fix: dns verifier (Open-Attestation#77)

* fix: dns verifier
TradeTrust · Jan 8, 2020 · e1e040d · e1e040d
1 parent d912ae6
commit e1e040d
Show file tree

Hide file tree

Showing 8 changed files with 379 additions and 149 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -25,6 +25,7 @@
     "import/extensions": "off",
     "@typescript-eslint/explicit-function-return-type": "off",
     "@typescript-eslint/no-explicit-any": "off",
-    "no-unused-expressions": "off"
+    "no-unused-expressions": "off",
+    "no-else-return": "off"
   }
 }
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [![CircleCI](https://circleci.com/gh/Open-Attestation/oa-verify.svg?style=svg)](https://circleci.com/gh/Open-Attestation/oa-verify)
 
-Library to verify any [OpenAttestation](https://github.com/OpenCerts/open-attestation) document. This library implements [the verifier ADR](https://github.com/Open-Attestation/adr/blob/master/verifier.md).
+Library to verify any [OpenAttestation](https://github.com/Open-Attestation/open-attestation) document. This library implements [the verifier ADR](https://github.com/Open-Attestation/adr/blob/master/verifier.md).
 
 ## Installation
 

diff --git a/package.json b/package.json
@@ -43,7 +43,7 @@
     "git-cz": "^3.3.0",
     "jest": "^24.9.0",
     "prettier": "^1.19.1",
-    "semantic-release": "^15.13.31",
+    "semantic-release": "^15.14.0",
     "ts-jest": "^24.2.0",
     "typescript": "^3.7.3"
   },

diff --git a/src/index.ts b/src/index.ts
@@ -20,4 +20,5 @@ const openAttestationVerifiers: Verifier<
 
 const verify = verificationBuilder(openAttestationVerifiers);
 
+export * from "./types/core";
 export { verificationBuilder, openAttestationVerifiers, isValid, verify, Verifier };
diff --git a/src/verifiers/openAttestationDnsTxt.ts b/src/verifiers/openAttestationDnsTxt.ts
@@ -3,20 +3,18 @@ import { getDocumentStoreRecords } from "@govtechsg/dnsprove";
 import { getNetwork } from "ethers/utils";
 import { isWrappedV2Document, VerificationFragmentType, VerificationManagerOptions, Verifier } from "../types/core";
 
-const getSmartContractAddress = (issuer: v2.Issuer) => issuer.documentStore || issuer.tokenRegistry;
-
 type Identity =
   | {
-      identified: true;
+      status: "VALID";
       dns: string;
-      smartContract: string;
+      value: string;
     }
   | {
-      identified: false;
-      smartContract: string;
-      error?: string | Error;
+      status: "INVALID";
+      value: string;
     };
 // Resolve identity of an issuer, currently supporting only DNS-TXT
+// DNS-TXT is explained => https://github.com/Open-Attestation/adr/blob/master/decentralized_identity_proof_DNS-TXT.md
 const resolveIssuerIdentity = async (
   issuer: v2.Issuer | v3.Issuer,
   smartContractAddress: string,
@@ -36,13 +34,13 @@ const resolveIssuerIdentity = async (
   );
   return matchingRecord
     ? {
-        identified: true,
+        status: "VALID",
         dns: location,
-        smartContract: smartContractAddress
+        value: smartContractAddress
       }
     : {
-        identified: false,
-        smartContract: smartContractAddress
+        status: "INVALID",
+        value: smartContractAddress
       };
 };
 
@@ -62,7 +60,12 @@ export const openAttestationDnsTxt: Verifier<
   test: document => {
     if (isWrappedV2Document(document)) {
       const documentData = getData(document);
-      return documentData.issuers.some(getSmartContractAddress);
+      // at least one issuer uses DNS-TXT
+      return documentData.issuers.some(issuer => {
+        return (
+          (issuer.documentStore || issuer.tokenRegistry) && issuer.identityProof?.type === v2.IdentityProofType.DNSTxt
+        );
+      });
     }
     const documentData = getData(document);
     return documentData.issuer.identityProof.type === v3.IdentityProofType.DNSTxt;
@@ -73,24 +76,28 @@ export const openAttestationDnsTxt: Verifier<
       if (isWrappedV2Document(document)) {
         const documentData = getData(document);
         const identities = await Promise.all(
-          // we expect the test function to prevent this issue => smart contract address MUST be populated
-          // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-          documentData.issuers.map(issuer => resolveIssuerIdentity(issuer, getSmartContractAddress(issuer)!, options))
+          documentData.issuers.map(issuer => {
+            if (issuer.identityProof?.type === v2.IdentityProofType.DNSTxt) {
+              // we expect the test function to prevent this issue => smart contract address MUST be populated
+              // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+              return resolveIssuerIdentity(issuer, (issuer.documentStore || issuer.tokenRegistry)!, options);
+            }
+            return {
+              status: "SKIPPED"
+            };
+          })
         );
 
-        const invalidIdentity = identities.findIndex(identity => !identity.identified);
+        const invalidIdentity = identities.findIndex(identity => identity.status === "INVALID");
         if (invalidIdentity !== -1) {
+          const smartContractAddress =
+            documentData.issuers[invalidIdentity].documentStore || documentData.issuers[invalidIdentity].tokenRegistry;
+
           return {
             name,
             type,
-            data: {
-              type: documentData.issuers[invalidIdentity].identityProof?.type,
-              location: documentData.issuers[invalidIdentity].identityProof?.location,
-              value:
-                documentData.issuers[invalidIdentity].documentStore ||
-                documentData.issuers[invalidIdentity].tokenRegistry
-            },
-            message: "Certificate issuer identity is invalid",
+            data: identities,
+            message: `Certificate issuer identity for ${smartContractAddress} is invalid`,
             status: "INVALID"
           };
         }
@@ -100,29 +107,31 @@ export const openAttestationDnsTxt: Verifier<
           data: identities,
           status: "VALID"
         };
-      }
-      const documentData = getData(document);
-      const identity = await resolveIssuerIdentity(documentData.issuer, documentData.proof.value, options);
-      if (!identity.identified) {
+      } else {
+        // we have a v3 document
+        const documentData = getData(document);
+        const identity = await resolveIssuerIdentity(documentData.issuer, documentData.proof.value, options);
+        if (identity.status === "INVALID") {
+          return {
+            name,
+            type,
+            data: {
+              type: documentData.issuer.identityProof.type,
+              location: documentData.issuer.identityProof.location,
+              value: documentData.proof.value
+            },
+            message: "Certificate issuer identity is invalid",
+            status: "INVALID"
+          };
+        }
+
         return {
           name,
           type,
-          data: {
-            type: documentData.issuer.identityProof.type,
-            location: documentData.issuer.identityProof.location,
-            value: documentData.proof.value
-          },
-          message: "Certificate issuer identity is invalid",
-          status: "INVALID"
+          data: identity,
+          status: "VALID"
         };
       }
-
-      return {
-        name,
-        type,
-        data: identity,
-        status: "VALID"
-      };
     } catch (e) {
       return {
         name,
Original file line number	Diff line number	Diff line change
Expand Up		@@ -20,4 +20,5 @@ const openAttestationVerifiers: Verifier<

		const verify = verificationBuilder(openAttestationVerifiers);

		export * from "./types/core";
		export { verificationBuilder, openAttestationVerifiers, isValid, verify, Verifier };