async def _set_rev_reg(self, rr_id: str, rr_size: int) -> None:
"""
Move precomputed revocation registry data from hopper into place within tails directory.
:param rr_id: revocation registry identifier
:param rr_size: revocation registry size, in case creation required
"""
LOGGER.debug('Issuer._set_rev_reg >>> rr_id: %s, rr_size: %s', rr_id, rr_size)
assert self._rrbx
dir_hopper_rr_id = join(self._dir_tails_hopper, rr_id)
while Tails.linked(dir_hopper_rr_id, rr_id) is None:
await asyncio.sleep(1)
await self._send_rev_reg_def(rr_id)
cd_id = rev_reg_id2cred_def_id(rr_id)
(next_tag, rr_size_suggested) = Tails.next_tag(self._dir_tails, cd_id)
rr_id = rev_reg_id(cd_id, next_tag)
try:
makedirs(join(self._dir_tails_sentinel, rr_id), exist_ok=False)
except FileExistsError:
LOGGER.warning('Rev reg %s construction already in progress', rr_id)
else:
open(join(self._dir_tails_sentinel, rr_id, '.{}'.format(rr_size or rr_size_suggested)), 'w').close()
LOGGER.debug('Issuer._set_rev_reg <<<')
async def list_tails(request: Request, ident: str) -> HTTPResponse:
"""
List tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:return: HTTP response with JSON array of rev reg ids corresponding to available tails files
"""
rv = []
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
if ident == 'all': # list everything: 'all' is not valid base58 so it can't be any case below
rv = [basename(link) for link in Tails.links(dir_tails)]
elif ok_rev_reg_id(ident): # it's a rev reg id
if Tails.linked(dir_tails, ident):
rv = [ident]
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
rv = [basename(link) for link in Tails.links(dir_tails, ident.split(':')[0])
if rev_reg_id2cred_def_id(basename(link)) == ident]
elif ok_did(ident): # it's an issuer DID
rv = [basename(link) for link in Tails.links(dir_tails, ident)]
else:
LOGGER.error('Token %s is not a valid specifier for tails files', ident)
return response.text('Token {} is not a valid specifier for tails files'.format(ident), status=400)
LOGGER.info('Fulfilling GET request listing tails files on filter %s', ident)
return response.json(rv)
async def get_tails(request, rr_id):
"""
Get tails file pertaining to input revocation registry identifier.
:param request: Sanic request structure
:param rr_id: rev reg id for revocation registry to which tails file pertains
:return: tails file, with tails hash as name
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('GET cited bad rev reg id %s', rr_id)
raise InvalidUsage('GET cited bad rev reg id {}'.format(rr_id))
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
if not isdir(dir_cd_id):
LOGGER.error('GET cited rev reg id %s for which tails file dir %s not present', rr_id, dir_cd_id)
raise NotFound('GET cited rev reg id {} for which tails file dir {} not present'.format(rr_id, dir_cd_id))
path_tails = Tails.linked(dir_tails, rr_id)
if not path_tails:
LOGGER.error('GET cited rev reg id %s for which tails file not present', rr_id)
raise NotFound('GET cited rev reg id {} for which tails file not present'.format(rr_id))
LOGGER.info('Fulfilling download GET request for tails file %s associated with rev reg id %s', path_tails, rr_id)
return await response.file(path_tails, filename=basename(path_tails))
async def list_tails(request, ident):
"""
List tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:return: JSON array of rev reg ids corresponding to tails files available
"""
rv = []
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
if ident == 'all': # list everything: 'all' is not valid base58 so it can't be any case below
rv = [basename(link) for link in Tails.links(dir_tails)]
elif ok_rev_reg_id(ident) and Tails.linked(dir_tails, ident): # it's a rev reg id
rv = [ident]
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
rv = [basename(link) for link in Tails.links(dir_tails, ident.split(':')[0])
if rev_reg_id2cred_def_id(basename(link)) == ident]
elif ok_did(ident): # it's an issuer DID
rv = [basename(link) for link in Tails.links(dir_tails, ident)]
else:
LOGGER.error("Token %s must be 'all', rev reg id, cred def id, or issuer DID", ident)
raise InvalidUsage("Token {} must be 'all', rev reg id, cred def id, or issuer DID".format(ident))
LOGGER.info('Fulfilling GET request listing tails files on filter %s', ident)
return response.json(rv)
async def get_tails(request: Request, rr_id: str) -> HTTPResponse:
"""
Get tails file pertaining to input revocation registry identifier.
:param request: Sanic request structure
:param rr_id: rev reg id for revocation registry to which tails file pertains
:return: HTTP response with tails file, having tails hash as name
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('GET cited bad rev reg id %s', rr_id)
return response.text('GET cited bad rev reg id {}'.format(rr_id), status=400)
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
if not isdir(dir_cd_id):
LOGGER.error('GET cited rev reg id %s for which tails file dir %s not present', rr_id, dir_cd_id)
return response.text(
'GET cited rev reg id {} for which tails file dir {} not present'.format(rr_id, dir_cd_id),
status=404)
path_tails = Tails.linked(dir_tails, rr_id)
if not path_tails:
LOGGER.error('GET cited rev reg id %s for which tails file not present', rr_id)
return response.text('GET cited rev reg id {} for which tails file not present'.format(rr_id), status=404)
LOGGER.info('Fulfilling download GET request for tails file %s associated with rev reg id %s', path_tails, rr_id)
return await response.file(path_tails, filename=basename(path_tails))
async def _create_rev_reg(self, rr_id: str, rr_size: int = None) -> None:
"""
Create revocation registry and new tails file (and association to
corresponding revocation registry definition via symbolic link) for input
revocation registry identifier.
:param rr_id: revocation registry identifier
:param rr_size: revocation registry size (defaults to 256)
"""
LOGGER.debug('Issuer._create_rev_reg >>> rr_id: %s, rr_size: %s',
rr_id, rr_size)
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Issuer._create_rev_reg <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rr_size = rr_size or 256
(cd_id, tag) = rev_reg_id2cred_def_id_tag(rr_id)
LOGGER.info(
'Creating revocation registry (capacity %s) for rev reg id %s',
rr_size, rr_id)
tails_writer_handle = await blob_storage.open_writer(
'default',
json.dumps({
'base_dir': Tails.dir(self._dir_tails, rr_id),
'uri_pattern': ''
}))
apriori = Tails.unlinked(self._dir_tails)
(rr_id, rrd_json,
rre_json) = await anoncreds.issuer_create_and_store_revoc_reg(
self.wallet.handle, self.did, 'CL_ACCUM', tag, cd_id,
json.dumps({
'max_cred_num': rr_size,
'issuance_type': 'ISSUANCE_ON_DEMAND'
}), tails_writer_handle)
delta = Tails.unlinked(self._dir_tails) - apriori
if len(delta) != 1:
LOGGER.debug(
'Issuer._create_rev_reg: <!< Could not create tails file for rev reg id: %s',
rr_id)
raise CorruptTails(
'Could not create tails file for rev reg id {}'.format(rr_id))
tails_hash = basename(delta.pop())
Tails.associate(self._dir_tails, rr_id, tails_hash)
with REVO_CACHE.lock:
rrd_req_json = await ledger.build_revoc_reg_def_request(
self.did, rrd_json)
await self._sign_submit(rrd_req_json)
await self._get_rev_reg_def(rr_id) # add to cache en passant
rre_req_json = await ledger.build_revoc_reg_entry_request(
self.did, rr_id, 'CL_ACCUM', rre_json)
await self._sign_submit(rre_req_json)
LOGGER.debug('Issuer._create_rev_reg <<<')
async def delete_tails(request, ident):
"""
Delete tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:return: empty text string
"""
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
if ident == 'all': # delete everything: 'all' is not valid base58 so it can't be any case below
rmtree(dir_tails)
makedirs(dir_tails, exist_ok=True)
elif ok_rev_reg_id(ident): # it's a rev reg id
path_tails = Tails.linked(dir_tails, ident)
if path_tails and isfile(path_tails):
unlink(path_tails)
LOGGER.info('Deleted %s', path_tails)
path_link = pjoin(Tails.dir(dir_tails, ident), ident)
if path_link and islink(path_link):
unlink(path_link)
LOGGER.info('Deleted %s', path_link)
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
dir_cd_id = pjoin(dir_tails, ident)
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
elif ok_did(ident): # it's an issuer DID
dirs_cd_id = {dirname(link) for link in Tails.links(dir_tails, ident)}
for dir_cd_id in dirs_cd_id:
if ok_cred_def_id(basename(dir_cd_id)):
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
else:
LOGGER.error('Token %s must be rev reg id, cred def id, or issuer DID', ident)
raise InvalidUsage('Token {} must be rev reg id, cred def id, or issuer DID'.format(ident))
LOGGER.info('Fulfilled DELETE request deleting tails files on filter %s', ident)
return response.text('')
async def close(self) -> None:
"""
Explicit exit. If so configured, populate cache to prove for any creds on schemata,
cred defs, and rev regs marked of interest in configuration at initialization,
archive cache, and purge prior cache archives.
:return: current object
"""
LOGGER.debug('OrgHubAnchor.close >>>')
archive_caches = False
if self.config.get('archive-holder-prover-caches-on-close', False):
archive_caches = True
try:
await self.load_cache_for_proof(False)
except WalletState:
LOGGER.warning(
'OrgHubAnchor load cache for proof on close required open wallet %s but it was closed',
self.name)
if self.config.get('archive-verifier-caches-on-close', {}):
archive_caches = True
await self.load_cache_for_verification(False)
if archive_caches:
ArchivableCaches.archive(self.dir_cache)
ArchivableCaches.purge_archives(self.dir_cache, True)
# Do not close wallet independently: allow for sharing open wallet over many anchor lifetimes
# Do not close pool independently: let relying party decide when to go on-line and off-line
for path_rr_id in Tails.links(self._dir_tails):
rr_id = basename(path_rr_id)
await HolderProver._sync_revoc_for_proof(self, rr_id) # warns for closed pool
LOGGER.debug('OrgHubAnchor.close <<<')
async def close(self) -> None:
"""
Explicit exit. If so configured, populate cache to prove for any creds on schemata,
cred defs, and rev regs marked of interest in configuration at initialization,
archive cache, and purge prior cache archives.
:return: current object
"""
LOGGER.debug('OrgHubAnchor.close >>>')
archive_caches = False
if self.cfg.get('archive-holder-prover-caches-on-close', False):
archive_caches = True
await self.load_cache_for_proof(False)
if self.cfg.get('archive-verifier-caches-on-close', {}):
archive_caches = True
await self.load_cache_for_verification(False)
if archive_caches:
Caches.archive(self.dir_cache)
Caches.purge_archives(self.dir_cache, True)
await self.wallet.close()
# Do not close pool independently: let relying party decide when to go on-line and off-line
for path_rr_id in Tails.links(self._dir_tails):
rr_id = basename(path_rr_id)
try:
await self._sync_revoc(rr_id)
except ClosedPool:
LOGGER.warning('OrgHubAnchor sync-revoc on close required ledger for %s but pool was closed', rr_id)
LOGGER.debug('OrgHubAnchor.close <<<')
def survey(dir_tails: str,
host: str,
port: int,
issuer_did: str = None) -> tuple:
"""
Return tuple with paths to local tails symbolic links (revocation registry identifiers) and
revocation registry identifiers of interest on tails server.
Raise ConnectionError on connection failure.
:param dir_tails: local tails directory
:param host: tails server host
:param port: tails server port
:param issuer_did: issuer DID of interest for local and remote tails file survey (default all)
:return: pair (remote paths to tails links, remote rev reg ids)
"""
loc = Tails.links(dir_tails, issuer_did)
url = 'http://{}:{}/tails/list/{}'.format(
host, port, issuer_did if issuer_did else 'all')
resp = requests.get(url)
rem = set(resp.json())
logging.debug('Survey: local=%s, remote=%s', ppjson(loc), ppjson(rem))
return (loc, rem)
async def test_box_ids():
print(Ink.YELLOW('\n\n== Testing Box Identifier Checks =='))
assert ok_did('Q4zqM7aXqm7gDQkUVLng9h') # quibble: not technically a box id
assert not ok_did('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_did('Q4zqM7aXqm7gDQkUVLng')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9h')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9h')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9hx')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng90')
assert ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:3:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h::bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2::1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0a')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9I:2:bc-reg:1.0') # I is not in base58
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag') # protocol >= 1.4
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:4:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h::CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9I:3:CL:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3::18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18z:tag')
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18') # protocol == 1.3
assert ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1') # protocol >= 1.4
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:5:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:4:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL::CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:NOT_CL:20:tag:CL_ACCUM:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20z:tag:CL_ACCUM:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20::CL_ACCUM:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag::1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:1')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:')
assert not ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM')
assert ok_rev_reg_id('LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1') # protocol == 1.3
async def get_box_ids_issued(self) -> str:
"""
Return json object on lists of all unique box identifiers (schema identifiers,
credential definition identifiers, and revocation registry identifiers) for
all credential definitions and credentials issued; e.g.,
::
{
"schema_id": [
"R17v42T4pk...:2:tombstone:1.2",
...
],
"cred_def_id": [
"R17v42T4pk...:3:CL:19:tag",
...
]
"rev_reg_id": [
"R17v42T4pk...:4:R17v42T4pk...:3:CL:19:tag:CL_ACCUM:0",
"R17v42T4pk...:4:R17v42T4pk...:3:CL:19:tag:CL_ACCUM:1",
...
]
}
An issuer must issue a credential definition to include its schema identifier
in the returned values; the schema identifier in isolation belongs properly
to an Origin, not necessarily to an Issuer.
The operation may be useful for a Verifier anchor going off-line to seed its
cache before doing so.
:return: tuple of sets for schema ids, cred def ids, rev reg ids
"""
LOGGER.debug('Issuer.get_box_ids_issued >>>')
cd_ids = [d for d in listdir(self._dir_tails)
if isdir(join(self._dir_tails, d)) and ok_cred_def_id(d, self.did)]
s_ids = []
for cd_id in cd_ids:
try:
s_ids.append(json.loads(await self.get_schema(cred_def_id2seq_no(cd_id)))['id'])
except AbsentSchema:
LOGGER.error(
'Issuer %s has issued cred def %s but no corresponding schema on ledger',
self.wallet.name,
cd_id)
rr_ids = [basename(link) for link in Tails.links(self._dir_tails, self.did)]
rv = json.dumps({
'schema_id': s_ids,
'cred_def_id': cd_ids,
'rev_reg_id': rr_ids
})
LOGGER.debug('Issuer.get_box_ids_issued <<< %s', rv)
return rv
async def post_tails(request, rr_id):
"""
Post tails file to server. Multipart file name must be tails hash.
:param request: Sanic request structure
:param rr_id: rev reg id for revocation registry to which tails file pertains
:return: empty text string
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('POST cited bad rev reg id %s', rr_id)
raise InvalidUsage('POST cited bad rev reg id {}'.format(rr_id))
# curl uses 'data', python requests uses 'file', there may be others
req_key = set(k for k in request.files
if request.files[k]
and isinstance(request.files[k], list)
and isinstance(request.files[k][0], SanicReqFile)).pop()
tails_hash = request.files[req_key][0].name
if not Tails.ok_hash(tails_hash):
LOGGER.error('POST attached file named with bad tails file hash %s', tails_hash)
raise InvalidUsage('POST attached file named with bad tails file hash {}'.format(tails_hash))
dir_tails = pjoin(dirname(dirname(abspath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
makedirs(dir_cd_id, exist_ok=True)
if Tails.linked(dir_tails, rr_id):
LOGGER.error('POST attached tails file %s, already present', rr_id)
raise Forbidden('POST attached tails file {}, already present'.format(rr_id))
path_tails_hash = pjoin(dir_cd_id, tails_hash)
if exists(path_tails_hash):
LOGGER.error('POST attached tails file %s, already present at %s', rr_id, path_tails_hash)
raise Forbidden('POST attached tails file {}, already present at {}'.format(rr_id, path_tails_hash))
with open(path_tails_hash, 'wb') as fh_tails:
fh_tails.write(request.files[req_key][0].body)
Tails.associate(dir_tails, rr_id, tails_hash)
LOGGER.info('Associated link %s to POST tails file attachment saved to %s', rr_id, path_tails_hash)
return response.text('')
async def sync_prover(dir_tails: str, host: str, port: int,
remote_only: set) -> None:
"""
Synchronize for prover: download any tails files appearing remotely but not locally.
:param dir_tails: local tails directory
:param host: tails server host
:param port: tails server port
:param remote_only: paths to remote rev reg ids without corresponding local tails files
"""
if not remote_only:
return
for rr_id in remote_only:
dir_cd_id = Tails.dir(dir_tails, rr_id)
makedirs(dir_cd_id, exist_ok=True)
url = 'http://{}:{}/tails/{}'.format(host, port, rr_id)
try:
resp = requests.get(url, stream=True)
if resp.status_code == requests.codes.ok:
re_tails_hash = re.search('filename="(.+)"',
resp.headers['content-disposition'])
tails_hash = re_tails_hash.group(
1) if re_tails_hash.lastindex > 0 else None
if tails_hash:
logging.info('Downloaded: url %s tails-hash %s', url,
tails_hash)
with open(join(dir_cd_id, tails_hash), 'wb') as fh_tails:
for chunk in resp.iter_content(chunk_size=1024):
if chunk:
fh_tails.write(chunk)
Tails.associate(dir_tails, rr_id, tails_hash)
else:
logging.error(
'Download: url %s, responded with no tails-hash', url)
else:
logging.error('Download: url %s, responded with status %s',
url, resp.status_code)
except RequestsConnectionError:
logging.error('GET connection refused: %s', url)
async def _set_rev_reg(self, rr_id: str, rr_size: int) -> None:
"""
Move precomputed revocation registry data from hopper into place within tails directory.
:param rr_id: revocation registry identifier
:param rr_size: revocation registry size, in case creation required
"""
LOGGER.debug('Issuer._set_rev_reg >>> rr_id: %s, rr_size: %s', rr_id,
rr_size)
assert self.rrbx
dir_hopper_rr_id = join(self.rrb.dir_tails_hopper, rr_id)
while Tails.linked(dir_hopper_rr_id, rr_id) is None:
await asyncio.sleep(1)
await self._send_rev_reg_def(rr_id)
cd_id = rev_reg_id2cred_def_id(rr_id)
(next_tag, rr_size_suggested) = Tails.next_tag(self.dir_tails, cd_id)
rr_id = rev_reg_id(cd_id, next_tag)
self.rrb.mark_in_progress(rr_id, rr_size or rr_size_suggested)
LOGGER.debug('Issuer._set_rev_reg <<<')
async def open(self) -> 'Issuer':
"""
Explicit entry. Perform ancestor opening operations,
then synchronize revocation registry to tails tree content.
:return: current object
"""
LOGGER.debug('Issuer.open >>>')
await super().open()
for path_rr_id in Tails.links(self._dir_tails, self.did):
await self._sync_revoc(basename(path_rr_id))
LOGGER.debug('Issuer.open <<<')
return self
def path_tails(self, rr_id: str) -> str:
"""
Return path to tails file for input revocation registry identifier.
:param rr_id: revocation registry identifier of interest
:return: path to tails file for input revocation registry identifier
"""
LOGGER.debug('Issuer.path_tails >>>')
if not ok_rev_reg_id(rr_id):
LOGGER.debug('Issuer.path_tails <!< Bad rev reg id %s', rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rv = Tails.linked(self._dir_tails, rr_id)
LOGGER.debug('Issuer.path_tails <<< %s', rv)
return rv
async def sync_issuer(
dir_tails: str,
host: str,
port: int,
local_only: set,
noman: NominalAnchor) -> None:
"""
Synchronize for issuer: upload any tails files appearing locally but not remotely.
:param dir_tails: local tails directory
:param host: tails server host
:param port: tails server port
:param local_only: paths to local tails symbolic links (rev reg ids) without corresponding remote tails files
:param noman: open issuer anchor
"""
logging.debug('Sync-issuer: local-only=%s', ppjson(local_only))
if not local_only:
return
for rr_id in local_only:
if not ok_rev_reg_id(rr_id, noman.did): # restrict POSTs to issuer's own tails files
logging.debug(
'Sync-issuer: local-only %s is not a rev reg id for issuer %s (%s)',
rr_id,
noman.did,
noman.wallet.name)
continue
epoch = int(time())
url = 'http://{}:{}/tails/{}/{}'.format(host, port, quote(rr_id), epoch)
path_tails = Tails.linked(dir_tails, rr_id)
with open(path_tails, 'rb') as tails_fh:
tails = tails_fh.read()
sig = await noman.sign('{}||{}'.format(epoch, tails))
try:
resp = requests.post(
url,
files={
'tails-file': (basename(path_tails), tails),
'signature': ('signature', sig)
})
logging.info('Upload: url %s status %s', url, resp.status_code)
except RequestsConnectionError:
logging.error('POST connection refused: %s', url)
def sync_issuer(dir_tails, host, port, local_only):
"""
Synchronize for issuer: upload any tails files appearing locally but not remotely.
:param dir_tails: local root tails directory
:param host: tails server host
:param port: tails server port
:param local_only: paths to local tails symbolic links (rev reg ids) without corresponding remote tails files
"""
for rr_id in local_only:
url = 'http://{}:{}/tails/{}'.format(host, port, rr_id)
with open(Tails.linked(dir_tails, rr_id), 'rb') as fh_tails:
try:
resp = requests.post(url, files={'file': fh_tails})
logging.info('Uploaded: url %s status %s', url,
resp.status_code)
except ConnectionError:
logging.error('POST Connection refused: %s', url)
def survey(dir_tails, host, port):
"""
Return tuple with paths to local tails symbolic links (revocation registry identifiers) and
revocation registry identifiers that remote server holds.
Raise ConnectionError on connection failure.
:param dir_tails: local root tails directory
:param host: tails server host
:param port: tails server port
:return: pair (remote paths to tails links, remote rev reg ids)
"""
loc = Tails.links(dir_tails)
url = 'http://{}:{}/tails/list/all'.format(host, port)
resp = requests.get(url)
rem = set(resp.json())
logging.debug('Survey: local=%s, remote=%s', loc, rem)
return (loc, rem)
async def test_von_tails(pool_ip, genesis_txn_file, path_cli_ini, cli_ini,
path_setnym_ini, setnym_ini):
print(
Ink.YELLOW('\n\n== Testing tails server vs. IP {} =='.format(pool_ip)))
# Set config for tails clients
config = {}
i = 0
for profile in path_cli_ini:
cli_config = inis2dict(str(path_cli_ini[profile]))
config[profile] = cli_config
with open(path_cli_ini[profile], 'r') as fh_cfg:
print('\n\n== 0.{} == {} tails sync configuration:\n{}'.format(
i, profile, fh_cfg.read()))
i += 1
# Start tails server
print('\n\n== 1 == Starting tails server on port {}'.format(
config['issuer']['Tails Server']['port']))
tsrv = TailsServer(config['issuer']['Tails Server']['port'])
started = tsrv.start()
if not started:
print(
'\n\n== X == Server already running - stop it to run test from scratch'
)
assert False
assert tsrv.is_up()
print(
'\n\n== 2 == Started tails server, docker-compose port-forwarded via localhost:{}'
.format(tsrv.port))
atexit.register(shutdown)
# Set nyms (operation creates pool if need be)
i = 0
setnym_config = {}
for profile in path_setnym_ini:
cli_config = inis2dict(str(path_setnym_ini[profile]))
if profile == 'admin': # tails server anchor on ledger a priori
continue
setnym_config[profile] = cli_config
with open(path_setnym_ini[profile], 'r') as fh_cfg:
print('\n\n== 3.{} == {} setnym configuration:\n{}'.format(
i, profile, fh_cfg.read()))
sub_proc = subprocess.run(
['von_anchor_setnym',
str(path_setnym_ini[profile])],
stdout=subprocess.PIPE,
stderr=subprocess.DEVNULL)
assert not sub_proc.returncode
i += 1
print('\n\n== 4 == Setnym ops completed OK')
# wallets = {profile: Wallet(setnym_config[profile]['VON Anchor']['name']) for profile in setnym_config}
# wallets['admin'] = Wallet(config['admin']['VON Anchor']['name'])
wallets = await get_wallets(
{
**{
profile: setnym_config[profile]['VON Anchor']
for profile in setnym_config
}, 'admin': config['admin']['VON Anchor']
},
open_all=False)
# Open pool and anchors, issue creds to create tails files
async with wallets['issuer'] as w_issuer, (
wallets['prover']) as w_prover, (NodePool(
config['issuer']['Node Pool']['name'])) as pool, (RegistrarAnchor(
w_issuer, pool)) as ian, (OrgBookAnchor(w_prover,
pool)) as pan:
# Get nyms from ledger for display
i = 0
for an in (ian, pan):
print('\n\n== 5.{} == {} nym on ledger: {}'.format(
i, an.wallet.name, ppjson(await an.get_nym())))
i += 1
# Publish schema to ledger
S_ID = schema_id(ian.did, 'rainbow', '{}.0'.format(int(time())))
schema_data = {
'name': schema_key(S_ID).name,
'version': schema_key(S_ID).version,
'attr_names': ['numeric', 'sha256']
}
S_KEY = schema_key(S_ID)
try:
await ian.get_schema(S_KEY) # may exist (almost certainly not)
except AbsentSchema:
await ian.send_schema(json.dumps(schema_data))
schema_json = await ian.get_schema(S_KEY)
schema = json.loads(schema_json)
print('\n\n== 6 == SCHEMA [{} v{}]: {}'.format(S_KEY.name,
S_KEY.version,
ppjson(schema)))
assert schema # should exist now
# Setup link secret for creation of cred req or proof
await pan.create_link_secret('LinkSecret')
# Issuer anchor create, store, publish cred definitions to ledger; create cred offers
await ian.send_cred_def(S_ID, revo=True)
cd_id = cred_def_id(S_KEY.origin_did, schema['seqNo'], pool.protocol)
assert ((not Tails.unlinked(ian.dir_tails)) and
[f for f in Tails.links(ian.dir_tails, ian.did) if cd_id in f])
cred_def_json = await ian.get_cred_def(cd_id) # ought to exist now
cred_def = json.loads(cred_def_json)
print('\n\n== 7.0 == Cred def [{} v{}]: {}'.format(
S_KEY.name, S_KEY.version, ppjson(json.loads(cred_def_json))))
assert cred_def.get('schemaId', None) == str(schema['seqNo'])
cred_offer_json = await ian.create_cred_offer(schema['seqNo'])
cred_offer = json.loads(cred_offer_json)
print('\n\n== 7.1 == Credential offer [{} v{}]: {}'.format(
S_KEY.name, S_KEY.version, ppjson(cred_offer_json)))
(cred_req_json, cred_req_metadata_json) = await pan.create_cred_req(
cred_offer_json, cd_id)
cred_req = json.loads(cred_req_json)
print('\n\n== 8 == Credential request [{} v{}]: metadata {}, cred {}'.
format(S_KEY.name, S_KEY.version, ppjson(cred_req_metadata_json),
ppjson(cred_req_json)))
assert json.loads(cred_req_json)
# Issuer anchor issues creds and stores at HolderProver: get cred req, create cred, store cred
cred_data = []
CREDS = 450 # enough to build 4 rev regs
print('\n\n== 9 == creating and storing {} credentials:'.format(CREDS))
for number in range(CREDS):
(cred_json, _) = await ian.create_cred(
cred_offer_json, cred_req_json, {
'numeric': str(number),
'sha256': sha256(str(number).encode()).hexdigest(),
})
cred_id = await pan.store_cred(cred_json, cred_req_metadata_json)
print('.',
end='' if (number + 1) % 100 else '{}\n'.format(number + 1),
flush=True)
# Exercise list view, least to most specific
for tails_list_path in ('all', ian.did, cd_id):
url = url_for(tsrv.port, 'tails/list/{}'.format(tails_list_path))
r = requests.get(url)
assert r.status_code == 200
assert not r.json()
rr_ids_up = {
basename(link)
for link in Tails.links(ian.dir_tails, ian.did)
}
for rr_id in rr_ids_up:
url = url_for(tsrv.port, 'tails/list/{}'.format(rr_id))
r = requests.get(url)
assert r.status_code == 200
assert not r.json()
print(
'\n\n== 10 == All listing views at server come back OK and empty as expected'
)
rv = pexpect.run('python ../src/sync/sync.py {}'.format(
path_cli_ini['issuer']))
print('\n\n== 11 == Issuer sync uploaded local tails files')
for tails_list_path in ('all', ian.did, cd_id):
url = url_for(tsrv.port, 'tails/list/{}'.format(tails_list_path))
r = requests.get(url)
assert r.status_code == 200
assert {rr for rr in r.json()} == rr_ids_up
for rr_id in rr_ids_up:
url = url_for(tsrv.port, 'tails/list/{}'.format(rr_id))
r = requests.get(url)
assert r.status_code == 200
assert r.json() == [rr_id] # list with one rr_id should come back
# Exercise list view, least to most specific
for tails_list_path in ('all', ian.did, cd_id):
url = url_for(tsrv.port, 'tails/list/{}'.format(tails_list_path))
r = requests.get(url)
assert r.status_code == 200
assert len(r.json()) == len(rr_ids_up)
print(
'\n\n== 12 == All listing views at server come back OK with {} uploaded files'
.format(len(rr_ids_up)))
rv = pexpect.run('python ../src/sync/sync.py {}'.format(
path_cli_ini['prover']))
print('\n\n== 13 == Prover sync downloaded remote tails files')
rr_ids_down = {
basename(link)
for link in Tails.links(
config['prover']['Tails Client']['tails.dir'], ian.did)
}
assert rr_ids_down == rr_ids_up
# Exercise admin-delete
rv = pexpect.run('python ../src/admin/delete.py {} all'.format(
path_cli_ini['admin']))
print('\n\n== 14 == Admin called for deletion at tails server')
# Check tails server deletion
url = url_for(tsrv.port, 'tails/list/all')
r = requests.get(url)
assert r.status_code == 200
assert not r.json()
print(
'\n\n== 15 == All listing views at server come back OK and empty as expected'
)
rv = pexpect.run('python ../src/sync/multisync.py 1 {}'.format(
path_cli_ini['issuer']))
print(
'\n\n== 16 == Issuer multisync on 1 sync iteration uploaded local tails files'
)
for tails_list_path in ('all', ian.did, cd_id):
url = url_for(tsrv.port, 'tails/list/{}'.format(tails_list_path))
r = requests.get(url)
assert r.status_code == 200
assert {rr for rr in r.json()} == rr_ids_up
for rr_id in rr_ids_up:
url = url_for(tsrv.port, 'tails/list/{}'.format(rr_id))
r = requests.get(url)
assert r.status_code == 200
assert r.json() == [rr_id] # list with one rr_id should come back
# Exercise list view, least to most specific
for tails_list_path in ('all', ian.did, cd_id):
url = url_for(tsrv.port, 'tails/list/{}'.format(tails_list_path))
r = requests.get(url)
assert r.status_code == 200
assert len(r.json()) == len(rr_ids_up)
print(
'\n\n== 17 == All listing views at server come back OK with {} uploaded files'
.format(len(rr_ids_up)))
# Remove tails server anchor wallet
await wallets['admin'].remove()
print('\n\n== 18 == Removed admin (tails server anchor {}) wallet'.
format(wallets['admin'].name))
async def test_anchors_tails_load(
pool_name,
pool_genesis_txn_data,
seed_trustee1):
rrbx = True
print(Ink.YELLOW('\n\n== Load-testing tails on {}ternal rev reg builder ==').format("ex" if rrbx else "in"))
await RevRegBuilder.stop(WALLET_NAME) # in case of re-run
# Set up node pool ledger config and wallets, open pool, init anchors
p_mgr = NodePoolManager()
if pool_name not in await p_mgr.list():
await p_mgr.add_config(pool_name, pool_genesis_txn_data)
pool = p_mgr.get(pool_name)
await pool.open()
w_mgr = WalletManager()
wallets = {
'trustee-anchor': {
'seed': seed_trustee1,
'storage_type': None,
'config': None,
'access_creds': None
},
WALLET_NAME: {
'seed': 'Superstar-Anchor-000000000000000',
'storage_type': None,
'config': None,
'access_creds': {
'key': 'rrbx-test'
}
}
}
for (name, wdata) in wallets.items():
try:
wdata['wallet'] = await w_mgr.create({
'id': name,
'seed': wdata['seed']
})
except ExtantWallet:
wdata['wallet'] = w_mgr.get({'id': name})
finally:
await wdata['wallet'].open()
tan = TrusteeAnchor(wallets['trustee-anchor']['wallet'], pool)
no_prox = rrbx_prox()
san = OrgHubAnchor(wallets[WALLET_NAME]['wallet'], pool, rrbx=rrbx)
if rrbx:
await beep('external rev reg builder process on {}'.format(WALLET_NAME), 15)
if rrbx_prox() != no_prox + 1:
await RevRegBuilder.stop(WALLET_NAME)
assert False, "External rev reg builder process did not start"
async with OrgHubAnchor(
wallets[WALLET_NAME]['wallet'],
pool,
rrbx=rrbx): # check for exactly 1 external rev reg builder process
await beep('external rev reg builder process uniqueness test on {}'.format(WALLET_NAME), 5)
if rrbx_prox() != no_prox + 1:
await RevRegBuilder.stop(WALLET_NAME)
assert False, "External rev reg builder process was not unique"
assert pool.handle
await tan.open()
await san.open()
# Publish anchor particulars to ledger if not yet present
for an in (tan, san):
if not json.loads(await tan.get_nym(an.did)):
await tan.send_nym(an.did, an.verkey, an.wallet.name, an.least_role())
nyms = {
'tan': json.loads(await tan.get_nym(tan.did)),
'san': json.loads(await tan.get_nym(san.did))
}
print('\n\n== 1 == nyms: {}'.format(ppjson(nyms)))
for k in nyms:
assert 'dest' in nyms[k]
# Publish schema to ledger if not yet present; get from ledger
S_ID = schema_id(san.did, 'tails_load', '{}.0'.format(int(time.time())))
S_KEY = schema_key(S_ID)
schema_data = {
'name': schema_key(S_ID).name,
'version': schema_key(S_ID).version,
'attr_names': [
'number',
'remainder'
]
}
try:
await san.get_schema(S_KEY) # may exist (almost certainly not)
except AbsentSchema:
await san.send_schema(json.dumps(schema_data))
schema_json = await san.get_schema(S_KEY)
schema = json.loads(schema_json)
assert schema # should exist now
print('\n\n== 2 == SCHEMA [{} v{}]: {}'.format(S_KEY.name, S_KEY.version, ppjson(schema)))
# Setup link secret for creation of cred req or proof
await san.create_link_secret('LinkSecret')
# SRI anchor create, store, publish cred definitions to ledger; create cred offers
await san.send_cred_def(S_ID, revo=True)
cd_id = cred_def_id(S_KEY.origin_did, schema['seqNo'], pool.protocol)
assert ((not Tails.unlinked(san.dir_tails)) and
[f for f in Tails.links(san.dir_tails, san.did) if cd_id in f])
cred_def_json = await san.get_cred_def(cd_id) # ought to exist now
cred_def = json.loads(cred_def_json)
print('\n\n== 3.0 == Cred def [{} v{}]: {}'.format(
S_KEY.name,
S_KEY.version,
ppjson(json.loads(cred_def_json))))
assert cred_def.get('schemaId', None) == str(schema['seqNo'])
cred_offer_json = await san.create_cred_offer(schema['seqNo'])
print('\n\n== 3.1 == Credential offer [{} v{}]: {}'.format(
S_KEY.name,
S_KEY.version,
ppjson(cred_offer_json)))
(cred_req_json, cred_req_metadata_json) = await san.create_cred_req(cred_offer_json, cd_id)
print('\n\n== 4 == Credential request [{} v{}]: metadata {}, cred-req {}'.format(
S_KEY.name,
S_KEY.version,
ppjson(cred_req_metadata_json),
ppjson(cred_req_json)))
assert json.loads(cred_req_json)
# BC Reg anchor (as Issuer) issues creds and stores at HolderProver: get cred req, create cred, store cred
CREDS = 4034 # enough to kick off rev reg on size 4096 and issue two creds in it: 1 needing set-rev-reg, 1 not
print('\n\n== 5 == creating {} credentials'.format(CREDS))
swatch = Stopwatch(2)
optima = {} # per rev-reg, fastest/slowest pairs
for number in range(CREDS):
swatch.mark()
(cred_json, _) = await san.create_cred(
cred_offer_json,
cred_req_json,
{
'number': str(number),
'remainder': str(number % 100)
})
elapsed = swatch.mark()
tag = rev_reg_id2tag(Tails.current_rev_reg_id(san.dir_tails, cd_id))
if tag not in optima:
optima[tag] = (elapsed, elapsed)
else:
optima[tag] = (min(optima[tag][0], elapsed), max(optima[tag][1], elapsed))
print('.', end='', flush=True)
if ((number + 1) % 100) == 0:
print('{}: #{}: {:.2f}-{:.2f}s'.format(number + 1, tag, *optima[tag]), flush=True)
assert json.loads(cred_json)
print('{}: #{}: {:.2f}-{:.2f}s'.format(number + 1, tag, *optima[tag]), flush=True)
print('\n\n== 6 == best, worst times by revocation registry: {}'.format(ppjson(optima)))
assert (not rrbx) or (max(optima[tag][1] for tag in optima) <
4 * min(optima[tag][1] for tag in optima if int(tag) > 0)) # if waiting on rr beyond #0, sizes increase as 2^n
await san.close()
if rrbx:
await RevRegBuilder.stop(WALLET_NAME)
await tan.close()
for (name, wdata) in wallets.items():
await wdata['wallet'].close()
await pool.close()
async def post_tails(request: Request, rr_id: str, epoch: int) -> HTTPResponse:
"""
Post tails file to server, auth-encrypted from issuer (by DID) to tails server anchor.
Multipart file name must be tails hash.
:param request: Sanic request structure
:param rr_id: revocation registry identifier
:param epoch: current EPOCH time, must be within configured proximity to current server time
:return: empty text response
"""
if not ok_rev_reg_id(rr_id):
LOGGER.error('POST cited bad rev reg id %s', rr_id)
return response.text('POST cited bad rev reg id {}'.format(rr_id), status=400)
did = rr_id.split(':')[0]
if not await is_current(int(epoch)):
LOGGER.error('POST epoch %s in too far from current server time', epoch)
return response.text('POST epoch {} is too far from current server time'.format(epoch), status=400)
tails_hash = request.files['tails-file'][0].name
if not Tails.ok_hash(tails_hash):
LOGGER.error('POST attached file named with bad tails file hash %s', tails_hash)
return response.text('POST attached file named with bad tails file hash {}'.format(tails_hash), status=400)
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
dir_cd_id = Tails.dir(dir_tails, rr_id)
makedirs(dir_cd_id, exist_ok=True)
if Tails.linked(dir_tails, rr_id):
LOGGER.error('POST attached tails file %s, already present', rr_id)
return response.text('POST attached tails file {}, already present'.format(rr_id), status=403)
path_tails_hash = join(dir_cd_id, tails_hash)
if exists(path_tails_hash):
LOGGER.error('POST attached tails file %s, already present at %s', rr_id, path_tails_hash)
return response.text(
'POST attached tails file {}, already present at {}'.format(rr_id, path_tails_hash),
status=403)
tsan = await MEM_CACHE.get('tsan')
signature = request.files['signature'][0].body
epoch_tails = '{}||{}'.format(epoch, request.files['tails-file'][0].body)
if not tsan.verify(epoch_tails, signature, did):
LOGGER.error('POST attached file %s failed to verify', tails_hash)
return response.text('POST attached file {} failed to verify'.format(tails_hash), status=400)
try:
rev_reg_def = json.loads(await tsan.get_rev_reg_def(rr_id))
ledger_hash = rev_reg_def.get('value', {}).get('tailsHash', None)
if ledger_hash != tails_hash:
LOGGER.error('POST attached tails file hash %s differs from ledger value %s', tails_hash, ledger_hash)
return response.text(
'POST attached tails file hash {} differs from ledger value {}'.format(tails_hash, ledger_hash),
status=400)
except AbsentRevReg:
LOGGER.error('POST revocation registry not present on ledger for %s', rr_id)
return response.text('POST revocation registry not present on ledger for {}'.format(rr_id), status=400)
with open(path_tails_hash, 'wb') as fh_tails:
fh_tails.write(request.files['tails-file'][0].body)
Tails.associate(dir_tails, rr_id, tails_hash)
LOGGER.info('Associated link %s to POST tails file attachment saved to %s', rr_id, path_tails_hash)
return response.text('')
async def delete_tails(request: Request, ident: str, epoch: int) -> HTTPResponse:
"""
Delete tails files by corresponding rev reg ids: all, by rev reg id, by cred def id, or by issuer DID.
:param request: Sanic request structure
:param ident: 'all' for no filter; rev reg id, cred def id, or issuer DID to filter by any such identifier
:param epoch: current EPOCH time, must be within 5 minutes of current server time
:return: empty text response
"""
if not await is_current(int(epoch)):
LOGGER.error('DELETE epoch %s in too far from current server time', epoch)
return response.text('DELETE epoch {} is too far from current server time'.format(epoch), status=400)
signature = request.body
plain = '{}||{}'.format(epoch, ident)
tsan = await MEM_CACHE.get('tsan')
if not tsan.verify(plain, signature, tsan.did):
LOGGER.error('DELETE signature failed to verify')
return response.text('DELETE signature failed to verify', status=400)
dir_tails = join(dirname(dirname(realpath(__file__))), 'tails')
if ident == 'all': # delete everything -- note that 'all' is not valid base58 so no case below can apply
if isdir(dir_tails):
rmtree(dir_tails)
makedirs(dir_tails, exist_ok=True)
elif ok_rev_reg_id(ident): # it's a rev reg id
path_tails = Tails.linked(dir_tails, ident)
if path_tails and isfile(path_tails):
unlink(path_tails)
LOGGER.info('Deleted %s', path_tails)
path_link = join(Tails.dir(dir_tails, ident), ident)
if path_link and islink(path_link):
unlink(path_link)
LOGGER.info('Deleted %s', path_link)
elif ok_cred_def_id(ident): # it's a cred def id (starts with issuer DID)
dir_cd_id = join(dir_tails, ident)
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
elif ok_did(ident): # it's an issuer DID
dirs_cd_id = {dirname(link) for link in Tails.links(dir_tails, ident)}
for dir_cd_id in dirs_cd_id:
if ok_cred_def_id(basename(dir_cd_id)):
if isdir(dir_cd_id):
rmtree(dir_cd_id)
LOGGER.info('Deleted %s', dir_cd_id)
elif exists(dir_cd_id): # non-dir is squatting on name reserved for dir: it's corrupt; remove it
unlink(dir_cd_id)
LOGGER.info('Deleted spurious non-directory %s', dir_cd_id)
else:
LOGGER.error('Token %s is not a valid specifier for tails files', ident)
return response.text('Token {} is not a valid specifier for tails files'.format(ident), status=400)
LOGGER.info('Fulfilled DELETE request deleting tails files on filter %s', ident)
return response.text('')
async def send_cred_def(self,
s_id: str,
revo: bool = True,
rr_size: int = None) -> str:
"""
Create a credential definition as Issuer, store it in its wallet, and send it to the ledger.
Raise CorruptWallet for wallet not pertaining to current ledger, BadLedgerTxn on failure
to send credential definition to ledger if need be, WalletState for closed wallet,
or IndyError for any other failure to create and store credential definition in wallet.
:param s_id: schema identifier
:param revo: whether to support revocation for cred def
:param rr_size: size of initial revocation registry (default as per RevRegBuilder.create_rev_reg()),
if revocation supported
:return: json credential definition as it appears on ledger
"""
LOGGER.debug(
'Issuer.send_cred_def >>> s_id: %s, revo: %s, rr_size: %s', s_id,
revo, rr_size)
if not ok_schema_id(s_id):
LOGGER.debug('Issuer.send_cred_def <!< Bad schema id %s', s_id)
raise BadIdentifier('Bad schema id {}'.format(s_id))
if not self.wallet.handle:
LOGGER.debug('Issuer.send_cred_def <!< Wallet %s is closed',
self.name)
raise WalletState('Wallet {} is closed'.format(self.name))
if not self.pool:
LOGGER.debug('Issuer.send_cred_def <!< issuer %s has no pool',
self.name)
raise AbsentPool(
'Issuer {} has no pool: cannot send cred def'.format(
self.name))
rv_json = json.dumps({})
schema_json = await self.get_schema(schema_key(s_id))
schema = json.loads(schema_json)
cd_id = cred_def_id(self.did, schema['seqNo'], self.pool.protocol)
private_key_ok = True
with CRED_DEF_CACHE.lock:
try:
rv_json = await self.get_cred_def(cd_id)
LOGGER.info(
'Cred def on schema %s version %s already exists on ledger; Issuer %s not sending another',
schema['name'], schema['version'], self.name)
except AbsentCredDef:
pass # OK - about to create, store, and send it
(cred_def_json, private_key_ok) = await self._create_cred_def(
schema, json.loads(rv_json), revo)
if not json.loads(
rv_json
): # checking the ledger returned no cred def: send it
req_json = await ledger.build_cred_def_request(
self.did, cred_def_json)
await self._sign_submit(req_json)
for _ in range(16): # reasonable timeout
try:
rv_json = await self.get_cred_def(cd_id
) # adds to cache
break
except AbsentCredDef:
await asyncio.sleep(1)
LOGGER.info(
'Sent cred def %s to ledger, waiting 1s for its appearance',
cd_id)
if not rv_json:
LOGGER.debug(
'Issuer.send_cred_def <!< timed out waiting on sent cred_def %s',
cd_id)
raise BadLedgerTxn(
'Timed out waiting on sent cred_def {}'.format(cd_id))
if revo: # create new rev reg for tag '0'
if self.rrbx:
(_, rr_size_suggested) = Tails.next_tag(
self.dir_tails, cd_id)
self.rrb.mark_in_progress(rev_reg_id(cd_id, '0'),
rr_size or rr_size_suggested)
await self._sync_revoc_for_issue(rev_reg_id(
cd_id, '0'), rr_size) # sync rev reg on tag '0'
if revo and private_key_ok:
for tag in [
str(t) for t in range(
1, int(Tails.next_tag(self.dir_tails, cd_id)[0]))
]: # '1' to next-1
await self._sync_revoc_for_issue(
rev_reg_id(cd_id, tag), rr_size if tag == '0' else None)
makedirs(
join(self.dir_tails, cd_id),
exist_ok=True) # dir required for box id collection, revo or not
LOGGER.debug('Issuer.send_cred_def <<< %s', rv_json)
return rv_json
async def create_cred(self,
cred_offer_json,
cred_req_json: str,
cred_attrs: dict,
rr_size: int = None) -> (str, str):
"""
Create credential as Issuer out of credential request and dict of key:value (raw, unencoded)
entries for attributes.
Return credential json, and if cred def supports revocation, credential revocation identifier.
Raise WalletState for closed wallet.
If the credential definition supports revocation, and the current revocation registry is full,
the processing creates a new revocation registry en passant. Depending on the revocation
registry size (by default starting at 64 and doubling iteratively through a maximum of 100000)
and the revocation registry builder posture (see RevRegBuilder.__init__()), this operation may
delay credential creation by several seconds. The use of an external revocation registry builder
runs a parallel process, skirting this delay, but is more costly at initialization.
:param cred_offer_json: credential offer json as created by Issuer
:param cred_req_json: credential request json as created by HolderProver
:param cred_attrs: dict mapping each attribute to its original value (the operation encodes it); e.g.,
::
{
'favourite_drink': 'martini',
'height': 180,
'last_visit_date': '2017-12-31',
'weaknesses': None
}
:param rr_size: size of new revocation registry (default as per RevRegBuilder.create_rev_reg()) if necessary
:return: tuple with newly issued credential json, credential revocation identifier (if cred def
supports revocation, None otherwise).
"""
LOGGER.debug(
'Issuer.create_cred >>> cred_offer_json: %s, cred_req_json: %s, cred_attrs: %s, rr_size: %s',
cred_offer_json, cred_req_json, cred_attrs, rr_size)
if not self.wallet.handle:
LOGGER.debug('Issuer.create_cred <!< Wallet %s is closed',
self.name)
raise WalletState('Wallet {} is closed'.format(self.name))
cd_id = json.loads(cred_offer_json)['cred_def_id']
if not ok_cred_def_id(cd_id):
LOGGER.debug('Issuer.create_cred <!< Bad cred def id %s', cd_id)
raise BadIdentifier('Bad cred def id {}'.format(cd_id))
cred_def = json.loads(
await self.get_cred_def(cd_id)) # ensure cred def is in cache
if 'revocation' in cred_def['value']:
with REVO_CACHE.lock:
rr_id = Tails.current_rev_reg_id(self.dir_tails, cd_id)
tails = REVO_CACHE[rr_id].tails
assert tails # at (re)start, at cred def, Issuer sync_revoc_for_issue() sets this index in revo cache
try:
(
cred_json, cred_revoc_id, _
) = await anoncreds.issuer_create_credential( # issue by default to rr
self.wallet.handle, cred_offer_json, cred_req_json,
json.dumps({
k: cred_attr_value(cred_attrs[k])
for k in cred_attrs
}), rr_id, tails.reader_handle)
rv = (cred_json, cred_revoc_id)
except IndyError as x_indy:
if x_indy.error_code == ErrorCode.AnoncredsRevocationRegistryFullError:
(tag, rr_size_suggested) = Tails.next_tag(
self.dir_tails, cd_id)
rr_id = rev_reg_id(cd_id, tag)
if self.rrbx:
await self._set_rev_reg(rr_id, rr_size)
else:
await self.rrb.create_rev_reg(
rr_id, rr_size or rr_size_suggested)
await self._send_rev_reg_def(rr_id)
REVO_CACHE[rr_id].tails = await Tails(
self.dir_tails, cd_id).open() # symlink OK now
return await self.create_cred(cred_offer_json,
cred_req_json,
cred_attrs)
LOGGER.debug(
'Issuer.create_cred <!< cannot create cred, indy error code %s',
x_indy.error_code)
raise
else:
try:
(cred_json, _, _) = await anoncreds.issuer_create_credential(
self.wallet.handle, cred_offer_json, cred_req_json,
json.dumps({
k: cred_attr_value(cred_attrs[k])
for k in cred_attrs
}), None, None)
rv = (cred_json, None)
except IndyError as x_indy:
LOGGER.debug(
'Issuer.create_cred <!< cannot create cred, indy error code %s',
x_indy.error_code)
raise
LOGGER.debug('Issuer.create_cred <<< %s', rv)
return rv
async def create_rev_reg(self, rr_id: str, rr_size: int = None) -> None:
"""
Create revocation registry artifacts and new tails file (with association to
corresponding revocation registry identifier via symbolic link name)
for input revocation registry identifier. Symbolic link presence signals completion.
If revocation registry builder operates in a process external to its Issuer's,
target directory is hopper directory.
Raise WalletState for closed wallet.
:param rr_id: revocation registry identifier
:param rr_size: revocation registry size (defaults to 64)
"""
LOGGER.debug('RevRegBuilder.create_rev_reg >>> rr_id: %s, rr_size: %s',
rr_id, rr_size)
if not self.wallet.handle:
LOGGER.debug(
'RevRegBuilder.create_rev_reg <!< Wallet %s is closed',
self.name)
raise WalletState('Wallet {} is closed'.format(self.name))
if not ok_rev_reg_id(rr_id):
LOGGER.debug('RevRegBuilder.create_rev_reg <!< Bad rev reg id %s',
rr_id)
raise BadIdentifier('Bad rev reg id {}'.format(rr_id))
rr_size = rr_size or 64
(cd_id, tag) = rev_reg_id2cred_def_id_tag(rr_id)
dir_tails = self.dir_tails_top(rr_id)
dir_target = self.dir_tails_target(rr_id)
if self.external:
try:
makedirs(dir_target, exist_ok=False)
except FileExistsError:
LOGGER.warning(
'RevRegBuilder.create_rev_reg found dir %s, but task not in progress: rebuilding rev reg %s',
dir_target, rr_id)
rmtree(dir_target)
makedirs(dir_target, exist_ok=False)
LOGGER.info(
'Creating revocation registry (capacity %s) for rev reg id %s',
rr_size, rr_id)
tails_writer_handle = await blob_storage.open_writer(
'default', json.dumps({
'base_dir': dir_target,
'uri_pattern': ''
}))
(created_rr_id, rr_def_json,
rr_ent_json) = await anoncreds.issuer_create_and_store_revoc_reg(
self.wallet.handle, self.did, 'CL_ACCUM', tag, cd_id,
json.dumps({
'max_cred_num': rr_size,
'issuance_type': 'ISSUANCE_BY_DEFAULT'
}), tails_writer_handle)
tails_hash = basename(Tails.unlinked(dir_target).pop())
with open(join(dir_target, 'rr_def.json'), 'w') as rr_def_fh:
print(rr_def_json, file=rr_def_fh)
with open(join(dir_target, 'rr_ent.json'), 'w') as rr_ent_fh:
print(rr_ent_json, file=rr_ent_fh)
Tails.associate(
dir_tails, created_rr_id,
tails_hash) # associate last: symlink signals completion
LOGGER.debug('RevRegBuilder.create_rev_reg <<<')
async def test_ids():
print(Ink.YELLOW('\n\n== Testing Identifier Checks =='))
assert ok_wallet_reft('49ad0727-8663-45ae-a115-12b09860f9c6')
assert not ok_wallet_reft('Q4zqM7aXqm7gDQkUVLng9I')
assert not ok_wallet_reft('49ad0727-45ae-a115-12b09860f9c6')
print('\n\n== 1 == Wallet referent identifier checks pass OK')
assert ok_did('Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_did('Q4zqM7aXqm7gDQkUVLng9I') # 'I' not a base58 char
assert not ok_did('Q4zqM7aXqm7gDQkUVLng') # too short
print('\n\n== 2 == Distributed identifier checks pass OK')
for value in (None, 'TRUSTEE', 'STEWARD', 'TRUST_ANCHOR', ''):
assert ok_role(value)
for value in (123, 'TRUSTY', 'STEW', 'ANCHOR', ' '):
assert not ok_role(value)
print('\n\n== 3 == Role identifier checks pass OK')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9h')
assert Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9h')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng9hx')
assert not Tails.ok_hash('Q4zqM7aXqm7gDQkUVLng9hQ4zqM7aXqm7gDQkUVLng90')
print('\n\n== 4 == Tails hash identifier checks pass OK')
assert ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:3:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h::bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:bc-reg:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2::1.0')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:')
assert not ok_schema_id('Q4zqM7aXqm7gDQkUVLng9h:2:bc-reg:1.0a')
assert not ok_schema_id(
'Q4zqM7aXqm7gDQkUVLng9I:2:bc-reg:1.0') # I is not in base58
print('\n\n== 5 == Schema identifier checks pass OK')
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag') # protocol >= 1.4
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag'
) # long form
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Q4zqM7aXqm7gDQkUVLng9h') # issuer-did
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q999999999999999999999:2:schema_name:1.0:tag',
'Q4zqM7aXqm7gDQkUVLng9h') # long form, issuer-did
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18:tag',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag',
'Xxxxxxxxxxxxxxxxxxxxxx') # long form, issuer-did
assert ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag'
) # long form
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:Q4zqM7aXqm7gDQkUVLng9h:schema_name:1.0:tag'
) # no :2:
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:QIIIIIIIII7gDQkUVLng9h:schema_name:1.0:tag'
) # I not base58
assert not ok_cred_def_id(
'Q4zqM7aXqm7gDQkUVLng9h:3:CL:QIIIIIIIII7gDQkUVLng9h:schema_name:v1.0:tag'
) # bad version
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:4:CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h::CL:18:0')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9I:3:CL:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3::18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:18:tag')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18z:tag')
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18') # protocol == 1.3
assert ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Q4zqM7aXqm7gDQkUVLng9h')
assert not ok_cred_def_id('Q4zqM7aXqm7gDQkUVLng9h:3:CL:18',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert ok_cred_def_id(
rev_reg_id2cred_def_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag:CL_ACCUM:1'
))
print('\n\n== 6 == Credential definition identifier checks pass OK')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
) # protocol >= 1.4
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert ok_rev_reg_id( # long form
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag:CL_ACCUM:1'
)
assert ok_rev_reg_id( # long form
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:Q4zqM7aXqm7gDQkUVLng9h:2:schema_name:1.0:tag:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:5:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:4:CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL::CL:20:0:CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:NOT_CL:20:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20z:tag:CL_ACCUM:1'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20::CL_ACCUM:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag::1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:1')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM:'
)
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:tag:CL_ACCUM')
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1'
) # protocol == 1.3
assert ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'LjgpST2rjsoxYegQDRm7EL')
assert not ok_rev_reg_id(
'LjgpST2rjsoxYegQDRm7EL:4:LjgpST2rjsoxYegQDRm7EL:3:CL:20:CL_ACCUM:1',
'Xxxxxxxxxxxxxxxxxxxxxx')
print('\n\n== 7 == Revocation registry identifier checks pass OK')
async def send_cred_def(self,
s_id: str,
revocation: bool = True,
rr_size: int = None) -> str:
"""
Create a credential definition as Issuer, store it in its wallet, and send it to the ledger.
Raise CorruptWallet for wallet not pertaining to current ledger, BadLedgerTxn on failure
to send credential definition to ledger if need be, or IndyError for any other failure
to create and store credential definition in wallet.
:param s_id: schema identifier
:param revocation: whether to support revocation for cred def
:param rr_size: size of initial revocation registry (default as per _create_rev_reg()), if revocation supported
:return: json credential definition as it appears on ledger
"""
LOGGER.debug(
'Issuer.send_cred_def >>> s_id: %s, revocation: %s, rr_size: %s',
s_id, revocation, rr_size)
if not ok_schema_id(s_id):
LOGGER.debug('Issuer.send_cred_def <!< Bad schema id %s', s_id)
raise BadIdentifier('Bad schema id {}'.format(s_id))
rv_json = json.dumps({})
schema_json = await self.get_schema(schema_key(s_id))
schema = json.loads(schema_json)
cd_id = cred_def_id(self.did, schema['seqNo'], self.pool.protocol)
private_key_ok = True
with CRED_DEF_CACHE.lock:
try:
rv_json = await self.get_cred_def(cd_id)
LOGGER.info(
'Cred def on schema %s version %s already exists on ledger; Issuer %s not sending another',
schema['name'], schema['version'], self.wallet.name)
except AbsentCredDef:
pass # OK - about to create, store, and send it
try:
(_, cred_def_json
) = await anoncreds.issuer_create_and_store_credential_def(
self.wallet.handle,
self.did, # issuer DID
schema_json,
self.pool.protocol.cd_id_tag(
False
), # expect only one cred def per schema and issuer
'CL',
json.dumps({'support_revocation': revocation}))
if json.loads(rv_json):
private_key_ok = False
LOGGER.warning(
'New cred def on %s in wallet shadows existing one on ledger: private key not usable',
cd_id)
# carry on though, this anchor may have other roles so public key may be good enough
except IndyError as x_indy:
if x_indy.error_code == ErrorCode.AnoncredsCredDefAlreadyExistsError:
if json.loads(rv_json):
LOGGER.info(
'Issuer wallet %s reusing existing cred def on schema %s version %s',
self.wallet.name, schema['name'],
schema['version'])
else:
LOGGER.debug(
'Issuer.send_cred_def: <!< corrupt wallet %s',
self.wallet.name)
raise CorruptWallet(
'Corrupt Issuer wallet {} has cred def on schema {} version {} not on ledger'
.format(self.wallet.name, schema['name'],
schema['version']))
else:
LOGGER.debug(
'Issuer.send_cred_def: <!< cannot store cred def in wallet %s: indy error code %s',
self.wallet.name, x_indy.error_code)
raise
if not json.loads(
rv_json
): # checking the ledger returned no cred def: send it
req_json = await ledger.build_cred_def_request(
self.did, cred_def_json)
await self._sign_submit(req_json)
for _ in range(16): # reasonable timeout
try:
rv_json = await self.get_cred_def(cd_id
) # adds to cache
break
except AbsentCredDef:
await sleep(1)
LOGGER.info(
'Sent cred def %s to ledger, waiting 1s for its appearance',
cd_id)
if not rv_json:
LOGGER.debug(
'Issuer.send_cred_def <!< timed out waiting on sent cred_def %s',
cd_id)
raise BadLedgerTxn(
'Timed out waiting on sent cred_def {}'.format(cd_id))
if revocation:
await self._sync_revoc(
rev_reg_id(cd_id, 0),
rr_size) # create new rev reg, tails file for tag 0
if revocation and private_key_ok:
for tag in [
str(t) for t in range(
int(Tails.next_tag(self._dir_tails, cd_id)[0]))
]: # '0' to str(next-1)
await self._sync_revoc(rev_reg_id(cd_id, tag),
rr_size if tag == 0 else None)
makedirs(join(self._dir_tails, cd_id), exist_ok=True
) # make sure dir exists for box id collection, revo or not
LOGGER.debug('Issuer.send_cred_def <<< %s', rv_json)
return rv_json
async def create_cred(self,
cred_offer_json,
cred_req_json: str,
cred_attrs: dict,
rr_size: int = None) -> (str, str, int):
"""
Create credential as Issuer out of credential request and dict of key:value (raw, unencoded)
entries for attributes.
Return credential json, and if cred def supports revocation, credential revocation identifier
and revocation registry delta ledger timestamp (epoch seconds).
If the credential definition supports revocation, and the current revocation registry is full,
the processing creates a new revocation registry en passant. Depending on the revocation
registry size (by default starting at 256 and doubling iteratively through 4096), this
operation may delay credential creation by several seconds.
:param cred_offer_json: credential offer json as created by Issuer
:param cred_req_json: credential request json as created by HolderProver
:param cred_attrs: dict mapping each attribute to its raw value (the operation encodes it); e.g.,
::
{
'favourite_drink': 'martini',
'height': 180,
'last_visit_date': '2017-12-31',
'weaknesses': None
}
:param rr_size: size of new revocation registry (default as per _create_rev_reg()) if necessary
:return: newly issued credential json; credential revocation identifier (if cred def supports
revocation, None otherwise), and ledger timestamp (if cred def supports revocation, None otherwise)
"""
LOGGER.debug(
'Issuer.create_cred >>> cred_offer_json: %s, cred_req_json: %s, cred_attrs: %s, rr_size: %s',
cred_offer_json, cred_req_json, cred_attrs, rr_size)
cd_id = json.loads(cred_offer_json)['cred_def_id']
if not ok_cred_def_id(cd_id):
LOGGER.debug('Issuer.create_cred <!< Bad cred def id %s', cd_id)
raise BadIdentifier('Bad cred def id {}'.format(cd_id))
cred_def = json.loads(
await self.get_cred_def(cd_id)) # ensure cred def is in cache
if 'revocation' in cred_def['value']:
with REVO_CACHE.lock:
rr_id = Tails.current_rev_reg_id(self._dir_tails, cd_id)
tails = REVO_CACHE[rr_id].tails
assert tails # at (re)start, at cred def, Issuer sync_revoc() sets this index in revocation cache
try:
(cred_json, cred_revoc_id,
rr_delta_json) = await anoncreds.issuer_create_credential(
self.wallet.handle, cred_offer_json, cred_req_json,
json.dumps({
k: cred_attr_value(cred_attrs[k])
for k in cred_attrs
}), rr_id, tails.reader_handle)
# do not create rr delta frame and append to cached delta frames list: timestamp could lag or skew
rre_req_json = await ledger.build_revoc_reg_entry_request(
self.did, rr_id, 'CL_ACCUM', rr_delta_json)
await self._sign_submit(rre_req_json)
assert rr_id == tails.rr_id
resp_json = await self._sign_submit(rre_req_json)
resp = json.loads(resp_json)
rv = (cred_json, cred_revoc_id,
self.pool.protocol.txn2epoch(resp))
except IndyError as x_indy:
if x_indy.error_code == ErrorCode.AnoncredsRevocationRegistryFullError:
(tag, rr_size_suggested) = Tails.next_tag(
self._dir_tails, cd_id)
rr_id = rev_reg_id(cd_id, tag)
await self._create_rev_reg(
rr_id, rr_size or rr_size_suggested)
REVO_CACHE[rr_id].tails = await Tails(
self._dir_tails, cd_id).open()
return await self.create_cred(cred_offer_json,
cred_req_json, cred_attrs
) # should be ok now
LOGGER.debug(
'Issuer.create_cred: <!< cannot create cred, indy error code %s',
x_indy.error_code)
raise
else:
try:
(cred_json, _, _) = await anoncreds.issuer_create_credential(
self.wallet.handle, cred_offer_json, cred_req_json,
json.dumps({
k: cred_attr_value(cred_attrs[k])
for k in cred_attrs
}), None, None)
rv = (cred_json, _, _)
except IndyError as x_indy:
LOGGER.debug(
'Issuer.create_cred: <!< cannot create cred, indy error code %s',
x_indy.error_code)
raise
LOGGER.debug('Issuer.create_cred <<< %s', rv)
return rv
