Skip to content

Commit

Permalink
Validate domain-linkage URL making sure they only include an origin
Browse files Browse the repository at this point in the history
  • Loading branch information
@UMR1352
UMR1352 committed Nov 29, 2023
1 parent b96fd9a commit 46e4819
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 0 deletions.
3 changes: 3 additions & 0 deletions identity_credential/src/domain_linkage/domain_linkage_configuration.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,9 @@ mod __fetch_configuration {
if domain.scheme() != "https" {
return Err(DomainLinkageError("domain` does not use `https` protocol".into()));
}
if domain.path() != "/" || domain.query().is_some() || domain.fragment().is_some() {
return Err(DomainLinkageError("domain mut not include any path, query of fragment".into()));
}
domain.set_path(".well-known/did-configuration.json");

let client: Client = reqwest::ClientBuilder::new()
Expand Down
17 changes: 17 additions & 0 deletions identity_credential/src/domain_linkage/domain_linkage_credential_builder.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,11 @@ impl DomainLinkageCredentialBuilder {
"origin must be a domain with http(s) scheme".into(),
));
}
if origin.path() != "/" || origin.query().is_some() || origin.fragment().is_some() {
return Err(Error::DomainLinkageError(
"origin must not contain any path, query or fragment".into()
))
}

let mut properties: Object = Object::new();
properties.insert("origin".into(), origin.into_string().into());
Expand Down Expand Up @@ -139,6 +144,18 @@ mod tests {
.unwrap_err();
assert!(matches!(err, Error::DomainLinkageError(_)));
}
#[test]
fn test_builder_origin_is_a_url() {
let issuer: CoreDID = "did:example:issuer".parse().unwrap();
let err: Error = DomainLinkageCredentialBuilder::new()
.issuance_date(Timestamp::now_utc())
.expiration_date(Timestamp::now_utc())
.issuer(issuer)
.origin(Url::parse("https://example.com/foo?bar=420#baz").unwrap())
.build()
.unwrap_err();
assert!(matches!(err, Error::DomainLinkageError(_)));
}

#[test]
fn test_builder_no_issuer() {
Expand Down
6 changes: 6 additions & 0 deletions identity_credential/src/domain_linkage/domain_linkage_validator.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,12 @@ impl<V: JwsVerifier> JwtDomainLinkageValidator<V> {
source: Some(Box::new(other_error)),
}),
}?;
if origin_url.path() != "/" || origin_url.query().is_some() || origin_url.fragment().is_some() {
return Err(DomainLinkageValidationError {
cause: DomainLinkageValidationErrorCause::InvalidSubjectOrigin,
source: None,
});
}
if origin_url.origin() != domain.origin() {
return Err(DomainLinkageValidationError {
cause: DomainLinkageValidationErrorCause::OriginMismatch,
Expand Down

0 comments on commit 46e4819

Please sign in to comment.