feat: support w3c revocation #2072
Conversation
|
|
Hello @TimoGlastra, wanting to create a separate PR for w3c revocation, due to some conflicts in the original PR #2024 . I'll start with integrating the changes you suggested |
GHkrishna
force-pushed
the
feat/support-w3c-revocation
branch
from
b2e1d60 to
078c43c
Compare
...ules/vc/models/credential/w3c-credential-status/bitstring-status-list/BitStringStatusList.ts
Outdated
Show resolved
Hide resolved
GHkrishna
force-pushed
the
feat/support-w3c-revocation
branch
from
535cdbd to
f5671a7
Compare
Some concerns:
Current approach:
Do we need to do this?
|
GHkrishna
force-pushed
the
feat/support-w3c-revocation
branch
from
9786c84 to
22a8462
Compare
|
As per the discussion in the community call(with @TimoGlastra and @genaris ), the index allocation logic and the logic to revoke credential should be part of the revokers preference and credo must only be responsible for signing the BitSting status list credential and issuing a revocable credential containing a valid credential status property. Apologies as the PR is getting de-prioritized from my end. Looking forward to your reviews |
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]> feat: support w3c revocation Signed-off-by: Krishna Waske <[email protected]> chore: verify credential status Signed-off-by: Krishna Waske <[email protected]> chore: rearrange files Signed-off-by: Krishna Waske <[email protected]> chore: remove unnecessary code from credentials API Signed-off-by: Krishna Waske <[email protected]> chore: remove unnecessary code from credentials API Signed-off-by: Krishna Waske <[email protected]> chore: remove bitstring specific credential status from jsonld cred formats Signed-off-by: Krishna Waske <[email protected]> chore: add appropriate format based error Signed-off-by: Krishna Waske <[email protected]> chore: rename symbol Signed-off-by: Krishna Waske <[email protected]> chore: update folder name Signed-off-by: Krishna Waske <[email protected]> fix: typing and other minor issues while verifying Bitstring status list credential Signed-off-by: Krishna Waske <[email protected]> chore: add named imports from pako Signed-off-by: Krishna Waske <[email protected]> chore: update error for verifying bit string status list credential Signed-off-by: Krishna Waske <[email protected]> chore: move validate status logic to libraries Signed-off-by: Krishna Waske <[email protected]> refactor: Invalidate array of bitStringStatusListCredential Signed-off-by: Krishna Waske <[email protected]> refactor: export files from index Signed-off-by: Krishna Waske <[email protected]> refactor: separate bitstring statuslist and bitstring status list credential Signed-off-by: Krishna Waske <[email protected]> feat: add CredentialStatusBasedOnType Signed-off-by: Krishna Waske <[email protected]> reactor: remove duplicate code Signed-off-by: Krishna Waske <[email protected]> chore: add comment Signed-off-by: Krishna Waske <[email protected]> fix: add credential status compare while verifyReceivedCredentialMatchesRequest Signed-off-by: Krishna Waske <[email protected]> fix: remove credentialStatus from unsupported fields while accepting request Signed-off-by: Krishna Waske <[email protected]> fix: imports Signed-off-by: Krishna Waske <[email protected]> chore: update imports Signed-off-by: Krishna Waske <[email protected]> fix: imports Signed-off-by: Krishna Waske <[email protected]> chore: update minor type changes Signed-off-by: Krishna Waske <[email protected]> fix: remove unnecessary tranformation Signed-off-by: Krishna Waske <[email protected]> fix: verification of bitstring status list credential after fetching Signed-off-by: Krishna Waske <[email protected]> chore: push pnpm-lock file Signed-off-by: Krishna Waske <[email protected]> fix: take claimformat from options instead of from credential record, which might not always be present Signed-off-by: Krishna Waske <[email protected]> fix: completed TODO Signed-off-by: Krishna Waske <[email protected]> fix: check signature of fetched credential, w3cjwt support Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
…ocation separated from credo Signed-off-by: Krishna Waske <[email protected]>
…ocation separated from credo Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
GHkrishna
force-pushed
the
feat/support-w3c-revocation
branch
from
f44a16a to
748731e
Compare
|
Hello @genaris @TimoGlastra I understand you guys are quite occupied with all the interesting work going on in credo. Since this PR is quite raw, your feedback is quite essential to accommodate changes based on them. Thank you once again. |
genaris
left a comment
genaris
left a comment
There was a problem hiding this comment.
Thanks @GHkrishna ! In general it looks good to me, as it is a good first step to support Bitstring Status lists.
I think it would be good to add some tests as well.
...ules/vc/models/credential/w3c-credential-status/bitstring-status-list/BitStringStatusList.ts
Outdated
Show resolved
Hide resolved
packages/didcomm/src/modules/credentials/formats/jsonld/JsonLdCredentialFormat.ts
Outdated
Show resolved
Hide resolved
| "lru_map": "^0.4.1", | ||
| "make-error": "^1.3.6", | ||
| "object-inspect": "^1.10.3", | ||
| "pako": "^2.1.0", |
There was a problem hiding this comment.
Does pako work fine in react native? How does it compare with other modules such as fflate? I'm asking this because we want core to be as smaller as possible and it looks like pako is a bit heavy.
There was a problem hiding this comment.
Okay, that's a good suggestion, I'm all in on keeping core as small as possible,
Pako did work fine with an android device.
I was not aware about fflate, will have a look at it.
There was a problem hiding this comment.
Pako is also used by SD-JWT JS library, works in react native, and since we already depend on it is maybe not a bad choice. I have no idea on the size .
packages/core/src/modules/vc/models/credential/w3c-credential-status/W3cCredentialStatus.ts
Outdated
Show resolved
Hide resolved
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
Yes sure, I just wanted to make sure, we are on the right track before starting with the test cases. I think this is a good time to start now. |
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
|
Ariel, currently I'm adding testcases for revocable credential in addition to that of the existing ones(non-revocable w3c) instead of replacing/editing them. |
Signed-off-by: Krishna Waske <[email protected]>
Signed-off-by: Krishna Waske <[email protected]>
| 'revocation' = 'revocation', | ||
| 'suspension' = 'suspension', |
There was a problem hiding this comment.
| 'revocation' = 'revocation', | |
| 'suspension' = 'suspension', | |
| Revocation = 'revocation', | |
| Suspension = 'suspension', |
| // // Define an interface for the `credential` object that uses `CredentialSubject` | ||
| // export interface Credential { | ||
| // credentialSubject: CredentialSubject | ||
| // } | ||
|
|
||
| // // Use the `Credential` interface within `BitStringStatusListCredential` | ||
| // export interface BitStringStatusListCredential { | ||
| // credential: Credential | ||
| // } |
There was a problem hiding this comment.
Can you remove unused code?
| }) | ||
| } | ||
|
|
||
| @IsString() |
There was a problem hiding this comment.
This shouldn't be a string? It's an object right?
| } | ||
|
|
||
| try { | ||
| return (await response.json()) as BitStringStatusListCredential |
There was a problem hiding this comment.
The bitstrintstatuslistcredential is a class. We should transform and validate the json to a class instance
| // eslint-disable-next-line @typescript-eslint/no-unused-vars | ||
| public async revokeCredential(_agentContext: AgentContext, _options: RevokeCredentialOptions) { | ||
| // revoke jwt cred | ||
| throw new CredoError(`Revocation support not implemented for jwtVc`) |
There was a problem hiding this comment.
Why add these methods if both jwt and jsonld are not implemented?
| "lru_map": "^0.4.1", | ||
| "make-error": "^1.3.6", | ||
| "object-inspect": "^1.10.3", | ||
| "pako": "^2.1.0", |
There was a problem hiding this comment.
Pako is also used by SD-JWT JS library, works in react native, and since we already depend on it is maybe not a bad choice. I have no idea on the size .
|
@GHkrishna could you update the PR with the latest main, and fix the CI tests? |
4 participants
What
This PR introduces support for W3C credential revocation. The following changes have been made:
Refactor functionality for Verify Credential and Verify Presentation.
Integrated with the Bit String Status List for checking and updating credential status.
How
Revocation Flow: Implemented the revocation flow by checking a credential status and updating the credential issuance process to handle revocable credentials.
Integration: Integrated the new revocation features with the existing system, ensuring compatibility and proper handling of revoked credentials.
TO DO:
- [ ] Keep track of occupied and/or free spaces in the BSLC- [ ] Endpoints to create and post(host) a BitstringStatusList Credential(However, ability to verify signature of fetched credential is required)
- [ ] Update records as per occupied (both locally as well as on the server)- [ ] Revoking(change status of) a w3cCredential (issued by issuer or others capable of revoking the credential)(Might add some related taxs)