added update did signature validation

x/cheqd/keeper/msg_server_did.go

@@ -3,6 +3,8 @@ package keeper
 import (
 	"context"
 	"fmt"
+	"github.com/cheqd/cheqd-node/x/cheqd/utils/strings"
+	"reflect"
 
 	"github.com/cheqd/cheqd-node/x/cheqd/types"
 	sdk "github.com/cosmos/cosmos-sdk/types"
@@ -62,20 +64,20 @@ func (k msgServer) UpdateDid(goCtx context.Context, msg *types.MsgWriteRequest)
 		return nil, err
 	}
 
-	if err := k.VerifySignature(&ctx, msg, didMsg.GetSigners()); err != nil {
-		return nil, err
-	}
-
 	// Checks that the element exists
 	if !k.HasDid(ctx, didMsg.Id) {
 		return nil, sdkerrors.Wrap(sdkerrors.ErrKeyNotFound, fmt.Sprintf("key %s doesn't exist", didMsg.Id))
 	}
 
-	_, metadata, err := k.GetDid(&ctx, didMsg.Id)
+	oldDIDDoc, metadata, err := k.GetDid(&ctx, didMsg.Id)
 	if err != nil {
 		return nil, err
 	}
 
+	if err := k.UpdateDidVerifySignature(&ctx, msg, oldDIDDoc, didMsg); err != nil {
+		return nil, err
+	}
+
 	versionId, exists := msg.Metadata["versionId"]
 	if !exists {
 		return nil, sdkerrors.Wrap(types.ErrUnexpectedDidVersion, "Metadata doesn't contain `versionId`")
@@ -106,3 +108,71 @@ func (k msgServer) UpdateDid(goCtx context.Context, msg *types.MsgWriteRequest)
 		Id: didMsg.Id,
 	}, nil
 }
+
+func (k msgServer) UpdateDidVerifySignature(ctx *sdk.Context, msg *types.MsgWriteRequest, oldDIDDoc *types.Did, newDIDDoc *types.MsgUpdateDid) error {
+	var signers = newDIDDoc.GetSigners()
+
+	// Get Old DID Doc controller if it's nil then assign self
+	oldController := oldDIDDoc.Controller
+	if len(oldController) == 0 {
+		oldController = []string{oldDIDDoc.Id}
+	}
+
+	// Get New DID Doc controller if it's nil then assign self
+	newController := newDIDDoc.Controller
+	if len(newController) == 0 {
+		newController = []string{newDIDDoc.Id}
+	}
+
+	// DID Doc controller has been changed
+	if removedControllers := strings.Complement(oldController, newController); len(removedControllers) > 0 {
+		for _, controller := range removedControllers {
+			signers = append(signers, types.Signer{Signer: controller})
+		}
+	}
+
+	for _, oldVM := range oldDIDDoc.VerificationMethod {
+		newVM := FindVerificationMethod(newDIDDoc.VerificationMethod, oldVM.Id)
+
+		// Verification Method has been deleted
+		if newVM == nil {
+			signers = AppendSignerIfNeed(signers, oldVM.Controller, newDIDDoc)
+			continue
+		}
+
+		// Verification Method has been changed
+		if !reflect.DeepEqual(oldVM, newVM) {
+			signers = AppendSignerIfNeed(signers, newVM.Controller, newDIDDoc)
+		}
+
+		// Verification Method Controller has been changed, need to add old controller
+		if newVM.Controller != oldVM.Controller {
+			signers = AppendSignerIfNeed(signers, oldVM.Controller, newDIDDoc)
+		}
+	}
+
+	if err := k.VerifySignature(ctx, msg, signers); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func AppendSignerIfNeed(signers []types.Signer, controller string, msg *types.MsgUpdateDid) []types.Signer {
+	for _, signer := range signers {
+		if signer.Signer == controller {
+			return signers
+		}
+	}
+
+	signer := types.Signer{
+		Signer: controller,
+	}
+
+	if controller == msg.Id {
+		signer.VerificationMethod = msg.VerificationMethod
+		signer.Authentication = msg.Authentication
+	}
+
+	return append(signers, signer)
+}

x/cheqd/keeper/utils.go

@@ -0,0 +1,50 @@
+package keeper
+
+import (
+	"crypto/ed25519"
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"github.com/btcsuite/btcutil/base58"
+	"github.com/cheqd/cheqd-node/x/cheqd/types"
+)
+
+func BuildSigningInput(msg *types.MsgWriteRequest) ([]byte, error) {
+	metadataBytes, err := json.Marshal(&msg.Metadata)
+	if err != nil {
+		return nil, types.ErrInvalidSignature.Wrap("An error has occurred during metadata marshalling")
+	}
+
+	dataBytes := msg.Data.Value
+	signingInput := ([]byte)(base64.StdEncoding.EncodeToString(metadataBytes) + base64.StdEncoding.EncodeToString(dataBytes))
+	return signingInput, nil
+}
+
+func FindPublicKey(signer types.Signer, id string) (ed25519.PublicKey, error) {
+	for _, authentication := range signer.Authentication {
+		if authentication == id {
+			for _, vm := range signer.VerificationMethod {
+				if vm.Id == id {
+					return base58.Decode(vm.PublicKeyMultibase[1:]), nil
+				}
+			}
+
+			msg := fmt.Sprintf("Verification Method %s not found", id)
+			return nil, errors.New(msg)
+		}
+	}
+
+	msg := fmt.Sprintf("Authentication %s not found", id)
+	return nil, errors.New(msg)
+}
+
+func FindVerificationMethod(vms []*types.VerificationMethod, id string) *types.VerificationMethod {
+	for _, vm := range vms {
+		if vm.Id == id {
+			return vm
+		}
+	}
+
+	return nil
+}

x/cheqd/keeper/verify.go

@@ -3,10 +3,8 @@ package keeper
 import (
 	"crypto/ed25519"
 	"encoding/base64"
-	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/btcsuite/btcutil/base58"
 	"github.com/cheqd/cheqd-node/x/cheqd/types"
 	"github.com/cheqd/cheqd-node/x/cheqd/utils"
 	sdk "github.com/cosmos/cosmos-sdk/types"
@@ -27,7 +25,7 @@ func (k *Keeper) VerifySignature(ctx *sdk.Context, msg *types.MsgWriteRequest, s
 		if signer.VerificationMethod == nil {
 			didDoc, _, err := k.GetDid(ctx, signer.Signer)
 			if err != nil {
-				return sdkerrors.Wrap(types.ErrInvalidSignature, err.Error())
+				return types.ErrDidDocNotFound.Wrap(signer.Signer)
 			}
 
 			signer.Authentication = didDoc.Authentication
@@ -47,19 +45,9 @@ func (k *Keeper) VerifySignature(ctx *sdk.Context, msg *types.MsgWriteRequest, s
 	return nil
 }
 
-func BuildSigningInput(msg *types.MsgWriteRequest) ([]byte, error) {
-	metadataBytes, err := json.Marshal(&msg.Metadata)
-	if err != nil {
-		return nil, types.ErrInvalidSignature.Wrap("An error has occurred during metadata marshalling")
-	}
-
-	dataBytes := msg.Data.Value
-	signingInput := ([]byte)(base64.StdEncoding.EncodeToString(metadataBytes) + base64.StdEncoding.EncodeToString(dataBytes))
-	return signingInput, nil
-}
-
 func VerifyIdentitySignature(signer types.Signer, signatures map[string]string, signingInput []byte) (bool, error) {
 	result := true
+	foundOne := false
 
 	for id, signature := range signatures {
 		did, _ := utils.SplitDidUrlIntoDidAndFragment(id)
@@ -75,26 +63,13 @@ func VerifyIdentitySignature(signer types.Signer, signatures map[string]string,
 			}
 
 			result = result && ed25519.Verify(pubKey, signingInput, signature)
+			foundOne = true
 		}
 	}
 
-	return result, nil
-}
-
-func FindPublicKey(signer types.Signer, id string) (ed25519.PublicKey, error) {
-	for _, authentication := range signer.Authentication {
-		if authentication == id {
-			for _, vm := range signer.VerificationMethod {
-				if vm.Id == id {
-					return base58.Decode(vm.PublicKeyMultibase[1:]), nil
-				}
-			}
-
-			msg := fmt.Sprintf("Verification Method %s not found", id)
-			return nil, errors.New(msg)
-		}
+	if !foundOne {
+		return false, errors.New(fmt.Sprintf("signature %s not found", signer.Signer))
 	}
 
-	msg := fmt.Sprintf("Authentication %s not found", id)
-	return nil, errors.New(msg)
+	return result, nil
 }

x/cheqd/handler_test.go → x/cheqd/tests/handler_test.go

@@ -1,4 +1,4 @@
-package cheqd
+package tests
 
 import (
 	"crypto/ed25519"
@@ -14,7 +14,7 @@ import (
 func TestHandler_CreateDid(t *testing.T) {
 	setup := Setup()
 
-	_, did, _ := setup.InitDid()
+	_, did, _ := setup.InitDid("did:cheqd:test:alice")
 
 	// query Did
 	receivedDid, _, _ := setup.Keeper.GetDid(&setup.Ctx, did.Id)
@@ -37,7 +37,7 @@ func TestHandler_UpdateDid(t *testing.T) {
 	setup := Setup()
 
 	//Init did
-	privKey, did, _ := setup.InitDid()
+	keys, did, _ := setup.InitDid("did:cheqd:test:alice")
 
 	// query Did
 	receivedDid, didMetadata, _ := setup.Keeper.GetDid(&setup.Ctx, did.Id)
@@ -52,7 +52,7 @@ func TestHandler_UpdateDid(t *testing.T) {
 
 	didMsgUpdate := setup.UpdateDid(receivedDid, newPubKey)
 	dataUpdate, _ := ptypes.NewAnyWithValue(didMsgUpdate)
-	resultUpdate, _ := setup.Handler(setup.Ctx, setup.WrapRequest(privKey, dataUpdate, metadata))
+	resultUpdate, _ := setup.Handler(setup.Ctx, setup.WrapRequest(dataUpdate, keys, metadata))
 
 	didUpdated := types.MsgUpdateDidResponse{}
 	errUpdate := didUpdated.Unmarshal(resultUpdate.Data)
@@ -78,33 +78,14 @@ func TestHandler_UpdateDid(t *testing.T) {
 	require.NotEqual(t, receivedDid.VerificationMethod, receivedUpdatedDid.VerificationMethod)
 }
 
-func TestHandler_UpdateDidInvalidSignature(t *testing.T) {
-	setup := Setup()
-
-	_, did, _ := setup.InitDid()
-
-	// query Did
-	receivedDid, _, _ := setup.Keeper.GetDid(&setup.Ctx, did.Id)
-
-	//Init priv key
-	newPubKey, newPrivKey, _ := ed25519.GenerateKey(rand.Reader)
-
-	// add new Did
-	didMsgUpdate := setup.UpdateDid(receivedDid, newPubKey)
-	dataUpdate, _ := ptypes.NewAnyWithValue(didMsgUpdate)
-	_, err := setup.Handler(setup.Ctx, setup.WrapRequest(newPrivKey, dataUpdate, make(map[string]string)))
-	require.Error(t, err)
-	require.Equal(t, "did:cheqd:test:alice: invalid signature detected", err.Error())
-}
-
 func TestHandler_CreateSchema(t *testing.T) {
 	setup := Setup()
 
-	privKey, _, _ := setup.InitDid()
+	keys, _, _ := setup.InitDid("did:cheqd:test:alice")
 	msg := setup.CreateSchema()
 
 	data, _ := ptypes.NewAnyWithValue(msg)
-	result, _ := setup.Handler(setup.Ctx, setup.WrapRequest(privKey, data, make(map[string]string)))
+	result, _ := setup.Handler(setup.Ctx, setup.WrapRequest(data, keys, make(map[string]string)))
 
 	schema := types.MsgCreateSchemaResponse{}
 	err := schema.Unmarshal(result.Data)
@@ -127,11 +108,11 @@ func TestHandler_CreateSchema(t *testing.T) {
 func TestHandler_CreateCredDef(t *testing.T) {
 	setup := Setup()
 
-	privKey, _, _ := setup.InitDid()
+	keys, _, _ := setup.InitDid("did:cheqd:test:alice")
 	msg := setup.CreateCredDef()
 
 	data, _ := ptypes.NewAnyWithValue(msg)
-	result, _ := setup.Handler(setup.Ctx, setup.WrapRequest(privKey, data, make(map[string]string)))
+	result, _ := setup.Handler(setup.Ctx, setup.WrapRequest(data, keys, make(map[string]string)))
 
 	credDef := types.MsgCreateCredDefResponse{}
 	err := credDef.Unmarshal(result.Data)
@@ -157,24 +138,24 @@ func TestHandler_CreateCredDef(t *testing.T) {
 func TestHandler_DidDocAlreadyExists(t *testing.T) {
 	setup := Setup()
 
-	privKey, _, _ := setup.InitDid()
-	_, _, err := setup.InitDid()
+	keys, _, _ := setup.InitDid("did:cheqd:test:alice")
+	_, _, err := setup.InitDid("did:cheqd:test:alice")
 
 	require.Error(t, err)
 	require.Equal(t, "DID DOC already exists for DID did:cheqd:test:alice: DID Doc exists", err.Error())
 
 	credDefMsg := setup.CreateCredDef()
 	data, _ := ptypes.NewAnyWithValue(credDefMsg)
-	_, _ = setup.Handler(setup.Ctx, setup.WrapRequest(privKey, data, make(map[string]string)))
-	_, err = setup.Handler(setup.Ctx, setup.WrapRequest(privKey, data, make(map[string]string)))
+	_, _ = setup.Handler(setup.Ctx, setup.WrapRequest(data, keys, make(map[string]string)))
+	_, err = setup.Handler(setup.Ctx, setup.WrapRequest(data, keys, make(map[string]string)))
 
 	require.Error(t, err)
 	require.Equal(t, "DID DOC already exists for CredDef did:cheqd:test:cred-def-1/credDef: DID Doc exists", err.Error())
 
 	schemaMsg := setup.CreateSchema()
 	data, _ = ptypes.NewAnyWithValue(schemaMsg)
-	_, _ = setup.Handler(setup.Ctx, setup.WrapRequest(privKey, data, make(map[string]string)))
-	_, err = setup.Handler(setup.Ctx, setup.WrapRequest(privKey, data, make(map[string]string)))
+	_, _ = setup.Handler(setup.Ctx, setup.WrapRequest(data, keys, make(map[string]string)))
+	_, err = setup.Handler(setup.Ctx, setup.WrapRequest(data, keys, make(map[string]string)))
 
 	require.Error(t, err)
 	require.Equal(t, "DID DOC already exists for Schema did:cheqd:test:schema-1/schema: DID Doc exists", err.Error())