feat!: Non-standard signatures are no more

Author: Peeja

principal/absentee/signer.go

@@ -3,11 +3,10 @@ package validator
 import "github.com/fil-forge/ucantone/ucan"
 
 type validationConfig struct {
-	resolveProof               ProofResolverFunc
-	resolveDIDVerifier         DIDVerifierResolverFunc
-	validationTime             ucan.UnixTimestamp
-	verifyNonStandardSignature NonStandardSignatureVerifierFunc
-	metadata                   ucan.Container
+	resolveProof       ProofResolverFunc
+	resolveDIDVerifier DIDVerifierResolverFunc
+	validationTime     ucan.UnixTimestamp
+	metadata           ucan.Container
 }
 
 // Option is an option configuring the validator.
@@ -44,14 +43,6 @@ func WithValidationTime(now ucan.UnixTimestamp) Option {
 	}
 }
 
-// WithNonStandardSignatureVerifier sets the function to be used for verifying
-// non-standard signature algorithms.
-func WithNonStandardSignatureVerifier(verifyNonStandardSignature NonStandardSignatureVerifierFunc) Option {
-	return func(vc *validationConfig) {
-		vc.verifyNonStandardSignature = verifyNonStandardSignature
-	}
-}
-
 // WithMetadata sets additional metadata that may be used during validation.
 func WithMetadata(meta ucan.Container) Option {
 	return func(vc *validationConfig) {

principal/absentee/signer_test.go

@@ -17,7 +17,6 @@ import (
 	"github.com/fil-forge/ucantone/ucan"
 	"github.com/fil-forge/ucantone/ucan/token"
 	verrs "github.com/fil-forge/ucantone/validator/errors"
-	"github.com/fil-forge/ucantone/varsig/algorithm/nonstandard"
 	"github.com/ipfs/go-cid"
 )
 
@@ -31,10 +30,9 @@ func ValidateInvocation(
 	options ...Option,
 ) error {
 	cfg := validationConfig{
-		resolveProof:               ProofUnavailable,
-		resolveDIDVerifier:         ResolveDIDKeyVerifier,
-		validationTime:             ucan.UnixTimestamp(time.Now().Unix()),
-		verifyNonStandardSignature: FailNonStandardSignatureVerification,
+		resolveProof:       ProofUnavailable,
+		resolveDIDVerifier: ResolveDIDKeyVerifier,
+		validationTime:     ucan.UnixTimestamp(time.Now().Unix()),
 	}
 	for _, opt := range options {
 		opt(&cfg)
@@ -106,10 +104,6 @@ func ValidateToken(ctx context.Context, tok ucan.Token, cfg validationConfig) er
 
 // verifyTokenSignature verifies the token was signed by the passed verifier.
 func verifyTokenSignature(ctx context.Context, tok ucan.Token, cfg validationConfig) error {
-	if tok.Signature().Header().SignatureAlgorithm().Code() == nonstandard.Code {
-		return cfg.verifyNonStandardSignature(ctx, tok, cfg.metadata)
-	}
-
 	verifier, err := cfg.resolveDIDVerifier(ctx, tok.Issuer())
 	if err != nil {
 		return err

validator/options.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/fil-forge/ucantone/did"
 	"github.com/fil-forge/ucantone/ipld/datamodel"
-	"github.com/fil-forge/ucantone/principal/absentee"
 	"github.com/fil-forge/ucantone/principal/ed25519"
 	"github.com/fil-forge/ucantone/principal/secp256k1"
 	"github.com/fil-forge/ucantone/testutil"
@@ -447,78 +446,6 @@ func TestValidate(t *testing.T) {
 		)
 		require.Error(t, err)
 	})
-
-	t.Run("with non-standard signature in chain", func(t *testing.T) {
-		subject := testutil.RandomSigner(t)
-		alice := absentee.From(testutil.Must(did.Parse("did:mailto:web.mail:alice"))(t))
-		bob := testutil.RandomSigner(t)
-
-		del1, err := delegation.Delegate(subject, alice.DID(), subject.DID(), crankWidget)
-		require.NoError(t, err)
-		// del2 is "signed" by alice, who is an absentee signer and produces a
-		// non-standard signature.
-		del2, err := delegation.Delegate(alice, bob.DID(), did.Undef, crankWidget)
-		require.NoError(t, err)
-
-		inv, err := invocation.Invoke(
-			bob,
-			subject.DID(),
-			crankWidget,
-			datamodel.Map{},
-			invocation.WithProofs(del1.Link(), del2.Link()),
-		)
-		require.NoError(t, err)
-
-		resolveProof := validator.ProofsFromContainer(
-			container.New(container.WithDelegations(del1, del2)),
-		)
-
-		t.Run("rejects by default", func(t *testing.T) {
-			err = validator.ValidateInvocation(
-				t.Context(),
-				inv,
-				validator.WithProofResolver(resolveProof),
-				validator.WithDIDVerifierResolvers(validator.VerifierResolverMap{
-					"key": validator.ResolveDIDKeyVerifier,
-					"mailto": func(ctx context.Context, d did.DID) (ucan.Verifier, error) {
-						require.Fail(t, "shouldn't try to resolve a verifier for a non-standard signature")
-						return nil, nil
-					},
-				}),
-			)
-			require.ErrorContains(t, err, "no non-standard signature verifier configured")
-		})
-
-		t.Run("rejects according to non-standard signature verifier", func(t *testing.T) {
-			err = validator.ValidateInvocation(
-				t.Context(),
-				inv,
-				validator.WithProofResolver(resolveProof),
-				validator.WithNonStandardSignatureVerifier(
-					func(ctx context.Context, token ucan.Token, meta ucan.Container) error {
-						require.Equal(t, del2.Link(), token.Link(), "should be asked to verify the non-standard signature for the correct token")
-						return errors.New("non-standard error failed as expected")
-					},
-				),
-			)
-			require.ErrorContains(t, err, "non-standard error failed as expected")
-		})
-
-		t.Run("validates according to non-standard signature verifier", func(t *testing.T) {
-			err = validator.ValidateInvocation(
-				t.Context(),
-				inv,
-				validator.WithProofResolver(resolveProof),
-				validator.WithNonStandardSignatureVerifier(
-					func(ctx context.Context, token ucan.Token, meta ucan.Container) error {
-						require.Equal(t, del2.Link(), token.Link(), "should be asked to verify the non-standard signature for the correct token")
-						return nil
-					},
-				),
-			)
-			require.NoError(t, err)
-		})
-	})
 }
 
 func TestResolveDIDKeyVerifier(t *testing.T) {