From 6ed803d76a9b011c9b2087bfcbfcb0c89025bead Mon Sep 17 00:00:00 2001 From: Firas Qutishat Date: Tue, 15 Oct 2024 05:04:39 -0400 Subject: [PATCH] chore: check did web id against did Signed-off-by: Firas Qutishat --- method/web/resolver.go | 6 ++++- method/web/resolver_test.go | 42 +++++++++++++++++++++++------- method/web/testdata/alice/did.json | 4 +-- 3 files changed, 39 insertions(+), 13 deletions(-) diff --git a/method/web/resolver.go b/method/web/resolver.go index 6571f72..1304249 100644 --- a/method/web/resolver.go +++ b/method/web/resolver.go @@ -29,7 +29,7 @@ const ( var errorLogger = log.New(os.Stderr, " [did-go/vdr/web] ", log.Ldate|log.Ltime|log.LUTC) // Read resolves a did:web did. -func (v *VDR) Read(didID string, opts ...vdrapi.DIDMethodOption) (*did.DocResolution, error) { +func (v *VDR) Read(didID string, opts ...vdrapi.DIDMethodOption) (*did.DocResolution, error) { //nolint: gocyclo httpClient := &http.Client{} didOpts := &vdrapi.DIDMethodOpts{Values: make(map[string]interface{})} @@ -80,6 +80,10 @@ func (v *VDR) Read(didID string, opts ...vdrapi.DIDMethodOption) (*did.DocResolu return nil, fmt.Errorf("error resolving did:web did --> error parsing did doc --> %w", err) } + if doc.ID != didID { + return nil, fmt.Errorf("did id %s not matching did %s", doc.ID, didID) + } + return &did.DocResolution{DIDDocument: doc}, nil } diff --git a/method/web/resolver_test.go b/method/web/resolver_test.go index 56e63bc..508155a 100644 --- a/method/web/resolver_test.go +++ b/method/web/resolver_test.go @@ -36,7 +36,7 @@ const ( validDoc = `{ "@context": ["https://w3id.org/did/v1"], - "id": "did:web:www.example.org" + "id": "%s" }` invalidDoc = `{}` @@ -104,7 +104,8 @@ func TestResolveDID(t *testing.T) { }) t.Run("test resolve did success", func(t *testing.T) { s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - _, err := w.Write([]byte(validDoc)) + data := fmt.Sprintf(validDoc, "did:web:"+urlapi.QueryEscape(r.Host)) + _, err := w.Write([]byte(data)) require.NoError(t, err) })) defer s.Close() @@ -112,13 +113,28 @@ func TestResolveDID(t *testing.T) { v := New() docResolution, err := v.Read(did, vdrapi.WithOption(HTTPClientOpt, s.Client())) require.Nil(t, err) - expectedDoc, err := didapi.ParseDocument([]byte(validDoc)) + data := fmt.Sprintf(validDoc, did) + expectedDoc, err := didapi.ParseDocument([]byte(data)) require.Nil(t, err) require.Equal(t, expectedDoc, docResolution.DIDDocument) }) + t.Run("test resolve with wrong did id", func(t *testing.T) { + s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + data := fmt.Sprintf(validDoc, "did:web:123") + _, err := w.Write([]byte(data)) + require.NoError(t, err) + })) + defer s.Close() + did := fmt.Sprintf("did:web:%s", urlapi.QueryEscape(strings.TrimPrefix(s.URL, "https://"))) + v := New() + doc, err := v.Read(did, vdrapi.WithOption(HTTPClientOpt, s.Client())) + require.Nil(t, doc) + require.ErrorContains(t, err, "did id did:web:123 not matching did") + }) t.Run("test resolve did with path success", func(t *testing.T) { s := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - _, err := w.Write([]byte(validDoc)) + data := fmt.Sprintf(validDoc, "did:web:"+urlapi.QueryEscape(r.Host)+":user:example") + _, err := w.Write([]byte(data)) require.NoError(t, err) })) defer s.Close() @@ -126,7 +142,8 @@ func TestResolveDID(t *testing.T) { v := New() docResolution, err := v.Read(did, vdrapi.WithOption(HTTPClientOpt, s.Client())) require.Nil(t, err) - expectedDoc, err := didapi.ParseDocument([]byte(validDoc)) + data := fmt.Sprintf(validDoc, did) + expectedDoc, err := didapi.ParseDocument([]byte(data)) require.Nil(t, err) require.Equal(t, expectedDoc, docResolution.DIDDocument) }) @@ -153,8 +170,8 @@ func TestResolveDomain(t *testing.T) { http.NotFound(w, r) return } - - _, err := w.Write(aliceDoc) + data := fmt.Sprintf(string(aliceDoc), "did:web:"+urlapi.QueryEscape(r.Host)) + _, err := w.Write([]byte(data)) require.NoError(t, err) })) defer s.Close() @@ -165,7 +182,9 @@ func TestResolveDomain(t *testing.T) { v := New() docResolution, err := v.Read(did, vdrapi.WithOption(HTTPClientOpt, s.Client())) require.Nil(t, err) - expectedDoc, err := didapi.ParseDocument(aliceDoc) + data := fmt.Sprintf(string(aliceDoc), did) + + expectedDoc, err := didapi.ParseDocument([]byte(data)) require.Nil(t, err) require.Equal(t, expectedDoc, docResolution.DIDDocument) }) @@ -181,7 +200,8 @@ func TestResolveWebFixtures(t *testing.T) { return } - _, err := w.Write(aliceDoc) + data := fmt.Sprintf(string(aliceDoc), "did:web:"+urlapi.QueryEscape(r.Host)+":alice") + _, err := w.Write([]byte(data)) require.NoError(t, err) })) defer s.Close() @@ -192,7 +212,9 @@ func TestResolveWebFixtures(t *testing.T) { v := New() docResolution, err := v.Read(did, vdrapi.WithOption(HTTPClientOpt, s.Client())) require.Nil(t, err) - expectedDoc, err := didapi.ParseDocument(aliceDoc) + data := fmt.Sprintf(string(aliceDoc), did) + + expectedDoc, err := didapi.ParseDocument([]byte(data)) require.Nil(t, err) require.Equal(t, expectedDoc, docResolution.DIDDocument) }) diff --git a/method/web/testdata/alice/did.json b/method/web/testdata/alice/did.json index 13e6777..885bbb8 100644 --- a/method/web/testdata/alice/did.json +++ b/method/web/testdata/alice/did.json @@ -1,6 +1,6 @@ { "@context": "https://w3id.org/did/v0.11", - "id": "did:web:did.actor:alice", + "id": "%s", "publicKey": [ { "id": "did:web:did.actor:alice#z6MkrmNwty5ajKtFqc1U48oL2MMLjWjartwc5sf2AihZwXDN", @@ -29,4 +29,4 @@ "publicKeyBase58": "CaSHXEvLKS6SfN9aBfkVGBpp15jSnaHazqHgLHp8KZ3Y" } ] -} \ No newline at end of file +}