From b28b7fd23265156f1eaf5710f600da9cc247fa81 Mon Sep 17 00:00:00 2001
From: Daniel Bluhm <dbluhm@pm.me>
Date: Mon, 12 Aug 2024 12:42:19 -0400
Subject: [PATCH] feat: jwk validation

Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
---
 didcomm_messaging/resolver/jwk.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/didcomm_messaging/resolver/jwk.py b/didcomm_messaging/resolver/jwk.py
index 1ec5600..f9b1c1f 100644
--- a/didcomm_messaging/resolver/jwk.py
+++ b/didcomm_messaging/resolver/jwk.py
@@ -13,7 +13,7 @@
 class JWKResolver(DIDResolver):
     """Resolve did:jwk."""
 
-    PATTERN = re.compile(r"^did:jwk:(?P<did>.*)$")
+    PATTERN = re.compile(r"^did:jwk:(?P<did>[A-Za-z0-9\-_]+)$")
 
     async def resolve(self, did: str) -> dict:
         """Resolve a did:jwk."""
@@ -22,7 +22,17 @@ async def resolve(self, did: str) -> dict:
         else:
             raise DIDResolutionError(f"Invalid DID: {did}")
 
-        jwk = json.loads(b64.decode(encoded))
+        try:
+            jwk = json.loads(b64.decode(encoded))
+        except json.JSONDecodeError:
+            raise DIDResolutionError("Invalid JWK")
+
+        if not isinstance(jwk, dict):
+            raise DIDResolutionError("Invalid JWK")
+
+        if "kty" not in jwk:
+            raise DIDResolutionError("Invalid JWK")
+
         doc = {
             "@context": [
                 "https://www.w3.org/ns/did/v1",