search

Open-Attestation / open-attestation

Meta framework for providing digital provenance and integrity to documents.
https://openattestation.com
Apache License 2.0
54 stars 18 forks source link

Signed documents with OCSP Responder revocation is returning false when using the utils.isDocumentRevokable function. #242

Closed jedtravis closed 1 year ago

jedtravis commented 1 year ago

When using the utils.isDocumentRevokable on a signed document with OCSP Responder revocation, it returns false instead of true.

After looking into the code, I realize that it will only return true in 3 situations.

  1. There is a certificateStore key in the issuers object
  2. There is a documentStore key in the issuers object
  3. There is a revocation key in the issuers object, and the value of type key is REVOCATION_STORE in the revocation object

To account for OCSP Responder, please add another situation whereby the value of type key is OCSP_RESPONDER in the revocation object.

Current utils.isDocumentRevokable function, case isWrappedV2Document(document) portion

case isWrappedV2Document(document):
  const issuer = getData(document)?.issuers[0];
  return !!issuer.certificateStore || !!issuer.documentStore || issuer.revocation?.type === "REVOCATION_STORE";

Proposed utils.isDocumentRevokable function, case isWrappedV2Document(document) portion

case isWrappedV2Document(document):
  const issuer = getData(document)?.issuers[0];
  return !!issuer.certificateStore || !!issuer.documentStore || issuer.revocation?.type === "REVOCATION_STORE" || issuer.revocation?.type === "OCSP_RESPONDER";