additional signature validation

2026-05-13 18:04:40 +00:00
parent dbdace1717
commit de36ec50f7
1 changed files with 23 additions and 1 deletions
--- a/src/modules/core/data/audit.js
+++ b/src/modules/core/data/audit.js
@@ -58,6 +58,11 @@ function validateSignatures(item, signatures, didDocs) {
        for (const signature of signatures) {
            const didDoc = didDocs.find((didDoc) => didDoc.id === signature.id);
            if (!didDoc) throw ('DID Document not provided');
+            const vmCreatedDate = new Date(didDoc.verificationMethod[0].created);
+            const signDate = new Date(signature.signedOn)
+            const vmDeactivatedDate = didDoc.verificationMethod[0].deactivated ? new Date(didDoc.verificationMethod[0].deactivated) : null;
+            const validDate = signDate >= vmCreatedDate && (!vmDeactivatedDate || vmDeactivatedDate >= signDate);
+            if (!validDate) throw ('Signature is not valid due to key dates');
            const split = splitJws(signature.jws);
            if (stringify(item) !== stringify(split.payload)) throw ('Payload does not match');
            const validJws = verifyJws({
@@ -73,6 +78,23 @@ function validateSignatures(item, signatures, didDocs) {
    return res;
 }

+function validateSignedBefore(item, signatures) {
+    let res = false;
+    try {
+        let issue = false;
+        for (const signature of signatures) {
+            if (signature.signedOn >= item.created) {
+                issue = true;
+                break;
+            }
+        }
+        res = !issue;
+    } catch (e) {
+        console.error(e);
+    }
+    return res;
+}
+
 function validateDidsMatch(auditSigs, targetSigs) {
    let match = true;
    for (const asig of auditSigs) {
@@ -209,7 +231,7 @@ async function verify(input, userId) {
                    const existingAgreementSignatures = await agreement.getSignatures(client, userId, existingItem.agreementId);
                    res.results.validEventAgreement = validateDidsMatch(auditRecord.signatures, existingAgreementSignatures);
                    res.results.validEventAgreementSignature = false;
-                    if (validateSignatures(existingAgreement, existingAgreementSignatures, input.didDocs)) {
+                    if (validateSignatures(existingAgreement, existingAgreementSignatures, input.didDocs) && validateSignedBefore(existingItem, existingAgreementSignatures)) {
                        res.results.validEventAgreementSignature = true;
                    }
                } else {