feat(pollux): [ATL-2733] Allow for dates in seconds for exp, iss and …

…iat (#249)
hyperledger · Dec 14, 2022 · 01af7c8 · 01af7c8
1 parent 784ef50
commit 01af7c8
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 8 deletions.
diff --git a/pollux/lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/InstantDecoderEncoder.scala b/pollux/lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/InstantDecoderEncoder.scala
@@ -0,0 +1,13 @@
+package io.iohk.atala.pollux.vc.jwt
+
+import io.circe.{Decoder, Encoder, HCursor}
+
+import java.time.Instant
+
+object InstantDecoderEncoder {
+  implicit val instantToEpochSecondsEncoder: Encoder[Instant] =
+    (instant: Instant) => Encoder.encodeLong(instant.getEpochSecond)
+
+  implicit val epochSecondsToInstantDecoder: Decoder[Instant] =
+    (c: HCursor) => Decoder.decodeLong.map(s => Instant.ofEpochSecond(s)).apply(c)
+}
diff --git a/pollux/lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/JWTVerification.scala b/pollux/lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/JWTVerification.scala
@@ -69,8 +69,8 @@ object JWTVerification {
   }
 
   def validateEncodedJwt(jwt: JWT, publicKey: PublicKey): Validation[String, Unit] =
-    if JwtCirce.isValid(jwt.value, publicKey) then Validation.unit
-    else Validation.fail(s"Jwt[$jwt] not singed by $publicKey")
+    if JwtCirce.isValid(jwt.value, publicKey, JwtOptions(expiration = false, notBefore = false)) then Validation.unit
+    else Validation.fail(s"Jwt[$jwt] not signed by $publicKey")
 
   def validateEncodedJwt(jwt: JWT, verificationMethods: IndexedSeq[VerificationMethod]): Validation[String, Unit] = {
     verificationMethods

diff --git a/...x/lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/VerifiableCredentialPayload.scala b/...x/lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/VerifiableCredentialPayload.scala
@@ -282,6 +282,7 @@ object CredentialPayload {
   object Implicits {
 
     import Proof.Implicits.*
+    import InstantDecoderEncoder.*
 
     implicit val didEncoder: Encoder[DID] =
       (did: DID) => did.value.asJson
@@ -545,11 +546,13 @@ object JwtCredential {
     encodeJwt(payload.toJwtCredentialPayload, issuer)
 
   def decodeJwt(jwt: JWT, publicKey: PublicKey): Try[JwtCredentialPayload] = {
-    JwtCirce.decodeRaw(jwt.value, publicKey).flatMap(decode[JwtCredentialPayload](_).toTry)
+    JwtCirce
+      .decodeRaw(jwt.value, publicKey, options = JwtOptions(expiration = false, notBefore = false))
+      .flatMap(decode[JwtCredentialPayload](_).toTry)
   }
 
   def validateEncodedJwt(jwt: JWT, publicKey: PublicKey): Boolean =
-    JwtCirce.isValid(jwt.value, publicKey)
+    JwtCirce.isValid(jwt.value, publicKey, JwtOptions(expiration = false, notBefore = false))
 
   def validateEncodedJWT(
       jwt: JWT
@@ -617,7 +620,9 @@ object JwtCredential {
     val now = clock.instant()
 
     val decodeJWT =
-      Validation.fromTry(JwtCirce.decodeRaw(jwt.value, options = JwtOptions(signature = false))).mapError(_.getMessage)
+      Validation
+        .fromTry(JwtCirce.decodeRaw(jwt.value, options = JwtOptions(false, false, false)))
+        .mapError(_.getMessage)
 
     def validateNbfNotAfterExp(nbf: Instant, maybeExp: Option[Instant]): Validation[String, Unit] = {
       maybeExp

diff --git a/...lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/VerifiablePresentationPayload.scala b/...lib/vc-jwt/src/main/scala/io/iohk/atala/pollux/vc/jwt/VerifiablePresentationPayload.scala
@@ -6,7 +6,7 @@ import io.circe.generic.auto.*
 import io.circe.parser.decode
 import io.circe.syntax.*
 import pdi.jwt.{Jwt, JwtCirce, JwtOptions}
-import zio._
+import zio.*
 import zio.prelude.*
 
 import java.security.{KeyPairGenerator, PublicKey}
@@ -119,6 +119,7 @@ object PresentationPayload {
   object Implicits {
 
     import CredentialPayload.Implicits.*
+    import InstantDecoderEncoder.*
     import Proof.Implicits.*
 
     implicit val w3cPresentationPayloadEncoder: Encoder[W3cPresentationPayload] =
@@ -309,7 +310,9 @@ object JwtPresentation {
   }
 
   def decodeJwt(jwt: JWT, publicKey: PublicKey): Try[JwtPresentationPayload] = {
-    JwtCirce.decodeRaw(jwt.value, publicKey).flatMap(decode[JwtPresentationPayload](_).toTry)
+    JwtCirce
+      .decodeRaw(jwt.value, publicKey, JwtOptions(expiration = false, notBefore = false))
+      .flatMap(decode[JwtPresentationPayload](_).toTry)
   }
 
   def validateEncodedJwt(jwt: JWT, publicKey: PublicKey): Validation[String, Unit] =
@@ -363,7 +366,9 @@ object JwtPresentation {
     val now = clock.instant()
 
     val decodeJWT =
-      Validation.fromTry(JwtCirce.decodeRaw(jwt.value, options = JwtOptions(signature = false))).mapError(_.getMessage)
+      Validation
+        .fromTry(JwtCirce.decodeRaw(jwt.value, options = JwtOptions(false, false, false)))
+        .mapError(_.getMessage)
 
     def validateNbfNotAfterExp(maybeNbf: Option[Instant], maybeExp: Option[Instant]): Validation[String, Unit] = {
       val maybeResult =