fix(anoncreds): unqualified revocation registry processing (#1833)

openwallet-foundation · Apr 18, 2024 · edc5735 · edc5735
1 parent eb2c513
commit edc5735
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 27 deletions.
diff --git a/packages/anoncreds/src/anoncreds-rs/AnonCredsRsHolderService.ts b/packages/anoncreds/src/anoncreds-rs/AnonCredsRsHolderService.ts
@@ -365,10 +365,18 @@ export class AnonCredsRsHolderService implements AnonCredsHolderService {
       schema: AnonCredsSchema
       credentialDefinition: AnonCredsCredentialDefinition
       revocationRegistryDefinition?: AnonCredsRevocationRegistryDefinition
+      revocationRegistryId?: string
       credentialRequestMetadata: AnonCredsCredentialRequestMetadata
     }
   ) {
-    const { credential, credentialRequestMetadata, schema, credentialDefinition, credentialDefinitionId } = options
+    const {
+      credential,
+      credentialRequestMetadata,
+      schema,
+      credentialDefinition,
+      credentialDefinitionId,
+      revocationRegistryId,
+    } = options
 
     const methodName = agentContext.dependencyManager
       .resolve(AnonCredsRegistryService)
@@ -377,15 +385,15 @@ export class AnonCredsRsHolderService implements AnonCredsHolderService {
     // this thows an error if the link secret is not found
     await getLinkSecret(agentContext, credentialRequestMetadata.link_secret_name)
 
-    const { revocationRegistryId, revocationRegistryIndex } = W3cAnonCredsCredential.fromJson(
-      JsonTransformer.toJSON(credential)
-    )
+    const { revocationRegistryIndex } = W3cAnonCredsCredential.fromJson(JsonTransformer.toJSON(credential))
 
-    const w3cCredentialService = agentContext.dependencyManager.resolve(W3cCredentialService)
-    const w3cCredentialRecord = await w3cCredentialService.storeCredential(agentContext, { credential })
+    if (Array.isArray(credential.credentialSubject)) {
+      throw new CredoError('Credential subject must be an object, not an array.')
+    }
 
     const anonCredsTags = getW3cRecordAnonCredsTags({
-      w3cCredentialRecord,
+      credentialSubject: credential.credentialSubject,
+      issuerId: credential.issuerId,
       schema,
       schemaId: credentialDefinition.schemaId,
       credentialDefinitionId,
@@ -395,6 +403,9 @@ export class AnonCredsRsHolderService implements AnonCredsHolderService {
       methodName,
     })
 
+    const w3cCredentialService = agentContext.dependencyManager.resolve(W3cCredentialService)
+    const w3cCredentialRecord = await w3cCredentialService.storeCredential(agentContext, { credential })
+
     const anonCredsCredentialMetadata: W3cAnonCredsCredentialMetadata = {
       credentialRevocationId: anonCredsTags.anonCredsCredentialRevocationId,
       linkSecretId: anonCredsTags.anonCredsLinkSecretId,
@@ -440,6 +451,7 @@ export class AnonCredsRsHolderService implements AnonCredsHolderService {
       schema,
       credentialDefinition,
       revocationRegistryDefinition: revocationRegistry?.definition,
+      revocationRegistryId: revocationRegistry?.id,
     })
 
     return w3cCredentialRecord.id

diff --git a/packages/anoncreds/src/updates/0.4-0.5/anonCredsCredentialRecord.ts b/packages/anoncreds/src/updates/0.4-0.5/anonCredsCredentialRecord.ts
@@ -91,17 +91,13 @@ async function migrateLegacyToW3cCredential(agentContext: AgentContext, legacyRe
     issuerId: qualifiedIssuerId,
   })
 
-  const w3cCredentialService = agentContext.dependencyManager.resolve(W3cCredentialService)
-  const w3cCredentialRecord = await w3cCredentialService.storeCredential(agentContext, {
-    credential: w3cJsonLdCredential,
-  })
-
-  for (const [key, meta] of Object.entries(legacyRecord.metadata.data)) {
-    w3cCredentialRecord.metadata.set(key, meta)
+  if (Array.isArray(w3cJsonLdCredential.credentialSubject)) {
+    throw new CredoError('Credential subject must be an object, not an array.')
   }
 
   const anonCredsTags = getW3cRecordAnonCredsTags({
-    w3cCredentialRecord,
+    credentialSubject: w3cJsonLdCredential.credentialSubject,
+    issuerId: w3cJsonLdCredential.issuerId,
     schemaId: qualifiedSchemaId,
     schema: {
       issuerId: qualifiedSchemaIssuerId,
@@ -115,6 +111,15 @@ async function migrateLegacyToW3cCredential(agentContext: AgentContext, legacyRe
     methodName: legacyTags.methodName,
   })
 
+  const w3cCredentialService = agentContext.dependencyManager.resolve(W3cCredentialService)
+  const w3cCredentialRecord = await w3cCredentialService.storeCredential(agentContext, {
+    credential: w3cJsonLdCredential,
+  })
+
+  for (const [key, meta] of Object.entries(legacyRecord.metadata.data)) {
+    w3cCredentialRecord.metadata.set(key, meta)
+  }
+
   const anonCredsCredentialMetadata: W3cAnonCredsCredentialMetadata = {
     credentialRevocationId: anonCredsTags.anonCredsCredentialRevocationId,
     linkSecretId: anonCredsTags.anonCredsLinkSecretId,

diff --git a/packages/anoncreds/src/utils/indyIdentifiers.ts b/packages/anoncreds/src/utils/indyIdentifiers.ts
@@ -262,8 +262,9 @@ export function getQualifiedDidIndyDid(identifier: string, namespace: string): s
     const credentialDefinitionId = `did:indy:${namespace}:${namespaceIdentifier}/anoncreds/v0/CLAIM_DEF/${schemaSeqNo}/${tag}`
     return credentialDefinitionId
   } else if (isUnqualifiedRevocationRegistryId(identifier)) {
-    const { namespaceIdentifier, schemaSeqNo, revocationRegistryTag } = parseIndyRevocationRegistryId(identifier)
-    const revocationRegistryId = `did:indy:${namespace}:${namespaceIdentifier}/anoncreds/v0/REV_REG_DEF/${schemaSeqNo}/${revocationRegistryTag}`
+    const { namespaceIdentifier, schemaSeqNo, credentialDefinitionTag, revocationRegistryTag } =
+      parseIndyRevocationRegistryId(identifier)
+    const revocationRegistryId = `did:indy:${namespace}:${namespaceIdentifier}/anoncreds/v0/REV_REG_DEF/${schemaSeqNo}/${credentialDefinitionTag}/${revocationRegistryTag}`
     return revocationRegistryId
   } else if (isUnqualifiedIndyDid(identifier)) {
     return `did:indy:${namespace}:${identifier}`

diff --git a/packages/anoncreds/src/utils/w3cAnonCredsUtils.ts b/packages/anoncreds/src/utils/w3cAnonCredsUtils.ts
@@ -3,7 +3,7 @@ import type { W3cAnonCredsCredentialMetadata } from './metadata'
 import type { AnonCredsCredentialInfo, AnonCredsSchema } from '../models'
 import type { AnonCredsCredentialRecord } from '../repository'
 import type { StoreCredentialOptions } from '../services'
-import type { DefaultW3cCredentialTags } from '@credo-ts/core'
+import type { DefaultW3cCredentialTags, W3cCredentialSubject } from '@credo-ts/core'
 
 import { CredoError, W3cCredentialRecord, utils } from '@credo-ts/core'
 
@@ -163,7 +163,8 @@ export function getStoreCredentialOptions(
 }
 
 export function getW3cRecordAnonCredsTags(options: {
-  w3cCredentialRecord: W3cCredentialRecord
+  credentialSubject: W3cCredentialSubject
+  issuerId: string
   schemaId: string
   schema: Omit<AnonCredsSchema, 'attrNames'>
   credentialDefinitionId: string
@@ -173,7 +174,8 @@ export function getW3cRecordAnonCredsTags(options: {
   methodName: string
 }) {
   const {
-    w3cCredentialRecord,
+    credentialSubject,
+    issuerId,
     schema,
     schemaId,
     credentialDefinitionId,
@@ -183,8 +185,6 @@ export function getW3cRecordAnonCredsTags(options: {
     methodName,
   } = options
 
-  const issuerId = w3cCredentialRecord.credential.issuerId
-
   const anonCredsCredentialRecordTags: AnonCredsCredentialTags = {
     anonCredsLinkSecretId: linkSecretId,
     anonCredsCredentialDefinitionId: credentialDefinitionId,
@@ -206,12 +206,8 @@ export function getW3cRecordAnonCredsTags(options: {
     }),
   }
 
-  if (Array.isArray(w3cCredentialRecord.credential.credentialSubject)) {
-    throw new CredoError('Credential subject must be an object, not an array.')
-  }
-
   const values = mapAttributeRawValuesToAnonCredsCredentialValues(
-    (w3cCredentialRecord.credential.credentialSubject.claims as AnonCredsClaimRecord) ?? {}
+    (credentialSubject.claims as AnonCredsClaimRecord) ?? {}
   )
 
   for (const [key, value] of Object.entries(values)) {