akramer/digital-credentials-public-validator
akramer/digital-credentials-public-validator
0
0
Fork 0
Code Issues Pull Requests Activity

Added 'alg' check.

Browse Source
This commit is contained in:
Miles Lyon 2022-06-24 15:23:30 -04:00
parent 98e00ccf48
commit 78456fceb8
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inspector-vc/src/main/java/org/oneedtech/inspect/vc/probe/SignatureVerifierProbe.java
View File

@ -61,6 +61,10 @@ public class SignatureVerifierProbe extends Probe<Credential> {
JsonNode headerObj = mapper.readTree(joseHeader); JsonNode headerObj = mapper.readTree(joseHeader);
//MUST be "RS256" //MUST be "RS256"
JsonNode alg = headerObj.get("alg");
if(alg == null || !alg.textValue().equals("RS256")) { throw new Exception("alg must be present and must be 'RS256'"); }
//TODO: decoded jwt will check timestamps, but shall we explicitly break these out?
//Option 1, fetch directly from header //Option 1, fetch directly from header
JsonNode jwk = headerObj.get("jwk"); JsonNode jwk = headerObj.get("jwk");
@ -68,7 +72,7 @@ public class SignatureVerifierProbe extends Probe<Credential> {
//Option 2, fetch from a hosting url //Option 2, fetch from a hosting url
JsonNode kid = headerObj.get("kid"); JsonNode kid = headerObj.get("kid");
if(jwk == null && kid == null) { throw new Exception("asdf"); } if(jwk == null && kid == null) { throw new Exception("Key must present in either jwk or kid value."); }
if(kid != null){ if(kid != null){
//TODO @Miles load jwk JsonNode from url and do the rest the same below. Need to set up testing. //TODO @Miles load jwk JsonNode from url and do the rest the same below. Need to set up testing.
String kidUrl = kid.textValue(); String kidUrl = kid.textValue();