jlinc-labs/jlinc-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

additional signature validation

Browse Source
This commit is contained in:
Ben Curtis
2026-05-13 18:04:40 +00:00
parent dbdace1717
commit de36ec50f7
1 changed files with 23 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/modules/core/data/audit.js
View File

@@ -58,6 +58,11 @@ function validateSignatures(item, signatures, didDocs) {
for (const signature of signatures) { for (const signature of signatures) {
const didDoc = didDocs.find((didDoc) => didDoc.id === signature.id); const didDoc = didDocs.find((didDoc) => didDoc.id === signature.id);
if (!didDoc) throw ('DID Document not provided'); if (!didDoc) throw ('DID Document not provided');
const vmCreatedDate = new Date(didDoc.verificationMethod[0].created);
const signDate = new Date(signature.signedOn)
const vmDeactivatedDate = didDoc.verificationMethod[0].deactivated ? new Date(didDoc.verificationMethod[0].deactivated) : null;
const validDate = signDate >= vmCreatedDate && (!vmDeactivatedDate || vmDeactivatedDate >= signDate);
if (!validDate) throw ('Signature is not valid due to key dates');
const split = splitJws(signature.jws); const split = splitJws(signature.jws);
if (stringify(item) !== stringify(split.payload)) throw ('Payload does not match'); if (stringify(item) !== stringify(split.payload)) throw ('Payload does not match');
const validJws = verifyJws({ const validJws = verifyJws({
@@ -73,6 +78,23 @@ function validateSignatures(item, signatures, didDocs) {
return res; return res;
} }
function validateSignedBefore(item, signatures) {
let res = false;
try {
let issue = false;
for (const signature of signatures) {
if (signature.signedOn >= item.created) {
issue = true;
break;
}
}
res = !issue;
} catch (e) {
console.error(e);
}
return res;
}
function validateDidsMatch(auditSigs, targetSigs) { function validateDidsMatch(auditSigs, targetSigs) {
let match = true; let match = true;
for (const asig of auditSigs) { for (const asig of auditSigs) {
@@ -209,7 +231,7 @@ async function verify(input, userId) {
const existingAgreementSignatures = await agreement.getSignatures(client, userId, existingItem.agreementId); const existingAgreementSignatures = await agreement.getSignatures(client, userId, existingItem.agreementId);
res.results.validEventAgreement = validateDidsMatch(auditRecord.signatures, existingAgreementSignatures); res.results.validEventAgreement = validateDidsMatch(auditRecord.signatures, existingAgreementSignatures);
res.results.validEventAgreementSignature = false; res.results.validEventAgreementSignature = false;
if (validateSignatures(existingAgreement, existingAgreementSignatures, input.didDocs)) { if (validateSignatures(existingAgreement, existingAgreementSignatures, input.didDocs) && validateSignedBefore(existingItem, existingAgreementSignatures)) {
res.results.validEventAgreementSignature = true; res.results.validEventAgreementSignature = true;
} }
} else { } else {