feat(verifyExp): add exp verification method and tests for EIP and VP

energywebfoundation · Jul 25, 2022 · 7099c09 · 7099c09
1 parent e61ff2b
commit 7099c09
Show file tree

Hide file tree

Showing 8 changed files with 245 additions and 55 deletions.
diff --git a/docs/api/classes/modules_claims.ClaimsService.md b/docs/api/classes/modules_claims.ClaimsService.md
@@ -20,12 +20,14 @@ claimsService.getClaimById(claim.id);
 
 ### Methods
 
+- [claimIsExpired](modules_claims.ClaimsService.md#claimisexpired)
 - [claimRevocationDetails](modules_claims.ClaimsService.md#claimrevocationdetails)
 - [createClaimRequest](modules_claims.ClaimsService.md#createclaimrequest)
 - [createDelegateProof](modules_claims.ClaimsService.md#createdelegateproof)
 - [createIdentityProof](modules_claims.ClaimsService.md#createidentityproof)
 - [createSelfSignedClaim](modules_claims.ClaimsService.md#createselfsignedclaim)
 - [deleteClaim](modules_claims.ClaimsService.md#deleteclaim)
+- [fetchCredential](modules_claims.ClaimsService.md#fetchcredential)
 - [getClaimById](modules_claims.ClaimsService.md#getclaimbyid)
 - [getClaimId](modules_claims.ClaimsService.md#getclaimid)
 - [getClaimsByIssuer](modules_claims.ClaimsService.md#getclaimsbyissuer)
@@ -68,6 +70,22 @@ claimsService.getClaimById(claim.id);
 
 ## Methods
 
+### claimIsExpired
+
+▸ **claimIsExpired**(`date`): `boolean`
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `date` | `number` |
+
+#### Returns
+
+`boolean`
+
+___
+
 ### claimRevocationDetails
 
 ▸ **claimRevocationDetails**(`options`): `Promise`<`undefined` \| [`ClaimRevocationDetailsResult`](../interfaces/modules_claims.ClaimRevocationDetailsResult.md)\>
@@ -241,6 +259,23 @@ claimsService.deleteClaim({
 
 ___
 
+### fetchCredential
+
+▸ **fetchCredential**(`subjectDID`, `roleNamespace`): `Promise`<`undefined` \| `VerifiableCredential`<`RoleCredentialSubject`\> \| `RoleEIP191JWT`\>
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `subjectDID` | `string` |
+| `roleNamespace` | `string` |
+
+#### Returns
+
+`Promise`<`undefined` \| `VerifiableCredential`<`RoleCredentialSubject`\> \| `RoleEIP191JWT`\>
+
+___
+
 ### getClaimById
 
 ▸ **getClaimById**(`claimId`): `Promise`<`undefined` \| [`Claim`](../interfaces/modules_claims.Claim.md)\>

diff --git a/.../api/classes/modules_verifiable_credentials.VerifiableCredentialsServiceBase.md b/.../api/classes/modules_verifiable_credentials.VerifiableCredentialsServiceBase.md
@@ -290,7 +290,7 @@ ___
 
 ### verify
 
-▸ **verify**<`T`\>(`vp`, `options?`): `Promise`<`boolean`\>
+▸ **verify**<`T`\>(`vcOrVp`, `options?`): `Promise`<`boolean`\>
 
 Verify a given credential or presentation. Throws an error if the credential or presentation proof is not valid.
 
@@ -309,7 +309,7 @@ await verifiableCredentialsService.verify(presentation);
 
 | Name | Type | Description |
 | :------ | :------ | :------ |
-| `vp` | `VerifiablePresentation` \| `VerifiableCredential`<`T`\> | verifiable presentation or credential |
+| `vcOrVp` | `VerifiablePresentation` \| `VerifiableCredential`<`T`\> | - |
 | `options?` | [`ProofOptions`](../interfaces/modules_verifiable_credentials.ProofOptions.md) | proof options |
 
 #### Returns

diff --git a/e2e/claims.service.e2e.ts b/e2e/claims.service.e2e.ts
@@ -42,6 +42,7 @@ import { replenish, root, rpcUrl, setupENS } from './utils/setup-contracts';
 import { ClaimManager__factory } from '../ethers/factories/ClaimManager__factory';
 import { ProofVerifier } from '@ew-did-registry/claims';
 import { ClaimManager } from '../ethers/ClaimManager';
+import { RoleEIP191JWT } from '@energyweb/vc-verification';
 
 const { namehash, id } = utils;
 
@@ -61,6 +62,9 @@ const verifyVcRole = 'verifyVcRole';
 const verifyVcRole2 = 'verifyVcRole2';
 const verifyOffChainClaimRole = 'verifyOnChain';
 const resolveVC = 'resolvevc';
+const verifyVcExpired = 'vcExpired';
+const eipExpired = 'eipExpired';
+const vcExpired = 'vcExpired';
 const namespace = root;
 const version = 1;
 const baseRoleDef = {
@@ -115,6 +119,21 @@ const roles: Record<string, IRoleDefinitionV2> = {
     roleName: verifyOffChainClaimRole,
     issuer: { issuerType: 'DID', did: [staticIssuerDID] },
   },
+  [`${verifyVcExpired}.${root}`]: {
+    ...baseRoleDef,
+    roleName: verifyVcExpired,
+    issuer: { issuerType: 'DID', did: [staticIssuerDID] },
+  },
+  [`${vcExpired}.${root}`]: {
+    ...baseRoleDef,
+    roleName: vcExpired,
+    issuer: { issuerType: 'DID', did: [staticIssuerDID] },
+  },
+  [`${eipExpired}.${root}`]: {
+    ...baseRoleDef,
+    roleName: eipExpired,
+    issuer: { issuerType: 'DID', did: [staticIssuerDID] },
+  },
 };
 const mockGetRoleDefinition = jest
   .fn()
@@ -255,6 +274,24 @@ describe('Сlaim tests', () => {
       data: roles[`${resolveVC}.${root}`],
       returnSteps: false,
     });
+    await domainsService.createRole({
+      roleName: verifyVcExpired,
+      namespace,
+      data: roles[`${verifyVcExpired}.${root}`],
+      returnSteps: false,
+    });
+    await domainsService.createRole({
+      roleName: vcExpired,
+      namespace,
+      data: roles[`${vcExpired}.${root}`],
+      returnSteps: false,
+    });
+    await domainsService.createRole({
+      roleName: eipExpired,
+      namespace,
+      data: roles[`${eipExpired}.${root}`],
+      returnSteps: false,
+    });
     ({ didRegistry, claimsService } = await connectToDidRegistry());
     mockGetAllowedRoles.mockImplementation(async (issuer) => {
       const roleDefs = Object.values(roles);
@@ -854,6 +891,7 @@ describe('Сlaim tests', () => {
           await claimsService.publishPublicClaim({
             claim: { token: issuedToken },
           });
+          await signerService.connect(staticIssuer, ProviderType.PrivateKey);
           const result = await claimsService.resolveCredentialAndVerify(
             rootOwnerDID,
             roleName
@@ -864,7 +902,6 @@ describe('Сlaim tests', () => {
 
         test('resolveCredentialAndVerify should resolve and verify an EIP191JWT', async () => {
           const roleName = `${verifyOffChainClaimRole}.${root}`;
-          // await signerService.connect(staticIssuer, ProviderType.PrivateKey);
           const { issuedToken } = await enrolAndIssue(rootOwner, staticIssuer, {
             subjectDID: rootOwnerDID,
             claimType: roleName,
@@ -879,6 +916,7 @@ describe('Сlaim tests', () => {
           await claimsService.publishPublicClaim({
             claim: { token: issuedToken },
           });
+          await signerService.connect(staticIssuer, ProviderType.PrivateKey);
           const result = await claimsService.resolveCredentialAndVerify(
             rootOwnerDID,
             roleName
@@ -898,6 +936,39 @@ describe('Сlaim tests', () => {
           );
           expect(result.isVerified).toBe(false);
         });
+
+        test('resolveCredentialAndVerify should return an expiration error if the credential is expired', async () => {
+          const roleName = `${verifyVcExpired}.${root}`;
+          const { issuedToken } = await enrolAndIssue(rootOwner, staticIssuer, {
+            subjectDID: rootOwnerDID,
+            claimType: roleName,
+            registrationTypes: [
+              RegistrationTypes.OnChain,
+              RegistrationTypes.OffChain,
+            ],
+            publishOnChain: true,
+            issuerFields: [],
+            expirationTimestamp: Date.now() + 10000,
+          });
+          await signerService.connect(rootOwner, ProviderType.PrivateKey);
+          const subjectDoc = await didRegistry.getDidDocument({
+            did: rootOwnerDID,
+            includeClaims: true,
+          });
+          mockCachedDocument.mockResolvedValueOnce(subjectDoc);
+          await claimsService.publishPublicClaim({
+            claim: { token: issuedToken },
+          });
+          const delay = (ms) => new Promise((res) => setTimeout(res, ms));
+          await delay(9000);
+          await signerService.connect(staticIssuer, ProviderType.PrivateKey);
+          const result = await claimsService.resolveCredentialAndVerify(
+            rootOwnerDID,
+            roleName
+          );
+          expect(result.errors).toContain('Credential Expired');
+          expect(result.isVerified).toBe(false);
+        });
       });
       test('verifyVc should verify a VC with no errors if the issuer is authorized', async () => {
         await signerService.connect(rootOwner, ProviderType.PrivateKey);
@@ -913,6 +984,58 @@ describe('Сlaim tests', () => {
         expect(result.errors).toHaveLength(0);
         expect(result.isVerified).toBe(true);
       });
+      test('verifyVc should return a credential expired error if credential is expired', async () => {
+        await signerService.connect(rootOwner, ProviderType.PrivateKey);
+        const issuerFields = [];
+        const vc = await createExampleSignedCredential(
+          issuerFields,
+          `${vcExpired}.${root}`,
+          new Date(Date.now() + 10000)
+        );
+        nock(vc.credentialStatus?.statusListCredential as string)
+          .get('')
+          .reply(200, undefined);
+        const delay = (ms) => new Promise((res) => setTimeout(res, ms));
+        await delay(11000);
+        const result = await claimsService.verifyVc(vc);
+        expect(result.errors).toContain('Verifiable Credential is expired.');
+        expect(result.isVerified).toBe(false);
+      });
+      test('verifyEIP should return an expiration error if the credential is expired', async () => {
+        const roleName = `${eipExpired}.${root}`;
+        const { issuedToken } = await enrolAndIssue(rootOwner, staticIssuer, {
+          subjectDID: rootOwnerDID,
+          claimType: roleName,
+          registrationTypes: [
+            RegistrationTypes.OnChain,
+            RegistrationTypes.OffChain,
+          ],
+          publishOnChain: true,
+          issuerFields: [],
+          expirationTimestamp: Date.now() + 10000,
+        });
+        await signerService.connect(rootOwner, ProviderType.PrivateKey);
+        const subjectDoc = await didRegistry.getDidDocument({
+          did: rootOwnerDID,
+          includeClaims: true,
+        });
+        mockCachedDocument.mockResolvedValueOnce(subjectDoc);
+        await claimsService.publishPublicClaim({
+          claim: { token: issuedToken },
+        });
+        const delay = (ms) => new Promise((res) => setTimeout(res, ms));
+        await delay(11000);
+        await signerService.connect(staticIssuer, ProviderType.PrivateKey);
+        const credential = await claimsService.fetchCredential(
+          rootOwnerDID,
+          roleName
+        );
+        const result = await claimsService.verifyRoleEIP191JWT(
+          credential as RoleEIP191JWT
+        );
+        expect(result.errors).toContain('Credential Expired');
+        expect(result.isVerified).toBe(false);
+      });
     });
   });
 

diff --git a/package-lock.json b/package-lock.json