<code>Document</code>](#Document) |

<a name="Document+diff"></a>

### document.diff(other, message_id, key, method_query) ⇒ [<code>DiffMessage</code>](#DiffMessage)
Expand Down Expand Up @@ -1216,27 +1236,6 @@ NOTE: the generated document is unsigned, see `Document::signSelf`.
| --- | --- |
| method | [<code>VerificationMethod</code>](#VerificationMethod) |

<a name="Document.verifyDocument"></a>

### Document.verifyDocument(signed, signer)
Verifies that the signature on the DID document `signed` was generated by a valid method from
the `signer` DID document.

# Errors

Fails if:
- The signature proof section is missing in the `signed` document.
- The method is not found in the `signer` document.
- An unsupported verification method is used.
- The signature verification operation fails.

**Kind**: static method of [<code>Document</code>](#Document)

| Param | Type |
| --- | --- |
| signed | [<code>Document</code>](#Document) |
| signer | [<code>Document</code>](#Document) |

<a name="Document.verifyRootDocument"></a>

### Document.verifyRootDocument(document)
Expand Down
8 changes: 4 additions & 4 deletions bindings/wasm/src/did/wasm_document.rs
Original file line number Diff line number Diff line change
Expand Up @@ -282,18 +282,18 @@ impl WasmDocument {
}

/// Verifies that the signature on the DID document `signed` was generated by a valid method from
/// the `signer` DID document.
/// this DID document.
///
/// # Errors
///
/// Fails if:
/// - The signature proof section is missing in the `signed` document.
/// - The method is not found in the `signer` document.
/// - The method is not found in this document.
/// - An unsupported verification method is used.
/// - The signature verification operation fails.
#[wasm_bindgen(js_name = verifyDocument)]
pub fn verify_document(signed: &WasmDocument, signer: &WasmDocument) -> Result<()> {
IotaDocument::verify_document(&signed.0, &signer.0).wasm_result()
pub fn verify_document(&self, signed: &WasmDocument) -> Result<()> {
self.0.verify_document(&signed.0).wasm_result()
}

/// Verifies whether `document` is a valid root DID document according to the IOTA DID method
Expand Down
4 changes: 2 additions & 2 deletions bindings/wasm/tests/wasm.rs
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ fn test_document_sign_self() {
&JsValue::from(document.default_signing_method().unwrap().id()).unchecked_into(),
)
.unwrap();
assert!(WasmDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
}

// Sign with string method query.
Expand All @@ -153,7 +153,7 @@ fn test_document_sign_self() {
&JsValue::from_str(&document.default_signing_method().unwrap().id().to_string()).unchecked_into(),
)
.unwrap();
assert!(WasmDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
}
}

Expand Down
4 changes: 2 additions & 2 deletions identity-iota/src/chain/integration_chain.rs
Original file line number Diff line number Diff line change
Expand Up @@ -190,8 +190,8 @@ impl IntegrationChain {
});
}

// Verify the next document was signed by a valid method from the previous document.
if IotaDocument::verify_document(&document.document, &self.current.document).is_err() {
// Verify the next document was signed by a valid method from the previous "current" document.
if self.current.document.verify_document(&document.document).is_err() {
return Err(Error::ChainError {
error: "Invalid Signature",
});
Expand Down
46 changes: 23 additions & 23 deletions identity-iota/src/document/iota_document.rs
Original file line number Diff line number Diff line change
Expand Up @@ -457,21 +457,21 @@ impl IotaDocument {
}

/// Verifies that the signature on the DID document `signed` was generated by a valid method from
/// the `signer` DID document.
/// this DID document.
///
/// # Errors
///
/// Fails if:
/// - The signature proof section is missing in the `signed` document.
/// - The method is not found in the `signer` document.
/// - The method is not found in this document.
/// - An unsupported verification method is used.
/// - The signature verification operation fails.
pub fn verify_document(signed: &IotaDocument, signer: &IotaDocument) -> Result<()> {
pub fn verify_document(&self, signed: &IotaDocument) -> Result<()> {
// Ensure signing method is allowed to sign document updates.
let options = VerifierOptions::default()
.method_scope(MethodScope::capability_invocation())
.method_type(Self::UPDATE_METHOD_TYPES.to_vec());
signer.verify_data(signed, &options).map_err(Into::into)
self.verify_data(signed, &options)
}

/// Verifies whether `document` is a valid root DID document according to the IOTA DID method
Expand All @@ -493,8 +493,8 @@ impl IotaDocument {
return Err(Error::InvalidRootDocument);
}

// Validate the document is signed correctly.
Self::verify_document(document, document)
// Validate the document is correctly self-signed.
document.verify_document(document)
}

// ===========================================================================
Expand Down Expand Up @@ -887,7 +887,7 @@ mod tests {
fn test_sign_self() {
let keypair: KeyPair = generate_testkey();
let mut document: IotaDocument = IotaDocument::new(&keypair).unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());

// Sign with the default capability invocation method.
document
Expand All @@ -896,14 +896,14 @@ mod tests {
document.default_signing_method().unwrap().id().clone(),
)
.unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
}

#[test]
fn test_sign_self_new_method() {
let keypair: KeyPair = generate_testkey();
let mut document: IotaDocument = IotaDocument::new(&keypair).unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());

// Add a new capability invocation method directly
let new_keypair: KeyPair = KeyPair::new(KeyType::Ed25519).unwrap();
Expand All @@ -920,18 +920,18 @@ mod tests {

// INVALID - try sign using the wrong private key
document.sign_self(keypair.private(), "#new_signer").unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());

// VALID - Sign with the new capability invocation method private key
document.sign_self(new_keypair.private(), "#new_signer").unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
}

#[test]
fn test_sign_self_embedded_controller_method_with_same_fragment() {
let keypair: KeyPair = generate_testkey();
let mut document: IotaDocument = IotaDocument::new(&keypair).unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());

// Add a new signing method from a controller DID Document with the SAME FRAGMENT
// as the default signing method.
Expand Down Expand Up @@ -969,13 +969,13 @@ mod tests {
document
.sign_self(controller_keypair.private(), IotaDocument::DEFAULT_METHOD_FRAGMENT)
.unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());

// VALID - sign with the controller's private key referencing the full DID-Url of the method.
document
.sign_self(controller_keypair.private(), controller_method.id())
.unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
}

#[test]
Expand All @@ -989,9 +989,9 @@ mod tests {
// INVALID - try sign referencing a non-existent verification method.
{
let (mut document, keypair) = generate_document();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());
assert!(document.sign_self(keypair.private(), "#doesnotexist").is_err());
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());
}

// INVALID - try sign using a random private key.
Expand All @@ -1004,7 +1004,7 @@ mod tests {
document.default_signing_method().unwrap().id().clone(),
)
.unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());
}

// INVALID - try sign using any verification relationship other than capability invocation.
Expand All @@ -1028,7 +1028,7 @@ mod tests {
document.insert_method(method_new, method_scope).unwrap();
// Try sign the document using the new key.
assert!(document.sign_self(keypair_new.private(), "#new_signer").is_err());
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());
assert!(IotaDocument::verify_root_document(&document).is_err());
}

Expand All @@ -1044,7 +1044,7 @@ mod tests {
assert!(document
.sign_self(key_collection.private(0).unwrap(), "merkle-key")
.is_err());
assert!(IotaDocument::verify_document(&document, &document).is_err());
assert!(document.verify_document(&document).is_err());
}
}

Expand Down Expand Up @@ -1304,7 +1304,7 @@ mod tests {
document.default_signing_method().unwrap().id().clone(),
)
.unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
assert!(IotaDocument::verify_root_document(&document).is_ok());
}

Expand All @@ -1331,7 +1331,7 @@ mod tests {
document.default_signing_method().unwrap().id().clone(),
)
.unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
assert!(IotaDocument::verify_root_document(&document).is_err());
}

Expand All @@ -1351,7 +1351,7 @@ mod tests {
new_document.default_signing_method().unwrap().id().clone(),
)
.unwrap();
assert!(IotaDocument::verify_document(&new_document, &new_document).is_ok());
assert!(new_document.verify_document(&new_document).is_ok());
assert!(IotaDocument::verify_root_document(&new_document).is_err());
}

Expand All @@ -1372,7 +1372,7 @@ mod tests {
.unwrap();
// Sign the document using the new key.
document.sign_self(keypair_new.private(), "#new_signer").unwrap();
assert!(IotaDocument::verify_document(&document, &document).is_ok());
assert!(document.verify_document(&document).is_ok());
assert!(IotaDocument::verify_root_document(&document).is_err());
}
}
Expand Down
8 changes: 3 additions & 5 deletions libjose/src/jwe/encoder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -234,14 +234,12 @@ impl<'a> Encoder<'a> {
})
.collect::<Result<_>>()?;

let protected_b64: Option<String>;

if self.format == JweFormat::Compact {
let protected_b64: Option<String> = if self.format == JweFormat::Compact {
assert_eq!(recipients.len(), 1);
protected_b64 = Some(encode_b64_json(&recipients[0].1)?);
Some(encode_b64_json(&recipients[0].1)?)
} else {
assert_eq!(recipients.len(), self.recipients.len());
protected_b64 = self.protected.map(encode_b64_json).transpose()?;
self.protected.map(encode_b64_json).transpose()?
};

let aad_b64: Option<String> = self.aad.map(encode_b64);
Expand Down