feat: Properly dealing with late publishing based on multiple witness…

… timestamps

Check VC timestamp against witness timestamp.

Closes trustbloc#1336

Signed-off-by: Sandra Vrtikapa <[email protected]>

pkg/anchor/handler/proof/handler.go

@@ -94,7 +94,7 @@ type witnessPolicy interface {
 }
 
 // HandleProof handles proof.
-func (h *WitnessProofHandler) HandleProof(witness *url.URL, anchor string, endTime time.Time, proof []byte) error { //nolint:lll
+func (h *WitnessProofHandler) HandleProof(witness *url.URL, anchor string, endTime time.Time, proof []byte) error { //nolint:lll,funlen,gocyclo
 	logger.Debugf("received proof for anchor [%s] from witness[%s], proof: %s",
 		anchor, witness.String(), string(proof))
 
@@ -132,12 +132,6 @@ func (h *WitnessProofHandler) HandleProof(witness *url.URL, anchor string, endTi
 		return fmt.Errorf("failed to retrieve anchor link [%s]: %w", anchor, err)
 	}
 
-	err = h.WitnessStore.AddProof(anchor, witness, proof)
-	if err != nil {
-		return fmt.Errorf("failed to add witness[%s] proof for anchor [%s]: %w",
-			witness.String(), anchor, err)
-	}
-
 	vc, err := util.VerifiableCredentialFromAnchorLink(anchorLink,
 		verifiable.WithDisabledProofCheck(),
 		verifiable.WithJSONLDDocumentLoader(h.DocLoader),
@@ -146,6 +140,32 @@ func (h *WitnessProofHandler) HandleProof(witness *url.URL, anchor string, endTi
 		return fmt.Errorf("failed get verifiable credential from anchor: %w", err)
 	}
 
+	vcIssuedTime := vc.Issued.Time
+
+	proofCreatedTime, err := getCreatedTime(witnessProof)
+	if err != nil {
+		return fmt.Errorf("failed to get create time from witness[%s] proof for anchor[%s] : %w",
+			witness.String(), anchor, err)
+	}
+
+	// TODO: configure this
+	const delta = time.Hour
+
+	timeDifference := getTimeDifference(vcIssuedTime, proofCreatedTime)
+	if timeDifference > delta {
+		// TODO: proof should be ignored?
+		// this is similar to receiving proof came after expiry time (non-recoverable) so nothing to do here
+		// TODO: return after log statement and fix unit-tests if this logic is correct
+		logger.Infof("time difference between proof created time for anchor[%s] from witness[%s] "+
+			"and VC issued time is too great.", anchor, witness.String())
+	}
+
+	err = h.WitnessStore.AddProof(anchor, witness, proof)
+	if err != nil {
+		return fmt.Errorf("failed to add witness[%s] proof for anchor [%s]: %w",
+			witness.String(), anchor, err)
+	}
+
 	err = h.setupMonitoring(witnessProof, vc, endTime)
 	if err != nil {
 		return fmt.Errorf("failed to setup monitoring for anchor [%s]: %w", anchor, err)
@@ -154,15 +174,18 @@ func (h *WitnessProofHandler) HandleProof(witness *url.URL, anchor string, endTi
 	return h.handleWitnessPolicy(anchorLink, vc)
 }
 
-func (h *WitnessProofHandler) setupMonitoring(wp vct.Proof, vc *verifiable.Credential, endTime time.Time) error {
-	var created string
-	if createdVal, ok := wp.Proof["created"].(string); ok {
-		created = createdVal
+func getTimeDifference(t1, t2 time.Time) time.Duration {
+	if t1.After(t2) {
+		return t1.Sub(t2)
 	}
 
-	createdTime, err := time.Parse(time.RFC3339, created)
+	return t2.Sub(t1)
+}
+
+func (h *WitnessProofHandler) setupMonitoring(wp vct.Proof, vc *verifiable.Credential, endTime time.Time) error {
+	createdTime, err := getCreatedTime(wp)
 	if err != nil {
-		return fmt.Errorf("parse created: %w", err)
+		return err
 	}
 
 	var domain string
@@ -173,6 +196,20 @@ func (h *WitnessProofHandler) setupMonitoring(wp vct.Proof, vc *verifiable.Crede
 	return h.MonitoringSvc.Watch(vc, endTime, domain, createdTime)
 }
 
+func getCreatedTime(wp vct.Proof) (time.Time, error) {
+	var created string
+	if createdVal, ok := wp.Proof["created"].(string); ok {
+		created = createdVal
+	}
+
+	createdTime, err := time.Parse(time.RFC3339, created)
+	if err != nil {
+		return time.Time{}, fmt.Errorf("parse created: %w", err)
+	}
+
+	return createdTime, nil
+}
+
 func (h *WitnessProofHandler) handleWitnessPolicy(anchorLink *linkset.Link, vc *verifiable.Credential) error { //nolint:funlen,gocyclo,cyclop,lll
 	anchorID := anchorLink.Anchor().String()