Skip to content

Commit

Permalink
feat: validate peer did identifier
Browse files Browse the repository at this point in the history
The receiving agent should have the capability to validate the DID Document
against the name-string component of the DID Identifier.

closes hyperledger-archives#48

Signed-off-by: talwinder.kaur <[email protected]>
  • Loading branch information
talwinder50 committed Aug 31, 2019
1 parent b7a6c69 commit 84f5ef4
Show file tree
Hide file tree
Showing 2 changed files with 118 additions and 14 deletions.
63 changes: 58 additions & 5 deletions pkg/didmethod/peer/did.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ package peer

import (
"crypto"
"encoding/base64"
"encoding/hex"
"encoding/json"
"regexp"
"strings"

"github.com/hyperledger/aries-framework-go/pkg/doc/did"
Expand All @@ -30,7 +31,61 @@ func newDid(doc *did.Doc) (string, error) {
if doc.PublicKey == nil || doc.Authentication == nil {
return "", errors.New("the genesis version must include public keys and authentication")
}
numBasis, err := numBasis(doc)
if err != nil {
return "", err
}
messageIdentifier := []string{peerPrefix, numAlgo, encAlgo, "-", numBasis}
peerDID := strings.Join(messageIdentifier, "")

return peerDID, nil
}

/*
validateDID checks the format of the doc's DID and checks that the DID's 'namestring' matches against its numeric basis as per the
Namestring Generation Method: https://openssi.github.io/peer-did-method-spec/index.html#namestring-generation-method
Note: this check should be done only on the resolved variant of the genesis version of Peer DID documents.
*/
func validateDID(doc *did.Doc) error {

peerDid := doc.ID

matched, _ := regexp.MatchString(`did:peer:11-([a-fA-F0-9]){64}`, peerDid)
if !matched {
return errors.Errorf("did doesnt follow matching regex")
}

//extracting numbasis from the validated did
splitDid := strings.FieldsFunc(peerDid, func(r rune) bool { return r == '-' })
extractedNumBasis := splitDid[1]

// genesis version(no did) of the peer DID doc
genesisDoc := &did.Doc{
Context: doc.Context,
ID: "",
PublicKey: doc.PublicKey,
Service: doc.Service,
Authentication: doc.Authentication,
Created: doc.Created,
Updated: doc.Updated,
Proof: doc.Proof,
}

//calculate the numbasis of the genesis version of the peer DID doc
numBas, err := numBasis(genesisDoc)
if err != nil {
return err
}

if !(numBas == extractedNumBasis) {
return errors.New("hash of the doc doesnt match the computed hash")
}
return nil
}

/* numBasis is numeric basis. The spec requires a 256-bit (encoded using 64 hexadecimal digits) numBasis generated from a hash of the initial content of a DID doc i.e genesis doc.
Reference : https://dhh1128.github.io/peer-did-method-spec/#matching-regex */
func numBasis(doc *did.Doc) (string, error) {
docBytes, err := json.Marshal(doc)
if err != nil {
return "", err
Expand All @@ -40,11 +95,9 @@ func newDid(doc *did.Doc) (string, error) {
if err != nil {
return "", err
}
numBasis := base64.URLEncoding.EncodeToString(hash)
messageIdentifier := []string{peerPrefix, numAlgo, encAlgo, "-", numBasis}
peerDID := strings.Join(messageIdentifier, "")
numBasis := hex.EncodeToString(hash)

return peerDID, nil
return numBasis, nil
}

// computeHash will compute the hash for the supplied bytes
Expand Down
69 changes: 60 additions & 9 deletions pkg/didmethod/peer/did_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,16 @@ import (
"github.com/stretchr/testify/assert"
)

func TestNewDid(t *testing.T) {
storedDoc, err := GenerateGenesisDoc()
require.NoError(t, err)
func TestNewDID(t *testing.T) {
storedDoc := genesisDoc()
require.NotNil(t, storedDoc)

peerDID, err := newDid(storedDoc)
require.NoError(t, err)
require.NotNil(t, peerDID)
assert.Contains(t, peerDID, "did:peer:11")
}

func TestNewDidError(t *testing.T) {
func TestNewDIDError(t *testing.T) {
storedDoc := &did.Doc{ID: "did:peer:11"}
_, err := newDid(storedDoc)
require.Error(t, err)
Expand All @@ -38,16 +36,52 @@ func TestComputeHash(t *testing.T) {
assert.Nil(t, err)
assert.NotNil(t, hash)
}

func TestComputeHashError(t *testing.T) {
hash, err := computeHash([]byte(""))
assert.NotNil(t, err)
assert.Contains(t, err.Error(), "empty bytes")
assert.Nil(t, hash)
}
func TestValidateDid(t *testing.T) {
peerDoc, err := peerDidDoc()
require.NoError(t, err)
require.NotNil(t, peerDoc)
err = validateDID(peerDoc)
require.NoError(t, err)
}
func TestValidateDIDError(t *testing.T) {
peerDoc := invalidPeerDIDDoc()
require.NotNil(t, peerDoc)
err := validateDID(peerDoc)
require.Error(t, err)
require.Equal(t, "did doesnt follow matching regex", err.Error())
}
func TestValidateErrorHashString(t *testing.T) {
peerDoc := &did.Doc{ID: "did:peer:11-479cbc07c3f991725836a3aa2a581ca2029198aa420b9d99bc0e131d9f3e2cbe"}
err := validateDID(peerDoc)
require.Error(t, err)
require.Equal(t, "hash of the doc doesnt match the computed hash", err.Error())
}

// GenerateGenesisDoc creates the doc without an id
func GenerateGenesisDoc() (*did.Doc, error) {
func TestValidateDIDRegex(t *testing.T) {
did1 := &did.Doc{ID: "did:peer:22"}
err := validateDID(did1)
require.Error(t, err)
require.Equal(t, err.Error(), "did doesnt follow matching regex")

did2 := &did.Doc{ID: "did:sidetree:22"}
err = validateDID(did2)
require.Error(t, err)
require.Equal(t, err.Error(), "did doesnt follow matching regex")

did3 := &did.Doc{ID: "did:peer:1-*&$*|||"}
err = validateDID(did3)
require.Error(t, err)
require.Equal(t, err.Error(), "did doesnt follow matching regex")
}

// genesisDoc creates the doc without an id
func genesisDoc() *did.Doc {

pk := []did.PublicKey{
{
Expand Down Expand Up @@ -81,5 +115,22 @@ func GenerateGenesisDoc() (*did.Doc, error) {
Created: &time.Time{},
}
return &did.Doc{Context: doc.Context, PublicKey: doc.PublicKey, Authentication: doc.Authentication,
Created: doc.Created}, nil
Created: doc.Created}
}

func peerDidDoc() (*did.Doc, error) {
doc := genesisDoc()
did, err := newDid(doc)
if err != nil {
return nil, err
}
doc.ID = did
return doc, nil
}

func invalidPeerDIDDoc() *did.Doc {
doc := genesisDoc()
doc.ID = "did:peer:11-"

return doc
}

0 comments on commit 84f5ef4

Please sign in to comment.