2021-04-16 05:13:06 -06:00
|
|
|
/*
|
|
|
|
Copyright 2021 Yarmo Mackenbach
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
const utils = require('./utils')
|
|
|
|
const E = require('./enums')
|
2022-09-20 13:38:11 -06:00
|
|
|
const { bcryptVerify, argon2Verify } = require('hash-wasm')
|
2021-04-16 05:13:06 -06:00
|
|
|
|
2021-04-22 07:14:21 -06:00
|
|
|
/**
|
|
|
|
* @module verifications
|
|
|
|
* @ignore
|
|
|
|
*/
|
|
|
|
|
2022-09-20 13:38:11 -06:00
|
|
|
const containsProof = async (data, fingerprint, claimFormat) => {
|
|
|
|
const fingerprintFormatted = utils.generateClaim(fingerprint, claimFormat)
|
|
|
|
const fingerprintURI = utils.generateClaim(fingerprint, E.ClaimFormat.URI)
|
2022-09-10 04:16:50 -06:00
|
|
|
let result = false
|
2021-04-16 05:13:06 -06:00
|
|
|
|
2022-09-10 04:16:50 -06:00
|
|
|
// Check for plaintext proof
|
|
|
|
result = data.replace(/\r?\n|\r/g, '')
|
|
|
|
.toLowerCase()
|
2022-09-20 13:38:11 -06:00
|
|
|
.indexOf(fingerprintFormatted.toLowerCase()) !== -1
|
2022-09-10 04:16:50 -06:00
|
|
|
|
2022-09-20 13:38:11 -06:00
|
|
|
// Check for hashed proof
|
|
|
|
if (!result) {
|
2022-09-21 02:03:18 -06:00
|
|
|
const hashRe = /\$(argon2(?:id|d|i)|2a|2b|2y)(?:\$[a-zA-Z0-9=+\-,./]+)+/g
|
2022-09-20 13:38:11 -06:00
|
|
|
let match
|
|
|
|
|
|
|
|
while (!result && (match = hashRe.exec(data)) != null) {
|
2022-09-21 07:30:35 -06:00
|
|
|
let timeoutHandle
|
|
|
|
const timeoutPromise = new Promise((resolve, reject) => {
|
|
|
|
timeoutHandle = setTimeout(
|
|
|
|
() => {
|
|
|
|
resolve(false)
|
|
|
|
}, 1000
|
|
|
|
)
|
|
|
|
})
|
|
|
|
|
2022-09-20 13:38:11 -06:00
|
|
|
switch (match[1]) {
|
|
|
|
case '2a':
|
|
|
|
case '2b':
|
|
|
|
case '2y':
|
|
|
|
try {
|
2022-09-21 07:30:35 -06:00
|
|
|
// Patch until promise.race properly works on WASM
|
|
|
|
if (parseInt(match[0].split('$')[2]) > 12) continue
|
|
|
|
|
|
|
|
const hashPromise = bcryptVerify({
|
2022-09-20 13:38:11 -06:00
|
|
|
password: fingerprintURI,
|
|
|
|
hash: match[0]
|
|
|
|
})
|
2022-09-21 07:30:35 -06:00
|
|
|
.then(result => result)
|
|
|
|
.catch(_ => false)
|
|
|
|
|
|
|
|
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
|
|
|
|
clearTimeout(timeoutHandle)
|
|
|
|
return result
|
|
|
|
})
|
2022-09-20 13:38:11 -06:00
|
|
|
} catch (err) {
|
|
|
|
result = false
|
|
|
|
}
|
|
|
|
break
|
|
|
|
|
|
|
|
case 'argon2':
|
|
|
|
case 'argon2i':
|
|
|
|
case 'argon2d':
|
|
|
|
case 'argon2id':
|
|
|
|
try {
|
2022-09-21 07:30:35 -06:00
|
|
|
const hashPromise = argon2Verify({
|
2022-09-20 13:38:11 -06:00
|
|
|
password: fingerprintURI,
|
|
|
|
hash: match[0]
|
|
|
|
})
|
2022-09-21 07:30:35 -06:00
|
|
|
.then(result => result)
|
|
|
|
.catch(_ => false)
|
|
|
|
|
|
|
|
result = await Promise.race([hashPromise, timeoutPromise]).then((result) => {
|
|
|
|
clearTimeout(timeoutHandle)
|
|
|
|
return result
|
|
|
|
})
|
2022-09-20 13:38:11 -06:00
|
|
|
} catch (err) {
|
|
|
|
result = false
|
|
|
|
}
|
|
|
|
break
|
|
|
|
|
|
|
|
default:
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check for HTTP proof
|
2022-09-10 04:16:50 -06:00
|
|
|
if (!result) {
|
|
|
|
const uris = utils.getUriFromString(data)
|
|
|
|
|
|
|
|
for (let index = 0; index < uris.length; index++) {
|
|
|
|
if (result) continue
|
|
|
|
|
|
|
|
const candidate = uris[index]
|
|
|
|
let candidateURL
|
|
|
|
|
|
|
|
try {
|
|
|
|
candidateURL = new URL(candidate)
|
|
|
|
} catch (_) {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
if (candidateURL.protocol !== 'https:') {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2022-09-10 08:21:14 -06:00
|
|
|
// Using fetch -> axios doesn't find the ariadne-identity-proof header
|
|
|
|
const response = await fetch(candidate, { // eslint-disable-line
|
|
|
|
method: 'HEAD'
|
2022-09-10 04:16:50 -06:00
|
|
|
})
|
2022-09-10 08:21:14 -06:00
|
|
|
.catch(e => {
|
|
|
|
return false
|
|
|
|
})
|
2022-09-10 04:16:50 -06:00
|
|
|
|
2022-09-10 08:21:14 -06:00
|
|
|
if (!response) continue
|
2022-09-10 04:16:50 -06:00
|
|
|
if (response.status !== 200) continue
|
2022-09-10 08:21:14 -06:00
|
|
|
if (!response.headers.get('ariadne-identity-proof')) continue
|
2022-09-10 04:16:50 -06:00
|
|
|
|
2022-09-10 08:21:14 -06:00
|
|
|
result = response.headers.get('ariadne-identity-proof')
|
2022-09-10 04:16:50 -06:00
|
|
|
.toLowerCase()
|
2022-09-20 13:38:11 -06:00
|
|
|
.indexOf(fingerprintURI.toLowerCase()) !== -1
|
2022-09-10 04:16:50 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return result
|
|
|
|
}
|
|
|
|
|
2022-09-20 13:38:11 -06:00
|
|
|
const runJSON = async (proofData, checkPath, checkClaim, checkClaimFormat, checkRelation) => {
|
2021-04-16 05:13:06 -06:00
|
|
|
if (!proofData) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
if (Array.isArray(proofData)) {
|
|
|
|
let result = false
|
2022-09-10 04:16:50 -06:00
|
|
|
|
|
|
|
for (let index = 0; index < proofData.length; index++) {
|
|
|
|
const item = proofData[index]
|
|
|
|
|
2021-04-19 03:44:30 -06:00
|
|
|
if (result) {
|
2022-09-10 04:16:50 -06:00
|
|
|
continue
|
2021-04-19 03:44:30 -06:00
|
|
|
}
|
2022-09-10 04:16:50 -06:00
|
|
|
|
2022-09-20 13:38:11 -06:00
|
|
|
result = await runJSON(item, checkPath, checkClaim, checkClaimFormat, checkRelation)
|
2022-09-10 04:16:50 -06:00
|
|
|
}
|
|
|
|
|
2021-04-16 05:13:06 -06:00
|
|
|
return result
|
|
|
|
}
|
|
|
|
|
2021-07-09 15:44:52 -06:00
|
|
|
if (checkPath.length === 0) {
|
2021-04-16 05:13:06 -06:00
|
|
|
switch (checkRelation) {
|
|
|
|
case E.ClaimRelation.ONEOF:
|
2022-09-20 13:38:11 -06:00
|
|
|
return await containsProof(proofData.join('|'), checkClaim, checkClaimFormat)
|
2021-07-09 15:44:52 -06:00
|
|
|
|
|
|
|
case E.ClaimRelation.CONTAINS:
|
2022-09-10 04:16:50 -06:00
|
|
|
case E.ClaimRelation.EQUALS:
|
2021-07-09 15:44:52 -06:00
|
|
|
default:
|
2022-09-20 13:38:11 -06:00
|
|
|
return await containsProof(proofData, checkClaim, checkClaimFormat)
|
2021-04-16 05:13:06 -06:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-10-25 01:22:25 -06:00
|
|
|
if (typeof proofData === 'object' && !(checkPath[0] in proofData)) {
|
2021-04-16 05:13:06 -06:00
|
|
|
throw new Error('err_json_structure_incorrect')
|
|
|
|
}
|
|
|
|
|
2022-09-10 04:16:50 -06:00
|
|
|
return await runJSON(
|
2021-04-16 05:13:06 -06:00
|
|
|
proofData[checkPath[0]],
|
|
|
|
checkPath.slice(1),
|
|
|
|
checkClaim,
|
2022-09-20 13:38:11 -06:00
|
|
|
checkClaimFormat,
|
2021-04-16 05:13:06 -06:00
|
|
|
checkRelation
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2021-04-22 07:14:21 -06:00
|
|
|
/**
|
|
|
|
* Run the verification by finding the formatted fingerprint in the proof
|
2022-09-10 04:16:50 -06:00
|
|
|
* @async
|
2021-04-22 07:14:21 -06:00
|
|
|
* @param {object} proofData - The proof data
|
|
|
|
* @param {object} claimData - The claim data
|
|
|
|
* @param {string} fingerprint - The fingerprint
|
|
|
|
* @returns {object}
|
|
|
|
*/
|
2022-09-10 04:16:50 -06:00
|
|
|
const run = async (proofData, claimData, fingerprint) => {
|
2021-07-09 15:44:52 -06:00
|
|
|
const res = {
|
2021-04-16 05:13:06 -06:00
|
|
|
result: false,
|
|
|
|
completed: false,
|
2021-07-09 15:44:52 -06:00
|
|
|
errors: []
|
2021-04-16 05:13:06 -06:00
|
|
|
}
|
2021-04-19 03:44:30 -06:00
|
|
|
|
2022-09-30 15:37:55 -06:00
|
|
|
const claimMethods = Array.isArray(claimData.claim)
|
|
|
|
? claimData.claim
|
|
|
|
: [claimData.claim]
|
|
|
|
|
2021-04-16 05:13:06 -06:00
|
|
|
switch (claimData.proof.request.format) {
|
|
|
|
case E.ProofFormat.JSON:
|
2022-09-30 15:37:55 -06:00
|
|
|
for (let index = 0; index < claimMethods.length; index++) {
|
|
|
|
const claimMethod = claimMethods[index]
|
|
|
|
try {
|
|
|
|
res.result = res.result || await runJSON(
|
|
|
|
proofData,
|
|
|
|
claimMethod.path,
|
|
|
|
fingerprint,
|
|
|
|
claimMethod.format,
|
|
|
|
claimMethod.relation
|
|
|
|
)
|
|
|
|
} catch (error) {
|
|
|
|
res.errors.push(error.message ? error.message : error)
|
|
|
|
}
|
2021-04-16 05:13:06 -06:00
|
|
|
}
|
2022-09-30 15:37:55 -06:00
|
|
|
res.completed = true
|
2021-04-16 05:13:06 -06:00
|
|
|
break
|
|
|
|
case E.ProofFormat.TEXT:
|
2022-09-30 15:37:55 -06:00
|
|
|
for (let index = 0; index < claimMethods.length; index++) {
|
|
|
|
const claimMethod = claimMethods[index]
|
|
|
|
try {
|
|
|
|
res.result = res.result || await containsProof(
|
|
|
|
proofData,
|
|
|
|
fingerprint,
|
|
|
|
claimMethod.format
|
|
|
|
)
|
|
|
|
} catch (error) {
|
|
|
|
res.errors.push('err_unknown_text_verification')
|
|
|
|
}
|
2021-04-16 05:13:06 -06:00
|
|
|
}
|
2022-09-30 15:37:55 -06:00
|
|
|
res.completed = true
|
2021-04-16 05:13:06 -06:00
|
|
|
break
|
|
|
|
}
|
|
|
|
|
2022-09-30 15:37:55 -06:00
|
|
|
// Reset the errors if one of the claim methods was successful
|
|
|
|
if (res.result) {
|
|
|
|
res.errors = []
|
|
|
|
}
|
|
|
|
|
2021-04-16 05:13:06 -06:00
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
2021-04-19 03:44:30 -06:00
|
|
|
exports.run = run
|