Skip to content

Commit

Permalink
fix: verify jws contains at least 1 signature (#600)
Browse files Browse the repository at this point in the history
  • Loading branch information
TimoGlastra authored Jan 20, 2022
1 parent 87ecd8c commit 9c96518
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
4 changes: 4 additions & 0 deletions packages/core/src/crypto/JwsService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,10 @@ export class JwsService {
const base64Payload = BufferEncoder.toBase64URL(payload)
const signatures = 'signatures' in jws ? jws.signatures : [jws]

if (signatures.length === 0) {
throw new AriesFrameworkError('Unable to verify JWS: No entries in JWS signatures array.')
}

const signerVerkeys = []
for (const jws of signatures) {
const protectedJson = JsonEncoder.fromBase64(jws.protected)
Expand Down
12 changes: 11 additions & 1 deletion packages/core/src/crypto/__tests__/JwsService.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ import type { Wallet } from '@aries-framework/core'

import { getAgentConfig } from '../../../tests/helpers'
import { DidKey, KeyType } from '../../modules/dids'
import { JsonEncoder } from '../../utils'
import { Buffer, JsonEncoder } from '../../utils'
import { IndyWallet } from '../../wallet/IndyWallet'
import { JwsService } from '../JwsService'

Expand Down Expand Up @@ -67,6 +67,7 @@ describe('JwsService', () => {
expect(isValid).toBe(true)
expect(signerVerkeys).toEqual([didJwsz6Mkf.VERKEY, didJwsz6Mkv.VERKEY])
})

it('returns false if the jws signature does not match the payload', async () => {
const payload = JsonEncoder.toBuffer({ ...didJwsz6Mkf.DATA_JSON, did: 'another_did' })

Expand All @@ -78,5 +79,14 @@ describe('JwsService', () => {
expect(isValid).toBe(false)
expect(signerVerkeys).toMatchObject([])
})

it('throws an error if the jws signatures array does not contain a JWS', async () => {
await expect(
jwsService.verifyJws({
payload: new Buffer([]),
jws: { signatures: [] },
})
).rejects.toThrowError('Unable to verify JWS: No entries in JWS signatures array.')
})
})
})

0 comments on commit 9c96518

Please sign in to comment.