fix: add validation to verification method and Issuer in VC

CHANGELOG.md

@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED]
 
+### Added
+  - extra layer of validation in `org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation` for `verify`.
+
 ## [0.0.17] - 2023-11-29
 
 ### BREAKING CHANGES

src/main/java/org/eclipse/tractusx/ssi/lib/proof/LinkedDataProofValidation.java

@@ -27,6 +27,7 @@
 import org.eclipse.tractusx.ssi.lib.did.resolver.DidResolver;
 import org.eclipse.tractusx.ssi.lib.exception.UnsupportedSignatureTypeException;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.Verifiable;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.Verifiable.VerifiableType;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation;
 import org.eclipse.tractusx.ssi.lib.proof.hash.HashedLinkedData;
@@ -76,7 +77,9 @@ public static LinkedDataProofValidation newInstance(DidResolver didResolver) {
    */
   @SneakyThrows
   public boolean verify(Verifiable verifiable) {
-
+    if (verifiable.getProof() == null) {
+      throw new UnsupportedSignatureTypeException("Proof can't be empty");
+    }
     var type = verifiable.getProof().getType();
     IVerifier verifier = null;
 
@@ -96,6 +99,44 @@ public boolean verify(Verifiable verifiable) {
     final TransformedLinkedData transformedData = transformer.transform(verifiable);
     final HashedLinkedData hashedData = hasher.hash(transformedData);
 
-    return jsonLdValidator.validate(verifiable) && verifier.verify(hashedData, verifiable);
+    return jsonLdValidator.validate(verifiable) && verifier.verify(hashedData, verifiable) && validateVerificationMethodOfVC(verifiable);
+  }
+
+
+
+  /**
+   * This method is to validate the Verification Method of VC
+   *
+   * @param verifiable
+   * @return
+   * @throws UnsupportedSignatureTypeException
+   */
+  @SneakyThrows
+  private Boolean validateVerificationMethodOfVC(Verifiable verifiable) {
+    // Verifiable Presentation doesn't have an Issuer
+    if (verifiable.getType() == VerifiableType.VP) {
+      return true;
+    }
+    final VerifiableCredential vc = new VerifiableCredential(verifiable);
+    final String issuer = vc.getIssuer().toString();
+    final String verficationMethod = getVerificationMethod(verifiable);
+    final String[] splitVerificationMethod = verficationMethod.split("#");
+    return splitVerificationMethod[0].equals(issuer);
+  }
+
+  /**
+   * This method is to get the Verification Method of VC
+   *
+   * @param verifiable
+   * @return
+   * @throws UnsupportedSignatureTypeException
+   */
+  @SneakyThrows
+  private String getVerificationMethod(Verifiable verifiable) {
+    try {
+      return (String) verifiable.getProof().get("verificationMethod");
+    } catch (Exception e) {
+      throw new UnsupportedSignatureTypeException("Signature type is not supported");
+    }
   }
 }

src/test/java/org/eclipse/tractusx/ssi/lib/proof/LinkedDataProofValidationComponentTest.java

@@ -30,6 +30,7 @@
 import org.eclipse.tractusx.ssi.lib.SsiLibrary;
 import org.eclipse.tractusx.ssi.lib.exception.InvalidePrivateKeyFormat;
 import org.eclipse.tractusx.ssi.lib.exception.KeyGenerationException;
+import org.eclipse.tractusx.ssi.lib.exception.SsiException;
 import org.eclipse.tractusx.ssi.lib.exception.UnsupportedSignatureTypeException;
 import org.eclipse.tractusx.ssi.lib.model.proof.Proof;
 import org.eclipse.tractusx.ssi.lib.model.proof.jws.JWSSignature2020;
@@ -285,4 +286,37 @@ public void testVPJWSProofGenerationAndVerification()
 
     Assertions.assertTrue(isOk);
   }
+
+    @Test
+  public void testVerificationMethodOfVC()
+      throws IOException, KeyGenerationException, UnsupportedSignatureTypeException, SsiException,
+          InvalidePrivateKeyFormat {
+
+    credentialIssuer = TestIdentityFactory.newIdentityWithED25519Keys();
+    didResolver.register(credentialIssuer);
+
+    // Generator
+    linkedDataProofGenerator = LinkedDataProofGenerator.newInstance(SignatureType.ED21559);
+
+    // Verification
+    linkedDataProofValidation = LinkedDataProofValidation.newInstance(this.didResolver);
+
+    final URI verificationMethod =
+        credentialIssuer.getDidDocument().getVerificationMethods().get(0).getId();
+
+    final VerifiableCredential credential =
+        TestVerifiableFactory.createVerifiableCredential(credentialIssuer, null);
+
+    credential.replace("issuer", "did:test:4efee956-GGGG-42c0-8efb-0716e5e3f8de");
+    final Proof proof =
+        linkedDataProofGenerator.createProof(
+            credential, verificationMethod, credentialIssuer.getPrivateKey());
+
+    final VerifiableCredential credentialWithProof =
+        TestVerifiableFactory.attachProof(credential, proof);
+
+    var isOk = linkedDataProofValidation.verify(credentialWithProof);
+
+    Assertions.assertFalse(isOk);
+  }
 }