diff --git a/json-schemas/authorization-owner.json b/json-schemas/authorization-owner.json index 76bf18a02..28dc82b1e 100644 --- a/json-schemas/authorization-owner.json +++ b/json-schemas/authorization-owner.json @@ -4,7 +4,7 @@ "type": "object", "additionalProperties": false, "properties": { - "authorSignature": { + "signature": { "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json" }, "authorDelegatedGrant": { @@ -14,10 +14,10 @@ "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json" } }, - "description": "`authorSignature` can exist by itself. But if `ownerSignature` is present, then `authorSignature` must also exist", + "description": "`signature` can exist by itself. But if `ownerSignature` is present, then `signature` must also exist", "dependencies": { "ownerSignature": [ - "authorSignature" + "signature" ] } } \ No newline at end of file diff --git a/json-schemas/authorization.json b/json-schemas/authorization.json index 81daebfbf..69e99757c 100644 --- a/json-schemas/authorization.json +++ b/json-schemas/authorization.json @@ -4,7 +4,7 @@ "type": "object", "additionalProperties": false, "properties": { - "authorSignature": { + "signature": { "$ref": "https://identity.foundation/dwn/json-schemas/general-jws.json" } } diff --git a/src/core/auth.ts b/src/core/auth.ts index ae0c5b7d6..49ec1b2d3 100644 --- a/src/core/auth.ts +++ b/src/core/auth.ts @@ -52,8 +52,8 @@ export async function authenticate(authorizationModel: AuthorizationModel | unde throw new DwnError(DwnErrorCode.AuthenticateJwsMissing, 'Missing JWS.'); } - const authorSignatureVerifier = new GeneralJwsVerifier(authorizationModel.authorSignature); - await authorSignatureVerifier.verify(didResolver); + const signatureVerifier = new GeneralJwsVerifier(authorizationModel.signature); + await signatureVerifier.verify(didResolver); if (authorizationModel.ownerSignature !== undefined) { const ownerSignatureVerifier = new GeneralJwsVerifier(authorizationModel.ownerSignature); @@ -61,10 +61,10 @@ export async function authenticate(authorizationModel: AuthorizationModel | unde } if (authorizationModel.authorDelegatedGrant !== undefined) { - // verify the signature of the author delegated grant + // verify the signature of the grantor of the delegated grant const authorDelegatedGrant = await PermissionsGrant.parse(authorizationModel.authorDelegatedGrant); - const grantedByAuthorSignatureVerifier = new GeneralJwsVerifier(authorDelegatedGrant.message.authorization.authorSignature); - await grantedByAuthorSignatureVerifier.verify(didResolver); + const grantedBySignatureVerifier = new GeneralJwsVerifier(authorDelegatedGrant.message.authorization.signature); + await grantedBySignatureVerifier.verify(didResolver); } } diff --git a/src/core/message.ts b/src/core/message.ts index 10b2bff25..d426239a8 100644 --- a/src/core/message.ts +++ b/src/core/message.ts @@ -33,14 +33,14 @@ export enum DwnMethodName { export abstract class Message { readonly message: M; - readonly signerSignaturePayload: GenericSignaturePayload | undefined; + readonly signaturePayload: GenericSignaturePayload | undefined; readonly author: string | undefined; constructor(message: M) { this.message = message; if (message.authorization !== undefined) { - this.signerSignaturePayload = Jws.decodePlainObjectPayload(message.authorization.authorSignature); + this.signaturePayload = Jws.decodePlainObjectPayload(message.authorization.signature); this.author = Message.getSigner(message as GenericMessage); } } @@ -73,7 +73,7 @@ export abstract class Message { return undefined; } - const signer = Jws.getSignerDid(message.authorization.authorSignature.signatures[0]); + const signer = Jws.getSignerDid(message.authorization.signature.signatures[0]); return signer; } @@ -117,9 +117,9 @@ export abstract class Message { signer: Signer, additionalPayloadProperties?: { permissionsGrantId?: string, protocolRole?: string } ): Promise { - const authorSignature = await Message.createSignature(descriptor, signer, additionalPayloadProperties); + const signature = await Message.createSignature(descriptor, signer, additionalPayloadProperties); - const authorization = { authorSignature }; + const authorization = { signature }; return authorization; } diff --git a/src/core/protocol-authorization.ts b/src/core/protocol-authorization.ts index fdb66fb6a..f2bea83b1 100644 --- a/src/core/protocol-authorization.ts +++ b/src/core/protocol-authorization.ts @@ -427,7 +427,7 @@ export class ProtocolAuthorization { protocolDefinition: ProtocolDefinition, messageStore: MessageStore, ): Promise { - const protocolRole = incomingMessage.signerSignaturePayload?.protocolRole; + const protocolRole = incomingMessage.signaturePayload?.protocolRole; // Only verify role if there is a role being invoked if (protocolRole === undefined) { @@ -529,7 +529,7 @@ export class ProtocolAuthorization { throw new Error(`no action rule defined for ${incomingMessageMethod}, ${author} is unauthorized`); } - const invokedRole = incomingMessage.signerSignaturePayload?.protocolRole; + const invokedRole = incomingMessage.signaturePayload?.protocolRole; for (const actionRule of actionRules) { if (!inboundMessageActions.includes(actionRule.can as ProtocolAction)) { diff --git a/src/core/records-grant-authorization.ts b/src/core/records-grant-authorization.ts index 48846e47d..a49474560 100644 --- a/src/core/records-grant-authorization.ts +++ b/src/core/records-grant-authorization.ts @@ -21,7 +21,7 @@ export class RecordsGrantAuthorization { tenant, incomingMessage, author, - incomingMessage.signerSignaturePayload!.permissionsGrantId!, + incomingMessage.signaturePayload!.permissionsGrantId!, messageStore ); @@ -44,7 +44,7 @@ export class RecordsGrantAuthorization { tenant, incomingMessage, author, - incomingMessage.signerSignaturePayload!.permissionsGrantId!, + incomingMessage.signaturePayload!.permissionsGrantId!, messageStore ); diff --git a/src/handlers/records-query.ts b/src/handlers/records-query.ts index 137bc6e2e..7368ec35e 100644 --- a/src/handlers/records-query.ts +++ b/src/handlers/records-query.ts @@ -226,7 +226,7 @@ export class RecordsQueryHandler implements MethodHandler { * Determines if ProtocolAuthorization.authorizeQuery should be run and if the corresponding filter should be used. */ private static shouldProtocolAuthorizeQuery(recordsQuery: RecordsQuery): boolean { - return recordsQuery.signerSignaturePayload!.protocolRole !== undefined; + return recordsQuery.signaturePayload!.protocolRole !== undefined; } /** diff --git a/src/interfaces/events-get.ts b/src/interfaces/events-get.ts index 1f79dc6ff..49e68a4cf 100644 --- a/src/interfaces/events-get.ts +++ b/src/interfaces/events-get.ts @@ -15,7 +15,7 @@ export class EventsGet extends Message { public static async parse(message: EventsGetMessage): Promise { Message.validateJsonSchema(message); - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); validateTimestamp(message.descriptor.messageTimestamp); return new EventsGet(message); diff --git a/src/interfaces/messages-get.ts b/src/interfaces/messages-get.ts index 8e461d6fd..bc01fa739 100644 --- a/src/interfaces/messages-get.ts +++ b/src/interfaces/messages-get.ts @@ -17,7 +17,7 @@ export class MessagesGet extends Message { Message.validateJsonSchema(message); this.validateMessageCids(message.descriptor.messageCids); - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); validateTimestamp(message.descriptor.messageTimestamp); return new MessagesGet(message); diff --git a/src/interfaces/permissions-grant.ts b/src/interfaces/permissions-grant.ts index 7b0980ed1..d3298e677 100644 --- a/src/interfaces/permissions-grant.ts +++ b/src/interfaces/permissions-grant.ts @@ -37,7 +37,7 @@ export type CreateFromPermissionsRequestOverrides = { export class PermissionsGrant extends Message { public static async parse(message: PermissionsGrantMessage): Promise { - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); PermissionsGrant.validateScope(message); validateTimestamp(message.descriptor.messageTimestamp); validateTimestamp(message.descriptor.dateExpires); diff --git a/src/interfaces/permissions-request.ts b/src/interfaces/permissions-request.ts index 875116745..fe196f9b5 100644 --- a/src/interfaces/permissions-request.ts +++ b/src/interfaces/permissions-request.ts @@ -21,7 +21,7 @@ export type PermissionsRequestOptions = { export class PermissionsRequest extends Message { public static async parse(message: PermissionsRequestMessage): Promise { - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); validateTimestamp(message.descriptor.messageTimestamp); return new PermissionsRequest(message); diff --git a/src/interfaces/permissions-revoke.ts b/src/interfaces/permissions-revoke.ts index 459dbd2cc..a5032550c 100644 --- a/src/interfaces/permissions-revoke.ts +++ b/src/interfaces/permissions-revoke.ts @@ -14,7 +14,7 @@ export type PermissionsRevokeOptions = { export class PermissionsRevoke extends Message { public static async parse(message: PermissionsRevokeMessage): Promise { - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); validateTimestamp(message.descriptor.messageTimestamp); return new PermissionsRevoke(message); diff --git a/src/interfaces/protocols-configure.ts b/src/interfaces/protocols-configure.ts index 8f631efad..1bd42b8d4 100644 --- a/src/interfaces/protocols-configure.ts +++ b/src/interfaces/protocols-configure.ts @@ -21,7 +21,7 @@ export class ProtocolsConfigure extends Message { public static async parse(message: ProtocolsConfigureMessage): Promise { Message.validateJsonSchema(message); ProtocolsConfigure.validateProtocolDefinition(message.descriptor.definition); - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); validateTimestamp(message.descriptor.messageTimestamp); return new ProtocolsConfigure(message); diff --git a/src/interfaces/protocols-query.ts b/src/interfaces/protocols-query.ts index 19b14d0fe..8b4d968c5 100644 --- a/src/interfaces/protocols-query.ts +++ b/src/interfaces/protocols-query.ts @@ -23,7 +23,7 @@ export class ProtocolsQuery extends Message { public static async parse(message: ProtocolsQueryMessage): Promise { if (message.authorization !== undefined) { - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); } if (message.descriptor.filter !== undefined) { @@ -79,12 +79,12 @@ export class ProtocolsQuery extends Message { // if author is the same as the target tenant, we can directly grant access if (this.author === tenant) { return; - } else if (this.author !== undefined && this.signerSignaturePayload!.permissionsGrantId) { + } else if (this.author !== undefined && this.signaturePayload!.permissionsGrantId) { await GrantAuthorization.authorizeGenericMessage( tenant, this, this.author, - this.signerSignaturePayload!.permissionsGrantId, + this.signaturePayload!.permissionsGrantId, messageStore ); } else { diff --git a/src/interfaces/records-delete.ts b/src/interfaces/records-delete.ts index 216aa5923..d9e8ac899 100644 --- a/src/interfaces/records-delete.ts +++ b/src/interfaces/records-delete.ts @@ -21,7 +21,7 @@ export type RecordsDeleteOptions = { export class RecordsDelete extends Message { public static async parse(message: RecordsDeleteMessage): Promise { - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); validateTimestamp(message.descriptor.messageTimestamp); const recordsDelete = new RecordsDelete(message); diff --git a/src/interfaces/records-query.ts b/src/interfaces/records-query.ts index 0c552f248..282cc872f 100644 --- a/src/interfaces/records-query.ts +++ b/src/interfaces/records-query.ts @@ -32,7 +32,7 @@ export class RecordsQuery extends Message { public static async parse(message: RecordsQueryMessage): Promise { let authorizationPayload; if (message.authorization !== undefined) { - authorizationPayload = await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + authorizationPayload = await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); } if (authorizationPayload?.protocolRole !== undefined) { diff --git a/src/interfaces/records-read.ts b/src/interfaces/records-read.ts index 23d708596..8fc24a068 100644 --- a/src/interfaces/records-read.ts +++ b/src/interfaces/records-read.ts @@ -28,7 +28,7 @@ export class RecordsRead extends Message { public static async parse(message: RecordsReadMessage): Promise { if (message.authorization !== undefined) { - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor); } validateTimestamp(message.descriptor.messageTimestamp); @@ -80,7 +80,7 @@ export class RecordsRead extends Message { } else if (this.author !== undefined && this.author === descriptor.recipient) { // The recipient of a message may always read it return; - } else if (this.author !== undefined && this.signerSignaturePayload!.permissionsGrantId !== undefined) { + } else if (this.author !== undefined && this.signaturePayload!.permissionsGrantId !== undefined) { await RecordsGrantAuthorization.authorizeRead(tenant, this, newestRecordsWrite, this.author, messageStore); } else if (descriptor.protocol !== undefined) { await ProtocolAuthorization.authorizeRead(tenant, this, newestRecordsWrite, messageStore); diff --git a/src/interfaces/records-write.ts b/src/interfaces/records-write.ts index cefc6ef18..fefcdedbb 100644 --- a/src/interfaces/records-write.ts +++ b/src/interfaces/records-write.ts @@ -167,12 +167,12 @@ export class RecordsWrite { return this._author; } - private _signerSignaturePayload: RecordsWriteSignaturePayload | undefined; + private _signaturePayload: RecordsWriteSignaturePayload | undefined; /** - * Decoded signer signature payload. + * Decoded payload of the signature of this message. */ - public get signerSignaturePayload(): RecordsWriteSignaturePayload | undefined { - return this._signerSignaturePayload; + public get signaturePayload(): RecordsWriteSignaturePayload | undefined { + return this._signaturePayload; } private _owner: string | undefined; @@ -205,7 +205,7 @@ export class RecordsWrite { this._author = Message.getSigner(message as GenericMessage); } - this._signerSignaturePayload = Jws.decodePlainObjectPayload(message.authorization.authorSignature); + this._signaturePayload = Jws.decodePlainObjectPayload(message.authorization.signature); if (message.authorization.ownerSignature !== undefined) { this._owner = Jws.getSignerDid(message.authorization.ownerSignature.signatures[0]); @@ -221,7 +221,7 @@ export class RecordsWrite { public static async parse(message: RecordsWriteMessage): Promise { // asynchronous checks that are required by the constructor to initialize members properly - await validateMessageSignatureIntegrity(message.authorization.authorSignature, message.descriptor, 'RecordsWriteSignaturePayload'); + await validateMessageSignatureIntegrity(message.authorization.signature, message.descriptor, 'RecordsWriteSignaturePayload'); if (message.authorization.ownerSignature !== undefined) { await validateMessageSignatureIntegrity(message.authorization.ownerSignature, message.descriptor); @@ -422,7 +422,7 @@ export class RecordsWrite { // opportunity here to re-sign instead of remove delete this._message.authorization; - this._signerSignaturePayload = undefined; + this._signaturePayload = undefined; this._author = undefined; } @@ -442,7 +442,7 @@ export class RecordsWrite { let authorDid; if (delegatedGrant !== undefined) { delegatedGrantId = await Message.getCid(delegatedGrant); - authorDid = Jws.getSignerDid(delegatedGrant.authorization.authorSignature.signatures[0]); + authorDid = Jws.getSignerDid(delegatedGrant.authorization.signature.signatures[0]); } else { authorDid = Jws.extractDid(signer.keyId); } @@ -464,7 +464,7 @@ export class RecordsWrite { permissionsGrantId, protocolRole }; - const signerSignature = await RecordsWrite.createSignerSignature( + const signature = await RecordsWrite.createSignerSignature( this._message.recordId, this._message.contextId, descriptorCid, @@ -474,14 +474,14 @@ export class RecordsWrite { additionalPropertiesToSign ); - this._message.authorization = { authorSignature: signerSignature }; + this._message.authorization = { signature }; if (delegatedGrant !== undefined) { this._message.authorization.authorDelegatedGrant = delegatedGrant; } // there is opportunity to optimize here as the payload is constructed within `createAuthorization(...)` - this._signerSignaturePayload = Jws.decodePlainObjectPayload(signerSignature); + this._signaturePayload = Jws.decodePlainObjectPayload(signature); this._author = authorDid; } @@ -494,7 +494,7 @@ export class RecordsWrite { if (this._author === undefined) { throw new DwnError( DwnErrorCode.RecordsWriteSignAsOwnerUnknownAuthor, - 'Unable to sign as owner if without signer signature because owner needs to sign over `recordId` which depends on author DID.'); + 'Unable to sign as owner if without message signature because owner needs to sign over `recordId` which depends on author DID.'); } const descriptor = this._message.descriptor; @@ -523,7 +523,7 @@ export class RecordsWrite { } else if (this.author === tenant) { // if author is the same as the target tenant, we can directly grant access return; - } else if (this.author !== undefined && this.signerSignaturePayload!.permissionsGrantId !== undefined) { + } else if (this.author !== undefined && this.signaturePayload!.permissionsGrantId !== undefined) { await RecordsGrantAuthorization.authorizeWrite(tenant, this, this.author, messageStore); } else if (this.message.descriptor.protocol !== undefined) { await ProtocolAuthorization.authorizeWrite(tenant, this, messageStore); @@ -558,25 +558,25 @@ export class RecordsWrite { } } - // NOTE: validateMessageSignatureIntegrity() call earlier enforces the presence of `authorization` and thus `authorSignature` in RecordsWrite - const signerSignaturePayload = this.signerSignaturePayload!; + // NOTE: validateMessageSignatureIntegrity() call earlier enforces the presence of `authorization` and thus `signature` in RecordsWrite + const signaturePayload = this.signaturePayload!; - // make sure the `recordId` in message is the same as the `recordId` in signer signature payload - if (this.message.recordId !== signerSignaturePayload.recordId) { + // make sure the `recordId` in message is the same as the `recordId` in the payload of the message signature + if (this.message.recordId !== signaturePayload.recordId) { throw new Error( - `recordId in message ${this.message.recordId} does not match recordId in authorization: ${signerSignaturePayload.recordId}` + `recordId in message ${this.message.recordId} does not match recordId in authorization: ${signaturePayload.recordId}` ); } - // if `contextId` is given in message, make sure the same `contextId` is in the signer signature payload - if (this.message.contextId !== signerSignaturePayload.contextId) { + // if `contextId` is given in message, make sure the same `contextId` is in the the payload of the message signature + if (this.message.contextId !== signaturePayload.contextId) { throw new Error( - `contextId in message ${this.message.contextId} does not match contextId in authorization: ${signerSignaturePayload.contextId}` + `contextId in message ${this.message.contextId} does not match contextId in authorization: ${signaturePayload.contextId}` ); } - // `deletedGrantId` in the signer signature payload and `authorDelegatedGrant` in `authorization` must both exist or be both undefined - const delegatedGrantIdDefined = signerSignaturePayload.delegatedGrantId !== undefined; + // `deletedGrantId` in the payload of the message signature and `authorDelegatedGrant` in `authorization` must both exist or be both undefined + const delegatedGrantIdDefined = signaturePayload.delegatedGrantId !== undefined; const authorDelegatedGrantDefined = this.message.authorization!.authorDelegatedGrant !== undefined; if (delegatedGrantIdDefined !== authorDelegatedGrantDefined) { throw new DwnError( @@ -598,10 +598,10 @@ export class RecordsWrite { } } - // if `attestation` is given in message, make sure the correct `attestationCid` is in the signer signature payload - if (signerSignaturePayload.attestationCid !== undefined) { + // if `attestation` is given in message, make sure the correct `attestationCid` is in the payload of the message signature + if (signaturePayload.attestationCid !== undefined) { const expectedAttestationCid = await Cid.computeCid(this.message.attestation); - const actualAttestationCid = signerSignaturePayload.attestationCid; + const actualAttestationCid = signaturePayload.attestationCid; if (actualAttestationCid !== expectedAttestationCid) { throw new Error( `CID ${expectedAttestationCid} of attestation property in message does not match attestationCid in authorization: ${actualAttestationCid}` @@ -609,10 +609,10 @@ export class RecordsWrite { } } - // if `encryption` is given in message, make sure the correct `encryptionCid` is in the signer signature payload - if (signerSignaturePayload.encryptionCid !== undefined) { + // if `encryption` is given in message, make sure the correct `encryptionCid` is in the payload of the message signature + if (signaturePayload.encryptionCid !== undefined) { const expectedEncryptionCid = await Cid.computeCid(this.message.encryption); - const actualEncryptionCid = signerSignaturePayload.encryptionCid; + const actualEncryptionCid = signaturePayload.encryptionCid; if (actualEncryptionCid !== expectedEncryptionCid) { throw new DwnError( DwnErrorCode.RecordsWriteValidateIntegrityEncryptionCidMismatch, diff --git a/src/types/message-types.ts b/src/types/message-types.ts index 9191c7927..0431bdb9a 100644 --- a/src/types/message-types.ts +++ b/src/types/message-types.ts @@ -13,10 +13,20 @@ export type GenericMessage = { * The data model for the `authorization` property in a DWN message. */ export type AuthorizationModel = { - // NOTE: deferring the rename to signerSignature to a follow up PR to not pollute this PR with further distractions - // because it touches a lot of places! - authorSignature: GeneralJws; + /** + * The signature of the message signer. + * NOTE: the signer is not necessarily the logical author of the message (e.g. signer is a delegate). + */ + signature: GeneralJws; + + /** + * The optional signature of a DWN owner wishing store a message authored by another entity. + */ ownerSignature?: GeneralJws; + + /** + * The delegated grant invoked by a delegate, if the message is signed by a delegate. + */ authorDelegatedGrant?: DelegatedGrantMessage; }; diff --git a/tests/handlers/protocols-configure.spec.ts b/tests/handlers/protocols-configure.spec.ts index 40baaab6c..45fee7371 100644 --- a/tests/handlers/protocols-configure.spec.ts +++ b/tests/handlers/protocols-configure.spec.ts @@ -83,10 +83,10 @@ export function testProtocolsConfigureHandler(): void { const signer1 = Jws.createSigner(author); const signer2 = Jws.createSigner(extraRandomPersona); - const signerSignaturePayloadBytes = Encoder.objectToBytes(protocolsConfigure.signerSignaturePayload!); + const signaturePayloadBytes = Encoder.objectToBytes(protocolsConfigure.signaturePayload!); - const jwsBuilder = await GeneralJwsBuilder.create(signerSignaturePayloadBytes, [signer1, signer2]); - message.authorization = { authorSignature: jwsBuilder.getJws() }; + const jwsBuilder = await GeneralJwsBuilder.create(signaturePayloadBytes, [signer1, signer2]); + message.authorization = { signature: jwsBuilder.getJws() }; TestStubGenerator.stubDidResolver(didResolver, [author]); diff --git a/tests/handlers/protocols-query.spec.ts b/tests/handlers/protocols-query.spec.ts index ef8f1647a..bcf97b791 100644 --- a/tests/handlers/protocols-query.spec.ts +++ b/tests/handlers/protocols-query.spec.ts @@ -160,18 +160,18 @@ export function testProtocolsQueryHandler(): void { expect(reply.status.detail).to.contain(DwnErrorCode.UrlProtocolNotNormalized); }); - it('should fail with 400 if signer signature payload is referencing a different message (`descriptorCid`)', async () => { + it('should fail with 400 if signature payload is referencing a different message (`descriptorCid`)', async () => { const { author, message, protocolsQuery } = await TestDataGenerator.generateProtocolsQuery(); const tenant = author.did; - // replace signer signature with incorrect `descriptorCid`, even though signature is still valid + // replace signature with incorrect `descriptorCid`, even though signature is still valid const incorrectDescriptorCid = await TestDataGenerator.randomCborSha256Cid(); - const signerSignaturePayload = { ...protocolsQuery.signerSignaturePayload }; - signerSignaturePayload.descriptorCid = incorrectDescriptorCid; - const signerSignaturePayloadBytes = Encoder.objectToBytes(signerSignaturePayload); + const signaturePayload = { ...protocolsQuery.signaturePayload }; + signaturePayload.descriptorCid = incorrectDescriptorCid; + const signaturePayloadBytes = Encoder.objectToBytes(signaturePayload); const signer = Jws.createSigner(author); - const jwsBuilder = await GeneralJwsBuilder.create(signerSignaturePayloadBytes, [signer]); - message.authorization = { authorSignature: jwsBuilder.getJws() }; + const jwsBuilder = await GeneralJwsBuilder.create(signaturePayloadBytes, [signer]); + message.authorization = { signature: jwsBuilder.getJws() }; const reply = await dwn.processMessage(tenant, message); diff --git a/tests/handlers/records-write.spec.ts b/tests/handlers/records-write.spec.ts index f5d918338..52a08b643 100644 --- a/tests/handlers/records-write.spec.ts +++ b/tests/handlers/records-write.spec.ts @@ -469,7 +469,7 @@ export function testRecordsWriteHandler(): void { // Bob pretends to be Alice by adding an invalid `ownerSignature` // We do this by creating a valid signature first then swap out with an invalid one await recordsWrite.signAsOwner(Jws.createSigner(alice)); - const bobSignature = recordsWrite.message.authorization.authorSignature.signatures[0]; + const bobSignature = recordsWrite.message.authorization.signature.signatures[0]; recordsWrite.message.authorization.ownerSignature!.signatures[0].signature = bobSignature.signature; // invalid `ownerSignature` // Test that Bob is not able to store the message in Alice's DWN using an invalid `ownerSignature` @@ -730,7 +730,7 @@ export function testRecordsWriteHandler(): void { xit('should fail if presented with a delegated grant with invalid grantor signature', async () => { }); - xit('should fail if presented with a delegated grant with mismatching grant ID in the signer signature payload', async () => { + xit('should fail if presented with a delegated grant with mismatching grant ID in the payload of the message signature', async () => { }); }); @@ -814,10 +814,10 @@ export function testRecordsWriteHandler(): void { message.descriptor.dataSize = DwnConstant.maxDataSizeAllowedToBeEncoded + 100; const descriptorCid = await Cid.computeCid(message.descriptor); const recordId = await RecordsWrite.getEntryId(alice.did, message.descriptor); - const authorizationSigner = Jws.createSigner(alice); - const authorSignature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, authorizationSigner, undefined); + const signer = Jws.createSigner(alice); + const signature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, signer, undefined); message.recordId = recordId; - message.authorization = { authorSignature }; + message.authorization = { signature }; const reply = await dwn.processMessage(alice.did, message, dataStream); expect(reply.status.code).to.equal(400); @@ -835,10 +835,10 @@ export function testRecordsWriteHandler(): void { message.descriptor.dataSize = DwnConstant.maxDataSizeAllowedToBeEncoded + 100; const descriptorCid = await Cid.computeCid(message.descriptor); const recordId = await RecordsWrite.getEntryId(alice.did, message.descriptor); - const authorizationSigner = Jws.createSigner(alice); - const authorSignature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, authorizationSigner, undefined); + const signer = Jws.createSigner(alice); + const signature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, signer, undefined); message.recordId = recordId; - message.authorization = { authorSignature }; + message.authorization = { signature }; const reply = await dwn.processMessage(alice.did, message, dataStream); expect(reply.status.code).to.equal(400); @@ -856,10 +856,10 @@ export function testRecordsWriteHandler(): void { message.descriptor.dataSize = 1; const descriptorCid = await Cid.computeCid(message.descriptor); const recordId = await RecordsWrite.getEntryId(alice.did, message.descriptor); - const authorizationSigner = Jws.createSigner(alice); - const authorSignature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, authorizationSigner, undefined); + const signer = Jws.createSigner(alice); + const signature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, signer, undefined); message.recordId = recordId; - message.authorization = { authorSignature }; + message.authorization = { signature }; const reply = await dwn.processMessage(alice.did, message, dataStream); expect(reply.status.code).to.equal(400); @@ -876,10 +876,10 @@ export function testRecordsWriteHandler(): void { message.descriptor.dataSize = 1; const descriptorCid = await Cid.computeCid(message.descriptor); const recordId = await RecordsWrite.getEntryId(alice.did, message.descriptor); - const authorizationSigner = Jws.createSigner(alice); - const authorSignature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, authorizationSigner, undefined); + const signer = Jws.createSigner(alice); + const signature = await RecordsWrite['createSignerSignature'](recordId, message.contextId, descriptorCid, message.attestation, message.encryption, signer, undefined); message.recordId = recordId; - message.authorization = { authorSignature }; + message.authorization = { signature }; const reply = await dwn.processMessage(alice.did, message, dataStream); expect(reply.status.code).to.equal(400); @@ -3108,7 +3108,7 @@ export function testRecordsWriteHandler(): void { // Re-create auth because we altered the descriptor after signing const descriptorCid = await Cid.computeCid(recordsWrite.message.descriptor); const attestation = await RecordsWrite.createAttestation(descriptorCid); - const authorSignature = await RecordsWrite.createSignerSignature( + const signature = await RecordsWrite.createSignerSignature( recordsWrite.message.recordId, recordsWrite.message.contextId, descriptorCid, @@ -3120,7 +3120,7 @@ export function testRecordsWriteHandler(): void { recordsWrite.message = { ...recordsWrite.message, attestation, - authorization: { authorSignature } + authorization: { signature } }; // Send records write message @@ -3977,16 +3977,16 @@ export function testRecordsWriteHandler(): void { }); describe('authorization validation tests', () => { - it('should return 400 if `recordId` in signer signature payload mismatches with `recordId` in the message', async () => { + it('should return 400 if `recordId` in payload of the message signature mismatches with `recordId` in the message', async () => { const { author, message, recordsWrite, dataStream } = await TestDataGenerator.generateRecordsWrite(); - // replace signer signature with mismatching `recordId`, even though signature is still valid - const signerSignaturePayload = { ...recordsWrite.signerSignaturePayload }; - signerSignaturePayload.recordId = await TestDataGenerator.randomCborSha256Cid(); // make recordId mismatch in authorization payload - const signerSignaturePayloadBytes = Encoder.objectToBytes(signerSignaturePayload); + // replace signature with mismatching `recordId`, even though signature is still valid + const signaturePayload = { ...recordsWrite.signaturePayload }; + signaturePayload.recordId = await TestDataGenerator.randomCborSha256Cid(); // make recordId mismatch in authorization payload + const signaturePayloadBytes = Encoder.objectToBytes(signaturePayload); const signer = Jws.createSigner(author); - const jwsBuilder = await GeneralJwsBuilder.create(signerSignaturePayloadBytes, [signer]); - message.authorization = { authorSignature: jwsBuilder.getJws() }; + const jwsBuilder = await GeneralJwsBuilder.create(signaturePayloadBytes, [signer]); + message.authorization = { signature: jwsBuilder.getJws() }; const tenant = author.did; const didResolver = TestStubGenerator.createDidResolverStub(author); @@ -4000,17 +4000,17 @@ export function testRecordsWriteHandler(): void { expect(reply.status.detail).to.contain('does not match recordId in authorization'); }); - it('should return 400 if `contextId` in signer signature payload mismatches with `contextId` in the message', async () => { + it('should return 400 if `contextId` in payload of message signature mismatches with `contextId` in the message', async () => { // generate a message with protocol so that computed contextId is also computed and included in message const { author, message, recordsWrite, dataStream } = await TestDataGenerator.generateRecordsWrite({ protocol: 'http://any.value', protocolPath: 'any/value' }); // replace `authorization` with mismatching `contextId`, even though signature is still valid - const signerSignaturePayload = { ...recordsWrite.signerSignaturePayload }; - signerSignaturePayload.contextId = await TestDataGenerator.randomCborSha256Cid(); // make contextId mismatch in authorization payload - const signerSignaturePayloadBytes = Encoder.objectToBytes(signerSignaturePayload); + const signaturePayload = { ...recordsWrite.signaturePayload }; + signaturePayload.contextId = await TestDataGenerator.randomCborSha256Cid(); // make contextId mismatch in authorization payload + const signaturePayloadBytes = Encoder.objectToBytes(signaturePayload); const signer = Jws.createSigner(author); - const jwsBuilder = await GeneralJwsBuilder.create(signerSignaturePayloadBytes, [signer]); - message.authorization = { authorSignature: jwsBuilder.getJws() }; + const jwsBuilder = await GeneralJwsBuilder.create(signaturePayloadBytes, [signer]); + message.authorization = { signature: jwsBuilder.getJws() }; const tenant = author.did; const didResolver = sinon.createStubInstance(DidResolver); @@ -4066,18 +4066,18 @@ export function testRecordsWriteHandler(): void { const signer = Jws.createSigner(author); // replace `attestation` with one that has an additional property, but go the extra mile of making sure signature is valid - const descriptorCid = recordsWrite.signerSignaturePayload!.descriptorCid; + const descriptorCid = recordsWrite.signaturePayload!.descriptorCid; const attestationPayload = { descriptorCid, someAdditionalProperty: 'anyValue' }; // additional property is not allowed const attestationPayloadBytes = Encoder.objectToBytes(attestationPayload); const attestationBuilder = await GeneralJwsBuilder.create(attestationPayloadBytes, [signer]); message.attestation = attestationBuilder.getJws(); // recreate the `authorization` based on the new` attestationCid` - const signerSignaturePayload = { ...recordsWrite.signerSignaturePayload }; - signerSignaturePayload.attestationCid = await Cid.computeCid(attestationPayload); - const signerSignaturePayloadBytes = Encoder.objectToBytes(signerSignaturePayload); - const authorizationBuilder = await GeneralJwsBuilder.create(signerSignaturePayloadBytes, [signer]); - message.authorization = { authorSignature: authorizationBuilder.getJws() }; + const signaturePayload = { ...recordsWrite.signaturePayload }; + signaturePayload.attestationCid = await Cid.computeCid(attestationPayload); + const signaturePayloadBytes = Encoder.objectToBytes(signaturePayload); + const authorizationBuilder = await GeneralJwsBuilder.create(signaturePayloadBytes, [signer]); + message.authorization = { signature: authorizationBuilder.getJws() }; const didResolver = TestStubGenerator.createDidResolverStub(author); const messageStore = stubInterface(); diff --git a/tests/interfaces/records-write.spec.ts b/tests/interfaces/records-write.spec.ts index 0ed3f1f3a..38ad6641e 100644 --- a/tests/interfaces/records-write.spec.ts +++ b/tests/interfaces/records-write.spec.ts @@ -223,7 +223,7 @@ describe('RecordsWrite', () => { const recordsWrite = await RecordsWrite.create(options); - expect(recordsWrite.message.authorization!.authorSignature.signatures[0].signature).to.equal(Encoder.bytesToBase64Url(hardCodedSignature)); + expect(recordsWrite.message.authorization!.signature.signatures[0].signature).to.equal(Encoder.bytesToBase64Url(hardCodedSignature)); }); it('should throw if attempting to use `protocols` key derivation encryption scheme on non-protocol-based record', async () => { @@ -324,7 +324,7 @@ describe('RecordsWrite', () => { }); describe('parse()', () => { - it('should throw if signer signs over a delegated grant ID but the delegated grant is not given', async () => { + it('should throw if a delegate invokes a delegated grant (ID) but the delegated grant is not given', async () => { const alice = await TestDataGenerator.generatePersona(); const bob = await TestDataGenerator.generatePersona(); @@ -385,7 +385,7 @@ describe('RecordsWrite', () => { const recordsWrite = await RecordsWrite.create(options); expect(recordsWrite.author).to.not.exist; - expect(recordsWrite.signerSignaturePayload).to.not.exist; + expect(recordsWrite.signaturePayload).to.not.exist; const alice = await DidKeyResolver.generate(); await expect(recordsWrite.signAsOwner(Jws.createSigner(alice))).to.rejectedWith(DwnErrorCode.RecordsWriteSignAsOwnerUnknownAuthor); @@ -406,7 +406,7 @@ describe('RecordsWrite', () => { const recordsWrite = await RecordsWrite.create(options); expect(recordsWrite.author).to.not.exist; - expect(recordsWrite.signerSignaturePayload).to.not.exist; + expect(recordsWrite.signaturePayload).to.not.exist; expect(() => recordsWrite.message).to.throw(DwnErrorCode.RecordsWriteMissingAuthorizationSigner); }); diff --git a/tests/utils/test-data-generator.ts b/tests/utils/test-data-generator.ts index 30486289f..f89476fb2 100644 --- a/tests/utils/test-data-generator.ts +++ b/tests/utils/test-data-generator.ts @@ -767,7 +767,7 @@ export class TestDataGenerator { */ public static generateAuthorization(): AuthorizationModel { return { - authorSignature: TestDataGenerator.generateAuthorizationSignature() + signature: TestDataGenerator.generateAuthorizationSignature() }; }