Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added policies to verifyPresentation in credential-w3c module #990

Conversation

daniyal-khalil
Copy link
Contributor

@daniyal-khalil daniyal-khalil commented Aug 12, 2022

What issue is this PR fixing

partially fixes #954

What is being changed

Adding the IVerifyPresentionResponse interface in the credential-w3c module to be able to implement better error handling, the new interface allows the errors to be communicated through an Object containing fields, verified, details, errorCode.

  • verified defines the state of the verification process, whether it failed or is passed.
  • details contains details regarding the failure for the verification process.
  • errorCode can be used to pass machine readable errorCodes from the lower level modules.

Quality

Check all that apply:

  • I want these changes to be integrated
  • I successfully ran yarn, yarn build, yarn test, yarn test:browser locally.
  • I allow my PR to be updated by the reviewers (to speed up the review process).
  • I added unit tests.
  • I added integration tests.

Details

Was unable to find specific verification tests in the action-handler.test.ts in the credentials-w3c module so created another test suite like in credentialLD module for issue-verify-flow.

@codecov
Copy link

codecov bot commented Aug 12, 2022

Codecov Report

Merging #990 (aeb379b) into next (7152a53) will decrease coverage by 0.19%.
The diff coverage is 57.14%.

@@            Coverage Diff             @@
##             next     #990      +/-   ##
==========================================
- Coverage   80.83%   80.63%   -0.20%     
==========================================
  Files         116      118       +2     
  Lines        3981     4090     +109     
  Branches      867      896      +29     
==========================================
+ Hits         3218     3298      +80     
- Misses        760      789      +29     
  Partials        3        3              

Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Kudos for attacking this problem from all fronts (including did-jwt)!

This is a good start but introduces some quirks too:

  • the policies are JWT specific
  • the new response only deals with JWT presentations, other formats are not handled which makes the API unclear.
  • It would also be nice to have a similar approach to VCs too

If you don't mind, I'll mark this PR as draft until all the pieces align and we are able to bring in the policy support from did-jwt.

packages/credential-w3c/src/action-handler.ts Outdated Show resolved Hide resolved
tmp/local-database-0.26140.json Outdated Show resolved Hide resolved
packages/credential-w3c/src/action-handler.ts Outdated Show resolved Hide resolved
packages/credential-w3c/src/action-handler.ts Outdated Show resolved Hide resolved
packages/credential-w3c/src/action-handler.ts Outdated Show resolved Hide resolved
return { verified: false, details: e.message }
}
else {
throw e
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like this separation of concerns between legitimate errors and exceptional situations.

However, I'm not yet 100% sure we should be introducing an extra branch, though.
I'm concerned about the usability here where developers have to handle 3 situations: valid response, invalid response and thrown error.
This is not a critique of your approach (which I've also described in the past), but rather me venting my uncertainty :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understandable, how do you propose we approach this issue?

Copy link
Member

@mirceanis mirceanis Aug 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose the simple answer would be to not re-throw an error in the exceptional case, but to return an object just like for the legitimate failures.
The difference would be that for the legitimate failures we can also identify the cause and populate the errorCode property of the error.

What do you think?

@mirceanis mirceanis marked this pull request as draft August 12, 2022 15:28
@daniyal-khalil
Copy link
Contributor Author

@mirceanis I was wondering whether you'd prefer if I create a IVerifyResponse as a type in Veramo core which will have a general verified and error fields. This can be used generally in all Verification APIs in separate modules.

tmp/local-database-0.81314.json Outdated Show resolved Hide resolved
packages/credential-w3c/src/action-handler.ts Outdated Show resolved Hide resolved
return { verified: false, details: e.message }
}
else {
throw e
Copy link
Member

@mirceanis mirceanis Aug 16, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose the simple answer would be to not re-throw an error in the exceptional case, but to return an object just like for the legitimate failures.
The difference would be that for the legitimate failures we can also identify the cause and populate the errorCode property of the error.

What do you think?

packages/credential-w3c/src/action-handler.ts Outdated Show resolved Hide resolved
Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are still some quirks left to be fixed:

  • the policies are forwarded as-is to the lower levels
  • The new result type is only returned for JWT presentations. Non-JWT presentation types should also be covered to have a usable API.
    If you are willing to create different PR(s) to cover the non-JWT types, please say so, but otherwise we'll have to fix it in this PR.

I also made some comment suggestions and a compatibility suggestion for the new IError type

/**
* The details of the error being throw or forwarded
*/
errorMessage?: string
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

let's use message to be compatible with native Error objects

Suggested change
errorMessage?: string
message: string

packages/core/src/types/IError.ts Show resolved Hide resolved
packages/credential-w3c/src/action-handler.ts Show resolved Hide resolved
@mirceanis
Copy link
Member

@mirceanis I was wondering whether you'd prefer if I create a IVerifyResponse as a type in Veramo core which will have a general verified and error fields. This can be used generally in all Verification APIs in separate modules.

Yes, that sounds like a good idea, although IVerifyResult fits the action better, since these are not actually request/response pairs.

@daniyal-khalil
Copy link
Contributor Author

I think even if I proceed to create separate PRs for the credential-ld and credential-eip712 modules. I would still need to refactor the verifyPresentationLD to support the current PR because the else clause responds with the LD verification. Which I believe is incompatible with the current IVerifyResult Response.

@daniyal-khalil
Copy link
Contributor Author

If we align on the approach, then I think it would not take long to implement similar logic for all the verify* methods.

@mirceanis mirceanis marked this pull request as ready for review August 18, 2022 12:03
Copy link
Member

@mirceanis mirceanis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

More PRs are needed to align the verification API, but this will do for starters.

This also relates to #375 and #935

@mirceanis mirceanis merged commit 06b3147 into decentralized-identity:next Aug 18, 2022
@mirceanis mirceanis mentioned this pull request Sep 8, 2022
mirceanis added a commit that referenced this pull request Sep 22, 2022
* chore(deps): update dependency openapi-types to v9.3.1

* fix(deps): update all non-major dependencies

* fix(deps): update dependency express-handlebars to v6

* chore(deps): update devdeps

* fix(deps): update dependency typeorm to v0.2.41

* fix(deps): update dependency did-jwt to v5.12.0

* JSON-LD Signature Support (#525)

* feat(utils): add `@veramo/utils` package

* feat(core): add common type definitions for credentials and presentations

* feat(credential-ld) add `@veramo/credential-ld` packages

* feat(credential-ld): added EcdsaSecp256k1RecoverySignature2020 and Ed25519Signature2018 credential signature and verification.

* feat(credential-ld): added presentation creation and verification.

* fix(credential-w3c): delegate `lds` proof types to `@veramo/credential-ld` if available.

* fix(data-store): fixed save operation for LD credentials

* feat(did-provider-key): fixed did:key dependencies, supporting only ed25519 x25519 and secp256k1 for now.

* feat(credential-ld): included credential context from transmute library

* refactor(credential-ld): simplify `CredentialIssuerLD` plugin initialization API

* feat(credential-ld): proper mapping from local database keys to DID document verificationMethods

* feat(cli): update default config to use `CredentialIssuerLD` module

* feat(credential-w3c): autoselect presentation audience if it's a managed DID, for verification

* feat(cli): add CLI methods to verify credentials and presentations

Co-authored-by: Simonas Karuzas <simonas@not.cat>
Co-authored-by: Mircea Nistor <mirceanis@gmail.com>

fixes #273
fixes #756
relates to #586
relates to #588

* fix(credential-ld): include LDDefaultContexts in npm bundle

* fix(credential-ld): include credential context and fix context loader Map

* fix(deps): update dependency did-jwt-vc to v2.1.8

* chore(deps): update devdeps

* feat(credential-ld): add option to fetch remote contexts

This pattern is not recommended, but useful sometimes for debugging. This is a foot-gun.

* docs: link to social (#764)

* docs: update badges

* fix(deps): update builders-and-testers

* fix(remote-server): api-key-auth (#772)

fixes #771

* fix(remote-server): web-did-doc-router options (#777)

* fix(deps): update builders-and-testers

* docs: rewrite readme and fix links

fixes #785

* chore(deps): update dependency openapi-types to v10

* fix(deps): update dependency openapi-types to v10

* fix: fix inquirer prompt for subject DID during SDR

fixes #790

* fix(deps): update builders-and-testers

* fix(deps): update builders-and-testers

* fix(deps): update dependency @ethersproject/random to v5.5.1

* fix(did-resolver): use interface `Resolvable` instead of the `Resolver` class

and update dependencies

* fix(deps): update dependency dotenv to v12

* chore(deps): update dependency ts-jest to v27.1.3

* chore: upgrade ethr-did-resolver

* chore(deps): update devdeps

* chore(deps): update dependency semantic-release to v19

* fix(deps): update dependency dotenv to v14

* chore(deps): update devdeps

* fix(deps): update dependency commander to v9

* fix(key-manager): add missing uuid dependency (#807)

* chore(deps): fix lockfile

* test: add headless browser testing (#809)

* version added, test:browser script added.
* github workflows updated

* fix(deps): pin dependencies

* fix(deps): update did-libraries

* chore(deps): pin dependencies

* fix(deps): pin dependency typescript to 4.5.5

* fix(deps): update dependency dotenv to v16

* chore(deps): update devdeps

* fix(deps): update all non-major dependencies

* fix(deps): update dependency inquirer-autocomplete-prompt to v2

* chore(deps): update devdeps

* fix(deps): update all non-major dependencies

* chore(deps): update actions/setup-node action to v3

* fix(deps): update all non-major dependencies

* chore(deps): update devdeps

* feat(date-store-json): add JSON object storage implementation (#819)

* feat(data-store-json): add JSON backed storage option

* feat(data-store-json): add private-key-store

* feat(data-store-json): use the same JSON object backend for all the data stores

* feat(data-store-json): simplify JSON store APIs

convert integration test to use a plain file as the backend for the JSON storage.

* test(browser): use data-store-json in browser tests and unlock more test scenarios

* test(browser): link local packages during browser tests

* feat(core): define IDataStoreORM interface at the `@veramo/core` level

* docs(core): add some inline documentation for the `IDataStoreORM` plugin interface.

* docs(data-store-json): add some inline documentation for types defined in data-store-json

* chore: commit updated schemas

* chore(deps): pin dependencies

* fix(deps): pin dependencies

* chore(deps): update actions/checkout action to v3

* fix(deps): update builders-and-testers

* feat: add key type definitions: 'Bls12381G1Key2020' and 'Bls12381G2Key2020' (#839)

* Add key types: 'Bls12381G1Key2020' and 'Bls12381G2Key2020'
Co-authored-by: Ilie Circiumaru <ici@zurich.ibm.com>

* fix(deps): update dependency typescript to v4.6.3

* chore(deps): update devdeps

* feat(utils): add 2 utility functions for inspecting ethr dids (#842)

* feat(utils): Add 2 utility functions for inspecting ethr dids

* chore: regenerate plugin schemas (#843)

* chore: Regenerate did-comm plugin schema (#844)

Co-authored-by: Nick Reynolds

* fix(deps): update did-libraries

* fix(deps): update builders-and-testers

* chore(deps): update actions/cache action to v3

* chore(deps): update dependency ts-json-schema-generator to v1

* fix(deps): update dependency @types/react-dom to v18

* fix(deps): update dependency ts-json-schema-generator to v1

* fix(deps): update dependency web-did-resolver to v2.0.15

* chore(deps): update devdeps

* fix(deps): update builders-and-testers

* fix(data-store-json): structuredClone

* fix(core): plugin schema

* chore(deps): update devdeps

* fix(deps): update builders-and-testers

* fix(deps): update dependency web-did-resolver to v2.0.16

* chore(deps): update node.js to v18

* chore(deps): update devdeps

* fix(deps): update dependency typescript to v4.6.4

* fix(deps): update dependency openapi-types to v11

* fix(deps): update dependency yaml to v2

* chore(deps): update devdeps

* fix(deps): update dependency @microsoft/api-extractor to v7.23.1

* feat(credential-status): add credential status check plugin for Veramo (#874)

* feat: add credential status plugin

* chore: fixes according the feedback

* chore: bump 'credential-status' dependency version

* chore: update plugin's schema

* fix(deps): update dependency @types/react to v18

* chore(deps): update devdeps

* fix(data-store-json): structuredClone (#885)

Fixes #857

* feat(did-provider-ethr): Using meta account

* fix(credential-w3c): forward domain and challenge args to createVerifiablePresentationJwt (#887)

* feat: create DIDComm JWE with multiple recipients (#888)

* fix(deps): update dependency @ungap/structured-clone to v1

* fix(deps): update react monorepo to v18

* fix(credential-ld): remove fs dependency for JSON LD default contexts (#868)

* remove fs dependency for JSON LD default contexts
* add contexts/*.json files in the build output

fixes #837

* feat: add partial match for dids and aliases in did discovery provider for data store

* fix (deps) : update dependency typeorm to v0.3.6 (#901)

Co-authored-by: ludovic duranteau <ludovic.duranteau@signaturelnd.com>

* feat(cli): add choices when selecting credential Subject in CLI (#898)

* Add choices when selecting credential Subject in CLI

* Change from list input type to autocomplete

* Remove validation when choosing subject DID

* fix(deps): update all non-major dependencies

* chore(deps): update devdeps

* feat: update did-discover-provider to search by DID likeness in addition to name

* chore: fix didDiscovery error test

* chore(build): rename jest config file (#908)

* fix(credential-status): simplify credential-status scripts

* chore: rebuild lockfile

* fix(cli): fix typo in command description (#913)

* fix(credential-ld): fix EcdsaSecp256k1RecoverySignature2020 suite context (#909)

* feat(data-store-json): BrowserLocalStorageStore (#914)

* feat: CredentialIssuerEIP712 (#899)

* fix(credential-eip712): update plugin schema (#915)

* feat(credential-ld): add support for browser environments (#916)

* fix(credential-ld): use @digitalcredentials instead of @digitalbazaar packages for better browser compatibility

* test: add test-utils package and move `fake-did-provider` there

* fix(credential-ld): bump @transmute and did-resolver dependencies

* fix(credential-ld): include default `@contexts` in build

* test(browser): use `stream-browserify` to enable `did:key` (from the @transmute implementation)

* test(browser): enable all integration test suites in the browser test

* fix(data-store-json): enable `dom` lib in `tsconfig.json`

* test(browser): move browser sample app to packages/ to simplify package linking

* chore(deps): update all non-major dependencies

* chore(deps): update devdeps

* fix(cli): update default CLI config to account for renamed class (#919)

BREAKING CHANGE: ProfileDiscoveryProvider has been renamed to DataStoreDiscoveryProvider in #597. Please update your config accordingly

* fix: update and fix inline documentation of all exported types (#921)

* fix(build): use correct cross-package imports

* chore(build): split build scripts for better granularity

* docs(data-store-json): fix and augment inline documentation for public exports

* docs(key-manager): add missing inline docs to exported classes

* docs(kms-local): update inline docs for public classes

* docs(message-handler): fix JSDoc links and update plugin documentation

* docs(remote-server): fix inline docs

* docs(url-handler): add description to UrlMessageHandler

* docs(core): update and fix inline docs for @veramo/core exports

* docs(selective-disclosure): update inline docs for @veramo/selective-disclosure exports

* docs(credential-w3c): update inline docs for @veramo/credential-w3c exports

* docs(data-store): fix and augment inline documentation for `@veramo/data-store` exports

* docs(did-discovery): update and fix inline docs for @veramo/did-discovery exports

* docs(did-comm): update and fix inline docs for @veramo/did-comm exports

* docs(credential-eip712): update and fix inline docs for @veramo/credential-eip712 exports

* fix(credential-status): update and fix type definitions and inline docs

* docs(credential-ld): update and fix inline docs

* fix(deps): bump api-extractor tools

* docs(did-manager): update inline docs

* docs(did-provider-key): add some inline docs

* docs(did-resolver): update inline docs

* docs(remote-client): add inline documentation for exports

* fix(build): update lockfile and autogen tests

* fix(deps): update did-libraries

* fix(deps): use did-jwt v6 and ethr-did-resolver v6 (#925)

* fix(deps): bump did-jwt to v6 and all related deps to latest

closes #923
closes #848

* chore(deps): use ganache instead of ganache-cli

This speeds up testing

* fix(docs): fix relevant errors and warnings in TSDoc to enable proper docs generation on `@next` branch

* fix(deps): update builders-and-testers (#930)

* chore(ci): adjust renovate bot schedule to reduce CI spam

* chore(ci): disable automatic pinning of dependencies

* chore(deps): update dependency ganache to v7.3.0

* chore(deps): update devdeps (major) (#881)

* chore(deps): update devdeps

* fix(build): adjust browser-tests for jest v28

* force `jsonld` to resolve to `@digitalbazaar/jsonld`
* run browser tests with `NODE_OPTIONS=--experimental-vm-modules`
* explicitly install some jest packages

Co-authored-by: Mircea Nistor <mirceanis@gmail.com>

* * fix(deps): pin resolution of @types/eslint to unblock build with conflicting versions (#928)

* chore(deps): update all non-major dependencies

* fix(deps): pin resolution of @types/eslint to unblock build with conflicting versions

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Mircea Nistor <mirceanis@gmail.com>

* feat(kms-web3): add a KMS implementation backed by a web3 provider (#924)

closes #688

* chore(deps): fix lockfile

* fix(kms-web3): use ethers _signTypedData (#939)

fixes #938

* fix(deps): Update dependency web-did-resolver to v2.0.19

* fix(deps): update dependency openapi-types to v12

* fix(deps): replace @transmute/lds-ecdsa-secp256k1-recovery2020 with fork (#953)

The fork uses `@digitalcredentials` variants of the JSON-LD libraries and upgrades some other dependencies to more maintained variants

closes #952

* fix(deps): Bump `did-jwt`, `did-jwt-vc` as direct package deps (#955)

* chore(ci): add PR template (#958)

* chore(ci): move the PR template file

* chore(ci): simplify the PR template

* chore(ci): clarify the PR template

* fix(deps): Update dependency @digitalcredentials/vc to v4

* fix(deps): Update dependency ethr-did-resolver to v6.0.2 (#964)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* fix(credential-status): check credential status for all credential types (#949)

fixes #934

* fix(did-provider-key) : fix typo in error message for `addKey` (#967)

* feat(did-provider-ethr): use multiple networks per EthrDIDProvider (#969)

* feat(did-manager): allow DID providers to match multiple prefixes
* feat(did-provider-ethr): support multi-network config for EthrDIDProvider

fixes #968
fixes #893

* feat(kms-web3): add ability to list provider accounts as keys (#965)

fixes #933

* feat(data-store): use DataSource instead of Connection (#970)

fixes #947

* feat(cli): in explore, allow copy to clipboard the text of identifier or credential or presentation (#902)

* feat(cli): in explore, allow user to copy to clipboard the text of identifier or credential or presentation

* feat(cli): add command to output selected credential or presentation

* feat(did-manager): add`didManagerUpdate` method for full DID document updates (#974)

fixes #971
this is also related to #960 and #948

* chore(core): update plugin schema

* fix: deprecate the `save` parameter (#975)

closes #966

* chore: create authors.md (#972)

This page contains a list of the awesome humans behind Veramo

* docs: update Twitter badge

* feat: define an interface for credential status manager (#956)

partially fixes #937
relates to #981

* feat(credential-status): rename plugin interfaces and methods

fixes #981

* feat(credential-status): expect revoked boolean property from StatusMethods

docs: fix inline docs broken references

docs(kms-web3): add docs to kms-web3

* feat(did-resolver): simplify DIDResolverPlugin constructor (#986)

fixes #976

* feat: add support for serviceEndpoint property as defined in latest DID Spec (#988)

BREAKING CHANGE: the `did-resolver` and connected libraries change the data-type for `ServiceEndpoint` to `Service` and the previous semantic has changed. Services can have multiple endpoints, not just a single string.

* feat(credential-w3c): add override policies to verifyPresentation (#990)

relates to #375
relates to #954

* fix(deps): Update dependency did-jwt-vc to v3

* chore(deps): update postgres docker tag to v14

* feat(credential-w3c): align verification API between formats (#996)

* feat(credential-w3c): align verification API between formats

fixes #935
fixes #954
fixes #375

* test: add test cases for VC/VP verification policies

* feat(credential-w3c): add extra options to VC/VP issuance and verification

* fix: forward the `fetchRemoteContext` parameter to the document loader

fixes #989

* feat(credential-w3c): add ICredentialPlugin interface in core package (#1001)

closes #941

The `ICredentialIssuer` interface was moved to the core package, but is reexported by the `credential-w3c` package for compatibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Error Handling in Veramo Credential-w3c package.
2 participants