From f68f697d37d96c204f261a1a3ecf2f7b70f8ca1d Mon Sep 17 00:00:00 2001 From: Rein Krul Date: Tue, 5 Dec 2023 13:34:48 +0100 Subject: [PATCH] move validateAtTime to ProofOptions.ValidAt --- vcr/signature/proof/jsonld.go | 14 +++++++++ vcr/signature/proof/jsonld_test.go | 36 +++++++++++++++++++++ vcr/verifier/verifier_test.go | 50 ------------------------------ 3 files changed, 50 insertions(+), 50 deletions(-) diff --git a/vcr/signature/proof/jsonld.go b/vcr/signature/proof/jsonld.go index a86dc2fe44..124ff075fd 100644 --- a/vcr/signature/proof/jsonld.go +++ b/vcr/signature/proof/jsonld.go @@ -64,6 +64,20 @@ type ProofOptions struct { ProofPurpose string `json:"proofPurpose"` } +// ValidAt checks if the proof is valid at a certain given time. +func (o ProofOptions) ValidAt(at time.Time, maxSkew time.Duration) bool { + // check if issuanceDate is before validAt + if o.Created.After(at.Add(maxSkew)) { + return false + } + + // check if expirationDate is after validAt + if o.Expires != nil && o.Expires.Add(maxSkew).Before(at) { + return false + } + return true +} + // LDProof contains the fields of the Proof data model: https://w3c-ccg.github.io/data-integrity-spec/#proofs type LDProof struct { ProofOptions diff --git a/vcr/signature/proof/jsonld_test.go b/vcr/signature/proof/jsonld_test.go index a1a3a07c78..7ae8106e99 100644 --- a/vcr/signature/proof/jsonld_test.go +++ b/vcr/signature/proof/jsonld_test.go @@ -245,3 +245,39 @@ func TestLDProof_Sign(t *testing.T) { assert.Nil(t, result) }) } + +func TestProofOptions_ValidAt(t *testing.T) { + at := time.Now() + skew := 5 * time.Second + t.Run("valid", func(t *testing.T) { + exp := at.Add(1 * time.Hour) + valid := ProofOptions{ + Created: at.Add(-1 * time.Hour), + Expires: &exp, + }.ValidAt(at, skew) + assert.True(t, valid) + }) + + t.Run("not yet valid", func(t *testing.T) { + valid := ProofOptions{ + Created: at.Add(time.Hour), + }.ValidAt(at, skew) + assert.False(t, valid) + }) + + t.Run("expiration not set", func(t *testing.T) { + valid := ProofOptions{ + Created: at.Add(-1 * time.Hour), + }.ValidAt(at, skew) + assert.True(t, valid) + }) + + t.Run("expired", func(t *testing.T) { + exp := at.Add(-1 * time.Hour) + valid := ProofOptions{ + Created: at.Add(-2 * time.Hour), + Expires: &exp, + }.ValidAt(at, skew) + assert.False(t, valid) + }) +} diff --git a/vcr/verifier/verifier_test.go b/vcr/verifier/verifier_test.go index 2871518be4..964ee07082 100644 --- a/vcr/verifier/verifier_test.go +++ b/vcr/verifier/verifier_test.go @@ -436,56 +436,6 @@ func TestVerifier_Verify(t *testing.T) { }) } -func Test_verifier_validateAtTime(t *testing.T) { - var timeToCheck *time.Time - t.Run("no time provided", func(t *testing.T) { - timeToCheck = nil - - t.Run("credential is valid", func(t *testing.T) { - sut := verifier{} - credentialToTest := testCredential(t) - valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck) - assert.True(t, valid) - }) - }) - - t.Run("with a time provided", func(t *testing.T) { - now := time.Now() - t.Run("credential is valid at given time", func(t *testing.T) { - timeToCheck = &now - sut := verifier{} - credentialToTest := testCredential(t) - valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck) - assert.True(t, valid) - }) - - t.Run("credential is invalid when timeAt is before issuance", func(t *testing.T) { - beforeIssuance, err := time.Parse(time.RFC3339, "2006-10-05T14:33:12+02:00") - require.NoError(t, err) - timeToCheck = &beforeIssuance - sut := verifier{} - credentialToTest := testCredential(t) - valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck) - assert.False(t, valid) - }) - - t.Run("credential is invalid when timeAt is after expiration", func(t *testing.T) { - expireTime, err := time.Parse(time.RFC3339, "2021-10-05T14:33:12+02:00") - require.NoError(t, err) - afterExpire := expireTime.Add(10 * time.Hour) - timeToCheck = &afterExpire - sut := verifier{} - credentialToTest := testCredential(t) - // Set expirationDate since the testCredential does not have one - credentialToTest.ExpirationDate = &expireTime - valid := sut.validateAtTime(*credentialToTest.IssuanceDate, credentialToTest.ExpirationDate, timeToCheck) - assert.False(t, valid) - }) - - }) - -} - func Test_verifier_CheckAndStoreRevocation(t *testing.T) { rawVerificationMethod, _ := os.ReadFile("../test/revocation-public.json") rawRevocation, _ := os.ReadFile("../test/ld-revocation.json")