Skip to content

[BUG] verification of ES256K-R fails when verificationMethod uses checksumAddress in blockchainAccountId #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mirceanis opened this issue Jun 6, 2022 · 1 comment · Fixed by #232
Closed

[BUG] verification of ES256K-R fails when verificationMethod uses checksumAddress in blockchainAccountId #231

mirceanis opened this issue Jun 6, 2022 · 1 comment · Fixed by #232
Assignees
@mirceanis
Labels
bug Something isn't working released

Comments

@mirceanis
Copy link
Member

Current Behavior

Here is an example test case:

  import { getAddress } from "@ethersproject/address"

  // ...

  it('handles ES256K-R algorithm with checksum address in blockchainAccountId', async () => {
    expect.assertions(1)
    const verificationMethod = {
      id: `${did}#keys-1`,
      type: 'EcdsaSecp256k1RecoveryMethod2020',
      owner: did,
      blockchainAccountId: `eip155:1:${getAddress(address)}`, // use checksum address (mixed case)
    }
    const ethResolver = {
      resolve: jest.fn().mockReturnValue({
        didDocument: {
          id: did,
          verificationMethod: [ verificationMethod ],
        },
      }),
    }
    const jwt = await createJWT({ hello: 'world' }, { issuer: aud, signer: recoverySigner, alg: 'ES256K-R' })
    const result = await verifyJWT(jwt, { resolver: ethResolver })
    return expect(result.signer).toEqual(verificationMethod)
  })

Expected Behavior

The test should pass

Failure Information

The test from above fails with invalid signature for JWT

The failure is likely caused by a case comparison of strings
@mirceanis mirceanis added the bug Something isn't working label Jun 6, 2022
@mirceanis mirceanis self-assigned this Jun 6, 2022
@mirceanis mirceanis mentioned this issue Jun 6, 2022
Merged
mirceanis added a commit that referenced this issue Jun 6, 2022
@mirceanis
fix: ES256K-R verification with checksumAddress in eip155 blockchainA…

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
dcbd0b9 
…ccountId (#232)

fixes #231
uport-automation-bot pushed a commit that referenced this issue Jun 6, 2022
@semantic-release-bot
chore(release): 6.1.2 [skip ci]
9c6e084 
## [6.1.2](6.1.1...6.1.2) (2022-06-06)

### Bug Fixes

* ES256K-R verification with checksumAddress in eip155 blockchainAccountId ([#232](#232)) ([dcbd0b9](dcbd0b9)), closes [#231](#231)
@uport-automation-bot
Copy link
Collaborator

🎉 This issue has been resolved in version 6.1.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mirceanis mirceanis

Labels
bug Something isn't working released
Projects
None yet
Milestone
No milestone
2 participants
@mirceanis @uport-automation-bot