From 2b2fdbd3fba19b3bf72d89710943bd217145df81 Mon Sep 17 00:00:00 2001 From: "Scheidt, Fabian" Date: Tue, 5 Mar 2024 14:48:42 +0100 Subject: [PATCH] feat: ensure that issuer and verification method match the did In specific, make sure that the fragment is included in the verification method. --- package.json | 4 ++-- src/did-storage.ts | 9 +++++---- src/main.ts | 11 ++++++++++- yarn.lock | 8 ++++---- 4 files changed, 21 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index 7f84b21..857f28a 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@fabianscheidt/did-document-solution", "description": "Signs DID documents, stores them and makes them available through did:web.", - "version": "1.2.0", + "version": "1.3.0", "main": "index.ts", "license": "MIT", "scripts": { @@ -10,7 +10,7 @@ "lint": "eslint ." }, "dependencies": { - "@fabianscheidt/did-web-verification-method-server": "1.3.1", + "@fabianscheidt/did-web-verification-method-server": "1.4.0", "@fabianscheidt/verifiable-credential-signer": "1.3.1", "express": "^4.18.2", "ts-node": "^10.9.1", diff --git a/src/did-storage.ts b/src/did-storage.ts index 73274b7..ab822ef 100644 --- a/src/did-storage.ts +++ b/src/did-storage.ts @@ -8,11 +8,12 @@ export abstract class DidStorage { body: JsonLdObj, hostname: string, didPath: string, + issuer: string, + verificationMethod: string, options?: { flavour?: "Specification" | "Gaia-X"; created?: string }, ) { - // Determine verification method and did subject - const verificationMethod = `did:web:${hostname}`; - const didSubject = `${verificationMethod}:${didPath}`; + // Determine DID subject + const didSubject = `did:web:${hostname}:${didPath}`; // Do not sign again, if signature is already present if ("issuer" in body && "issuanceDate" in body && "proof" in body) { @@ -26,7 +27,7 @@ export abstract class DidStorage { } // Set issuer and issuance date - body["issuer"] = verificationMethod; + body["issuer"] = issuer; body["issuanceDate"] = new Date().toISOString(); // Determine and set the did subject. Ensure that there is no conflicting @id. diff --git a/src/main.ts b/src/main.ts index 1863739..436933f 100644 --- a/src/main.ts +++ b/src/main.ts @@ -4,6 +4,7 @@ import * as express from "express"; import { getDidDocumentHandler as verificationMethodDid, getCertificateChainHandler as verificationMethodChain, + getDidDocument, } from "@fabianscheidt/did-web-verification-method-server"; import { FileBasedDidStorage } from "./file-based-did-storage"; @@ -31,7 +32,8 @@ app.set("trust proxy", true); app.use(express.json()); // Serve verification Method -app.get("/.well-known/did.json", verificationMethodDid(CERT)); +const verificationMethodPath = "/.well-known/did.json"; +app.get(verificationMethodPath, verificationMethodDid(CERT)); app.get( "/.well-known/certificate-chain.pem", verificationMethodChain(CERT, ADD_ROOT_CERT), @@ -60,10 +62,17 @@ app.post("/:didPath/did.json", async (req, res) => { } try { + const verificationMethodDid = await getDidDocument(CERT, { + protocol: req.protocol, + hostname: req.hostname, + path: verificationMethodPath, + }); const doc = await didStorage.signAndStoreDidDocument( req.body, req.hostname, req.params["didPath"], + verificationMethodDid.id, + verificationMethodDid.verificationMethod[0].id, { flavour }, ); res.status(201).send(doc); diff --git a/yarn.lock b/yarn.lock index 29f51d7..3a51194 100644 --- a/yarn.lock +++ b/yarn.lock @@ -55,10 +55,10 @@ resolved "https://registry.yarnpkg.com/@eslint/js/-/js-8.57.0.tgz#a5417ae8427873f1dd08b70b3574b453e67b5f7f" integrity sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g== -"@fabianscheidt/did-web-verification-method-server@1.3.1": - version "1.3.1" - resolved "https://registry.yarnpkg.com/@fabianscheidt/did-web-verification-method-server/-/did-web-verification-method-server-1.3.1.tgz#fc6bcfa2e413ed78d1fcf1ba6e3d45626ad07008" - integrity sha512-IjYjrqJlPr3HfGCLoHSnblxuyIUfRjaPYkVoP3BPrdTkNU7HIRv1eq3b6o0GyDk7IkR7aeUGfLXqr5vEoLOAWQ== +"@fabianscheidt/did-web-verification-method-server@1.4.0": + version "1.4.0" + resolved "https://registry.yarnpkg.com/@fabianscheidt/did-web-verification-method-server/-/did-web-verification-method-server-1.4.0.tgz#a763667bda68d75bac2accbb9908862b0f5d12d2" + integrity sha512-s49WExcsfrhM5Z4t48T2P9XIVXtBFy96eFjpoh0+WRRjqSHSJtCstvKIOaTznaUEY9R56kzQTdTbo5RLaI3w1A== dependencies: express "^4.18.2" node-forge "^1.3.1"