Add origin validation to credential's service

iotaledger · Dec 4, 2023 · 1d970c9 · 1d970c9
1 parent 0951252
commit 1d970c9
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/identity_credential/src/credential/linked_domain_service.rs b/identity_credential/src/credential/linked_domain_service.rs
@@ -10,6 +10,7 @@ use identity_document::service::ServiceBuilder;
 use identity_document::service::ServiceEndpoint;
 use indexmap::map::IndexMap;
 
+use crate::domain_linkage::utils::url_only_includes_origin;
 use crate::error::Result;
 use crate::Error;
 use crate::Error::DomainLinkageError;
@@ -97,6 +98,11 @@ impl LinkedDomainService {
         if endpoint.scheme() != "https" {
           Err(DomainLinkageError("domain does not include `https` scheme".into()))?;
         }
+        if !url_only_includes_origin(endpoint) {
+          Err(DomainLinkageError(
+            "domain must not contain any path, query or fragment".into(),
+          ))?;
+        }
         Ok(())
       }
       ServiceEndpoint::Set(_) => Err(DomainLinkageError(
@@ -114,6 +120,11 @@ impl LinkedDomainService {
           if origin.scheme() != "https" {
             return Err(DomainLinkageError("domain does not include `https` scheme".into()));
           }
+          if !url_only_includes_origin(origin) {
+            Err(DomainLinkageError(
+              "domain must not contain any path, query or fragment".into(),
+            ))?;
+          }
         }
         Ok(())
       }

diff --git a/identity_credential/src/domain_linkage/mod.rs b/identity_credential/src/domain_linkage/mod.rs
@@ -7,7 +7,7 @@ mod domain_linkage_configuration;
 mod domain_linkage_credential_builder;
 mod domain_linkage_validator;
 mod error;
-mod utils;
+pub(crate) mod utils;
 
 pub use self::domain_linkage_configuration::*;
 pub use self::domain_linkage_credential_builder::*;