Jws header validation (decentralized-identity#172)

* Refactor jws decentralized-identity#143 * update * lint --------- Co-authored-by: Kendall Weihe <[email protected]>
enmand · May 20, 2024 · c1e4e90 · c1e4e90
1 parent 9bcbfb3
commit c1e4e90
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -15,4 +15,5 @@ Cargo.lock
 
 # -- developer added
 
-.hermit/
+.hermit/
+.idea/
diff --git a/crates/jws/src/lib.rs b/crates/jws/src/lib.rs
@@ -29,6 +29,8 @@ pub enum JwsError {
     AlgorithmNotFound(String),
     #[error(transparent)]
     CryptoError(#[from] CryptoError),
+    #[error("deserialization error {0}")]
+    MalformedHeader(String),
 }
 
 pub fn splice_parts(compact_jws: &str) -> Result<Vec<String>, JwsError> {

diff --git a/crates/jws/src/v2.rs b/crates/jws/src/v2.rs
@@ -26,6 +26,8 @@ pub enum JwsError {
     SerdeJsonError(String),
     #[error(transparent)]
     DecodeError(#[from] DecodeError),
+    #[error("Malformed Header: {0}")]
+    MalformedHeader(String),
 }
 
 impl From<SerdeJsonError> for JwsError {
@@ -93,7 +95,18 @@ impl CompactJws {
     pub async fn verify(compact_jws: &str) -> Result<JwsDecoded, JwsError> {
         let jws_decoded = CompactJws::decode(compact_jws)?;
 
-        // TODO https://github.com/TBD54566975/web5-rs/issues/149
+        // Validate header fields
+        if jws_decoded.header.alg.is_empty() {
+            return Err(JwsError::MalformedHeader(
+                "alg field is required".to_string(),
+            ));
+        }
+
+        if jws_decoded.header.kid.is_empty() {
+            return Err(JwsError::MalformedHeader(
+                "kid field is required for verification processing".to_string(),
+            ));
+        }
 
         let key_id = jws_decoded.header.kid.clone();
         let did_uri = KeyIdFragment(key_id.clone()).splice_uri();