fix: relax validation of thread id in revocation notification (#768)

Signed-off-by: Blazej Marcinkiewicz <marcinkiewicz@procivis.ch>

packages/core/src/modules/credentials/__tests__/V1CredentialService.cred.test.ts

@@ -1131,5 +1131,57 @@ describe('CredentialService', () => {
 
       spy.mockRestore()
     })
+
+    describe('revocation registry id validation', () => {
+      const revocationRegistryId =
+        'ABC12D3EFgHIjKL4mnOPQ5:4:AsB27X6KRrJFsqZ3unNAH6:3:cl:48187:N4s7y-5hema_tag ;:CL_ACCUM:3b24a9b0-a979-41e0-9964-2292f2b1b7e9'
+      test('V1 allows any character in tag part of RevRegId', async () => {
+        const loggerSpy = jest.spyOn(logger, 'warn')
+        mockFunction(credentialRepository.getSingleByQuery).mockReturnValueOnce(Promise.resolve(credential))
+
+        const revocationNotificationThreadId = `indy::${revocationRegistryId}::2`
+
+        const invalidThreadFormatError = new AriesFrameworkError(
+          `Incorrect revocation notification threadId format: \n${revocationNotificationThreadId}\ndoes not match\n"indy::<revocation_registry_id>::<credential_revocation_id>"`
+        )
+
+        const revocationNotificationMessage = new V1RevocationNotificationMessage({
+          issueThread: revocationNotificationThreadId,
+          comment: 'Credential has been revoked',
+        })
+        const messageContext = new InboundMessageContext(revocationNotificationMessage)
+
+        await revocationService.v1ProcessRevocationNotification(messageContext)
+
+        expect(loggerSpy).not.toBeCalledWith('Failed to process revocation notification message', {
+          error: invalidThreadFormatError,
+          threadId: revocationNotificationThreadId,
+        })
+      })
+
+      test('V2 allows any character in tag part of credential id', async () => {
+        const loggerSpy = jest.spyOn(logger, 'warn')
+        mockFunction(credentialRepository.getSingleByQuery).mockReturnValueOnce(Promise.resolve(credential))
+
+        const credentialId = `${revocationRegistryId}::2`
+        const invalidFormatError = new AriesFrameworkError(
+          `Incorrect revocation notification credentialId format: \n${credentialId}\ndoes not match\n"<revocation_registry_id>::<credential_revocation_id>"`
+        )
+
+        const revocationNotificationMessage = new V2RevocationNotificationMessage({
+          credentialId: credentialId,
+          revocationFormat: 'indy',
+          comment: 'Credenti1al has been revoked',
+        })
+        const messageContext = new InboundMessageContext(revocationNotificationMessage)
+
+        await revocationService.v2ProcessRevocationNotification(messageContext)
+
+        expect(loggerSpy).not.toBeCalledWith('Failed to process revocation notification message', {
+          error: invalidFormatError,
+          credentialId: credentialId,
+        })
+      })
+    })
   })
 })

packages/core/src/modules/credentials/services/RevocationService.ts

@@ -63,7 +63,7 @@ export class RevocationService {
     this.logger.info('Processing revocation notification v1', { message: messageContext.message })
     // ThreadID = indy::<revocation_registry_id>::<credential_revocation_id>
     const threadRegex =
-      /(indy)::((?:[\dA-z]{21,22}):4:(?:[\dA-z]{21,22}):3:[Cc][Ll]:(?:(?:[1-9][0-9]*)|(?:[\dA-z]{21,22}:2:.+:[0-9.]+))(?::[\dA-z]+)?:CL_ACCUM:(?:[\dA-z-]+))::(\d+)$/
+      /(indy)::((?:[\dA-z]{21,22}):4:(?:[\dA-z]{21,22}):3:[Cc][Ll]:(?:(?:[1-9][0-9]*)|(?:[\dA-z]{21,22}:2:.+:[0-9.]+))(:.+)?:CL_ACCUM:(?:[\dA-z-]+))::(\d+)$/
     const threadId = messageContext.message.issueThread
     try {
       const threadIdGroups = threadId.match(threadRegex)
@@ -101,7 +101,7 @@ export class RevocationService {
 
     // CredentialId = <revocation_registry_id>::<credential_revocation_id>
     const credentialIdRegex =
-      /((?:[\dA-z]{21,22}):4:(?:[\dA-z]{21,22}):3:[Cc][Ll]:(?:(?:[1-9][0-9]*)|(?:[\dA-z]{21,22}:2:.+:[0-9.]+))(?::[\dA-z]+)?:CL_ACCUM:(?:[\dA-z-]+))::(\d+)$/
+      /((?:[\dA-z]{21,22}):4:(?:[\dA-z]{21,22}):3:[Cc][Ll]:(?:(?:[1-9][0-9]*)|(?:[\dA-z]{21,22}:2:.+:[0-9.]+))(:.+)?:CL_ACCUM:(?:[\dA-z-]+))::(\d+)$/
     const credentialId = messageContext.message.credentialId
     try {
       const credentialIdGroups = credentialId.match(credentialIdRegex)