From c1e4e90865b2dedd054e4e8ff85e3ef4187a144c Mon Sep 17 00:00:00 2001
From: nitro-neal <5314059+nitro-neal@users.noreply.github.com>
Date: Wed, 8 May 2024 11:43:51 -0700
Subject: [PATCH] Jws header validation (#172)

* Refactor jws #143

* update

* lint

---------

Co-authored-by: Kendall Weihe <kendallw@squareup.com>
---
 .gitignore            |  3 ++-
 crates/jws/src/lib.rs |  2 ++
 crates/jws/src/v2.rs  | 15 ++++++++++++++-
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 431de9f6..62122979 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,4 +15,5 @@ Cargo.lock
 
 # -- developer added
 
-.hermit/
\ No newline at end of file
+.hermit/
+.idea/
diff --git a/crates/jws/src/lib.rs b/crates/jws/src/lib.rs
index b3905b91..da0d3c2c 100644
--- a/crates/jws/src/lib.rs
+++ b/crates/jws/src/lib.rs
@@ -29,6 +29,8 @@ pub enum JwsError {
     AlgorithmNotFound(String),
     #[error(transparent)]
     CryptoError(#[from] CryptoError),
+    #[error("deserialization error {0}")]
+    MalformedHeader(String),
 }
 
 pub fn splice_parts(compact_jws: &str) -> Result<Vec<String>, JwsError> {
diff --git a/crates/jws/src/v2.rs b/crates/jws/src/v2.rs
index ccbe1e08..f77633c4 100644
--- a/crates/jws/src/v2.rs
+++ b/crates/jws/src/v2.rs
@@ -26,6 +26,8 @@ pub enum JwsError {
     SerdeJsonError(String),
     #[error(transparent)]
     DecodeError(#[from] DecodeError),
+    #[error("Malformed Header: {0}")]
+    MalformedHeader(String),
 }
 
 impl From<SerdeJsonError> for JwsError {
@@ -93,7 +95,18 @@ impl CompactJws {
     pub async fn verify(compact_jws: &str) -> Result<JwsDecoded, JwsError> {
         let jws_decoded = CompactJws::decode(compact_jws)?;
 
-        // TODO https://github.com/TBD54566975/web5-rs/issues/149
+        // Validate header fields
+        if jws_decoded.header.alg.is_empty() {
+            return Err(JwsError::MalformedHeader(
+                "alg field is required".to_string(),
+            ));
+        }
+
+        if jws_decoded.header.kid.is_empty() {
+            return Err(JwsError::MalformedHeader(
+                "kid field is required for verification processing".to_string(),
+            ));
+        }
 
         let key_id = jws_decoded.header.kid.clone();
         let did_uri = KeyIdFragment(key_id.clone()).splice_uri();