Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

did:x509 issuer support in IETF profile #206

Merged
merged 31 commits into from
Aug 8, 2024
Merged

did:x509 issuer support in IETF profile #206

merged 31 commits into from
Aug 8, 2024

Conversation

achamayou
Copy link
Member

@achamayou achamayou commented Aug 6, 2024
edited
Loading

Extension of the changes in #203 to authenticate did:x509 issuers, and updated sample illustrating the policy we expect to see in cases where they are used.

I chose to do this under the IETF profile, rather than x509, but the verification sequence is different from both existing profiles (IETF is only did:web at the moment, as far as I can tell):

  1. Find signing key (phdr.x5chain[0] currently, but eventually uhdr.x5chain[0] if digest(uhdr.x5chain[0]) == phdr.x5t)
  2. Verify COSE signature
  3. Check issuer is did:x509, resolve it against phdr.x5chain[0]
  4. Check resolved key matches phdr.x5chain[0]

eddyashton and others added 26 commits July 23, 2024 15:43
@eddyashton
Minimal demo of JS eval
1d7e3ad
@eddyashton
Confirming function access, return value handling
688c453
@eddyashton
Convert COSE protected headers to a JSON object, pass to exported JS …
a56c5f0 
…function
@eddyashton
Load policy script from configuration
3209756
@eddyashton
Convert to PEM before inserting into JS
bcd64f7
@eddyashton
Testing
cacbc15
@eddyashton
Cosntitution validation of new field
520b664
@eddyashton
Minor cleanups
32ffc95
@eddyashton
Remove debug logging
6f138a9
@eddyashton
Placate mypy
588ef9a
@eddyashton
Implement PR suggestions: Document config entry, return failure reaso…
2957528 
…n, debug trace policy steps
@eddyashton
Cleaner debug logging
048d539
@eddyashton
Update trivial_false test with new return type
256496a
@eddyashton
Different formatter -_-
df801e1
@eddyashton
Merge branch 'main' of https://github.com/microsoft/scitt-ccf-ledger
6924b88 
…into js_policy
@eddyashton
Remove redundant breaks
2180d5d
@eddyashton @achamayou
Update app/src/policy_engine.h
e73a4f6 
Co-authored-by: Amaury Chamayou <amaury@xargs.fr>
@eddyashton @achamayou
Update test/test_configuration.py
e3453ff 
Co-authored-by: Amaury Chamayou <amaury@xargs.fr>
@achamayou
wip
511d2fc
@achamayou
wip
bf31fde
@achamayou
more wip
1970079
@achamayou
Add EKU check to test
bdf2249
@achamayou
DID model mismatch
bb1d36a
@achamayou
key comparison
65ca9ce
@achamayou
fmt
da6231d
@achamayou
Merge branch 'main' into didx509
088a6f0
ivarprudnikov
ivarprudnikov reviewed Aug 7, 2024
View reviewed changes
app/src/main.cpp Outdated Show resolved Hide resolved
ivarprudnikov
ivarprudnikov reviewed Aug 7, 2024
View reviewed changes
app/src/verifier.h Outdated Show resolved Hide resolved
ivarprudnikov
ivarprudnikov reviewed Aug 7, 2024
View reviewed changes
app/src/verifier.h Outdated Show resolved Hide resolved
ivarprudnikov
ivarprudnikov reviewed Aug 7, 2024
View reviewed changes
app/src/verifier.h Outdated Show resolved Hide resolved
ivarprudnikov
ivarprudnikov reviewed Aug 7, 2024
View reviewed changes
app/src/verifier.h Outdated Show resolved Hide resolved
@achamayou achamayou changed the title [Draft] did:x509 issuer support did:x509 issuer support in IETF profile Aug 7, 2024
@achamayou achamayou marked this pull request as ready for review August 7, 2024 18:01
ivarprudnikov
ivarprudnikov approved these changes Aug 8, 2024
View reviewed changes
Copy link
Member

@ivarprudnikov ivarprudnikov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have identified a couple of possible improvements in the future but as it is the feature is ready to be released the further validated/assessed once deployed. Related issues were created to address some challenges.

@achamayou
Copy link
Member Author

For reference: #207 #208 and microsoft/didx509cpp#16

@achamayou achamayou merged commit 7653085 into microsoft:main Aug 8, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ivarprudnikov ivarprudnikov ivarprudnikov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@achamayou @ivarprudnikov @eddyashton