feat: add anoncreds interface

Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: rename indy package to anoncreds Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: rename Indy* to AnonCreds* Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: add anoncreds concrete classes, copyied from credx Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: import anoncreds rather than indy_credx Signed-off-by: Char Howland <char@indicio.tech> fix: update imports to use aries_cloudagent.anoncreds Signed-off-by: Char Howland <char@indicio.tech> fix: add requirements.anoncreds.txt to Dockerfile.indy Signed-off-by: Char Howland <char@indicio.tech> fix: mount libanoncreds.so in volume Signed-off-by: Char Howland <char@indicio.tech> fix: pull binaries from a temporary location Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: add anoncreds deps to gha Signed-off-by: Daniel Bluhm <dbluhm@pm.me> removed volume from run test script Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: library path for anoncreds bin Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: library path for test dockerfile for anoncreds bin Signed-off-by: Daniel Bluhm <dbluhm@pm.me> start of anoncreds admin api Signed-off-by: Adam Burdett <burdettadam@gmail.com> empty methods for anoncreds admin routes Signed-off-by: Adam Burdett <burdettadam@gmail.com> start of openapi schemas Signed-off-by: Adam Burdett <burdettadam@gmail.com> schema route details Signed-off-by: Adam Burdett <burdettadam@gmail.com> empty vars for cred def validation Signed-off-by: Adam Burdett <burdettadam@gmail.com> anoncreds admin routes without expected return schemas Signed-off-by: Adam Burdett <burdettadam@gmail.com> routes response schemas Signed-off-by: Adam Burdett <burdettadam@gmail.com> happy flake8 doc strings Signed-off-by: Adam Burdett <burdettadam@gmail.com> Apple silicon support Signed-off-by: Adam Burdett <burdettadam@gmail.com> less dry-ness Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: redefine schema id Signed-off-by: Char Howland <char@indicio.tech> use anoncreds issuer to create id Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: pass in cred def id in CredentialOffer and RevocationRegistryDefinition methods Signed-off-by: Char Howland <char@indicio.tech> fix: remove unused import Signed-off-by: Char Howland <char@indicio.tech> feat: add plugin structure Signed-off-by: Char Howland <char@indicio.tech> fix: flake8 Signed-off-by: Char Howland <char@indicio.tech> fix: file naming and structure Signed-off-by: Char Howland <char@indicio.tech> fix: AnonCredsRegistry inherits from BaseRegistry Signed-off-by: Char Howland <char@indicio.tech> feat: add legacy indy registry plugin structure Signed-off-by: Char Howland <char@indicio.tech> feat: create default directory for registries Signed-off-by: Char Howland <char@indicio.tech> fix: flake8 Signed-off-by: Char Howland <char@indicio.tech> basemodel schema bug Signed-off-by: Adam Burdett <burdettadam@gmail.com> feat: some refinements on models Signed-off-by: Daniel Bluhm <dbluhm@pm.me> removed old openapi schema Signed-off-by: Adam Burdett <burdettadam@gmail.com> get schema admin api, injection. Signed-off-by: Adam Burdett <burdettadam@gmail.com> more model work Signed-off-by: Adam Burdett <burdettadam@gmail.com> cred_def models Signed-off-by: Adam Burdett <burdettadam@gmail.com> models work Signed-off-by: Adam Burdett <burdettadam@gmail.com> fixed import Signed-off-by: Adam Burdett <burdettadam@gmail.com> feat: split interface, basic impl of core registry Signed-off-by: Daniel Bluhm <dbluhm@pm.me> start up bug Signed-off-by: Adam Burdett <burdettadam@gmail.com> running code Signed-off-by: Adam Burdett <burdettadam@gmail.com> post schema Signed-off-by: Adam Burdett <burdettadam@gmail.com> routes logic Signed-off-by: Adam Burdett <burdettadam@gmail.com> deserialize Signed-off-by: Adam Burdett <burdettadam@gmail.com> feat: registry method logic (WIP) Signed-off-by: Char Howland <char@indicio.tech> fix: imports Signed-off-by: Char Howland <char@indicio.tech> fix: pass options, schema to AnonCredsRegistry.register_schema Signed-off-by: Char Howland <char@indicio.tech> feat: define supported_identifiers_regex on registries Signed-off-by: Char Howland <char@indicio.tech> fix: register_schema signature Signed-off-by: Char Howland <char@indicio.tech> feat: did:indy register_schema response Signed-off-by: Char Howland <char@indicio.tech> fix: await and pass profile to register_schema() Signed-off-by: Char Howland <char@indicio.tech> get resources models and interface Signed-off-by: Adam Burdett <burdettadam@gmail.com> get credential definitions Signed-off-by: Adam Burdett <burdettadam@gmail.com> chore: update anoncreds python wrapper Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: update get_schema signature Signed-off-by: Char Howland <char@indicio.tech> fix: credential_definition method signatures Signed-off-by: Char Howland <char@indicio.tech> fix: did:web method signatures Signed-off-by: Char Howland <char@indicio.tech> feat: legacy indy schema, cred def logic Signed-off-by: Char Howland <char@indicio.tech> fix: anon_creds_registry credential definition arguments Signed-off-by: Char Howland <char@indicio.tech> fix: serialize schema_get result Signed-off-by: Char Howland <char@indicio.tech> fix: merge cleanup Signed-off-by: Char Howland <char@indicio.tech> feat: error reporting Signed-off-by: Char Howland <char@indicio.tech> fix: serialize cred_def_get result Signed-off-by: Char Howland <char@indicio.tech> feat: get_schemas and get_credential_definitions implementations Signed-off-by: Char Howland <char@indicio.tech> style: formatting fixes Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: unskip buggy tests Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: several small adjustments Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: updates to register_schema Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: typos and imports Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: clean up models Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: schemas and flake8 errors Trimmed back the did:indy impl; we'll flesh this back out after legacy indy Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: mismatched parameter expectations Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: incorrect schema name in model, field names Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat(WIP): credential definitions Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: credential definitions completed Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: implement revocation registry methods in issuer Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: move anoncreds revocation models Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: imports and abstract methods Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: issues with cred issuance and verification flows Signed-off-by: Daniel Bluhm <dbluhm@pm.me> test: add simple test scripts for anoncreds Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: verification through anoncreds interface Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: split up indy pres exch handler return_presentation Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: use anoncreds holder Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: restore indy package Signed-off-by: Char Howland <char@indicio.tech> feat: remove sdk and credx packages Signed-off-by: Char Howland <char@indicio.tech> feat: drop registry from default registry folder names Signed-off-by: Char Howland <char@indicio.tech> refactor: rename registry and base Signed-off-by: Char Howland <char@indicio.tech> platform in docker compose file Signed-off-by: Adam Burdett <burdettadam@gmail.com> refactor: remove abstract AnonCreds* classes, rename AnonCredsRs* classes Signed-off-by: Char Howland <char@indicio.tech> fix: circular dependency issues Signed-off-by: Char Howland <char@indicio.tech> fix: remove inner anoncreds directory Signed-off-by: Char Howland <char@indicio.tech> fix: revocation registry size circular dep Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: revocation updates Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: drop indy reqs on rev objects Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: rename IndyRevocation -> AnonCredsRevocation Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: de-indy-ify AnonCredsRevocation Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: issuer rev reg record usage from anoncreds Signed-off-by: Daniel Bluhm <dbluhm@pm.me> start of updating send_entry+ Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: send_entry logic moved to legacy indy Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: register rev status list on legacy indy Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: revoke_credentials returns rev lists Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: raise not imp Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix(anoncreds): did indy regtistry cleanup Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: clean up did web registry Signed-off-by: Char Howland <char@indicio.tech> fix(anoncreds): did indy update_revocation_status_list Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix(anoncreds): legacy regex matching Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix(anoncreds): did:web regex Signed-off-by: Adam Burdett <burdettadam@gmail.com> refactor: rename revocation status list ot revocation list Signed-off-by: Char Howland <char@indicio.tech> fix(flake8): made flake8 happier Signed-off-by: Adam Burdett <burdettadam@gmail.com> test: rev reg def and rev reg list posts in test Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: rev reg def models Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: anoncreds issuer specifies tails dir Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: initial pass at rev list register endpoint Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: rev status list to rev list Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: remove status from anoncreds/revocation-list endpoint Signed-off-by: Char Howland <char@indicio.tech> fix: remove url check for tails_public_uri Signed-off-by: Char Howland <char@indicio.tech> fix: update init_issuer_registry calls to include issuer_id argument Signed-off-by: Char Howland <char@indicio.tech> feat: add generic tails file upload Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: update anoncreds-rs build Signed-off-by: Char Howland <char@indicio.tech> feat: update image for tails-server Signed-off-by: Char Howland <char@indicio.tech> fix: remove status list from revocation-list endpoint Signed-off-by: Char Howland <char@indicio.tech> fix: remove url check Signed-off-by: Char Howland <char@indicio.tech> fix: pass issuer_id into init_issuer_registry() Signed-off-by: Char Howland <char@indicio.tech> fix: update MasterSecret references Signed-off-by: Char Howland <char@indicio.tech> fix: remove RevocationRegistryDelta references Signed-off-by: Char Howland <char@indicio.tech> fix: object ids not necessarily known until finished Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat(tailsfile): generic tails file upload Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix(tailsfile): generic tails file upload Signed-off-by: Adam Burdett <burdettadam@gmail.com> refactor: shorten get rev reg def result object name Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: get rev reg def in legacy indy registry Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: use issuer create and register upgrade Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: tails location mismatch Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: issue revocable creds using anoncreds interface Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix(anoncreds): proof, rev reg def id Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: remove redundant get_revocation_registry_definitions() function defintion Signed-off-by: Char Howland <char@indicio.tech> refactor: use anoncreds models in get_ledger_objects Signed-off-by: Daniel Bluhm <dbluhm@pm.me> refactor: split rev methods from issuer Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: update to use tails server image with backwards compatible put, get file methods Signed-off-by: Char Howland <char@indicio.tech> feat(revocation): update revocation to track pending state Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix(revocation): pr feed back changes Signed-off-by: Adam Burdett <burdettadam@gmail.com> fix: store states for rev reg def and rev list Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: mark pending on rev list, set active registry Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: implement update_revocation_list Signed-off-by: Daniel Bluhm <dbluhm@pm.me> feat: implement get revocation list on legacy indy Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: revocation errors Signed-off-by: Daniel Bluhm <dbluhm@pm.me> fix: missing error info Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Indicio-tech · Jun 21, 2023 · f4d54db · f4d54db
1 parent 421c4ed
commit f4d54db
Show file tree

Hide file tree

Showing 157 changed files with 12,417 additions and 1,367 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -29,7 +29,8 @@ jobs:
             -r requirements.txt \
             -r requirements.askar.txt \
             -r requirements.bbs.txt \
-            -r requirements.dev.txt
+            -r requirements.dev.txt \
+            -r requirements.anoncreds.txt
       - name: Tests
         run: |
           pytest
diff --git a/anoncreds_test.py b/anoncreds_test.py
@@ -0,0 +1,226 @@
+import os
+import time
+
+from controller.controller import Controller
+from controller.protocols import (
+    indy_anoncred_onboard,
+    didexchange,
+    indy_issue_credential_v2,
+    indy_present_proof_v2,
+)
+from controller.logging import logging_to_stdout
+
+ALICE = os.getenv("ALICE", "http://alice:3001")
+BOB = os.getenv("BOB", "http://bob:3005")
+
+
+async def main():
+    logging_to_stdout()
+    async with Controller(base_url=ALICE) as alice, Controller(base_url=BOB) as bob:
+        # DID Setup
+        public_did = await indy_anoncred_onboard(alice)
+
+        # Register a Schema using legacy Indy
+        response = await alice.post(
+            "/anoncreds/schema",
+            json={
+                "schema": {
+                    "attrNames": ["name", "age"],
+                    "issuerId": public_did.did,
+                    "name": "anoncreds-testing",
+                    "version": "0.1",
+                },
+                "options": {},
+            },
+        )
+        schema_id = response["schema_state"]["schema_id"]
+        schema = await alice.get(f"/anoncreds/schema/{schema_id}")
+        schemas = await alice.get("/anoncreds/schemas")
+
+        cred_def = await alice.post(
+            "/anoncreds/credential-definition",
+            json={
+                "credential_definition": {
+                    "tag": "default",
+                    "schemaId": schema_id,
+                    "issuerId": public_did.did,
+                },
+                "options": {
+                    "support_revocation": True,
+                },
+            },
+        )
+        cred_def_id = cred_def["credential_definition_state"][
+            "credential_definition_id"
+        ]
+        cred_def = await alice.get(f"/anoncreds/credential-definition/{cred_def_id}")
+        cred_defs = await alice.get("/anoncreds/credential-definitions")
+
+        rev_reg_def = await alice.post(
+            "/anoncreds/revocation-registry-definition",
+            json={
+                "issuerId": public_did.did,
+                "credDefId": cred_def_id,
+                "tag": "default",
+                "maxCredNum": 10,
+            },
+        )
+        rev_reg_def_id = rev_reg_def["revocation_registry_definition_state"][
+            "revocation_registry_definition_id"
+        ]
+        tails = await alice.put(
+            f"/anoncreds/registry/{rev_reg_def_id}/tails-file",
+        )
+        active = await alice.put(
+            f"/anoncreds/registry/{rev_reg_def_id}/active",
+        )
+        rev_status_list = await alice.post(
+            "/anoncreds/revocation-list",
+            json={
+                "revRegDefId": rev_reg_def["revocation_registry_definition_state"][
+                    "revocation_registry_definition_id"
+                ]
+            },
+        )
+        alice_conn, bob_conn = await didexchange(alice, bob)
+        alice_cred_ex, bob_cred_ex = await indy_issue_credential_v2(
+            alice,
+            bob,
+            alice_conn.connection_id,
+            bob_conn.connection_id,
+            cred_def_id,
+            {"name": "Bob", "age": "42"},
+        )
+        bob_pres, alice_pres = await indy_present_proof_v2(
+            bob,
+            alice,
+            bob_conn.connection_id,
+            alice_conn.connection_id,
+            name="proof-1",
+            version="0.1",
+            comment="testing",
+            requested_attributes=[
+                {"name": "name", "restrictions": [{"cred_def_id": cred_def_id}]},
+                {"name": "age", "restrictions": [{"cred_def_id": cred_def_id}]},
+            ],
+        )
+        print("Before revocation")
+        print(alice_pres.verified, "should be true")
+        before_revoking_time = int(time.time())
+
+        await asyncio.sleep(5)
+
+        result = await alice.post(
+            "/anoncreds/revoke",
+            json={
+                "cred_ex_id": alice_cred_ex.cred_ex_id,
+                "connection_id": alice_conn.connection_id,
+                "notify": True,
+            },
+        )
+        result = await alice.post(
+            "/anoncreds/publish-revocations",
+        )
+        await asyncio.sleep(3)
+
+        # Request proof from holder again after revoking
+        revoked_time = int(time.time())
+        bob_pres, alice_pres = await indy_present_proof_v2(
+            bob,
+            alice,
+            bob_conn.connection_id,
+            alice_conn.connection_id,
+            requested_attributes=[
+                {
+                    "name": "name",
+                    "restrictions": [{"cred_def_id": cred_def_id}],
+                }
+            ],
+            non_revoked={"from": revoked_time, "to": revoked_time},
+        )
+        print("Interval after revocation")
+        print(alice_pres.verified, "should be false")
+
+        # Request proof from holder again after revoking,
+        # using the interval before cred revoked
+        # (non_revoked interval/when cred was valid)
+        bob_pres, alice_pres = await indy_present_proof_v2(
+            bob,
+            alice,
+            bob_conn.connection_id,
+            alice_conn.connection_id,
+            requested_attributes=[
+                {
+                    "name": "name",
+                    "restrictions": [{"cred_def_id": cred_def_id}],
+                }
+            ],
+            non_revoked={"from": before_revoking_time, "to": before_revoking_time},
+        )
+        print("Interval before revocation")
+        print(alice_pres.verified, "should be true")
+
+        # Request proof, no interval
+        bob_pres, alice_pres = await indy_present_proof_v2(
+            bob,
+            alice,
+            bob_conn.connection_id,
+            alice_conn.connection_id,
+            requested_attributes=[
+                {
+                    "name": "name",
+                    "restrictions": [{"cred_def_id": cred_def_id}],
+                }
+            ],
+        )
+        print("No interval")
+        print(alice_pres.verified, "should be true")
+
+        # Request proof, using invalid/revoked interval but using
+        # local non_revoked override (in requsted attrs)
+        # ("LOCAL"-->requested attrs)
+        bob_pres, alice_pres = await indy_present_proof_v2(
+            bob,
+            alice,
+            bob_conn.connection_id,
+            alice_conn.connection_id,
+            requested_attributes=[
+                {
+                    "name": "name",
+                    "restrictions": [{"cred_def_id": cred_def_id}],
+                    "non_revoked": {
+                        "from": before_revoking_time,
+                        "to": before_revoking_time,
+                    },
+                }
+            ],
+            non_revoked={"from": revoked_time, "to": revoked_time},
+        )
+        print("Local interval overriding global?")
+        print(alice_pres.verified, "should be true")
+
+        # Request proof, just local invalid interval
+        bob_pres, alice_pres = await indy_present_proof_v2(
+            bob,
+            alice,
+            bob_conn.connection_id,
+            alice_conn.connection_id,
+            requested_attributes=[
+                {
+                    "name": "name",
+                    "restrictions": [{"cred_def_id": cred_def_id}],
+                    "non_revoked": {
+                        "from": revoked_time,
+                        "to": revoked_time,
+                    },
+                }
+            ],
+        )
+        print("Local interval")
+        print(alice_pres.verified, "should be false")
+
+
+if __name__ == "__main__":
+    import asyncio
+
+    asyncio.run(main())
diff --git a/aries_cloudagent/anoncreds/__init__.py b/aries_cloudagent/anoncreds/__init__.py
@@ -0,0 +1,42 @@
+import logging
+
+from ..config.injection_context import InjectionContext
+from ..config.provider import ClassProvider
+
+from .registry import AnonCredsRegistry
+
+LOGGER = logging.getLogger(__name__)
+
+
+async def setup(context: InjectionContext):
+    """Set up default resolvers."""
+    registry = context.inject_or(AnonCredsRegistry)
+    if not registry:
+        LOGGER.warning("No AnonCredsRegistry instance found in context")
+        return
+
+    indy_registry = ClassProvider(
+        "aries_cloudagent.anoncreds.default.did_indy.registry.DIDIndyRegistry",
+        # supported_identifiers=[],
+        # method_name="did:indy",
+    ).provide(context.settings, context.injector)
+    await indy_registry.setup(context)
+    registry.register(indy_registry)
+
+    web_registry = ClassProvider(
+        "aries_cloudagent.anoncreds.default.did_web.registry.DIDWebRegistry",
+        # supported_identifiers=[],
+        # method_name="did:web",
+    ).provide(context.settings, context.injector)
+    await web_registry.setup(context)
+    registry.register(web_registry)
+
+    legacy_indy_registry = ClassProvider(
+        "aries_cloudagent.anoncreds.default.legacy_indy.registry.LegacyIndyRegistry",
+        # supported_identifiers=[],
+        # method_name="",
+    ).provide(context.settings, context.injector)
+    await legacy_indy_registry.setup(context)
+    registry.register(legacy_indy_registry)
+
+    # TODO: add context.settings