Merge pull request #84 from evannetwork/feature/make-proofs-optional-…

…for-request-list-credentials

Make proofs optional for request list credentials

VERSIONS.md

@@ -4,10 +4,41 @@
 
 ### Features
 
+- add support to skip proof generation for revocation lists and when updating them (happens during revocation)
+  - updated functions:
+    - `vc_zkp_create_revocation_registry_definition`
+    - `vc_zkp_revoke_credential`
+  - these properties in payload are now optional:
+    - `issuer_public_key_did`
+    - `issuer_proving_key`
+
 ### Fixes
 
 ### Deprecation
 
+- helper calls now have a different setup for `revoke_credential`
+  - CLI calls for `helper revoke_credential`
+    - drop mandatory argument `private_key`
+    - get two new optional arguments `issuer_public_key_did` and `issuer_proving_key`
+  - C calls have the arguments for `helper_revoke_credential` updated
+    - positional 3rd argument (`private_key`) is moved to position 4 (`issuer_proving_key`)
+    - new 3rd argument is now the verification method of the revocation list credential proof (`issuer_public_key_did`)
+    - arguments now have the following order:
+      - `credential: &str,`
+      - `update_key_jwk: &str,`
+      - `issuer_public_key_did: Option<&str>,`
+      - `issuer_proving_key: Option<&str>,`
+  - WASM calls now have the payload for `helper_revoke_credential` updated:
+    - drop mandatory property `private_key`
+    - get two new optional properties `issuer_public_key_did` and `issuer_proving_key`
+- with proofs for revocation lists now being optional, the following updates to the exported types have been made:
+  - `RevocationListCredential::proof` is now optional
+  - `UnproofedRevocationListCredential` has been removed as proof of aforementioned struct can be set to `None`
+- struct `AuthenticationOptions` and its usage has been removed as `identity` and `private_key` (in options) were not used anymore
+- TypeScript typings updates
+  - `UnproofedRevocationListCredential` has been marked as deprecated and will be removed in the future
+  - `AuthenticationOptions` has been marked as deprecated and will be removed in the future
+
 ## Release candidates
 
 ## 0.6.0-rc.6

src/api/vade_evan_api.rs

@@ -924,11 +924,14 @@ impl VadeEvan {
 
     /// Revokes a given credential with the help of vade and updates revocation list credential
     ///
+    /// Proof generation is omitted if `issuer_public_key_did` or `issuer_proving_key` is omitted.
+    ///
     /// # Arguments
     ///
     /// * `credential` - credential to be revoked as serialized JSON
     /// * `update_key_jwk` - update key in jwk format as serialized JSON
-    /// * `private_key` - private key for local signer to be used for signing
+    /// * `issuer_public_key_did` - private key used for assertion proof
+    /// * `issuer_proving_key` - public key used for assertion proof
     ///
     /// # Example
     ///
@@ -988,8 +991,12 @@ impl VadeEvan {
     ///
     ///             // revoke the credential issuer
     ///             vade_evan
-    ///                 .helper_revoke_credential(credential, update_key_jwk, "dfcdcb6d5d09411ae9cbe1b0fd9751ba8803dd4b276d5bf9488ae4ede2669106")
-    ///                 .await?;
+    ///                 .helper_revoke_credential(
+    ///                     credential,
+    ///                     update_key_jwk,
+    ///                     Some("did:evan:EiAee4ixDnSP0eWyp0YFV7Wt9yrZ3w841FNuv9NSLFSCVA#bbs-key-1"),
+    ///                     Some("dfcdcb6d5d09411ae9cbe1b0fd9751ba8803dd4b276d5bf9488ae4ede2669106"),
+    ///                 ).await?;
     ///
     ///             Ok(())
     ///         }
@@ -1002,11 +1009,17 @@ impl VadeEvan {
         &mut self,
         credential: &str,
         update_key_jwk: &str,
-        private_key: &str,
+        issuer_public_key_did: Option<&str>,
+        issuer_proving_key: Option<&str>,
     ) -> Result<String, VadeEvanError> {
         let mut credential_helper = Credential::new(self)?;
         credential_helper
-            .revoke_credential(credential, update_key_jwk, private_key)
+            .revoke_credential(
+                credential,
+                update_key_jwk,
+                issuer_public_key_did,
+                issuer_proving_key,
+            )
             .await
             .map_err(|err| err.into())
     }

src/c_lib.rs

@@ -627,7 +627,8 @@ pub extern "C" fn execute_vade(
                     .helper_revoke_credential(
                         arguments_vec.get(0).unwrap_or_else(|| &no_args),
                         arguments_vec.get(1).unwrap_or_else(|| &no_args),
-                        arguments_vec.get(2).unwrap_or_else(|| &no_args),
+                        arguments_vec.get(2).map(|v| v.as_str()),
+                        arguments_vec.get(3).map(|v| v.as_str()),
                     )
                     .await
                     .map_err(stringify_vade_evan_error)?;

src/helpers/credential.rs

@@ -23,6 +23,7 @@ use vade_evan_bbs::{
     LdProofVcDetailOptionsCredentialStatusType,
     OfferCredentialPayload,
     RevocationListCredential,
+    RevocationListProofKeys,
     RevokeCredentialPayload,
 };
 
@@ -288,12 +289,15 @@ impl<'a> Credential<'a> {
         Ok(())
     }
 
-    /// Revokes a given credential with the help of vade and updates revocation list credential
+    /// Revokes a given credential with the help of vade and updates revocation list credential.
+    ///
+    /// Proof generation is omitted if `issuer_public_key_did` or `issuer_proving_key` is omitted.
     ///
     /// # Arguments
-    /// * `credential_str` - credential to be revoked in seralized string format
+    /// * `credential_str` - credential to be revoked in serialized string format
     /// * `updated_key_jwk` - public key in jwk format to sign did update
-    /// * `private_key` - bbs private key to sign revocaton request
+    /// * `issuer_public_key_did` - private key used for assertion proof
+    /// * `issuer_proving_key` - public key used for assertion proof
     ///
     /// # Returns
     /// * `String` - the result of updated revocation list doc after credential revocation
@@ -302,7 +306,8 @@ impl<'a> Credential<'a> {
         &mut self,
         credential_str: &str,
         update_key_jwk: &str,
-        private_key: &str,
+        issuer_public_key_did: Option<&str>,
+        issuer_proving_key: Option<&str>,
     ) -> Result<String, CredentialError> {
         let credential: BbsCredential = serde_json::from_str(credential_str)?;
         let credential_status = &credential.credential_status.ok_or_else(|| {
@@ -315,13 +320,16 @@ impl<'a> Credential<'a> {
             .get_did_document(&credential_status.revocation_list_credential)
             .await?;
 
-        let proving_key = private_key;
         let payload = RevokeCredentialPayload {
             issuer: credential.issuer.clone(),
             revocation_list: revocation_list.clone(),
             revocation_id: credential_status.revocation_list_index.to_owned(),
-            issuer_public_key_did: credential.issuer.clone(),
-            issuer_proving_key: proving_key.to_owned(),
+            revocation_list_proof_keys: issuer_public_key_did.zip(issuer_proving_key).map(
+                |(issuer_public_key_did_value, issuer_proving_key_value)| RevocationListProofKeys {
+                    issuer_public_key_did: issuer_public_key_did_value.to_string(),
+                    issuer_proving_key: issuer_proving_key_value.to_string(),
+                },
+            ),
         };
 
         let payload = serde_json::to_string(&payload)?;
@@ -844,6 +852,10 @@ mod tests {
             serde_json::from_str(&did_result_str)?;
         let mut revocation_list = did_result_value.did_document;
         revocation_list.id = did_create_result.did.did_document.id.clone();
+        assert!(revocation_list.proof.is_some());
+        let revocation_list_proof = revocation_list.proof.as_ref().ok_or_else(|| {
+            CredentialError::RevocationListInvalid("revocation list is missing proof".to_string())
+        })?;
 
         credential_status.revocation_list_credential = revocation_list.id.clone();
         credential.credential_status = Some(credential_status.to_owned());
@@ -880,7 +892,8 @@ mod tests {
             .helper_revoke_credential(
                 &serde_json::to_string(&credential)?,
                 &serde_json::to_string(&update_key)?,
-                "dfcdcb6d5d09411ae9cbe1b0fd9751ba8803dd4b276d5bf9488ae4ede2669106",
+                Some(&revocation_list_proof.verification_method),
+                Some("dfcdcb6d5d09411ae9cbe1b0fd9751ba8803dd4b276d5bf9488ae4ede2669106"),
             )
             .await;
         assert!(revoke_result.is_ok());

src/helpers/presentation.rs

@@ -54,13 +54,13 @@ pub enum PresentationError {
     SchemaInvalid(String, String),
     #[error(r#"schema with DID "{0}" could not be found"#)]
     SchemaNotFound(String),
-    #[error(r#"SelfIssuedCredential are unsigned and can not contain proof"#)]
-    SelfIssuedCredentialWithProof(),
     #[error(r#"value "{0}" given for "{1} is not a DID""#)]
     NotADid(String, String),
+    #[error(r#"SelfIssuedCredential are unsigned and can not contain proof"#)]
+    SelfIssuedCredentialWithProof(),
 }
 
-/// A
+/// Self issued presentation that does not contain a proof.
 #[derive(Serialize, Deserialize, Clone)]
 #[serde(rename_all = "camelCase")]
 pub struct SelfIssuedPresentation {
@@ -357,7 +357,9 @@ impl<'a> Presentation<'a> {
         prover_did: Option<&str>,
         revealed_attributes: Option<&str>,
     ) -> Result<String, PresentationError> {
-        fail_if_not_a_did(prover_did, "prover_did")?;
+        prover_did
+            .map(|prover_did_value| fail_if_not_a_did(prover_did_value, "prover_did"))
+            .transpose()?;
         let revealed_attributes = check_for_optional_empty_params(revealed_attributes);
         let credential: BbsCredential = serde_json::from_str(credential_str).map_err(
             PresentationError::to_deserialization_error("credential", credential_str),

src/main.rs

@@ -248,7 +248,8 @@ async fn main() -> Result<()> {
                     .helper_revoke_credential(
                         get_argument_value(sub_m, "credential", None),
                         get_argument_value(sub_m, "update_key", None),
-                        get_argument_value(sub_m, "private_key", None),
+                        get_optional_argument_value(sub_m, "issuer_public_key_did"),
+                        get_optional_argument_value(sub_m, "issuer_proving_key"),
                     )
                     .await?
             }
@@ -1028,6 +1029,16 @@ fn get_clap_argument(arg_name: &str) -> Result<Arg> {
             .required(true)
             .help("private key to be supplied for local signer")
             .takes_value(true),
+        "issuer_public_key_did" => Arg::with_name("issuer_public_key_did")
+            .long("issuer_public_key_did")
+            .value_name("issuer_public_key_did")
+            .help("public key used for assertion proofs")
+            .takes_value(true),
+        "issuer_proving_key" => Arg::with_name("issuer_proving_key")
+            .long("issuer_proving_key")
+            .value_name("issuer_proving_key")
+            .help("private key used for assertion proofs")
+            .takes_value(true),
         "credential_revocation_did" => Arg::with_name("credential_revocation_did")
             .long("credential_revocation_did")
             .value_name("credential_revocation_did")

src/wasm_lib.rs

@@ -127,7 +127,8 @@ struct HelperCreateCredentialRequestPayload {
 struct HelperRevokeCredentialPayload {
     pub credential: String,
     pub update_key_jwk: String,
-    pub private_key: String,
+    pub issuer_public_key_did: Option<String>,
+    pub issuer_proving_key: Option<String>,
 }
 
 #[derive(Serialize, Deserialize)]
@@ -377,14 +378,16 @@ cfg_if::cfg_if! {
         pub async fn helper_revoke_credential(
             credential: String,
             update_key_jwk: String,
-            private_key: String,
+            issuer_public_key_did: Option<String>,
+            issuer_proving_key: Option<String>,
         ) -> Result<String, JsValue> {
             let mut vade_evan = get_vade_evan(None).map_err(jsify_generic_error)?;
             Ok(vade_evan
                 .helper_revoke_credential(
                     &credential,
                     &update_key_jwk,
-                    &private_key,
+                    issuer_public_key_did.as_deref(),
+                    issuer_proving_key.as_deref(),
                 ).await
                 .map_err(jsify_vade_evan_error)?)
         }
@@ -453,21 +456,6 @@ cfg_if::cfg_if! {
                 .map_err(jsify_vade_evan_error)?)
         }
 
-        #[cfg(all(feature = "vc-zkp-bbs", feature = "did-sidetree"))]
-        #[wasm_bindgen]
-        pub async fn helper_create_proof_proposal(
-            schema_did: String,
-            revealed_attributes: Option<String>,
-        ) -> Result<String, JsValue> {
-            let mut vade_evan = get_vade_evan(None).map_err(jsify_generic_error)?;
-            Ok(vade_evan
-                .helper_create_proof_proposal(
-                    &schema_did,
-                    revealed_attributes.as_deref(),
-                ).await
-                .map_err(jsify_vade_evan_error)?)
-        }
-
         #[cfg(all(feature = "vc-zkp-bbs", feature = "did-sidetree"))]
         #[wasm_bindgen]
         pub async fn helper_create_proof_request(
@@ -768,7 +756,8 @@ pub async fn execute_vade(
                     helper_revoke_credential(
                         payload.credential,
                         payload.update_key_jwk,
-                        payload.private_key,
+                        payload.issuer_public_key_did,
+                        payload.issuer_proving_key,
                     )
                     .await
                 }