Skip to content

Commit

Permalink
chore: address feedback
Browse files Browse the repository at this point in the history 
Signed-off-by: Timo Glastra <[email protected]>
  • Loading branch information
@TimoGlastra
TimoGlastra committed Feb 24, 2025
1 parent 89f2765 commit 39ff3a8
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 12 deletions.
16 changes: 6 additions & 10 deletions packages/core/src/crypto/JwsService.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,17 +211,15 @@ export class JwsService {
}

private buildProtected(options: JwsProtectedHeaderOptions) {
const x5cJwkCount = [options.jwk, options.x5c].filter(Boolean).length

// FIXME: checking for kid starting with '#' is not good.
// but now we don't really limit that kid (did key reference)
// cannot be combined with x5c/jwk
if (options.kid?.startsWith('did:')) {
if (x5cJwkCount > 0) {
if (options.jwk || options.x5c) {
throw new CredoError("When 'kid' is a did, 'jwk' and 'x5c' cannot be provided.")
}
} else if (x5cJwkCount > 1 || (x5cJwkCount === 0 && !options.kid)) {
throw new CredoError("Header must contain one of 'kid' with a did value, 'x5c', or 'jwk'.")
} else if ((options.jwk && options.x5c) || (!options.jwk && !options.x5c && !options.kid)) {
throw new CredoError("Header must contain one of 'x5c', 'jwk' or 'kid' with a did value.")
}

return {
Expand Down Expand Up @@ -250,17 +248,15 @@ export class JwsService {
trustedCertificates: trustedCertificatesFromOptions = [],
} = options

const x5cJwkCount = [protectedHeader.jwk, protectedHeader.x5c].filter(Boolean)

// FIXME: checking for kid starting with '#' is not good.
// but now we don't really limit that kid (did key reference)
// cannot be combined with x5c/jwk
if (typeof protectedHeader.kid === 'string' && protectedHeader.kid?.startsWith('did:')) {
if (x5cJwkCount.length > 0) {
if (protectedHeader.jwk || protectedHeader.x5c) {
throw new CredoError("When 'kid' is a did, 'jwk' and 'x5c' cannot be provided.")
}
} else if (x5cJwkCount.length > 1) {
throw new CredoError("Header must contain one of 'kid' with a did value, 'x5c', or 'jwk'.")
} else if (protectedHeader.jwk && protectedHeader.x5c) {
throw new CredoError("Header must contain one of 'x5c', 'jwk' or 'kid' with a did value.")
}

if (protectedHeader.x5c) {
Expand Down
4 changes: 2 additions & 2 deletions packages/core/src/crypto/__tests__/JwsService.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ describe('JwsService', () => {
x5c: [didJwsz6MkfCertificate.toString('base64url')],
},
})
).rejects.toThrow("Header must contain one of 'kid' with a did value, 'x5c', or 'jwk'.")
).rejects.toThrow("Header must contain one of 'x5c', 'jwk' or 'kid' with a did value.")

await expect(
jwsService.createJwsCompact(agentContext, {
Expand Down Expand Up @@ -279,7 +279,7 @@ describe('JwsService', () => {
signature: '',
},
})
).rejects.toThrow("Header must contain one of 'kid' with a did value, 'x5c', or 'jwk'.")
).rejects.toThrow("Header must contain one of 'x5c', 'jwk' or 'kid' with a did value.")

await expect(
jwsService.verifyJws(agentContext, {
Expand Down

0 comments on commit 39ff3a8

Please sign in to comment.