Merge branch 'main' into issue#1809

Author: swcurran

aries_cloudagent/indy/sdk/issuer.py

@@ -283,7 +283,7 @@ async def revoke_credentials(
         tails_reader_handle = await create_tails_reader(tails_file_path)
 
         result_json = None
-        for cred_rev_id in cred_rev_ids:
+        for cred_rev_id in set(cred_rev_ids):
             with IndyErrorHandler(
                 "Exception when revoking credential", IndyIssuerError
             ):

aries_cloudagent/indy/sdk/tests/test_issuer.py

@@ -311,17 +311,20 @@ async def test_create_revoke_credentials_x(
             values = json.loads(call_values)
             assert "attr1" in values
 
-            mock_indy_revoke_credential.side_effect = [
-                json.dumps(TEST_RR_DELTA),
-                IndyError(
-                    error_code=ErrorCode.AnoncredsInvalidUserRevocId,
-                    error_details={"message": "already revoked"},
-                ),
-                IndyError(
+            def mock_revoke(_h, _t, _r, cred_rev_id):
+                if cred_rev_id == "42":
+                    return json.dumps(TEST_RR_DELTA)
+                if cred_rev_id == "54":
+                    raise IndyError(
+                        error_code=ErrorCode.AnoncredsInvalidUserRevocId,
+                        error_details={"message": "already revoked"},
+                    )
+                raise IndyError(
                     error_code=ErrorCode.UnknownCryptoTypeError,
                     error_details={"message": "truly an outlier"},
-                ),
-            ]
+                )
+
+            mock_indy_revoke_credential.side_effect = mock_revoke
             mock_indy_merge_rr_deltas.return_value = json.dumps(TEST_RR_DELTA)
             (result, failed) = await self.issuer.revoke_credentials(
                 REV_REG_ID, tails_file_path="dummy", cred_rev_ids=test_cred_rev_ids

aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py

@@ -199,7 +199,10 @@ def _check_proof_vs_proposal():
                     f"attr::{name}::value": proof_value,
                 }
 
-                if not any(r.items() <= criteria.items() for r in req_restrictions):
+                if (
+                    not any(r.items() <= criteria.items() for r in req_restrictions)
+                    and len(req_restrictions) != 0
+                ):
                     raise V20PresFormatHandlerError(
                         f"Presented attribute {reft} does not satisfy proof request "
                         f"restrictions {req_restrictions}"
@@ -234,7 +237,10 @@ def _check_proof_vs_proposal():
                     },
                 }
 
-                if not any(r.items() <= criteria.items() for r in req_restrictions):
+                if (
+                    not any(r.items() <= criteria.items() for r in req_restrictions)
+                    and len(req_restrictions) != 0
+                ):
                     raise V20PresFormatHandlerError(
                         f"Presented attr group {reft} does not satisfy proof request "
                         f"restrictions {req_restrictions}"
@@ -287,7 +293,10 @@ def _check_proof_vs_proposal():
                     "issuer_did": cred_def_id.split(":")[-5],
                 }
 
-                if not any(r.items() <= criteria.items() for r in req_restrictions):
+                if (
+                    not any(r.items() <= criteria.items() for r in req_restrictions)
+                    and len(req_restrictions) != 0
+                ):
                     raise V20PresFormatHandlerError(
                         f"Presented predicate {reft} does not satisfy proof request "
                         f"restrictions {req_restrictions}"

aries_cloudagent/protocols/present_proof/v2_0/tests/test_manager.py

@@ -1400,6 +1400,164 @@ async def test_receive_pres_receive_pred_value_mismatch_punt_to_indy(self):
             save_ex.assert_called_once()
             assert px_rec_out.state == (V20PresExRecord.STATE_PRESENTATION_RECEIVED)
 
+    async def test_receive_pres_indy_no_predicate_restrictions(self):
+        connection_record = async_mock.MagicMock(connection_id=CONN_ID)
+        indy_proof_req = {
+            "name": PROOF_REQ_NAME,
+            "version": PROOF_REQ_VERSION,
+            "nonce": PROOF_REQ_NONCE,
+            "requested_attributes": {
+                "0_player_uuid": {
+                    "name": "player",
+                    "restrictions": [{"cred_def_id": CD_ID}],
+                    "non_revoked": {"from": NOW, "to": NOW},
+                },
+                "0_screencapture_uuid": {
+                    "name": "screenCapture",
+                    "restrictions": [{"cred_def_id": CD_ID}],
+                    "non_revoked": {"from": NOW, "to": NOW},
+                },
+            },
+            "requested_predicates": {
+                "0_highscore_GE_uuid": {
+                    "name": "highScore",
+                    "p_type": ">=",
+                    "p_value": 1000000,
+                    "restrictions": [],
+                    "non_revoked": {"from": NOW, "to": NOW},
+                }
+            },
+        }
+        pres_request = V20PresRequest(
+            formats=[
+                V20PresFormat(
+                    attach_id="indy",
+                    format_=ATTACHMENT_FORMAT[PRES_20_REQUEST][
+                        V20PresFormat.Format.INDY.api
+                    ],
+                )
+            ],
+            request_presentations_attach=[
+                AttachDecorator.data_base64(indy_proof_req, ident="indy")
+            ],
+        )
+        pres = V20Pres(
+            formats=[
+                V20PresFormat(
+                    attach_id="indy",
+                    format_=ATTACHMENT_FORMAT[PRES_20][V20PresFormat.Format.INDY.api],
+                )
+            ],
+            presentations_attach=[
+                AttachDecorator.data_base64(INDY_PROOF, ident="indy")
+            ],
+        )
+        pres.assign_thread_id("thread-id")
+
+        px_rec_dummy = V20PresExRecord(
+            pres_request=pres_request.serialize(),
+        )
+
+        # cover by_format property
+        by_format = px_rec_dummy.by_format
+
+        assert by_format.get("pres_request").get("indy") == indy_proof_req
+
+        with async_mock.patch.object(
+            V20PresExRecord, "save", autospec=True
+        ) as save_ex, async_mock.patch.object(
+            V20PresExRecord, "retrieve_by_tag_filter", autospec=True
+        ) as retrieve_ex, async_mock.patch.object(
+            self.profile,
+            "session",
+            async_mock.MagicMock(return_value=self.profile.session()),
+        ) as session:
+            retrieve_ex.side_effect = [px_rec_dummy]
+            px_rec_out = await self.manager.receive_pres(pres, connection_record, None)
+            retrieve_ex.assert_called_once_with(
+                session.return_value,
+                {"thread_id": "thread-id"},
+                {"role": V20PresExRecord.ROLE_VERIFIER, "connection_id": CONN_ID},
+            )
+            save_ex.assert_called_once()
+            assert px_rec_out.state == (V20PresExRecord.STATE_PRESENTATION_RECEIVED)
+
+    async def test_receive_pres_indy_no_attr_restrictions(self):
+        connection_record = async_mock.MagicMock(connection_id=CONN_ID)
+        indy_proof_req = {
+            "name": PROOF_REQ_NAME,
+            "version": PROOF_REQ_VERSION,
+            "nonce": PROOF_REQ_NONCE,
+            "requested_attributes": {
+                "0_player_uuid": {
+                    "name": "player",
+                    "restrictions": [],
+                    "non_revoked": {"from": NOW, "to": NOW},
+                }
+            },
+            "requested_predicates": {},
+        }
+        proof = deepcopy(INDY_PROOF)
+        proof["requested_proof"]["revealed_attrs"] = {
+            "0_player_uuid": {
+                "sub_proof_index": 0,
+                "raw": "Richie Knucklez",
+                "encoded": "516439982",
+            }
+        }
+        proof["requested_proof"]["predicates"] = {}
+        pres_request = V20PresRequest(
+            formats=[
+                V20PresFormat(
+                    attach_id="indy",
+                    format_=ATTACHMENT_FORMAT[PRES_20_REQUEST][
+                        V20PresFormat.Format.INDY.api
+                    ],
+                )
+            ],
+            request_presentations_attach=[
+                AttachDecorator.data_base64(indy_proof_req, ident="indy")
+            ],
+        )
+        pres = V20Pres(
+            formats=[
+                V20PresFormat(
+                    attach_id="indy",
+                    format_=ATTACHMENT_FORMAT[PRES_20][V20PresFormat.Format.INDY.api],
+                )
+            ],
+            presentations_attach=[AttachDecorator.data_base64(proof, ident="indy")],
+        )
+        pres.assign_thread_id("thread-id")
+
+        px_rec_dummy = V20PresExRecord(
+            pres_request=pres_request.serialize(),
+        )
+
+        # cover by_format property
+        by_format = px_rec_dummy.by_format
+
+        assert by_format.get("pres_request").get("indy") == indy_proof_req
+
+        with async_mock.patch.object(
+            V20PresExRecord, "save", autospec=True
+        ) as save_ex, async_mock.patch.object(
+            V20PresExRecord, "retrieve_by_tag_filter", autospec=True
+        ) as retrieve_ex, async_mock.patch.object(
+            self.profile,
+            "session",
+            async_mock.MagicMock(return_value=self.profile.session()),
+        ) as session:
+            retrieve_ex.side_effect = [px_rec_dummy]
+            px_rec_out = await self.manager.receive_pres(pres, connection_record, None)
+            retrieve_ex.assert_called_once_with(
+                session.return_value,
+                {"thread_id": "thread-id"},
+                {"role": V20PresExRecord.ROLE_VERIFIER, "connection_id": CONN_ID},
+            )
+            save_ex.assert_called_once()
+            assert px_rec_out.state == (V20PresExRecord.STATE_PRESENTATION_RECEIVED)
+
     async def test_receive_pres_bait_and_switch_attr_name(self):
         connection_record = async_mock.MagicMock(connection_id=CONN_ID)
         indy_proof_req = deepcopy(INDY_PROOF_REQ_NAME)

aries_cloudagent/revocation/manager.py

@@ -133,7 +133,7 @@ async def revoke_credential(
             rev_reg = await revoc.get_ledger_registry(rev_reg_id)
             await rev_reg.get_or_fetch_local_tails_path()
             # pick up pending revocations on input revocation registry
-            crids = list(set(issuer_rr_rec.pending_pub + [cred_rev_id]))
+            crids = (issuer_rr_rec.pending_pub or []) + [cred_rev_id]
             (delta_json, _) = await issuer.revoke_credentials(
                 issuer_rr_rec.revoc_reg_id, issuer_rr_rec.tails_local_path, crids
             )
@@ -145,9 +145,9 @@ async def revoke_credential(
                     issuer_rr_upd.revoc_reg_entry = json.loads(delta_json)
                 await issuer_rr_upd.clear_pending(txn, crids)
                 await txn.commit()
+            await self.set_cred_revoked_state(rev_reg_id, crids)
             if delta_json:
                 await issuer_rr_upd.send_entry(self._profile)
-            await self.set_cred_revoked_state(rev_reg_id, [cred_rev_id])
             await notify_revocation_published_event(
                 self._profile, rev_reg_id, [cred_rev_id]
             )
@@ -215,11 +215,11 @@ async def publish_pending_revocations(
                         issuer_rr_upd.revoc_reg_entry = json.loads(delta_json)
                     await issuer_rr_upd.clear_pending(txn, crids)
                     await txn.commit()
+                await self.set_cred_revoked_state(issuer_rr_rec.revoc_reg_id, crids)
                 if delta_json:
                     await issuer_rr_upd.send_entry(self._profile)
                 published = sorted(crid for crid in crids if crid not in failed_crids)
                 result[issuer_rr_rec.revoc_reg_id] = published
-                await self.set_cred_revoked_state(issuer_rr_rec.revoc_reg_id, crids)
                 await notify_revocation_published_event(
                     self._profile, issuer_rr_rec.revoc_reg_id, crids
                 )
@@ -289,34 +289,40 @@ async def set_cred_revoked_state(
 
         """
         for cred_rev_id in cred_rev_ids:
+            cred_ex_id = None
+
+            try:
+                async with self._profile.transaction() as txn:
+                    rev_rec = await IssuerCredRevRecord.retrieve_by_ids(
+                        txn, rev_reg_id, cred_rev_id, for_update=True
+                    )
+                    cred_ex_id = rev_rec.cred_ex_id
+                    rev_rec.state = IssuerCredRevRecord.STATE_REVOKED
+                    await rev_rec.save(txn, reason="revoke credential")
+                    await txn.commit()
+            except StorageNotFoundError:
+                continue
+
             async with self._profile.transaction() as txn:
                 try:
-                    rev_rec = await IssuerCredRevRecord.retrieve_by_ids(
-                        txn, rev_reg_id, cred_rev_id
+                    cred_ex_record = await V10CredentialExchange.retrieve_by_id(
+                        txn, cred_ex_id, for_update=True
+                    )
+                    cred_ex_record.state = (
+                        V10CredentialExchange.STATE_CREDENTIAL_REVOKED
                     )
-                    try:
-                        cred_ex_record = await V10CredentialExchange.retrieve_by_id(
-                            txn, rev_rec.cred_ex_id, for_update=True
-                        )
-                        cred_ex_record.state = (
-                            V10CredentialExchange.STATE_CREDENTIAL_REVOKED
-                        )
-                        await cred_ex_record.save(txn, reason="revoke credential")
-                        await txn.commit()
-
-                    except StorageNotFoundError:
-                        try:
-                            cred_ex_record = await V20CredExRecord.retrieve_by_id(
-                                txn, rev_rec.cred_ex_id, for_update=True
-                            )
-                            cred_ex_record.state = (
-                                V20CredExRecord.STATE_CREDENTIAL_REVOKED
-                            )
-                            await cred_ex_record.save(txn, reason="revoke credential")
-                            await txn.commit()
-
-                        except StorageNotFoundError:
-                            pass
+                    await cred_ex_record.save(txn, reason="revoke credential")
+                    await txn.commit()
+                    continue  # skip 2.0 record check
+                except StorageNotFoundError:
+                    pass
 
+                try:
+                    cred_ex_record = await V20CredExRecord.retrieve_by_id(
+                        txn, cred_ex_id, for_update=True
+                    )
+                    cred_ex_record.state = V20CredExRecord.STATE_CREDENTIAL_REVOKED
+                    await cred_ex_record.save(txn, reason="revoke credential")
+                    await txn.commit()
                 except StorageNotFoundError:
                     pass

aries_cloudagent/revocation/models/issuer_cred_rev_record.py

@@ -90,10 +90,15 @@ async def retrieve_by_ids(
         session: ProfileSession,
         rev_reg_id: str,
         cred_rev_id: str,
+        *,
+        for_update: bool = False,
     ) -> "IssuerCredRevRecord":
         """Retrieve an issuer cred rev record by rev reg id and cred rev id."""
         return await cls.retrieve_by_tag_filter(
-            session, {"rev_reg_id": rev_reg_id}, {"cred_rev_id": cred_rev_id}
+            session,
+            {"rev_reg_id": rev_reg_id},
+            {"cred_rev_id": cred_rev_id},
+            for_update=for_update,
         )
 
     @classmethod