Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verifying revocation status #9

Open
Reccetech opened this issue Jan 16, 2024 · 4 comments
Open

Verifying revocation status #9

Reccetech opened this issue Jan 16, 2024 · 4 comments

Comments

@Reccetech
Copy link

When a credential is revoked one can lookup the status of the revocation list. From the response you can confirm the if that status is a 1 or 0 from the position in the bitlist. From my understanding the process to determine this is the pass the encoded list into the vc-status-list library.
From the example 02-VC-status.md there is a code snippet at the bottom for this process:

import * as sl from "@digitalbazaar/vc-status-list";

const decoded = await sl.decodeList({
  encodedList: "H4sIAAAAAAAAA-3BIQEAAAACIKc73RcmoAEAAAAAAAAAAAAAAPgbjSrD2NQwAAA"
});

// return true, which means revoked
console.log(decoded.getStatus(0));

I am not sure from the examples or the vc-status-list repo how to get this check to pass. Can we provide more detail on this process?
@podefr
Copy link
Collaborator

podefr commented Jan 16, 2024

You previously issued a credential with a status which was stored in the file with id 0.0.7645848, and the list itself has id 1

You can retrieve the encoded status list from that file, either using hedera's file system directly, or using the API server:

curl -X 'GET' \
  'http://localhost:3004/credentials/status/0.0.7645848/1' \
  -H 'accept: application/json'

Which returns: (this credential was signed by my DID, yours would be different)

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/vc/status-list/2021/v1"
  ],
  "id": "http://localhost:3004/credentials/status/0.0.7645848/1",
  "type": [
    "VerifiableCredential",
    "StatusList2021Credential"
  ],
  "issuer": "did:hedera:testnet:zBGujTvDepajDJfndETnYKRNn5xDx4py6t3xNbdbLpKDd_0.0.5787376",
  "issuanceDate": "2024-01-16T14:52:45.075Z",
  "credentialSubject": {
    "id": "http://localhost:3004/credentials/status/0.0.7645848/1#list",
    "type": "StatusList2021",
    "statusPurpose": "revocation",
    "encodedList": "H4sIAAAAAAAAA-3BMQEAAADCoPVPbQsvoAAAAAAAAAAAAAAAAP4GcwM92tQwAAA"
  },
  "proof": {
    "type": "Ed25519Signature2018",
    "created": "2024-01-16T14:52:45Z",
    "verificationMethod": "did:hedera:testnet:zBGujTvDepajDJfndETnYKRNn5xDx4py6t3xNbdbLpKDd_0.0.5787376",
    "proofPurpose": "assertionMethod",
    "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..iF0ispq0aBaDGKwX5S2h7YE3rKv8FRsURMv5YVg8yihOeYcwk-jK3nHyhqTTBEK7f8-agRGUJjl3bFHOJH3BCw"
  }
}
```

You can verify this credential, and if the verification is successful, you can trust the status list (encodedList with value `H4sIAAAAAAAAA-3BMQEAAADCoPVPbQsvoAAAAAAAAAAAAAAAAP4GcwM92tQwAAA`) and test the status you want as per the example above

@Reccetech
Copy link
Author

Thank you. I understand the process to obtain the encoded list. Where I am struggling is to get the code snippet working to test the revocation status manually (outside of the verify functionality). To me the code snippet does not look to be complete. Can we provide a complete working code snippet:

`import * as sl from "@digitalbazaar/vc-status-list";

const decoded = await sl.decodeList({
encodedList: "H4sIAAAAAAAAA-3BIQEAAAACIKc73RcmoAEAAAAAAAAAAAAAAPgbjSrD2NQwAAA"
});

// return true, which means revoked
console.log(decoded.getStatus(0));`

@podefr
Copy link
Collaborator

podefr commented Jan 19, 2024

Sorry, I fail to see what's missing? What would you expect to see? The current snippet just checks the index of a status in the list which is all that's needed to verify if a snippet has been revoked

@Reccetech
Copy link
Author

I cannot get the code to work. Here is the code I am using from the examples (with a few tweaks).
`const { Client, FileContentsQuery } = require("@hashgraph/sdk");
const sl = require ("@digitalbazaar/vc-status-list");

const client = Client.forTestnet();
client.setOperator("0.0.XX", "302eXXX");

async function main() {
const query = new FileContentsQuery().setFileId("0.0.76XXX");
const contents = await query.execute(client);

const statusLists = JSON.parse(String(contents));

// in the credentialStatus, the status list index is 2
const statusListByIndex = statusLists[0];

const decoded = await sl.decodeList({
encodedList: statusListByIndex // could be "H4sIAAAAAAAAA-3BIQEAAAACIKc73RcmoAEAAAAAAAAAAAAAAPgbjSrD2NQwAAA"
});

// return true if revoked or false if not
console.log(decoded.getStatus(1));

}
main();`

When I run this I am hitting an error ERR_REQUIRE_ESM from "const sl = require ("@digitalbazaar/vc-status-list");".
I have tried import this module instead of require but run into different issues.
Have you run into this problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@podefr @Reccetech