diff --git a/pkg/service/verifycredential/verifycredential_service.go b/pkg/service/verifycredential/verifycredential_service.go index d6be5f183..23d0fa086 100644 --- a/pkg/service/verifycredential/verifycredential_service.go +++ b/pkg/service/verifycredential/verifycredential_service.go @@ -185,9 +185,21 @@ func (s *Service) ValidateCredentialProof( return errors.New("verifiable credential doesn't contains proof") } - // TODO https://github.com/trustbloc/vcs/issues/412 figure out the process when vc has more than one proof - proof := credential.Proofs()[0] + for _, proof := range credential.Proofs() { + if err = s.validateSingleProof(vcInVPValidation, proof, proofChallenge, proofDomain); err != nil { + return err + } + } + + return nil +} +func (s *Service) validateSingleProof( + vcInVPValidation bool, + proof verifiable.Proof, + proofChallenge string, + proofDomain string, +) error { if !vcInVPValidation { // validate challenge if validateErr := crypto.ValidateProofKey(proof, crypto.Challenge, proofChallenge); validateErr != nil { @@ -212,12 +224,6 @@ func (s *Service) ValidateCredentialProof( return err } - credentialContents := credential.Contents() - // validate if issuer matches the controller of verification method - if credentialContents.Issuer == nil || credentialContents.Issuer.ID != didDoc.ID { - return fmt.Errorf("controller of verification method doesn't match the issuer") - } - // validate proof purpose if err = crypto.ValidateProof(proof, verificationMethod, didDoc); err != nil { return fmt.Errorf("verifiable credential proof purpose validation error : %w", err) diff --git a/pkg/service/verifypresentation/verifypresentation_service.go b/pkg/service/verifypresentation/verifypresentation_service.go index 1ba4e025c..449ecf2a2 100644 --- a/pkg/service/verifypresentation/verifypresentation_service.go +++ b/pkg/service/verifypresentation/verifypresentation_service.go @@ -355,39 +355,38 @@ func (s *Service) validateProofData(vp *verifiable.Presentation, opts *Options) return errors.New("verifiable presentation doesn't contains proof") } - // TODO https://github.com/trustbloc/vcs/issues/412 figure out the process when vc has more than one proof - proof := vp.Proofs[0] - - // validate challenge - if validateErr := crypto.ValidateProofKey(proof, crypto.Challenge, opts.Challenge); validateErr != nil { - return validateErr - } + for _, proof := range vp.Proofs { + // validate challenge + if validateErr := crypto.ValidateProofKey(proof, crypto.Challenge, opts.Challenge); validateErr != nil { + return validateErr + } - // validate domain - if validateErr := crypto.ValidateProofKey(proof, crypto.Domain, opts.Domain); validateErr != nil { - return validateErr - } + // validate domain + if validateErr := crypto.ValidateProofKey(proof, crypto.Domain, opts.Domain); validateErr != nil { + return validateErr + } - // get the verification method - verificationMethod, err := crypto.GetVerificationMethodFromProof(proof) - if err != nil { - return err - } + // get the verification method + verificationMethod, err := crypto.GetVerificationMethodFromProof(proof) + if err != nil { + return err + } - // get the did doc from verification method - didDoc, err := diddoc.GetDIDDocFromVerificationMethod(verificationMethod, s.vdr) - if err != nil { - return err - } + // get the did doc from verification method + didDoc, err := diddoc.GetDIDDocFromVerificationMethod(verificationMethod, s.vdr) + if err != nil { + return err + } - // validate if holder matches the controller of verification method - if vp.Holder != "" && vp.Holder != didDoc.ID { - return fmt.Errorf("controller of verification method doesn't match the holder") - } + // validate if holder matches the controller of verification method + if vp.Holder != "" && vp.Holder != didDoc.ID { + return fmt.Errorf("controller of verification method doesn't match the holder") + } - // validate proof purpose - if err = crypto.ValidateProof(proof, verificationMethod, didDoc); err != nil { - return fmt.Errorf("verifiable presentation proof purpose validation error : %w", err) + // validate proof purpose + if err = crypto.ValidateProof(proof, verificationMethod, didDoc); err != nil { + return fmt.Errorf("verifiable presentation proof purpose validation error : %w", err) + } } return nil