Merge branch 'main' into feat-IDENT-3671-wallet-seesions-askar

openwallet-foundation · Nov 2, 2021 · e250c13 · e250c13
2 parents 1d05f73 + 0b308cb
commit e250c13
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 27 deletions.
diff --git a/aries_cloudagent/indy/credx/verifier.py b/aries_cloudagent/indy/credx/verifier.py
@@ -48,7 +48,7 @@ async def verify_presentation(
         """
 
         try:
-            self.non_revoc_intervals(pres_req, pres)
+            self.non_revoc_intervals(pres_req, pres, credential_definitions)
             await self.check_timestamps(self.ledger, pres_req, pres, rev_reg_defs)
             await self.pre_verify(pres_req, pres)
         except ValueError as err:

diff --git a/aries_cloudagent/indy/sdk/tests/test_verifier.py b/aries_cloudagent/indy/sdk/tests/test_verifier.py
@@ -322,20 +322,23 @@ async def test_verify_presentation(self, mock_verify):
         ) as mock_pre_verify, async_mock.patch.object(
             self.verifier, "non_revoc_intervals", async_mock.MagicMock()
         ) as mock_non_revox:
+            INDY_PROOF_REQ_X = deepcopy(INDY_PROOF_REQ_PRED_NAMES)
             verified = await self.verifier.verify_presentation(
-                INDY_PROOF_REQ_PRED_NAMES,
+                INDY_PROOF_REQ_X,
                 INDY_PROOF_PRED_NAMES,
                 "schemas",
-                "credential_definitions",
+                {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {"revocation": {}}}},
                 REV_REG_DEFS,
                 "rev_reg_entries",
             )
 
         mock_verify.assert_called_once_with(
-            json.dumps(INDY_PROOF_REQ_PRED_NAMES),
+            json.dumps(INDY_PROOF_REQ_X),
             json.dumps(INDY_PROOF_PRED_NAMES),
             json.dumps("schemas"),
-            json.dumps("credential_definitions"),
+            json.dumps(
+                {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {"revocation": {}}}}
+            ),
             json.dumps(REV_REG_DEFS),
             json.dumps("rev_reg_entries"),
         )
@@ -355,7 +358,7 @@ async def test_verify_presentation_x_indy(self, mock_verify):
                 INDY_PROOF_REQ_NAME,
                 INDY_PROOF_NAME,
                 "schemas",
-                "credential_definitions",
+                {"LjgpST2rjsoxYegQDRm7EL:3:CL:19:tag": {"value": {}}},
                 REV_REG_DEFS,
                 "rev_reg_entries",
             )
@@ -364,7 +367,7 @@ async def test_verify_presentation_x_indy(self, mock_verify):
             json.dumps(INDY_PROOF_REQ_NAME),
             json.dumps(INDY_PROOF_NAME),
             json.dumps("schemas"),
-            json.dumps("credential_definitions"),
+            json.dumps({"LjgpST2rjsoxYegQDRm7EL:3:CL:19:tag": {"value": {}}}),
             json.dumps(REV_REG_DEFS),
             json.dumps("rev_reg_entries"),
         )
@@ -378,7 +381,7 @@ async def test_check_encoding_attr(self, mock_verify):
             INDY_PROOF_REQ_NAME,
             INDY_PROOF_NAME,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:19:tag": {"value": {}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )
@@ -387,7 +390,7 @@ async def test_check_encoding_attr(self, mock_verify):
             json.dumps(INDY_PROOF_REQ_NAME),
             json.dumps(INDY_PROOF_NAME),
             json.dumps("schemas"),
-            json.dumps("credential_definitions"),
+            json.dumps({"LjgpST2rjsoxYegQDRm7EL:3:CL:19:tag": {"value": {}}}),
             json.dumps(REV_REG_DEFS),
             json.dumps("rev_reg_entries"),
         )
@@ -405,7 +408,7 @@ async def test_check_encoding_attr_tamper_raw(self, mock_verify):
             INDY_PROOF_REQ_NAME,
             INDY_PROOF_X,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:19:tag": {"value": {}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )
@@ -425,7 +428,7 @@ async def test_check_encoding_attr_tamper_encoded(self, mock_verify):
             INDY_PROOF_REQ_NAME,
             INDY_PROOF_X,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:19:tag": {"value": {}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )
@@ -437,20 +440,23 @@ async def test_check_encoding_attr_tamper_encoded(self, mock_verify):
     @async_mock.patch("indy.anoncreds.verifier_verify_proof")
     async def test_check_pred_names(self, mock_verify):
         mock_verify.return_value = True
+        INDY_PROOF_REQ_X = deepcopy(INDY_PROOF_REQ_PRED_NAMES)
         verified = await self.verifier.verify_presentation(
-            INDY_PROOF_REQ_PRED_NAMES,
+            INDY_PROOF_REQ_X,
             INDY_PROOF_PRED_NAMES,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {"revocation": {}}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )
 
         mock_verify.assert_called_once_with(
-            json.dumps(INDY_PROOF_REQ_PRED_NAMES),
+            json.dumps(INDY_PROOF_REQ_X),
             json.dumps(INDY_PROOF_PRED_NAMES),
             json.dumps("schemas"),
-            json.dumps("credential_definitions"),
+            json.dumps(
+                {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {"revocation": {}}}}
+            ),
             json.dumps(REV_REG_DEFS),
             json.dumps("rev_reg_entries"),
         )
@@ -465,10 +471,10 @@ async def test_check_pred_names_tamper_pred_value(self, mock_verify):
         ]["value"] = 0
 
         verified = await self.verifier.verify_presentation(
-            INDY_PROOF_REQ_PRED_NAMES,
+            deepcopy(INDY_PROOF_REQ_PRED_NAMES),
             INDY_PROOF_X,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )
@@ -486,7 +492,7 @@ async def test_check_pred_names_tamper_pred_req_attr(self, mock_verify):
             INDY_PROOF_REQ_X,
             INDY_PROOF_PRED_NAMES,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )
@@ -503,10 +509,10 @@ async def test_check_pred_names_tamper_attr_groups(self, mock_verify):
         ] = INDY_PROOF_X["requested_proof"]["revealed_attr_groups"].pop("18_uuid")
 
         verified = await self.verifier.verify_presentation(
-            INDY_PROOF_REQ_PRED_NAMES,
+            deepcopy(INDY_PROOF_REQ_PRED_NAMES),
             INDY_PROOF_X,
             "schemas",
-            "credential_definitions",
+            {"LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {}}},
             REV_REG_DEFS,
             "rev_reg_entries",
         )

diff --git a/aries_cloudagent/indy/sdk/verifier.py b/aries_cloudagent/indy/sdk/verifier.py
@@ -48,7 +48,7 @@ async def verify_presentation(
         """
 
         try:
-            self.non_revoc_intervals(pres_req, pres)
+            self.non_revoc_intervals(pres_req, pres, credential_definitions)
             await self.check_timestamps(self.ledger, pres_req, pres, rev_reg_defs)
             await self.pre_verify(pres_req, pres)
         except ValueError as err:

diff --git a/aries_cloudagent/indy/tests/test_verifier.py b/aries_cloudagent/indy/tests/test_verifier.py
@@ -605,8 +605,12 @@ async def test_non_revoc_intervals(self):
                 },
             ],
         }
+        cred_defs = {
+            "LjgpST2rjsoxYegQDRm7EL:3:CL:17:tag": {"value": {}},
+            "LjgpST2rjsoxYegQDRm7EL:3:CL:18:tag": {"value": {}},
+        }
 
-        self.verifier.non_revoc_intervals(big_pres_req, big_pres)
+        self.verifier.non_revoc_intervals(big_pres_req, big_pres, cred_defs)
 
         assert "non_revoked" not in big_pres_req
         for spec in big_pres_req["requested_attributes"].values():

diff --git a/aries_cloudagent/indy/verifier.py b/aries_cloudagent/indy/verifier.py
@@ -27,7 +27,7 @@ def __repr__(self) -> str:
         """
         return "<{}>".format(self.__class__.__name__)
 
-    def non_revoc_intervals(self, pres_req: dict, pres: dict):
+    def non_revoc_intervals(self, pres_req: dict, pres: dict, cred_defs: dict):
         """
         Remove superfluous non-revocation intervals in presentation request.
 
@@ -47,10 +47,14 @@ def non_revoc_intervals(self, pres_req: dict, pres: dict):
         }.items():
             for (uuid, spec) in pres["requested_proof"].get(req_proof_key, {}).items():
                 if (
-                    pres["identifiers"][spec["sub_proof_index"]].get("timestamp")
-                    is None
+                    "revocation"
+                    not in cred_defs[
+                        pres["identifiers"][spec["sub_proof_index"]]["cred_def_id"]
+                    ]["value"]
                 ):
-                    if pres_req[pres_key][uuid].pop("non_revoked", None):
+                    if uuid in pres_req[pres_key] and pres_req[pres_key][uuid].pop(
+                        "non_revoked", None
+                    ):
                         LOGGER.info(
                             (
                                 "Amended presentation request (nonce=%s): removed "

diff --git a/aries_cloudagent/protocols/present_proof/v1_0/manager.py b/aries_cloudagent/protocols/present_proof/v1_0/manager.py
@@ -398,7 +398,9 @@ async def verify_presentation(
         verifier = self._profile.inject(IndyVerifier)
         presentation_exchange_record.verified = json.dumps(  # tag: needs string value
             await verifier.verify_presentation(
-                indy_proof_request,
+                dict(
+                    indy_proof_request
+                ),  # copy to avoid changing the proof req in the stored pres exch
                 indy_proof,
                 schemas,
                 cred_defs,