search

digitalbazaar / vc

W3C Verifiable Credentials implementation in JavaScript
BSD 3-Clause "New" or "Revised" License
182 stars 52 forks source link

Library does not validate `proof.created` #187

Closed aljones15 closed 2 months ago

aljones15 commented 3 months ago 
{
  "verified": true,
  "results": [
    {
      "proof": {
        "@context": [
          "https://www.w3.org/ns/credentials/v2",
          {
            "@protected": true,
            "DriverLicenseCredential": "urn:example:DriverLicenseCredential",
            "DriverLicense": {
              "@id": "urn:example:DriverLicense",
              "@context": {
                "@protected": true,
                "id": "@id",
                "type": "@type",
                "documentIdentifier": "urn:example:documentIdentifier",
                "dateOfBirth": "urn:example:dateOfBirth",
                "expirationDate": "urn:example:expiration",
                "issuingAuthority": "urn:example:issuingAuthority"
              }
            },
            "driverLicense": {
              "@id": "urn:example:driverLicense",
              "@type": "@id"
            }
          }
        ],
        "type": "DataIntegrityProof",
        "created": "invalidDate",
        "verificationMethod": "did:key:z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT#z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT",
        "cryptosuite": "eddsa-rdfc-2022",
        "proofPurpose": "assertionMethod",
        "proofValue": "z3QFjBubFzd5AB4xMZxnYaadiQgfp3iK2UdBwtkHxrZSU7Q27q2X25JYvHTJwr9WUvibDqjMZaDY5vGiVPoRvDtPi"
      },
      "verified": true,
      "verificationMethod": {
        "@context": "https://w3id.org/security/suites/ed25519-2020/v1",
        "id": "did:key:z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT#z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT",
        "type": "Ed25519VerificationKey2020",
        "controller": "did:key:z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT",
        "publicKeyMultibase": "z6MkwXG2WjeQnNxSoynSGYU8V9j3QzP3JSqhdmkHc6SaVWoT"
      },
      "purposeResult": {
        "valid": true
      }
    }
  ]

According to DataIntegrity:

created The date and time the proof was created is OPTIONAL and, if included, MUST be specified as an [XMLSCHEMA11-2] dateTimeStamp string, either in Universal Coordinated Time (UTC), denoted by a Z at the end of the value, or with a time zone offset relative to UTC. A conforming processor MAY chose to consume time values that were incorrectly serialized without an offset. Incorrectly serialized time values without an offset are to be interpreted as UTC.

This is a VC 2.0 lib and not a Data Integrity one so this might be the wrong place to check.

aljones15 commented 3 months ago

note: this is probably a Proof issue and not a VC related issue and should probably be addressed here: https://github.com/digitalbazaar/data-integrity/tree/main

aljones15 commented 2 months ago

This issue in Data Integrity addresses this: https://github.com/digitalbazaar/data-integrity/issues/30

aljones15 commented 2 months ago

Closing as recent release validates proof.created