From 8debdd3824b53397de001f10096508cba9471486 Mon Sep 17 00:00:00 2001
From: Ivan Chub <ivansergchub@gmail.com>
Date: Wed, 13 Nov 2024 00:33:57 -0800
Subject: [PATCH] use multiprocess service for verification

---
 apps/passport-server/src/services.ts          |  5 +++-
 .../subservices/CredentialSubservice.ts       | 23 +++++++++++++++----
 .../lib/passport-interface/src/Credential.ts  | 19 +++++++++++----
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/apps/passport-server/src/services.ts b/apps/passport-server/src/services.ts
index 70e28a149c..c75ab7345f 100644
--- a/apps/passport-server/src/services.ts
+++ b/apps/passport-server/src/services.ts
@@ -39,7 +39,10 @@ export async function startServices(
     rollbarService,
     discordService
   );
-  const credentialSubservice = await startCredentialSubservice(context.dbPool);
+  const credentialSubservice = await startCredentialSubservice(
+    context.dbPool,
+    multiprocessService
+  );
   const provingService = await startProvingService(rollbarService);
   const emailService = startEmailService(context, apis.emailAPI);
   const emailTokenService = startEmailTokenService();
diff --git a/apps/passport-server/src/services/generic-issuance/subservices/CredentialSubservice.ts b/apps/passport-server/src/services/generic-issuance/subservices/CredentialSubservice.ts
index d5b9fd1625..62b078c56b 100644
--- a/apps/passport-server/src/services/generic-issuance/subservices/CredentialSubservice.ts
+++ b/apps/passport-server/src/services/generic-issuance/subservices/CredentialSubservice.ts
@@ -9,6 +9,7 @@ import {
 import { LRUCache } from "lru-cache";
 import { Pool } from "postgres-pool";
 import { loadZupassEdDSAPublicKey } from "../../issuanceService";
+import { MultiProcessService } from "../../multiProcessService";
 import { traced } from "../../telemetryService";
 
 /**
@@ -22,11 +23,17 @@ export class CredentialSubservice {
   private verificationCache: LRUCache<string, Promise<VerifiedCredential>>;
   private zupassPublicKey: EdDSAPublicKey;
   private dbPool: Pool | undefined;
+  private multiProcessService: MultiProcessService;
 
-  public constructor(zupassPublicKey: EdDSAPublicKey, dbPool?: Pool) {
+  public constructor(
+    zupassPublicKey: EdDSAPublicKey,
+    multiProcessService: MultiProcessService,
+    dbPool?: Pool
+  ) {
     this.verificationCache = new LRUCache({ max: 20000 });
     this.zupassPublicKey = zupassPublicKey;
     this.dbPool = dbPool;
+    this.multiProcessService = multiProcessService;
   }
 
   public tryVerify(
@@ -46,7 +53,10 @@ export class CredentialSubservice {
     if (cached) {
       return cached;
     }
-    const promise = verifyCredential(credential).catch((err) => {
+    const promise = verifyCredential(
+      credential,
+      this.multiProcessService.verifySignaturePCD
+    ).catch((err) => {
       this.verificationCache.delete(key);
       throw err;
     });
@@ -105,7 +115,8 @@ export class CredentialSubservice {
 }
 
 export async function startCredentialSubservice(
-  dbPool: Pool
+  dbPool: Pool,
+  multiProcessService: MultiProcessService
 ): Promise<CredentialSubservice> {
   const zupassEddsaPublicKey = await loadZupassEdDSAPublicKey();
 
@@ -113,5 +124,9 @@ export async function startCredentialSubservice(
     throw new Error("Missing generic issuance zupass public key");
   }
 
-  return new CredentialSubservice(zupassEddsaPublicKey, dbPool);
+  return new CredentialSubservice(
+    zupassEddsaPublicKey,
+    multiProcessService,
+    dbPool
+  );
 }
diff --git a/packages/lib/passport-interface/src/Credential.ts b/packages/lib/passport-interface/src/Credential.ts
index 10f966f6e9..58f7c94b11 100644
--- a/packages/lib/passport-interface/src/Credential.ts
+++ b/packages/lib/passport-interface/src/Credential.ts
@@ -105,15 +105,26 @@ export class VerificationError extends Error {}
  * application code has access to but library code such as this does not).
  */
 export async function verifyCredential(
-  credential: Credential
+  credential: Credential,
+  verifySignature?: (
+    signature: SerializedPCD<SemaphoreSignaturePCD>
+  ) => Promise<boolean>
 ): Promise<VerifiedCredential> {
   if (credential.type !== SemaphoreSignaturePCDPackage.name) {
     throw new VerificationError(`Credential is not a Semaphore Signature PCD`);
   }
-  // Ensure that the signature part of the credential verifies.
+
   const pcd = await SemaphoreSignaturePCDPackage.deserialize(credential.pcd);
-  if (!(await SemaphoreSignaturePCDPackage.verify(pcd))) {
-    throw new VerificationError(`Could not verify signature PCD`);
+
+  // Ensure that the signature part of the credential verifies.
+  if (verifySignature) {
+    if (!(await verifySignature(credential))) {
+      throw new VerificationError(`Could not verify signature PCD`);
+    }
+  } else {
+    if (!(await SemaphoreSignaturePCDPackage.verify(pcd))) {
+      throw new VerificationError(`Could not verify signature PCD`);
+    }
   }
 
   // Parse data from the Semaphore Signature claim. Will throw if the message