chore: ValidateCredentialProof updates (#1396)

Signed-off-by: Mykhailo Sizov <[email protected]>
trustbloc · Sep 4, 2023 · d5232ce · d5232ce
1 parent 3c19d4e
commit d5232ce
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 22 deletions.
diff --git a/pkg/service/verifycredential/verifycredential_service.go b/pkg/service/verifycredential/verifycredential_service.go
@@ -112,56 +112,48 @@ func (s *Service) VerifyCredential(ctx context.Context, credential *verifiable.C
 	return result, nil
 }
 
-func (s *Service) parseAndVerifyLDPVC(vcBytes []byte) (*verifiable.Credential, error) {
+func (s *Service) parseAndVerifyVC(vcBytes []byte, isJWT bool) (*verifiable.Credential, error) {
 	diVerifier, err := s.getDataIntegrityVerifier()
 	if err != nil {
 		return nil, fmt.Errorf("get data integrity verifier: %w", err)
 	}
 
-	cred, err := verifiable.ParseCredential(vcBytes,
+	opts := []verifiable.CredentialOpt{
 		verifiable.WithPublicKeyFetcher(
 			verifiable.NewVDRKeyResolver(s.vdr).PublicKeyFetcher(),
 		),
 		verifiable.WithJSONLDDocumentLoader(s.documentLoader),
-		verifiable.WithStrictValidation(),
 		verifiable.WithDataIntegrityVerifier(diVerifier),
 		// Use empty domain and challenge in order to skip the validation.
 		// See usage of vcInVPValidation variable in ValidateCredentialProof method.
 		// TODO: define verifier purpose field.
 		verifiable.WithExpectedDataIntegrityFields(crypto.Authentication, "", ""),
-	)
-	if err != nil {
-		return nil, fmt.Errorf("verifiable credential proof validation error : %w", err)
 	}
 
-	return cred, nil
-}
+	if !isJWT {
+		opts = append(opts, verifiable.WithStrictValidation())
+	}
 
-func (s *Service) parseAndVerifyJWTVC(vcBytes []byte) error {
-	_, err := verifiable.ParseCredential(vcBytes,
-		verifiable.WithPublicKeyFetcher(
-			verifiable.NewVDRKeyResolver(s.vdr).PublicKeyFetcher(),
-		),
-		verifiable.WithJSONLDDocumentLoader(s.documentLoader))
+	cred, err := verifiable.ParseCredential(vcBytes, opts...)
 	if err != nil {
-		return fmt.Errorf("verifiable credential proof validation error : %w", err)
+		return nil, fmt.Errorf("verifiable credential proof validation error : %w", err)
 	}
 
-	return nil
+	return cred, nil
 }
 
 // ValidateCredentialProof validate credential proof.
 func (s *Service) ValidateCredentialProof(_ context.Context, vcByte []byte, proofChallenge, proofDomain string,
 	vcInVPValidation, isJWT bool) error { // nolint: lll,gocyclo
-	if isJWT {
-		return s.parseAndVerifyJWTVC(vcByte)
-	}
-
-	credential, err := s.parseAndVerifyLDPVC(vcByte)
+	credential, err := s.parseAndVerifyVC(vcByte, isJWT)
 	if err != nil {
 		return err
 	}
 
+	if len(credential.JWT) > 0 {
+		return nil
+	}
+
 	if len(credential.Proofs) == 0 {
 		return errors.New("verifiable credential doesn't contains proof")
 	}

diff --git a/pkg/service/verifycredential/verifycredential_service_test.go b/pkg/service/verifycredential/verifycredential_service_test.go
@@ -698,7 +698,7 @@ func TestService_ValidateCredentialProof(t *testing.T) {
 				vcInVPValidation: false,
 				isJWT:            true,
 			},
-			wantErr: false,
+			wantErr: true,
 		},
 	}
 	for _, tt := range tests {