From 8761e3f8a06bbce1208ee73aec546b7f556d6fc9 Mon Sep 17 00:00:00 2001
From: Ivan Herman <ivan@ivan-herman.net>
Date: Mon, 24 Jun 2024 15:34:06 +0200
Subject: [PATCH] Handling the 'previous proof'

These triples should not be part of the proof graph hash, per the cryptosuite spec. Should be removed when verifying...
---
 index.ts           | 15 +++++++++++++--
 lib/proof_utils.ts |  1 +
 package.json       |  4 ++--
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/index.ts b/index.ts
index 62fd841..3f0f75e 100644
--- a/index.ts
+++ b/index.ts
@@ -13,7 +13,14 @@ import * as types        from './lib/types';
 
 import { Errors, KeyData, VerificationResult, Cryptosuites } from './lib/types';
 import { isKeyData, isDatasetCore, convertToStore, DatasetMap, GraphWithID, calculateDatasetHash } from './lib/utils';
-import { generateAProofGraph, verifyProofGraphs, rdf_type, sec_di_proof, sec_proof, sec_prefix }   from './lib/proof_utils';
+import { 
+    generateAProofGraph, verifyProofGraphs, 
+    rdf_type, 
+    sec_di_proof, 
+    sec_proof, 
+    sec_prefix, 
+    sec_previousProof 
+}   from './lib/proof_utils';
 
 /* This file is also the "top level", so a number of exports are put here to be more friendly to users */
 export type { KeyData, VerificationResult, KeyMetadata } from './lib/types';
@@ -144,7 +151,7 @@ export async function embedProofGraph(dataset: rdf.DatasetCore, keyData: KeyData
     // Adding the chain statements, if required
     if (isKeyChain) {
         for (let i = 1; i < chain.length; i++) {
-            const q = quad(chain[i].proofId, sec_prefix("previousProof"), chain[i - 1].proofId, chain[i].graph);
+            const q = quad(chain[i].proofId, sec_previousProof, chain[i - 1].proofId, chain[i].graph);
             retval.add(q);
         }
     }
@@ -206,6 +213,10 @@ export async function verifyEmbeddedProofGraph(dataset: rdf.DatasetCore, anchor?
             // this is an extra entry, not part of the triples that were signed
             // neither it is part of any proof graphs
             continue;
+        } else if(q.predicate.equals(sec_previousProof)) {
+            // Per the cryptosuite specifications, the "previous proof" statement is not part of the "proof options", ie,
+            // should not be used for the generation of the final proof. It was not used to generate the proof graph when signing.
+            continue;
         } else if(q.graph.termType === "DefaultGraph") {
             dataStore.add(q)
         } else if(proofGraphs.has(q.graph)) {
diff --git a/lib/proof_utils.ts b/lib/proof_utils.ts
index de027e2..4f436b1 100644
--- a/lib/proof_utils.ts
+++ b/lib/proof_utils.ts
@@ -48,6 +48,7 @@ export const sec_expires: rdf.NamedNode              = sec_prefix('expires');
 export const sec_revoked: rdf.NamedNode              = sec_prefix('revoked');
 export const sec_created: rdf.NamedNode              = sec_prefix('created');
 export const xsd_datetime: rdf.NamedNode             = xsd_prefix('dateTime');
+export const sec_previousProof: rdf.NamedNode        = sec_prefix("previousProof");
 
 
 /**
diff --git a/package.json b/package.json
index 98a72eb..25ec19e 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "rdfjs-di",
-  "version": "0.0.9",
-  "date": "2024-06-12",
+  "version": "0.0.95",
+  "date": "2024-06-25",
   "description": "Secure an RDF Dataset through VC's Data Integrity",
   "main": "dist/index.js",
   "scripts": {