go/ucan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(invocation): cleanup proof verification algo

Browse Source
This commit is contained in:
Michael Muré
2024-11-14 15:03:49 +01:00
parent 00d2380f14
commit 417ef78570
1 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
token/invocation/proof.go
View File

@@ -19,6 +19,11 @@ type DelegationLoader interface {
// - principal alignment
// - command alignment
func (t *Token) verifyProofs(delegations []*delegation.Token) error {
// There must be at least one delegation referenced
if len(delegations) < 1 {
return ErrNoProof
}
cmd := t.command
iss := t.issuer
aud := t.audience
@@ -37,21 +42,12 @@ func (t *Token) verifyProofs(delegations []*delegation.Token) error {
if dlg.Audience() != iss {
return fmt.Errorf("%w: delegation %s, expected %s, got %s", ErrBrokenChain, dlgCid, iss, dlg.Audience())
}
iss = dlg.Audience()
iss = dlg.Issuer()
if !dlg.Command().Covers(cmd) {
return fmt.Errorf("%w: delegation %s, %s doesn't cover %s", ErrCommandNotCovered, dlgCid, dlg.Command(), cmd)
}
cmd = dlg.Command()
iss = dlg.Issuer()
}
// There must be at least one delegation referenced
// (yes, it's an odd way to test this, but it allows for the static check to not be mad about "last"
// being possibly nil below).
if len(delegations) < 1 {
return ErrNoProof
}
// The last prf value must be a root delegation (have the issuer field