Skip to content

Commit

Permalink
Always support did:jwk, web, x509 and key when verifying VCs
Browse files Browse the repository at this point in the history
  • Loading branch information
reinkrul committed Nov 19, 2024
1 parent fd2b4c5 commit 1198e73
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 20 deletions.
52 changes: 33 additions & 19 deletions auth/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,16 @@ import (
"errors"
"github.com/nuts-foundation/nuts-node/auth/client/iam"
"github.com/nuts-foundation/nuts-node/vdr"
"github.com/nuts-foundation/nuts-node/vdr/didjwk"
"github.com/nuts-foundation/nuts-node/vdr/didkey"
"github.com/nuts-foundation/nuts-node/vdr/didnuts"
"github.com/nuts-foundation/nuts-node/vdr/didsubject"
"github.com/nuts-foundation/nuts-node/vdr/didweb"
"github.com/nuts-foundation/nuts-node/vdr/didx509"
"github.com/nuts-foundation/nuts-node/vdr/resolver"
"net/url"
"path"
"slices"
"time"

"github.com/nuts-foundation/nuts-node/auth/services"
Expand All @@ -46,23 +52,25 @@ var _ AuthenticationServices = (*Auth)(nil)

// Auth is the main struct of the Auth service
type Auth struct {
config Config
jsonldManager jsonld.JSONLD
authzServer oauth.AuthorizationServer
relyingParty oauth.RelyingParty
contractNotary services.ContractNotary
serviceResolver didman.CompoundServiceResolver
keyStore crypto.KeyStore
vcr vcr.VCR
pkiProvider pki.Provider
shutdownFunc func()
vdrInstance vdr.VDR
publicURL *url.URL
strictMode bool
httpClientTimeout time.Duration
tlsConfig *tls.Config
subjectManager didsubject.Manager
supportedDIDMethods []string
config Config
jsonldManager jsonld.JSONLD
authzServer oauth.AuthorizationServer
relyingParty oauth.RelyingParty
contractNotary services.ContractNotary
serviceResolver didman.CompoundServiceResolver
keyStore crypto.KeyStore
vcr vcr.VCR
pkiProvider pki.Provider
shutdownFunc func()
vdrInstance vdr.VDR
publicURL *url.URL
strictMode bool
httpClientTimeout time.Duration
tlsConfig *tls.Config
subjectManager didsubject.Manager
// configuredDIDMethods contains the DID methods that are configured in the Nuts node,
// of which VDR will create DIDs.
configuredDIDMethods []string
}

// Name returns the name of the module.
Expand Down Expand Up @@ -137,7 +145,7 @@ func (auth *Auth) Configure(config core.ServerConfig) error {
return err
}

auth.supportedDIDMethods = config.DIDMethods
auth.configuredDIDMethods = config.DIDMethods

auth.contractNotary = notary.NewNotary(notary.Config{
PublicURL: auth.publicURL.String(),
Expand Down Expand Up @@ -179,7 +187,13 @@ func (auth *Auth) Configure(config core.ServerConfig) error {
}

func (auth *Auth) SupportedDIDMethods() []string {
return append(auth.supportedDIDMethods, "x509")
// DID methods that don't require additional resources/configuration in the Nuts node are always supported.
// Other DID methods (did:nuts), are only supported if explicitly enabled.
result := []string{didweb.MethodName, didjwk.MethodName, didkey.MethodName, didx509.MethodName}
if slices.Contains(auth.configuredDIDMethods, didnuts.MethodName) {
result = append(result, didnuts.MethodName)
}
return result
}

// Start starts the Auth engine (Noop)
Expand Down
19 changes: 19 additions & 0 deletions auth/auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,3 +125,22 @@ func TestAuth_IAMClient(t *testing.T) {
})

}

func TestAuth_SupportedDIDMethods(t *testing.T) {
t.Run("supports did:web", func(t *testing.T) {
assert.Contains(t, (&Auth{}).SupportedDIDMethods(), "web")
})
t.Run("supports did:key", func(t *testing.T) {
assert.Contains(t, (&Auth{}).SupportedDIDMethods(), "key")
})
t.Run("supports did:x509", func(t *testing.T) {
assert.Contains(t, (&Auth{}).SupportedDIDMethods(), "x509")
})
t.Run("supports did:jwk", func(t *testing.T) {
assert.Contains(t, (&Auth{}).SupportedDIDMethods(), "jwk")
})
t.Run("supports did:nuts if configured", func(t *testing.T) {
assert.NotContains(t, (&Auth{}).SupportedDIDMethods(), "nuts")
assert.Contains(t, (&Auth{configuredDIDMethods: []string{"nuts"}}).SupportedDIDMethods(), "nuts")
})
}
2 changes: 1 addition & 1 deletion auth/interface.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@ type AuthenticationServices interface {
PublicURL() *url.URL
// AuthorizationEndpointEnabled returns whether the v2 API's OAuth2 Authorization Endpoint is enabled.
AuthorizationEndpointEnabled() bool
// SupportedDIDMethods list the DID methods configured for the nuts node in preferred order.
// SupportedDIDMethods lists the DID methods the Nuts node can resolve.
SupportedDIDMethods() []string
}

0 comments on commit 1198e73

Please sign in to comment.