fix: Added duplicate key fragment rejection layer

cheqd · Jan 13, 2025 · ae6efff · ae6efff
1 parent 5f68c5d
commit ae6efff
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 0 deletions.
diff --git a/x/did/types/diddoc_diddoc_test.go b/x/did/types/diddoc_diddoc_test.go
@@ -404,4 +404,50 @@ var _ = DescribeTable("DIDDoc Validation tests", func(testCase DIDDocTestCase) {
 			isValid:  false,
 			errorMsg: "assertionMethod should be a valid DIDUrl or an Escaped JSON string",
 		}),
+	Entry(
+		"Assertion method contains invalid JSON-escaped string: duplicate inline key fragment definition",
+		DIDDocTestCase{
+			didDoc: &DidDoc{
+				Id:         ValidTestDID,
+				Controller: []string{ValidTestDID},
+				VerificationMethod: []*VerificationMethod{
+					{
+						Id:                     fmt.Sprintf("%s#fragment", ValidTestDID),
+						VerificationMethodType: "Ed25519VerificationKey2020",
+						Controller:             ValidTestDID,
+						VerificationMaterial:   ValidEd25519VerificationKey2020VerificationMaterial,
+					},
+				},
+				AssertionMethod: []string{fmt.Sprintf("\"{\"id\":\"%s#fragment\",\"verificationMethodType\":\"Ed25519VerificationKey2020\",\"controller\":\"%s\",\"verificationMaterial\":\"%s\"}\"", ValidTestDID, ValidTestDID, ValidEd25519VerificationKey2020VerificationMaterial)},
+			},
+			isValid:  false,
+			errorMsg: "assertion_method: (0: assertionMethod should be a valid DIDUrl or an Escaped JSON string with id, type and controller values.).",
+		}),
+	Entry(
+		"Assertion method contains invalid JSON-escaped string: deserialised JSON contains duplicate key fragment definition",
+		DIDDocTestCase{
+			didDoc: &DidDoc{
+				Id:         ValidTestDID,
+				Controller: []string{ValidTestDID},
+				VerificationMethod: []*VerificationMethod{
+					{
+						Id:                     fmt.Sprintf("%s#fragment", ValidTestDID),
+						VerificationMethodType: "Ed25519VerificationKey2020",
+						Controller:             ValidTestDID,
+						VerificationMaterial:   ValidEd25519VerificationKey2020VerificationMaterial,
+					},
+				},
+				AssertionMethod: []string{fmt.Sprintf("%s#fragment", ValidTestDID), func() string {
+					b, _ := json.Marshal(AssertionMethodJSONUnescaped{
+						Id:              fmt.Sprintf("%s#fragment", ValidTestDID),
+						Type:            "Ed25519VerificationKey2020",
+						Controller:      ValidTestDID,
+						PublicKeyBase58: &ValidEd25519VerificationKey2020VerificationMaterial,
+					})
+					return strconv.Quote(string(b))
+				}()},
+			},
+			isValid:  false,
+			errorMsg: "assertionMethod should be a unique inline key fragment definition",
+		}),
 )
diff --git a/x/did/types/validate.go b/x/did/types/validate.go
@@ -125,6 +125,15 @@ func IsAssertionMethod(allowedNamespaces []string, didDoc DidDoc, bypass bool) *
 				return errors.New("assertionMethod should be a valid DIDUrl or an Escaped JSON string with id, type and controller values")
 			}
 
+			for _, v := range didDoc.VerificationMethod {
+				// reject, if identical to existing verification method
+				if v.Id == result.Id && v.VerificationMethodType == result.Type && v.Controller == result.Controller && ((result.PublicKeyJwk != nil && v.VerificationMaterial == *result.PublicKeyJwk) ||
+					(result.PublicKeyBase58 != nil && v.VerificationMaterial == *result.PublicKeyBase58) ||
+					(result.PublicKeyMultibase != nil && v.VerificationMaterial == *result.PublicKeyMultibase)) {
+					return errors.New("assertionMethod should be a unique inline key fragment definition")
+				}
+			}
+
 			return validation.ValidateStruct(&result,
 				validation.Field(&result.Id, validation.Required, IsAssertionMethod(allowedNamespaces, didDoc, true)),
 				validation.Field(&result.Controller, validation.Required, IsDID(allowedNamespaces)),