fix(sdk): Stops including binding in assertion hashes (#1681)

opentdf · Oct 24, 2024 · a4583b0 · a4583b0
1 parent 069f939
commit a4583b0
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 6 deletions.
diff --git a/sdk/assertion.go b/sdk/assertion.go
@@ -28,7 +28,7 @@ type Assertion struct {
 	Scope          Scope          `json:"scope"`
 	AppliesToState AppliesToState `json:"appliesToState,omitempty"`
 	Statement      Statement      `json:"statement"`
-	Binding        Binding        `json:"binding"`
+	Binding        Binding        `json:"binding,omitempty"`
 }
 
 var errAssertionVerifyKeyFailure = errors.New("assertion: failed to verify with provided key")
@@ -90,18 +90,34 @@ func (a Assertion) Verify(key AssertionKey) (string, string, error) {
 
 // GetHash returns the hash of the assertion in hex format.
 func (a Assertion) GetHash() ([]byte, error) {
-	// clear out the binding
-	a.Binding.Method = ""
-	a.Binding.Signature = ""
+	// Clear out the binding
+	a.Binding = Binding{}
 
+	// Marshal the assertion to JSON
 	assertionJSON, err := json.Marshal(a)
 	if err != nil {
-		return nil, fmt.Errorf("json.Marshal failed:%w", err)
+		return nil, fmt.Errorf("json.Marshal failed: %w", err)
 	}
 
+	// Unmarshal the JSON into a map to manipulate it
+	var jsonObject map[string]interface{}
+	if err := json.Unmarshal(assertionJSON, &jsonObject); err != nil {
+		return nil, fmt.Errorf("json.Unmarshal failed: %w", err)
+	}
+
+	// Remove the binding key
+	delete(jsonObject, "binding")
+
+	// Marshal the map back to JSON
+	assertionJSON, err = json.Marshal(jsonObject)
+	if err != nil {
+		return nil, fmt.Errorf("json.Marshal failed: %w", err)
+	}
+
+	// Transform the JSON using JCS
 	transformedJSON, err := jcs.Transform(assertionJSON)
 	if err != nil {
-		return nil, fmt.Errorf("jcs.Transform failed:%w", err)
+		return nil, fmt.Errorf("jcs.Transform failed: %w", err)
 	}
 
 	return ocrypto.SHA256AsHex(transformedJSON), nil

diff --git a/sdk/assertion_test.go b/sdk/assertion_test.go
@@ -0,0 +1,35 @@
+package sdk
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTDFWithAssertion(t *testing.T) {
+	assertionConfig := AssertionConfig{
+		ID:             "424ff3a3-50ca-4f01-a2ae-ef851cd3cac0",
+		Type:           "handling",
+		Scope:          "tdo",
+		AppliesToState: "encrypted",
+		Statement: Statement{
+			Format: "json+stanag5636",
+			Schema: "urn:nato:stanag:5636:A:1:elements:json",
+			Value:  "{\"ocl\":{\"pol\":\"62c76c68-d73d-4628-8ccc-4c1e18118c22\",\"cls\":\"SECRET\",\"catl\":[{\"type\":\"P\",\"name\":\"Releasable To\",\"vals\":[\"usa\"]}],\"dcr\":\"2024-10-21T20:47:36Z\"},\"context\":{\"@base\":\"urn:nato:stanag:5636:A:1:elements:json\"}}",
+		},
+	}
+
+	assertion := Assertion{}
+
+	assertion.ID = assertionConfig.ID
+	assertion.Type = assertionConfig.Type
+	assertion.Scope = assertionConfig.Scope
+	assertion.Statement = assertionConfig.Statement
+	assertion.AppliesToState = assertionConfig.AppliesToState
+
+	hashOfAssertion, err := assertion.GetHash()
+	require.NoError(t, err)
+
+	assert.Equal(t, "4a447a13c5a32730d20bdf7feecb9ffe16649bc731914b574d80035a3927f860", string(hashOfAssertion))
+}