VDR: Fix resolving keys for did:web DIDs with port (#2779)

nuts-foundation · Feb 7, 2024 · 30c2a95 · 30c2a95
1 parent 725a1b4
commit 30c2a95
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/nats-io/nats-server/v2 v2.10.10
 	github.com/nats-io/nats.go v1.32.0
 	github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b
-	github.com/nuts-foundation/go-did v0.11.0
+	github.com/nuts-foundation/go-did v0.12.0
 	github.com/nuts-foundation/go-leia/v4 v4.0.1
 	github.com/nuts-foundation/go-stoabs v1.9.0
 	// check the oapi-codegen tool version in the makefile when upgrading the runtime

diff --git a/go.sum b/go.sum
@@ -485,8 +485,8 @@ github.com/nightlyone/lockfile v1.0.0/go.mod h1:rywoIealpdNse2r832aiD9jRk8ErCatR
 github.com/npillmayer/nestext v0.1.3/go.mod h1:h2lrijH8jpicr25dFY+oAJLyzlya6jhnuG+zWp9L0Uk=
 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b h1:80icUxWHwE1MrIOOEK5rxrtyKOgZeq5Iu1IjAEkggTY=
 github.com/nuts-foundation/crypto-ecies v0.0.0-20211207143025-5b84f9efce2b/go.mod h1:6YUioYirD6/8IahZkoS4Ypc8xbeJW76Xdk1QKcziNTM=
-github.com/nuts-foundation/go-did v0.11.0 h1:RTem1MlVoOOoLa/Y2miYRy70Jex0/kJBTCPH5RtUmrY=
-github.com/nuts-foundation/go-did v0.11.0/go.mod h1:2e2H2Hqk0SWrrGZEg97dbK/ZFIkkFB65hNWdOSbylrg=
+github.com/nuts-foundation/go-did v0.12.0 h1:XmttEpFOxrUXzdXHj2x9h8KlhhPgyr02vgtygWg8xnY=
+github.com/nuts-foundation/go-did v0.12.0/go.mod h1:cZiOP2Is9hgIsP5g1FqkfhBDi8f6ktxkP6K4iTX9qns=
 github.com/nuts-foundation/go-leia/v4 v4.0.1 h1:+Sbk3Bew1QnRUqRXSOwomMw3nIZgncmTX425J7U5Q34=
 github.com/nuts-foundation/go-leia/v4 v4.0.1/go.mod h1:eaZuWIolpU61TMvTMcen85+SOEOnHiALdg5SxqLXzz8=
 github.com/nuts-foundation/go-stoabs v1.9.0 h1:zK+ugfolaJYyBvGwsRuavLVdycXk4Yw/1gI+tz17lWQ=

diff --git a/vdr/resolver/did_test.go b/vdr/resolver/did_test.go
@@ -95,8 +95,11 @@ func Test_deactivatedError_Is(t *testing.T) {
 }
 
 func newDidDoc() did.Document {
+	return newDidDocWithDID(did.MustParseDID("did:example:sakjsakldjsakld"))
+}
+
+func newDidDocWithDID(id did.DID) did.Document {
 	privateKey, _ := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	id := did.MustParseDID("did:example:sakjsakldjsakld")
 	keyID := did.DIDURL{DID: id}
 	keyID.Fragment = "key-1"
 	vm, _ := did.NewVerificationMethod(keyID, ssi.JsonWebKey2020, id, privateKey.Public())

diff --git a/vdr/resolver/key_test.go b/vdr/resolver/key_test.go
@@ -23,6 +23,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/mock/gomock"
+	"strings"
 	"testing"
 )
 
@@ -40,6 +41,19 @@ func TestKeyResolver_ResolveKey(t *testing.T) {
 		assert.Equal(t, doc.VerificationMethod[0].ID.URI(), keyId)
 		assert.NotNil(t, key)
 	})
+	t.Run("ok - did:web with port", func(t *testing.T) {
+		// This test checks for regression of DID.URI() double-encoding, causing %3A to be encoded to %253A
+		// This was fixed in go-did v0.12.0
+		ctrl := gomock.NewController(t)
+		resolver := NewMockDIDResolver(ctrl)
+		keyResolver := DIDKeyResolver{Resolver: resolver}
+		doc := newDidDocWithDID(did.MustParseDID("did:web:example.com%3A8443"))
+		resolver.EXPECT().Resolve(doc.ID, gomock.Any()).AnyTimes().Return(&doc, nil, nil)
+
+		keyId, _, err := keyResolver.ResolveKey(doc.ID, nil, AssertionMethod)
+		require.NoError(t, err)
+		assert.Truef(t, strings.HasPrefix(keyId.String(), doc.ID.String()), "%s does not start with DID %s", keyId, doc.ID)
+	})
 
 	t.Run("error - document not found", func(t *testing.T) {
 		unknownDID := did.MustParseDID("did:example:123")