From 218b1cfc477e4a39838729061e948763478958e2 Mon Sep 17 00:00:00 2001 From: Dave Longley Date: Sat, 24 Aug 2024 22:39:35 -0400 Subject: [PATCH] Improve errors when retrieving DID JWT proof params. --- CHANGELOG.md | 6 ++++++ lib/verify.js | 21 +++++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8a40b0c..490424e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # bedrock-vc-delivery ChangeLog +## 5.3.1 - 2024-08-dd + +### Fixed +- Throw better error if DID proof JWT verification method cannot be retrieved + from `kid` URL. + ## 5.3.0 - 2024-08-24 ### Added diff --git a/lib/verify.js b/lib/verify.js index f37c6fd..cfbc246 100644 --- a/lib/verify.js +++ b/lib/verify.js @@ -159,6 +159,18 @@ export async function verifyDidProofJwt({workflow, exchange, jwt} = {}) { } const vm = await didIo.get({url: kid}); + if(!vm) { + throw new BedrockError( + `Verification method identified by "kid" (${kid}) could not be ` + + 'retrieved.', { + name: 'DataError', + details: { + public: true, + httpStatusCode: 400 + } + }); + } + // `vm.controller` must be the issuer of the DID JWT; also ensure that // the specified controller authorized `vm` for the purpose of // authentication @@ -174,8 +186,13 @@ export async function verifyDidProofJwt({workflow, exchange, jwt} = {}) { match.controller === vm.controller)) { throw new BedrockError( `Verification method controller "${issuer}" did not authorize ` + - `verification method "${vm.id}" for the purpose of "authentication".`, - {name: 'NotAllowedError'}); + `verification method "${vm.id}" for the purpose of "authentication".`, { + name: 'NotAllowedError', + details: { + public: true, + httpStatusCode: 400 + } + }); } let jwk; if(isEcdsa) {