From 0306b39d8a1d08c83a0129cd88113163bb893797 Mon Sep 17 00:00:00 2001
From: Rein Krul <info@reinkrul.nl>
Date: Thu, 30 Nov 2023 14:54:33 +0100
Subject: [PATCH] remove requirement retraction ID is scoped to issuer

---
 discovery/module.go      | 13 ++-----------
 discovery/module_test.go | 18 ------------------
 2 files changed, 2 insertions(+), 29 deletions(-)

diff --git a/discovery/module.go b/discovery/module.go
index 5e359e2ce2..ce7fd89642 100644
--- a/discovery/module.go
+++ b/discovery/module.go
@@ -22,7 +22,6 @@ import (
 	"errors"
 	"fmt"
 	ssi "github.com/nuts-foundation/go-did"
-	"github.com/nuts-foundation/go-did/did"
 	"github.com/nuts-foundation/go-did/vc"
 	"github.com/nuts-foundation/nuts-node/core"
 	"github.com/nuts-foundation/nuts-node/storage"
@@ -186,9 +185,8 @@ func (m *Module) validateRetraction(serviceID string, presentation vc.Verifiable
 	if len(presentation.VerifiableCredential) > 0 {
 		return errors.New("retraction presentation must not contain credentials")
 	}
-	// Check that the retraction refers to a presentation that:
-	// - is owned by the signer (same DID)
-	// - exists (if not, it might've already been removed due to expiry, or superseeded by a newer presentation)
+	// Check that the retraction refers to an existing presentation.
+	// If not, it might've already been removed due to expiry or superseded by a newer presentation.
 	var retractJTIString string
 	if retractJTIRaw, ok := presentation.JWT().Get("retract_jti"); !ok {
 		return errors.New("retraction presentation does not contain 'retract_jti' claim")
@@ -198,13 +196,6 @@ func (m *Module) validateRetraction(serviceID string, presentation vc.Verifiable
 		}
 	}
 	signerDID, _ := credential.PresentationSigner(presentation) // checked before
-	retractJTI, err := did.ParseDIDURL(retractJTIString)
-	if err != nil {
-		return fmt.Errorf("retraction presentation 'retract_jti' claim is not a valid DID URL: %w", err)
-	}
-	if !signerDID.Equals(retractJTI.DID) {
-		return errors.New("retraction presentation 'retract_jti' claim DID does not match JWT issuer")
-	}
 	exists, err := m.store.exists(serviceID, signerDID.String(), retractJTIString)
 	if err != nil {
 		return err
diff --git a/discovery/module_test.go b/discovery/module_test.go
index 4c93de5cc0..4c6d96b570 100644
--- a/discovery/module_test.go
+++ b/discovery/module_test.go
@@ -184,24 +184,6 @@ func Test_Module_Add(t *testing.T) {
 			err := m.Add(testServiceID, vp)
 			assert.EqualError(t, err, "retraction presentation 'retract_jti' claim is not a string")
 		})
-		t.Run("'retract_jti' claim in not a valid DID", func(t *testing.T) {
-			m, _ := setupModule(t, storageEngine)
-			vp := createPresentationCustom(aliceDID, func(claims map[string]interface{}, vp *vc.VerifiablePresentation) {
-				vp.Type = append(vp.Type, retractionPresentationType)
-				claims["retract_jti"] = "not a DID"
-			})
-			err := m.Add(testServiceID, vp)
-			assert.EqualError(t, err, "retraction presentation 'retract_jti' claim is not a valid DID URL: invalid DID")
-		})
-		t.Run("'retract_jti' claim does not reference a presentation of the signer", func(t *testing.T) {
-			m, _ := setupModule(t, storageEngine)
-			vp := createPresentationCustom(aliceDID, func(claims map[string]interface{}, vp *vc.VerifiablePresentation) {
-				vp.Type = append(vp.Type, retractionPresentationType)
-				claims["retract_jti"] = bobDID.String()
-			})
-			err := m.Add(testServiceID, vp)
-			assert.EqualError(t, err, "retraction presentation 'retract_jti' claim DID does not match JWT issuer")
-		})
 	})
 }