feat(anoncreds): issue revocable credentials

packages/anoncreds-rs/src/services/AnonCredsRsIssuerService.ts

@@ -10,17 +10,35 @@ import type {
   AnonCredsCredentialDefinition,
   CreateCredentialDefinitionReturn,
   AnonCredsCredential,
+  CreateRevocationRegistryDefinitionOptions,
+  CreateRevocationRegistryDefinitionReturn,
+  AnonCredsRevocationRegistryDefinition,
+  CreateRevocationStatusListOptions,
+  AnonCredsRevocationStatusList,
+  UpdateRevocationStatusListOptions,
 } from '@aries-framework/anoncreds'
 import type { AgentContext } from '@aries-framework/core'
 import type { CredentialDefinitionPrivate, JsonObject, KeyCorrectnessProof } from '@hyperledger/anoncreds-shared'
 
 import {
+  RevocationRegistryState,
+  AnonCredsRevocationRegistryDefinitionRepository,
+  AnonCredsRevocationRegistryDefinitionPrivateRepository,
   AnonCredsKeyCorrectnessProofRepository,
   AnonCredsCredentialDefinitionPrivateRepository,
   AnonCredsCredentialDefinitionRepository,
 } from '@aries-framework/anoncreds'
 import { injectable, AriesFrameworkError } from '@aries-framework/core'
-import { Credential, CredentialDefinition, CredentialOffer, Schema } from '@hyperledger/anoncreds-shared'
+import {
+  RevocationStatusList,
+  RevocationRegistryDefinitionPrivate,
+  RevocationRegistryDefinition,
+  CredentialRevocationConfig,
+  Credential,
+  CredentialDefinition,
+  CredentialOffer,
+  Schema,
+} from '@hyperledger/anoncreds-shared'
 
 import { AnonCredsRsError } from '../errors/AnonCredsRsError'
 
@@ -79,6 +97,103 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {
     }
   }
 
+  public async createRevocationRegistryDefinition(
+    agentContext: AgentContext,
+    options: CreateRevocationRegistryDefinitionOptions
+  ): Promise<CreateRevocationRegistryDefinitionReturn> {
+    const { tag, issuerId, credentialDefinition, credentialDefinitionId, maximumCredentialNumber, tailsDirectoryPath } =
+      options
+
+    let createReturnObj:
+      | {
+          revocationRegistryDefinition: RevocationRegistryDefinition
+          revocationRegistryDefinitionPrivate: RevocationRegistryDefinitionPrivate
+        }
+      | undefined
+    try {
+      createReturnObj = RevocationRegistryDefinition.create({
+        credentialDefinition: credentialDefinition as unknown as JsonObject,
+        credentialDefinitionId,
+        issuerId,
+        maximumCredentialNumber,
+        revocationRegistryType: 'CL_ACCUM',
+        tag,
+        tailsDirectoryPath,
+      })
+
+      return {
+        revocationRegistryDefinition:
+          createReturnObj.revocationRegistryDefinition.toJson() as unknown as AnonCredsRevocationRegistryDefinition,
+        revocationRegistryDefinitionPrivate: createReturnObj.revocationRegistryDefinitionPrivate.toJson(),
+      }
+    } finally {
+      createReturnObj?.revocationRegistryDefinition.handle.clear()
+      createReturnObj?.revocationRegistryDefinitionPrivate.handle.clear()
+    }
+  }
+
+  public async createRevocationStatusList(
+    agentContext: AgentContext,
+    options: CreateRevocationStatusListOptions
+  ): Promise<AnonCredsRevocationStatusList> {
+    const { issuerId, revocationRegistryDefinitionId, revocationRegistryDefinition, issuanceByDefault, tailsFilePath } =
+      options
+
+    let revocationStatusList: RevocationStatusList | undefined
+    try {
+      revocationStatusList = RevocationStatusList.create({
+        issuanceByDefault,
+        revocationRegistryDefinitionId,
+        revocationRegistryDefinition: {
+          ...revocationRegistryDefinition,
+          value: { ...revocationRegistryDefinition.value, tailsLocation: tailsFilePath },
+        } as unknown as JsonObject,
+        issuerId,
+      })
+
+      return revocationStatusList.toJson() as unknown as AnonCredsRevocationStatusList
+    } finally {
+      revocationStatusList?.handle.clear()
+    }
+  }
+
+  public async updateRevocationStatusList(
+    agentContext: AgentContext,
+    options: UpdateRevocationStatusListOptions
+  ): Promise<AnonCredsRevocationStatusList> {
+    const { revocationStatusList, revocationRegistryDefinition, issued, revoked, timestamp, tailsFilePath } = options
+
+    let updatedRevocationStatusList: RevocationStatusList | undefined
+    let revocationRegistryDefinitionObj: RevocationRegistryDefinition | undefined
+
+    try {
+      updatedRevocationStatusList = RevocationStatusList.fromJson(revocationStatusList as unknown as JsonObject)
+
+      if (timestamp && !issued && !revoked) {
+        updatedRevocationStatusList.updateTimestamp({
+          timestamp,
+        })
+      } else {
+        revocationRegistryDefinitionObj = RevocationRegistryDefinition.fromJson({
+          ...revocationRegistryDefinition,
+          value: { ...revocationRegistryDefinition.value, tailsLocation: tailsFilePath },
+        } as unknown as JsonObject)
+        updatedRevocationStatusList.update({
+          // TODO: Fix parameters in anoncreds-rs
+          revocationRegstryDefinition: revocationRegistryDefinitionObj,
+          issued: options.issued,
+          revoked: options.revoked,
+          timestamp: timestamp ?? -1,
+        })
+      }
+
+      return updatedRevocationStatusList.toJson() as unknown as AnonCredsRevocationStatusList
+    } finally {
+      updatedRevocationStatusList?.handle.clear()
+      revocationRegistryDefinitionObj?.handle.clear()
+    }
+  }
+
   public async createCredentialOffer(
     agentContext: AgentContext,
     options: CreateCredentialOfferOptions
@@ -115,14 +230,26 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {
     agentContext: AgentContext,
     options: CreateCredentialOptions
   ): Promise<CreateCredentialReturn> {
-    const { tailsFilePath, credentialOffer, credentialRequest, credentialValues, revocationRegistryId } = options
+    const {
+      credentialOffer,
+      credentialRequest,
+      credentialValues,
+      revocationRegistryDefinitionId,
+      tailsFilePath,
+      revocationStatusList,
+    } = options
+
+    const definedRevocationOptions = [revocationRegistryDefinitionId, tailsFilePath, revocationStatusList].filter(
+      (e) => e !== undefined
+    )
+    if (definedRevocationOptions.length > 0 && definedRevocationOptions.length < 3) {
+      throw new AriesFrameworkError(
+        'Revocation requires all of revocationRegistryDefinitionId, revocationStatusList and tailsFilePath'
+      )
+    }
 
     let credential: Credential | undefined
     try {
-      if (revocationRegistryId || tailsFilePath) {
-        throw new AriesFrameworkError('Revocation not supported yet')
-      }
-
       const attributeRawValues: Record<string, string> = {}
       const attributeEncodedValues: Record<string, string> = {}
 
@@ -139,14 +266,52 @@ export class AnonCredsRsIssuerService implements AnonCredsIssuerService {
         .resolve(AnonCredsCredentialDefinitionPrivateRepository)
         .getByCredentialDefinitionId(agentContext, options.credentialRequest.cred_def_id)
 
+      let revocationConfiguration: CredentialRevocationConfig | undefined
+      if (options.revocationRegistryDefinitionId && options.tailsFilePath) {
+        const revocationRegistryDefinitionRecord = await agentContext.dependencyManager
+          .resolve(AnonCredsRevocationRegistryDefinitionRepository)
+          .getByRevocationRegistryDefinitionId(agentContext, options.revocationRegistryDefinitionId)
+
+        const revocationRegistryDefinitionPrivateRecord = await agentContext.dependencyManager
+          .resolve(AnonCredsRevocationRegistryDefinitionPrivateRepository)
+          .getByRevocationRegistryDefinitionId(agentContext, options.revocationRegistryDefinitionId)
+
+        const registryIndex = revocationRegistryDefinitionPrivateRecord.currentIndex + 1
+
+        if (registryIndex >= revocationRegistryDefinitionRecord.revocationRegistryDefinition.value.maxCredNum) {
+          revocationRegistryDefinitionPrivateRecord.state = RevocationRegistryState.Full
+        }
+
+        // Update current registry index in storage
+        // Note: if an error is produced or the credential is not effectively sent,
+        // the previous index will be skipped
+        revocationRegistryDefinitionPrivateRecord.currentIndex = registryIndex
+        await agentContext.dependencyManager
+          .resolve(AnonCredsRevocationRegistryDefinitionPrivateRepository)
+          .update(agentContext, revocationRegistryDefinitionPrivateRecord)
+
+        revocationConfiguration = new CredentialRevocationConfig({
+          registryDefinition: RevocationRegistryDefinition.fromJson(
+            revocationRegistryDefinitionRecord.revocationRegistryDefinition as unknown as JsonObject
+          ),
+          registryDefinitionPrivate: RevocationRegistryDefinitionPrivate.fromJson(
+            revocationRegistryDefinitionPrivateRecord.value
+          ),
+          tailsPath: options.tailsFilePath,
+          registryIndex,
+        })
+      }
+
       credential = Credential.create({
         credentialDefinition: credentialDefinitionRecord.credentialDefinition as unknown as JsonObject,
         credentialOffer: credentialOffer as unknown as JsonObject,
         credentialRequest: credentialRequest as unknown as JsonObject,
-        revocationRegistryId,
+        revocationRegistryId: revocationRegistryDefinitionId,
         attributeEncodedValues,
         attributeRawValues,
         credentialDefinitionPrivate: credentialDefinitionPrivateRecord.value,
+        revocationConfiguration,
+        revocationStatusList: revocationStatusList ? (revocationStatusList as unknown as JsonObject) : undefined,
       })
 
       return {

packages/anoncreds-rs/tests/InMemoryTailsFileService.ts

@@ -0,0 +1,60 @@
+import type { AnonCredsRevocationRegistryDefinition } from '@aries-framework/anoncreds'
+import type { AgentContext } from '@aries-framework/core'
+
+import { BasicTailsFileService } from '@aries-framework/anoncreds'
+
+export class InMemoryTailsFileService extends BasicTailsFileService {
+  private tailsFilePaths: Record<string, string> = {}
+
+  public async uploadTailsFile(
+    agentContext: AgentContext,
+    options: {
+      revocationRegistryDefinition: AnonCredsRevocationRegistryDefinition
+    }
+  ): Promise<string> {
+    this.tailsFilePaths[options.revocationRegistryDefinition.value.tailsHash] =
+      options.revocationRegistryDefinition.value.tailsLocation
+
+    return options.revocationRegistryDefinition.value.tailsHash
+  }
+
+  public async downloadTailsFile(
+    agentContext: AgentContext,
+    options: {
+      revocationRegistryDefinition: AnonCredsRevocationRegistryDefinition
+    }
+  ): Promise<{
+    tailsFilePath: string
+  }> {
+    const { revocationRegistryDefinition } = options
+    const { tailsLocation, tailsHash } = revocationRegistryDefinition.value
+
+    try {
+      agentContext.config.logger.debug(
+        `Checking to see if tails file for URL ${revocationRegistryDefinition.value.tailsLocation} has been stored in the FileSystem`
+      )
+
+      // hash is used as file identifier
+      const tailsExists = await this.tailsFileExists(agentContext, tailsHash)
+      const tailsFilePath = this.getTailsFilePath(agentContext, tailsHash)
+      agentContext.config.logger.debug(
+        `Tails file for ${tailsLocation} ${tailsExists ? 'is stored' : 'is not stored'} at ${tailsFilePath}`
+      )
+
+      if (!tailsExists) {
+        agentContext.config.logger.debug(`Retrieving tails file from URL ${tailsLocation}`)
+        // TODO
+        agentContext.config.logger.debug(`Saved tails file to FileSystem at path ${tailsFilePath}`)
+      }
+
+      return {
+        tailsFilePath,
+      }
+    } catch (error) {
+      agentContext.config.logger.error(`Error while retrieving tails file from URL ${tailsLocation}`, {
+        error,
+      })
+      throw error
+    }
+  }
+}

packages/anoncreds-rs/tests/LocalDidResolver.ts

@@ -0,0 +1,30 @@
+import type { DidResolutionResult, DidResolver, AgentContext } from '@aries-framework/core'
+
+import { DidsApi } from '@aries-framework/core'
+
+export class LocalDidResolver implements DidResolver {
+  public readonly supportedMethods = ['sov', 'indy']
+
+  public async resolve(agentContext: AgentContext, did: string): Promise<DidResolutionResult> {
+    const didDocumentMetadata = {}
+
+    const didsApi = agentContext.dependencyManager.resolve(DidsApi)
+
+    const didRecord = (await didsApi.getCreatedDids()).find((record) => record.did === did)
+    if (!didRecord) {
+      return {
+        didDocument: null,
+        didDocumentMetadata,
+        didResolutionMetadata: {
+          error: 'notFound',
+          message: `resolver_error: Unable to resolve did '${did}'`,
+        },
+      }
+    }
+    return {
+      didDocument: didRecord.didDocument ?? null,
+      didDocumentMetadata,
+      didResolutionMetadata: { contentType: 'application/did+ld+json' },
+    }
+  }
+}