Merge branch 'release/0.2.0'

Author: mirceanis

README.md

@@ -52,7 +52,7 @@ allprojects {
 In your application `build.gradle` file, add:
 
 ```groovy
-def did_jwt_version = "0.1.2"
+def did_jwt_version = "0.2.0"
 dependencies {
     //...
     implementation "com.github.uport-project.kotlin-did-jwt:jwt:$did_jwt_version"
@@ -119,11 +119,23 @@ key associated with the issuer DID (`iss` field).
 This association is resolved by a DID resolver, which can produce a `DIDDocument`
 listing various public keys and service endpoints for a given DID.
 
+#### Audience verification
+
+If the token contains a non null `aud` field, an additional soft-check is performed to
+match the verification against an intended audience. 
+This same `aud` DID must be supplied to the `verify()` method for the token to be marked as valid
+(after passing all the cryptographic checks as well).
+
+Generally your app will have its own DID which should always be passed to the `verify` method
+so that only tokens intended for your app are considered valid. 
+
 
 ## CHANGELOG
 
+* 0.2.0
+    - [breaking] add audience checking for JWT verification
+    - add `jwt-test` module with helpers for testing
 * 0.1.2
-    - add audience checking for JWT verification
     - fix crash when parsing legacy identity document 
 * 0.1.1
     - initial stable release isolating the did-jwt implementation in kotlin along with resolvers

build.gradle

@@ -22,7 +22,7 @@ buildscript {
         spongycastle_version = "1.58.0.0"
         uport_kotlin_common_version = "0.1.1"
 
-        current_release_version = "0.1.2"
+        current_release_version = "0.2.0"
     }
 
     repositories {

ethr-did/build.gradle

@@ -25,4 +25,5 @@ dependencies {
     testImplementation "junit:junit:$junit_version"
     testImplementation "io.mockk:mockk:$mockk_version"
     testImplementation "com.willowtreeapps.assertk:assertk-jvm:$assertk_version"
+    testImplementation project(":jwt-test")
 }

ethr-did/src/test/java/me/uport/sdk/ethrdid/EthrDIDResolverTest.kt

@@ -15,6 +15,7 @@ import me.uport.sdk.core.Networks
 import me.uport.sdk.ethrdid.EthereumDIDRegistry.Events.DIDOwnerChanged
 import me.uport.sdk.jsonrpc.JsonRPC
 import me.uport.sdk.jsonrpc.JsonRpcLogItem
+import me.uport.sdk.jwt.test.EthrDIDTestHelpers
 import me.uport.sdk.signer.hexToBytes32
 import me.uport.sdk.signer.utf8
 import org.junit.Test
@@ -250,22 +251,7 @@ class EthrDIDResolverTest {
     fun `can resolve real did`() = runBlocking {
         val http = mockk<HttpClient>()
 
-        //language=JSON
-        val referenceDDOString = """
-            {
-              "@context": "https://w3id.org/did/v1",
-              "id": "did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a",
-              "publicKey": [{
-                   "id": "did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner",
-                   "type": "Secp256k1VerificationKey2018",
-                   "owner": "did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a",
-                   "ethereumAddress": "0xb9c5714089478a327f09197987f16f9e5d936e8a"}],
-              "authentication": [{
-                   "type": "Secp256k1SignatureAuthentication2018",
-                   "publicKey": "did:ethr:0xb9c5714089478a327f09197987f16f9e5d936e8a#owner"}]
-            }
-        """.trimIndent()
-        val referenceDDO = EthrDIDDocument.fromJson(referenceDDOString)
+        val referenceDDO = EthrDIDTestHelpers.mockDocForAddress("0xb9c5714089478a327f09197987f16f9e5d936e8a")
 
         val addressHex = "b9c5714089478a327f09197987f16f9e5d936e8a"
 

jwt-test/build.gradle

@@ -0,0 +1,15 @@
+apply plugin: "java-library"
+apply plugin: "kotlin"
+apply plugin: "maven"
+apply plugin: "com.jfrog.bintray"
+
+project.ext.description = "tools to enable testing of the did-jwt library"
+
+dependencies {
+    implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:$kotlin_version"
+
+    implementation project(":ethr-did")
+
+    testImplementation "junit:junit:$junit_version"
+    testImplementation "com.willowtreeapps.assertk:assertk-jvm:$assertk_version"
+}

jwt-test/src/main/java/me/uport/sdk/jwt/test/EthrDIDTestHelpers.kt

@@ -0,0 +1,28 @@
+package me.uport.sdk.jwt.test
+
+import me.uport.sdk.ethrdid.EthrDIDDocument
+
+open class EthrDIDTestHelpers {
+
+    companion object {
+
+        fun mockDocForAddress(address: String): EthrDIDDocument {
+            val did = "did:ethr:$address"
+            return EthrDIDDocument.fromJson("""
+            {
+              "@context": "https://w3id.org/did/v1",
+              "id": "$did",
+              "publicKey": [{
+                   "id": "$did#owner",
+                   "type": "Secp256k1VerificationKey2018",
+                   "owner": "$did",
+                   "ethereumAddress": "$address"}],
+              "authentication": [{
+                   "type": "Secp256k1SignatureAuthentication2018",
+                   "publicKey": "$did#owner"}]
+            }
+        """.trimIndent())
+        }
+    }
+
+}

jwt-test/src/test/java/me/uport/sdk/jwt/test/EthrDidDocumentTestHelpersTest.kt

@@ -0,0 +1,36 @@
+package me.uport.sdk.jwt.test
+
+import assertk.assertThat
+import assertk.assertions.isEqualTo
+import me.uport.sdk.ethrdid.EthrDIDDocument
+import me.uport.sdk.universaldid.AuthenticationEntry
+import me.uport.sdk.universaldid.PublicKeyEntry
+import me.uport.sdk.universaldid.PublicKeyType
+import org.junit.Test
+
+class EthrDIDTestHelpersTest {
+
+    @Test
+    fun `can create mock ethr-did document from an address`() {
+        val address = "0xb9c5714089478a327f09197987f16f9e5d936e8a"
+        val did = "did:ethr:$address"
+
+        val referenceDDO = EthrDIDDocument(
+                did,
+                listOf(PublicKeyEntry(
+                        "$did#owner",
+                        PublicKeyType.Secp256k1VerificationKey2018,
+                        did,
+                        address
+                )),
+                listOf(AuthenticationEntry(
+                        PublicKeyType.Secp256k1SignatureAuthentication2018,
+                        "$did#owner"
+                ))
+        )
+
+        val ddo = EthrDIDTestHelpers.mockDocForAddress(address)
+
+        assertThat(ddo).isEqualTo(referenceDDO)
+    }
+}

jwt/build.gradle

@@ -26,4 +26,5 @@ dependencies {
     testImplementation "com.willowtreeapps.assertk:assertk-jvm:$assertk_version"
     testImplementation "com.github.uport-project.kotlin-common:test-helpers:$uport_kotlin_common_version"
     testImplementation "io.mockk:mockk:$mockk_version"
+    testImplementation project(":jwt-test")
 }

jwt/src/main/java/me/uport/sdk/jwt/JWTTools.kt

@@ -8,6 +8,8 @@ import me.uport.sdk.ethrdid.EthrDIDResolver
 import me.uport.sdk.httpsdid.HttpsDIDResolver
 import me.uport.sdk.jsonrpc.JsonRPC
 import me.uport.sdk.jsonrpc.moshi
+import me.uport.sdk.jwt.JWTUtils.Companion.normalizeKnownDID
+import me.uport.sdk.jwt.JWTUtils.Companion.splitToken
 import me.uport.sdk.jwt.model.JwtHeader
 import me.uport.sdk.jwt.model.JwtHeader.Companion.ES256K
 import me.uport.sdk.jwt.model.JwtHeader.Companion.ES256K_R
@@ -220,7 +222,7 @@ class JWTTools(
 
         if (payload.aud != null) {
 
-            val payloadAudience = normalize(payload.aud)
+            val payloadAudience = normalizeKnownDID(payload.aud)
             if (UniversalDID.canResolve(payloadAudience)) {
 
                 if (aud == null) {

jwt/src/main/java/me/uport/sdk/jwt/JWTUtils.kt

@@ -0,0 +1,54 @@
+package me.uport.sdk.jwt
+
+import me.uport.mnid.MNID
+
+/**
+ * Utilities for dealing with known JWT and DID types and formats
+ */
+class JWTUtils {
+
+    companion object {
+
+        /**
+         * convenience method used during token processing.
+         * Splits JWT into parts.
+         * @throws IllegalArgumentException if it can't split or if the number of parts != 3
+         */
+        fun splitToken(token: String): Triple<String, String, String> {
+            val parts: List<String>? = token.split('.', limit = 3)
+            if (parts !== null && parts.size == 3) {
+                return Triple(parts[0], parts[1], parts[2])
+            } else {
+                throw IllegalArgumentException("Token must have 3 parts: Header, Payload, and Signature")
+            }
+        }
+
+        /**
+         * Attempts to normalize a [potentialDID] to a known format.
+         *
+         * @return This will transform an ethereum address into an ethr-did
+         * and an MNID string into a uport-did
+         * Other cases return the original string
+         */
+        fun normalizeKnownDID(potentialDID: String): String {
+
+            //ignore if it's already a did
+            if (potentialDID.matches("^did:(.*)?:.*".toRegex()))
+                return potentialDID
+
+            //match an ethereum address
+            "^(0[xX])*([0-9a-fA-F]{40})".toRegex().find(potentialDID)?.let {
+                val (_, hexDigits) = it.destructured
+                return "did:ethr:0x$hexDigits"
+            }
+
+            //match an MNID
+            if (MNID.isMNID(potentialDID)) {
+                return "did:uport:$potentialDID"
+            }
+
+            return potentialDID
+        }
+
+    }
+}