Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Additional integration tests for revocation scenarios #2055

Merged
merged 4 commits into from
Dec 22, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions demo/bdd_support/agent_backchannel_client.py
Original file line number Diff line number Diff line change
@@ -130,10 +130,12 @@ def aries_container_receive_credential(
def aries_container_request_proof(
the_container: AgentContainer,
proof_request: dict,
explicit_revoc_required: bool = False,
):
return run_coroutine(
the_container.request_proof,
proof_request,
explicit_revoc_required=explicit_revoc_required,
)


46 changes: 44 additions & 2 deletions demo/features/0454-present-proof.feature
Original file line number Diff line number Diff line change
@@ -98,7 +98,7 @@ Feature: RFC 0454 Aries agent present proof
| Acme | --revocation --public-did --multitenant | --multitenant | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |

@T003-RFC0454.1 @GHA
Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't
Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, neither credential is revoked
Given we have "4" agents
| name | role | capabilities |
| Acme1 | issuer1 | <Acme1_capabilities> |
@@ -117,8 +117,28 @@ Feature: RFC 0454 Aries agent present proof
| issuer1 | Acme1_capabilities | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1 | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request |
| Acme1 | --revocation --public-did | Acme2 | --public-did | | driverslicense_v2 | Data_DL_MaxValues | health_id | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id |

@T003-RFC0454.1f
Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, neither credential is revoked, fails due to requesting request-level revocation
Given we have "4" agents
| name | role | capabilities |
| Acme1 | issuer1 | <Acme1_capabilities> |
| Acme2 | issuer2 | <Acme2_capabilities> |
| Faber | verifier | <Acme1_capabilities> |
| Bob | prover | <Bob_cap> |
And "<issuer1>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name_1> credential <Credential_data_1> from "<issuer1>"
And "<issuer2>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name_2> credential <Credential_data_2> from "<issuer2>"
And "Faber" and "Bob" have an existing connection
When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
Then "Faber" has the proof verification fail

Examples:
| issuer1 | Acme1_capabilities | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1 | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request |
| Acme1 | --revocation --public-did | Acme2 | --public-did | | driverslicense_v2 | Data_DL_MaxValues | health_id | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_r2 |

@T003-RFC0454.2 @GHA
Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked
Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked, and the proof checks for revocation and fails
Given we have "4" agents
| name | role | capabilities |
| Acme1 | issuer1 | <Acme1_capabilities> |
@@ -137,3 +157,25 @@ Feature: RFC 0454 Aries agent present proof
Examples:
| issuer1 | Acme1_capabilities | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1 | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request |
| Acme1 | --revocation --public-did | Acme2 | --public-did | | driverslicense_v2 | Data_DL_MaxValues | health_id | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id |
| Acme1 | --revocation --public-did | Acme2 | --public-did | | driverslicense_v2 | Data_DL_MaxValues | health_id | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_r2 |

@T003-RFC0454.3 @GHA
Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked, and the proof doesn't check for revocation and passes
Given we have "4" agents
| name | role | capabilities |
| Acme1 | issuer1 | <Acme1_capabilities> |
| Acme2 | issuer2 | <Acme2_capabilities> |
| Faber | verifier | <Acme1_capabilities> |
| Bob | prover | <Bob_cap> |
And "<issuer1>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name_1> credential <Credential_data_1> from "<issuer1>"
And "<issuer1>" revokes the credential
And "<issuer2>" and "Bob" have an existing connection
And "Bob" has an issued <Schema_name_2> credential <Credential_data_2> from "<issuer2>"
And "Faber" and "Bob" have an existing connection
When "Faber" sends a request with explicit revocation status for proof presentation <Proof_request> to "Bob"
Then "Faber" has the proof verified

Examples:
| issuer1 | Acme1_capabilities | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1 | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request |
| Acme1 | --revocation --public-did | Acme2 | --public-did | | driverslicense_v2 | Data_DL_MaxValues | health_id | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_no_revoc |
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"presentation": {
"comment": "This is a comment for the send presentation.",
"requested_attributes": {
"address_attrs": {
"cred_type_name": "Schema_DriversLicense_v2",
"revealed": true,
"cred_id": "replace_me"
},
"health_attrs": {
"cred_type_name": "Schema_Health_ID",
"revealed": true,
"cred_id": "replace_me"
}
},
"requested_predicates": {
"age": {
"cred_type_name": "Schema_DriversLicense_v2",
"cred_id": "replace me"
}
},
"self_attested_attributes": {}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"presentation": {
"comment": "This is a comment for the send presentation.",
"requested_attributes": {
"address_attrs": {
"cred_type_name": "Schema_DriversLicense_v2",
"revealed": true,
"cred_id": "replace_me"
},
"health_attrs": {
"cred_type_name": "Schema_Health_ID",
"revealed": true,
"cred_id": "replace_me"
}
},
"requested_predicates": {
"age": {
"cred_type_name": "Schema_DriversLicense_v2",
"cred_id": "replace me"
}
},
"self_attested_attributes": {}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"presentation_proposal": {
"requested_attributes": {
"address_attrs": {
"name": "address",
"restrictions": [
{
"schema_name": "Schema_DriversLicense_v2",
"schema_version": "1.0.1"
}
]
},
"health_attrs": {
"name": "health_id_num",
"restrictions": [
{
"schema_name": "Schema_Health_ID",
"schema_version": "1.0.0"
}
]
}
},
"requested_predicates": {
"age": {
"name": "age",
"p_type": ">",
"p_value": 19,
"restrictions": [
{
"schema_name": "Schema_DriversLicense_v2",
"schema_version": "1.0.1"
}
]
}
},
"version": "0.1.0"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
"presentation_proposal": {
"requested_attributes": {
"address_attrs": {
"name": "address",
"restrictions": [
{
"schema_name": "Schema_DriversLicense_v2",
"schema_version": "1.0.1"
}
]
},
"health_attrs": {
"name": "health_id_num",
"restrictions": [
{
"schema_name": "Schema_Health_ID",
"schema_version": "1.0.0"
}
]
}
},
"requested_predicates": {
"age": {
"name": "age",
"p_type": ">",
"p_value": 19,
"restrictions": [
{
"schema_name": "Schema_DriversLicense_v2",
"schema_version": "1.0.1"
}
]
}
},
"version": "0.1.0"
}
}
16 changes: 16 additions & 0 deletions demo/features/steps/0454-present-proof.py
Original file line number Diff line number Diff line change
@@ -43,6 +43,22 @@ def step_impl(context, verifier, request_for_proof, prover):
context.proof_exchange = proof_exchange


@when(
'"{verifier}" sends a request with explicit revocation status for proof presentation {request_for_proof} to "{prover}"'
)
def step_impl(context, verifier, request_for_proof, prover):
agent = context.active_agents[verifier]

proof_request_info = read_proof_req_data(request_for_proof)

proof_exchange = aries_container_request_proof(
agent["agent"], proof_request_info, explicit_revoc_required=True
)

context.proof_request = proof_request_info
context.proof_exchange = proof_exchange


@then('"{verifier}" has the proof verified')
def step_impl(context, verifier):
agent = context.active_agents[verifier]
6 changes: 4 additions & 2 deletions demo/runners/agent_container.py
Original file line number Diff line number Diff line change
@@ -928,7 +928,7 @@ async def receive_credential(

return matched

async def request_proof(self, proof_request):
async def request_proof(self, proof_request, explicit_revoc_required: bool = False):
log_status("#20 Request proof of degree from alice")

if self.cred_type == CRED_FORMAT_INDY:
@@ -963,7 +963,7 @@ async def request_proof(self, proof_request):
] = non_revoked
non_revoked_supplied = True

if not non_revoked_supplied:
if not non_revoked_supplied and not explicit_revoc_required:
# else just make it global
indy_proof_request["non_revoked"] = non_revoked

@@ -1010,6 +1010,8 @@ async def verify_proof(self, proof_request):
print("No proof received")
return None

# log_status(f">>> last proof received: {self.agent.last_proof_received}")

if self.cred_type == CRED_FORMAT_INDY:
# return verified status
return self.agent.last_proof_received["verified"]