Skip to content

Commit

Permalink
Merge pull request #838 from walt-id/fix/revocation-policy-result-val…
Browse files Browse the repository at this point in the history
…idation

fix: revocation policy status bit result validation
  • Loading branch information
mikeplotean authored Nov 28, 2024
2 parents a6c2138 + 3fcbbd6 commit 59d0ec2
Show file tree
Hide file tree
Showing 7 changed files with 19 additions and 17 deletions.
4 changes: 2 additions & 2 deletions waltid-applications/waltid-cli/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -512,7 +512,7 @@ Usage: waltid vc verify [<options>] <vc>
╰─────────────────────────────────────────────────────────────────────────────────────────╯
Options:
-p, --policy=(signature|expired|not-before|revoked_status_list|schema|allowed-issuer|webhook)
-p, --policy=(signature|expired|not-before|revoked-status-list|schema|allowed-issuer|webhook)
Specify one, or more policies to be applied during the verification process of the VC (signature policy is always applied).
-a, --arg=<value> Argument required by some policies, namely:
Expand All @@ -525,7 +525,7 @@ Options:
├─────────────────────┼─────────────────────────────────────────────────────────────────┤
│ not-before │ - │
├─────────────────────┼─────────────────────────────────────────────────────────────────┤
revoked_status_list │ - │
revoked-status-list │ - │
├─────────────────────┼─────────────────────────────────────────────────────────────────┤
│ schema │ schema=/path/to/schema.json │
├─────────────────────┼─────────────────────────────────────────────────────────────────┤
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ class VCVerifyCmd : CliktCommand(
"signature",
"expired",
"not-before",
"revoked_status_list",
"revoked-status-list",
"schema",
"allowed-issuer",
"webhook",
Expand All @@ -75,7 +75,7 @@ class VCVerifyCmd : CliktCommand(
|signature| - |
|expired| - |
|not-before| - |
|revoked_status_list| - |
|revoked-status-list| - |
|schema|schema=/path/to/schema.json|
|allowed-issuer|issuer=did:key:z6Mkp7AVwvWxnsNDuSSbf19sgKzrx223WY95AqZyAGifFVyV|
|webhook|url=https://example.com|
Expand Down Expand Up @@ -145,7 +145,7 @@ class VCVerifyCmd : CliktCommand(
args.putAll(getAllowedIssuerPolicyArguments())
args.putAll(getWebhookPolicyArguments())
args.putAll(getRevocationPolicyArguments())
for (noArgPolicyName in listOf("signature", "expired", "not-before", "revoked_status_list")) {
for (noArgPolicyName in listOf("signature", "expired", "not-before", "revoked-status-list")) {
if (noArgPolicyName in policies) {
args[noArgPolicyName] = "".toJsonElement()
}
Expand Down Expand Up @@ -205,7 +205,7 @@ class VCVerifyCmd : CliktCommand(

private fun getRevocationPolicyArguments(): Map<out String, JsonElement> {
val args = mutableMapOf<String, JsonElement>()
if ("revoked_status_list" in policies) {
if ("revoked-status-list" in policies) {
args["vc"] = vc.readText().toJsonElement()
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -330,11 +330,11 @@ class WaltIdVCVerifyCmdTest {
fun `should output Success when the credential does not contain a revocation status list entry`() = runTest {
val result = command.test(
listOf(
"--policy=revoked_status_list",
"--policy=revoked-status-list",
signedVCFilePath,
)
)
assertContains(result.output, "revoked_status_list: Success!")
assertContains(result.output, "revoked-status-list: Success!")
}

private fun sign(vcFilePath: String): String {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import kotlinx.serialization.json.JsonObject
abstract class RevocationPolicyMp : CredentialWrapperValidatorPolicy(
) {

override val name = "revoked_status_list"
override val name = "revoked-status-list"
override val description = "Verifies Credential Status"
override val supportedVCFormats = setOf(VCFormat.jwt_vc, VCFormat.jwt_vc_json, VCFormat.ldp_vc)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ actual class RevocationPolicy : RevocationPolicyMp() {
val credentialSubject = payload["vc"]!!.jsonObject["credentialSubject"]?.jsonObject!!
val encodedList = credentialSubject["encodedList"]?.jsonPrimitive?.content ?: ""
val bitValue = get(encodedList, statusListIndex)
if (bitValue!![0].code == 0) {
if (StreamUtils.binToInt(bitValue!!.joinToString("")) == 0) {
Result.success(statusListCredentialUrl!!)
} else {
Result.failure(Throwable("Credential has been revoked"))
Expand All @@ -67,6 +67,8 @@ object Base64Utils {
object StreamUtils {
private const val BITS_PER_BYTE = 8u

fun binToInt(bin: String) = bin.toInt(2)

fun getBitValue(inputStream: InputStream, index: ULong, bitSize: Int): List<Char> = inputStream.use { stream ->
//TODO: bitSize constraints
val bitStartPosition = index * bitSize.toUInt()
Expand All @@ -89,4 +91,4 @@ object StreamUtils {
}

fun get(bitstring: String, idx: ULong? = null, bitSize: Int = 1) =
idx?.let { StreamUtils.getBitValue(GZIPInputStream(Base64Utils.decode(bitstring).inputStream()), it, bitSize) }
idx?.let { StreamUtils.getBitValue(GZIPInputStream(Base64Utils.decode(bitstring).inputStream()), it, bitSize) }
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,7 @@ fun Application.verfierApi() {
add("signature")
add("expired")
add("not-before")
add("revoked_status_list")
add("revoked-status-list")
},
presentationDefinitionJson = when (scope.contains("openid ver_test:vp_token")) {
true -> Json.parseToJsonElement(fixedPresentationDefinitionForEbsiConformanceTest).jsonObject
Expand Down Expand Up @@ -458,7 +458,7 @@ private fun getErrorDescription(it: Throwable): String? = when (it.message) {
"Verification policies did not succeed: not-before" ->
"<\$presentation_submission.descriptor_map[x].id> is not yet valid"

"Verification policies did not succeed: revoked_status_list" ->
"Verification policies did not succeed: revoked-status-list" ->
"<\$presentation_submission.descriptor_map[x].id> is revoked"

else -> null
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ object VerifierApiExamples {
"""
{
"vp_policies": $vpPolicyMinMaxData,
"vc_policies": ${vcPoliciesData("\"revoked_status_list\"")},
"vc_policies": ${vcPoliciesData("\"revoked-status-list\"")},
"request_credentials":
[
{ "format": "jwt_vc_json", "type": "OpenBadgeCredential" },
Expand All @@ -131,7 +131,7 @@ object VerifierApiExamples {
"""
{
"vp_policies": $vpPolicyMinMaxData,
"vc_policies": ${vcPoliciesData("\"revoked_status_list\"")},
"vc_policies": ${vcPoliciesData("\"revoked-status-list\"")},
"request_credentials":
[
{ "format": "jwt_vc_json", "type": "VerifiableId" },
Expand All @@ -157,7 +157,7 @@ object VerifierApiExamples {
"""
{
"vp_policies": $vpPolicyMinMaxData,
"vc_policies": ${vcPoliciesData("\"revoked_status_list\"")},
"vc_policies": ${vcPoliciesData("\"revoked-status-list\"")},
"request_credentials":
[
{ "format": "jwt_vc_json", "type": "VerifiableId" },
Expand Down Expand Up @@ -229,7 +229,7 @@ object VerifierApiExamples {
val EbsiVerifiablePDA1 = jsonObjectValueExampleDescriptorDsl(
"""
{
"vc_policies": ${vcPoliciesData("\"revoked_status_list\"")},
"vc_policies": ${vcPoliciesData("\"revoked-status-list\"")},
"request_credentials":
[
{ "input_descriptor": {
Expand Down

0 comments on commit 59d0ec2

Please sign in to comment.