You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Verify discarded the error from did.ParseDID(credentialToVerify.Issuer.String()) and then dereferenced the resulting (possibly nil) *did.DID at v.didResolver.Resolve(*issuerDID, &metadata), panicking the node when an external issuer emitted a non-RFC3986 did:x509.
Surface the parse error as a regular validation failure ("could not validate issuer: ...") so the request fails cleanly with a 4xx instead of crashing the verifier goroutine.
Added a regression test under TestVerifier_Verify/with_signature_check that wraps the call in require.NotPanics and asserts the error is surfaced. The test panics on master and passes with this change.
Applied both suggestions in c22d536: the parse-error path now reads could not parse issuer and the test asserts on that message. go test ./vcr/verifier/... is green. The commit is SSH-signed but the signing key on this account is not yet registered as a verified signing key on github.com, so GitHub still shows it as unverified. Will get the SSH signing public key added under Settings -> SSH and GPG keys -> Signing key shortly so the verification badge flips on.
Applied both suggestions, the parse-path error now says 'could not parse issuer' and the assertion was updated to match. Pushed 2ce91f9.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
SAY-5
requested review from
gerardsn,
reinkrul,
stevenvegt and
woutslakhorst
as code owners
Closes #4235
Verifydiscarded the error fromdid.ParseDID(credentialToVerify.Issuer.String())and then dereferenced the resulting (possibly nil)*did.DIDatv.didResolver.Resolve(*issuerDID, &metadata), panicking the node when an external issuer emitted a non-RFC3986did:x509.Surface the parse error as a regular validation failure (
"could not validate issuer: ...") so the request fails cleanly with a 4xx instead of crashing the verifier goroutine.Added a regression test under
TestVerifier_Verify/with_signature_checkthat wraps the call inrequire.NotPanicsand asserts the error is surfaced. The test panics onmasterand passes with this change.