Skip to content

Commit

Permalink
Merge pull request openwallet-foundation#2651 from ianco/anoncreds-rs…
Browse files Browse the repository at this point in the history
…-migrate-4

Update integration tests for anoncreds-rs
  • Loading branch information
swcurran authored Dec 6, 2023
2 parents cd4f1dc + 75b8bbd commit 11914ec
Show file tree
Hide file tree
Showing 11 changed files with 506 additions and 24 deletions.
9 changes: 4 additions & 5 deletions AnonCredsWalletType.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,14 +80,13 @@ The Tails file changes are minimal -- nothing about the file itself changed. Wh

## Outstanding work

* revocation notifications (not sure if they're included in `anoncreds-rs` updates, haven't tested them ...)
* revocation support - complete the revocation implementation (support for unhappy path scenarios)
* testing - various scenarios like mediation, multitenancy etc.

- unit tests (in the new anoncreds package) (see https://github.com/hyperledger/aries-cloudagent-python/pull/2596/commits/229ffbba209aff0ea7def5bad6556d93057f3c2a)
- unit tests (review and possibly update unit tests for the credential and presentation integration)
- revocation support - migrate code from `anoncreds-rs` branch (in progress)
- revocation notifications (not sure if they're included in `anoncreds-rs` updates, haven'e tested them ...)
- revocation support - complete the revocation implementation (support for unhappy path scenarios)
- endorsement (not implemented with new anoncreds code)
- endpoints - don't load the schema/cred-def endpoints when wallet type is anoncreds (will require some BDD updates)
- testing - various scenarios like mediation, multitenancy etc.
- wallet upgrade (askar to askar-anoncreds)
- update V1.0 versions of the Credential and Presentation endpoints to use anoncreds
- any other anoncreds issues - https://github.com/hyperledger/aries-cloudagent-python/issues?q=is%3Aopen+is%3Aissue+label%3AAnonCreds
Expand Down
3 changes: 1 addition & 2 deletions aries_cloudagent/config/argparse.py
Original file line number Diff line number Diff line change
Expand Up @@ -1684,8 +1684,7 @@ def get_settings(self, args: Namespace) -> dict:
if args.recreate_wallet:
settings["wallet.recreate"] = True
# check required settings for 'indy' wallets
# TODO should this also include "askar*" wallet types?
if settings["wallet.type"] == "indy":
if settings["wallet.type"] in ["indy", "askar", "askar-anoncreds"]:
# requires name, key
if not args.wallet_name or not args.wallet_key:
raise ArgsParseError(
Expand Down
8 changes: 4 additions & 4 deletions aries_cloudagent/config/default_context.py
Original file line number Diff line number Diff line change
Expand Up @@ -138,10 +138,6 @@ async def load_plugins(self, context: InjectionContext):
# Currently providing admin routes only
plugin_registry.register_plugin("aries_cloudagent.holder")
plugin_registry.register_plugin("aries_cloudagent.ledger")
plugin_registry.register_plugin(
"aries_cloudagent.messaging.credential_definitions"
)
plugin_registry.register_plugin("aries_cloudagent.messaging.schemas")
plugin_registry.register_plugin("aries_cloudagent.messaging.jsonld")
plugin_registry.register_plugin("aries_cloudagent.resolver")
plugin_registry.register_plugin("aries_cloudagent.settings")
Expand All @@ -159,6 +155,10 @@ async def load_plugins(self, context: InjectionContext):
)
plugin_registry.register_plugin("aries_cloudagent.revocation_anoncreds")
else:
plugin_registry.register_plugin(
"aries_cloudagent.messaging.credential_definitions"
)
plugin_registry.register_plugin("aries_cloudagent.messaging.schemas")
plugin_registry.register_plugin("aries_cloudagent.revocation")

if context.settings.get("multitenant.admin_enabled"):
Expand Down
37 changes: 37 additions & 0 deletions demo/bdd_support/agent_backchannel_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,43 @@ def aries_container_create_schema_cred_def(
)


def aries_container_fetch_schemas(
the_container: AgentContainer,
):
return run_coroutine(
the_container.fetch_schemas,
)


def aries_container_fetch_cred_defs(
the_container: AgentContainer,
):
return run_coroutine(
the_container.fetch_cred_defs,
)


def aries_container_fetch_cred_def(
the_container: AgentContainer,
cred_def_id: str,
):
return run_coroutine(
the_container.fetch_cred_def,
cred_def_id,
)


def aries_container_check_exists_cred_def(
the_container: AgentContainer,
cred_def_id: str,
):
cred_def = aries_container_fetch_cred_def(the_container, cred_def_id)
if cred_def:
return True
else:
return False


def aries_container_issue_credential(
the_container: AgentContainer,
cred_def_id: str,
Expand Down
136 changes: 136 additions & 0 deletions demo/features/revocation-api.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
Feature: ACA-Py Revocation API

@Revoc-api @GHA
Scenario Outline: Using revocation api, issue and revoke credentials
Given we have "3" agents
| name | role | capabilities |
| Acme | issuer | <Acme_capabilities> |
| Faber | verifier | <Acme_capabilities> |
| Bob | prover | <Bob_capabilities> |
And "<issuer>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
And "<issuer>" revokes the credential
And "Faber" and "Bob" have an existing connection
When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
Then "Faber" has the proof verification fail

Examples:
| issuer | Acme_capabilities | Bob_capabilities | Schema_name | Credential_data | Proof_request |
#| Acme | --revocation --public-did | | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
| Acme | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |

@Revoc-api @GHA
Scenario Outline: Using revocation api, issue, revoke credentials and publish
Given we have "3" agents
| name | role | capabilities |
| Acme | issuer | <Acme_capabilities> |
| Faber | verifier | <Acme_capabilities> |
| Bob | prover | <Bob_capabilities> |
And "<issuer>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
And "<issuer>" has written the credential definition for <Schema_name> to the ledger
And "<issuer>" has written the revocation registry definition to the ledger
And "<issuer>" has written the revocation registry entry transaction to the ledger
And "<issuer>" revokes the credential without publishing the entry
And "<issuer>" authors a revocation registry entry publishing transaction
And "Faber" and "Bob" have an existing connection
When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
Then "Faber" has the proof verification fail
Then "Bob" can verify the credential from "<issuer>" was revoked
Examples:
| issuer | Acme_capabilities | Bob_capabilities | Schema_name | Credential_data | Proof_request |
#| Acme | --revocation --public-did | | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
| Acme | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |

@Revoc-api.x @GHA-Anoncreds-break
Scenario Outline: Without endorser: issue, revoke credentials, manually create revocation registries
Given we have "3" agents
| name | role | capabilities |
| Acme | issuer | <Acme_capabilities> |
| Faber | verifier | <Acme_capabilities> |
| Bob | prover | <Bob_capabilities> |
And "<issuer>" and "Bob" have an existing connection
And Without endorser, "<issuer>" authors a schema transaction with <Schema_name>
And "<issuer>" has written the schema <Schema_name> to the ledger
And Without endorser, "<issuer>" authors a credential definition transaction with <Schema_name>'
And "<issuer>" has written the credential definition for <Schema_name> to the ledger
And Without endorser, "<issuer>" authors a revocation registry definition transaction for the credential definition matching <Schema_name>
And Without endorser, "<issuer>" has written the revocation registry definition to the ledger
And "<issuer>" has activated the tails file, and uploaded it to the tails server
And Without endorser, "<issuer>" authors a revocation registry entry transaction for the credential definition matching <Schema_name>
And "<issuer>" has written the revocation registry entry transaction to the ledger
And "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And "<issuer>" revokes the credential without publishing the entry
And "<issuer>" authors a revocation registry entry publishing transaction
And "Faber" and "Bob" have an existing connection
When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
Then "Faber" has the proof verification fail
Then "Bob" can verify the credential from "<issuer>" was revoked
Examples:
| issuer | Acme_capabilities | Bob_capabilities | Schema_name | Credential_data | Proof_request |
#| Acme | --revocation --public-did --did-exchange | | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
| Acme | --revocation --public-did --did-exchange --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
@Revoc-api @GHA
Scenario Outline: Using revocation api, rotate revocation
Given we have "3" agents
| name | role | capabilities |
| Acme | issuer | <Acme_capabilities> |
| Faber | verifier | <Acme_capabilities> |
| Bob | prover | <Bob_capabilities> |
And "<issuer>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
And "<issuer>" lists revocation registries 1
And "<issuer>" rotates revocation registries
Examples:
| issuer | Acme_capabilities | Bob_capabilities | Schema_name | Credential_data | Proof_request |
#| Acme | --revocation --public-did | | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
| Acme | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
@Revoc-api @GHA
Scenario Outline: Using revocation api, fill registry (need to run with "TAILS_FILE_COUNT": "4" env var)
Given we have "2" agents
| name | role | capabilities |
| Acme | issuer | <Acme_capabilities> |
| Bob | prover | <Bob_capabilities> |
And "<issuer>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
And wait 5 seconds
And "<issuer>" lists revocation registries 1
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
And "<issuer>" lists revocation registries 2
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
And "<issuer>" lists revocation registries 3
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
And "<issuer>" lists revocation registries 4
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
And "<issuer>" lists revocation registries 5
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
And "<issuer>" lists revocation registries 6
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
And "<issuer>" lists revocation registries 7
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And "<issuer>" lists revocation registries 8
When "<issuer>" offers a credential with data <Credential_data>
Then "Bob" has the credential issued
And wait 5 seconds
Examples:
| issuer | Acme_capabilities | Bob_capabilities | Schema_name | Credential_data | Proof_request |
#| Acme | --revocation --public-did | | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
| Acme | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
5 changes: 2 additions & 3 deletions demo/features/steps/0453-issue-credential.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

from bdd_support.agent_backchannel_client import (
aries_container_create_schema_cred_def,
aries_container_check_exists_cred_def,
aries_container_issue_credential,
aries_container_receive_credential,
read_schema_data,
Expand Down Expand Up @@ -46,9 +47,7 @@ def step_impl(context, issuer, schema_name):
# confirm the cred def was actually created
# TODO for anoncreds, this should call the anoncreds/cred-def endpoint
async_sleep(2.0)
cred_def_saved = agent_container_GET(
agent["agent"], "/credential-definitions/" + cred_def_id
)
cred_def_saved = aries_container_check_exists_cred_def(agent["agent"], cred_def_id)
assert cred_def_saved

context.schema_name = schema_name
Expand Down
14 changes: 14 additions & 0 deletions demo/features/steps/0454-present-proof.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,20 @@ def step_impl(context, verifier, request_for_proof, prover):

proof_request_info = read_proof_req_data(request_for_proof)

# replace any restrictions that need the cred def id...
cred_def_id = context.cred_def_id
cred_def_restrictions = [{"cred_def_id": cred_def_id}]

if "cred_def_restriction" in proof_request_info["requested_attributes"]:
proof_request_info["requested_attributes"]["cred_def_restriction"][
"restrictions"
] = cred_def_restrictions

if "cred_def_predicate" in proof_request_info["requested_predicates"]:
proof_request_info["requested_predicates"]["cred_def_predicate"][
"restrictions"
] = cred_def_restrictions

proof_exchange = aries_container_request_proof(agent["agent"], proof_request_info)

context.proof_request = proof_request_info
Expand Down
Loading

0 comments on commit 11914ec

Please sign in to comment.