From 8519753086f7d2659f76e39865f00b842755079d Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 24 Oct 2024 10:17:54 -0400 Subject: [PATCH 1/5] Move shouldBeProofValue to assertions. --- assertions.js | 33 +++++++++++++++++++++++++++++++++ suites/verify.js | 39 +++++---------------------------------- 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/assertions.js b/assertions.js index 074bed1..810d307 100644 --- a/assertions.js +++ b/assertions.js @@ -5,6 +5,7 @@ import chai from 'chai'; import jsonld from 'jsonld'; const should = chai.should(); +const {expect} = chai; // RegExp with bs58 characters in it const bs58 = /^[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]+$/; @@ -298,3 +299,35 @@ export function shouldHaveProofValue({proof, expectedPrefix, encodingName}) { true, `Expected "proof.proofValue" to be a valid ${encodingName} value`); } + +export async function shouldBeProofValue({credentials, verifier}) { + expect(credentials, 'Expected test data to be generated.').to.exist; + expect(credentials.clone('issuedVc'), 'Expected a valid Vc to be issued.'). + to.exist; + // proofValue is added after signing so we can + // safely delete it for this test + const noProofValue = credentials.clone('issuedVc'); + delete noProofValue.proof.proofValue; + await verificationFail({ + credential: noProofValue, + verifier, + reason: 'MUST not verify VC with no "proofValue".' + }); + // null should be an invalid proofValue for almost any proof + const nullProofValue = credentials.clone('issuedVc'); + nullProofValue.proof.proofValue = null; + await verificationFail({ + credential: nullProofValue, + verifier, + reason: 'MUST not verify VC with "proofValue" null.' + }); + const noProofValueHeader = credentials.clone('issuedVc'); + // Remove the multibase header to cause validation error + noProofValueHeader.proof.proofValue = noProofValueHeader.proof.proofValue. + slice(1); + await verificationFail({ + credential: noProofValueHeader, + verifier, + reason: 'MUST not verify VC with invalid multibase header on "proofValue"' + }); +} diff --git a/suites/verify.js b/suites/verify.js index b517702..79a3915 100644 --- a/suites/verify.js +++ b/suites/verify.js @@ -1,8 +1,11 @@ /*! * Copyright (c) 2024 Digital Bazaar, Inc. */ -import {verificationFail, verificationSuccess} from '../assertions.js'; -import {expect} from 'chai'; +import { + shouldBeProofValue, + verificationFail, + verificationSuccess +} from '../assertions.js'; export function runDataIntegrityProofVerifyTests({ endpoints, @@ -311,35 +314,3 @@ export function runDataIntegrityProofVerifyTests({ } }); } - -async function shouldBeProofValue({credentials, verifier}) { - expect(credentials, 'Expected test data to be generated.').to.exist; - expect(credentials.clone('issuedVc'), 'Expected a valid Vc to be issued.'). - to.exist; - // proofValue is added after signing so we can - // safely delete it for this test - const noProofValue = credentials.clone('issuedVc'); - delete noProofValue.proof.proofValue; - await verificationFail({ - credential: noProofValue, - verifier, - reason: 'MUST not verify VC with no "proofValue".' - }); - // null should be an invalid proofValue for almost any proof - const nullProofValue = credentials.clone('issuedVc'); - nullProofValue.proof.proofValue = null; - await verificationFail({ - credential: nullProofValue, - verifier, - reason: 'MUST not verify VC with "proofValue" null.' - }); - const noProofValueHeader = credentials.clone('issuedVc'); - // Remove the multibase header to cause validation error - noProofValueHeader.proof.proofValue = noProofValueHeader.proof.proofValue. - slice(1); - await verificationFail({ - credential: noProofValueHeader, - verifier, - reason: 'MUST not verify VC with invalid multibase header on "proofValue"' - }); -} From aeedf5453236c1aba38959f0210523c74d70975e Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 24 Oct 2024 10:29:08 -0400 Subject: [PATCH 2/5] Only use deprecated proof type statement with non DataIntegrity suites. --- suites/verify.js | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/suites/verify.js b/suites/verify.js index 79a3915..af807e9 100644 --- a/suites/verify.js +++ b/suites/verify.js @@ -104,12 +104,32 @@ export function runDataIntegrityProofVerifyTests({ reason: 'MUST not verify VC w/o "proof.proofPurpose"' }); }); - it(`If the "proof.type" field is not the string ` + - `"${expectedProofType}", an error MUST be raised.`, - async function() { - const credential = credentials.clone('invalidProofType'); - await verificationFail({credential, verifier}); - }); + // use updated statement for DataIntegrityProof tests + if(expectedProofType === 'DataIntegrityProof') { + it('The type property MUST contain the string DataIntegrityProof.', + async function() { + this.test.link = 'https://w3c.github.io/vc-data-integrity/#proofs:~:text=The%20type%20property%20MUST%20contain%20the%20string%20DataIntegrityProof.'; + const credential = credentials.clone('invalidProofType'); + await verificationFail({ + credential, + verifier, + reason: 'Should not verify VC with invalid "proof.type"' + }); + }); + } else { + // if the expectedProofType if Ed25519Sig etc. use the + // deprecated statement + it(`If the "proof.type" field is not the string ` + + `"${expectedProofType}", an error MUST be raised.`, + async function() { + const credential = credentials.clone('invalidProofType'); + await verificationFail({ + credential, + verifier, + reason: 'Should not verify VC with invalid "proof.type"' + }); + }); + } it('If the "proof.verificationMethod" field is invalid, an error ' + 'MUST be raised.', async function() { const credential = credentials.clone('invalidVm'); From 095b39d1e6142dad99c9730b633330745f0bb6c0 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 24 Oct 2024 10:31:45 -0400 Subject: [PATCH 3/5] Remove deprecated statement WRT to now optional verificationMethods. --- suites/verify.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/suites/verify.js b/suites/verify.js index af807e9..1e56673 100644 --- a/suites/verify.js +++ b/suites/verify.js @@ -130,11 +130,6 @@ export function runDataIntegrityProofVerifyTests({ }); }); } - it('If the "proof.verificationMethod" field is invalid, an error ' + - 'MUST be raised.', async function() { - const credential = credentials.clone('invalidVm'); - await verificationFail({credential, verifier}); - }); it('If the "proof.proofPurpose" field is invalid, an error MUST ' + 'be raised.', async function() { const credential = credentials.clone('invalidProofPurpose'); From 83c8b3c349df8e0aa292b115de085e52371a0ad3 Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 24 Oct 2024 10:34:09 -0400 Subject: [PATCH 4/5] Add FIXME to invalidVM generator. --- vc-generator/generators.js | 1 + 1 file changed, 1 insertion(+) diff --git a/vc-generator/generators.js b/vc-generator/generators.js index f090025..48a1ae5 100644 --- a/vc-generator/generators.js +++ b/vc-generator/generators.js @@ -308,6 +308,7 @@ function invalidVm({ suite, selectiveSuite, credential, + //FIXME this generator should support non-string verificationMethods mockVM = 'did:key:invalidVm', ...args }) { From 86187a100ce3dea9d7296e0d00c80b4a9e4bc5de Mon Sep 17 00:00:00 2001 From: Andrew Jones Date: Thu, 24 Oct 2024 10:35:47 -0400 Subject: [PATCH 5/5] Remove deprecated proofPurpose statement. --- suites/verify.js | 5 ----- 1 file changed, 5 deletions(-) diff --git a/suites/verify.js b/suites/verify.js index 1e56673..95746ea 100644 --- a/suites/verify.js +++ b/suites/verify.js @@ -130,11 +130,6 @@ export function runDataIntegrityProofVerifyTests({ }); }); } - it('If the "proof.proofPurpose" field is invalid, an error MUST ' + - 'be raised.', async function() { - const credential = credentials.clone('invalidProofPurpose'); - await verificationFail({credential, verifier}); - }); it('If expectedProofPurpose was given, and it does not match ' + 'proof.proofPurpose, an error MUST be raised and SHOULD convey an ' + 'error type of PROOF_VERIFICATION_ERROR.', async function() {