Skip to content

Commit

Permalink
feat: bdd test - verify vc without status list (trustbloc#1750)
Browse files Browse the repository at this point in the history
Signed-off-by: Misha Sizov <[email protected]>
  • Loading branch information
mishasizov-SK authored Aug 23, 2024
1 parent 57404f6 commit 0b54926
Show file tree
Hide file tree
Showing 6 changed files with 179 additions and 23 deletions.
14 changes: 8 additions & 6 deletions test/bdd/features/oidc4vc_api.feature
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,19 @@ Feature: OIDC4VC REST API
And Verifier with profile "<verifierProfile>" requests deleted interactions claims

Examples:
| issuerProfile | credentialType | clientRegistrationMethod | credentialTemplate | verifierProfile | presentationDefinitionID | fields |
| issuerProfile | credentialType | clientRegistrationMethod | credentialTemplate | verifierProfile | presentationDefinitionID | fields |
# SDJWT issuer, JWT verifier, no limit disclosure in PD query.
| bank_issuer/v1.0 | UniversityDegreeCredential | dynamic | universityDegreeTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-single-field | degree_type_id |
| bank_issuer/v1.0 | UniversityDegreeCredential | dynamic | universityDegreeTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-single-field | degree_type_id |
# SDJWT issuer, JWT verifier, limit disclosure and optional fields in PD query.
| bank_issuer/v1.0 | CrudeProductCredential | discoverable | crudeProductCredentialTemplateID | v_myprofile_jwt/v1.0 | 3c8b1d9a-limit-disclosure-optional-fields | unit_of_measure_barrel,api_gravity,category,supplier_address |
| bank_issuer/v1.0 | CrudeProductCredential | discoverable | crudeProductCredentialTemplateID | v_myprofile_jwt/v1.0 | 3c8b1d9a-limit-disclosure-optional-fields | unit_of_measure_barrel,api_gravity,category,supplier_address |
# JWT issuer, JWT verifier, no limit disclosure and optional fields in PD query.
| i_myprofile_ud_es256k_jwt/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification |
| i_myprofile_ud_es256k_jwt/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification |
# JWT issuer with status list feature disabled, JWT verifier, no limit disclosure and optional fields in PD query.
| i_myprofile_ud_es256k_jwt_no_csl/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification |
# LDP Data Integrity issuer, LDP verifier, no limit disclosure and schema match in PD query.
| i_myprofile_ud_di_ecdsa-2019/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_ldp/v1.0 | 062759b1-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification |
| i_myprofile_ud_di_ecdsa-2019/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_ldp/v1.0 | 062759b1-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification |
# LDP issuer, LDP verifier, no limit disclosure and schema match in PD query.
| i_myprofile_cmtr_p256_ldp/v1.0 | CrudeProductCredential | pre-registered | crudeProductCredentialTemplateID | v_myprofile_ldp/v1.0 | lp403pb9-schema-match | schema_id |
| i_myprofile_cmtr_p256_ldp/v1.0 | CrudeProductCredential | pre-registered | crudeProductCredentialTemplateID | v_myprofile_ldp/v1.0 | lp403pb9-schema-match | schema_id |

@oidc4vc_rest_auth_flow_batch_credential_configuration_id
Scenario Outline: OIDC Batch credential issuance and verification Auth flow (request all credentials by credentialConfigurationID)
Expand Down
2 changes: 1 addition & 1 deletion test/bdd/features/vc_v1_issue_verify_revoke_api.feature
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ Feature: Using VC REST API
And V1 New verifiable credential is issued from "<credential>" under "<issuerProfile>" profile
And issued credential history is updated
And Profile "<wrongVerifierProfile>" verifier has been authorized with username "profile-user-verifier-1" and password "profile-user-verifier-1-pwd"
And V1 verifiable credential with wrong format is unable to be verified under "<wrongVerifierProfile>" profile
And V1 verifiable credential is unable to be verified under "<wrongVerifierProfile>" profile error: "invalid format"

Examples:
| issuerProfile | wrongVerifierProfile | credential |
Expand Down
144 changes: 144 additions & 0 deletions test/bdd/fixtures/profile/profiles.json
Original file line number Diff line number Diff line change
Expand Up @@ -589,6 +589,150 @@
},
"createDID": true
},
{
"issuer": {
"id": "i_myprofile_ud_es256k_jwt_no_csl",
"version": "v1.0",
"groupID": "group_i_myprofile_ud_es256k_jwt_no_csl",
"name": "i_myprofile_ud_es256k_jwt_no_csl",
"organizationID": "00000000-0000-0000-0000-000000000001",
"url": "http://vc-rest-echo.trustbloc.local:8075",
"active": true,
"vcConfig": {
"refreshServiceEnabled": false,
"signingAlgorithm": "ES256K",
"signatureRepresentation": 1,
"keyType": "ECDSASecp256k1DER",
"format": "jwt",
"didMethod": "ion",
"status": {
"disable": true
}
},
"oidcConfig": {
"client_id": "7d4u50e7w6nfq8tfayhzplgjf",
"client_secret_handle": "282ks4fkuqfosus5k0x30abnv",
"redirect_uri": "https://api-gateway.trustbloc.local:5566/oidc/redirect",
"issuer_well_known": "http://cognito-mock.trustbloc.local:9229/local_5a9GzRvB/.well-known/openid-configuration",
"scopes_supported": [
"openid",
"profile"
],
"grant_types_supported": [
"authorization_code",
"urn:ietf:params:oauth:grant-type:pre-authorized_code"
],
"response_types_supported": [
"code"
],
"token_endpoint_auth_methods_supported": [
"none"
],
"enable_dynamic_client_registration": true,
"wallet_initiated_auth_flow_supported": true,
"pre-authorized_grant_anonymous_access_supported": true,
"claims_endpoint": "https://mock-login-consent.example.com:8099/claim-data?credentialType=PermanentResidentCard"
},
"credentialTemplates": [
{
"contexts": [
"https://www.w3.org/2018/credentials/v1",
"https://w3id.org/citizenship/v1"
],
"type": "PermanentResidentCard",
"id": "permanentResidentCardTemplateID",
"issuer": "did:orb:i_myprofile_ud_es256k_jwt",
"checks": {
"strict": false
}
}
],
"credentialMetadata": {
"display": [],
"credential_configurations_supported": {
"PermanentResidentCardIdentifier": {
"format": "jwt_vc_json",
"display": [
{
"name": "Permanent Resident Card",
"locale": "en-US",
"logo": {
"uri": "https://example.com/public/logo.png",
"alt_text": "a square logo"
},
"background_color": "#12107c",
"text_color": "#FFFFFF"
}
],
"credential_definition": {
"credentialSubject": {
"displayName": {
"display": [
{
"name": "Employee",
"locale": "en-US"
}
]
},
"givenName": {
"display": [
{
"name": "Given Name",
"locale": "en-US"
}
]
},
"jobTitle": {
"display": [
{
"name": "Job Title",
"locale": "en-US"
}
]
},
"surname": {
"display": [
{
"name": "Surname",
"locale": "en-US"
}
]
},
"preferredLanguage": {
"display": [
{
"name": "Preferred Language",
"locale": "en-US"
}
]
},
"mail": {
"display": [
{
"name": "Mail",
"locale": "en-US"
}
]
},
"photo": {
"display": [
{
"name": "Photo"
}
]
}
},
"type": [
"VerifiableCredential",
"PermanentResidentCard"
]
}
}
}
}
},
"createDID": true
},
{
"issuer": {
"id": "i_myprofile_ud_es256k_jwt",
Expand Down
12 changes: 7 additions & 5 deletions test/bdd/pkg/v1/oidc4vc/oidc4vci.go
Original file line number Diff line number Diff line change
Expand Up @@ -1301,13 +1301,15 @@ func (s *Steps) checkIssuedCredentialHistoryStep() error {
}

func (s *Steps) checkVC(vc *verifiable.Credential) error {
expectedStatusType := s.issuerProfile.VCConfig.Status.Type
err := checkCredentialStatusType(vc, string(expectedStatusType))
if err != nil {
return err
vcStatusConfig := s.issuerProfile.VCConfig.Status
if !vcStatusConfig.Disable {
err := checkCredentialStatusType(vc, string(vcStatusConfig.Type))
if err != nil {
return err
}
}

err = checkIssuer(vc, s.issuerProfile.Name)
err := checkIssuer(vc, s.issuerProfile.Name)
if err != nil {
return err
}
Expand Down
26 changes: 17 additions & 9 deletions test/bdd/pkg/v1/vc/credential.go
Original file line number Diff line number Diff line change
Expand Up @@ -194,16 +194,20 @@ func (e *Steps) verifyRevokedVC(profileVersionedID string) error {
return nil
}

func (e *Steps) verifyVCInvalidFormat(verifierProfileVersionedID string) error {
func (e *Steps) verifyVCWithExpectedError(verifierProfileVersionedID, errorMsg string) error {
chunks := strings.Split(verifierProfileVersionedID, "/")
profileID, profileVersion := chunks[0], chunks[1]
result, err := e.getVerificationResult(credentialServiceURL, profileID, profileVersion)
if result != nil {
return fmt.Errorf("verification result is not nil")
return fmt.Errorf("verification result should be nil")
}

if err == nil || !strings.Contains(err.Error(), "invalid format, should be") {
return fmt.Errorf("error expectd, but got nil")
if err == nil {
return fmt.Errorf("error expected, but got nil")
}

if !strings.Contains(err.Error(), errorMsg) {
return fmt.Errorf("unexpected error %s should contain %s", err.Error(), errorMsg)
}

return nil
Expand Down Expand Up @@ -281,7 +285,8 @@ func (e *Steps) revokeVC(profileVersionedID string) error {
func (e *Steps) getVerificationResult(
verifyCredentialURL,
profileID,
profileVersion string) (*model.VerifyCredentialResponse, error) {
profileVersion string,
) (*model.VerifyCredentialResponse, error) {
loader, err := bddutil.DocumentLoader()
if err != nil {
return nil, err
Expand Down Expand Up @@ -340,10 +345,13 @@ func (e *Steps) checkVC(vcBytes []byte, profileVersionedID string, checkProof bo
return err
}

expectedStatusType := e.bddContext.IssuerProfiles[profileVersionedID].VCConfig.Status.Type
err = checkCredentialStatusType(vcMap, string(expectedStatusType))
if err != nil {
return err
vcStatusConf := e.bddContext.IssuerProfiles[profileVersionedID].VCConfig.Status
if !vcStatusConf.Disable {
expectedStatusType := vcStatusConf.Type
err = checkCredentialStatusType(vcMap, string(expectedStatusType))
if err != nil {
return err
}
}

err = checkIssuer(vcMap, strings.Split(profileVersionedID, "/")[0])
Expand Down
4 changes: 2 additions & 2 deletions test/bdd/pkg/v1/vc/vc_steps.go
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,8 @@ func (e *Steps) RegisterSteps(s *godog.ScenarioContext) {
e.revokeVC)
s.Step(`^V1 revoked credential is unable to be verified under "([^"]*)" profile$`,
e.verifyRevokedVC)
s.Step(`^V1 verifiable credential with wrong format is unable to be verified under "([^"]*)" profile$`,
e.verifyVCInvalidFormat)
s.Step(`^V1 verifiable credential is unable to be verified under "([^"]*)" profile error: "([^"]*)"$`,
e.verifyVCWithExpectedError)
s.Step(`^"([^"]*)" users request to create a vc and verify it "([^"]*)" with profiles issuer "([^"]*)" verify "([^"]*)" using "([^"]*)" concurrent requests$`,
e.stressTestForMultipleUsers)

Expand Down

0 comments on commit 0b54926

Please sign in to comment.