feat(Vc-V2): verify expirationDate/validUntil is set after issuanceDa…

…te/validFrom
blockchain-certificates · Jan 30, 2024 · eaf47c8 · eaf47c8
1 parent cb41e73
commit eaf47c8
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 17 deletions.
diff --git a/cert_issuer/models/verifiable_credential.py b/cert_issuer/models/verifiable_credential.py
@@ -107,6 +107,11 @@ def validate_valid_until_date (certificate_valid_until_date):
     validate_date_RFC3339_string_format(certificate_valid_until_date, 'validUntil')
     pass
 
+def validate_date_set_after_other_date(second_date, first_date, second_date_key, first_date_key):
+    if not second_date > first_date:
+        raise ValueError('`{}` property must be a date set after `{}`'.format(second_date_key, first_date_key))
+    pass
+
 def validate_credential_status (certificate_credential_status):
     if not isinstance(certificate_credential_status, list):
         certificate_credential_status = [certificate_credential_status]
@@ -151,14 +156,21 @@ def verify_credential(certificate_metadata):
         except ValueError as err:
             raise ValueError(err)
 
-        try:
-            # if undefined will throw KeyError
-            validate_expiration_date(certificate_metadata['expirationDate'])
-        except KeyError:
-            # optional property
-            pass
-        except ValueError as err:
-            raise ValueError(err)
+        if 'expirationDate' in certificate_metadata:
+            try:
+                # if undefined will throw KeyError
+                validate_expiration_date(certificate_metadata['expirationDate'])
+                validate_date_set_after_other_date(
+                    certificate_metadata['expirationDate'],
+                    certificate_metadata['issuanceDate'],
+                    'expirationDate',
+                    'issuanceDate'
+                )
+            except KeyError:
+                # optional property
+                pass
+            except ValueError as err:
+                raise ValueError(err)
 
     if is_V2_verifiable_credential(certificate_metadata['@context']):
         try:
@@ -170,14 +182,22 @@ def verify_credential(certificate_metadata):
         except ValueError as err:
             raise ValueError(err)
 
-        try:
-            # if undefined will throw KeyError
-            validate_valid_until_date(certificate_metadata['validUntil'])
-        except KeyError:
-            # optional property
-            pass
-        except ValueError as err:
-            raise ValueError(err)
+        if 'validUntil' in certificate_metadata:
+            try:
+                # if undefined will throw KeyError
+                validate_valid_until_date(certificate_metadata['validUntil'])
+                if 'validFrom' in certificate_metadata:
+                    validate_date_set_after_other_date(
+                        certificate_metadata['validUntil'],
+                        certificate_metadata['validFrom'],
+                        'validUntil',
+                        'validFrom'
+                    )
+            except KeyError:
+                # optional property
+                pass
+            except ValueError as err:
+                raise ValueError(err)
 
     try:
         # if undefined will throw KeyError

diff --git a/tests/v3_certificate_validation/test_integration_verify_credential_vc_v1.py b/tests/v3_certificate_validation/test_integration_verify_credential_vc_v1.py
@@ -16,7 +16,7 @@
      "BlockcertsCredential"
    ],
    "issuer": "https://raw.githubusercontent.com/AnthonyRonning/https-github.com-labnol-files/master/issuer-eth.json",
-   "issuanceDate": "2010-01-01T19:33:24Z",
+   "issuanceDate": "2024-01-01T19:33:24Z",
    "credentialSubject": {
      "id": "did:key:z6Mkq3L1jEDDZ5R7eT523FMLxC4k6MCpzqD7ff1CrkWpoJwM",
      "alumniOf": {
@@ -140,6 +140,25 @@ def test_verify_expiration_date (self):
 
         assert False
 
+    def test_verify_expiration_date_before_issuance_date_invalid (self):
+        candidate = copy.deepcopy(credential_example)
+        candidate['expirationDate'] = '2023-01-01T19:33:24Z'
+        handler = CertificateBatchHandler(
+            secret_manager=mock.Mock(),
+            certificate_handler=MockCertificateV3Handler(candidate),
+            merkle_tree=mock.Mock(),
+            config=mock.Mock()
+        )
+        handler.certificates_to_issue = {'metadata': mock.Mock()}
+
+        try:
+            handler.prepare_batch()
+        except Exception as e:
+            self.assertEqual(str(e), '`expirationDate` property must be a date set after `issuanceDate`')
+            return
+
+        assert False
+
     def test_verify_credential_status (self):
         candidate = copy.deepcopy(credential_example)
         candidate['credentialStatus'] = {

diff --git a/tests/v3_certificate_validation/test_integration_verify_credential_vc_v2.py b/tests/v3_certificate_validation/test_integration_verify_credential_vc_v2.py
@@ -60,6 +60,25 @@ def test_verify_valid_until (self):
 
         assert False
 
+    def test_verify_valid_until_before_validFrom_invalid (self):
+        candidate = copy.deepcopy(credential_example)
+        candidate['validUntil'] = '2024-01-01T19:33:24Z'
+        handler = CertificateBatchHandler(
+            secret_manager=mock.Mock(),
+            certificate_handler=MockCertificateV3Handler(candidate),
+            merkle_tree=mock.Mock(),
+            config=mock.Mock()
+        )
+        handler.certificates_to_issue = {'metadata': mock.Mock()}
+
+        try:
+            handler.prepare_batch()
+        except Exception as e:
+            self.assertEqual(str(e), '`validUntil` property must be a date set after `validFrom`')
+            return
+
+        assert False
+
 class MockCertificateV3Handler(CertificateV3Handler):
     def __init__(self, test_certificate):
         self.test_certificate = test_certificate