Merge branch 'main' into fix/public-did-mediator-routing-keys

Author: dbluhm

.github/workflows/pr-tests.yml

@@ -0,0 +1,20 @@
+name: PR Tests
+
+on:
+  pull_request:
+
+jobs:
+  tests:
+    name: Tests
+    uses: ./.github/workflows/tests.yml
+    with:
+      python-version: "3.6"
+      os: "ubuntu-20.04"
+
+  tests-indy:
+    name: Tests (Indy)
+    uses: ./.github/workflows/tests-indy.yml
+    with:
+      python-version: "3.6"
+      indy-version: "1.16.0"
+      os: "ubuntu-20.04"

.github/workflows/tests-indy.yml

@@ -0,0 +1,58 @@
+name: Tests (Indy)
+
+on:
+  workflow_call:
+    inputs:
+      python-version:
+        required: true
+        type: string
+      indy-version:
+        required: true
+        type: string
+      os:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    name: Test Python ${{ inputs.python-version }} on Indy ${{ inputs.indy-version }}
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Cache image layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache-test
+          key: ${{ runner.os }}-buildx-test-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-test-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build test image
+        uses: docker/build-push-action@v3
+        with:
+          load: true
+          context: .
+          file: docker/Dockerfile.indy
+          target: acapy-test
+          tags: acapy-test:latest
+          build-args: |
+            python_version=${{ inputs.python-version }}
+            indy_version=${{ inputs.indy-version }}
+          cache-from: type=local,src=/tmp/.buildx-cache-test
+          cache-to: type=local,dest=/tmp/.buildx-cache-test-new,mode=max
+
+      # Temp fix
+      # https://github.com/docker/build-push-action/issues/252
+      # https://github.com/moby/buildkit/issues/1896
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache-test
+          mv /tmp/.buildx-cache-test-new /tmp/.buildx-cache-test
+
+      - name: Run pytest
+        run: |
+          docker run --rm acapy-test:latest

.github/workflows/tests.yml

@@ -0,0 +1,35 @@
+name: Tests
+
+on:
+  workflow_call:
+    inputs:
+      python-version:
+        required: true
+        type: string
+      os:
+        required: true
+        type: string
+
+jobs:
+  tests:
+    name: Test Python ${{ inputs.python-version }}
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ inputs.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ inputs.python-version }}
+          cache: 'pip'
+          cache-dependency-path: 'requirements*.txt'
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip3 install --no-cache-dir \
+            -r requirements.txt \
+            -r requirements.askar.txt \
+            -r requirements.bbs.txt \
+            -r requirements.dev.txt
+      - name: Tests
+        run: |
+          pytest

demo/bdd_support/agent_backchannel_client.py

@@ -130,10 +130,12 @@ def aries_container_receive_credential(
 def aries_container_request_proof(
     the_container: AgentContainer,
     proof_request: dict,
+    explicit_revoc_required: bool = False,
 ):
     return run_coroutine(
         the_container.request_proof,
         proof_request,
+        explicit_revoc_required=explicit_revoc_required,
     )
 
 

demo/features/0454-present-proof.feature

@@ -98,7 +98,7 @@ Feature: RFC 0454 Aries agent present proof
          | Acme   | --revocation --public-did --multitenant    | --multitenant    | driverslicense_v2 | Data_DL_MaxValues | DL_age_over_19_v2 |
 
    @T003-RFC0454.1 @GHA
-   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, neither credential is revoked
       Given we have "4" agents
          | name  | role     | capabilities         |
          | Acme1 | issuer1  | <Acme1_capabilities> |
@@ -117,8 +117,28 @@ Feature: RFC 0454 Aries agent present proof
          | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                    |
          | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id |
 
+   @T003-RFC0454.1f
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, neither credential is revoked, fails due to requesting request-level revocation
+      Given we have "4" agents
+         | name  | role     | capabilities         |
+         | Acme1 | issuer1  | <Acme1_capabilities> |
+         | Acme2 | issuer2  | <Acme2_capabilities> |
+         | Faber | verifier | <Acme1_capabilities> |
+         | Bob   | prover   | <Bob_cap>   |
+      And "<issuer1>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_1> credential <Credential_data_1> from "<issuer1>"
+      And "<issuer2>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_2> credential <Credential_data_2> from "<issuer2>"
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verification fail
+
+      Examples:
+         | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                    |
+         | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_r2 |
+
    @T003-RFC0454.2 @GHA
-   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked, and the proof checks for revocation and fails
       Given we have "4" agents
          | name  | role     | capabilities         |
          | Acme1 | issuer1  | <Acme1_capabilities> |
@@ -137,3 +157,25 @@ Feature: RFC 0454 Aries agent present proof
       Examples:
          | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                    |
          | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id |
+         | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_r2 |
+
+   @T003-RFC0454.3 @GHA
+   Scenario Outline: Present Proof for multiple credentials where the one is revocable and one isn't, and the revocable credential is revoked, and the proof doesn't check for revocation and passes
+      Given we have "4" agents
+         | name  | role     | capabilities         |
+         | Acme1 | issuer1  | <Acme1_capabilities> |
+         | Acme2 | issuer2  | <Acme2_capabilities> |
+         | Faber | verifier | <Acme1_capabilities> |
+         | Bob   | prover   | <Bob_cap>   |
+      And "<issuer1>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_1> credential <Credential_data_1> from "<issuer1>"
+      And "<issuer1>" revokes the credential
+      And "<issuer2>" and "Bob" have an existing connection
+      And "Bob" has an issued <Schema_name_2> credential <Credential_data_2> from "<issuer2>"
+      And "Faber" and "Bob" have an existing connection
+      When "Faber" sends a request with explicit revocation status for proof presentation <Proof_request> to "Bob"
+      Then "Faber" has the proof verified
+
+      Examples:
+         | issuer1 | Acme1_capabilities        | issuer2 | Acme2_capabilities | Bob_cap | Schema_name_1     | Credential_data_1 | Schema_name_2 | Credential_data_2 | Proof_request                             |
+         | Acme1   | --revocation --public-did | Acme2   | --public-did       |         | driverslicense_v2 | Data_DL_MaxValues | health_id     | Data_DL_MaxValues | DL_age_over_19_v2_with_health_id_no_revoc |

demo/features/data/presentation_DL_age_over_19_v2_with_health_id_no_revoc.json

@@ -0,0 +1,24 @@
+{
+    "presentation": {
+        "comment": "This is a comment for the send presentation.",
+        "requested_attributes": {
+            "address_attrs": {
+                "cred_type_name": "Schema_DriversLicense_v2",
+                "revealed": true,
+                "cred_id": "replace_me"
+            },
+            "health_attrs": {
+                "cred_type_name": "Schema_Health_ID",
+                "revealed": true,
+                "cred_id": "replace_me"
+            }
+        },
+        "requested_predicates": {
+            "age": {
+                "cred_type_name": "Schema_DriversLicense_v2",
+                "cred_id": "replace me"
+            }
+        },
+        "self_attested_attributes": {}
+    }
+}

demo/features/data/presentation_DL_age_over_19_v2_with_health_id_r2.json

@@ -0,0 +1,24 @@
+{
+    "presentation": {
+        "comment": "This is a comment for the send presentation.",
+        "requested_attributes": {
+            "address_attrs": {
+                "cred_type_name": "Schema_DriversLicense_v2",
+                "revealed": true,
+                "cred_id": "replace_me"
+            },
+            "health_attrs": {
+                "cred_type_name": "Schema_Health_ID",
+                "revealed": true,
+                "cred_id": "replace_me"
+            }
+        },
+        "requested_predicates": {
+            "age": {
+                "cred_type_name": "Schema_DriversLicense_v2",
+                "cred_id": "replace me"
+            }
+        },
+        "self_attested_attributes": {}
+    }
+}

demo/features/data/proof_request_DL_age_over_19_v2_with_health_id_no_revoc.json

@@ -0,0 +1,38 @@
+{
+   "presentation_proposal": {
+      "requested_attributes": {
+         "address_attrs": {
+            "name": "address",
+            "restrictions": [
+               {
+                  "schema_name": "Schema_DriversLicense_v2",
+                  "schema_version": "1.0.1"
+               }
+            ]
+         },
+         "health_attrs": {
+            "name": "health_id_num",
+            "restrictions": [
+               {
+                  "schema_name": "Schema_Health_ID",
+                  "schema_version": "1.0.0"
+               }
+            ]
+         }
+      },
+      "requested_predicates": {
+         "age": {
+            "name": "age",
+            "p_type": ">",
+            "p_value": 19,
+            "restrictions": [
+               {
+                  "schema_name": "Schema_DriversLicense_v2",
+                  "schema_version": "1.0.1"
+               }
+            ]
+         }
+      },
+      "version": "0.1.0"
+   }
+}

demo/features/data/proof_request_DL_age_over_19_v2_with_health_id_r2.json

@@ -0,0 +1,38 @@
+{
+   "presentation_proposal": {
+      "requested_attributes": {
+         "address_attrs": {
+            "name": "address",
+            "restrictions": [
+               {
+                  "schema_name": "Schema_DriversLicense_v2",
+                  "schema_version": "1.0.1"
+               }
+            ]
+         },
+         "health_attrs": {
+            "name": "health_id_num",
+            "restrictions": [
+               {
+                  "schema_name": "Schema_Health_ID",
+                  "schema_version": "1.0.0"
+               }
+            ]
+         }
+      },
+      "requested_predicates": {
+         "age": {
+            "name": "age",
+            "p_type": ">",
+            "p_value": 19,
+            "restrictions": [
+               {
+                  "schema_name": "Schema_DriversLicense_v2",
+                  "schema_version": "1.0.1"
+               }
+            ]
+         }
+      },
+      "version": "0.1.0"
+   }
+}

demo/features/steps/0454-present-proof.py

@@ -43,6 +43,22 @@ def step_impl(context, verifier, request_for_proof, prover):
     context.proof_exchange = proof_exchange
 
 
+@when(
+    '"{verifier}" sends a request with explicit revocation status for proof presentation {request_for_proof} to "{prover}"'
+)
+def step_impl(context, verifier, request_for_proof, prover):
+    agent = context.active_agents[verifier]
+
+    proof_request_info = read_proof_req_data(request_for_proof)
+
+    proof_exchange = aries_container_request_proof(
+        agent["agent"], proof_request_info, explicit_revoc_required=True
+    )
+
+    context.proof_request = proof_request_info
+    context.proof_exchange = proof_exchange
+
+
 @then('"{verifier}" has the proof verified')
 def step_impl(context, verifier):
     agent = context.active_agents[verifier]