Skip to content

Commit

Permalink
fix(core): error if unpacked message does not match JWE structure (#639)
Browse files Browse the repository at this point in the history
Signed-off-by: annelein <[email protected]>
  • Loading branch information
Annelein authored Feb 15, 2022
1 parent 0731ccd commit c43cfaa
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 2 deletions.
9 changes: 8 additions & 1 deletion packages/core/src/transport/HttpOutboundTransport.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { AbortController } from 'abort-controller'

import { AgentConfig } from '../agent/AgentConfig'
import { AriesFrameworkError } from '../error/AriesFrameworkError'
import { isValidJweStucture, JsonEncoder } from '../utils'

export class HttpOutboundTransport implements OutboundTransport {
private agent!: Agent
Expand Down Expand Up @@ -76,7 +77,13 @@ export class HttpOutboundTransport implements OutboundTransport {
this.logger.debug(`Response received`, { responseMessage, status: response.status })

try {
const encryptedMessage = JSON.parse(responseMessage)
const encryptedMessage = JsonEncoder.fromString(responseMessage)
if (!isValidJweStucture(encryptedMessage)) {
this.logger.error(
`Received a response from the other agent but the structure of the incoming message is not a DIDComm message: ${responseMessage}`
)
return
}
this.agent.receiveMessage(encryptedMessage)
} catch (error) {
this.logger.debug('Unable to parse response message')
Expand Down
8 changes: 7 additions & 1 deletion packages/core/src/transport/WsOutboundTransport.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import type WebSocket from 'ws'
import { AgentConfig } from '../agent/AgentConfig'
import { EventEmitter } from '../agent/EventEmitter'
import { AriesFrameworkError } from '../error/AriesFrameworkError'
import { isValidJweStucture, JsonEncoder } from '../utils'
import { Buffer } from '../utils/buffer'

import { TransportEventTypes } from './TransportEventTypes'
Expand Down Expand Up @@ -101,7 +102,12 @@ export class WsOutboundTransport implements OutboundTransport {
// eslint-disable-next-line @typescript-eslint/no-explicit-any
private handleMessageEvent = (event: any) => {
this.logger.trace('WebSocket message event received.', { url: event.target.url, data: event.data })
const payload = JSON.parse(Buffer.from(event.data).toString('utf-8'))
const payload = JsonEncoder.fromBuffer(event.data)
if (!isValidJweStucture(payload)) {
throw new Error(
`Received a response from the other agent but the structure of the incoming message is not a DIDComm message: ${payload}`
)
}
this.logger.debug('Payload received from mediator:', payload)
this.agent.receiveMessage(payload)
}
Expand Down
5 changes: 5 additions & 0 deletions packages/core/src/utils/JWE.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
import type { EncryptedMessage } from '../types'

export function isValidJweStucture(message: any): message is EncryptedMessage {
return message && typeof message === 'object' && message.protected && message.iv && message.ciphertext && message.tag
}
19 changes: 19 additions & 0 deletions packages/core/src/utils/__tests__/JWE.test.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
import { isValidJweStucture } from '../JWE'

describe('ValidJWEStructure', () => {
test('throws error when the response message has an invalid JWE structure', async () => {
const responseMessage = 'invalid JWE structure'
await expect(isValidJweStucture(responseMessage)).toBeFalsy()
})

test('valid JWE structure', async () => {
const responseMessage = {
protected:
'eyJlbmMiOiJ4Y2hhY2hhMjBwb2x5MTMwNV9pZXRmIiwidHlwIjoiSldNLzEuMCIsImFsZyI6IkF1dGhjcnlwdCIsInJlY2lwaWVudHMiOlt7ImVuY3J5cHRlZF9rZXkiOiJNYUNKa3B1YzltZWxnblEtUk8teWtsQWRBWWxzY21GdFEzd1hjZ3R0R0dlSmVsZDBEc2pmTUpSWUtYUDA0cTQ2IiwiaGVhZGVyIjp7ImtpZCI6IkJid2ZCaDZ3bWdZUnJ1TlozZXhFelk2RXBLS2g4cGNob211eDJQUjg5bURlIiwiaXYiOiJOWVJGb0xoUG1EZlFhQ3czUzQ2RmM5M1lucWhDUnhKbiIsInNlbmRlciI6IkRIQ0lsdE5tcEgwRlRrd3NuVGNSWXgwZmYzTHBQTlF6VG1jbUdhRW83aGU5d19ERkFmemNTWFdhOEFnNzRHVEpfdnBpNWtzQkQ3MWYwYjI2VF9mVHBfV2FscTBlWUhmeTE4ZEszejhUTkJFQURpZ1VPWi1wR21pV3FrUT0ifX1dfQ==',
iv: 'KNezOOt7JJtuU2q1',
ciphertext: 'mwRMpVg9wkF4rIZcBeWLcc0fWhs=',
tag: '0yW0Lx8-vWevj3if91R06g==',
}
await expect(isValidJweStucture(responseMessage)).toBeTruthy()
})
})
1 change: 1 addition & 0 deletions packages/core/src/utils/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ export * from './JsonTransformer'
export * from './MultiBaseEncoder'
export * from './buffer'
export * from './MultiHashEncoder'
export * from './JWE'

0 comments on commit c43cfaa

Please sign in to comment.