fix: process problem report message

packages/anoncreds/src/protocols/credentials/v1/V1CredentialProtocol.ts

@@ -231,6 +231,7 @@ export class V1CredentialProtocol
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       await this.indyCredentialFormat.processProposal(messageContext.agentContext, {
@@ -251,6 +252,8 @@ export class V1CredentialProtocol
       })
     } else {
       agentContext.config.logger.debug('Credential record does not exists yet for incoming proposal')
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
 
       // No credential record exists with thread id
       credentialRecord = new CredentialExchangeRecord({
@@ -261,9 +264,6 @@ export class V1CredentialProtocol
         protocolVersion: 'v1',
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       // Save record
       await credentialRepository.save(messageContext.agentContext, credentialRecord)
       this.emitStateChangedEvent(messageContext.agentContext, credentialRecord, null)
@@ -532,6 +532,7 @@ export class V1CredentialProtocol
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       await this.indyCredentialFormat.processOffer(messageContext.agentContext, {
@@ -548,6 +549,9 @@ export class V1CredentialProtocol
 
       return credentialRecord
     } else {
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
+
       // No credential record exists with thread id
       credentialRecord = new CredentialExchangeRecord({
         connectionId: connection?.id,
@@ -558,9 +562,6 @@ export class V1CredentialProtocol
         protocolVersion: 'v1',
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       await this.indyCredentialFormat.processOffer(messageContext.agentContext, {
         credentialRecord,
         attachment: offerAttachment,
@@ -767,14 +768,14 @@ export class V1CredentialProtocol
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: proposalMessage ?? undefined,
       lastSentMessage: offerMessage ?? undefined,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     // This makes sure that the sender of the incoming message is authorized to do so.
     if (!credentialRecord.connectionId) {
       await connectionService.matchIncomingMessageToRequestMessageInOutOfBandExchange(messageContext, {
         expectedConnectionId: credentialRecord.connectionId,
       })
-
       credentialRecord.connectionId = connection?.id
     }
 
@@ -916,6 +917,7 @@ export class V1CredentialProtocol
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: offerCredentialMessage,
       lastSentMessage: requestCredentialMessage,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     const issueAttachment = issueMessage.getCredentialAttachmentById(INDY_CREDENTIAL_ATTACHMENT_ID)
@@ -1022,6 +1024,7 @@ export class V1CredentialProtocol
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: requestCredentialMessage,
       lastSentMessage: issueCredentialMessage,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     // Update record

packages/anoncreds/src/protocols/credentials/v1/__tests__/V1CredentialProtocolCred.test.ts

@@ -736,7 +736,6 @@ describe('V1CredentialProtocol', () => {
       }
       expect(credentialRepository.getSingleByQuery).toHaveBeenNthCalledWith(1, agentContext, {
         threadId: 'somethreadid',
-        connectionId: connection.id,
       })
       expect(repositoryUpdateSpy).toHaveBeenCalledTimes(1)
       const [[, updatedCredentialRecord]] = repositoryUpdateSpy.mock.calls

packages/anoncreds/src/protocols/proofs/v1/V1ProofProtocol.ts

@@ -198,6 +198,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: proofRecord.connectionId,
       })
 
       // Update record
@@ -209,6 +210,8 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       await this.updateState(agentContext, proofRecord, ProofState.ProposalReceived)
     } else {
       agentContext.config.logger.debug('Proof record does not exist yet for incoming proposal')
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
 
       // No proof record exists with thread id
       proofRecord = new ProofExchangeRecord({
@@ -220,9 +223,6 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
         protocolVersion: 'v1',
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       await didCommMessageRepository.saveOrUpdateAgentMessage(agentContext, {
         agentMessage: proposalMessage,
         associatedRecordId: proofRecord.id,
@@ -456,6 +456,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage,
         lastSentMessage,
+        expectedConnectionId: proofRecord.connectionId,
       })
 
       await this.indyProofFormat.processRequest(agentContext, {
@@ -470,6 +471,9 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
       })
       await this.updateState(agentContext, proofRecord, ProofState.RequestReceived)
     } else {
+      // Assert
+      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
+
       // No proof record exists with thread id
       proofRecord = new ProofExchangeRecord({
         connectionId: connection?.id,
@@ -491,9 +495,6 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
         role: DidCommMessageRole.Receiver,
       })
 
-      // Assert
-      await connectionService.assertConnectionOrOutOfBandExchange(messageContext)
-
       // Save in repository
       await proofRepository.save(agentContext, proofRecord)
       this.emitStateChangedEvent(agentContext, proofRecord, null)
@@ -791,6 +792,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: proposalMessage,
       lastSentMessage: requestMessage,
+      expectedConnectionId: proofRecord.connectionId,
     })
 
     // This makes sure that the sender of the incoming message is authorized to do so.
@@ -922,6 +924,7 @@ export class V1ProofProtocol extends BaseProofProtocol implements ProofProtocol<
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage,
       lastSentMessage,
+      expectedConnectionId: proofRecord.connectionId,
     })
 
     // Update record

packages/anoncreds/src/protocols/proofs/v1/__tests__/V1ProofProtocol.test.ts

@@ -245,7 +245,6 @@ describe('V1ProofProtocol', () => {
       }
       expect(proofRepository.getSingleByQuery).toHaveBeenNthCalledWith(1, agentContext, {
         threadId: 'somethreadid',
-        connectionId: connection.id,
       })
       expect(repositoryUpdateSpy).toHaveBeenCalledTimes(1)
       const [[, updatedCredentialRecord]] = repositoryUpdateSpy.mock.calls

packages/core/src/modules/connections/__tests__/ConnectionService.test.ts

@@ -753,6 +753,35 @@ describe('ConnectionService', () => {
   })
 
   describe('assertConnectionOrOutOfBandExchange', () => {
+    it('should throw an error when a expectedConnectionId is present, but no connection is present in the messageContext', async () => {
+      expect.assertions(1)
+
+      const messageContext = new InboundMessageContext(new AgentMessage(), {
+        agentContext,
+      })
+
+      await expect(
+        connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
+          expectedConnectionId: '123',
+        })
+      ).rejects.toThrow('Expected incoming message to be from connection 123 but no connection found.')
+    })
+
+    it('should throw an error when a expectedConnectionId is present, but does not match with connection id present in the messageContext', async () => {
+      expect.assertions(1)
+
+      const messageContext = new InboundMessageContext(new AgentMessage(), {
+        agentContext,
+        connection: getMockConnection({ state: DidExchangeState.InvitationReceived, id: 'something' }),
+      })
+
+      await expect(
+        connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
+          expectedConnectionId: 'something-else',
+        })
+      ).rejects.toThrow('Expected incoming message to be from connection something-else but connection is something.')
+    })
+
     it('should not throw an error when a connection record with state complete is present in the messageContext', async () => {
       expect.assertions(1)
 

packages/core/src/modules/connections/services/ConnectionService.ts

@@ -459,13 +459,26 @@ export class ConnectionService {
     {
       lastSentMessage,
       lastReceivedMessage,
+      expectedConnectionId,
     }: {
       lastSentMessage?: AgentMessage | null
       lastReceivedMessage?: AgentMessage | null
+      expectedConnectionId?: string
     } = {}
   ) {
     const { connection, message } = messageContext
 
+    if (expectedConnectionId && !connection) {
+      throw new CredoError(
+        `Expected incoming message to be from connection ${expectedConnectionId} but no connection found.`
+      )
+    }
+    if (expectedConnectionId && connection?.id !== expectedConnectionId) {
+      throw new CredoError(
+        `Expected incoming message to be from connection ${expectedConnectionId} but connection is ${connection?.id}.`
+      )
+    }
+
     // Check if we have a ready connection. Verification is already done somewhere else. Return
     if (connection) {
       connection.assertReady()
@@ -559,7 +572,7 @@ export class ConnectionService {
     messageContext: InboundMessageContext,
     { expectedConnectionId }: { expectedConnectionId?: string }
   ) {
-    if (expectedConnectionId && messageContext.connection?.id === expectedConnectionId) {
+    if (expectedConnectionId && messageContext.connection?.id !== expectedConnectionId) {
       throw new CredoError(
         `Expecting incoming message to have connection ${expectedConnectionId}, but incoming connection is ${
           messageContext.connection?.id ?? 'undefined'

packages/core/src/modules/credentials/protocol/BaseCredentialProtocol.ts

@@ -28,6 +28,7 @@ import type { CredentialExchangeRecord } from '../repository'
 
 import { EventEmitter } from '../../../agent/EventEmitter'
 import { DidCommMessageRepository } from '../../../storage/didcomm'
+import { ConnectionService } from '../../connections'
 import { CredentialEventTypes } from '../CredentialEvents'
 import { CredentialState } from '../models/CredentialState'
 import { CredentialRepository } from '../repository'
@@ -136,17 +137,30 @@ export abstract class BaseCredentialProtocol<CFs extends CredentialFormatService
   public async processProblemReport(
     messageContext: InboundMessageContext<ProblemReportMessage>
   ): Promise<CredentialExchangeRecord> {
-    const { message: credentialProblemReportMessage, agentContext } = messageContext
+    const { message: credentialProblemReportMessage, agentContext, connection } = messageContext
 
-    const connection = messageContext.assertReadyConnection()
+    const connectionService = agentContext.dependencyManager.resolve(ConnectionService)
 
     agentContext.config.logger.debug(`Processing problem report with message id ${credentialProblemReportMessage.id}`)
 
     const credentialRecord = await this.getByProperties(agentContext, {
       threadId: credentialProblemReportMessage.threadId,
-      connectionId: connection.id,
     })
 
+    // Assert
+    await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
+      expectedConnectionId: credentialRecord.connectionId,
+    })
+
+    //  This makes sure that the sender of the incoming message is authorized to do so.
+    if (!credentialRecord?.connectionId) {
+      await connectionService.matchIncomingMessageToRequestMessageInOutOfBandExchange(messageContext, {
+        expectedConnectionId: credentialRecord?.connectionId,
+      })
+
+      credentialRecord.connectionId = connection?.id
+    }
+
     // Update record
     credentialRecord.errorMessage = `${credentialProblemReportMessage.description.code}: ${credentialProblemReportMessage.description.en}`
     await this.updateState(agentContext, credentialRecord, CredentialState.Abandoned)

packages/core/src/modules/credentials/protocol/v2/V2CredentialProtocol.ts

@@ -204,6 +204,7 @@ export class V2CredentialProtocol<CFs extends CredentialFormatService[] = Creden
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage: proposalCredentialMessage ?? undefined,
         lastSentMessage: offerCredentialMessage ?? undefined,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       await this.credentialFormatCoordinator.processProposal(messageContext.agentContext, {
@@ -445,6 +446,7 @@ export class V2CredentialProtocol<CFs extends CredentialFormatService[] = Creden
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage: offerCredentialMessage ?? undefined,
         lastSentMessage: proposeCredentialMessage ?? undefined,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       await this.credentialFormatCoordinator.processOffer(messageContext.agentContext, {
@@ -688,6 +690,7 @@ export class V2CredentialProtocol<CFs extends CredentialFormatService[] = Creden
       await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
         lastReceivedMessage: proposalMessage ?? undefined,
         lastSentMessage: offerMessage ?? undefined,
+        expectedConnectionId: credentialRecord.connectionId,
       })
 
       // This makes sure that the sender of the incoming message is authorized to do so.
@@ -833,6 +836,7 @@ export class V2CredentialProtocol<CFs extends CredentialFormatService[] = Creden
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: offerMessage ?? undefined,
       lastSentMessage: requestMessage,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     const formatServices = this.getFormatServicesFromMessage(credentialMessage.formats)
@@ -921,6 +925,7 @@ export class V2CredentialProtocol<CFs extends CredentialFormatService[] = Creden
     await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
       lastReceivedMessage: requestMessage,
       lastSentMessage: credentialMessage,
+      expectedConnectionId: credentialRecord.connectionId,
     })
 
     // Update record

packages/core/src/modules/credentials/protocol/v2/__tests__/V2CredentialProtocolCred.test.ts

@@ -684,7 +684,6 @@ describe('credentialProtocol', () => {
 
       expect(credentialRepository.getSingleByQuery).toHaveBeenNthCalledWith(1, agentContext, {
         threadId: 'somethreadid',
-        connectionId: '123',
       })
       expect(credentialRepository.update).toHaveBeenCalled()
       expect(returnedCredentialRecord.errorMessage).toBe('issuance-abandoned: Indy error')

packages/core/src/modules/proofs/protocol/BaseProofProtocol.ts

@@ -30,6 +30,7 @@ import type { ProofExchangeRecord } from '../repository'
 
 import { EventEmitter } from '../../../agent/EventEmitter'
 import { DidCommMessageRepository } from '../../../storage/didcomm'
+import { ConnectionService } from '../../connections'
 import { ProofEventTypes } from '../ProofEvents'
 import { ProofState } from '../models/ProofState'
 import { ProofRepository } from '../repository'
@@ -112,13 +113,28 @@ export abstract class BaseProofProtocol<PFs extends ProofFormatService[] = Proof
   ): Promise<ProofExchangeRecord> {
     const { message: proofProblemReportMessage, agentContext, connection } = messageContext
 
+    const connectionService = agentContext.dependencyManager.resolve(ConnectionService)
+
     agentContext.config.logger.debug(`Processing problem report with message id ${proofProblemReportMessage.id}`)
 
     const proofRecord = await this.getByProperties(agentContext, {
       threadId: proofProblemReportMessage.threadId,
-      connectionId: connection?.id,
     })
 
+    // Assert
+    await connectionService.assertConnectionOrOutOfBandExchange(messageContext, {
+      expectedConnectionId: proofRecord.connectionId,
+    })
+
+    //  This makes sure that the sender of the incoming message is authorized to do so.
+    if (!proofRecord?.connectionId) {
+      await connectionService.matchIncomingMessageToRequestMessageInOutOfBandExchange(messageContext, {
+        expectedConnectionId: proofRecord?.connectionId,
+      })
+
+      proofRecord.connectionId = connection?.id
+    }
+
     // Update record
     proofRecord.errorMessage = `${proofProblemReportMessage.description.code}: ${proofProblemReportMessage.description.en}`
     await this.updateState(agentContext, proofRecord, ProofState.Abandoned)