fix(Castor): createPrismDID and resolveDID key id conflicts (#243)

Signed-off-by: Curtis Harding <[email protected]>
hyperledger · Jul 19, 2024 · 5024818 · 5024818
1 parent b20cf65
commit 5024818
Show file tree

Hide file tree

Showing 6 changed files with 224 additions and 86 deletions.
diff --git a/src/castor/Castor.ts b/src/castor/Castor.ts
@@ -43,7 +43,7 @@ import { X25519PublicKey } from "../apollo/utils/X25519PublicKey";
 import { Ed25519PublicKey } from "../apollo/utils/Ed25519PublicKey";
 import { PrismDIDPublicKey } from "./did/prismDID/PrismDIDPublicKey";
 
-type ExtraResolver = new (apollo: Apollo) => DIDResolver
+type ExtraResolver = new (apollo: Apollo) => DIDResolver;
 /**
  * Castor is a powerful and flexible library for working with DIDs. Whether you are building a decentralised application
  * or a more traditional system requiring secure and private identity management, Castor provides the tools and features
@@ -136,21 +136,19 @@ export default class Castor implements CastorInterface {
       getUsageId(Usage.AUTHENTICATION_KEY),
       Usage.AUTHENTICATION_KEY,
       masterPublicKey,
-
     ).toProto();
 
-    if (issuingKeys.length) {
-      didPublicKeys.push(...issuingKeys.map((issuingKey) => new PrismDIDPublicKey(
-        getUsageId(Usage.ISSUING_KEY),
+    didPublicKeys.push(masterPk);
+    didPublicKeys.push(authenticationPk);
+
+    if (issuingKeys.length > 0) {
+      didPublicKeys.push(...issuingKeys.map((issuingKey, index) => new PrismDIDPublicKey(
+        getUsageId(Usage.ISSUING_KEY, index),
         Usage.ISSUING_KEY,
         "publicKey" in issuingKey ? issuingKey.publicKey : issuingKey,
-
-      ).toProto()))
+      ).toProto()));
     }
 
-    didPublicKeys.push(authenticationPk)
-    didPublicKeys.push(masterPk)
-
     const didCreationData =
       new Protos.io.iohk.atala.prism.protos.CreateDIDOperation.DIDCreationData({
         public_keys: didPublicKeys,
@@ -332,7 +330,7 @@ export default class Castor implements CastorInterface {
           if (method.type === Curve.ED25519) {
             const publicKey = new Ed25519PublicKey(
               Buffer.from(base58.base58btc.decode(method.publicKeyMultibase))
-            )
+            );
             if (
               publicKey.canVerify() &&
               publicKey.verify(Buffer.from(challenge), Buffer.from(signature))
@@ -341,7 +339,7 @@ export default class Castor implements CastorInterface {
             }
           }
         } catch (err) {
-          console.debug("checking next key for verification")
+          console.debug("checking next key for verification");
         }
       }
     } else if (did.method == "peer") {

diff --git a/src/castor/resolver/LongFormPrismDIDResolver.ts b/src/castor/resolver/LongFormPrismDIDResolver.ts
@@ -17,7 +17,6 @@ import {
   PublicKey,
   Curve,
   getUsage,
-  getUsageId,
 } from "../../domain/models";
 
 import * as DIDParser from "../parser/DIDParser";
@@ -33,7 +32,7 @@ import { PrismDIDPublicKey } from "../did/prismDID/PrismDIDPublicKey";
 export class LongFormPrismDIDResolver implements DIDResolver {
   method = "prism";
 
-  constructor(private apollo: Apollo) { }
+  constructor(private apollo: Apollo) {}
 
   async resolve(didString: string): Promise<DIDDocument> {
     const did = DIDParser.parse(didString);
@@ -119,9 +118,9 @@ export class LongFormPrismDIDResolver implements DIDResolver {
             } else {
               throw new Error("Unsupported key type")
             }
-            const usage = getUsage(key.usage)
+            const usage = getUsage(key.usage);
             return new PrismDIDPublicKey(
-              getUsageId(usage),
+              key.id,
               usage,
               pk,
             )

diff --git a/src/domain/models/keyManagement/Key.ts b/src/domain/models/keyManagement/Key.ts
@@ -48,9 +48,16 @@ export function getProtosUsage(
   }
 }
 
-
-export function getUsageId(index: Usage): string {
-  switch (index) {
+/**
+ * create an identifier for keys within a DID Document
+ * should be unique within the Document
+ * 
+ * @param keyUsage - maps to a prefix word
+ * @param index - occurrence of this keyUsage
+ * @returns {string}
+ */
+export function getUsageId(keyUsage: Usage, index = 0): string {
+  switch (keyUsage) {
     case Usage.MASTER_KEY:
       return `master${index}`;
     case Usage.ISSUING_KEY:
@@ -123,7 +130,7 @@ export function curveToAlg(curve: string) {
   if (curve === Curve.ED25519 || curve === Curve.X25519) {
     return JWT_ALG.EdDSA;
   }
-  return JWT_ALG.unknown
+  return JWT_ALG.unknown;
 }
 export function getKeyCurveByNameAndIndex(
   name: string,
@@ -158,7 +165,7 @@ export abstract class Key {
   get alg(): JWT_ALG {
     // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     const curve = this.getProperty(KeyProperties.curve)!;
-    return curveToAlg(curve)
+    return curveToAlg(curve);
   }
 
   isDerivable(): this is DerivableKey {

diff --git a/src/pollux/utils/JWT.ts b/src/pollux/utils/JWT.ts
@@ -2,15 +2,15 @@ import * as didJWT from "did-jwt";
 import { JWTCredential } from "../../pollux/models/JWTVerifiableCredential";
 import { JWTCore } from "./jwt/JWTCore";
 import { JWTInstanceType, JWTSignOptions, JWTVerifyOptions } from "./jwt/types";
-import { PublicKey } from "../../domain";
 import { decodeJWS } from "./decodeJWS";
 import { base64url } from "multiformats/bases/base64";
+import { isNil } from "../../utils";
 
 export class JWT extends JWTCore<JWTInstanceType.JWT> {
   public type = JWTInstanceType.JWT;
 
   async decode(jws: string) {
-    return decodeJWS(jws)
+    return decodeJWS(jws);
   }
 
   async verify(
@@ -30,22 +30,27 @@ export class JWT extends JWTCore<JWTInstanceType.JWT> {
       if (jwtObject.isCredential && holderDID && holderDID.toString() !== jwtObject.subject) {
         throw new Error("Invalid subject (holder)");
       }
-      const { signature, data } = await this.decode(jws);
-      for (const verificationMethod of verificationMethods) {
-        const pk: PublicKey | undefined = this.getPKInstance(verificationMethod)
-        if (!pk) {
-          throw new Error("Invalid key verification method type found")
+
+      const decoded = await this.decode(jws);
+      const verified = verificationMethods.some(vm => {
+        try {
+          const pk = this.getPKInstance(vm);
+
+          if (isNil(pk) || !pk.canVerify()) {
+            throw new Error("Invalid key verification method type found");
+          }
+
+          const decodedSignature = base64url.baseDecode(decoded.signature);
+          const passed = pk.verify(Buffer.from(decoded.data), Buffer.from(decodedSignature));
+          return passed;
         }
-        if (!pk.canVerify()) {
-          throw new Error("Invalid key verification method type found")
+        catch {
+          return false;
         }
-        const decodedSignature = base64url.baseDecode(signature)
-        return pk.verify(
-          Buffer.from(data), Buffer.from(decodedSignature)
-        )
-      }
-      return false;
-    } catch (err) {
+      });
+
+      return verified;
+    } catch {
       return false;
     }
   }