fix: verify credential before issuer verification

energywebfoundation · Sep 9, 2022 · 111923b · 111923b
1 parent 5f99392
commit 111923b
Showing 1 changed file with 18 additions and 20 deletions.
diff --git a/src/modules/claims/claims.service.ts b/src/modules/claims/claims.service.ts
@@ -1459,20 +1459,27 @@ export class ClaimsService {
     if (!issuerDID) {
       throw new Error(ERROR_MESSAGES.NO_ISSUER_SPECIFIED);
     }
-
     let proofVerified;
+    let issuerVerified = true;
+
     try {
       proofVerified = await this._verifiableCredentialService.verify(vc);
     } catch (e) {
       proofVerified = false;
       errors.push((e as Error).message);
     }
-
+    if (vc.credentialStatus) {
+      try {
+        await this._statusVerifier.verifyCredentialStatus(vc.credentialStatus);
+      } catch (e) {
+        issuerVerified = false;
+        errors.push((e as Error).message);
+      }
+    }
     if (!proofVerified) {
       errors.push(ERROR_MESSAGES.PROOF_NOT_VERIFIED);
     }
     const role = vc.credentialSubject.role.namespace;
-    let issuerVerified = true;
     try {
       if (typeof issuerDID === 'string') {
         await this._issuerVerification.verifyIssuer(issuerDID, role);
@@ -1483,15 +1490,6 @@ export class ClaimsService {
       issuerVerified = false;
       errors.push((e as Error).message);
     }
-
-    if (vc.credentialStatus) {
-      try {
-        await this._statusVerifier.verifyCredentialStatus(vc.credentialStatus);
-      } catch (e) {
-        issuerVerified = false;
-        errors.push((e as Error).message);
-      }
-    }
     return {
       errors,
       isVerified: proofVerified && issuerVerified,
@@ -1515,14 +1513,6 @@ export class ClaimsService {
     if (!issuerDID) {
       throw new Error(ERROR_MESSAGES.NO_ISSUER_SPECIFIED);
     }
-    const { verified: issuerVerified, error } =
-      await this._issuerVerification.verifyIssuer(
-        issuerDID,
-        payload?.claimData?.claimType
-      );
-    if (!issuerVerified && error) {
-      throw new Error(ERROR_MESSAGES.NO_ISSUER_SPECIFIED);
-    }
     const proofVerified = await this._didRegistry.verifyPublicClaim(
       eip191Jwt,
       payload?.iss as string
@@ -1535,6 +1525,14 @@ export class ClaimsService {
     if (isExpired) {
       errors.push(ERROR_MESSAGES.CREDENTIAL_EXPIRED);
     }
+    const { verified: issuerVerified, error } =
+      await this._issuerVerification.verifyIssuer(
+        issuerDID,
+        payload?.claimData?.claimType
+      );
+    if (!issuerVerified && error) {
+      throw new Error(ERROR_MESSAGES.NO_ISSUER_SPECIFIED);
+    }
     return {
       errors: errors,
       isVerified: !!proofVerified && issuerVerified && !isExpired,