verifyCredential function

Future<bool> verifyCredential(
  1. dynamic credential, {
  2. Erc1056? erc1056,
  3. RevocationRegistry? revocationRegistry,
  4. String? expectedChallenge,
  5. Signer signerSelector(
    1. String typeMatch,
    2. dynamic loadDocumentFunction(
      1. Uri url,
      2. LoadDocumentOptions? options
      )
    ) = _determineSignerForType,
  6. dynamic loadDocumentFunction(
    1. Uri url,
    2. LoadDocumentOptions? options
    ) = loadDocumentStrict,
  7. Map<String, dynamic>? issuerJwk,
})

Verifies the signature for the given credential.

credential may be of datatype Map<String, dynamic>, (jsonEncoded) String or VerifiableCredential.

If an erc1056 instance is given it is used to determine the current ethereum-Address behind a did.

If the credential contains a credentialStatus property, the revocation status is checked. In case of credentialStatus type EthereumRevocationList revocationRegistry is needed.

Only in case the credential Signature is valid and the credential is not revoked or suspended true is returned, otherwise an Exception is thrown. There are two different types of Exceptions in use: RevokedException and SignatureException. Both use codes to indicate why the credential is invalid. If a SignatureException has the code sig the signature itself is invalid, if it has the code sigErr something went wrong during signature check. If a RevokedException has code rev or sus the credential was revoked or suspended, if it has code revErr something went wrong during revocation check.

Implementation

Future<bool> verifyCredential(dynamic credential,
    {Erc1056? erc1056,
    RevocationRegistry? revocationRegistry,
    String? expectedChallenge,
    Signer Function(
            String typeMatch,
            Function(Uri url, LoadDocumentOptions? options)
                loadDocumentFunction)
        signerSelector = _determineSignerForType,
    Function(Uri url, LoadDocumentOptions? options) loadDocumentFunction =
        loadDocumentStrict,
    Map<String, dynamic>? issuerJwk}) async {
  Map<String, dynamic> credMap;
  if (credential is VerifiableCredential) {
    credMap = credential.toJson();
  } else {
    credMap = credentialToMap(credential);
  }

  if (!credMap.containsKey('proof')) {
    throw Exception('no proof section found');
  }

  var revoked = await checkForRevocation(credential,
      erc1056: erc1056, revocationRegistry: revocationRegistry);
  if (revoked) {
    throw RevokedException('Credential was revoked', 'rev');
  }

  // determine issuer
  var issuerDid = getIssuerDidFromCredential(credential);
  if (erc1056 != null) issuerDid = await erc1056.identityOwner(issuerDid);

  // verify proof
  Map<String, dynamic> proof = credMap['proof'];
  var signer = signerSelector.call(proof['type'], loadDocumentFunction);
  credMap.remove('proof');
  var verified = true;
  try {
    verified = await signer.verifyProof(
        Map<String, dynamic>.from(proof), credMap, issuerDid,
        challenge: expectedChallenge, jwk: issuerJwk);
  } catch (e) {
    print(e);
    credMap['proof'] = proof;
    throw SignatureException('Unable to verify credential Signature', 'sigErr');
  }
  credMap['proof'] = proof;
  if (!verified) {
    throw SignatureException('Credentials Signature incorrect', 'sig');
  }

  return verified;
}