KILTprotocol · aybarsayan · Nov 20, 2024 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024
diff --git a/packages/credentials/src/V1/KiltCredentialV1.ts b/packages/credentials/src/V1/KiltCredentialV1.ts
@@ -327,15 +327,77 @@ export function fromInput({
 
 const cachingCTypeLoader = newCachingCTypeLoader()
 
+// Check recursively if a value has references
+const hasRef = (value: unknown): boolean => {
+  if (typeof value !== 'object' || value === null) {
+    return false
+  }
+
+  if ('$ref' in (value as Record<string, unknown>)) {
+    return true
+  }
+
+  if (Array.isArray(value)) {
+    return value.some((item) => hasRef(item))
+  }
+
+  return Object.values(value as Record<string, unknown>).some((v) => hasRef(v))
+}
+
+// Single function to both check for references and extract them
+function extractUniqueReferences(
+  cType: ICType,
+  references: Set<string> = new Set<string>()
+): Set<string> {
+  if (typeof cType?.properties !== 'object' || cType.properties === null) {
+    return references
+  }
+
+  const processValue = (value: unknown): void => {
+    if (typeof value !== 'object' || value === null) {
+      return
+    }
+    const objValue = value as Record<string, unknown>
+    if ('$ref' in objValue) {
+      const ref = objValue.$ref as string
+      if (ref.startsWith('kilt:ctype:')) {
+        references.add(ref.split('#/')[0])
+      }
+    }
+
+    if (Array.isArray(value)) {
+      value.forEach(processValue)
+    } else {
+      Object.values(objValue).forEach(processValue)
+    }
+  }
+
+  processValue(cType.properties)
+  return references
+}
+
 /**
  * Validates the claims in the VC's `credentialSubject` against a CType definition.
+ * Supports both nested and non-nested CType validation.
+ * For non-nested CTypes:
+ * - Validates claims directly against the CType schema.
+ * For nested CTypes:
+ * - Automatically detects nested structure through $ref properties.
+ * - Fetches referenced CTypes from the blockchain.
+ * - Performs validation against the main CType and all referenced CTypes.
  *
  * @param credential A {@link KiltCredentialV1} type verifiable credential.
  * @param credential.credentialSubject The credentialSubject to be validated.
  * @param credential.type The credential's types.
  * @param options Options map.
- * @param options.cTypes One or more CType definitions to be used for validation. If `loadCTypes` is set to `false`, validation will fail if the definition of the credential's CType is not given.
- * @param options.loadCTypes A function to load CType definitions that are not in `cTypes`. Defaults to using the {@link newCachingCTypeLoader | CachingCTypeLoader}. If set to `false` or `undefined`, no additional CTypes will be loaded.
+ * @param options.cTypes One or more CType definitions to be used for validation. If loadCTypes is set to false, validation will fail if the definition of the credential's CType is not given.
+ * @param options.loadCTypes A function to load CType definitions that are not in cTypes. Defaults to using the {@link newCachingCTypeLoader | CachingCTypeLoader}. If set to false or undefined, no additional CTypes will be loaded.
+ *
+ * @throws {Error} If the credential type does not contain a valid CType id.
+ * @throws {Error} If required CType definitions cannot be loaded.
+ * @throws {Error} If claims do not follow the expected CType format.
+ * @throws {Error} If referenced CTypes in nested structure cannot be fetched from the blockchain.
+ * @throws {Error} If validation fails against the CType schema.
  */
 export async function validateSubject(
   {
@@ -354,6 +416,7 @@ export async function validateSubject(
   if (!credentialsCTypeId) {
     throw new Error('credential type does not contain a valid CType id')
   }
+
   // check that we have access to the right schema
   let cType = cTypes?.find(({ $id }) => $id === credentialsCTypeId)
   if (!cType) {
@@ -385,6 +448,35 @@ export async function validateSubject(
       [key.substring(vocab.length)]: value,
     }
   }, {})
-  // validates against CType (also validates CType schema itself)
-  CType.verifyClaimAgainstSchema(claims, cType)
+
+  try {
+    const references = extractUniqueReferences(cType)
+
+    const referencedCTypes = await Promise.all(
+      Array.from(references).map(async (ref) => {
+        try {
+          const referencedCType = await cachingCTypeLoader(ref as any)
+          return referencedCType
+        } catch (error) {
+          // eslint-disable-next-line no-console
+          console.error(`Failed to fetch CType for reference ${ref}:`, error)
+          throw error
+        }
+      })
+    )
+
+    const validCTypes = referencedCTypes.filter(
+      (ctype): ctype is ICType => ctype !== undefined && ctype !== null
+    )
+
+    if (validCTypes.length === references.size) {
+      await CType.verifyClaimAgainstNestedSchemas(cType, validCTypes, claims)
+    } else {
+      throw new Error('Some referenced CTypes could not be fetched')
+    }
+  } catch (error) {
+    // eslint-disable-next-line no-console
+    console.error('Validation error:', error)
+    throw error
+  }
 }