feat: add logic to validate multi proof vc\vp (#1828)

* feat: add logic to validate multi proof vc\vp

* fix: lint

* fix: use base lint

pkg/service/verifycredential/verifycredential_service.go

@@ -185,9 +185,21 @@ func (s *Service) ValidateCredentialProof(
 		return errors.New("verifiable credential doesn't contains proof")
 	}
 
-	// TODO https://github.com/trustbloc/vcs/issues/412 figure out the process when vc has more than one proof
-	proof := credential.Proofs()[0]
+	for _, proof := range credential.Proofs() {
+		if err = s.validateSingleProof(vcInVPValidation, proof, proofChallenge, proofDomain); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
 
+func (s *Service) validateSingleProof(
+	vcInVPValidation bool,
+	proof verifiable.Proof,
+	proofChallenge string,
+	proofDomain string,
+) error {
 	if !vcInVPValidation {
 		// validate challenge
 		if validateErr := crypto.ValidateProofKey(proof, crypto.Challenge, proofChallenge); validateErr != nil {
@@ -212,12 +224,6 @@ func (s *Service) ValidateCredentialProof(
 		return err
 	}
 
-	credentialContents := credential.Contents()
-	// validate if issuer matches the controller of verification method
-	if credentialContents.Issuer == nil || credentialContents.Issuer.ID != didDoc.ID {
-		return fmt.Errorf("controller of verification method doesn't match the issuer")
-	}
-
 	// validate proof purpose
 	if err = crypto.ValidateProof(proof, verificationMethod, didDoc); err != nil {
 		return fmt.Errorf("verifiable credential proof purpose validation error : %w", err)

pkg/service/verifypresentation/verifypresentation_service.go

@@ -355,39 +355,38 @@ func (s *Service) validateProofData(vp *verifiable.Presentation, opts *Options)
 		return errors.New("verifiable presentation doesn't contains proof")
 	}
 
-	// TODO https://github.com/trustbloc/vcs/issues/412 figure out the process when vc has more than one proof
-	proof := vp.Proofs[0]
-
-	// validate challenge
-	if validateErr := crypto.ValidateProofKey(proof, crypto.Challenge, opts.Challenge); validateErr != nil {
-		return validateErr
-	}
+	for _, proof := range vp.Proofs {
+		// validate challenge
+		if validateErr := crypto.ValidateProofKey(proof, crypto.Challenge, opts.Challenge); validateErr != nil {
+			return validateErr
+		}
 
-	// validate domain
-	if validateErr := crypto.ValidateProofKey(proof, crypto.Domain, opts.Domain); validateErr != nil {
-		return validateErr
-	}
+		// validate domain
+		if validateErr := crypto.ValidateProofKey(proof, crypto.Domain, opts.Domain); validateErr != nil {
+			return validateErr
+		}
 
-	// get the verification method
-	verificationMethod, err := crypto.GetVerificationMethodFromProof(proof)
-	if err != nil {
-		return err
-	}
+		// get the verification method
+		verificationMethod, err := crypto.GetVerificationMethodFromProof(proof)
+		if err != nil {
+			return err
+		}
 
-	// get the did doc from verification method
-	didDoc, err := diddoc.GetDIDDocFromVerificationMethod(verificationMethod, s.vdr)
-	if err != nil {
-		return err
-	}
+		// get the did doc from verification method
+		didDoc, err := diddoc.GetDIDDocFromVerificationMethod(verificationMethod, s.vdr)
+		if err != nil {
+			return err
+		}
 
-	// validate if holder matches the controller of verification method
-	if vp.Holder != "" && vp.Holder != didDoc.ID {
-		return fmt.Errorf("controller of verification method doesn't match the holder")
-	}
+		// validate if holder matches the controller of verification method
+		if vp.Holder != "" && vp.Holder != didDoc.ID {
+			return fmt.Errorf("controller of verification method doesn't match the holder")
+		}
 
-	// validate proof purpose
-	if err = crypto.ValidateProof(proof, verificationMethod, didDoc); err != nil {
-		return fmt.Errorf("verifiable presentation proof purpose validation error : %w", err)
+		// validate proof purpose
+		if err = crypto.ValidateProof(proof, verificationMethod, didDoc); err != nil {
+			return fmt.Errorf("verifiable presentation proof purpose validation error : %w", err)
+		}
 	}
 
 	return nil