Fix error handling in LD Signatures verification

dahlia · Nov 12, 2024 · 51a4824 · 51a4824
1 parent 9ccac4a
commit 51a4824
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -13,6 +13,11 @@ To be released.
     <q>Body already consumed</q> when the content type of the response was
     an HTML document and there's no link to a JSON-LD document.
 
+ -  Fixed a bug where `verifySignature()` and `verifyJsonLd()` functions
+    sometimes had thrown a `jsonld.ValidationError` error.  Now such errors
+    are caught and logged as warnings, and the signature to verify is considered
+    as invalid.
+
 
 Version 1.0.7
 -------------

diff --git a/src/sig/ld.ts b/src/sig/ld.ts
@@ -238,10 +238,28 @@ export async function verifySignature(
   delete sigOpts.type;
   delete sigOpts.id;
   delete sigOpts.signatureValue;
-  const sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader);
+  let sigOptsHash: string;
+  try {
+    sigOptsHash = await hashJsonLd(sigOpts, options.contextLoader);
+  } catch (error) {
+    logger.warn(
+      "Failed to verify; failed to hash the signature options: {signatureOptions}\n{error}",
+      { signatureOptions: sigOpts, error },
+    );
+    return null;
+  }
   const document: { signature?: unknown } = { ...jsonLd };
   delete document.signature;
-  const docHash = await hashJsonLd(document, options.contextLoader);
+  let docHash: string;
+  try {
+    docHash = await hashJsonLd(document, options.contextLoader);
+  } catch (error) {
+    logger.warn(
+      "Failed to verify; failed to hash the document: {document}\n{error}",
+      { document, error },
+    );
+    return null;
+  }
   const encoder = new TextEncoder();
   const message = sigOptsHash + docHash;
   const messageBytes = encoder.encode(message);