Merge pull request openwallet-foundation#2651 from ianco/anoncreds-rs…

…-migrate-4 Update integration tests for anoncreds-rs
shaangill025 · Dec 6, 2023 · 11914ec · 11914ec
2 parents cd4f1dc + 75b8bbd
commit 11914ec
Show file tree

Hide file tree

Showing 11 changed files with 506 additions and 24 deletions.
diff --git a/AnonCredsWalletType.md b/AnonCredsWalletType.md
@@ -80,14 +80,13 @@ The Tails file changes are minimal -- nothing about the file itself changed.  Wh
 
 ## Outstanding work
 
+* revocation notifications (not sure if they're included in `anoncreds-rs` updates, haven't tested them ...)
+* revocation support - complete the revocation implementation (support for unhappy path scenarios)
+* testing - various scenarios like mediation, multitenancy etc.
+
 - unit tests (in the new anoncreds package) (see https://github.com/hyperledger/aries-cloudagent-python/pull/2596/commits/229ffbba209aff0ea7def5bad6556d93057f3c2a)
 - unit tests (review and possibly update unit tests for the credential and presentation integration)
-- revocation support - migrate code from `anoncreds-rs` branch (in progress)
-- revocation notifications (not sure if they're included in `anoncreds-rs` updates, haven'e tested them ...)
-- revocation support - complete the revocation implementation (support for unhappy path scenarios)
 - endorsement (not implemented with new anoncreds code)
-- endpoints - don't load the schema/cred-def endpoints when wallet type is anoncreds (will require some BDD updates)
-- testing - various scenarios like mediation, multitenancy etc.
 - wallet upgrade (askar to askar-anoncreds)
 - update V1.0 versions of the Credential and Presentation endpoints to use anoncreds
 - any other anoncreds issues - https://github.com/hyperledger/aries-cloudagent-python/issues?q=is%3Aopen+is%3Aissue+label%3AAnonCreds

diff --git a/aries_cloudagent/config/argparse.py b/aries_cloudagent/config/argparse.py
@@ -1684,8 +1684,7 @@ def get_settings(self, args: Namespace) -> dict:
         if args.recreate_wallet:
             settings["wallet.recreate"] = True
         # check required settings for 'indy' wallets
-        # TODO should this also include "askar*" wallet types?
-        if settings["wallet.type"] == "indy":
+        if settings["wallet.type"] in ["indy", "askar", "askar-anoncreds"]:
             # requires name, key
             if not args.wallet_name or not args.wallet_key:
                 raise ArgsParseError(

diff --git a/aries_cloudagent/config/default_context.py b/aries_cloudagent/config/default_context.py
@@ -138,10 +138,6 @@ async def load_plugins(self, context: InjectionContext):
         # Currently providing admin routes only
         plugin_registry.register_plugin("aries_cloudagent.holder")
         plugin_registry.register_plugin("aries_cloudagent.ledger")
-        plugin_registry.register_plugin(
-            "aries_cloudagent.messaging.credential_definitions"
-        )
-        plugin_registry.register_plugin("aries_cloudagent.messaging.schemas")
         plugin_registry.register_plugin("aries_cloudagent.messaging.jsonld")
         plugin_registry.register_plugin("aries_cloudagent.resolver")
         plugin_registry.register_plugin("aries_cloudagent.settings")
@@ -159,6 +155,10 @@ async def load_plugins(self, context: InjectionContext):
             )
             plugin_registry.register_plugin("aries_cloudagent.revocation_anoncreds")
         else:
+            plugin_registry.register_plugin(
+                "aries_cloudagent.messaging.credential_definitions"
+            )
+            plugin_registry.register_plugin("aries_cloudagent.messaging.schemas")
             plugin_registry.register_plugin("aries_cloudagent.revocation")
 
         if context.settings.get("multitenant.admin_enabled"):

diff --git a/demo/bdd_support/agent_backchannel_client.py b/demo/bdd_support/agent_backchannel_client.py
@@ -103,6 +103,43 @@ def aries_container_create_schema_cred_def(
     )
 
 
+def aries_container_fetch_schemas(
+    the_container: AgentContainer,
+):
+    return run_coroutine(
+        the_container.fetch_schemas,
+    )
+
+
+def aries_container_fetch_cred_defs(
+    the_container: AgentContainer,
+):
+    return run_coroutine(
+        the_container.fetch_cred_defs,
+    )
+
+
+def aries_container_fetch_cred_def(
+    the_container: AgentContainer,
+    cred_def_id: str,
+):
+    return run_coroutine(
+        the_container.fetch_cred_def,
+        cred_def_id,
+    )
+
+
+def aries_container_check_exists_cred_def(
+    the_container: AgentContainer,
+    cred_def_id: str,
+):
+    cred_def = aries_container_fetch_cred_def(the_container, cred_def_id)
+    if cred_def:
+        return True
+    else:
+        return False
+
+
 def aries_container_issue_credential(
     the_container: AgentContainer,
     cred_def_id: str,

diff --git a/demo/features/revocation-api.feature b/demo/features/revocation-api.feature
@@ -0,0 +1,136 @@
+Feature: ACA-Py Revocation API 
+
+   @Revoc-api @GHA
+   Scenario Outline: Using revocation api, issue and revoke credentials
+      Given we have "3" agents
+         | name  | role     | capabilities        |
+         | Acme  | issuer   | <Acme_capabilities> |
+         | Faber | verifier | <Acme_capabilities> |
+         | Bob   | prover   | <Bob_capabilities>  |
+      And "<issuer>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
+      And "<issuer>" revokes the credential
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verification fail
+
+      Examples:
+         | issuer | Acme_capabilities                          | Bob_capabilities | Schema_name       | Credential_data   | Proof_request     |
+         #| Acme   | --revocation --public-did                  |                  | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+         | Acme   | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+
+   @Revoc-api @GHA
+   Scenario Outline: Using revocation api, issue, revoke credentials and publish
+      Given we have "3" agents
+         | name  | role     | capabilities        |
+         | Acme  | issuer   | <Acme_capabilities> |
+         | Faber | verifier | <Acme_capabilities> |
+         | Bob   | prover   | <Bob_capabilities>  |
+      And "<issuer>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
+      And "<issuer>" has written the credential definition for <Schema_name> to the ledger
+      And "<issuer>" has written the revocation registry definition to the ledger
+      And "<issuer>" has written the revocation registry entry transaction to the ledger
+      And "<issuer>" revokes the credential without publishing the entry
+      And "<issuer>" authors a revocation registry entry publishing transaction
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verification fail
+      Then "Bob" can verify the credential from "<issuer>" was revoked
+      Examples:
+         | issuer | Acme_capabilities                          | Bob_capabilities | Schema_name       | Credential_data   | Proof_request     |
+         #| Acme   | --revocation --public-did                  |                  | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+         | Acme   | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+
+   @Revoc-api.x @GHA-Anoncreds-break
+   Scenario Outline: Without endorser: issue, revoke credentials, manually create revocation registries
+      Given we have "3" agents
+         | name  | role     | capabilities        |
+         | Acme  | issuer   | <Acme_capabilities> |
+         | Faber | verifier | <Acme_capabilities> |
+         | Bob   | prover   | <Bob_capabilities>  |
+      And "<issuer>" and "Bob" have an existing connection
+      And Without endorser, "<issuer>" authors a schema transaction with <Schema_name>
+      And "<issuer>" has written the schema <Schema_name> to the ledger
+      And Without endorser, "<issuer>" authors a credential definition transaction with <Schema_name>'
+      And "<issuer>" has written the credential definition for <Schema_name> to the ledger
+      And Without endorser, "<issuer>" authors a revocation registry definition transaction for the credential definition matching <Schema_name>
+      And Without endorser, "<issuer>" has written the revocation registry definition to the ledger
+      And "<issuer>" has activated the tails file, and uploaded it to the tails server
+      And Without endorser, "<issuer>" authors a revocation registry entry transaction for the credential definition matching <Schema_name>
+      And "<issuer>" has written the revocation registry entry transaction to the ledger
+      And "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And "<issuer>" revokes the credential without publishing the entry
+      And "<issuer>" authors a revocation registry entry publishing transaction
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verification fail
+      Then "Bob" can verify the credential from "<issuer>" was revoked
+      Examples:
+         | issuer | Acme_capabilities                          | Bob_capabilities | Schema_name       | Credential_data   | Proof_request     |
+         #| Acme   | --revocation --public-did --did-exchange   |                  | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+         | Acme   | --revocation --public-did --did-exchange --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+
+   @Revoc-api @GHA
+   Scenario Outline: Using revocation api, rotate revocation 
+      Given we have "3" agents
+         | name  | role     | capabilities        |
+         | Acme  | issuer   | <Acme_capabilities> |
+         | Faber | verifier | <Acme_capabilities> |
+         | Bob   | prover   | <Bob_capabilities>  |
+      And "<issuer>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
+      And "<issuer>" lists revocation registries 1
+      And "<issuer>" rotates revocation registries
+
+      Examples:
+         | issuer | Acme_capabilities                          | Bob_capabilities | Schema_name       | Credential_data   | Proof_request     |
+         #| Acme   | --revocation --public-did                  |                  | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+         | Acme   | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+
+   @Revoc-api @GHA
+   Scenario Outline: Using revocation api, fill registry (need to run with "TAILS_FILE_COUNT": "4" env var)
+      Given we have "2" agents
+         | name  | role     | capabilities        |
+         | Acme  | issuer   | <Acme_capabilities> |
+         | Bob   | prover   | <Bob_capabilities>  |
+      And "<issuer>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name> credential <Credential_data> from "<issuer>"
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 1
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 2
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 3
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 4
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 5
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 6
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds
+      And "<issuer>" lists revocation registries 7
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And "<issuer>" lists revocation registries 8
+      When "<issuer>" offers a credential with data <Credential_data>
+      Then "Bob" has the credential issued
+      And wait 5 seconds      
+      
+      Examples:
+         | issuer | Acme_capabilities                          | Bob_capabilities | Schema_name       | Credential_data   | Proof_request     |
+         #| Acme   | --revocation --public-did                  |                  | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
+         | Acme   | --revocation --public-did --wallet-type askar-anoncreds | --wallet-type askar-anoncreds | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
diff --git a/demo/features/steps/0453-issue-credential.py b/demo/features/steps/0453-issue-credential.py
@@ -5,6 +5,7 @@
 
 from bdd_support.agent_backchannel_client import (
     aries_container_create_schema_cred_def,
+    aries_container_check_exists_cred_def,
     aries_container_issue_credential,
     aries_container_receive_credential,
     read_schema_data,
@@ -46,9 +47,7 @@ def step_impl(context, issuer, schema_name):
     # confirm the cred def was actually created
     # TODO for anoncreds, this should call the anoncreds/cred-def endpoint
     async_sleep(2.0)
-    cred_def_saved = agent_container_GET(
-        agent["agent"], "/credential-definitions/" + cred_def_id
-    )
+    cred_def_saved = aries_container_check_exists_cred_def(agent["agent"], cred_def_id)
     assert cred_def_saved
 
     context.schema_name = schema_name

diff --git a/demo/features/steps/0454-present-proof.py b/demo/features/steps/0454-present-proof.py
@@ -36,6 +36,20 @@ def step_impl(context, verifier, request_for_proof, prover):
 
     proof_request_info = read_proof_req_data(request_for_proof)
 
+    # replace any restrictions that need the cred def id...
+    cred_def_id = context.cred_def_id
+    cred_def_restrictions = [{"cred_def_id": cred_def_id}]
+
+    if "cred_def_restriction" in proof_request_info["requested_attributes"]:
+        proof_request_info["requested_attributes"]["cred_def_restriction"][
+            "restrictions"
+        ] = cred_def_restrictions
+
+    if "cred_def_predicate" in proof_request_info["requested_predicates"]:
+        proof_request_info["requested_predicates"]["cred_def_predicate"][
+            "restrictions"
+        ] = cred_def_restrictions
+
     proof_exchange = aries_container_request_proof(agent["agent"], proof_request_info)
 
     context.proof_request = proof_request_info