feat: Add "no proof check" option for VC decoding

closes hyperledger-archives#1002 Signed-off-by: Dima <[email protected]>
kdimak · Dec 20, 2019 · 850df82 · 850df82
1 parent ae79892
commit 850df82
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 13 deletions.
diff --git a/pkg/doc/verifiable/credential.go b/pkg/doc/verifiable/credential.go
@@ -426,11 +426,19 @@ type credentialOpts struct {
 	modelValidationMode    vcModelValidationMode
 	allowedCustomContexts  map[string]bool
 	allowedCustomTypes     map[string]bool
+	disabledProofCheck     bool
 }
 
 // CredentialOpt is the Verifiable Credential decoding option
 type CredentialOpt func(opts *credentialOpts)
 
+// WithNoProofCheck disables checking of Verifiable Credential's proofs.
+func WithNoProofCheck() CredentialOpt {
+	return func(opts *credentialOpts) {
+		opts.disabledProofCheck = true
+	}
+}
+
 // WithNoCustomSchemaCheck option is for disabling of Credential Schemas download if defined
 // in Verifiable Credential. Instead, the Verifiable Credential is checked against default Schema.
 func WithNoCustomSchemaCheck() CredentialOpt {
@@ -573,7 +581,7 @@ func NewCredential(vcData []byte, opts ...CredentialOpt) (*Credential, []byte, e
 	vcOpts := parseCredentialOpts(opts)
 
 	// Decode credential (e.g. from JWT).
-	vcDataDecoded, err := decodeRaw(vcData, vcOpts.issuerPublicKeyFetcher)
+	vcDataDecoded, err := decodeRaw(vcData, !vcOpts.disabledProofCheck, vcOpts.issuerPublicKeyFetcher)
 	if err != nil {
 		return nil, nil, fmt.Errorf("decode new credential: %w", err)
 	}
@@ -735,7 +743,8 @@ func newCredential(raw *rawCredential, schemas []TypedID) (*Credential, error) {
 	}, nil
 }
 
-func decodeRaw(vcData []byte, pubKeyFetcher PublicKeyFetcher) ([]byte, error) {
+func decodeRaw(vcData []byte, checkProof bool, pubKeyFetcher PublicKeyFetcher) ([]byte, error) {
+	// todo use checkProof
 	if isJWS(vcData) {
 		if pubKeyFetcher == nil {
 			return nil, errors.New("public key fetcher is not defined")

diff --git a/pkg/doc/verifiable/credential_test.go b/pkg/doc/verifiable/credential_test.go
@@ -603,6 +603,15 @@ func TestJSONConversionCompositeIssuer(t *testing.T) {
 	require.Equal(t, vc, cred2)
 }
 
+func TestWithNoProofCheck(t *testing.T) {
+	credentialOpt := WithNoProofCheck()
+	require.NotNil(t, credentialOpt)
+
+	opts := &credentialOpts{}
+	credentialOpt(opts)
+	require.True(t, opts.disabledProofCheck)
+}
+
 func TestWithDisabledExternalSchemaCheck(t *testing.T) {
 	credentialOpt := WithNoCustomSchemaCheck()
 	require.NotNil(t, credentialOpt)

diff --git a/pkg/doc/verifiable/example_presentation_test.go b/pkg/doc/verifiable/example_presentation_test.go
@@ -90,7 +90,7 @@ func ExamplePresentation_JWTClaims() {
 `
 
 	// The Holder wants to send the presentation to the Verifier in JWS.
-	vp, err := verifiable.NewPresentation([]byte(vpStrFromWallet), verifiable.WithPresSkippedEmbeddedProofCheck())
+	vp, err := verifiable.NewPresentation([]byte(vpStrFromWallet), verifiable.WithPresNoProofCheck())
 	if err != nil {
 		fmt.Println(fmt.Errorf("failed to decode VP JSON: %w", err))
 	}

diff --git a/pkg/doc/verifiable/presentation.go b/pkg/doc/verifiable/presentation.go
@@ -253,8 +253,8 @@ type rawPresentation struct {
 
 // presentationOpts holds options for the Verifiable Presentation decoding
 type presentationOpts struct {
-	publicKeyFetcher       PublicKeyFetcher
-	skipEmbeddedProofCheck bool
+	publicKeyFetcher   PublicKeyFetcher
+	disabledProofCheck bool
 }
 
 // PresentationOpt is the Verifiable Presentation decoding option
@@ -268,10 +268,10 @@ func WithPresPublicKeyFetcher(fetcher PublicKeyFetcher) PresentationOpt {
 	}
 }
 
-// WithPresSkippedEmbeddedProofCheck tells to skip a check of embedded proof presence.
-func WithPresSkippedEmbeddedProofCheck() PresentationOpt {
+// WithPresNoProofCheck tells to skip a check of embedded proof presence.
+func WithPresNoProofCheck() PresentationOpt {
 	return func(opts *presentationOpts) {
-		opts.skipEmbeddedProofCheck = true
+		opts.disabledProofCheck = true
 	}
 }
 
@@ -296,7 +296,7 @@ func NewPresentation(vpData []byte, opts ...PresentationOpt) (*Presentation, err
 	}
 
 	// check that embedded proof is present, if not, it's not a verifiable presentation
-	if !vpOpts.skipEmbeddedProofCheck && !vpRaw.proved && vpRaw.Proof == nil {
+	if !vpOpts.disabledProofCheck && !vpRaw.proved && vpRaw.Proof == nil {
 		return nil, errors.New("embedded proof is missing")
 	}
 
@@ -342,7 +342,7 @@ func decodeCredentials(rawCred interface{}, opts *presentationOpts) ([]interface
 		if sCred, ok := cred.(string); ok {
 			bCred := []byte(sCred)
 
-			credDecoded, err := decodeRaw(bCred, opts.publicKeyFetcher)
+			credDecoded, err := decodeRaw(bCred, opts.disabledProofCheck, opts.publicKeyFetcher)
 			if err != nil {
 				return nil, fmt.Errorf("decode credential of presentation: %w", err)
 			}

diff --git a/pkg/doc/verifiable/presentation_test.go b/pkg/doc/verifiable/presentation_test.go
@@ -335,12 +335,12 @@ func TestPresentation_MarshalJSON(t *testing.T) {
 }
 
 func TestWithPresSkippedEmbeddedProofCheck(t *testing.T) {
-	vpOpt := WithPresSkippedEmbeddedProofCheck()
+	vpOpt := WithPresNoProofCheck()
 	require.NotNil(t, vpOpt)
 
 	opts := &presentationOpts{}
 	vpOpt(opts)
-	require.True(t, opts.skipEmbeddedProofCheck)
+	require.True(t, opts.disabledProofCheck)
 }
 
 func TestPresentation_SetCredentials(t *testing.T) {

diff --git a/pkg/doc/verifiable/test-suite/verifiable_suite_test.go b/pkg/doc/verifiable/test-suite/verifiable_suite_test.go
@@ -93,7 +93,7 @@ func encodeVCToJWS(vcBytes []byte, privateKey interface{}) {
 
 func encodeVPToJWS(vpBytes []byte, audience string, privateKey, publicKey interface{}) {
 	vp, err := verifiable.NewPresentation(vpBytes,
-		verifiable.WithPresSkippedEmbeddedProofCheck(),
+		verifiable.WithPresNoProofCheck(),
 		// the public key is used to decode verifiable credentials passed as JWS to the presentation
 		verifiable.WithPresPublicKeyFetcher(verifiable.SingleKey(publicKey)))
 	if err != nil {