rfc3339, json, Web5Error, and VerifiableCredential #283
Conversation
KendallWeihe
requested review from
nitro-neal,
kirahsapong,
shamilovtim,
diehuxx,
decentralgabe,
frankhinek,
leordev and
ALRubinger
as code owners
| @@ -6,7 +6,7 @@ setup: | |||
| source bin/activate-hermit | |||
| git submodule update --init --recursive | |||
| if [[ "$(cargo 2>&1)" == *"rustup could not choose a version of cargo to run"* ]]; then | |||
| rustup default 1.78.0 | |||
| rustup default 1.80.0 | |||
There was a problem hiding this comment.
we get LazyLock included now! https://blog.rust-lang.org/2024/07/25/Rust-1.80.0.html#lazycell-and-lazylock
|
Tests failing, but will fix here shortly |
| val tests: MutableList<String> | ||
|
|
||
| init { | ||
| val path = Paths.get("../../tests/unit_test_cases/$name.json") |
There was a problem hiding this comment.
This almost needs to be copied in the binary or at least in the bound directory (kind of like schemas) because if people pull it in maven this would not work..
However, people who pull in maven would not execute theses tests so it could be fine? Just some food for thought
There was a problem hiding this comment.
fair point, but should be fine for now. as I understand it, our maven artifact does not include tests
KendallWeihe
changed the title
| @Test | ||
| fun test_issuer_string_must_not_be_empty() { | ||
| this.testSuite.include() | ||
| val emptyIssuer = Issuer.StringIssuer("") | ||
| try { | ||
| VerifiableCredential.create(emptyIssuer, CREDENTIAL_SUBJECT, VerifiableCredentialCreateOptions()) | ||
| fail("Expected an exception to be thrown") | ||
| } catch (e: Web5Exception) { | ||
| when (e) { | ||
| is Web5Exception.Exception -> { | ||
| assertEquals(e.msg, "parameter error issuer id must not be empty") | ||
| } | ||
| else -> { | ||
| fail("Caught an unexpected exception type") | ||
| } | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
| @Test | |
| fun test_issuer_string_must_not_be_empty() { | |
| this.testSuite.include() | |
| val emptyIssuer = Issuer.StringIssuer("") | |
| try { | |
| VerifiableCredential.create(emptyIssuer, CREDENTIAL_SUBJECT, VerifiableCredentialCreateOptions()) | |
| fail("Expected an exception to be thrown") | |
| } catch (e: Web5Exception) { | |
| when (e) { | |
| is Web5Exception.Exception -> { | |
| assertEquals(e.msg, "parameter error issuer id must not be empty") | |
| } | |
| else -> { | |
| fail("Caught an unexpected exception type") | |
| } | |
| } | |
| } | |
| } | |
| @Test | |
| fun testIssuerStringMustNotBeEmpty() { | |
| testSuite.include() | |
| val emptyIssuer = Issuer.StringIssuer("") | |
| val exception = assertFailsWith<Web5Exception.Exception> { | |
| VerifiableCredential.create(emptyIssuer, CREDENTIAL_SUBJECT, VerifiableCredentialCreateOptions()) | |
| } | |
| assertEquals("parameter error issuer id must not be empty", exception.msg) | |
| } |
There was a problem hiding this comment.
very nice! done on all of 'em!
| this.testSuite.include() | ||
| val issuer = Issuer.ObjectIssuer("", "Example Name") | ||
|
|
||
| try { |
There was a problem hiding this comment.
if assertFailsWith works as the other one can update here too
There was a problem hiding this comment.
yup done, it's assertThrows btw
| val vc = VerifiableCredential.create(ISSUER, CREDENTIAL_SUBJECT, VerifiableCredentialCreateOptions()) | ||
|
|
||
| val now = Date() | ||
| val oneSecondAgo = Date(now.time - 1000) |
There was a problem hiding this comment.
maybe set to 1 year or something incase this github action nondeterministically lags at the wrong time or something lol
There was a problem hiding this comment.
meh, we'd just re-run the test
maybe I could make it 10 seconds tho, that seems reasonable to me... done!
| @@ -49,7 +49,7 @@ impl Commands { | |||
| Some(i) => i.to_string(), | |||
| None => match &portable_did { | |||
| Some(p) => p.did_uri.to_string(), | |||
| None => String::default(), | |||
| None => panic!("either --issuer or --portable-did must be supplied"), | |||
There was a problem hiding this comment.
did you mean to keep the panic in?
There was a problem hiding this comment.
yeah I think it's a slightly better error DX than what the call to ::create() will return which is just that the issuer string can't be non-empty
remember, this is in the CLI so panic is fine, preferred actually
| types | ||
| }; | ||
|
|
||
| let id = options |
There was a problem hiding this comment.
now we get into the philosophical discussion on "what it is to be a vc"
Should we let people put anything they want and create "invalid" vcs
Or should add stuff like this to a validate at the end and "dont let them create" whatever they want
There was a problem hiding this comment.
I definitely lean towards being more constrictive than not, but I think we've struck the right amount
the web5 spec recommends a format:
A URI representing a unique identifier for the credential. RECOMMENDED to be of form urn:uuid:3978344f-8596-4c3a-a978-8fcaba3903c5
so we generate in accordance with that format
I'd be down to do more validation, but idk what ruleset we could add here other than "non-empty". MUST NOT have more than one value is impossible to validate AFAIK. MUST be a URI could be validated, but that seems heavy handed.
it's great food for thought! I welcome any additional ideas!
| issuance_date, | ||
| expiration_date, | ||
| issuance_date: options.issuance_date.unwrap_or_else(SystemTime::now), | ||
| expiration_date: options.expiration_date, |
There was a problem hiding this comment.
should we let them create an "invalid" vc that is expired out of the gate.
I think what we have is fine actually, people using this should be aware of what they are doing,
and once they sign and verify then it will instantly be invalid so they can catch it there but yea things to think about
There was a problem hiding this comment.
yeah I thought about that but I lean towards enabling them to create an date which is already expired, may be useful is weird edge cases, and the spec doesn't specifically make an assertion except, to your point, vc-jwt verification
| } | ||
|
|
||
| pub fn sign(&self, bearer_did: &BearerDid) -> Result<String> { | ||
| pub fn sign(&self, bearer_did: &BearerDid) -> ResultOld<String> { |
There was a problem hiding this comment.
lol I want to streamline all error cases into the single Web5Error instead of the uber-fragmented and all-over-the-place error system we currently have
it's worth noting this is just a rename on the import
There was a problem hiding this comment.
added this #289
Same, I'm going to iterate through everything and do the same. Feel free to beat me to it @nitro-neal @diehuxx! |
KendallWeihe
force-pushed
the
kendall/vcs
branch
from
0a425f3
to
f83e121
Compare
json.rsmodulerfc3339.rsmoduleWeb5Errorin theerrors.rsmoduleVerifiableCredential::create()RustCoreErrortoWeb5Errror