Revert "add clock skew to ValidAt (#100)"

This reverts commit 6d13fd4.
nuts-foundation · Mar 28, 2024 · 6e96325 · 6e96325
1 parent d998041
commit 6e96325
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 25 deletions.
diff --git a/vc/vc.go b/vc/vc.go
@@ -183,28 +183,26 @@ func (vc VerifiableCredential) JWT() jwt.Token {
 	return token
 }
 
-// ValidAt checks that t is within the validity window of the credential.
-// The skew parameter allows compensating for some clock skew (set to 0 for strict validation).
-// Return true if
-// - t+skew >= IssuanceDate and ValidFrom
-// - t-skew <= ExpirationDate and ValidUntil
+// ValidAt returns true if
+// - t >= IssuanceDate and ValidFrom
+// - t <= ExpirationDate and ValidUntil
 // For any value that is missing, the evaluation defaults to true
-func (vc VerifiableCredential) ValidAt(t time.Time, skew time.Duration) bool {
+func (vc VerifiableCredential) ValidAt(t time.Time) bool {
 	// IssuanceDate is a required field, but will default to the zero value when missing. (when ValidFrom != nil)
 	// t > IssuanceDate
-	if vc.IssuanceDate != nil && t.Add(skew).Before(*vc.IssuanceDate) {
+	if vc.IssuanceDate != nil && t.Before(*vc.IssuanceDate) {
 		return false
 	}
 	// t > ValidFrom
-	if vc.ValidFrom != nil && t.Add(skew).Before(*vc.ValidFrom) {
+	if vc.ValidFrom != nil && t.Before(*vc.ValidFrom) {
 		return false
 	}
 	// t < ExpirationDate
-	if vc.ExpirationDate != nil && t.Add(-skew).After(*vc.ExpirationDate) {
+	if vc.ExpirationDate != nil && t.After(*vc.ExpirationDate) {
 		return false
 	}
 	// t < ValidUntil
-	if vc.ValidUntil != nil && t.Add(-skew).After(*vc.ValidUntil) {
+	if vc.ValidUntil != nil && t.After(*vc.ValidUntil) {
 		return false
 	}
 	// valid

diff --git a/vc/vc_test.go b/vc/vc_test.go
@@ -475,25 +475,17 @@ func TestCreateJWTVerifiableCredential(t *testing.T) {
 func TestVerifiableCredential_ValidAt(t *testing.T) {
 	lll := time.Date(1999, 0, 0, 0, 0, 0, 0, time.UTC)
 	hhh := time.Date(2001, 0, 0, 0, 0, 0, 0, time.UTC)
-	skew := time.Hour * 24 * 365 * 3 // 3 years, time difference is 2 years
 
 	// no validity period is always true; includes missing IssuanceDate(.IsZero() == true)
-	assert.True(t, VerifiableCredential{}.ValidAt(time.Now(), 0))
-	assert.True(t, VerifiableCredential{}.ValidAt(time.Now(), skew))
+	assert.True(t, VerifiableCredential{}.ValidAt(time.Now()))
 
 	// valid on bounds
-	assert.True(t, VerifiableCredential{IssuanceDate: &lll, ValidFrom: &lll}.ValidAt(lll, 0))
-	assert.True(t, VerifiableCredential{ExpirationDate: &lll, ValidUntil: &lll}.ValidAt(lll, 0))
+	assert.True(t, VerifiableCredential{IssuanceDate: &lll, ValidFrom: &lll}.ValidAt(lll))
+	assert.True(t, VerifiableCredential{ExpirationDate: &lll, ValidUntil: &lll}.ValidAt(lll))
 
 	// invalid
-	assert.False(t, VerifiableCredential{IssuanceDate: &hhh, ValidFrom: &lll}.ValidAt(lll, 0))
-	assert.False(t, VerifiableCredential{IssuanceDate: &lll, ValidFrom: &hhh}.ValidAt(lll, 0))
-	assert.False(t, VerifiableCredential{ExpirationDate: &hhh, ValidUntil: &lll}.ValidAt(hhh, 0))
-	assert.False(t, VerifiableCredential{ExpirationDate: &lll, ValidUntil: &hhh}.ValidAt(hhh, 0))
-
-	// invalid made valid
-	assert.True(t, VerifiableCredential{IssuanceDate: &hhh, ValidFrom: &lll}.ValidAt(lll, skew))
-	assert.True(t, VerifiableCredential{IssuanceDate: &lll, ValidFrom: &hhh}.ValidAt(lll, skew))
-	assert.True(t, VerifiableCredential{ExpirationDate: &hhh, ValidUntil: &lll}.ValidAt(hhh, skew))
-	assert.True(t, VerifiableCredential{ExpirationDate: &lll, ValidUntil: &hhh}.ValidAt(hhh, skew))
+	assert.False(t, VerifiableCredential{IssuanceDate: &hhh, ValidFrom: &lll}.ValidAt(lll))
+	assert.False(t, VerifiableCredential{IssuanceDate: &lll, ValidFrom: &hhh}.ValidAt(lll))
+	assert.False(t, VerifiableCredential{ExpirationDate: &hhh, ValidUntil: &lll}.ValidAt(hhh))
+	assert.False(t, VerifiableCredential{ExpirationDate: &lll, ValidUntil: &hhh}.ValidAt(hhh))
 }