From 9c965185de7908bdde1776369453cce384f9e82c Mon Sep 17 00:00:00 2001 From: Timo Glastra Date: Thu, 20 Jan 2022 22:29:04 +0100 Subject: [PATCH] fix: verify jws contains at least 1 signature (#600) --- packages/core/src/crypto/JwsService.ts | 4 ++++ .../core/src/crypto/__tests__/JwsService.test.ts | 12 +++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/packages/core/src/crypto/JwsService.ts b/packages/core/src/crypto/JwsService.ts index 04c08a3669..ded316b90a 100644 --- a/packages/core/src/crypto/JwsService.ts +++ b/packages/core/src/crypto/JwsService.ts @@ -44,6 +44,10 @@ export class JwsService { const base64Payload = BufferEncoder.toBase64URL(payload) const signatures = 'signatures' in jws ? jws.signatures : [jws] + if (signatures.length === 0) { + throw new AriesFrameworkError('Unable to verify JWS: No entries in JWS signatures array.') + } + const signerVerkeys = [] for (const jws of signatures) { const protectedJson = JsonEncoder.fromBase64(jws.protected) diff --git a/packages/core/src/crypto/__tests__/JwsService.test.ts b/packages/core/src/crypto/__tests__/JwsService.test.ts index d36f402bb6..834d9855cc 100644 --- a/packages/core/src/crypto/__tests__/JwsService.test.ts +++ b/packages/core/src/crypto/__tests__/JwsService.test.ts @@ -2,7 +2,7 @@ import type { Wallet } from '@aries-framework/core' import { getAgentConfig } from '../../../tests/helpers' import { DidKey, KeyType } from '../../modules/dids' -import { JsonEncoder } from '../../utils' +import { Buffer, JsonEncoder } from '../../utils' import { IndyWallet } from '../../wallet/IndyWallet' import { JwsService } from '../JwsService' @@ -67,6 +67,7 @@ describe('JwsService', () => { expect(isValid).toBe(true) expect(signerVerkeys).toEqual([didJwsz6Mkf.VERKEY, didJwsz6Mkv.VERKEY]) }) + it('returns false if the jws signature does not match the payload', async () => { const payload = JsonEncoder.toBuffer({ ...didJwsz6Mkf.DATA_JSON, did: 'another_did' }) @@ -78,5 +79,14 @@ describe('JwsService', () => { expect(isValid).toBe(false) expect(signerVerkeys).toMatchObject([]) }) + + it('throws an error if the jws signatures array does not contain a JWS', async () => { + await expect( + jwsService.verifyJws({ + payload: new Buffer([]), + jws: { signatures: [] }, + }) + ).rejects.toThrowError('Unable to verify JWS: No entries in JWS signatures array.') + }) }) })