From fc4c8f2de12f35cd944aeaa5e807fe97c74276b5 Mon Sep 17 00:00:00 2001 From: Steve Moyer Date: Wed, 13 Nov 2024 12:40:25 -0500 Subject: [PATCH] fix: issues discovered by invocation validation tests --- did/did.go | 2 +- token/delegation/delegation.go | 2 +- token/invocation/invocation_test.go | 6 +++--- token/invocation/proof.go | 2 ++ 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/did/did.go b/did/did.go index bf92946..19042bf 100644 --- a/did/did.go +++ b/did/did.go @@ -78,7 +78,7 @@ func MustParse(str string) DID { // Defined tells if the DID is defined, not equal to Undef. func (d DID) Defined() bool { - return d.code == 0 || len(d.bytes) > 0 + return d.code != 0 || len(d.bytes) > 0 } // PubKey returns the public key encapsulated by the did:key. diff --git a/token/delegation/delegation.go b/token/delegation/delegation.go index b2a2ca2..1f19f42 100644 --- a/token/delegation/delegation.go +++ b/token/delegation/delegation.go @@ -162,7 +162,7 @@ func (t *Token) IsValidNow() bool { // IsValidNow verifies that the token can be used at the given time, based on expiration or "not before" fields. // This does NOT do any other kind of verifications. func (t *Token) IsValidAt(ti time.Time) bool { - if t.expiration == nil && ti.After(*t.expiration) { + if t.expiration != nil && ti.After(*t.expiration) { return false } if t.notBefore != nil && ti.Before(*t.notBefore) { diff --git a/token/invocation/invocation_test.go b/token/invocation/invocation_test.go index 93e967e..921e085 100644 --- a/token/invocation/invocation_test.go +++ b/token/invocation/invocation_test.go @@ -94,7 +94,7 @@ func TestToken_ExecutionAllowed(t *testing.T) { args := invocationtest.EmptyArguments prf := invocationtest.Proof(t, dlg1TknCIDStr, expiredDlg0TknCIDStr, rootTknCIDStr) - testFails(t, invocation.ErrDelegationExpired, []string{"seg0"}, args, prf) + testFails(t, invocation.ErrTokenInvalidNow, []string{"seg0"}, args, prf) }) t.Run("fails - referenced delegation inactive", func(t *testing.T) { @@ -102,7 +102,7 @@ func TestToken_ExecutionAllowed(t *testing.T) { args := invocationtest.EmptyArguments prf := invocationtest.Proof(t, dlg1TknCIDStr, inactiveDlg0TknCIDStr, rootTknCIDStr) - testFails(t, invocation.ErrDelegationInactive, []string{"seg0"}, args, prf) + testFails(t, invocation.ErrTokenInvalidNow, []string{"seg0"}, args, prf) }) t.Run("fails - last (or only) delegation not root", func(t *testing.T) { @@ -126,7 +126,7 @@ func TestToken_ExecutionAllowed(t *testing.T) { args := invocationtest.EmptyArguments prf := invocationtest.Proof(t, dlg0TknCIDStr, rootTknCIDStr) - testFails(t, invocation.ErrNotIssuedToInvoker, []string{"seg0"}, args, prf) + testFails(t, invocation.ErrBrokenChain, []string{"seg0"}, args, prf) }) } diff --git a/token/invocation/proof.go b/token/invocation/proof.go index e345f3c..67a3364 100644 --- a/token/invocation/proof.go +++ b/token/invocation/proof.go @@ -26,6 +26,8 @@ func (t *Token) verifyProofs(delegations []*delegation.Token) error { aud = t.subject } + fmt.Println("Subject:", t.subject, ", Audience:", aud) + var last *delegation.Token // control from the invocation to the root