feat: implement verifier manager

[Nebulis]

Quick summary

So the grand idea is that we will have a verificationManager that can take in verificationMethods

so each verificationMethod will have:
- a test to check if that method will run
- the verification mechanism itself

so, for the current one, we will have likely:
- OpenAttestationTamperCheck
- OpenAttestationEthereumDocumentStoreIssued
- OpenAttestationEthereumDocumentStoreRevoked
- OpenAttestationDnsTxtIdentity

it will also be loaded with:
- OpenCertsRegistryIdentity

each of these will be an object 
{
  test: (Document) => boolean,
  verify: (Document) => VerificationFragment
}

A VerificationFragement will be like: 

{
  type: "OpenAttestationDnsTxtIdentity",
  data: "mpa.gov.sg",
  message: "Error or warning message",
  status: "VALID" | "WARNING" | "ERROR"
}

The verificationManager will summarise all the Fragments and provide a summary as well (for those dev who are too lazy to go further)

The verification manager can also take in conditions to determine the summary status: ie Tamper && Issued && Revoke && (DNS || Registry), etc

Implementation details

• verificationManager is a function that takes a list of verifiers and return a function. The function expect a signed document and some options as parameter. Options parameter expect the following:
  • a mandatory network string (for instance ropsten)
  • an optional infuraApiKey string
  • an optional promisesCallback callback function that will provide back the promises resolving to the verifications.
• There are 4 verifiers:
  • openAttestationTamperCheck
  • openAttestationEthereumDocumentStoreIssued
  • openAttestationEthereumDocumentStoreRevoked
  • openAttestationDnsTxtIdentity
• There is a defaultVerificationManager pre-built having in parameter all the verifiers available in this repository
• There are 2 validations functions: isValid and isInvalid
• A verifier is an object that expect 3 functions:
  • test: who must return true or false. The function must indicate whether condition are fulfilled for the verifier to run on a specific signed document
  • verify: who must return the result of the verification as a VerificationFragment
  • skip: who must return the result of a verification when it's skipped by providing additional data on why the validation didn't run.

TODO

• add tests

[Nebulis]

I've added tests for verifiers (testing the verifier only not internals)
Didn't add test for the managers => there are already integration tests
Removed apikey as discussed

[yehjxraymond]

Am thinking that the type should be succinct and general, serving more as a class of verification. We can put these as name of the verification method instead.

Valid class of checks:
INTEGRITY class verification methods checks if the document has been tampered with.
ISSUANCE_STATUES class verification methods checks if the document has been issued and is in the right status (ie. not revoked)
ISSUER_IDENTITY class verification methods checks for the issuer's identity.

In this case the default methods will be:
OpenAttestationTamperCheck -> INTEGRITY
OpenAttestationEthereumDocumentStoreIssued => ISSUANCE_STATUS
OpenAttestationEthereumDocumentStoreRevoked => ISSUANCE_STATUS
OpenAttestationDnsTxtIdentity => ISSUER_IDENTITY

Possible extension will look like:
OpenAttestationEthereumTokenRegistryIssued => ISSUANCE_STATUS
OpenCertsIdentityRegistry => ISSUER_IDENTITY
SomeCountryIdentityRegistry => ISSUER_IDENTITY
CustomExpiryCheck => ISSUANCE_STATUS

Using a known class, it can allow client application to check what type of checks has been performed it they like.

[Nebulis]

done

[yehjxraymond]

Just a question...

If I have the OpenCertsRegistry extension:

1. This method will show skipped
2. OpenCertsRegistry method will show valid

How should I go about handling it in the method isValid?

[yehjxraymond]

Suggested change

	import { verificationManager } from "./verifiers/verificationManager";
	import { verificationBuilder } from "./verifiers/verificationBuilder";

[Nebulis]

done

[yehjxraymond]

Suggested change

	const defaultVerificationManager = verificationManager(defaultVerifiers);
	const verify = verificationBuilder(defaultVerifiers);

[Nebulis]

done

[yehjxraymond]

export {
  verify,
  verificationBuilder,
  isValid,
  isInvalid,
  defaultVerifiers,
  verifiers
}

[yehjxraymond]

isValid(document, requiredChecksClasses)

usage example
isValid(document, ["ISSUER_IDENTITY", "ISSUANCE_STATUS", "INTEGRITY"])

[yehjxraymond]

Basically isValid checks the fragments that EVERY required checks classes to have at EVERY test either "VALID" or "SKIPPED" and has at least one "VALID".

For example for a documentStore
issued: valid
revoked: invalid
will result in "invalid"

In another case:
issued: valid
revoked: skipped
will result in "valid"

[Nebulis]

done

[yehjxraymond]

For token registry, we should check of any/some instead of every.

The reason is that if it's using tokenRegistry it MUST be only one issuer, cannot mix it around with documentstore or other tokenregistry.

In the verify function we can throw INVALID if it has been mixed

[Nebulis]

done, returning error if more than one token registry or mix of methods

[yehjxraymond]

Should we test using some instead?
This will make the verify run for documents that mixes around documentStore and other methods, and that's where this function should throw?

[Nebulis]

done, returning error if one of the issuer is invalid (i.e. doesnt have document store or certificate store)

[john-dot-oa]

🎉 This PR is included in version 2.2.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀