feat: jwk validation

Signed-off-by: Daniel Bluhm <[email protected]>
Indicio-tech · Aug 12, 2024 · b28b7fd · b28b7fd
1 parent 00371a2
commit b28b7fd
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/didcomm_messaging/resolver/jwk.py b/didcomm_messaging/resolver/jwk.py
@@ -13,7 +13,7 @@
 class JWKResolver(DIDResolver):
     """Resolve did:jwk."""
 
-    PATTERN = re.compile(r"^did:jwk:(?P<did>.*)$")
+    PATTERN = re.compile(r"^did:jwk:(?P<did>[A-Za-z0-9\-_]+)$")
 
     async def resolve(self, did: str) -> dict:
         """Resolve a did:jwk."""
@@ -22,7 +22,17 @@ async def resolve(self, did: str) -> dict:
         else:
             raise DIDResolutionError(f"Invalid DID: {did}")
 
-        jwk = json.loads(b64.decode(encoded))
+        try:
+            jwk = json.loads(b64.decode(encoded))
+        except json.JSONDecodeError:
+            raise DIDResolutionError("Invalid JWK")
+
+        if not isinstance(jwk, dict):
+            raise DIDResolutionError("Invalid JWK")
+
+        if "kty" not in jwk:
+            raise DIDResolutionError("Invalid JWK")
+
         doc = {
             "@context": [
                 "https://www.w3.org/ns/did/v1",