Skip to content
This repository was archived by the owner on Feb 29, 2024. It is now read-only.

Add failing unit test for multiple "attr:<attr_name>::value" restrictions #1893

Closed
wants to merge 12 commits into from
+155 −5
Closed

Add failing unit test for multiple "attr:<attr_name>::value" restrictions #1893

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
0f86ef7
Add failing unit test for multiple "attr:<attr_name>::value" restrict…
nrempel Sep 20, 2019
bbe7f85
Remove extra space
nrempel Sep 20, 2019
b9ab0a5
Improved verification of attr::<attr_name>::value/marker restrictions
Artemkaaas Sep 23, 2019
208494d
Merge pull request #2 from Artemkaaas/bug/is-1381-multiple-attr-restr…
Sep 24, 2019
7bf2118
Merge changes from hyperleger/master
nrempel Sep 24, 2019
e9b8244
Update _precess_filter to expect required parameter
nrempel Sep 24, 2019
a48a7b6
Fix test requiring extra parameter
nrempel Sep 24, 2019
cc8262d
Merge remote-tracking branch 'indy-sdk/master' into is-1381
Artemkaaas Sep 26, 2019
33b0525
Merge remote-tracking branch 'indy-sdk/master' into is-1381
Artemkaaas Sep 27, 2019
90bf835
Merge branch 'master' into bug/is-1381-multiple-attr-restrictions
Artemkaaas Oct 16, 2019
b926748
Merge branch 'master' into bug/is-1381-multiple-attr-restrictions
Artemkaaas Oct 21, 2019
0fa6bfe
Merge branch 'master' into bug/is-1381-multiple-attr-restrictions
Artemkaaas Oct 23, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 62 additions & 5 deletions libindy/src/services/anoncreds/verifier.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,16 @@ use crate::domain::anoncreds::revocation_registry_definition::{RevocationRegistr
use crate::domain::anoncreds::schema::{SchemaV1, SchemaId};
use crate::errors::prelude::*;
use crate::services::anoncreds::helpers::*;

use crate::utils::wql::Query;

use ursa::cl::{CredentialPublicKey, new_nonce, Nonce};
use ursa::cl::verifier::Verifier as CryptoVerifier;
use crate::utils::wql::Query;
use regex::Regex;

lazy_static! {
pub static ref INTERNAL_TAG_REGEX: Regex = Regex::new("^attr::.*::[marker,value]").unwrap();
}


#[derive(Debug, Serialize, Deserialize, Clone, PartialEq)]
pub struct Filter {
Expand Down Expand Up @@ -471,7 +476,7 @@ impl Verifier {
tag_ @ "schema_version" => Verifier::_precess_filed(tag_, &filter.schema_version, tag_value),
tag_ @ "cred_def_id" => Verifier::_precess_filed(tag_, &filter.cred_def_id, tag_value),
tag_ @ "issuer_did" => Verifier::_precess_filed(tag_, &filter.issuer_did, tag_value),
x if Verifier::_is_attr_internal_tag(x, attr) => Verifier::_check_internal_tag_revealed_value(x, attr, tag_value, revealed_value),
x if Verifier::_is_attr_internal_tag(x) => Verifier::_check_internal_tag_revealed_value(x, attr, tag_value, revealed_value),
x if Verifier::_is_attr_operator(x) => Ok(()),
_ => Err(err_msg(IndyErrorKind::InvalidStructure, "Unknown Filter Type"))
}
Expand All @@ -485,8 +490,8 @@ impl Verifier {
}
}

fn _is_attr_internal_tag(key: &str, attr: &str) -> bool {
key == format!("attr::{}::value", attr) || key == format!("attr::{}::marker", attr)
fn _is_attr_internal_tag(key: &str) -> bool {
INTERNAL_TAG_REGEX.is_match(&key)
}

fn _check_internal_tag_revealed_value(key: &str, attr: &str, tag_value: &str, revealed_value: Option<&str>) -> IndyResult<()> {
Expand All @@ -512,6 +517,7 @@ mod tests {
pub const SCHEMA_VERSION: &str = "1.2.3";
pub const CRED_DEF_ID: &str = "345";
pub const ISSUER_DID: &str = "456";
pub const VALUE: &str = "value";

fn schema_id_tag() -> String { "schema_id".to_string() }

Expand All @@ -529,6 +535,14 @@ mod tests {

fn attr_tag_value() -> String { "attr::zip::value".to_string() }

fn zip_marker() -> String { "attr::zip::marker".to_string() }

fn zip_value() -> String { "attr::zip::value".to_string() }

fn extra_marker() -> String { "attr::extra::marker".to_string() }

fn extra_value() -> String { "attr::extra::value".to_string() }

fn bad_attr_tag() -> String { "bad::zip::marker".to_string() }

fn filter() -> Filter {
Expand Down Expand Up @@ -778,6 +792,49 @@ mod tests {
assert!(Verifier::_process_operator("zip", &op, &filter, Some("NOT HERE")).is_err());
}

#[test]
fn test_process_op_eq_internal_tags() {
let filter = filter();

let mut op = Query::Eq(zip_value(), VALUE.to_string());
Verifier::_process_operator("zip", &op, &filter, None).unwrap();

op = Query::And(vec![
Query::Eq(zip_marker(), "1".to_string()),
Query::Eq(zip_value(), VALUE.to_string()),
]);
Verifier::_process_operator("zip", &op, &filter, None).unwrap();

op = Query::And(vec![
Query::Eq(zip_marker(), "1".to_string()),
Query::Eq(zip_value(), VALUE.to_string()),
Query::Eq(extra_marker(), "1".to_string()),
Query::Eq(extra_value(), VALUE.to_string()),
]);
Verifier::_process_operator("zip", &op, &filter, None).unwrap();

op = Query::Eq("attr::zip::NOT HERE".to_string(), VALUE.to_string());
assert!(Verifier::_process_operator("zip", &op, &filter, None).is_err());

op = Query::Eq("NOT HEREattrNOT HERE::zip::value".to_string(), VALUE.to_string());
assert!(Verifier::_process_operator("zip", &op, &filter, None).is_err());

op = Query::Eq("NOT HERE::zip::marker".to_string(), VALUE.to_string());
assert!(Verifier::_process_operator("zip", &op, &filter, None).is_err());

op = Query::And(vec![
Query::Eq(zip_marker(), "1".to_string()),
Query::Eq("attr::zip::NOT HERE".to_string(), VALUE.to_string()),
]);
assert!(Verifier::_process_operator("zip", &op, &filter, None).is_err());

op = Query::Or(vec![
Query::Eq(zip_marker(), "1".to_string()),
Query::Eq("attr::zip::NOT HERE".to_string(), VALUE.to_string()),
]);
Verifier::_process_operator("zip", &op, &filter, None).unwrap();
}

fn _received() -> HashMap<String, Identifier> {
let mut res: HashMap<String, Identifier> = HashMap::new();
res.insert("referent_1".to_string(), Identifier { timestamp: Some(1234), schema_id: SchemaId(String::new()), cred_def_id: CredentialDefinitionId(String::new()), rev_reg_id: Some(RevocationRegistryId(String::new())) });
Expand Down
93 changes: 93 additions & 0 deletions libindy/tests/anoncreds_demos.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3453,4 +3453,97 @@ mod demos {
wallet::close_and_delete_wallet(issuer_gvt_wallet_handle, &issuer_gvt_wallet_config).unwrap();
wallet::close_and_delete_wallet(issuer_xyz_wallet_handle, &issuer_xyz_wallet_config).unwrap();
}


#[test] // IS-1381
fn anoncreds_works_for_multiple_attr_value_restrictions() {
Setup::empty();

//1. Create Issuer wallet, gets wallet handle
let (issuer_wallet_handle, issuer_wallet_config) = wallet::create_and_open_default_wallet("anoncreds_works_for_attr_value_restriction").unwrap();

//2. Create Prover wallet, gets wallet handle
let (prover_wallet_handle, prover_wallet_config) = wallet::create_and_open_default_wallet("anoncreds_works_for_attr_value_restriction").unwrap();

//3. Issuer creates Schema and Credential Definition
let (schema_id, schema_json, cred_def_id, cred_def_json) = anoncreds::multi_steps_issuer_preparation(issuer_wallet_handle,
ISSUER_DID,
GVT_SCHEMA_NAME,
GVT_SCHEMA_ATTRIBUTES);

//4. Prover creates Master Secret
anoncreds::prover_create_master_secret(prover_wallet_handle, COMMON_MASTER_SECRET).unwrap();

//5. Issuance credential for Prover
anoncreds::multi_steps_create_credential(COMMON_MASTER_SECRET,
prover_wallet_handle,
issuer_wallet_handle,
CREDENTIAL1_ID,
&anoncreds::gvt_credential_values_json(),
&cred_def_id,
&cred_def_json);

//6. Proof request
let nonce = anoncreds::generate_nonce().unwrap();
let proof_req_json = json!({
"nonce": nonce,
"name":"proof_req_1",
"version":"0.1",
"requested_attributes":{
"attr1_referent":{
"name":"name",
"restrictions": json!([{
"attr::name::value": "Alex",
"attr::sex::value": "male"
}])
}
},
"requested_predicates":{
}
}).to_string();

//7. Prover gets Credentials for Proof Request
let credentials_json = anoncreds::prover_get_credentials_for_proof_req(prover_wallet_handle, &proof_req_json).unwrap();
let credential = anoncreds::get_credential_for_attr_referent(&credentials_json, "attr1_referent");

//8. Prover creates Proof
let requested_credentials_json = json!({
"self_attested_attributes": {},
"requested_attributes": {
"attr1_referent": {"cred_id": credential.referent, "revealed":true}
},
"requested_predicates": {}
}).to_string();

let schemas_json = json!({schema_id: serde_json::from_str::<Schema>(&schema_json).unwrap()}).to_string();
let cred_defs_json = json!({cred_def_id: serde_json::from_str::<CredentialDefinition>(&cred_def_json).unwrap()}).to_string();
let rev_states_json = json!({}).to_string();

let proof_json = anoncreds::prover_create_proof(prover_wallet_handle,
&proof_req_json,
&requested_credentials_json,
COMMON_MASTER_SECRET,
&schemas_json,
&cred_defs_json,
&rev_states_json).unwrap();

let proof: Proof = serde_json::from_str(&proof_json).unwrap();

//9. Verifier verifies proof
assert_eq!("Alex", proof.requested_proof.revealed_attrs.get("attr1_referent").unwrap().raw);

let rev_reg_defs_json = json!({}).to_string();
let rev_regs_json = json!({}).to_string();

let valid = anoncreds::verifier_verify_proof(&proof_req_json,
&proof_json,
&schemas_json,
&cred_defs_json,
&rev_reg_defs_json,
&rev_regs_json).unwrap();
assert!(valid);

wallet::close_and_delete_wallet(issuer_wallet_handle, &issuer_wallet_config).unwrap();
wallet::close_and_delete_wallet(prover_wallet_handle, &prover_wallet_config).unwrap();
}
}