Skip to content

Commit

Permalink
fix: dns verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
Nebulis committed Jan 2, 2020
1 parent d912ae6 commit 4b9fe61
Show file tree
Hide file tree
Showing 7 changed files with 357 additions and 131 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

[![CircleCI](https://circleci.com/gh/Open-Attestation/oa-verify.svg?style=svg)](https://circleci.com/gh/Open-Attestation/oa-verify)

Library to verify any [OpenAttestation](https://github.com/OpenCerts/open-attestation) document. This library implements [the verifier ADR](https://github.com/Open-Attestation/adr/blob/master/verifier.md).
Library to verify any [OpenAttestation](https://github.com/Open-Attestation/open-attestation) document. This library implements [the verifier ADR](https://github.com/Open-Attestation/adr/blob/master/verifier.md).

## Installation

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
"git-cz": "^3.3.0",
"jest": "^24.9.0",
"prettier": "^1.19.1",
"semantic-release": "^15.13.31",
"semantic-release": "^15.14.0",
"ts-jest": "^24.2.0",
"typescript": "^3.7.3"
},
Expand Down
1 change: 1 addition & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,5 @@ const openAttestationVerifiers: Verifier<

const verify = verificationBuilder(openAttestationVerifiers);

export * from "./types/core";
export { verificationBuilder, openAttestationVerifiers, isValid, verify, Verifier };
56 changes: 31 additions & 25 deletions src/verifiers/openAttestationDnsTxt.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,15 @@ import { getDocumentStoreRecords } from "@govtechsg/dnsprove";
import { getNetwork } from "ethers/utils";
import { isWrappedV2Document, VerificationFragmentType, VerificationManagerOptions, Verifier } from "../types/core";

const getSmartContractAddress = (issuer: v2.Issuer) => issuer.documentStore || issuer.tokenRegistry;

type Identity =
| {
identified: true;
status: "VALID";
dns: string;
smartContract: string;
value: string;
}
| {
identified: false;
smartContract: string;
error?: string | Error;
status: "INVALID";
value: string;
};
// Resolve identity of an issuer, currently supporting only DNS-TXT
const resolveIssuerIdentity = async (
Expand All @@ -36,13 +33,13 @@ const resolveIssuerIdentity = async (
);
return matchingRecord
? {
identified: true,
status: "VALID",
dns: location,
smartContract: smartContractAddress
value: smartContractAddress
}
: {
identified: false,
smartContract: smartContractAddress
status: "INVALID",
value: smartContractAddress
};
};

Expand All @@ -62,7 +59,12 @@ export const openAttestationDnsTxt: Verifier<
test: document => {
if (isWrappedV2Document(document)) {
const documentData = getData(document);
return documentData.issuers.some(getSmartContractAddress);
// at least one issuer uses DNS-TXT
return documentData.issuers.some(issuer => {
return (
(issuer.documentStore || issuer.tokenRegistry) && issuer.identityProof?.type === v2.IdentityProofType.DNSTxt
);
});
}
const documentData = getData(document);
return documentData.issuer.identityProof.type === v3.IdentityProofType.DNSTxt;
Expand All @@ -73,24 +75,28 @@ export const openAttestationDnsTxt: Verifier<
if (isWrappedV2Document(document)) {
const documentData = getData(document);
const identities = await Promise.all(
// we expect the test function to prevent this issue => smart contract address MUST be populated
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
documentData.issuers.map(issuer => resolveIssuerIdentity(issuer, getSmartContractAddress(issuer)!, options))
documentData.issuers.map(issuer => {
if (issuer.identityProof?.type === v2.IdentityProofType.DNSTxt) {
// we expect the test function to prevent this issue => smart contract address MUST be populated
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
return resolveIssuerIdentity(issuer, (issuer.documentStore || issuer.tokenRegistry)!, options);
}
return {
status: "SKIPPED"
};
})
);

const invalidIdentity = identities.findIndex(identity => !identity.identified);
const invalidIdentity = identities.findIndex(identity => identity.status === "INVALID");
if (invalidIdentity !== -1) {
const value =
documentData.issuers[invalidIdentity].documentStore || documentData.issuers[invalidIdentity].tokenRegistry;

return {
name,
type,
data: {
type: documentData.issuers[invalidIdentity].identityProof?.type,
location: documentData.issuers[invalidIdentity].identityProof?.location,
value:
documentData.issuers[invalidIdentity].documentStore ||
documentData.issuers[invalidIdentity].tokenRegistry
},
message: "Certificate issuer identity is invalid",
data: identities,
message: `Certificate issuer identity for ${value} is invalid`,
status: "INVALID"
};
}
Expand All @@ -103,7 +109,7 @@ export const openAttestationDnsTxt: Verifier<
}
const documentData = getData(document);
const identity = await resolveIssuerIdentity(documentData.issuer, documentData.proof.value, options);
if (!identity.identified) {
if (identity.status === "INVALID") {
return {
name,
type,
Expand Down
Loading

0 comments on commit 4b9fe61

Please sign in to comment.