move validateAtTime to ProofOptions.ValidAt

vcr/signature/proof/jsonld.go

@@ -64,6 +64,20 @@ type ProofOptions struct {
 	ProofPurpose string `json:"proofPurpose"`
 }
 
+// ValidAt checks if the proof is valid at a certain given time.
+func (o ProofOptions) ValidAt(at time.Time, maxSkew time.Duration) bool {
+	// check if issuanceDate is before validAt
+	if o.Created.After(at.Add(maxSkew)) {
+		return false
+	}
+
+	// check if expirationDate is after validAt
+	if o.Expires != nil && o.Expires.Add(maxSkew).Before(at) {
+		return false
+	}
+	return true
+}
+
 // LDProof contains the fields of the Proof data model: https://w3c-ccg.github.io/data-integrity-spec/#proofs
 type LDProof struct {
 	ProofOptions

vcr/signature/proof/jsonld_test.go

@@ -245,3 +245,39 @@ func TestLDProof_Sign(t *testing.T) {
 		assert.Nil(t, result)
 	})
 }
+
+func TestProofOptions_ValidAt(t *testing.T) {
+	at := time.Now()
+	skew := 5 * time.Second
+	t.Run("valid", func(t *testing.T) {
+		exp := at.Add(1 * time.Hour)
+		valid := ProofOptions{
+			Created: at.Add(-1 * time.Hour),
+			Expires: &exp,
+		}.ValidAt(at, skew)
+		assert.True(t, valid)
+	})
+
+	t.Run("not yet valid", func(t *testing.T) {
+		valid := ProofOptions{
+			Created: at.Add(time.Hour),
+		}.ValidAt(at, skew)
+		assert.False(t, valid)
+	})
+
+	t.Run("expiration not set", func(t *testing.T) {
+		valid := ProofOptions{
+			Created: at.Add(-1 * time.Hour),
+		}.ValidAt(at, skew)
+		assert.True(t, valid)
+	})
+
+	t.Run("expired", func(t *testing.T) {
+		exp := at.Add(-1 * time.Hour)
+		valid := ProofOptions{
+			Created: at.Add(-2 * time.Hour),
+			Expires: &exp,
+		}.ValidAt(at, skew)
+		assert.False(t, valid)
+	})
+}

vcr/verifier/verifier_test.go

@@ -436,56 +436,6 @@ func TestVerifier_Verify(t *testing.T) {
 	})
 }
 
-func Test_verifier_validateAtTime(t *testing.T) {
-	var timeToCheck *time.Time
-	t.Run("no time provided", func(t *testing.T) {
-		timeToCheck = nil
-
-		t.Run("credential is valid", func(t *testing.T) {
-			sut := verifier{}
-			credentialToTest := testCredential(t)
-			valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck)
-			assert.True(t, valid)
-		})
-	})
-
-	t.Run("with a time provided", func(t *testing.T) {
-		now := time.Now()
-		t.Run("credential is valid at given time", func(t *testing.T) {
-			timeToCheck = &now
-			sut := verifier{}
-			credentialToTest := testCredential(t)
-			valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck)
-			assert.True(t, valid)
-		})
-
-		t.Run("credential is invalid when timeAt is before issuance", func(t *testing.T) {
-			beforeIssuance, err := time.Parse(time.RFC3339, "2006-10-05T14:33:12+02:00")
-			require.NoError(t, err)
-			timeToCheck = &beforeIssuance
-			sut := verifier{}
-			credentialToTest := testCredential(t)
-			valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck)
-			assert.False(t, valid)
-		})
-
-		t.Run("credential is invalid when timeAt is after expiration", func(t *testing.T) {
-			expireTime, err := time.Parse(time.RFC3339, "2021-10-05T14:33:12+02:00")
-			require.NoError(t, err)
-			afterExpire := expireTime.Add(10 * time.Hour)
-			timeToCheck = &afterExpire
-			sut := verifier{}
-			credentialToTest := testCredential(t)
-			// Set expirationDate since the testCredential does not have one
-			credentialToTest.ExpirationDate = &expireTime
-			valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck)
-			assert.False(t, valid)
-		})
-
-	})
-
-}
-
 func Test_verifier_CheckAndStoreRevocation(t *testing.T) {
 	rawVerificationMethod, _ := os.ReadFile("../test/revocation-public.json")
 	rawRevocation, _ := os.ReadFile("../test/ld-revocation.json")