def links(base_dir: str, issuer_did: str = None) -> set:
"""
Return set of all paths to symbolic links (rev reg ids) associating their
respective tails files, in specified base tails directory recursively
(omitting the .hopper subdirectory), on input issuer DID if specified.
:param base_dir: base directory for tails files, thereafter split by cred def id
:param issuer_did: issuer DID of interest
:return: set of paths to symbolic links associating tails files
"""
LOGGER.debug('Tails.links >>> base_dir: %s, issuer_did: %s', base_dir,
issuer_did)
if issuer_did and not ok_did(issuer_did):
LOGGER.debug('Tails.links <!< Bad DID %s', issuer_did)
raise BadIdentifier('Bad DID {}'.format(issuer_did))
rv = set()
for dir_path, dir_names, file_names in walk(base_dir, topdown=True):
dir_names[:] = [d for d in dir_names if not d.startswith('.')]
for file_name in file_names:
if islink(join(dir_path, file_name)) and (
not issuer_did
or ok_rev_reg_id(file_name, issuer_did)):
rv.add(join(dir_path, file_name))
LOGGER.debug('Tails.links <<< %s', rv)
return rv
async def list_tails(request, ident):
"""
List tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:return: JSON array of rev reg ids corresponding to tails files available
"""
rv = []
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
if ident == 'all': # list everything: 'all' is not valid base58 so it can't be any case below
rv = [basename(link) for link in Tails.links(dir_tails)]
elif ok_rev_reg_id(ident) and Tails.linked(dir_tails, ident): # it's a rev reg id
rv = [ident]
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
rv = [basename(link) for link in Tails.links(dir_tails, ident.split(':')[0])
if rev_reg_id2cred_def_id(basename(link)) == ident]
elif ok_did(ident): # it's an issuer DID
rv = [basename(link) for link in Tails.links(dir_tails, ident)]
else:
LOGGER.error("Token %s must be 'all', rev reg id, cred def id, or issuer DID", ident)
raise InvalidUsage("Token {} must be 'all', rev reg id, cred def id, or issuer DID".format(ident))
LOGGER.info('Fulfilling GET request listing tails files on filter %s', ident)
return response.json(rv)
def associate(base_dir: str, rr_id: str, tails_hash: str) -> None:
"""
Create symbolic link to tails file named tails_hash for rev reg id rr_id.
:param rr_id: rev reg id
:param tails_hash: hash of tails file, serving as file name
"""
LOGGER.debug(
'Tails.associate >>> base_dir: %s, rr_id: %s, tails_hash: %s',
base_dir, rr_id, tails_hash)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Tails.associate <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
if not Tails.ok_hash(tails_hash):
LOGGER.debug('Tails.associate <!< Bad tails hash %s', tails_hash)
raise BadIdentifier('Bad tails hash {}'.format(tails_hash))
cd_id = rev_reg_id2cred_def_id(rr_id)
directory = join(base_dir, cd_id)
cwd = getcwd()
makedirs(directory, exist_ok=True)
chdir(directory)
symlink(tails_hash, rr_id)
chdir(cwd)
LOGGER.debug('Tails.associate <<<')
async def get_tails(request: Request, rr_id: str) -> HTTPResponse:
"""
Get tails file pertaining to input revocation registry identifier.
:param request: Sanic request structure
:param rr_id: rev reg id for revocation registry to which tails file pertains
:return: HTTP response with tails file, having tails hash as name
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('GET cited bad rev reg id %s', rr_id)
return response.text('GET cited bad rev reg id {}'.format(rr_id), status=400)
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
if not isdir(dir_cd_id):
LOGGER.error('GET cited rev reg id %s for which tails file dir %s not present', rr_id, dir_cd_id)
return response.text(
'GET cited rev reg id {} for which tails file dir {} not present'.format(rr_id, dir_cd_id),
status=404)
path_tails = Tails.linked(dir_tails, rr_id)
if not path_tails:
LOGGER.error('GET cited rev reg id %s for which tails file not present', rr_id)
return response.text('GET cited rev reg id {} for which tails file not present'.format(rr_id), status=404)
LOGGER.info('Fulfilling download GET request for tails file %s associated with rev reg id %s', path_tails, rr_id)
return await response.file(path_tails, filename=basename(path_tails))
async def list_tails(request: Request, ident: str) -> HTTPResponse:
"""
List tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:return: HTTP response with JSON array of rev reg ids corresponding to available tails files
"""
rv = []
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
if ident == 'all': # list everything: 'all' is not valid base58 so it can't be any case below
rv = [basename(link) for link in Tails.links(dir_tails)]
elif ok_rev_reg_id(ident): # it's a rev reg id
if Tails.linked(dir_tails, ident):
rv = [ident]
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
rv = [basename(link) for link in Tails.links(dir_tails, ident.split(':')[0])
if rev_reg_id2cred_def_id(basename(link)) == ident]
elif ok_did(ident): # it's an issuer DID
rv = [basename(link) for link in Tails.links(dir_tails, ident)]
else:
LOGGER.error('Token %s is not a valid specifier for tails files', ident)
return response.text('Token {} is not a valid specifier for tails files'.format(ident), status=400)
LOGGER.info('Fulfilling GET request listing tails files on filter %s', ident)
return response.json(rv)
async def get_tails(request, rr_id):
"""
Get tails file pertaining to input revocation registry identifier.
:param request: Sanic request structure
:param rr_id: rev reg id for revocation registry to which tails file pertains
:return: tails file, with tails hash as name
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('GET cited bad rev reg id %s', rr_id)
raise InvalidUsage('GET cited bad rev reg id {}'.format(rr_id))
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
if not isdir(dir_cd_id):
LOGGER.error('GET cited rev reg id %s for which tails file dir %s not present', rr_id, dir_cd_id)
raise NotFound('GET cited rev reg id {} for which tails file dir {} not present'.format(rr_id, dir_cd_id))
path_tails = Tails.linked(dir_tails, rr_id)
if not path_tails:
LOGGER.error('GET cited rev reg id %s for which tails file not present', rr_id)
raise NotFound('GET cited rev reg id {} for which tails file not present'.format(rr_id))
LOGGER.info('Fulfilling download GET request for tails file %s associated with rev reg id %s', path_tails, rr_id)
return await response.file(path_tails, filename=basename(path_tails))
def links(base_dir: str, issuer_did: str = None) -> set:
"""
Return set of all paths to symbolic links (rev reg ids) associating
their respective tails files, in specified base tails directory, on
input issuer DID if specified.
:param base_dir: base directory for tails files, thereafter split by cred def id
:param issuer_did: issuer DID of interest
:return: set of paths to symbolic links associating tails files
"""
LOGGER.debug('Tails.links >>> base_dir: %s, issuer_did: %s', base_dir,
issuer_did)
if issuer_did and not ok_did(issuer_did):
LOGGER.debug('Tails.links <!< Bad DID %s', issuer_did)
raise BadIdentifier('Bad DID {}'.format(issuer_did))
rv = {
join(dp, f)
for dp, dn, fn in walk(base_dir) for f in fn
if islink(join(dp, f)) and (not issuer_did or (
ok_rev_reg_id(f) and f.startswith('{}:4:'.format(issuer_did))))
}
LOGGER.debug('Tails.links <<< %s', rv)
return rv
async def load_cache_for_verification(self, archive: bool = False) -> int:
"""
Load schema, cred def, revocation caches; optionally archive enough to go
offline and be able to verify proof on content marked of interest in configuration.
Return timestamp (epoch seconds) of cache load event, also used as subdirectory
for cache archives.
:param archive: True to archive now or False to demur (subclasses may still
need to augment archivable caches further)
:return: cache load event timestamp (epoch seconds)
"""
LOGGER.debug('Verifier.load_cache_for_verification >>> archive: %s',
archive)
rv = int(time())
for s_id in self.config.get('archive-verifier-caches-on-close',
{}).get('schema_id', {}):
if ok_schema_id(s_id):
with SCHEMA_CACHE.lock:
await self.get_schema(s_id)
else:
LOGGER.info('Not archiving schema for specified bad id %s',
s_id)
for cd_id in self.config.get('archive-verifier-caches-on-close',
{}).get('cred_def_id', {}):
if ok_cred_def_id(cd_id):
with CRED_DEF_CACHE.lock:
await self.get_cred_def(cd_id)
else:
LOGGER.info('Not archiving cred def for specified bad id %s',
cd_id)
for rr_id in self.config.get('archive-verifier-caches-on-close',
{}).get('rev_reg_id', {}):
if ok_rev_reg_id(rr_id):
await self.get_rev_reg_def(rr_id)
with REVO_CACHE.lock:
revo_cache_entry = REVO_CACHE.get(rr_id, None)
if revo_cache_entry:
try:
await revo_cache_entry.get_state_json(
self._build_rr_state_json, rv, rv)
except ClosedPool:
LOGGER.warning(
'Verifier %s is offline from pool %s, cannot update revo cache reg state for %s to %s',
self.name, self.pool.name, rr_id, rv)
except AbsentPool:
LOGGER.warning(
'Verifier %s has no pool, cannot update revo cache reg state for %s to %s',
self.name, rr_id, rv)
else:
LOGGER.info('Not archiving rev reg for specified bad id %s',
rr_id)
if archive:
ArchivableCaches.archive(self.dir_cache)
LOGGER.debug('Verifier.load_cache_for_verification <<< %s', rv)
return rv
async def _create_rev_reg(self, rr_id: str, rr_size: int = None) -> None:
"""
Create revocation registry and new tails file (and association to
corresponding revocation registry definition via symbolic link) for input
revocation registry identifier.
:param rr_id: revocation registry identifier
:param rr_size: revocation registry size (defaults to 256)
"""
LOGGER.debug('Issuer._create_rev_reg >>> rr_id: %s, rr_size: %s',
rr_id, rr_size)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Issuer._create_rev_reg <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rr_size = rr_size or 256
(cd_id, tag) = rev_reg_id2cred_def_id_tag(rr_id)
LOGGER.info(
'Creating revocation registry (capacity %s) for rev reg id %s',
rr_size, rr_id)
tails_writer_handle = await blob_storage.open_writer(
'default',
json.dumps({
'base_dir': Tails.dir(self._dir_tails, rr_id),
'uri_pattern': ''
}))
apriori = Tails.unlinked(self._dir_tails)
(rr_id, rrd_json,
rre_json) = await anoncreds.issuer_create_and_store_revoc_reg(
self.wallet.handle, self.did, 'CL_ACCUM', tag, cd_id,
json.dumps({
'max_cred_num': rr_size,
'issuance_type': 'ISSUANCE_ON_DEMAND'
}), tails_writer_handle)
delta = Tails.unlinked(self._dir_tails) - apriori
if len(delta) != 1:
LOGGER.debug(
'Issuer._create_rev_reg: <!< Could not create tails file for rev reg id: %s',
rr_id)
raise CorruptTails(
'Could not create tails file for rev reg id {}'.format(rr_id))
tails_hash = basename(delta.pop())
Tails.associate(self._dir_tails, rr_id, tails_hash)
with REVO_CACHE.lock:
rrd_req_json = await ledger.build_revoc_reg_def_request(
self.did, rrd_json)
await self._sign_submit(rrd_req_json)
await self._get_rev_reg_def(rr_id) # add to cache en passant
rre_req_json = await ledger.build_revoc_reg_entry_request(
self.did, rr_id, 'CL_ACCUM', rre_json)
await self._sign_submit(rre_req_json)
LOGGER.debug('Issuer._create_rev_reg <<<')
async def revoke_cred(self, rr_id: str, cr_id) -> int:
"""
Revoke credential that input revocation registry identifier and
credential revocation identifier specify.
Return (epoch seconds) time of revocation.
Raise AbsentTails if no tails file is available for input revocation registry identifier.
Raise WalletState for closed wallet.
Raise BadRevocation if issuer cannot revoke specified credential for any other reason
(e.g., did not issue it, already revoked it).
:param rr_id: revocation registry identifier
:param cr_id: credential revocation identifier
:return: time of revocation, in epoch seconds
"""
LOGGER.debug('Issuer.revoke_cred >>> rr_id: %s, cr_id: %s', rr_id, cr_id)
if not self.wallet.handle:
LOGGER.debug('Issuer.revoke_cred <!< Wallet %s is closed', self.wallet.name)
raise WalletState('Wallet {} is closed'.format(self.wallet.name))
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Issuer.revoke_cred <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
tails_reader_handle = (await Tails(
self._dir_tails,
*rev_reg_id2cred_def_id_tag(rr_id)).open()).reader_handle
try:
rrdelta_json = await anoncreds.issuer_revoke_credential(
self.wallet.handle,
tails_reader_handle,
rr_id,
cr_id)
except IndyError as x_indy:
LOGGER.debug(
'Issuer.revoke_cred <!< Could not revoke revoc reg id %s, cred rev id %s: indy error code %s',
rr_id,
cr_id,
x_indy.error_code)
raise BadRevocation(
'Could not revoke revoc reg id {}, cred rev id {}: indy error code {}'.format(
rr_id,
cr_id,
x_indy.error_code))
rr_ent_req_json = await ledger.build_revoc_reg_entry_request(self.did, rr_id, 'CL_ACCUM', rrdelta_json)
resp_json = await self._sign_submit(rr_ent_req_json) # raises AbsentPool or ClosedPool if applicable
resp = json.loads(resp_json)
rv = self.pool.protocol.txn2epoch(resp)
LOGGER.debug('Issuer.revoke_cred <<< %s', rv)
return rv
async def _build_rr_state_json(self, rr_id: str,
timestamp: int) -> (str, int):
"""
Build rev reg state json at a given requested timestamp.
Return rev reg state json and its transaction time on the distributed ledger,
with upper bound at input timestamp of interest.
Raise AbsentRevReg if no revocation registry exists on input rev reg id,
or BadRevStateTime if requested timestamp predates revocation registry creation.
:param rr_id: rev reg id
:param timestamp: timestamp of interest (epoch seconds)
:return: rev reg state json and ledger timestamp (epoch seconds)
"""
LOGGER.debug(
'_Verifier._build_rr_state_json >>> rr_id: %s, timestamp: %s',
rr_id, timestamp)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Verifier._build_rr_state_json <!< Bad rev reg id %s',
rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rr_json = None
ledger_timestamp = None
get_rr_req_json = await ledger.build_get_revoc_reg_request(
self.did, rr_id, timestamp)
resp_json = await self._submit(get_rr_req_json)
resp = json.loads(resp_json)
if resp.get('result', {}).get(
'data', None) and resp['result']['data'].get('value', None):
# timestamp at or beyond rev reg creation, carry on
try:
(_, rr_json, ledger_timestamp
) = await ledger.parse_get_revoc_reg_response(resp_json)
except IndyError: # ledger replied, but there is no such rev reg available
LOGGER.debug(
'Verifier._build_rr_state_json <!< no rev reg exists on %s',
rr_id)
raise AbsentRevReg('No rev reg exists on {}'.format(rr_id))
else:
LOGGER.debug(
'_Verifier._build_rr_state_json <!< Rev reg %s created after asked-for time %s',
rr_id, timestamp)
raise BadRevStateTime(
'Rev reg {} created after asked-for time {}'.format(
rr_id, timestamp))
rv = (rr_json, ledger_timestamp)
LOGGER.debug('_Verifier._build_rr_state_json <<< %s', rv)
return rv
async def _get_rev_reg_def(self, rr_id: str) -> str:
"""
Get revocation registry definition from ledger by its identifier. Raise AbsentRevReg
for no such revocation registry, logging any error condition and raising BadLedgerTxn
on bad request.
Retrieve the revocation registry definition from the anchor's revocation cache if it has it;
cache it en passant if it does not (and such a revocation registry definition exists on the ledger).
:param rr_id: (revocation registry) identifier string, of the format
'<issuer-did>:4:<issuer-did>:3:CL:<schema-seq-no>:<tag>:CL_ACCUM:<tag>'
:return: revocation registry definition json as retrieved from ledger
"""
LOGGER.debug('_BaseAnchor._get_rev_reg_def >>> rr_id: %s', rr_id)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('_BaseAnchor._get_rev_reg_def <!< Bad rev reg id %s',
rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rv_json = json.dumps({})
with REVO_CACHE.lock:
revo_cache_entry = REVO_CACHE.get(rr_id, None)
rr_def = revo_cache_entry.rev_reg_def if revo_cache_entry else None
if rr_def:
LOGGER.info(
'_BaseAnchor._get_rev_reg_def: rev reg def for %s from cache',
rr_id)
rv_json = json.dumps(rr_def)
else:
get_rrd_req_json = await ledger.build_get_revoc_reg_def_request(
self.did, rr_id)
resp_json = await self._submit(get_rrd_req_json)
try:
(_,
rv_json) = await ledger.parse_get_revoc_reg_def_response(
resp_json)
rr_def = json.loads(rv_json)
except IndyError: # ledger replied, but there is no such rev reg
LOGGER.debug(
'_BaseAnchor._get_rev_reg_def: <!< no rev reg exists on %s',
rr_id)
raise AbsentRevReg('No rev reg exists on {}'.format(rr_id))
if revo_cache_entry is None:
REVO_CACHE[rr_id] = RevoCacheEntry(rr_def, None)
else:
REVO_CACHE[rr_id].rev_reg_def = rr_def
LOGGER.debug('_BaseAnchor._get_rev_reg_def <<< %s', rv_json)
return rv_json
async def _sync_revoc_for_issue(self,
rr_id: str,
rr_size: int = None) -> None:
"""
Create revocation registry if need be for input revocation registry identifier;
open and cache tails file reader.
:param rr_id: revocation registry identifier
:param rr_size: if new revocation registry necessary, its size (default as per RevRegBuilder.create_rev_reg())
"""
LOGGER.debug('Issuer._sync_revoc_for_issue >>> rr_id: %s, rr_size: %s',
rr_id, rr_size)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Issuer._sync_revoc_for_issue <!< Bad rev reg id %s',
rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
(cd_id, tag) = rev_reg_id2cred_def_id_tag(rr_id)
try:
await self.get_cred_def(cd_id)
except AbsentCredDef:
LOGGER.debug(
'Issuer._sync_revoc_for_issue <!< tails tree %s may be for another ledger; no cred def found on %s',
self.dir_tails, cd_id)
raise AbsentCredDef(
'Tails tree {} may be for another ledger; no cred def found on {}'
.format(self.dir_tails, cd_id))
with REVO_CACHE.lock:
revo_cache_entry = REVO_CACHE.get(rr_id, None)
tails = None if revo_cache_entry is None else revo_cache_entry.tails
if tails is None: # it's a new revocation registry, or not yet set in cache
try:
tails = await Tails(self.dir_tails, cd_id, tag).open()
except AbsentTails: # it's a new revocation registry
if self.rrbx:
await self._set_rev_reg(rr_id, rr_size)
else:
await self.rrb.create_rev_reg(rr_id, rr_size)
await self._send_rev_reg_def(rr_id)
tails = await Tails(self.dir_tails, cd_id,
tag).open() # symlink should exist now
if revo_cache_entry is None:
REVO_CACHE[rr_id] = RevoCacheEntry(None, tails)
else:
REVO_CACHE[rr_id].tails = tails
LOGGER.debug('Issuer._sync_revoc_for_issue <<<')
async def _set_rev_reg_def(rr_id: str) -> bool:
"""
Return true to continue to timestamp setting, false to short-circuit
"""
nonlocal rr_id2rr_def
if not rr_id:
return False
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Verifier.verify_proof <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
if rr_id not in rr_id2rr_def:
rr_id2rr_def[rr_id] = json.loads(await self.get_rev_reg_def(rr_id))
return True
async def delete_tails(request, ident):
"""
Delete tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:return: empty text string
"""
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
if ident == 'all': # delete everything: 'all' is not valid base58 so it can't be any case below
rmtree(dir_tails)
makedirs(dir_tails, exist_ok=True)
elif ok_rev_reg_id(ident): # it's a rev reg id
path_tails = Tails.linked(dir_tails, ident)
if path_tails and isfile(path_tails):
unlink(path_tails)
LOGGER.info('Deleted %s', path_tails)
path_link = pjoin(Tails.dir(dir_tails, ident), ident)
if path_link and islink(path_link):
unlink(path_link)
LOGGER.info('Deleted %s', path_link)
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
dir_cd_id = pjoin(dir_tails, ident)
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
elif ok_did(ident): # it's an issuer DID
dirs_cd_id = {dirname(link) for link in Tails.links(dir_tails, ident)}
for dir_cd_id in dirs_cd_id:
if ok_cred_def_id(basename(dir_cd_id)):
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
else:
LOGGER.error('Token %s must be rev reg id, cred def id, or issuer DID', ident)
raise InvalidUsage('Token {} must be rev reg id, cred def id, or issuer DID'.format(ident))
LOGGER.info('Fulfilled DELETE request deleting tails files on filter %s', ident)
return response.text('')
def dir(base_dir: str, rr_id: str) -> str:
"""
Return correct subdirectory of input base dir for artifacts corresponding to input rev reg id.
:param base_dir: base directory for tails files, thereafter split by cred def id
:param rr_id: rev reg id
"""
LOGGER.debug('Tails.dir >>> base_dir: %s, rr_id: %s', base_dir, rr_id)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Tails.dir <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rv = join(base_dir, rev_reg_id2cred_def_id(rr_id))
LOGGER.debug('Tails.dir <<< %s', rv)
return rv
def path_tails(self, rr_id: str) -> str:
"""
Return path to tails file for input revocation registry identifier.
:param rr_id: revocation registry identifier of interest
:return: path to tails file for input revocation registry identifier
"""
LOGGER.debug('Issuer.path_tails >>>')
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Issuer.path_tails <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rv = Tails.linked(self._dir_tails, rr_id)
LOGGER.debug('Issuer.path_tails <<< %s', rv)
return rv
async def sync_issuer(
dir_tails: str,
host: str,
port: int,
local_only: set,
noman: NominalAnchor) -> None:
"""
Synchronize for issuer: upload any tails files appearing locally but not remotely.
:param dir_tails: local tails directory
:param host: tails server host
:param port: tails server port
:param local_only: paths to local tails symbolic links (rev reg ids) without corresponding remote tails files
:param noman: open issuer anchor
"""
logging.debug('Sync-issuer: local-only=%s', ppjson(local_only))
if not local_only:
return
for rr_id in local_only:
if not ok_rev_reg_id(rr_id, noman.did): # restrict POSTs to issuer's own tails files
logging.debug(
'Sync-issuer: local-only %s is not a rev reg id for issuer %s (%s)',
rr_id,
noman.did,
noman.wallet.name)
continue
epoch = int(time())
url = 'http://{}:{}/tails/{}/{}'.format(host, port, quote(rr_id), epoch)
path_tails = Tails.linked(dir_tails, rr_id)
with open(path_tails, 'rb') as tails_fh:
tails = tails_fh.read()
sig = await noman.sign('{}||{}'.format(epoch, tails))
try:
resp = requests.post(
url,
files={
'tails-file': (basename(path_tails), tails),
'signature': ('signature', sig)
})
logging.info('Upload: url %s status %s', url, resp.status_code)
except RequestsConnectionError:
logging.error('POST connection refused: %s', url)
async def post_tails(request, rr_id):
"""
Post tails file to server. Multipart file name must be tails hash.
:param request: Sanic request structure
:param rr_id: rev reg id for revocation registry to which tails file pertains
:return: empty text string
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('POST cited bad rev reg id %s', rr_id)
raise InvalidUsage('POST cited bad rev reg id {}'.format(rr_id))
# curl uses 'data', python requests uses 'file', there may be others
req_key = set(k for k in request.files
if request.files[k]
and isinstance(request.files[k], list)
and isinstance(request.files[k][0], SanicReqFile)).pop()
tails_hash = request.files[req_key][0].name
if not Tails.ok_hash(tails_hash):
LOGGER.error('POST attached file named with bad tails file hash %s', tails_hash)
raise InvalidUsage('POST attached file named with bad tails file hash {}'.format(tails_hash))
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
makedirs(dir_cd_id, exist_ok=True)
if Tails.linked(dir_tails, rr_id):
LOGGER.error('POST attached tails file %s, already present', rr_id)
raise Forbidden('POST attached tails file {}, already present'.format(rr_id))
path_tails_hash = pjoin(dir_cd_id, tails_hash)
if exists(path_tails_hash):
LOGGER.error('POST attached tails file %s, already present at %s', rr_id, path_tails_hash)
raise Forbidden('POST attached tails file {}, already present at {}'.format(rr_id, path_tails_hash))
with open(path_tails_hash, 'wb') as fh_tails:
fh_tails.write(request.files[req_key][0].body)
Tails.associate(dir_tails, rr_id, tails_hash)
LOGGER.info('Associated link %s to POST tails file attachment saved to %s', rr_id, path_tails_hash)
return response.text('')
def linked(base_dir: str, rr_id: str) -> str:
"""
Get, from the specified directory, the path to the tails file associated with
the input revocation registry identifier, or None for no such file.
:param base_dir: base directory for tails files, thereafter split by cred def id
:param rr_id: rev reg id
:return: (stringified) path to tails file of interest, or None for no such file.
"""
LOGGER.debug('Tails.linked >>> base_dir: %s, rr_id: %s', base_dir, rr_id)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Tails.linked <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
cd_id = rev_reg_id2cred_def_id(rr_id)
link = join(base_dir, cd_id, rr_id)
rv = join(base_dir, cd_id, readlink(link)) if islink(link) else None
LOGGER.debug('Tails.linked <<< %s', rv)
return rv
async def post_tails(request: Request, rr_id: str, epoch: int) -> HTTPResponse:
"""
Post tails file to server, auth-encrypted from issuer (by DID) to tails server anchor.
Multipart file name must be tails hash.
:param request: Sanic request structure
:param rr_id: revocation registry identifier
:param epoch: current EPOCH time, must be within configured proximity to current server time
:return: empty text response
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('POST cited bad rev reg id %s', rr_id)
return response.text('POST cited bad rev reg id {}'.format(rr_id), status=400)
did = rr_id.split(':')[0]
if not await is_current(int(epoch)):
LOGGER.error('POST epoch %s in too far from current server time', epoch)
return response.text('POST epoch {} is too far from current server time'.format(epoch), status=400)
tails_hash = request.files['tails-file'][0].name
if not Tails.ok_hash(tails_hash):
LOGGER.error('POST attached file named with bad tails file hash %s', tails_hash)
return response.text('POST attached file named with bad tails file hash {}'.format(tails_hash), status=400)
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
makedirs(dir_cd_id, exist_ok=True)
if Tails.linked(dir_tails, rr_id):
LOGGER.error('POST attached tails file %s, already present', rr_id)
return response.text('POST attached tails file {}, already present'.format(rr_id), status=403)
path_tails_hash = join(dir_cd_id, tails_hash)
if exists(path_tails_hash):
LOGGER.error('POST attached tails file %s, already present at %s', rr_id, path_tails_hash)
return response.text(
'POST attached tails file {}, already present at {}'.format(rr_id, path_tails_hash),
status=403)
tsan = await MEM_CACHE.get('tsan')
signature = request.files['signature'][0].body
epoch_tails = '{}||{}'.format(epoch, request.files['tails-file'][0].body)
if not tsan.verify(epoch_tails, signature, did):
LOGGER.error('POST attached file %s failed to verify', tails_hash)
return response.text('POST attached file {} failed to verify'.format(tails_hash), status=400)
try:
rev_reg_def = json.loads(await tsan.get_rev_reg_def(rr_id))
ledger_hash = rev_reg_def.get('value', {}).get('tailsHash', None)
if ledger_hash != tails_hash:
LOGGER.error('POST attached tails file hash %s differs from ledger value %s', tails_hash, ledger_hash)
return response.text(
'POST attached tails file hash {} differs from ledger value {}'.format(tails_hash, ledger_hash),
status=400)
except AbsentRevReg:
LOGGER.error('POST revocation registry not present on ledger for %s', rr_id)
return response.text('POST revocation registry not present on ledger for {}'.format(rr_id), status=400)
with open(path_tails_hash, 'wb') as fh_tails:
fh_tails.write(request.files['tails-file'][0].body)
Tails.associate(dir_tails, rr_id, tails_hash)
LOGGER.info('Associated link %s to POST tails file attachment saved to %s', rr_id, path_tails_hash)
return response.text('')
async def delete_tails(request: Request, ident: str, epoch: int) -> HTTPResponse:
"""
Delete tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:param epoch: current EPOCH time, must be within 5 minutes of current server time
:return: empty text response
"""
if not await is_current(int(epoch)):
LOGGER.error('DELETE epoch %s in too far from current server time', epoch)
return response.text('DELETE epoch {} is too far from current server time'.format(epoch), status=400)
signature = request.body
plain = '{}||{}'.format(epoch, ident)
tsan = await MEM_CACHE.get('tsan')
if not tsan.verify(plain, signature, tsan.did):
LOGGER.error('DELETE signature failed to verify')
return response.text('DELETE signature failed to verify', status=400)
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
if ident == 'all': # delete everything -- note that 'all' is not valid base58 so no case below can apply
if isdir(dir_tails):
rmtree(dir_tails)
makedirs(dir_tails, exist_ok=True)
elif ok_rev_reg_id(ident): # it's a rev reg id
path_tails = Tails.linked(dir_tails, ident)
if path_tails and isfile(path_tails):
unlink(path_tails)
LOGGER.info('Deleted %s', path_tails)
path_link = join(Tails.dir(dir_tails, ident), ident)
if path_link and islink(path_link):
unlink(path_link)
LOGGER.info('Deleted %s', path_link)
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
dir_cd_id = join(dir_tails, ident)
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
elif ok_did(ident): # it's an issuer DID
dirs_cd_id = {dirname(link) for link in Tails.links(dir_tails, ident)}
for dir_cd_id in dirs_cd_id:
if ok_cred_def_id(basename(dir_cd_id)):
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
else:
LOGGER.error('Token %s is not a valid specifier for tails files', ident)
return response.text('Token {} is not a valid specifier for tails files'.format(ident), status=400)
LOGGER.info('Fulfilled DELETE request deleting tails files on filter %s', ident)
return response.text('')
async def test_box_ids():
print(Ink.YELLOW('\n\n== Testing Identifier Checks =='))
assert ok_wallet_reft('49ad0727-8663-45ae-a115-12b09860f9c6')
assert not ok_wallet_reft('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_wallet_reft('49ad0727-45ae-a115-12b09860f9c6')
assert ok_did(
'Q4zqM7aXqm7gDQkUVLng9h') # quibble: not technically a box id
assert not ok_did('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_did('Q4zqM7aXqm7gDQkUVLng')
for value in (None, 'TRUSTEE', 'STEWARD', 'TRUST_ANCHOR', ''):
assert ok_role(value)
for value in (123, 'TRUSTY', 'STEW', 'ANCHOR', ' '):
assert not ok_role(value)
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9h')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9h')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9hx')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng90')
assert ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:3:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h::bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2::1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0a')
assert not ok_schema_id(
'Q4zqM7aXqm7gDQkUVLng9I:2:bc-reg:1.0') # I is not in base58
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag') # protocol >= 1.4
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:4:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h::CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9I:3:CL:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3::18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18z:tag')
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18') # protocol == 1.3
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
) # protocol >= 1.4
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:5:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:4:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL::CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:NOT_CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20z:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20::CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag::1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1'
) # protocol == 1.3
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert ok_endpoint('10.0.0.2:9702')
assert ok_endpoint('0.0.0.0:0')
assert not ok_endpoint('canada.gc.ca:8088')
assert not ok_endpoint(':37')
assert not ok_endpoint('http://url-wrong')
assert not ok_endpoint('2.3.4.5')
assert not ok_endpoint('2.3.4:8080')
assert not ok_endpoint('1.2.3.4:abc')
assert not ok_endpoint('1.2.3.4:1234.56')
async def create_rev_reg(self, rr_id: str, rr_size: int = None) -> None:
"""
Create revocation registry artifacts and new tails file (with association to
corresponding revocation registry identifier via symbolic link name)
for input revocation registry identifier. Symbolic link presence signals completion.
If revocation registry builder operates in a process external to its Issuer's,
target directory is hopper directory.
Raise WalletState for closed wallet.
:param rr_id: revocation registry identifier
:param rr_size: revocation registry size (defaults to 64)
"""
LOGGER.debug('RevRegBuilder.create_rev_reg >>> rr_id: %s, rr_size: %s',
rr_id, rr_size)
if not self.wallet.handle:
LOGGER.debug(
'RevRegBuilder.create_rev_reg <!< Wallet %s is closed',
self.name)
raise WalletState('Wallet {} is closed'.format(self.name))
if not ok_rev_reg_id(rr_id):
LOGGER.debug('RevRegBuilder.create_rev_reg <!< Bad rev reg id %s',
rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rr_size = rr_size or 64
(cd_id, tag) = rev_reg_id2cred_def_id_tag(rr_id)
dir_tails = self.dir_tails_top(rr_id)
dir_target = self.dir_tails_target(rr_id)
if self.external:
try:
makedirs(dir_target, exist_ok=False)
except FileExistsError:
LOGGER.warning(
'RevRegBuilder.create_rev_reg found dir %s, but task not in progress: rebuilding rev reg %s',
dir_target, rr_id)
rmtree(dir_target)
makedirs(dir_target, exist_ok=False)
LOGGER.info(
'Creating revocation registry (capacity %s) for rev reg id %s',
rr_size, rr_id)
tails_writer_handle = await blob_storage.open_writer(
'default', json.dumps({
'base_dir': dir_target,
'uri_pattern': ''
}))
(created_rr_id, rr_def_json,
rr_ent_json) = await anoncreds.issuer_create_and_store_revoc_reg(
self.wallet.handle, self.did, 'CL_ACCUM', tag, cd_id,
json.dumps({
'max_cred_num': rr_size,
'issuance_type': 'ISSUANCE_BY_DEFAULT'
}), tails_writer_handle)
tails_hash = basename(Tails.unlinked(dir_target).pop())
with open(join(dir_target, 'rr_def.json'), 'w') as rr_def_fh:
print(rr_def_json, file=rr_def_fh)
with open(join(dir_target, 'rr_ent.json'), 'w') as rr_ent_fh:
print(rr_ent_json, file=rr_ent_fh)
Tails.associate(
dir_tails, created_rr_id,
tails_hash) # associate last: symlink signals completion
LOGGER.debug('RevRegBuilder.create_rev_reg <<<')
async def test_box_ids():
print(Ink.YELLOW('\n\n== Testing Box Identifier Checks =='))
assert ok_did(
'Q4zqM7aXqm7gDQkUVLng9h') # quibble: not technically a box id
assert not ok_did('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_did('Q4zqM7aXqm7gDQkUVLng')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9h')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9h')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9hx')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng90')
assert ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:3:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h::bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2::1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0a')
assert not ok_schema_id(
'Q4zqM7aXqm7gDQkUVLng9I:2:bc-reg:1.0') # I is not in base58
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:0') # protocol >= 1.4
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:4:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h::CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9I:3:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3::18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18z:0')
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18') # protocol == 1.3
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:0:CL_ACCUM:1'
) # protocol >= 1.4
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:5:LjgpST2rjsoxYegQDRm7EL:3:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:4:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL::CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:NOT_CL:20:0:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20z:0:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20::CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:0::1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:0:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:0:CL_ACCUM:')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:0:CL_ACCUM')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1'
) # protocol == 1.3
async def test_ids():
print(Ink.YELLOW('\n\n== Testing Identifier Checks =='))
assert ok_wallet_reft('49ad0727-8663-45ae-a115-12b09860f9c6')
assert not ok_wallet_reft('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_wallet_reft('49ad0727-45ae-a115-12b09860f9c6')
print('\n\n== 1 == Wallet referent identifier checks pass OK')
assert ok_did('Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_did('Q4zqM7aXqm7gDQkUVLng9I') # 'I' not a base58 char
assert not ok_did('Q4zqM7aXqm7gDQkUVLng') # too short
print('\n\n== 2 == Distributed identifier checks pass OK')
for value in (None, 'TRUSTEE', 'STEWARD', 'TRUST_ANCHOR', ''):
assert ok_role(value)
for value in (123, 'TRUSTY', 'STEW', 'ANCHOR', ' '):
assert not ok_role(value)
print('\n\n== 3 == Role identifier checks pass OK')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9h')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9h')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9hx')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng90')
print('\n\n== 4 == Tails hash identifier checks pass OK')
assert ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:3:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h::bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2::1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0a')
assert not ok_schema_id(
'Q4zqM7aXqm7gDQkUVLng9I:2:bc-reg:1.0') # I is not in base58
print('\n\n== 5 == Schema identifier checks pass OK')
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag') # protocol >= 1.4
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag'
) # long form
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Q4zqM7aXqm7gDQkUVLng9h') # issuer-did
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q999999999999999999999:2:schema_name:1.0:tag',
'Q4zqM7aXqm7gDQkUVLng9h') # long form, issuer-did
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag',
'Xxxxxxxxxxxxxxxxxxxxxx') # long form, issuer-did
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag'
) # long form
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:schema_name:1.0:tag'
) # no :2:
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:QIIIIIIIII7gDQkUVLng9h:schema_name:1.0:tag'
) # I not base58
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:QIIIIIIIII7gDQkUVLng9h:schema_name:v1.0:tag'
) # bad version
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:4:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h::CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9I:3:CL:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3::18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18z:tag')
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18') # protocol == 1.3
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert ok_cred_def_id(
rev_reg_id2cred_def_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag:CL_ACCUM:1'
))
print('\n\n== 6 == Credential definition identifier checks pass OK')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
) # protocol >= 1.4
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert ok_rev_reg_id( # long form
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag:CL_ACCUM:1'
)
assert ok_rev_reg_id( # long form
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:5:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:4:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL::CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:NOT_CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20z:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20::CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag::1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1'
) # protocol == 1.3
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
print('\n\n== 7 == Revocation registry identifier checks pass OK')
async def verify_proof(self, proof_req: dict, proof: dict) -> str:
"""
Verify proof as Verifier. Raise AbsentRevReg if a proof cites a revocation registry
that does not exist on the distributed ledger.
:param proof_req: proof request as Verifier creates, as per proof_req_json above
:param proof: proof as HolderProver creates
:return: json encoded True if proof is valid; False if not
"""
LOGGER.debug('Verifier.verify_proof >>> proof_req: %s, proof: %s',
proof_req, proof)
s_id2schema = {}
cd_id2cred_def = {}
rr_id2rr_def = {}
rr_id2rr = {}
proof_ids = proof['identifiers']
for proof_id in proof_ids:
# schema
s_id = proof_id['schema_id']
if not ok_schema_id(s_id):
LOGGER.debug('Verifier.verify_proof: <!< Bad schema id %s',
s_id)
raise BadIdentifier('Bad schema id {}'.format(s_id))
if s_id not in s_id2schema:
schema = json.loads(
await self.get_schema(s_id)) # add to cache en passant
if not schema:
LOGGER.debug(
'Verifier.verify_proof: <!< absent schema %s, proof req may be for another ledger',
s_id)
raise AbsentSchema(
'Absent schema {}, proof req may be for another ledger'
.format(s_id))
s_id2schema[s_id] = schema
# cred def
cd_id = proof_id['cred_def_id']
if not ok_cred_def_id(cd_id):
LOGGER.debug('Verifier.verify_proof: <!< Bad cred def id %s',
cd_id)
raise BadIdentifier('Bad cred def id {}'.format(cd_id))
if cd_id not in cd_id2cred_def:
cred_def = json.loads(
await self.get_cred_def(cd_id)) # add to cache en passant
cd_id2cred_def[cd_id] = cred_def
# rev reg def
rr_id = proof_id['rev_reg_id']
if not rr_id:
continue
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Verifier.verify_proof: <!< Bad rev reg id %s',
rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rr_def_json = await self._get_rev_reg_def(rr_id)
rr_id2rr_def[rr_id] = json.loads(rr_def_json)
# timestamp
timestamp = proof_id['timestamp']
with REVO_CACHE.lock:
revo_cache_entry = REVO_CACHE.get(rr_id, None)
(rr_json, _) = await revo_cache_entry.get_state_json(
self._build_rr_state_json, timestamp, timestamp)
if rr_id not in rr_id2rr:
rr_id2rr[rr_id] = {}
rr_id2rr[rr_id][timestamp] = json.loads(rr_json)
rv = json.dumps(await anoncreds.verifier_verify_proof(
json.dumps(proof_req), json.dumps(proof), json.dumps(s_id2schema),
json.dumps(cd_id2cred_def), json.dumps(rr_id2rr_def),
json.dumps(rr_id2rr)))
LOGGER.debug('Verifier.verify_proof <<< %s', rv)
return rv
def parse(base_dir: str, timestamp: int = None) -> int:
"""
Parse and update from archived cache files. Only accept new content;
do not overwrite any existing cache content.
:param base_dir: archive base directory
:param timestamp: epoch time of cache serving as subdirectory, default most recent
:return: epoch time of cache serving as subdirectory, None if there is no such archive.
"""
LOGGER.debug('parse >>> base_dir: %s, timestamp: %s', base_dir,
timestamp)
if not isdir(base_dir):
LOGGER.info('No cache archives available: not feeding cache')
LOGGER.debug('parse <<< None')
return None
if not timestamp:
timestamps = [int(t) for t in listdir(base_dir) if t.isdigit()]
if timestamps:
timestamp = max(timestamps)
else:
LOGGER.info('No cache archives available: not feeding cache')
LOGGER.debug('parse <<< None')
return None
timestamp_dir = join(base_dir, str(timestamp))
if not isdir(timestamp_dir):
LOGGER.error('No such archived cache directory: %s', timestamp_dir)
LOGGER.debug('parse <<< None')
return None
with SCHEMA_CACHE.lock:
with open(join(timestamp_dir, 'schema'), 'r') as archive:
schemata = json.loads(archive.read())
SCHEMA_CACHE.feed(schemata)
with CRED_DEF_CACHE.lock:
with open(join(timestamp_dir, 'cred_def'), 'r') as archive:
cred_defs = json.loads(archive.read())
for cd_id in cred_defs:
if not ok_cred_def_id(cd_id):
LOGGER.warning(
'Abstaining feeding cache cred def on bad id %s',
cd_id)
elif cd_id in CRED_DEF_CACHE:
LOGGER.warning(
'Cred def cache already has cred def on %s: skipping',
cd_id)
else:
CRED_DEF_CACHE[cd_id] = cred_defs[cd_id]
LOGGER.info(
'Cred def cache imported cred def for cred def id %s',
cd_id)
with REVO_CACHE.lock:
with open(join(timestamp_dir, 'revocation'), 'r') as archive:
rr_cache_entries = json.loads(archive.read())
for (rr_id, entry) in rr_cache_entries.items():
if not ok_rev_reg_id(rr_id):
LOGGER.warning(
'Abstaining from feeding revocation cache rev reg on bad id %s',
rr_id)
elif rr_id in REVO_CACHE:
LOGGER.warning(
'Revocation cache already has entry on %s: skipping',
rr_id)
else:
rr_cache_entry = RevoCacheEntry(entry['rev_reg_def'])
rr_cache_entry.rr_delta_frames = [
RevRegUpdateFrame(f['_to'], f['_timestamp'],
f['_rr_update'])
for f in entry['rr_delta_frames']
]
rr_cache_entry.cull(True)
rr_cache_entry.rr_state_frames = [
RevRegUpdateFrame(f['_to'], f['_timestamp'],
f['_rr_update'])
for f in entry['rr_state_frames']
]
rr_cache_entry.cull(False)
REVO_CACHE[rr_id] = rr_cache_entry
LOGGER.info(
'Revocation cache imported entry for rev reg id %s',
rr_id)
LOGGER.debug('parse <<< %s', timestamp)
return timestamp
async def test_ids():
print(Ink.YELLOW('\n\n== Testing Identifier Checks =='))
assert ok_wallet_reft('49ad0727-8663-45ae-a115-12b09860f9c6')
assert not ok_wallet_reft('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_wallet_reft('49ad0727-45ae-a115-12b09860f9c6')
print('\n\n== 1 == Wallet referent identifier checks pass OK')
assert ok_did('Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_did('Q4zqM7aXqm7gDQkUVLng9I') # 'I' not a base58 char
assert not ok_did('Q4zqM7aXqm7gDQkUVLng') # too short
print('\n\n== 2 == Distributed identifier checks pass OK')
for value in (None, 'TRUSTEE', 'STEWARD', 'TRUST_ANCHOR', ''):
assert ok_role(value)
for value in (123, 'TRUSTY', 'STEW', 'ANCHOR', ' '):
assert not ok_role(value)
print('\n\n== 3 == Role identifier checks pass OK')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9h')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9h')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9hx')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng90')
print('\n\n== 4 == Tails hash identifier checks pass OK')
assert ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:3:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h::bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2::1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0a')
assert not ok_schema_id(
'Q4zqM7aXqm7gDQkUVLng9I:2:bc-reg:1.0') # I is not in base58
print('\n\n== 5 == Schema identifier checks pass OK')
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag') # protocol >= 1.4
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:4:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h::CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9I:3:CL:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3::18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18z:tag')
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18') # protocol == 1.3
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Xxxxxxxxxxxxxxxxxxxxxx')
print('\n\n== 6 == Credential definition identifier checks pass OK')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
) # protocol >= 1.4
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:5:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:4:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL::CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:NOT_CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20z:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20::CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag::1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1'
) # protocol == 1.3
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
print('\n\n== 7 == Revocation registry identifier checks pass OK')
assert ok_endpoint('10.0.0.2:9702')
assert ok_endpoint('0.0.0.0:0')
assert not ok_endpoint('canada.gc.ca:8088')
assert not ok_endpoint(':37')
assert not ok_endpoint('http://url-wrong')
assert not ok_endpoint('2.3.4.5')
assert not ok_endpoint('2.3.4:8080')
assert not ok_endpoint('1.2.3.4:abc')
assert not ok_endpoint('1.2.3.4:1234.56')
print('\n\n== 8 == Endpoint checks pass OK')
