From adb454d85c65b8fc60c187565aba8a7e253af3ba Mon Sep 17 00:00:00 2001 From: "Colton Wolkins (Indicio work address)" Date: Wed, 7 Sep 2022 16:18:52 -0600 Subject: [PATCH 1/2] feat: Validate suppliments on proof First pass at suppliment verification Signed-off-by: Colton Wolkins (Indicio work address) --- .../v2_0/formats/indy/handler.py | 57 +++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py b/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py index 08d5db347b..a079aa1b9e 100644 --- a/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py +++ b/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py @@ -17,6 +17,8 @@ from ......messaging.decorators.attach_decorator import AttachDecorator from ......messaging.util import canon from ......wallet.models.attachment_data_record import AttachmentDataRecord +from ......wallet.util import b64_to_bytes +from .....issue_credential.v2_0.hashlink import Hashlink from ....indy.pres_exch_handler import IndyPresExchHandler @@ -376,6 +378,61 @@ async def verify_pres(self, pres_ex_record: V20PresExRecord) -> V20PresExRecord: rev_reg_defs, rev_reg_entries, ) + + valid_suppliments = True + + def find_attachment(attatchment_id: str)->str: + for attachment in pres_ex_record.attach: + if attachment.ident == attatchment_id: + return attachment + return None + + def find_supplement_attr(supplement, key): + for attr in supplement.attrs: + if attr.key == key: + return attr.value + return None + + supplements = pres_ex_record.supplements + for supplement in supplements: + + # Only hashlink data validation is supported at the moment + if supplement.type != "hashlink-data": + if not data: + valid_suppliments = False + break + + attatchment_id = supplements.ref + attachment = find_attachment(attatchment_id) + + # No matching attachment found + if not attachment: + valid_suppliments = False + break + + # Assuming that only B64 data attachment is allowed, retreive the data + data = attachment.data.base64 + if not data: + valid_suppliments = False + break + + # Grab the attr that contains the hashlink + key = find_supplement_attr(supplement, "field") + + # Retrieve the hashlink and the associated decoded data + hashlink = indy_proof["requested_proof"]["revealed_attrs"][key]["raw"] + data = b64_to_bytes(data, urlsafe=True) + + # Verify the hashlinks + valid_suppliments = Hashlink.verify(hashlink, data) + + # Don't bother verifying more suppliments if this one failed to validate + if not valid_suppliments: + break + + if verified and not valid_suppliments: + verified = valid_suppliments + pres_ex_record.verified = json.dumps(verified) pres_ex_record.verified_msgs = list(set(verified_msgs)) return pres_ex_record From ea26976516cb74579cb934762b7a6588e481e3d3 Mon Sep 17 00:00:00 2001 From: "Colton Wolkins (Indicio work address)" Date: Thu, 8 Sep 2022 11:22:45 -0600 Subject: [PATCH 2/2] fix: Remove if statement from copy-paste Signed-off-by: Colton Wolkins (Indicio work address) --- .../protocols/present_proof/v2_0/formats/indy/handler.py | 1 - 1 file changed, 1 deletion(-) diff --git a/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py b/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py index a079aa1b9e..7a94f5b612 100644 --- a/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py +++ b/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py @@ -398,7 +398,6 @@ def find_supplement_attr(supplement, key): # Only hashlink data validation is supported at the moment if supplement.type != "hashlink-data": - if not data: valid_suppliments = False break