fix: issuance with unqualified identifiers

packages/anoncreds-rs/src/services/AnonCredsRsHolderService.ts

@@ -32,7 +32,7 @@ import {
   AnonCredsCredentialRepository,
   AnonCredsLinkSecretRepository,
   AnonCredsRestrictionWrapper,
-  legacyIndyCredentialDefinitionIdRegex,
+  unqualifiedCredentialDefinitionIdRegex,
   AnonCredsRegistryService,
 } from '@aries-framework/anoncreds'
 import { AriesFrameworkError, JsonTransformer, TypedArrayEncoder, injectable, utils } from '@aries-framework/core'
@@ -213,7 +213,7 @@ export class AnonCredsRsHolderService implements AnonCredsHolderService {
         throw new AnonCredsRsError('Link Secret value not stored')
       }
 
-      const isLegacyIdentifier = credentialOffer.cred_def_id.match(legacyIndyCredentialDefinitionIdRegex)
+      const isLegacyIdentifier = credentialOffer.cred_def_id.match(unqualifiedCredentialDefinitionIdRegex)
       if (!isLegacyIdentifier && useLegacyProverDid) {
         throw new AriesFrameworkError('Cannot use legacy prover_did with non-legacy identifiers')
       }

packages/anoncreds-rs/src/services/AnonCredsRsIssuerService.ts

@@ -15,6 +15,10 @@ import type { AgentContext } from '@aries-framework/core'
 import type { CredentialDefinitionPrivate, JsonObject, KeyCorrectnessProof } from '@hyperledger/anoncreds-shared'
 
 import {
+  parseIndyDid,
+  getUnqualifiedSchemaId,
+  parseIndySchemaId,
+  isUnqualifiedCredentialDefinitionId,
   AnonCredsKeyCorrectnessProofRepository,
   AnonCredsCredentialDefinitionPrivateRepository,
   AnonCredsCredentialDefinitionRepository,
@@ -87,22 +91,35 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {
 
     let credentialOffer: CredentialOffer | undefined
     try {
+      // The getByCredentialDefinitionId supports both qualified and unqualified identifiers, even though the
+      // record is always stored using the qualified identifier.
       const credentialDefinitionRecord = await agentContext.dependencyManager
         .resolve(AnonCredsCredentialDefinitionRepository)
         .getByCredentialDefinitionId(agentContext, options.credentialDefinitionId)
 
+      // We fetch the keyCorrectnessProof based on the credential definition record id, as the
+      // credential definition id passed to this module could be unqualified, and the key correctness
+      // proof is only stored using the qualified identifier.
       const keyCorrectnessProofRecord = await agentContext.dependencyManager
         .resolve(AnonCredsKeyCorrectnessProofRepository)
-        .getByCredentialDefinitionId(agentContext, options.credentialDefinitionId)
+        .getByCredentialDefinitionId(agentContext, credentialDefinitionRecord.credentialDefinitionId)
 
       if (!credentialDefinitionRecord) {
         throw new AnonCredsRsError(`Credential Definition ${credentialDefinitionId} not found`)
       }
 
+      let schemaId = credentialDefinitionRecord.credentialDefinition.schemaId
+
+      // if the credentialDefinitionId is not qualified, we need to transform the schemaId to also be unqualified
+      if (isUnqualifiedCredentialDefinitionId(options.credentialDefinitionId)) {
+        const { namespaceIdentifier, schemaName, schemaVersion } = parseIndySchemaId(schemaId)
+        schemaId = getUnqualifiedSchemaId(namespaceIdentifier, schemaName, schemaVersion)
+      }
+
       credentialOffer = CredentialOffer.create({
         credentialDefinitionId,
         keyCorrectnessProof: keyCorrectnessProofRecord?.value,
-        schemaId: credentialDefinitionRecord.credentialDefinition.schemaId,
+        schemaId,
       })
 
       return credentialOffer.toJson() as unknown as AnonCredsCredentialOffer
@@ -135,9 +152,25 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {
         .resolve(AnonCredsCredentialDefinitionRepository)
         .getByCredentialDefinitionId(agentContext, options.credentialRequest.cred_def_id)
 
+      // We fetch the private record based on the cred def id from the cred def record, as the
+      // credential definition id passed to this module could be unqualified, and the private record
+      // is only stored using the qualified identifier.
       const credentialDefinitionPrivateRecord = await agentContext.dependencyManager
         .resolve(AnonCredsCredentialDefinitionPrivateRepository)
-        .getByCredentialDefinitionId(agentContext, options.credentialRequest.cred_def_id)
+        .getByCredentialDefinitionId(agentContext, credentialDefinitionRecord.credentialDefinitionId)
+
+      let credentialDefinition = credentialDefinitionRecord.credentialDefinition
+
+      if (isUnqualifiedCredentialDefinitionId(options.credentialRequest.cred_def_id)) {
+        const { namespaceIdentifier, schemaName, schemaVersion } = parseIndySchemaId(credentialDefinition.schemaId)
+        const { namespaceIdentifier: unqualifiedDid } = parseIndyDid(credentialDefinition.issuerId)
+        parseIndyDid
+        credentialDefinition = {
+          ...credentialDefinition,
+          schemaId: getUnqualifiedSchemaId(namespaceIdentifier, schemaName, schemaVersion),
+          issuerId: unqualifiedDid,
+        }
+      }
 
       credential = Credential.create({
         credentialDefinition: credentialDefinitionRecord.credentialDefinition as unknown as JsonObject,

packages/anoncreds-rs/src/services/__tests__/AnonCredsRsServices.test.ts

@@ -1,6 +1,10 @@
 import type { AnonCredsProofRequest } from '@aries-framework/anoncreds'
 
 import {
+  getUnqualifiedSchemaId,
+  parseIndySchemaId,
+  getUnqualifiedCredentialDefinitionId,
+  parseIndyCredentialDefinitionId,
   AnonCredsModuleConfig,
   AnonCredsHolderServiceSymbol,
   AnonCredsIssuerServiceSymbol,
@@ -236,4 +240,212 @@ describeRunInNodeVersion([18], 'AnonCredsRsServices', () => {
 
     expect(verifiedProof).toBeTruthy()
   })
+
+  test('issuance flow with unqualified identifiers', async () => {
+    // Use qualified identifiers to create schema and credential definition (we only support qualified identifiers for these)
+    const issuerId = 'did:indy:pool:localtest:A4CYPASJYRZRt98YWrac3H'
+
+    const schema = await anonCredsIssuerService.createSchema(agentContext, {
+      attrNames: ['name', 'age'],
+      issuerId,
+      name: 'Employee Credential',
+      version: '1.0.0',
+    })
+
+    const { schemaState } = await registry.registerSchema(agentContext, {
+      schema,
+      options: {},
+    })
+
+    const { credentialDefinition, credentialDefinitionPrivate, keyCorrectnessProof } =
+      await anonCredsIssuerService.createCredentialDefinition(agentContext, {
+        issuerId,
+        schemaId: schemaState.schemaId as string,
+        schema,
+        tag: 'Employee Credential',
+        supportRevocation: false,
+      })
+
+    const { credentialDefinitionState } = await registry.registerCredentialDefinition(agentContext, {
+      credentialDefinition,
+      options: {},
+    })
+
+    if (
+      !credentialDefinitionState.credentialDefinition ||
+      !credentialDefinitionState.credentialDefinitionId ||
+      !schemaState.schema ||
+      !schemaState.schemaId
+    ) {
+      throw new Error('Failed to create schema or credential definition')
+    }
+
+    if (!credentialDefinitionPrivate || !keyCorrectnessProof) {
+      throw new Error('Failed to get private part of credential definition')
+    }
+
+    await agentContext.dependencyManager.resolve(AnonCredsSchemaRepository).save(
+      agentContext,
+      new AnonCredsSchemaRecord({
+        schema: schemaState.schema,
+        schemaId: schemaState.schemaId,
+        methodName: 'inMemory',
+      })
+    )
+
+    await agentContext.dependencyManager.resolve(AnonCredsCredentialDefinitionRepository).save(
+      agentContext,
+      new AnonCredsCredentialDefinitionRecord({
+        credentialDefinition: credentialDefinitionState.credentialDefinition,
+        credentialDefinitionId: credentialDefinitionState.credentialDefinitionId,
+        methodName: 'inMemory',
+      })
+    )
+
+    await agentContext.dependencyManager.resolve(AnonCredsCredentialDefinitionPrivateRepository).save(
+      agentContext,
+      new AnonCredsCredentialDefinitionPrivateRecord({
+        value: credentialDefinitionPrivate,
+        credentialDefinitionId: credentialDefinitionState.credentialDefinitionId,
+      })
+    )
+
+    await agentContext.dependencyManager.resolve(AnonCredsKeyCorrectnessProofRepository).save(
+      agentContext,
+      new AnonCredsKeyCorrectnessProofRecord({
+        value: keyCorrectnessProof,
+        credentialDefinitionId: credentialDefinitionState.credentialDefinitionId,
+      })
+    )
+
+    const { namespaceIdentifier, schemaSeqNo, tag } = parseIndyCredentialDefinitionId(
+      credentialDefinitionState.credentialDefinitionId
+    )
+    const unqualifiedCredentialDefinitionId = getUnqualifiedCredentialDefinitionId(
+      namespaceIdentifier,
+      schemaSeqNo,
+      tag
+    )
+
+    const parsedSchema = parseIndySchemaId(schemaState.schemaId)
+    const unqualifiedSchemaId = getUnqualifiedSchemaId(
+      parsedSchema.namespaceIdentifier,
+      parsedSchema.schemaName,
+      parsedSchema.schemaVersion
+    )
+
+    // Create offer with unqualified credential definition id
+    const credentialOffer = await anonCredsIssuerService.createCredentialOffer(agentContext, {
+      credentialDefinitionId: unqualifiedCredentialDefinitionId,
+    })
+
+    const linkSecret = await anonCredsHolderService.createLinkSecret(agentContext, { linkSecretId: 'someLinkSecretId' })
+    expect(linkSecret.linkSecretId).toBe('someLinkSecretId')
+
+    await agentContext.dependencyManager.resolve(AnonCredsLinkSecretRepository).save(
+      agentContext,
+      new AnonCredsLinkSecretRecord({
+        value: linkSecret.linkSecretValue,
+        linkSecretId: linkSecret.linkSecretId,
+      })
+    )
+
+    const unqualifiedCredentialDefinition = await registry.getCredentialDefinition(
+      agentContext,
+      credentialOffer.cred_def_id
+    )
+    const unqualifiedSchema = await registry.getSchema(agentContext, credentialOffer.schema_id)
+    if (!unqualifiedCredentialDefinition.credentialDefinition || !unqualifiedSchema.schema) {
+      throw new Error('unable to fetch credential definition or schema')
+    }
+
+    const credentialRequestState = await anonCredsHolderService.createCredentialRequest(agentContext, {
+      credentialDefinition: unqualifiedCredentialDefinition.credentialDefinition,
+      credentialOffer,
+      linkSecretId: linkSecret.linkSecretId,
+    })
+
+    const { credential } = await anonCredsIssuerService.createCredential(agentContext, {
+      credentialOffer,
+      credentialRequest: credentialRequestState.credentialRequest,
+      credentialValues: {
+        name: { raw: 'John', encoded: encodeCredentialValue('John') },
+        age: { raw: '25', encoded: encodeCredentialValue('25') },
+      },
+    })
+
+    const credentialId = 'holderCredentialId2'
+
+    const storedId = await anonCredsHolderService.storeCredential(agentContext, {
+      credential,
+      credentialDefinition: unqualifiedCredentialDefinition.credentialDefinition,
+      schema: unqualifiedSchema.schema,
+      credentialDefinitionId: credentialOffer.cred_def_id,
+      credentialRequestMetadata: credentialRequestState.credentialRequestMetadata,
+      credentialId,
+    })
+
+    expect(storedId).toEqual(credentialId)
+
+    const credentialInfo = await anonCredsHolderService.getCredential(agentContext, {
+      credentialId,
+    })
+
+    expect(credentialInfo).toEqual({
+      credentialId,
+      attributes: {
+        age: '25',
+        name: 'John',
+      },
+      schemaId: unqualifiedSchemaId,
+      credentialDefinitionId: unqualifiedCredentialDefinitionId,
+      revocationRegistryId: null,
+      credentialRevocationId: undefined, // Should it be null in this case?
+      methodName: 'inMemory',
+    })
+
+    const proofRequest: AnonCredsProofRequest = {
+      nonce: anoncreds.generateNonce(),
+      name: 'pres_req_1',
+      version: '0.1',
+      requested_attributes: {
+        attr1_referent: {
+          name: 'name',
+        },
+        attr2_referent: {
+          name: 'age',
+        },
+      },
+      requested_predicates: {
+        predicate1_referent: { name: 'age', p_type: '>=' as const, p_value: 18 },
+      },
+    }
+
+    const proof = await anonCredsHolderService.createProof(agentContext, {
+      credentialDefinitions: { [unqualifiedCredentialDefinitionId]: credentialDefinition },
+      proofRequest,
+      selectedCredentials: {
+        attributes: {
+          attr1_referent: { credentialId, credentialInfo, revealed: true },
+          attr2_referent: { credentialId, credentialInfo, revealed: true },
+        },
+        predicates: {
+          predicate1_referent: { credentialId, credentialInfo },
+        },
+        selfAttestedAttributes: {},
+      },
+      schemas: { [unqualifiedSchemaId]: schema },
+      revocationRegistries: {},
+    })
+
+    const verifiedProof = await anonCredsVerifierService.verifyProof(agentContext, {
+      credentialDefinitions: { [unqualifiedCredentialDefinitionId]: credentialDefinition },
+      proof,
+      proofRequest,
+      schemas: { [unqualifiedSchemaId]: schema },
+      revocationRegistries: {},
+    })
+
+    expect(verifiedProof).toBeTruthy()
+  })
 })

packages/anoncreds-rs/tests/anoncreds-flow.test.ts

@@ -38,7 +38,7 @@ import { AnonCredsRsHolderService } from '../src/services/AnonCredsRsHolderServi
 import { AnonCredsRsIssuerService } from '../src/services/AnonCredsRsIssuerService'
 import { AnonCredsRsVerifierService } from '../src/services/AnonCredsRsVerifierService'
 
-const registry = new InMemoryAnonCredsRegistry({ useLegacyIdentifiers: false })
+const registry = new InMemoryAnonCredsRegistry()
 const anonCredsModuleConfig = new AnonCredsModuleConfig({
   registries: [registry],
 })