Skip to content

Commit

Permalink
fix: issuance with unqualified identifiers (#1431)
Browse files Browse the repository at this point in the history
Signed-off-by: Timo Glastra <[email protected]>
  • Loading branch information
TimoGlastra authored Apr 14, 2023
1 parent b38525f commit de90caf
Show file tree
Hide file tree
Showing 57 changed files with 1,328 additions and 881 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ import {
AnonCredsCredentialRepository,
AnonCredsLinkSecretRepository,
AnonCredsRestrictionWrapper,
legacyIndyCredentialDefinitionIdRegex,
unqualifiedCredentialDefinitionIdRegex,
AnonCredsRegistryService,
} from '@aries-framework/anoncreds'
import { AriesFrameworkError, JsonTransformer, TypedArrayEncoder, injectable, utils } from '@aries-framework/core'
Expand Down Expand Up @@ -213,7 +213,7 @@ export class AnonCredsRsHolderService implements AnonCredsHolderService {
throw new AnonCredsRsError('Link Secret value not stored')
}

const isLegacyIdentifier = credentialOffer.cred_def_id.match(legacyIndyCredentialDefinitionIdRegex)
const isLegacyIdentifier = credentialOffer.cred_def_id.match(unqualifiedCredentialDefinitionIdRegex)
if (!isLegacyIdentifier && useLegacyProverDid) {
throw new AriesFrameworkError('Cannot use legacy prover_did with non-legacy identifiers')
}
Expand Down
39 changes: 36 additions & 3 deletions packages/anoncreds-rs/src/services/AnonCredsRsIssuerService.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ import type { AgentContext } from '@aries-framework/core'
import type { CredentialDefinitionPrivate, JsonObject, KeyCorrectnessProof } from '@hyperledger/anoncreds-shared'

import {
parseIndyDid,
getUnqualifiedSchemaId,
parseIndySchemaId,
isUnqualifiedCredentialDefinitionId,
AnonCredsKeyCorrectnessProofRepository,
AnonCredsCredentialDefinitionPrivateRepository,
AnonCredsCredentialDefinitionRepository,
Expand Down Expand Up @@ -87,22 +91,35 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {

let credentialOffer: CredentialOffer | undefined
try {
// The getByCredentialDefinitionId supports both qualified and unqualified identifiers, even though the
// record is always stored using the qualified identifier.
const credentialDefinitionRecord = await agentContext.dependencyManager
.resolve(AnonCredsCredentialDefinitionRepository)
.getByCredentialDefinitionId(agentContext, options.credentialDefinitionId)

// We fetch the keyCorrectnessProof based on the credential definition record id, as the
// credential definition id passed to this module could be unqualified, and the key correctness
// proof is only stored using the qualified identifier.
const keyCorrectnessProofRecord = await agentContext.dependencyManager
.resolve(AnonCredsKeyCorrectnessProofRepository)
.getByCredentialDefinitionId(agentContext, options.credentialDefinitionId)
.getByCredentialDefinitionId(agentContext, credentialDefinitionRecord.credentialDefinitionId)

if (!credentialDefinitionRecord) {
throw new AnonCredsRsError(`Credential Definition ${credentialDefinitionId} not found`)
}

let schemaId = credentialDefinitionRecord.credentialDefinition.schemaId

// if the credentialDefinitionId is not qualified, we need to transform the schemaId to also be unqualified
if (isUnqualifiedCredentialDefinitionId(options.credentialDefinitionId)) {
const { namespaceIdentifier, schemaName, schemaVersion } = parseIndySchemaId(schemaId)
schemaId = getUnqualifiedSchemaId(namespaceIdentifier, schemaName, schemaVersion)
}

credentialOffer = CredentialOffer.create({
credentialDefinitionId,
keyCorrectnessProof: keyCorrectnessProofRecord?.value,
schemaId: credentialDefinitionRecord.credentialDefinition.schemaId,
schemaId,
})

return credentialOffer.toJson() as unknown as AnonCredsCredentialOffer
Expand Down Expand Up @@ -135,9 +152,25 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {
.resolve(AnonCredsCredentialDefinitionRepository)
.getByCredentialDefinitionId(agentContext, options.credentialRequest.cred_def_id)

// We fetch the private record based on the cred def id from the cred def record, as the
// credential definition id passed to this module could be unqualified, and the private record
// is only stored using the qualified identifier.
const credentialDefinitionPrivateRecord = await agentContext.dependencyManager
.resolve(AnonCredsCredentialDefinitionPrivateRepository)
.getByCredentialDefinitionId(agentContext, options.credentialRequest.cred_def_id)
.getByCredentialDefinitionId(agentContext, credentialDefinitionRecord.credentialDefinitionId)

let credentialDefinition = credentialDefinitionRecord.credentialDefinition

if (isUnqualifiedCredentialDefinitionId(options.credentialRequest.cred_def_id)) {
const { namespaceIdentifier, schemaName, schemaVersion } = parseIndySchemaId(credentialDefinition.schemaId)
const { namespaceIdentifier: unqualifiedDid } = parseIndyDid(credentialDefinition.issuerId)
parseIndyDid
credentialDefinition = {
...credentialDefinition,
schemaId: getUnqualifiedSchemaId(namespaceIdentifier, schemaName, schemaVersion),
issuerId: unqualifiedDid,
}
}

credential = Credential.create({
credentialDefinition: credentialDefinitionRecord.credentialDefinition as unknown as JsonObject,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
import type { AnonCredsProofRequest } from '@aries-framework/anoncreds'

import {
getUnqualifiedSchemaId,
parseIndySchemaId,
getUnqualifiedCredentialDefinitionId,
parseIndyCredentialDefinitionId,
AnonCredsModuleConfig,
AnonCredsHolderServiceSymbol,
AnonCredsIssuerServiceSymbol,
Expand Down Expand Up @@ -236,4 +240,212 @@ describeRunInNodeVersion([18], 'AnonCredsRsServices', () => {

expect(verifiedProof).toBeTruthy()
})

test('issuance flow with unqualified identifiers', async () => {
// Use qualified identifiers to create schema and credential definition (we only support qualified identifiers for these)
const issuerId = 'did:indy:pool:localtest:A4CYPASJYRZRt98YWrac3H'

const schema = await anonCredsIssuerService.createSchema(agentContext, {
attrNames: ['name', 'age'],
issuerId,
name: 'Employee Credential',
version: '1.0.0',
})

const { schemaState } = await registry.registerSchema(agentContext, {
schema,
options: {},
})

const { credentialDefinition, credentialDefinitionPrivate, keyCorrectnessProof } =
await anonCredsIssuerService.createCredentialDefinition(agentContext, {
issuerId,
schemaId: schemaState.schemaId as string,
schema,
tag: 'Employee Credential',
supportRevocation: false,
})

const { credentialDefinitionState } = await registry.registerCredentialDefinition(agentContext, {
credentialDefinition,
options: {},
})

if (
!credentialDefinitionState.credentialDefinition ||
!credentialDefinitionState.credentialDefinitionId ||
!schemaState.schema ||
!schemaState.schemaId
) {
throw new Error('Failed to create schema or credential definition')
}

if (!credentialDefinitionPrivate || !keyCorrectnessProof) {
throw new Error('Failed to get private part of credential definition')
}

await agentContext.dependencyManager.resolve(AnonCredsSchemaRepository).save(
agentContext,
new AnonCredsSchemaRecord({
schema: schemaState.schema,
schemaId: schemaState.schemaId,
methodName: 'inMemory',
})
)

await agentContext.dependencyManager.resolve(AnonCredsCredentialDefinitionRepository).save(
agentContext,
new AnonCredsCredentialDefinitionRecord({
credentialDefinition: credentialDefinitionState.credentialDefinition,
credentialDefinitionId: credentialDefinitionState.credentialDefinitionId,
methodName: 'inMemory',
})
)

await agentContext.dependencyManager.resolve(AnonCredsCredentialDefinitionPrivateRepository).save(
agentContext,
new AnonCredsCredentialDefinitionPrivateRecord({
value: credentialDefinitionPrivate,
credentialDefinitionId: credentialDefinitionState.credentialDefinitionId,
})
)

await agentContext.dependencyManager.resolve(AnonCredsKeyCorrectnessProofRepository).save(
agentContext,
new AnonCredsKeyCorrectnessProofRecord({
value: keyCorrectnessProof,
credentialDefinitionId: credentialDefinitionState.credentialDefinitionId,
})
)

const { namespaceIdentifier, schemaSeqNo, tag } = parseIndyCredentialDefinitionId(
credentialDefinitionState.credentialDefinitionId
)
const unqualifiedCredentialDefinitionId = getUnqualifiedCredentialDefinitionId(
namespaceIdentifier,
schemaSeqNo,
tag
)

const parsedSchema = parseIndySchemaId(schemaState.schemaId)
const unqualifiedSchemaId = getUnqualifiedSchemaId(
parsedSchema.namespaceIdentifier,
parsedSchema.schemaName,
parsedSchema.schemaVersion
)

// Create offer with unqualified credential definition id
const credentialOffer = await anonCredsIssuerService.createCredentialOffer(agentContext, {
credentialDefinitionId: unqualifiedCredentialDefinitionId,
})

const linkSecret = await anonCredsHolderService.createLinkSecret(agentContext, { linkSecretId: 'someLinkSecretId' })
expect(linkSecret.linkSecretId).toBe('someLinkSecretId')

await agentContext.dependencyManager.resolve(AnonCredsLinkSecretRepository).save(
agentContext,
new AnonCredsLinkSecretRecord({
value: linkSecret.linkSecretValue,
linkSecretId: linkSecret.linkSecretId,
})
)

const unqualifiedCredentialDefinition = await registry.getCredentialDefinition(
agentContext,
credentialOffer.cred_def_id
)
const unqualifiedSchema = await registry.getSchema(agentContext, credentialOffer.schema_id)
if (!unqualifiedCredentialDefinition.credentialDefinition || !unqualifiedSchema.schema) {
throw new Error('unable to fetch credential definition or schema')
}

const credentialRequestState = await anonCredsHolderService.createCredentialRequest(agentContext, {
credentialDefinition: unqualifiedCredentialDefinition.credentialDefinition,
credentialOffer,
linkSecretId: linkSecret.linkSecretId,
})

const { credential } = await anonCredsIssuerService.createCredential(agentContext, {
credentialOffer,
credentialRequest: credentialRequestState.credentialRequest,
credentialValues: {
name: { raw: 'John', encoded: encodeCredentialValue('John') },
age: { raw: '25', encoded: encodeCredentialValue('25') },
},
})

const credentialId = 'holderCredentialId2'

const storedId = await anonCredsHolderService.storeCredential(agentContext, {
credential,
credentialDefinition: unqualifiedCredentialDefinition.credentialDefinition,
schema: unqualifiedSchema.schema,
credentialDefinitionId: credentialOffer.cred_def_id,
credentialRequestMetadata: credentialRequestState.credentialRequestMetadata,
credentialId,
})

expect(storedId).toEqual(credentialId)

const credentialInfo = await anonCredsHolderService.getCredential(agentContext, {
credentialId,
})

expect(credentialInfo).toEqual({
credentialId,
attributes: {
age: '25',
name: 'John',
},
schemaId: unqualifiedSchemaId,
credentialDefinitionId: unqualifiedCredentialDefinitionId,
revocationRegistryId: null,
credentialRevocationId: undefined, // Should it be null in this case?
methodName: 'inMemory',
})

const proofRequest: AnonCredsProofRequest = {
nonce: anoncreds.generateNonce(),
name: 'pres_req_1',
version: '0.1',
requested_attributes: {
attr1_referent: {
name: 'name',
},
attr2_referent: {
name: 'age',
},
},
requested_predicates: {
predicate1_referent: { name: 'age', p_type: '>=' as const, p_value: 18 },
},
}

const proof = await anonCredsHolderService.createProof(agentContext, {
credentialDefinitions: { [unqualifiedCredentialDefinitionId]: credentialDefinition },
proofRequest,
selectedCredentials: {
attributes: {
attr1_referent: { credentialId, credentialInfo, revealed: true },
attr2_referent: { credentialId, credentialInfo, revealed: true },
},
predicates: {
predicate1_referent: { credentialId, credentialInfo },
},
selfAttestedAttributes: {},
},
schemas: { [unqualifiedSchemaId]: schema },
revocationRegistries: {},
})

const verifiedProof = await anonCredsVerifierService.verifyProof(agentContext, {
credentialDefinitions: { [unqualifiedCredentialDefinitionId]: credentialDefinition },
proof,
proofRequest,
schemas: { [unqualifiedSchemaId]: schema },
revocationRegistries: {},
})

expect(verifiedProof).toBeTruthy()
})
})
2 changes: 1 addition & 1 deletion packages/anoncreds-rs/tests/anoncreds-flow.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ import { AnonCredsRsHolderService } from '../src/services/AnonCredsRsHolderServi
import { AnonCredsRsIssuerService } from '../src/services/AnonCredsRsIssuerService'
import { AnonCredsRsVerifierService } from '../src/services/AnonCredsRsVerifierService'

const registry = new InMemoryAnonCredsRegistry({ useLegacyIdentifiers: false })
const registry = new InMemoryAnonCredsRegistry()
const anonCredsModuleConfig = new AnonCredsModuleConfig({
registries: [registry],
})
Expand Down
Loading

0 comments on commit de90caf

Please sign in to comment.