merge

Signed-off-by: Timo Glastra <[email protected]>
openwallet-foundation · Jun 4, 2024 · 9c0f46b · 9c0f46b
1 parent acd1a76
commit 9c0f46b
Show file tree

Hide file tree

Showing 27 changed files with 370 additions and 179 deletions.
diff --git a/.github/workflows/continuous-deployment.yml b/.github/workflows/continuous-deployment.yml
@@ -84,13 +84,13 @@ jobs:
           echo version="${NEW_VERSION}" >> "$GITHUB_OUTPUT"
 
       - name: Create Tag
-        uses: mathieudutour/github-tag-action@v6.1
+        uses: mathieudutour/github-tag-action@v6.2
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           custom_tag: ${{ steps.new-version.outputs.version }}
 
       - name: Create Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           tag_name: v${{ steps.new-version.outputs.version }}
           body: |

diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v5.4.0
+      - uses: amannn/action-semantic-pull-request@v5.5.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:21
+FROM node:22
 
 # Set working directory
 WORKDIR /www

diff --git a/network/indy-pool.dockerfile b/network/indy-pool.dockerfile
@@ -1,48 +1,9 @@
-FROM ubuntu:16.04
+FROM bcgovimages/von-image:node-1.12-6
 
-ARG uid=1000
+USER root
 
 # Install environment
-RUN apt-get update -y && apt-get install -y \
-	git \
-	wget \
-	python3.5 \
-	python3-pip \
-	python-setuptools \
-	python3-nacl \
-	apt-transport-https \
-	ca-certificates \
-	supervisor \
-	gettext-base \
-	software-properties-common
-
-RUN pip3 install -U \
-	pip==9.0.3 \
-	setuptools
-
-RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CE7709D068DB5E88 || \
-	apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CE7709D068DB5E88
-ARG indy_stream=stable
-RUN echo "deb https://repo.sovrin.org/deb xenial $indy_stream" >> /etc/apt/sources.list
-RUN add-apt-repository "deb https://repo.sovrin.org/sdk/deb xenial $indy_stream"
-
-RUN useradd -ms /bin/bash -u $uid indy
-
-ARG indy_plenum_ver=1.12.1
-ARG indy_node_ver=1.12.1
-ARG python3_indy_crypto_ver=0.4.5
-ARG indy_crypto_ver=0.4.5
-ARG python3_pyzmq_ver=18.1.0
-
-RUN apt-get update -y && apt-get install -y \
-	python3-pyzmq=${python3_pyzmq_ver} \
-	indy-plenum=${indy_plenum_ver} \
-	indy-node=${indy_node_ver} \
-	python3-indy-crypto=${python3_indy_crypto_ver} \
-	libindy-crypto=${indy_crypto_ver} \
-	vim \
-	libindy \
-	indy-cli
+RUN apt-get update -y && apt-get install -y supervisor
 
 # It is imporatnt the the lines are not indented. Some autformatters
 # Indent the supervisord parameters. THIS WILL BREAK THE SETUP
@@ -90,11 +51,9 @@ stderr_logfile=/tmp/node4.log\n"\
 
 USER indy
 
-RUN awk '{if (index($1, "NETWORK_NAME") != 0) {print("NETWORK_NAME = \"sandbox\"")} else print($0)}' /etc/indy/indy_config.py> /tmp/indy_config.py
-RUN mv /tmp/indy_config.py /etc/indy/indy_config.py
+COPY --chown=indy:indy network/indy_config.py /etc/indy/indy_config.py
 
 ARG pool_ip=127.0.0.1
-
 RUN generate_indy_pool_transactions --nodes 4 --clients 5 --nodeNum 1 2 3 4 --ips="$pool_ip,$pool_ip,$pool_ip,$pool_ip"
 
 COPY network/add-did.sh /usr/bin/add-did
@@ -105,4 +64,4 @@ COPY network/indy-cli-config.json /etc/indy/indy-cli-config.json
 
 EXPOSE 9701 9702 9703 9704 9705 9706 9707 9708
 
-CMD ["/usr/bin/supervisord"] 
+CMD ["/usr/bin/supervisord"]
diff --git a/packages/anoncreds/src/formats/AnonCredsCredentialFormatService.ts b/packages/anoncreds/src/formats/AnonCredsCredentialFormatService.ts
@@ -341,7 +341,7 @@ export class AnonCredsCredentialFormatService implements CredentialFormatService
       revocationStatusList = revocationStatusListResult.revocationStatusList
     }
 
-    const { credential } = await anonCredsIssuerService.createCredential(agentContext, {
+    const { credential, credentialRevocationId } = await anonCredsIssuerService.createCredential(agentContext, {
       credentialOffer,
       credentialRequest,
       credentialValues: convertAttributesToCredentialValues(credentialAttributes),
@@ -350,6 +350,18 @@ export class AnonCredsCredentialFormatService implements CredentialFormatService
       revocationStatusList,
     })
 
+    // If the credential is revocable, store the revocation identifiers in the credential record
+    if (credential.rev_reg_id) {
+      credentialRecord.metadata.add<AnonCredsCredentialMetadata>(AnonCredsCredentialMetadataKey, {
+        revocationRegistryId: revocationRegistryDefinitionId ?? undefined,
+        credentialRevocationId: credentialRevocationId ?? undefined,
+      })
+      credentialRecord.setTags({
+        anonCredsRevocationRegistryId: revocationRegistryDefinitionId,
+        anonCredsCredentialRevocationId: credentialRevocationId,
+      })
+    }
+
     const format = new CredentialFormatSpec({
       attachmentId,
       format: ANONCREDS_CREDENTIAL,

diff --git a/packages/anoncreds/src/formats/LegacyIndyCredentialFormatService.ts b/packages/anoncreds/src/formats/LegacyIndyCredentialFormatService.ts
@@ -300,23 +300,12 @@ export class LegacyIndyCredentialFormatService implements CredentialFormatServic
     const credentialRequest = requestAttachment.getDataAsJson<AnonCredsCredentialRequest>()
     if (!credentialRequest) throw new CredoError('Missing indy credential request in createCredential')
 
-    const { credential, credentialRevocationId } = await anonCredsIssuerService.createCredential(agentContext, {
+    const { credential } = await anonCredsIssuerService.createCredential(agentContext, {
       credentialOffer,
       credentialRequest,
       credentialValues: convertAttributesToCredentialValues(credentialAttributes),
     })
 
-    if (credential.rev_reg_id) {
-      credentialRecord.metadata.add<AnonCredsCredentialMetadata>(AnonCredsCredentialMetadataKey, {
-        credentialRevocationId: credentialRevocationId,
-        revocationRegistryId: credential.rev_reg_id,
-      })
-      credentialRecord.setTags({
-        anonCredsRevocationRegistryId: credential.rev_reg_id,
-        anonCredsCredentialRevocationId: credentialRevocationId,
-      })
-    }
-
     const format = new CredentialFormatSpec({
       attachmentId,
       format: INDY_CRED,
@@ -399,6 +388,7 @@ export class LegacyIndyCredentialFormatService implements CredentialFormatServic
       })
       credentialRecord.setTags({
         anonCredsRevocationRegistryId: credential.revocationRegistryId,
+        anonCredsUnqualifiedRevocationRegistryId: anonCredsCredential.rev_reg_id,
         anonCredsCredentialRevocationId: credential.credentialRevocationId,
       })
     }

diff --git a/packages/anoncreds/src/protocols/credentials/v1/V1CredentialProtocol.ts b/packages/anoncreds/src/protocols/credentials/v1/V1CredentialProtocol.ts
@@ -231,6 +231,7 @@ export class V1CredentialProtocol
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       await this.indyCredentialFormat.processProposal(messageContext.agentContext, {
@@ -251,6 +252,8 @@ export class V1CredentialProtocol
       })
     } else {
       agentContext.config.logger.debug('Credential record does not exists yet for incoming proposal')
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
 
       // No credential record exists with thread id
       credentialRecord = new CredentialExchangeRecord({
@@ -261,9 +264,6 @@ export class V1CredentialProtocol
         protocolVersion: 'v1',
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       // Save record
       await credentialRepository.save(messageContext.agentContext, credentialRecord)
       this.emitStateChangedEvent(messageContext.agentContext, credentialRecord, null)
@@ -532,6 +532,7 @@ export class V1CredentialProtocol
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       await this.indyCredentialFormat.processOffer(messageContext.agentContext, {
@@ -548,6 +549,9 @@ export class V1CredentialProtocol
 
       return credentialRecord
     } else {
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
+
       // No credential record exists with thread id
       credentialRecord = new CredentialExchangeRecord({
         connectionId: connection?.id,
@@ -558,9 +562,6 @@ export class V1CredentialProtocol
         protocolVersion: 'v1',
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       await this.indyCredentialFormat.processOffer(messageContext.agentContext, {
         credentialRecord,
         attachment: offerAttachment,
@@ -767,14 +768,14 @@ export class V1CredentialProtocol
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: proposalMessage ?? undefined,
       lastSentMessage: offerMessage ?? undefined,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     // This makes sure that the sender of the incoming message is authorized to do so.
     if (!credentialRecord.connectionId) {
       await connectionService.matchIncomingMessageToRequestMessageInOutOfBandExchange(messageContext, {
         expectedConnectionId: credentialRecord.connectionId,
       })
-
       credentialRecord.connectionId = connection?.id
     }
 
@@ -916,6 +917,7 @@ export class V1CredentialProtocol
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: offerCredentialMessage,
       lastSentMessage: requestCredentialMessage,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     const issueAttachment = issueMessage.getCredentialAttachmentById(INDY_CREDENTIAL_ATTACHMENT_ID)
@@ -1022,6 +1024,7 @@ export class V1CredentialProtocol
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: requestCredentialMessage,
       lastSentMessage: issueCredentialMessage,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     // Update record

diff --git a/packages/anoncreds/src/protocols/credentials/v1/__tests__/V1CredentialProtocolCred.test.ts b/packages/anoncreds/src/protocols/credentials/v1/__tests__/V1CredentialProtocolCred.test.ts
@@ -736,7 +736,6 @@ describe('V1CredentialProtocol', () => {
       }
       expect(credentialRepository.getSingleByQuery).toHaveBeenNthCalledWith(1, agentContext, {
         threadId: 'somethreadid',
-        connectionId: connection.id,
       })
       expect(repositoryUpdateSpy).toHaveBeenCalledTimes(1)
       const [[, updatedCredentialRecord]] = repositoryUpdateSpy.mock.calls

diff --git a/packages/anoncreds/src/protocols/proofs/v1/V1ProofProtocol.ts b/packages/anoncreds/src/protocols/proofs/v1/V1ProofProtocol.ts
@@ -198,6 +198,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: proofRecord.connectionId,
       })
 
       // Update record
@@ -209,6 +210,8 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       await this.updateState(agentContext, proofRecord, ProofState.ProposalReceived)
     } else {
       agentContext.config.logger.debug('Proof record does not exist yet for incoming proposal')
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
 
       // No proof record exists with thread id
       proofRecord = new ProofExchangeRecord({
@@ -220,9 +223,6 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
         protocolVersion: 'v1',
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       await didCommMessageRepository.saveOrUpdateAgentMessage(agentContext, {
         agentMessage: proposalMessage,
         associatedRecordId: proofRecord.id,
@@ -456,6 +456,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: proofRecord.connectionId,
       })
 
       await this.indyProofFormat.processRequest(agentContext, {
@@ -470,6 +471,9 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       })
       await this.updateState(agentContext, proofRecord, ProofState.RequestReceived)
     } else {
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
+
       // No proof record exists with thread id
       proofRecord = new ProofExchangeRecord({
         connectionId: connection?.id,
@@ -491,9 +495,6 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
         role: DidCommMessageRole.Receiver,
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       // Save in repository
       await proofRepository.save(agentContext, proofRecord)
       this.emitStateChangedEvent(agentContext, proofRecord, null)
@@ -791,6 +792,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: proposalMessage,
       lastSentMessage: requestMessage,
+      expectedConnectionId: proofRecord.connectionId,
     })
 
     // This makes sure that the sender of the incoming message is authorized to do so.
@@ -922,6 +924,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage,
       lastSentMessage,
+      expectedConnectionId: proofRecord.connectionId,
     })
 
     // Update record

diff --git a/packages/anoncreds/src/protocols/proofs/v1/__tests__/V1ProofProtocol.test.ts b/packages/anoncreds/src/protocols/proofs/v1/__tests__/V1ProofProtocol.test.ts
@@ -245,7 +245,6 @@ describe('V1ProofProtocol', () => {
       }
       expect(proofRepository.getSingleByQuery).toHaveBeenNthCalledWith(1, agentContext, {
         threadId: 'somethreadid',
-        connectionId: connection.id,
       })
       expect(repositoryUpdateSpy).toHaveBeenCalledTimes(1)
       const [[, updatedCredentialRecord]] = repositoryUpdateSpy.mock.calls

diff --git a/packages/anoncreds/src/updates/0.4-0.5/anonCredsCredentialRecord.ts b/packages/anoncreds/src/updates/0.4-0.5/anonCredsCredentialRecord.ts
@@ -16,6 +16,7 @@ import { fetchCredentialDefinition } from '../../utils/anonCredsObjects'
 import {
   getIndyNamespaceFromIndyDid,
   getQualifiedDidIndyDid,
+  getUnQualifiedDidIndyDid,
   isIndyDid,
   isUnqualifiedCredentialDefinitionId,
   isUnqualifiedIndyDid,
@@ -154,6 +155,16 @@ async function migrateLegacyToW3cCredential(agentContext: AgentContext, legacyRe
         credentialRecordType: 'w3c',
         credentialRecordId: w3cCredentialRecord.id,
       }
+
+      // If using unqualified dids, store both qualified/unqualified revRegId forms
+      // to allow retrieving it from revocation notification service
+      if (legacyTags.revocationRegistryId && indyNamespace) {
+        relatedCredentialExchangeRecord.setTags({
+          anonCredsRevocationRegistryId: getQualifiedDidIndyDid(legacyTags.revocationRegistryId, indyNamespace),
+          anonCredsUnqualifiedRevocationRegistryId: getUnQualifiedDidIndyDid(legacyTags.revocationRegistryId),
+        })
+      }
+
       await credentialExchangeRepository.update(agentContext, relatedCredentialExchangeRecord)
     }
   }

diff --git a/packages/anoncreds/src/utils/indyIdentifiers.ts b/packages/anoncreds/src/utils/indyIdentifiers.ts
@@ -221,6 +221,8 @@ export function getIndyNamespaceFromIndyDid(identifier: string): string {
 }
 
 export function getUnQualifiedDidIndyDid(identifier: string): string {
+  if (isUnqualifiedIndyDid(identifier)) return identifier
+
   if (isDidIndySchemaId(identifier)) {
     const { schemaName, schemaVersion, namespaceIdentifier } = parseIndySchemaId(identifier)
     return getUnqualifiedSchemaId(namespaceIdentifier, schemaName, schemaVersion)

diff --git a/packages/anoncreds/src/utils/w3cAnonCredsUtils.ts b/packages/anoncreds/src/utils/w3cAnonCredsUtils.ts
@@ -20,6 +20,7 @@ import {
   isUnqualifiedRevocationRegistryId,
   isIndyDid,
   getUnQualifiedDidIndyDid,
+  isUnqualifiedIndyDid,
 } from './indyIdentifiers'
 import { W3cAnonCredsCredentialMetadataKey } from './metadata'
 
@@ -199,7 +200,7 @@ export function getW3cRecordAnonCredsTags(options: {
     anonCredsMethodName: methodName,
     anonCredsRevocationRegistryId: revocationRegistryId,
     anonCredsCredentialRevocationId: credentialRevocationId,
-    ...(isIndyDid(issuerId) && {
+    ...((isIndyDid(issuerId) || isUnqualifiedIndyDid(issuerId)) && {
       anonCredsUnqualifiedIssuerId: getUnQualifiedDidIndyDid(issuerId),
       anonCredsUnqualifiedCredentialDefinitionId: getUnQualifiedDidIndyDid(credentialDefinitionId),
       anonCredsUnqualifiedSchemaId: getUnQualifiedDidIndyDid(schemaId),