diff --git a/internal/service/api/handlers/create_identity.go b/internal/service/api/handlers/create_identity.go index 2455e17..86159e5 100644 --- a/internal/service/api/handlers/create_identity.go +++ b/internal/service/api/handlers/create_identity.go @@ -9,6 +9,7 @@ import ( "crypto/sha256" "encoding/asn1" "encoding/hex" + "encoding/json" "encoding/pem" "fmt" "math/big" @@ -62,42 +63,50 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { return } + rawReqData, err := json.Marshal(req.Data) + if err != nil { + Log(r).WithError(err).Error("failed to marshal create identity request") + ape.RenderErr(w, problems.InternalError()) + return + } + log := Log(r).WithField("request_data", string(rawReqData)) + algorithm := signatureAlgorithm(req.Data.DocumentSOD.Algorithm) if algorithm == "" { - Log(r).WithError(fmt.Errorf("%s is not a valid algorithm", req.Data.DocumentSOD.Algorithm)).Error("failed to select signature algorithm") + log.WithError(fmt.Errorf("%s is not a valid algorithm", req.Data.DocumentSOD.Algorithm)).Error("failed to select signature algorithm") ape.RenderErr(w, problems.BadRequest(fmt.Errorf("%s is not a valid algorithm", req.Data.DocumentSOD.Algorithm))...) return } signedAttributes, err := hex.DecodeString(req.Data.DocumentSOD.SignedAttributes) if err != nil { - Log(r).WithError(err).Error("failed to decode hex string") + log.WithError(err).Error("failed to decode hex string") ape.RenderErr(w, problems.BadRequest(err)...) return } encapsulatedContent, err := hex.DecodeString(req.Data.DocumentSOD.EncapsulatedContent) if err != nil { - Log(r).WithError(err).Error("failed to decode hex string") + log.WithError(err).Error("failed to decode hex string") ape.RenderErr(w, problems.BadRequest(err)...) return } if err := validateSignedAttributes(signedAttributes, encapsulatedContent, algorithm); err != nil { - Log(r).WithError(err).Error("failed to validate signed attributes") + log.WithError(err).Error("failed to validate signed attributes") ape.RenderErr(w, problems.InternalError()) return } cert, err := parseCertificate([]byte(req.Data.DocumentSOD.PemFile)) if err != nil { - Log(r).WithError(err).Error("failed to parse certificate") + log.WithError(err).Error("failed to parse certificate") ape.RenderErr(w, problems.InternalError()) return } if err := verifySignature(req, cert, signedAttributes, algorithm); err != nil { - Log(r).WithError(err).Error("failed to verify signature") + log.WithError(err).Error("failed to verify signature") ape.RenderErr(w, problems.InternalError()) return } @@ -107,51 +116,51 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { switch algorithm { case SHA1withECDSA: if err := verifier.VerifyGroth16(req.Data.ZKProof, cfg.VerificationKeys[SHA1]); err != nil { - Log(r).WithError(err).Error("failed to verify Groth16") + log.WithError(err).Error("failed to verify Groth16") ape.RenderErr(w, problems.BadRequest(err)...) return } case SHA256withRSA, SHA256withECDSA: if err := verifier.VerifyGroth16(req.Data.ZKProof, cfg.VerificationKeys[SHA256]); err != nil { - Log(r).WithError(err).Error("failed to verify Groth16") + log.WithError(err).Error("failed to verify Groth16") ape.RenderErr(w, problems.BadRequest(err)...) return } default: - Log(r).WithField("algorithm", req.Data.DocumentSOD.Algorithm).Debug("invalid signature algorithm") + log.WithField("algorithm", req.Data.DocumentSOD.Algorithm).Debug("invalid signature algorithm") ape.RenderErr(w, problems.BadRequest(errors.New("invalid signature algorithm"))...) return } encapsulatedData := resources.EncapsulatedData{} if _, err = asn1.Unmarshal(encapsulatedContent, &encapsulatedData); err != nil { - Log(r).WithError(err).Error("failed to unmarshal ASN.1") + log.WithError(err).Error("failed to unmarshal ASN.1") ape.RenderErr(w, problems.InternalError()) return } privateKey := make([]asn1.RawValue, 0) if _, err = asn1.Unmarshal(encapsulatedData.PrivateKey.FullBytes, &privateKey); err != nil { - Log(r).WithError(err).Error("failed to unmarshal ASN.1") + log.WithError(err).Error("failed to unmarshal ASN.1") ape.RenderErr(w, problems.InternalError()) return } privKeyEl := resources.PrivateKeyElement{} if _, err = asn1.Unmarshal(privateKey[0].FullBytes, &privKeyEl); err != nil { - Log(r).WithError(err).Error("failed to unmarshal ASN.1") + log.WithError(err).Error("failed to unmarshal ASN.1") ape.RenderErr(w, problems.InternalError()) return } if err := validatePubSignals(cfg, req.Data, privKeyEl.OctetStr.Bytes); err != nil { - Log(r).WithError(err).Error("failed to validate pub signals") + log.WithError(err).Error("failed to validate pub signals") ape.RenderErr(w, problems.BadRequest(err)...) return } if err := validateCert(cert, cfg.MasterCerts); err != nil { - Log(r).WithError(err).Error("failed to validate certificate") + log.WithError(err).Error("failed to validate certificate") ape.RenderErr(w, problems.BadRequest(err)...) return } @@ -162,7 +171,7 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { FilterBy("user_did", req.Data.ID.String()). Get() if err != nil { - Log(r).WithError(err).Error("failed to get claim by user DID") + log.WithError(err).Error("failed to get claim by user DID") ape.RenderErr(w, problems.InternalError()) return } @@ -186,14 +195,14 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { identityExpiration, err := getExpirationTimeFromPubSignals(req.Data.ZKProof.PubSignals) if err != nil { - Log(r).WithError(err).Error("failed to get expiration time") + log.WithError(err).Error("failed to get expiration time") ape.RenderErr(w, problems.BadRequest(err)...) return } issuingAuthority, err := strconv.Atoi(req.Data.ZKProof.PubSignals[2]) if err != nil { - Log(r).WithError(err).Error("failed to convert string to int") + log.WithError(err).Error("failed to convert string to int") ape.RenderErr(w, problems.InternalError()) return } @@ -204,7 +213,7 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { blinder, err := vaultClient.Blinder() if err != nil { - Log(r).WithError(err).Error("failed to get blinder from the vault") + log.WithError(err).Error("failed to get blinder from the vault") ape.RenderErr(w, problems.InternalError()) return } @@ -214,26 +223,26 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { salt := new(big.Int).SetUint64(uint64(time.Now().UTC().UnixMilli())) documentHash, err := poseidon.HashBytes(signedAttributes) if err != nil { - Log(r).WithError(err).Error("failed to hash signed attributes") + log.WithError(err).Error("failed to hash signed attributes") ape.RenderErr(w, problems.InternalError()) return } nullifier, err := poseidon.Hash([]*big.Int{documentHash, blinder, salt}) if err != nil { - Log(r).WithError(err).Error("failed to build nullifier") + log.WithError(err).Error("failed to build nullifier") ape.RenderErr(w, problems.InternalError()) return } existing, err := masterQ.Claim().FilterBy("document_hash", documentHash.String()).Get() if err != nil { - Log(r).WithError(err).Error("failed to get claim by document hash") + log.WithError(err).Error("failed to get claim by document hash") ape.RenderErr(w, problems.InternalError()) return } if existing != nil { - log := Log(r).WithField("document_hash", documentHash.String()) + log = log.WithField("document_hash", documentHash.String()) if existing.IsBanned { log.Info("user of the provided document is banned") ape.RenderErr(w, problems.InternalError()) @@ -288,7 +297,7 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) { return nil }); err != nil { - Log(r).WithError(err).Error("failed to execute SQL transaction") + log.WithError(err).Error("failed to execute SQL transaction") // error was rendered beforehand return } diff --git a/internal/service/api/requests/create_identity.go b/internal/service/api/requests/create_identity.go index ad0a46d..7fe8b1c 100644 --- a/internal/service/api/requests/create_identity.go +++ b/internal/service/api/requests/create_identity.go @@ -2,10 +2,11 @@ package requests import ( "encoding/json" + "net/http" + "github.com/iden3/go-iden3-core/v2/w3c" snarkTypes "github.com/iden3/go-rapidsnark/types" "gitlab.com/distributed_lab/logan/v3/errors" - "net/http" ) type CreateIdentityRequestData struct {