From e33d9ab0b1bf210740acc3a6aefd5701c6bd0e37 Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Wed, 6 Dec 2023 14:14:01 +0100 Subject: [PATCH] Do not JSON marshal assertion --- README.rst | 2 +- auth/client/iam/client.go | 6 +++--- docs/pages/deployment/cli-reference.rst | 6 +++--- docs/pages/deployment/server_options.rst | 2 +- e2e-tests/oauth-flow/rfc021/run-test.sh | 24 +++++++++++------------- vdr/cmd/cmd.go | 4 ++-- 6 files changed, 21 insertions(+), 23 deletions(-) diff --git a/README.rst b/README.rst index b8ab5f4975..c5523d317e 100644 --- a/README.rst +++ b/README.rst @@ -227,7 +227,7 @@ The following options can be configured on the server: http.default.auth.type Whether to enable authentication for the default interface, specify 'token_v2' for bearer token mode or 'token' for legacy bearer token mode. http.default.cors.origin [] When set, enables CORS from the specified origins on the default HTTP interface. **JSONLD** - jsonld.contexts.localmapping [https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson,https://schema.org=assets/contexts/schema-org-v13.ldjson] This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist. + jsonld.contexts.localmapping [https://schema.org=assets/contexts/schema-org-v13.ldjson,https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson] This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist. jsonld.contexts.remoteallowlist [https://schema.org,https://www.w3.org/2018/credentials/v1,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json] In strict mode, fetching external JSON-LD contexts is not allowed except for context-URLs listed here. **Network** network.bootstrapnodes [] List of bootstrap nodes (':') which the node initially connect to. diff --git a/auth/client/iam/client.go b/auth/client/iam/client.go index d467a5fe32..508306205d 100644 --- a/auth/client/iam/client.go +++ b/auth/client/iam/client.go @@ -137,12 +137,12 @@ func (hb HTTPClient) AccessToken(ctx context.Context, tokenEndpoint string, vp v } // create a POST request with x-www-form-urlencoded body - assertion, _ := json.Marshal(vp) + assertion := vp.Raw() presentationSubmission, _ := json.Marshal(submission) - log.Logger().Tracef("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", presentationDefinitionURL.String(), scopes, string(assertion), string(presentationSubmission)) + log.Logger().Tracef("Requesting access token from '%s' for scope '%s'\n VP: %s\n Submission: %s", presentationDefinitionURL.String(), scopes, assertion, string(presentationSubmission)) data := url.Values{} data.Set(oauth.GrantTypeParam, oauth.VpTokenGrantType) - data.Set(oauth.AssertionParam, string(assertion)) + data.Set(oauth.AssertionParam, assertion) data.Set(oauth.PresentationSubmissionParam, string(presentationSubmission)) data.Set(oauth.ScopeParam, scopes) request, err := http.NewRequestWithContext(ctx, http.MethodPost, presentationDefinitionURL.String(), strings.NewReader(data.Encode())) diff --git a/docs/pages/deployment/cli-reference.rst b/docs/pages/deployment/cli-reference.rst index b32c1400b4..f8c83e5395 100755 --- a/docs/pages/deployment/cli-reference.rst +++ b/docs/pages/deployment/cli-reference.rst @@ -45,7 +45,7 @@ The following options apply to the server commands below: --http.default.log string What to log about HTTP requests. Options are 'nothing', 'metadata' (log request method, URI, IP and response code), and 'metadata-and-body' (log the request and response body, in addition to the metadata). (default "metadata") --http.default.tls string Whether to enable TLS for the default interface, options are 'disabled', 'server', 'server-client'. Leaving it empty is synonymous to 'disabled', --internalratelimiter When set, expensive internal calls are rate-limited to protect the network. Always enabled in strict mode. (default true) - --jsonld.contexts.localmapping stringToString This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist. (default [https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson,https://schema.org=assets/contexts/schema-org-v13.ldjson]) + --jsonld.contexts.localmapping stringToString This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist. (default [https://schema.org=assets/contexts/schema-org-v13.ldjson,https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson]) --jsonld.contexts.remoteallowlist strings In strict mode, fetching external JSON-LD contexts is not allowed except for context-URLs listed here. (default [https://schema.org,https://www.w3.org/2018/credentials/v1,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json]) --loggerformat string Log format (text, json) (default "text") --network.bootstrapnodes strings List of bootstrap nodes (':') which the node initially connect to. @@ -412,7 +412,7 @@ Print conflicted documents and their metadata nuts vdr create-did ^^^^^^^^^^^^^^^^^^^ -When using the V2 API, a web:did will be created. All the other options are ignored for a web:did. +When using the V2 API, a did:web DID will be created. All the other options are ignored for did:web. :: @@ -430,7 +430,7 @@ When using the V2 API, a web:did will be created. All the other options are igno --timeout duration Client time-out when performing remote operations, such as '500ms' or '10s'. Refer to Golang's 'time.Duration' syntax for a more elaborate description of the syntax. (default 10s) --token string Token to be used for authenticating on the remote node. Takes precedence over 'token-file'. --token-file string File from which the authentication token will be read. If not specified it will try to read the token from the '.nuts-client.cfg' file in the user's home dir. - --v2 Pass 'true' to use the V2 API and create a web:did. + --v2 Pass 'true' to use the V2 API and create a did:web DID. --verbosity string Log level (trace, debug, info, warn, error) (default "info") nuts vdr deactivate diff --git a/docs/pages/deployment/server_options.rst b/docs/pages/deployment/server_options.rst index b0b4b41ede..9f26af970f 100755 --- a/docs/pages/deployment/server_options.rst +++ b/docs/pages/deployment/server_options.rst @@ -53,7 +53,7 @@ http.default.auth.type Whether to enable authentication for the default interface, specify 'token_v2' for bearer token mode or 'token' for legacy bearer token mode. http.default.cors.origin [] When set, enables CORS from the specified origins on the default HTTP interface. **JSONLD** - jsonld.contexts.localmapping [https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson,https://schema.org=assets/contexts/schema-org-v13.ldjson] This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist. + jsonld.contexts.localmapping [https://schema.org=assets/contexts/schema-org-v13.ldjson,https://nuts.nl/credentials/v1=assets/contexts/nuts.ldjson,https://www.w3.org/2018/credentials/v1=assets/contexts/w3c-credentials-v1.ldjson,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json=assets/contexts/lds-jws2020-v1.ldjson] This setting allows mapping external URLs to local files for e.g. preventing external dependencies. These mappings have precedence over those in remoteallowlist. jsonld.contexts.remoteallowlist [https://schema.org,https://www.w3.org/2018/credentials/v1,https://w3c-ccg.github.io/lds-jws2020/contexts/lds-jws2020-v1.json] In strict mode, fetching external JSON-LD contexts is not allowed except for context-URLs listed here. **Network** network.bootstrapnodes [] List of bootstrap nodes (':') which the node initially connect to. diff --git a/e2e-tests/oauth-flow/rfc021/run-test.sh b/e2e-tests/oauth-flow/rfc021/run-test.sh index f676d5ec88..95daff8bfe 100755 --- a/e2e-tests/oauth-flow/rfc021/run-test.sh +++ b/e2e-tests/oauth-flow/rfc021/run-test.sh @@ -52,7 +52,6 @@ echo "---------------------------------------" echo "Perform OAuth 2.0 rfc021 flow..." echo "---------------------------------------" # Request access token -# Create DID for A with :nuts: replaced with :web: REQUEST="{\"verifier\":\"${VENDOR_A_DID}\",\"scope\":\"test\"}" RESPONSE=$(echo $REQUEST | curl -X POST -s --data-binary @- http://localhost:21323/internal/auth/v2/$VENDOR_B_DID/request-access-token -H "Content-Type:application/json" -v) if echo $RESPONSE | grep -q "access_token"; then @@ -64,18 +63,17 @@ else exitWithDockerLogs 1 fi -#echo "------------------------------------" -#echo "Retrieving data..." -#echo "------------------------------------" -# -#RESPONSE=$(docker compose exec nodeB curl --insecure --cert /opt/nuts/certificate-and-key.pem --key /opt/nuts/certificate-and-key.pem https://nodeA:443/ping -H "Authorization: bearer $(cat ./node-B/data/accesstoken.txt)" -v) -#if echo $RESPONSE | grep -q "pong"; then -# echo "success!" -#else -# echo "FAILED: Could not ping node-A" 1>&2 -# echo $RESPONSE -# exitWithDockerLogs 1 -#fi +echo "------------------------------------" +echo "Retrieving data..." +echo "------------------------------------" +RESPONSE=$(docker compose exec nodeB curl --insecure --cert /opt/nuts/certificate-and-key.pem --key /opt/nuts/certificate-and-key.pem https://nodeA:443/ping -H "Authorization: bearer $(cat ./node-B/data/accesstoken.txt)" -v) +if echo $RESPONSE | grep -q "pong"; then + echo "success!" +else + echo "FAILED: Could not ping node-A" 1>&2 + echo $RESPONSE + exitWithDockerLogs 1 +fi echo "------------------------------------" echo "Stopping Docker containers..." diff --git a/vdr/cmd/cmd.go b/vdr/cmd/cmd.go index 6ff996c9ae..b921d58dad 100644 --- a/vdr/cmd/cmd.go +++ b/vdr/cmd/cmd.go @@ -82,7 +82,7 @@ func createCmd() *cobra.Command { result := &cobra.Command{ Use: "create-did", Short: "Registers a new DID", - Long: "When using the V2 API, a web:did will be created. All the other options are ignored for a web:did.", + Long: "When using the V2 API, a did:web DID will be created. All the other options are ignored for did:web.", Args: cobra.ExactArgs(0), RunE: func(cmd *cobra.Command, args []string) error { clientConfig := core.NewClientConfigForCommand(cmd) @@ -118,7 +118,7 @@ func createCmd() *cobra.Command { result.Flags().BoolVar(createRequest.CapabilityInvocation, "capabilityInvocation", defs.KeyFlags.Is(management.CapabilityInvocationUsage), setUsage(defs.KeyFlags.Is(management.CapabilityInvocationUsage), "Pass '%t' to %s capabilityInvocation capabilities.")) result.Flags().BoolVar(createRequest.KeyAgreement, "keyAgreement", defs.KeyFlags.Is(management.KeyAgreementUsage), setUsage(defs.KeyFlags.Is(management.KeyAgreementUsage), "Pass '%t' to %s keyAgreement capabilities.")) result.Flags().BoolVar(createRequest.SelfControl, "selfControl", defs.SelfControl, setUsage(defs.SelfControl, "Pass '%t' to %s DID Document control.")) - result.Flags().BoolVar(&useV2, "v2", false, "Pass 'true' to use the V2 API and create a web:did.") + result.Flags().BoolVar(&useV2, "v2", false, "Pass 'true' to use the V2 API and create a did:web DID.") result.Flags().StringSliceVar(createRequest.Controllers, "controllers", []string{}, "Comma-separated list of DIDs that can control the generated DID Document.") return result