-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor Jws
and Jwt
Verification
#46
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
export './jws/jws.dart'; | ||
export './jws/decoded_jws.dart'; | ||
export './jws/jws_header.dart'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
import 'dart:typed_data'; | ||
|
||
import 'package:web5/src/crypto.dart'; | ||
import 'package:web5/src/jws/jws_header.dart'; | ||
|
||
import 'package:web5/src/dids.dart'; | ||
|
||
class DecodedJws { | ||
final JwsHeader header; | ||
final Uint8List payload; | ||
final Uint8List signature; | ||
final List<String> parts; | ||
|
||
static final _didResolver = | ||
DidResolver(methodResolvers: [DidJwk.resolver, DidDht.resolver]); | ||
|
||
DecodedJws({ | ||
required this.header, | ||
required this.payload, | ||
required this.signature, | ||
required this.parts, | ||
}); | ||
|
||
Future<void> verify() async { | ||
if (header.kid == null || header.alg == null) { | ||
throw Exception( | ||
'Malformed JWS. expected header to contain kid and alg.', | ||
); | ||
} | ||
|
||
final dereferenceResult = await _didResolver.dereference(header.kid!); | ||
if (dereferenceResult.hasError()) { | ||
throw Exception( | ||
'Verification failed. Failed to dereference kid. Error: ${dereferenceResult.dereferencingMetadata.error}', | ||
); | ||
} | ||
|
||
final didResource = dereferenceResult.contentStream; | ||
if (didResource == null) { | ||
throw Exception( | ||
'Verification failed. Expected header kid to dereference a verification method', | ||
); | ||
} | ||
|
||
if (didResource is! DidVerificationMethod) { | ||
throw Exception( | ||
'Verification failed. Expected header kid to dereference a verification method', | ||
); | ||
} | ||
|
||
final publicKeyJwk = didResource.publicKeyJwk; | ||
final dsaName = | ||
DsaName.findByAlias(algorithm: header.alg, curve: publicKeyJwk!.crv); | ||
Comment on lines
+52
to
+53
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure if it's a big worry here, but since we are reading the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. great point @wesbillman . i actually left this as is because i'm removing the entire concept of aliases in the next PR |
||
|
||
if (dsaName == null) { | ||
throw Exception('${header.alg}:${publicKeyJwk.crv} not supported.'); | ||
} | ||
|
||
await DsaAlgorithms.verify( | ||
algName: dsaName, | ||
publicKey: publicKeyJwk, | ||
payload: payload, | ||
signature: signature, | ||
); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,4 @@ | ||
export './jwt/jwt.dart'; | ||
export './jwt/decoded_jwt.dart'; | ||
export './jwt/jwt_header.dart'; | ||
export './jwt/jwt_claims.dart'; | ||
export './jwt/jwt_decoded.dart'; | ||
export './jwt/jwt_encoded.dart'; |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
import 'dart:convert'; | ||
import 'dart:typed_data'; | ||
|
||
import 'package:web5/src/jws/decoded_jws.dart'; | ||
import 'package:web5/web5.dart'; | ||
|
||
class DecodedJwt { | ||
final JwtHeader header; | ||
final JwtClaims claims; | ||
final Uint8List signature; | ||
final List<String> parts; | ||
|
||
DecodedJwt({ | ||
required this.header, | ||
required this.claims, | ||
required this.signature, | ||
required this.parts, | ||
}); | ||
|
||
Future<void> verify() async { | ||
final decodedJws = DecodedJws( | ||
header: header, | ||
payload: Base64Codec.urlSafe().decoder.convertNoPadding(parts[1]), | ||
signature: signature, | ||
parts: parts, | ||
); | ||
|
||
await decodedJws.verify(); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a more specific exception here? Or are both of these changes for
header kid
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we can get slightly more specific. the first exception is thrown if no did resource exists with the
kid
provided. the second is thrown if thekid
provided doesnt point to aVerificationMethod