Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic support for credential revocation and revocation registry handling #306

Merged
merged 31 commits into from
Mar 5, 2020
Merged

Basic support for credential revocation and revocation registry handling #306

merged 31 commits into from
Mar 5, 2020

Conversation

andrewwhitehead
Copy link
Contributor

  • Adds RevocationRegistry class for interfacing with local and external revocation registries
  • Adds IssuerRevocationRecord for tracking revocation registry generation and issuance
  • Adds an admin route for generating a new registry against a credential definition
  • Adds parameters to credential-definition and issue-credential routes for supporting revocation

@andrewwhitehead andrewwhitehead added the incomplete Needs more work label Dec 13, 2019
@lgtm-com
Copy link

lgtm-com bot commented Dec 13, 2019

This pull request introduces 1 alert when merging c3c1010 into 6d42d1e - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

@codecov-io
Copy link

codecov-io commented Dec 13, 2019
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@89b350d). Click here to learn what that means.
The diff coverage is 45.45%.

@@            Coverage Diff            @@
##             master     #306   +/-   ##
=========================================
  Coverage          ?   86.85%           
=========================================
  Files             ?      243           
  Lines             ?    11874           
  Branches          ?        0           
=========================================
  Hits              ?    10313           
  Misses            ?     1561           
  Partials          ?        0

@lgtm-com
Copy link

lgtm-com bot commented Dec 13, 2019

This pull request introduces 1 alert when merging a5bfd36 into 6d42d1e - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

@andrewwhitehead
Copy link
Contributor Author

Remaining work:

  • When a credential is revoked, the delta that is produced should likely be combined with the revocation entry on the associated IssuerRevocationRecord if there is a previous entry. This can be done with indy.anoncreds.issuer_merge_revocation_registry_deltas.

  • There is likely a need for a separate Admin API call in the revocation package to publish the current revocation entry on an IssuerRevocationRecord (referenced by revocation registry ID) to the ledger. At the moment only the initial entry is published, when revocation/create-registry is called.

  • The number of credentials issued against a revocation registry is not currently tracked (except internally by Indy, but that value is not exposed). Either the controller could track this itself, or it could be stored on the IssuerRevocationRecord. It might also be useful to track the date of the earliest unpublished delta per IssuerRevocationRecord and use this when determining whether to publish changes to the ledger.

  • Changes are required to catch the exception thrown when trying to issue a credential against a full revocation registry and set an error state on the credential exchange. The controller might use this as a signal to create and publish a new registry.

@swcurran swcurran mentioned this pull request Dec 16, 2019
Closed
3 tasks
sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/messaging/credential_definitions/routes.py
**INDY_SCHEMA_ID
schema_id = fields.Str(description="Schema identifier", **INDY_SCHEMA_ID)
support_revocation = fields.Boolean(
required=False, description="Revocation supported flag"
Copy link
Contributor

@sklump sklump Dec 17, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

default=False is implicit here by the way the code gets the value, but setting it explicitly could be useful here for clarity of intent?

sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/messaging/schemas/routes.py
required=True,
description="List of schema attributes"
description="List of schema attributes",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comma consistency

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's an annoying issue with the Black autoformatter, it will insert the trailing comma when a call spans multiple lines, but doesn't remove it when it later shortens it to one line.

sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/messaging/schemas/routes.py
description="attribute name",
example="score",
),
fields.Str(description="attribute name", example="score",),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comma consistency

sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/messaging/schemas/routes.py
description="Schema name",
example="prefs",
)
schema_name = fields.Str(required=True, description="Schema name", example="prefs",)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comma consistency

sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/messaging/schemas/routes.py
description="Attribute name",
example="score",
),
fields.Str(description="Attribute name", example="score",),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comma consistency

sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/messaging/schemas/routes.py
"schema": {"type": "string"},
"required": False,
} for p in SCHEMA_TAGS
{"name": p, "in": "query", "schema": {"type": "string"}, "required": False}
Copy link
Contributor

@sklump sklump Dec 17, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me this looks way less clear than the one on the left. My impression only.

sklump
sklump reviewed Dec 17, 2019
View reviewed changes
aries_cloudagent/protocols/issue_credential/v1_0/manager.py
@@ -142,7 +154,7 @@ def context(self) -> InjectionContext:
schema_name=schema_name,
schema_version=schema_version,
cred_def_id=cred_def_id,
issuer_did=issuer_did
issuer_did=issuer_did,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hate to harp on comma consistency so I'll stop here.

@lgtm-com
Copy link

lgtm-com bot commented Jan 31, 2020

This pull request introduces 1 alert when merging 3f63113 into 9e30014 - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

@lgtm-com
Copy link

lgtm-com bot commented Feb 11, 2020

This pull request introduces 2 alerts when merging 26c8228 into 0b3cdc0 - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes
  • 1 for Unused local variable

@lgtm-com
Copy link

lgtm-com bot commented Feb 12, 2020

This pull request introduces 1 alert when merging 705c463 into 0b3cdc0 - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

sklump
sklump reviewed Feb 12, 2020
View reviewed changes
demo/runners/support/agent.py
log_msg(f"Revocation Registry ID: {revocation_registry_id}")
assert tails_hash == my_tails_hash

# Real app should publish tail file somewhere and update the revocation registry with the URI.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tails

sklump
sklump reviewed Feb 12, 2020
View reviewed changes
aries_cloudagent/revocation/routes.py
except RevocationNotSupportedError as e:
raise web.HTTPBadRequest(reason=e.message) from e
await shield(
registry_record.generate_registry(context, RevocationRegistry.get_temp_dir())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This operation can take minutes - consider a background process that generates the revocation registry ahead of time, with tag increment.

Alternatively, the non-secrets API could hold a work queue.

pengyuc and others added 14 commits March 4, 2020 08:56
@pengyuc @andrewwhitehead
Create proof with correct timestamp and have the verifier verify a no…
cdec2de 
…n-revoked proof

Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Revoke credentials and tested that the verifier would detect the proo…
19963d3 
…f is not valid.

Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Fix style complaints with black
2febb42 
Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Fix existing unit tests
281457c 
Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Fix existing indy unit tests
f136637 
Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Fix existing indy unit tests style
aac849d 
Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Update and clean up the performance demo.
a7479c4 
The revocation part in performance demo is disabled because the revocation registry won't be found immediately after they are registered.

Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Catch revocation registry full error and throw a IssuerError exception
4baf48f 
Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Fixed agent admin response when revocation registry is full.
15fc42a 
Changed the faber demo to add another revocation registry when it is full.

Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Changed the faber-alice demo to better support revocation demo:
edfca0e 
- Select latest credential when making proof
- Add an option to add revocation registry
- Catch error when issuing credential

Signed-off-by: Pengyu Chen <[email protected]>
@pengyuc @andrewwhitehead
Add document on how to do credential revocation.
8dd4fc0 
Signed-off-by: Pengyu Chen <[email protected]>
@andrewwhitehead
fix typo
ff07c71 
Signed-off-by: Andrew Whitehead <[email protected]>
@andrewwhitehead
tail -> tails and remove print statements
3be1d9b 
Signed-off-by: Andrew Whitehead <[email protected]>
@andrewwhitehead
address method signature mismatches
75fd1be 
Signed-off-by: Andrew Whitehead <[email protected]>
@lgtm-com
Copy link

lgtm-com bot commented Mar 4, 2020

This pull request introduces 1 alert when merging 75fd1be into 26f7107 - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

@andrewwhitehead andrewwhitehead marked this pull request as ready for review March 4, 2020 17:23
@andrewwhitehead andrewwhitehead removed the incomplete Needs more work label Mar 4, 2020
@lgtm-com
Copy link

lgtm-com bot commented Mar 5, 2020

This pull request introduces 1 alert when merging 4522cee into 3c719eb - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

@andrewwhitehead
minor cleanups
3b95740 
Signed-off-by: Andrew Whitehead <[email protected]>
@lgtm-com
Copy link

lgtm-com bot commented Mar 5, 2020

This pull request introduces 1 alert when merging 3b95740 into 3c719eb - view on LGTM.com

new alerts:

  • 1 for __eq__ not overridden when adding attributes

sklump
sklump approved these changes Mar 5, 2020
View reviewed changes
Copy link
Contributor

@sklump sklump left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

demo/runners/faber.py Show resolved Hide resolved
@andrewwhitehead andrewwhitehead merged commit 6a96cad into openwallet-foundation:master Mar 5, 2020
@andrewwhitehead andrewwhitehead deleted the feature/rev-reg branch February 25, 2021 23:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sklump sklump sklump approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@andrewwhitehead @codecov-io @sklump @jonathandolan @pengyuc