Skip to content

fix: Normalize controllers and authentication #435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
+84 −62
Open

fix: Normalize controllers and authentication #435

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f8f9ce7
fix: Normalize controllers and authentication
DaevMithran Apr 17, 2025
bf5485d
mandate authentication section
DaevMithran Apr 17, 2025
0fb0e9b
Assign default controller
DaevMithran Apr 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 24 additions & 30 deletions cjs/src/modules/did.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import { assert } from '@cosmjs/utils-cjs';
import { PageRequest } from '@cheqd/ts-proto-cjs/cosmos/base/query/v1beta1/pagination';
import { CheqdQuerier } from '../querier';
import { DIDDocumentMetadata } from 'did-resolver-cjs';
import { normalizeAuthentication, normalizeController } from '../utils';

export const defaultDidExtensionKey = 'did' as const;

Expand Down Expand Up @@ -686,13 +687,13 @@ export class DIDModule extends AbstractCheqdSDKModule {
return { valid: false, error: 'authentication is required' };

// define unique authentication
const uniqueAuthentication = new Set<string>(didDocument.authentication as string[]);
const uniqueAuthentication = new Set<string>(normalizeAuthentication(didDocument));

// validate authentication - case: authentication contains duplicates
if (uniqueAuthentication.size < didDocument.authentication!.length)
if (uniqueAuthentication.size < normalizeAuthentication(didDocument).length)
return {
valid: false,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => didDocument.authentication!.filter((aa) => aa === a).length > 1)}`,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => normalizeAuthentication(didDocument).filter((aa) => aa === a).length > 1)}`,
};

// define unique signatures - shallow, only verificationMethodId, no signature
Expand All @@ -713,7 +714,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
};

// define whether external controller or not
const externalController = (didDocument.controller as string[]).some((c) => c !== didDocument.id);
const externalController = normalizeController(didDocument);

// validate authentication - case: authentication matches signatures, unique, if no external controller
if (!Array.from(uniqueAuthentication).every((a) => uniqueSignatures.has(a)) && !externalController)
Expand All @@ -736,7 +737,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
if (!querier) throw new Error('querier is required for external controller validation');

// get external controllers
const externalControllers = (didDocument.controller as string[])?.filter((c) => c !== didDocument.id);
const externalControllers = normalizeController(didDocument).filter((c) => c !== didDocument.id);

// get external controllers' documents
const externalControllersDocuments = await Promise.all(
Expand All @@ -761,10 +762,9 @@ export class DIDModule extends AbstractCheqdSDKModule {
);

// define unique required signatures
const uniqueRequiredSignatures = new Set([
...(didDocument.authentication as string[]),
...externalControllersDocuments!.flatMap((d) => d!.authentication as string[]),
]);
const uniqueRequiredSignatures: Set<string> = new Set(
externalControllersDocuments.concat(didDocument).flatMap((d) => (d ? normalizeAuthentication(d) : []))
);

// validate authentication - case: authentication matches signatures, unique, if external controller
if (!Array.from(uniqueRequiredSignatures).every((a) => uniqueSignatures.has(a)))
Expand Down Expand Up @@ -802,13 +802,13 @@ export class DIDModule extends AbstractCheqdSDKModule {
return { valid: false, error: 'authentication is required' };

// define unique authentication
const uniqueAuthentication = new Set<string>(didDocument.authentication as string[]);
const uniqueAuthentication = new Set(normalizeAuthentication(didDocument));

// validate authentication - case: authentication contains duplicates
if (uniqueAuthentication.size < didDocument.authentication!.length)
if (uniqueAuthentication.size < normalizeAuthentication(didDocument).length)
return {
valid: false,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => didDocument.authentication!.filter((aa) => aa === a).length > 1)}`,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => normalizeAuthentication(didDocument).filter((aa) => aa === a).length > 1)}`,
};

// define unique signatures
Expand All @@ -833,8 +833,8 @@ export class DIDModule extends AbstractCheqdSDKModule {
}

// define whether external controller or not
const externalController = (didDocument.controller as string[])
.concat(previousDidDocument.controller as string[])
const externalController = normalizeController(didDocument)
.concat(normalizeController(previousDidDocument))
.some((c) => c !== didDocument.id);

// define whether key rotation or not, of any short
Expand All @@ -850,24 +850,18 @@ export class DIDModule extends AbstractCheqdSDKModule {

// define controller rotation
const controllerRotation =
!(didDocument.controller as string[]).every((c) =>
(previousDidDocument.controller as string[]).includes(c)
) ||
!(previousDidDocument.controller as string[]).every((c) =>
(didDocument.controller as string[]).includes(c)
);
!normalizeController(didDocument).every((c) => normalizeController(previousDidDocument).includes(c)) ||
!normalizeController(previousDidDocument).every((c) => normalizeController(didDocument).includes(c));

// define rotated controllers
const rotatedControllers = controllerRotation
? (previousDidDocument.controller as string[]).filter(
(c) => !(didDocument.controller as string[]).includes(c)
)
? normalizeController(previousDidDocument).filter((c) => !normalizeController(didDocument).includes(c))
: [];

// define unique union of authentication
const uniqueUnionAuthentication = new Set<string>([
...uniqueAuthentication,
...(previousDidDocument.authentication as string[]),
...normalizeAuthentication(previousDidDocument),
]);

// validate authentication - case: authentication matches signatures, unique, if no external controller, no key rotation
Expand Down Expand Up @@ -896,10 +890,10 @@ export class DIDModule extends AbstractCheqdSDKModule {

// define unique union of signatures required, delimited
const uniqueUnionSignaturesRequired = new Set([
...(didDocument.authentication as string[])
...normalizeAuthentication(didDocument)
.filter((a) => rotatedKeys?.find((rk) => a === rk.id))
.map((a) => `${a}(document0)`),
...(previousDidDocument.authentication as string[]).map((a) => `${a}(document1)`),
...normalizeAuthentication(previousDidDocument).map((a) => `${a}(document1)`),
]);

// define frequency of unique union of signatures required
Expand Down Expand Up @@ -963,7 +957,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
if (!querier) throw new Error('querier is required for external controller validation');

// get external controllers
const externalControllers = (didDocument.controller as string[])
const externalControllers = normalizeController(didDocument)
?.filter((c) => c !== didDocument.id)
.concat(rotatedControllers);

Expand Down Expand Up @@ -992,11 +986,11 @@ export class DIDModule extends AbstractCheqdSDKModule {
// define unique required signatures, delimited, with external controllers
const uniqueUnionSignaturesRequiredWithExternalControllers = new Set<string>([
...uniqueUnionSignaturesRequired,
...externalControllersDocuments!
.flatMap((d) => d!.authentication as string[])
...externalControllersDocuments
.flatMap((d) => normalizeAuthentication(d))
.map(
(a) =>
`${a}(document${externalControllersDocuments!.findIndex((d) => d?.authentication?.includes(a))})`
`${a}(document${externalControllersDocuments.findIndex((d) => normalizeAuthentication(d).includes(a))})`
),
]);

Expand Down
17 changes: 17 additions & 0 deletions cjs/src/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -422,3 +422,20 @@ function isHex(str: string): boolean {
return false;
}
}

export function normalizeAuthentication(didDocument: DIDDocument): string[] {
if (!didDocument.authentication)
throw new Error('Invalid DID Document: Authentication section is required in DID Document');

const authArray = Array.isArray(didDocument.authentication)
? didDocument.authentication
: [didDocument.authentication];

return authArray.map((a) => (typeof a === 'string' ? a : a.id));
}

export function normalizeController(didDocument: DIDDocument): string[] {
if (!didDocument.controller) return [didDocument.id];

return Array.isArray(didDocument.controller) ? didDocument.controller : [didDocument.controller];
}
54 changes: 24 additions & 30 deletions esm/src/modules/did.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ import { assert } from '@cosmjs/utils';
import { PageRequest } from '@cheqd/ts-proto/cosmos/base/query/v1beta1/pagination.js';
import { CheqdQuerier } from '../querier.js';
import { DIDDocumentMetadata } from 'did-resolver';
import { normalizeAuthentication, normalizeController } from '../utils.js';

export const defaultDidExtensionKey = 'did' as const;

Expand Down Expand Up @@ -674,13 +675,13 @@ export class DIDModule extends AbstractCheqdSDKModule {
return { valid: false, error: 'authentication is required' };

// define unique authentication
const uniqueAuthentication = new Set<string>(didDocument.authentication as string[]);
const uniqueAuthentication = new Set<string>(normalizeAuthentication(didDocument));

// validate authentication - case: authentication contains duplicates
if (uniqueAuthentication.size < didDocument.authentication!.length)
if (uniqueAuthentication.size < normalizeAuthentication(didDocument).length)
return {
valid: false,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => didDocument.authentication!.filter((aa) => aa === a).length > 1)}`,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => normalizeAuthentication(didDocument).filter((aa) => aa === a).length > 1)}`,
};

// define unique signatures - shallow, only verificationMethodId, no signature
Expand All @@ -701,7 +702,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
};

// define whether external controller or not
const externalController = (didDocument.controller as string[]).some((c) => c !== didDocument.id);
const externalController = normalizeController(didDocument).some((c) => c !== didDocument.id);

// validate authentication - case: authentication matches signatures, unique, if no external controller
if (!Array.from(uniqueAuthentication).every((a) => uniqueSignatures.has(a)) && !externalController)
Expand All @@ -724,7 +725,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
if (!querier) throw new Error('querier is required for external controller validation');

// get external controllers
const externalControllers = (didDocument.controller as string[])?.filter((c) => c !== didDocument.id);
const externalControllers = normalizeController(didDocument).filter((c) => c !== didDocument.id);

// get external controllers' documents
const externalControllersDocuments = await Promise.all(
Expand All @@ -749,10 +750,9 @@ export class DIDModule extends AbstractCheqdSDKModule {
);

// define unique required signatures
const uniqueRequiredSignatures = new Set([
...(didDocument.authentication as string[]),
...externalControllersDocuments!.flatMap((d) => d!.authentication as string[]),
]);
const uniqueRequiredSignatures: Set<string> = new Set(
externalControllersDocuments.concat(didDocument).flatMap((d) => (d ? normalizeAuthentication(d) : []))
);

// validate authentication - case: authentication matches signatures, unique, if external controller
if (!Array.from(uniqueRequiredSignatures).every((a) => uniqueSignatures.has(a)))
Expand Down Expand Up @@ -790,13 +790,13 @@ export class DIDModule extends AbstractCheqdSDKModule {
return { valid: false, error: 'authentication is required' };

// define unique authentication
const uniqueAuthentication = new Set<string>(didDocument.authentication as string[]);
const uniqueAuthentication = new Set<string>(normalizeAuthentication(didDocument));

// validate authentication - case: authentication contains duplicates
if (uniqueAuthentication.size < didDocument.authentication!.length)
if (uniqueAuthentication.size < normalizeAuthentication(didDocument).length)
return {
valid: false,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => didDocument.authentication!.filter((aa) => aa === a).length > 1)}`,
error: `authentication contains duplicate key references: duplicate key reference ${Array.from(uniqueAuthentication).find((a) => normalizeAuthentication(didDocument).filter((aa) => aa === a).length > 1)}`,
};

// define unique signatures
Expand All @@ -821,8 +821,8 @@ export class DIDModule extends AbstractCheqdSDKModule {
}

// define whether external controller or not
const externalController = (didDocument?.controller as string[])
.concat(previousDidDocument.controller as string[])
const externalController = normalizeController(didDocument)
.concat(normalizeController(previousDidDocument))
.some((c) => c !== didDocument.id);

// define whether key rotation or not, of any short
Expand All @@ -838,24 +838,18 @@ export class DIDModule extends AbstractCheqdSDKModule {

// define controller rotation
const controllerRotation =
!(didDocument.controller as string[]).every((c) =>
(previousDidDocument.controller as string[]).includes(c)
) ||
!(previousDidDocument.controller as string[]).every((c) =>
(didDocument.controller as string[]).includes(c)
);
!normalizeController(didDocument).every((c) => normalizeController(previousDidDocument).includes(c)) ||
!normalizeController(previousDidDocument).every((c) => normalizeController(didDocument).includes(c));

// define rotated controllers
const rotatedControllers = controllerRotation
? (previousDidDocument.controller as string[]).filter(
(c) => !(didDocument.controller as string[]).includes(c)
)
? normalizeController(previousDidDocument).filter((c) => !normalizeController(didDocument).includes(c))
: [];

// define unique union of authentication
const uniqueUnionAuthentication = new Set<string>([
...uniqueAuthentication,
...(previousDidDocument.authentication as string[]),
...normalizeAuthentication(previousDidDocument),
]);

// validate authentication - case: authentication matches signatures, unique, if no external controller, no key rotation
Expand Down Expand Up @@ -884,10 +878,10 @@ export class DIDModule extends AbstractCheqdSDKModule {

// define unique union of signatures required, delimited
const uniqueUnionSignaturesRequired = new Set([
...(didDocument.authentication as string[])
...normalizeAuthentication(didDocument)
.filter((a) => rotatedKeys?.find((rk) => a === rk.id))
.map((a) => `${a}(document0)`),
...(previousDidDocument.authentication as string[]).map((a) => `${a}(document1)`),
...normalizeAuthentication(previousDidDocument).map((a) => `${a}(document1)`),
]);

// define frequency of unique union of signatures required
Expand Down Expand Up @@ -951,7 +945,7 @@ export class DIDModule extends AbstractCheqdSDKModule {
if (!querier) throw new Error('querier is required for external controller validation');

// get external controllers
const externalControllers = (didDocument.controller as string[])
const externalControllers = normalizeController(didDocument)
?.filter((c) => c !== didDocument.id)
.concat(rotatedControllers);

Expand Down Expand Up @@ -980,11 +974,11 @@ export class DIDModule extends AbstractCheqdSDKModule {
// define unique required signatures, delimited, with external controllers
const uniqueUnionSignaturesRequiredWithExternalControllers = new Set<string>([
...uniqueUnionSignaturesRequired,
...externalControllersDocuments!
.flatMap((d) => d!.authentication as string[])
...externalControllersDocuments
.flatMap((d) => normalizeAuthentication(d))
.map(
(a) =>
`${a}(document${externalControllersDocuments!.findIndex((d) => d?.authentication?.includes(a))})`
`${a}(document${externalControllersDocuments.findIndex((d) => normalizeAuthentication(d).includes(a))})`
),
]);

Expand Down
17 changes: 17 additions & 0 deletions esm/src/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -416,3 +416,20 @@ function isHex(str: string): boolean {
return false;
}
}

export function normalizeAuthentication(didDocument: DIDDocument): string[] {
if (!didDocument.authentication)
throw new Error('Invalid DID Document: Authentication section is required in DID Document');

const authArray = Array.isArray(didDocument.authentication)
? didDocument.authentication
: [didDocument.authentication];

return authArray.map((a) => (typeof a === 'string' ? a : a.id));
}

export function normalizeController(didDocument: DIDDocument): string[] {
if (!didDocument.controller) return [didDocument.id];

return Array.isArray(didDocument.controller) ? didDocument.controller : [didDocument.controller];
}
4 changes: 2 additions & 2 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.