Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connectionless Verification of revoked credential (as well as valid credential) not working as expected when specifying non_revoked interval in present proof request. #1806

Closed
itsdheerajbudhiraja opened this issue Jun 14, 2022 · 8 comments
Assignees

Comments

@itsdheerajbudhiraja
Copy link

After specifying non_revoked in present proof request:

Till aca-py release 0.7.3 - getting verified: true in response irrespective of credential is revoked or not.

With aca-py 0.7.4-rc* - getting verified: false irrespective of credential is revoked or not.

Sample present proof request:

{
	"name": "access",
	"names": null,
	"version": "1.0",
	"nonce": "674647785166691834257572",
	"requested_attributes": {
	  "e642366f-21c9-4163-aae8-3c37b5afd273": {
		"name": "Employee_Name",
		"restrictions": [
		  {
			"issuer_did": "Y9wFFsnqyVV4pvCyaFmASp"
		  }
		]
	  },
	  "c56954b6-3227-441d-a236-49dec8627583": {
		"name": "Employee_ID",
		"restrictions": [
		  {
			"issuer_did": "Y9wFFsnqyVV4pvCyaFmASp"
		  }
		]
	  }
	},
	"requested_predicates": {},
	"non_revoked": {
	  "from": 0,
	  "to": 1655204958
	}
  }
@itsdheerajbudhiraja itsdheerajbudhiraja changed the title Verification of revoked credential not working when specifying non_revoked interval at global level. Verification of revoked credential (as well as valid credential) not working as expected when specifying non_revoked interval in present proof request. Jun 14, 2022
@itsdheerajbudhiraja
Copy link
Author

while trying with 0.7.4-rc2, I was getting following error on agent while generating proof request:

UnboundLocalError: local variable 'transport_id' referenced before assignment
2022-06-14 10:23:27,536 aries_cloudagent.admin.server ERROR Handler error with exception: local variable 'transport_id' referenced before assignment
=================
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 159, in ready_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 196, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)

@itsdheerajbudhiraja itsdheerajbudhiraja changed the title Verification of revoked credential (as well as valid credential) not working as expected when specifying non_revoked interval in present proof request. Connectionless Verification of revoked credential (as well as valid credential) not working as expected when specifying non_revoked interval in present proof request. Jun 14, 2022
@swcurran swcurran added the 0.7.4 label Jun 14, 2022
@shaangill025 shaangill025 self-assigned this Jun 15, 2022
@shaangill025
Copy link
Contributor

@itsdheerajbudhiraja Proof verification is working, I tested [ACA-Py main - latest] for non_revoked in proof_request [present-proof v1 and v2, both revoked and non-revoked credential] using connectionless OOB exchange with Askar and Indy wallets. With 0.7.4-rc2 image there was a bug fixed with #1776 which might be causing the issue.

@itsdheerajbudhiraja

This comment was marked as resolved.

@itsdheerajbudhiraja

This comment was marked as resolved.

@itsdheerajbudhiraja
Copy link
Author

Problem came out to be in aries js framework - Mobile wallet was sending incorrect proof.

On degugging I figured out this error:

2022-06-17 05:54:45,457 aries_cloudagent.indy.sdk.verifier ERROR Presentation on nonce=331551437322774273490016 cannot be validated: Timestamp on sub-proof #0 is missing vs. requested attribute group 3c78eb4f-c2c7-482c-9557-947b758eb318

Seems holder wallet is sending incorrect proof - Some timestamp is missing.

Aca-py code is working fine.

@swcurran @shaangill025

@swcurran
Copy link
Contributor

Good stuff! Thanks for digging in and confirming.

@TimoGlastra
Copy link
Contributor

ACA-Py 0.7.3 (and before? Not sure what the affected versions are) contained a bug where it would mark a proof as verified if it didn't include a proof of non revocation even though the proof request requested a proof of non-revocation.

This has been fixed since and is therefore now breaking.

AFJ 0.1.0 doesn't have support for revocation yet, and that's why it is now failing with ACA-Py 0.7.4-RC. AFJ 0.2.0 will support revocation.

@swcurran
Copy link
Contributor

Thanks for the explanation @TimoGlastra --- makes sense.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants