Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: dns verifier #77

Merged
merged 4 commits into from
Jan 8, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
"import/extensions": "off",
"@typescript-eslint/explicit-function-return-type": "off",
"@typescript-eslint/no-explicit-any": "off",
"no-unused-expressions": "off"
"no-unused-expressions": "off",
"no-else-return": "off"
}
}
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

[![CircleCI](https://circleci.com/gh/Open-Attestation/oa-verify.svg?style=svg)](https://circleci.com/gh/Open-Attestation/oa-verify)

Library to verify any [OpenAttestation](https://github.com/OpenCerts/open-attestation) document. This library implements [the verifier ADR](https://github.com/Open-Attestation/adr/blob/master/verifier.md).
Library to verify any [OpenAttestation](https://github.com/Open-Attestation/open-attestation) document. This library implements [the verifier ADR](https://github.com/Open-Attestation/adr/blob/master/verifier.md).

## Installation

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
"git-cz": "^3.3.0",
"jest": "^24.9.0",
"prettier": "^1.19.1",
"semantic-release": "^15.13.31",
"semantic-release": "^15.14.0",
"ts-jest": "^24.2.0",
"typescript": "^3.7.3"
},
Expand Down
1 change: 1 addition & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,5 @@ const openAttestationVerifiers: Verifier<

const verify = verificationBuilder(openAttestationVerifiers);

export * from "./types/core";
export { verificationBuilder, openAttestationVerifiers, isValid, verify, Verifier };
93 changes: 51 additions & 42 deletions src/verifiers/openAttestationDnsTxt.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,18 @@ import { getDocumentStoreRecords } from "@govtechsg/dnsprove";
import { getNetwork } from "ethers/utils";
import { isWrappedV2Document, VerificationFragmentType, VerificationManagerOptions, Verifier } from "../types/core";

const getSmartContractAddress = (issuer: v2.Issuer) => issuer.documentStore || issuer.tokenRegistry;

type Identity =
| {
identified: true;
status: "VALID";
dns: string;
smartContract: string;
value: string;
}
| {
identified: false;
smartContract: string;
error?: string | Error;
status: "INVALID";
value: string;
};
// Resolve identity of an issuer, currently supporting only DNS-TXT
// DNS-TXT is explained => https://github.com/Open-Attestation/adr/blob/master/decentralized_identity_proof_DNS-TXT.md
const resolveIssuerIdentity = async (
rjchow marked this conversation as resolved.
Show resolved Hide resolved
issuer: v2.Issuer | v3.Issuer,
smartContractAddress: string,
Expand All @@ -36,13 +34,13 @@ const resolveIssuerIdentity = async (
);
return matchingRecord
? {
identified: true,
status: "VALID",
dns: location,
smartContract: smartContractAddress
value: smartContractAddress
}
: {
identified: false,
smartContract: smartContractAddress
status: "INVALID",
value: smartContractAddress
};
};

Expand All @@ -62,7 +60,12 @@ export const openAttestationDnsTxt: Verifier<
test: document => {
if (isWrappedV2Document(document)) {
const documentData = getData(document);
return documentData.issuers.some(getSmartContractAddress);
// at least one issuer uses DNS-TXT
return documentData.issuers.some(issuer => {
return (
(issuer.documentStore || issuer.tokenRegistry) && issuer.identityProof?.type === v2.IdentityProofType.DNSTxt
);
});
}
const documentData = getData(document);
return documentData.issuer.identityProof.type === v3.IdentityProofType.DNSTxt;
Expand All @@ -73,24 +76,28 @@ export const openAttestationDnsTxt: Verifier<
if (isWrappedV2Document(document)) {
const documentData = getData(document);
const identities = await Promise.all(
// we expect the test function to prevent this issue => smart contract address MUST be populated
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
documentData.issuers.map(issuer => resolveIssuerIdentity(issuer, getSmartContractAddress(issuer)!, options))
documentData.issuers.map(issuer => {
rjchow marked this conversation as resolved.
Show resolved Hide resolved
if (issuer.identityProof?.type === v2.IdentityProofType.DNSTxt) {
// we expect the test function to prevent this issue => smart contract address MUST be populated
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
return resolveIssuerIdentity(issuer, (issuer.documentStore || issuer.tokenRegistry)!, options);
}
return {
status: "SKIPPED"
};
})
);

const invalidIdentity = identities.findIndex(identity => !identity.identified);
const invalidIdentity = identities.findIndex(identity => identity.status === "INVALID");
if (invalidIdentity !== -1) {
const smartContractAddress =
documentData.issuers[invalidIdentity].documentStore || documentData.issuers[invalidIdentity].tokenRegistry;

return {
name,
type,
data: {
type: documentData.issuers[invalidIdentity].identityProof?.type,
location: documentData.issuers[invalidIdentity].identityProof?.location,
value:
documentData.issuers[invalidIdentity].documentStore ||
documentData.issuers[invalidIdentity].tokenRegistry
},
message: "Certificate issuer identity is invalid",
data: identities,
message: `Certificate issuer identity for ${smartContractAddress} is invalid`,
status: "INVALID"
};
}
Expand All @@ -100,29 +107,31 @@ export const openAttestationDnsTxt: Verifier<
data: identities,
status: "VALID"
};
}
const documentData = getData(document);
const identity = await resolveIssuerIdentity(documentData.issuer, documentData.proof.value, options);
if (!identity.identified) {
} else {
// we have a v3 document
const documentData = getData(document);
const identity = await resolveIssuerIdentity(documentData.issuer, documentData.proof.value, options);
if (identity.status === "INVALID") {
return {
name,
type,
data: {
type: documentData.issuer.identityProof.type,
location: documentData.issuer.identityProof.location,
value: documentData.proof.value
},
message: "Certificate issuer identity is invalid",
status: "INVALID"
};
}

return {
name,
type,
data: {
type: documentData.issuer.identityProof.type,
location: documentData.issuer.identityProof.location,
value: documentData.proof.value
},
message: "Certificate issuer identity is invalid",
status: "INVALID"
data: identity,
status: "VALID"
};
}

return {
name,
type,
data: identity,
status: "VALID"
};
} catch (e) {
return {
name,
Expand Down
Loading