From c1e1773cbd4718acc8dbe6d4a4e22923bfd673e3 Mon Sep 17 00:00:00 2001 From: Ilya Date: Thu, 20 Jun 2024 17:22:12 +0300 Subject: [PATCH 1/4] support flag to disable mediatype checker --- cmd/notifications/main.go | 14 +- cmd/pending_publisher/main.go | 14 +- cmd/platform/main.go | 15 +- cmd/platform_ui/main.go | 15 +- internal/api/server_test.go | 91 +++++- internal/api_ui/server_test.go | 264 ++++++++++++++++-- internal/config/config.go | 15 + internal/core/services/mediatype_manager.go | 21 +- .../core/services/mediatype_manager_test.go | 61 ++-- internal/core/services/tests/identity_test.go | 15 +- internal/core/services/tests/link_test.go | 15 +- .../core/services/tests/notification_test.go | 15 +- pkg/protocol/verify.go | 53 ++-- 13 files changed, 486 insertions(+), 122 deletions(-) diff --git a/cmd/notifications/main.go b/cmd/notifications/main.go index 693935351..4bb8f6d87 100644 --- a/cmd/notifications/main.go +++ b/cmd/notifications/main.go @@ -12,6 +12,9 @@ import ( "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/ethclient" vault "github.com/hashicorp/vault/api" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + "github.com/iden3/iden3comm/v2/protocol" "github.com/polygonid/sh-id-platform/internal/buildinfo" "github.com/polygonid/sh-id-platform/internal/config" @@ -179,8 +182,17 @@ func newCredentialsService(ctx context.Context, cfg *config.Configuration, stora mtService := services.NewIdentityMerkleTrees(mtRepository) qrService := services.NewQrStoreService(cachex) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + *cfg.MediaTypeManager.StrictMode, + cfg.MediaTypeManager.Disable, + ) + identityService := services.NewIdentity(keyStore, identityRepository, mtRepository, identityStateRepository, mtService, qrService, claimsRepository, revocationRepository, nil, storage, nil, nil, ps, cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepository, identityService, qrService, mtService, identityStateRepository, schemaLoader, storage, cfg.APIUI.ServerURL, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + claimsService := services.NewClaim(claimsRepository, identityService, qrService, mtService, identityStateRepository, schemaLoader, storage, cfg.APIUI.ServerURL, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, mediaTypeManager) return claimsService, nil } diff --git a/cmd/pending_publisher/main.go b/cmd/pending_publisher/main.go index 6799d4d69..ffb060912 100644 --- a/cmd/pending_publisher/main.go +++ b/cmd/pending_publisher/main.go @@ -12,6 +12,9 @@ import ( "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/ethclient" vault "github.com/hashicorp/vault/api" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + "github.com/iden3/iden3comm/v2/protocol" "github.com/polygonid/sh-id-platform/internal/buildinfo" "github.com/polygonid/sh-id-platform/internal/config" @@ -160,8 +163,17 @@ func main() { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.GetURL(), cl, common.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + *cfg.MediaTypeManager.StrictMode, + cfg.MediaTypeManager.Disable, + ) + identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, qrService, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.APIUI.ServerURL, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.APIUI.ServerURL, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, mediaTypeManager) circuitsLoaderService := circuitLoaders.NewCircuits(cfg.Circuit.Path) proofService := initProofService(ctx, cfg, circuitsLoaderService) diff --git a/cmd/platform/main.go b/cmd/platform/main.go index 88942b011..0e8c7eaab 100644 --- a/cmd/platform/main.go +++ b/cmd/platform/main.go @@ -14,6 +14,9 @@ import ( "github.com/go-chi/cors" redis2 "github.com/go-redis/redis/v8" vault "github.com/hashicorp/vault/api" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + iden3commProtocol "github.com/iden3/iden3comm/v2/protocol" "github.com/polygonid/sh-id-platform/internal/api" "github.com/polygonid/sh-id-platform/internal/buildinfo" @@ -141,9 +144,19 @@ func main() { qrService := services.NewQrStoreService(cachex) cfg.CredentialStatus.SingleIssuer = false + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + iden3commProtocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + iden3commProtocol.RevocationStatusRequestMessageType: {"*"}, + }, + *cfg.MediaTypeManager.StrictMode, + cfg.MediaTypeManager.Disable, + ) + revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepository, mtRepository, identityStateRepository, mtService, qrService, claimsRepository, revocationRepository, nil, storage, nil, nil, ps, cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepository, identityService, qrService, mtService, identityStateRepository, schemaLoader, storage, cfg.ServerUrl, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + claimsService := services.NewClaim(claimsRepository, identityService, qrService, mtService, identityStateRepository, schemaLoader, storage, cfg.ServerUrl, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, mediaTypeManager) proofService := gateways.NewProver(ctx, cfg, circuitsLoaderService) transactionService, err := gateways.NewTransaction(ethereumClient, cfg.Ethereum.ConfirmationBlockCount) diff --git a/cmd/platform_ui/main.go b/cmd/platform_ui/main.go index 5f41eef49..f2b573e4d 100644 --- a/cmd/platform_ui/main.go +++ b/cmd/platform_ui/main.go @@ -20,6 +20,9 @@ import ( "github.com/iden3/go-iden3-auth/v2/pubsignals" "github.com/iden3/go-iden3-auth/v2/state" "github.com/iden3/go-iden3-core/v2/w3c" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + iden3commProtocol "github.com/iden3/iden3comm/v2/protocol" "github.com/polygonid/sh-id-platform/internal/api_ui" "github.com/polygonid/sh-id-platform/internal/buildinfo" @@ -173,10 +176,20 @@ func main() { qrService := services.NewQrStoreService(cachex) cfg.CredentialStatus.SingleIssuer = true + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + iden3commProtocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + iden3commProtocol.RevocationStatusRequestMessageType: {"*"}, + }, + *cfg.MediaTypeManager.StrictMode, + cfg.MediaTypeManager.Disable, + ) + revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepository, mtRepository, identityStateRepository, mtService, qrService, claimsRepository, revocationRepository, connectionsRepository, storage, verifier, sessionRepository, ps, cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) schemaService := services.NewSchema(schemaRepository, schemaLoader) - claimsService := services.NewClaim(claimsRepository, identityService, qrService, mtService, identityStateRepository, schemaLoader, storage, cfg.APIUI.ServerURL, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + claimsService := services.NewClaim(claimsRepository, identityService, qrService, mtService, identityStateRepository, schemaLoader, storage, cfg.APIUI.ServerURL, ps, cfg.IPFS.GatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepository, storage) linkService := services.NewLinkService(storage, claimsService, qrService, claimsRepository, linkRepository, schemaRepository, schemaLoader, sessionRepository, ps, cfg.IPFS.GatewayURL) diff --git a/internal/api/server_test.go b/internal/api/server_test.go index 73642a479..aa3686fc4 100644 --- a/internal/api/server_test.go +++ b/internal/api/server_test.go @@ -16,6 +16,7 @@ import ( core "github.com/iden3/go-iden3-core/v2" "github.com/iden3/go-iden3-core/v2/w3c" "github.com/iden3/go-schema-processor/v2/verifiable" + "github.com/iden3/iden3comm/v2" "github.com/iden3/iden3comm/v2/packers" "github.com/iden3/iden3comm/v2/protocol" "github.com/mitchellh/mapstructure" @@ -54,7 +55,15 @@ func TestServer_CreateIdentity(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) server := NewServer(&cfg, identityService, accountService, claimsService, nil, NewPublisherMock(), NewPackageManagerMock(), nil) handler := getHandler(context.Background(), server) @@ -251,7 +260,15 @@ func TestServer_RevokeClaim(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.GetURL(), nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(&KMSMock{}, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) server := NewServer(&cfg, identityService, accountService, claimsService, nil, NewPublisherMock(), NewPackageManagerMock(), nil) @@ -398,11 +415,20 @@ func TestServer_CreateClaim(t *testing.T) { revocationRepository := repositories.NewRevocation() connectionsRepository := repositories.NewConnections() + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.GetURL(), nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, qrService, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) pubSub := pubsub.NewMock() - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) server := NewServer(&cfg, identityService, accountService, claimsService, nil, NewPublisherMock(), NewPackageManagerMock(), nil) handler := getHandler(ctx, server) @@ -580,7 +606,16 @@ func TestServer_GetIdentities(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(&KMSMock{}, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) server := NewServer(&cfg, identityService, accountService, claimsService, nil, NewPublisherMock(), NewPackageManagerMock(), nil) handler := getHandler(context.Background(), server) @@ -655,7 +690,17 @@ func TestServer_GetClaimQrCode(t *testing.T) { idStr := "did:polygonid:polygon:mumbai:2qPrv5Yx8s1qAmEnPym68LfT7gTbASGampiGU7TseL" idNoClaims := "did:polygonid:polygon:mumbai:2qGjTUuxZKqKS4Q8UmxHUPw55g15QgEVGnj6Wkq8Vk" accountService := services.NewAccountService(cfg.Ethereum, keyStore) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) identity := &domain.Identity{ Identifier: idStr, @@ -795,7 +840,17 @@ func TestServer_GetClaim(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.GetURL(), nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(&KMSMock{}, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) server := NewServer(&cfg, identityService, accountService, claimsService, nil, NewPublisherMock(), NewPackageManagerMock(), nil) @@ -969,7 +1024,17 @@ func TestServer_GetClaims(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.GetURL(), nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) fixture := tests.NewFixture(storage) @@ -1318,7 +1383,17 @@ func TestServer_GetRevocationStatus(t *testing.T) { identity, err := identityService.Create(ctx, "http://localhost:3001", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) assert.NoError(t, err) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) server := NewServer(&cfg, identityService, accountService, claimsService, nil, NewPublisherMock(), NewPackageManagerMock(), nil) handler := getHandler(context.Background(), server) diff --git a/internal/api_ui/server_test.go b/internal/api_ui/server_test.go index 31a52cd65..d64396f36 100644 --- a/internal/api_ui/server_test.go +++ b/internal/api_ui/server_test.go @@ -17,6 +17,8 @@ import ( "github.com/google/uuid" "github.com/iden3/go-iden3-core/v2/w3c" "github.com/iden3/go-schema-processor/v2/verifiable" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" "github.com/iden3/iden3comm/v2/protocol" "github.com/mitchellh/mapstructure" "github.com/stretchr/testify/assert" @@ -49,7 +51,17 @@ func TestServer_CheckStatus(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(&KMSMock{}, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) schemaService := services.NewSchema(repositories.NewSchema(*storage), schemaLoader) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) server := NewServer(&cfg, identityService, claimsService, schemaService, NewConnectionsMock(), NewLinkMock(), nil, NewPublisherMock(), NewPackageManagerMock(), &health.Status{}) handler := getHandler(context.Background(), server) @@ -806,7 +818,16 @@ func TestServer_DeleteConnection(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -1056,7 +1077,17 @@ func TestServer_RevokeConnectionCredentials(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -1168,7 +1199,17 @@ func TestServer_CreateCredential(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) pubSub := pubsub.NewMock() - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) @@ -1344,7 +1385,17 @@ func TestServer_DeleteCredential(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) server := NewServer(&cfg, NewIdentityMock(), claimsService, NewSchemaMock(), NewConnectionsMock(), NewLinkMock(), nil, NewPublisherMock(), NewPackageManagerMock(), nil) handler := getHandler(context.Background(), server) @@ -1447,7 +1498,17 @@ func TestServer_GetCredential(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) @@ -1640,7 +1701,16 @@ func TestServer_GetCredentials(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) schemaService := services.NewSchema(schemaRepository, schemaLoader) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -2108,7 +2178,17 @@ func TestServer_GetCredentialQrCode(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, qrService, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) @@ -2262,7 +2342,17 @@ func TestServer_GetConnection(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -2447,7 +2537,17 @@ func TestServer_GetConnections(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -3125,7 +3225,17 @@ func TestServer_RevokeCredential(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(&KMSMock{}, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) fixture := tests.NewFixture(storage) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) @@ -3266,7 +3376,17 @@ func TestServer_CreateLink(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) pubSub := pubsub.NewMock() - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, nil, claimsRepo, linkRepository, schemaRespository, schemaLoader, sessionRepository, pubSub, ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -3491,7 +3611,17 @@ func TestServer_ActivateLink(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, nil, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -3640,7 +3770,17 @@ func TestServer_GetLink(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, nil, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -3816,7 +3956,17 @@ func TestServer_GetAllLinks(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, nil, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -4050,7 +4200,17 @@ func TestServer_DeleteLink(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, nil, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -4165,7 +4325,17 @@ func TestServer_DeleteLinkForDifferentDID(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, nil, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -4278,7 +4448,17 @@ func TestServer_CreateLinkQRCode(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, qrService, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, qrService, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -4431,7 +4611,17 @@ func TestServer_GetLinkQRCode(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) qrService := services.NewQrStoreService(cachex) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, qrService, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) linkService := services.NewLinkService(storage, claimsService, qrService, claimsRepo, linkRepository, schemaRepository, schemaLoader, sessionRepository, pubsub.NewMock(), ipfsGatewayURL) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) @@ -4612,7 +4802,17 @@ func TestServer_GetStateStatus(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) schema := "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json/KYCAgeCredential-v3.json" credentialSubject := map[string]any{ @@ -4761,7 +4961,17 @@ func TestServer_GetStateTransactions(t *testing.T) { revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) @@ -4848,7 +5058,17 @@ func TestServer_GetRevocationStatus(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) pubSub := pubsub.NewMock() - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) diff --git a/internal/config/config.go b/internal/config/config.go index 96b713e55..02ff36743 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -51,6 +51,7 @@ type Configuration struct { CredentialStatus CredentialStatus `mapstructure:"CredentialStatus"` CustomDIDMethods []CustomDIDMethods `mapstructure:"-"` AutoPublishingToOnChainRHS *bool `mapstructure:"AutoPublishingToOnChainRHS"` + MediaTypeManager MediaTypeManager `mapstructure:"MediaTypeManager"` } // Database has the database configuration @@ -201,6 +202,12 @@ type APIUIAuth struct { Password string `mapstructure:"Password" tip:"Server UI API Basic auth password"` } +// MediaTypeManager enables or disables the media types manager +type MediaTypeManager struct { + StrictMode *bool `mapstructure:"StrictMode" tip:"Enable/Disable strict mode"` + Disable bool `mapstructure:"Disable" tip:"Enable/Disable media type manager"` +} + // Sanitize perform some basic checks and sanitizations in the configuration. // Returns true if config is acceptable, error otherwise. func (c *Configuration) Sanitize(ctx context.Context) error { @@ -510,6 +517,9 @@ func bindEnv() { _ = viper.BindEnv("AutoPublishingToOnChainRHS", "ISSUER_AUTO_PUBLISHING_TO_ON_CHAIN_RHS") + _ = viper.BindEnv("MediaTypeManager.StrictMode", "ISSUER_MEDIA_TYPE_MANAGER_STRICT_MODE") + _ = viper.BindEnv("MediaTypeManager.Disable", "ISSUER_MEDIA_TYPE_MANAGER_DISABLE") + viper.AutomaticEnv() } @@ -634,6 +644,11 @@ func checkEnvVars(ctx context.Context, cfg *Configuration) { cfg.AutoPublishingToOnChainRHS = common.ToPointer(true) } + if cfg.MediaTypeManager.StrictMode == nil { + log.Info(ctx, "ISSUER_MEDIA_TYPE_MANAGER_STRICT_MODE is missing and the server set up it as true") + cfg.MediaTypeManager.StrictMode = common.ToPointer(true) + } + if cfg.CredentialStatus.RHSMode == "" { log.Info(ctx, "ISSUER_CREDENTIAL_STATUS_RHS_MODE value is missing and the server set up it as None") cfg.CredentialStatus.RHSMode = "None" diff --git a/internal/core/services/mediatype_manager.go b/internal/core/services/mediatype_manager.go index 4e19157d4..59d9bc08f 100644 --- a/internal/core/services/mediatype_manager.go +++ b/internal/core/services/mediatype_manager.go @@ -2,36 +2,31 @@ package services import ( "github.com/iden3/iden3comm/v2" - "github.com/iden3/iden3comm/v2/packers" - "github.com/iden3/iden3comm/v2/protocol" -) - -// DefaultMediaTypeManager default media type manager -var DefaultMediaTypeManager = NewMediaTypeManager( - map[iden3comm.ProtocolMessage][]string{ - protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, - protocol.RevocationStatusRequestMessageType: {"*"}, - }, - true, ) // MediaTypeManager manages the list of allowed media types for the protocol message type // if strictMode is true, then all messages that do not exist in the allowed list will be rejected type MediaTypeManager struct { strictMode bool + disable bool allowList map[iden3comm.ProtocolMessage][]string } // NewMediaTypeManager create instance of MediaTypeManager -func NewMediaTypeManager(allowList map[iden3comm.ProtocolMessage][]string, strictMode bool) MediaTypeManager { - return MediaTypeManager{ +func NewMediaTypeManager(allowList map[iden3comm.ProtocolMessage][]string, strictMode, disable bool) *MediaTypeManager { + return &MediaTypeManager{ strictMode: strictMode, + disable: disable, allowList: allowList, } } // AllowMediaType check if the protocol message supports the mediaType type func (m *MediaTypeManager) AllowMediaType(protoclMessage iden3comm.ProtocolMessage, mediaType iden3comm.MediaType) bool { + if m.disable { + return true + } + al, ok := m.allowList[protoclMessage] if !ok { return !m.strictMode diff --git a/internal/core/services/mediatype_manager_test.go b/internal/core/services/mediatype_manager_test.go index 0de4305a4..7b1c5b84f 100644 --- a/internal/core/services/mediatype_manager_test.go +++ b/internal/core/services/mediatype_manager_test.go @@ -19,6 +19,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype iden3comm.MediaType expected bool strictMode bool + disable bool } testcases := []testcase{ { @@ -30,6 +31,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypeZKPMessage, expected: false, strictMode: true, + disable: false, }, { name: "strictMode = false. Protocol message not in the allow list", @@ -40,6 +42,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypeZKPMessage, expected: true, strictMode: false, + disable: false, }, { name: "Protocol message on the allow list with '*'", @@ -50,6 +53,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypePlainMessage, expected: true, strictMode: true, + disable: false, }, { name: "Protocol message on the allow list with allow media type", @@ -60,6 +64,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypeZKPMessage, expected: true, strictMode: true, + disable: false, }, { name: "Protocol message on the allow list with NOT allow media type", @@ -70,6 +75,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypePlainMessage, expected: false, strictMode: true, + disable: false, }, { name: "strictMode = true. Empty allow list", @@ -78,6 +84,7 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypePlainMessage, expected: false, strictMode: true, + disable: false, }, { name: "strictMode = false. Empty allow list", @@ -86,59 +93,27 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetMediatype: packers.MediaTypePlainMessage, expected: true, strictMode: false, + disable: false, }, - } - - for _, tt := range testcases { - t.Run(tt.name, func(t *testing.T) { - mdm := services.NewMediaTypeManager( - tt.allowList, tt.strictMode, - ) - actual := mdm.AllowMediaType( - tt.targetProtocolMessage, tt.targetMediatype, - ) - require.Equal(t, tt.expected, actual) - }) - } -} - -func TestMediatypeManager_DefaultPacker(t *testing.T) { - type testcase struct { - name string - targetProtocolMessage iden3comm.ProtocolMessage - targetMediatype iden3comm.MediaType - expected bool - } - testcases := []testcase{ { - name: "call CredentialFetchRequestMessageType with MediaTypePlainMessage", - targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypePlainMessage, - expected: false, - }, - { - name: "call CredentialFetchRequestMessageType with MediaTypeZKPMessage", + name: "strictMode = true. Disable = true", + allowList: map[iden3comm.ProtocolMessage][]string{}, targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypeZKPMessage, - expected: true, - }, - { - name: "call RevocationStatusRequestMessageType with MediaTypePlainMessage", - targetProtocolMessage: protocol.RevocationStatusRequestMessageType, targetMediatype: packers.MediaTypePlainMessage, expected: true, - }, - { - name: "call RevocationStatusRequestMessageType with MediaTypeZKPMessage", - targetProtocolMessage: protocol.RevocationStatusRequestMessageType, - targetMediatype: packers.MediaTypeZKPMessage, - expected: true, + strictMode: true, + disable: true, }, } for _, tt := range testcases { t.Run(tt.name, func(t *testing.T) { - actual := services.DefaultMediaTypeManager.AllowMediaType(tt.targetProtocolMessage, tt.targetMediatype) + mdm := services.NewMediaTypeManager( + tt.allowList, tt.strictMode, tt.disable, + ) + actual := mdm.AllowMediaType( + tt.targetProtocolMessage, tt.targetMediatype, + ) require.Equal(t, tt.expected, actual) }) } diff --git a/internal/core/services/tests/identity_test.go b/internal/core/services/tests/identity_test.go index 5a63e2e6e..b04cd67c7 100644 --- a/internal/core/services/tests/identity_test.go +++ b/internal/core/services/tests/identity_test.go @@ -8,6 +8,9 @@ import ( commonEth "github.com/ethereum/go-ethereum/common" "github.com/iden3/go-iden3-core/v2/w3c" "github.com/iden3/go-schema-processor/v2/verifiable" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + "github.com/iden3/iden3comm/v2/protocol" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -41,7 +44,17 @@ func Test_identity_UpdateState(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, mediaTypeManager) identity, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) diff --git a/internal/core/services/tests/link_test.go b/internal/core/services/tests/link_test.go index 0b110f761..660cc0b78 100644 --- a/internal/core/services/tests/link_test.go +++ b/internal/core/services/tests/link_test.go @@ -10,6 +10,9 @@ import ( "github.com/google/uuid" "github.com/iden3/go-iden3-core/v2/w3c" "github.com/iden3/go-schema-processor/v2/verifiable" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + "github.com/iden3/iden3comm/v2/protocol" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -39,7 +42,17 @@ func Test_link_issueClaim(t *testing.T) { identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) sessionRepository := repositories.NewSessionCached(cachex) schemaService := services.NewSchema(schemaRepository, docLoader) - claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, mediaTypeManager) identity, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) assert.NoError(t, err) diff --git a/internal/core/services/tests/notification_test.go b/internal/core/services/tests/notification_test.go index 78e2aec30..f7c444fa1 100644 --- a/internal/core/services/tests/notification_test.go +++ b/internal/core/services/tests/notification_test.go @@ -7,6 +7,9 @@ import ( commonEth "github.com/ethereum/go-ethereum/common" "github.com/google/uuid" "github.com/iden3/go-iden3-core/v2/w3c" + "github.com/iden3/iden3comm/v2" + "github.com/iden3/iden3comm/v2/packers" + "github.com/iden3/iden3comm/v2/protocol" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -41,7 +44,17 @@ func TestNotification_SendNotification(t *testing.T) { rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.URL, nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, nil, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) - credentialsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, &services.DefaultMediaTypeManager) + + mediaTypeManager := services.NewMediaTypeManager( + map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, + }, + true, + false, + ) + + credentialsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, mediaTypeManager) connectionsService := services.NewConnection(connectionsRepository, claimsRepo, storage) iden, err := identityService.Create(ctx, "polygon-test", &ports.DIDCreationOptions{Method: method, Blockchain: blockchain, Network: network, KeyType: BJJ}) require.NoError(t, err) diff --git a/pkg/protocol/verify.go b/pkg/protocol/verify.go index 0d617e11b..354d3e510 100644 --- a/pkg/protocol/verify.go +++ b/pkg/protocol/verify.go @@ -1,11 +1,6 @@ package protocol import ( - "encoding/json" - "math/big" - "time" - - "github.com/ethereum/go-ethereum/accounts/abi/bind" "github.com/iden3/contracts-abi/state/go/abi" "github.com/iden3/go-circuits/v2" "github.com/iden3/iden3comm/v2/packers" @@ -30,30 +25,30 @@ func stateVerificationHandler(ethStateContract *abi.State) packers.VerificationH // authV2CircuitStateVerification `authV2` circuit state verification func authV2CircuitStateVerification(contract *abi.State, pubsignals []string) error { - bytePubsig, err := json.Marshal(pubsignals) - if err != nil { - return err - } - - authPubSignals := circuits.AuthV2PubSignals{} - err = authPubSignals.PubSignalsUnmarshal(bytePubsig) - if err != nil { - return err - } - - globalState := authPubSignals.GISTRoot.BigInt() - globalStateInfo, err := contract.GetGISTRootInfo(&bind.CallOpts{}, globalState) - if err != nil { - return err - } - - if globalState.Cmp(globalStateInfo.Root) != 0 { - return errors.Errorf("invalid global state info in the smart contract, expected root %s, got %s", globalState.String(), globalStateInfo.Root.String()) - } - - if (big.NewInt(0)).Cmp(globalStateInfo.ReplacedByRoot) != 0 && time.Since(time.Unix(globalStateInfo.ReplacedAtTimestamp.Int64(), 0)) > time.Minute*15 { - return errors.Errorf("global state is too old, replaced timestamp is %v", globalStateInfo.ReplacedAtTimestamp.Int64()) - } + // bytePubsig, err := json.Marshal(pubsignals) + // if err != nil { + // return err + // } + + // authPubSignals := circuits.AuthV2PubSignals{} + // err = authPubSignals.PubSignalsUnmarshal(bytePubsig) + // if err != nil { + // return err + // } + + // globalState := authPubSignals.GISTRoot.BigInt() + // globalStateInfo, err := contract.GetGISTRootInfo(&bind.CallOpts{}, globalState) + // if err != nil { + // return err + // } + + // if globalState.Cmp(globalStateInfo.Root) != 0 { + // return errors.Errorf("invalid global state info in the smart contract, expected root %s, got %s", globalState.String(), globalStateInfo.Root.String()) + // } + + // if (big.NewInt(0)).Cmp(globalStateInfo.ReplacedByRoot) != 0 && time.Since(time.Unix(globalStateInfo.ReplacedAtTimestamp.Int64(), 0)) > time.Minute*15 { + // return errors.Errorf("global state is too old, replaced timestamp is %v", globalStateInfo.ReplacedAtTimestamp.Int64()) + // } return nil } From 19055f8f4c704dd6b7b21342350d81511b54e403 Mon Sep 17 00:00:00 2001 From: Ilya Date: Thu, 20 Jun 2024 19:23:39 +0300 Subject: [PATCH 2/4] change disable flag to enabled; remove strict mode --- cmd/notifications/main.go | 3 +- cmd/pending_publisher/main.go | 3 +- cmd/platform/main.go | 3 +- cmd/platform_ui/main.go | 3 +- internal/api/server_test.go | 8 -- internal/api_ui/server_test.go | 22 ------ internal/config/config.go | 12 ++- internal/core/services/mediatype_manager.go | 16 ++-- .../core/services/mediatype_manager_test.go | 77 ++++++------------- internal/core/services/tests/identity_test.go | 1 - internal/core/services/tests/link_test.go | 1 - .../core/services/tests/notification_test.go | 1 - pkg/protocol/verify.go | 53 +++++++------ 13 files changed, 67 insertions(+), 136 deletions(-) diff --git a/cmd/notifications/main.go b/cmd/notifications/main.go index 4bb8f6d87..d55ada7ce 100644 --- a/cmd/notifications/main.go +++ b/cmd/notifications/main.go @@ -187,8 +187,7 @@ func newCredentialsService(ctx context.Context, cfg *config.Configuration, stora protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, protocol.RevocationStatusRequestMessageType: {"*"}, }, - *cfg.MediaTypeManager.StrictMode, - cfg.MediaTypeManager.Disable, + *cfg.MediaTypeManager.Enabled, ) identityService := services.NewIdentity(keyStore, identityRepository, mtRepository, identityStateRepository, mtService, qrService, claimsRepository, revocationRepository, nil, storage, nil, nil, ps, cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) diff --git a/cmd/pending_publisher/main.go b/cmd/pending_publisher/main.go index ffb060912..2490b5a23 100644 --- a/cmd/pending_publisher/main.go +++ b/cmd/pending_publisher/main.go @@ -168,8 +168,7 @@ func main() { protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, protocol.RevocationStatusRequestMessageType: {"*"}, }, - *cfg.MediaTypeManager.StrictMode, - cfg.MediaTypeManager.Disable, + *cfg.MediaTypeManager.Enabled, ) identityService := services.NewIdentity(keyStore, identityRepo, mtRepo, identityStateRepo, mtService, qrService, claimsRepo, revocationRepository, connectionsRepository, storage, nil, nil, pubsub.NewMock(), cfg.CredentialStatus, rhsFactory, revocationStatusResolver, *cfg.AutoPublishingToOnChainRHS) diff --git a/cmd/platform/main.go b/cmd/platform/main.go index 0e8c7eaab..ed432fc13 100644 --- a/cmd/platform/main.go +++ b/cmd/platform/main.go @@ -150,8 +150,7 @@ func main() { iden3commProtocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, iden3commProtocol.RevocationStatusRequestMessageType: {"*"}, }, - *cfg.MediaTypeManager.StrictMode, - cfg.MediaTypeManager.Disable, + *cfg.MediaTypeManager.Enabled, ) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) diff --git a/cmd/platform_ui/main.go b/cmd/platform_ui/main.go index f2b573e4d..1f1a91c85 100644 --- a/cmd/platform_ui/main.go +++ b/cmd/platform_ui/main.go @@ -182,8 +182,7 @@ func main() { iden3commProtocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, iden3commProtocol.RevocationStatusRequestMessageType: {"*"}, }, - *cfg.MediaTypeManager.StrictMode, - cfg.MediaTypeManager.Disable, + *cfg.MediaTypeManager.Enabled, ) revocationStatusResolver := revocation_status.NewRevocationStatusResolver(cfg.CredentialStatus) diff --git a/internal/api/server_test.go b/internal/api/server_test.go index aa3686fc4..29243219f 100644 --- a/internal/api/server_test.go +++ b/internal/api/server_test.go @@ -61,7 +61,6 @@ func TestServer_CreateIdentity(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) @@ -266,7 +265,6 @@ func TestServer_RevokeClaim(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) accountService := services.NewAccountService(cfg.Ethereum, keyStore) @@ -421,7 +419,6 @@ func TestServer_CreateClaim(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) rhsFactory := reverse_hash.NewFactory(cfg.CredentialStatus.RHS.GetURL(), nil, commonEth.HexToAddress(cfg.CredentialStatus.OnchainTreeStore.SupportedTreeStoreContract), reverse_hash.DefaultRHSTimeOut) @@ -612,7 +609,6 @@ func TestServer_GetIdentities(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -697,7 +693,6 @@ func TestServer_GetClaimQrCode(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -847,7 +842,6 @@ func TestServer_GetClaim(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1031,7 +1025,6 @@ func TestServer_GetClaims(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1390,7 +1383,6 @@ func TestServer_GetRevocationStatus(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) diff --git a/internal/api_ui/server_test.go b/internal/api_ui/server_test.go index d64396f36..43162084d 100644 --- a/internal/api_ui/server_test.go +++ b/internal/api_ui/server_test.go @@ -58,7 +58,6 @@ func TestServer_CheckStatus(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -824,7 +823,6 @@ func TestServer_DeleteConnection(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1084,7 +1082,6 @@ func TestServer_RevokeConnectionCredentials(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1206,7 +1203,6 @@ func TestServer_CreateCredential(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1392,7 +1388,6 @@ func TestServer_DeleteCredential(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, "http://localhost", pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1505,7 +1500,6 @@ func TestServer_GetCredential(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -1707,7 +1701,6 @@ func TestServer_GetCredentials(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -2185,7 +2178,6 @@ func TestServer_GetCredentialQrCode(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -2349,7 +2341,6 @@ func TestServer_GetConnection(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -2544,7 +2535,6 @@ func TestServer_GetConnections(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -3232,7 +3222,6 @@ func TestServer_RevokeCredential(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -3383,7 +3372,6 @@ func TestServer_CreateLink(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -3618,7 +3606,6 @@ func TestServer_ActivateLink(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -3777,7 +3764,6 @@ func TestServer_GetLink(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -3963,7 +3949,6 @@ func TestServer_GetAllLinks(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -4207,7 +4192,6 @@ func TestServer_DeleteLink(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -4332,7 +4316,6 @@ func TestServer_DeleteLinkForDifferentDID(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -4455,7 +4438,6 @@ func TestServer_CreateLinkQRCode(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -4618,7 +4600,6 @@ func TestServer_GetLinkQRCode(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, qrService, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -4809,7 +4790,6 @@ func TestServer_GetStateStatus(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -4968,7 +4948,6 @@ func TestServer_GetStateTransactions(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) @@ -5065,7 +5044,6 @@ func TestServer_GetRevocationStatus(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, schemaLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubSub, ipfsGatewayURL, revocationStatusResolver, mediaTypeManager) diff --git a/internal/config/config.go b/internal/config/config.go index 02ff36743..700f73bfb 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -204,8 +204,7 @@ type APIUIAuth struct { // MediaTypeManager enables or disables the media types manager type MediaTypeManager struct { - StrictMode *bool `mapstructure:"StrictMode" tip:"Enable/Disable strict mode"` - Disable bool `mapstructure:"Disable" tip:"Enable/Disable media type manager"` + Enabled *bool `mapstructure:"Enabled" tip:"Enable or disable the media type manager"` } // Sanitize perform some basic checks and sanitizations in the configuration. @@ -517,8 +516,7 @@ func bindEnv() { _ = viper.BindEnv("AutoPublishingToOnChainRHS", "ISSUER_AUTO_PUBLISHING_TO_ON_CHAIN_RHS") - _ = viper.BindEnv("MediaTypeManager.StrictMode", "ISSUER_MEDIA_TYPE_MANAGER_STRICT_MODE") - _ = viper.BindEnv("MediaTypeManager.Disable", "ISSUER_MEDIA_TYPE_MANAGER_DISABLE") + _ = viper.BindEnv("MediaTypeManager.Enabled", "ISSUER_MEDIA_TYPE_MANAGER_ENABLED") viper.AutomaticEnv() } @@ -644,9 +642,9 @@ func checkEnvVars(ctx context.Context, cfg *Configuration) { cfg.AutoPublishingToOnChainRHS = common.ToPointer(true) } - if cfg.MediaTypeManager.StrictMode == nil { - log.Info(ctx, "ISSUER_MEDIA_TYPE_MANAGER_STRICT_MODE is missing and the server set up it as true") - cfg.MediaTypeManager.StrictMode = common.ToPointer(true) + if cfg.MediaTypeManager.Enabled == nil { + log.Info(ctx, "ISSUER_MEDIA_TYPE_MANAGER_ENABLED is missing and the server set up it as true") + cfg.MediaTypeManager.Enabled = common.ToPointer(true) } if cfg.CredentialStatus.RHSMode == "" { diff --git a/internal/core/services/mediatype_manager.go b/internal/core/services/mediatype_manager.go index 59d9bc08f..975f5ee02 100644 --- a/internal/core/services/mediatype_manager.go +++ b/internal/core/services/mediatype_manager.go @@ -7,29 +7,27 @@ import ( // MediaTypeManager manages the list of allowed media types for the protocol message type // if strictMode is true, then all messages that do not exist in the allowed list will be rejected type MediaTypeManager struct { - strictMode bool - disable bool - allowList map[iden3comm.ProtocolMessage][]string + enabled bool + allowList map[iden3comm.ProtocolMessage][]string } // NewMediaTypeManager create instance of MediaTypeManager -func NewMediaTypeManager(allowList map[iden3comm.ProtocolMessage][]string, strictMode, disable bool) *MediaTypeManager { +func NewMediaTypeManager(allowList map[iden3comm.ProtocolMessage][]string, enabled bool) *MediaTypeManager { return &MediaTypeManager{ - strictMode: strictMode, - disable: disable, - allowList: allowList, + enabled: enabled, + allowList: allowList, } } // AllowMediaType check if the protocol message supports the mediaType type func (m *MediaTypeManager) AllowMediaType(protoclMessage iden3comm.ProtocolMessage, mediaType iden3comm.MediaType) bool { - if m.disable { + if !m.enabled { return true } al, ok := m.allowList[protoclMessage] if !ok { - return !m.strictMode + return false } for _, v := range al { if v == "*" || v == string(mediaType) { diff --git a/internal/core/services/mediatype_manager_test.go b/internal/core/services/mediatype_manager_test.go index 7b1c5b84f..5c8dac902 100644 --- a/internal/core/services/mediatype_manager_test.go +++ b/internal/core/services/mediatype_manager_test.go @@ -18,98 +18,65 @@ func TestMediatypeManager_AllowList(t *testing.T) { targetProtocolMessage iden3comm.ProtocolMessage targetMediatype iden3comm.MediaType expected bool - strictMode bool - disable bool + enabled bool } testcases := []testcase{ { - name: "strictMode = true. Protocol message not in the allow list", + name: "AllowList enabled. Type in the list", allowList: map[iden3comm.ProtocolMessage][]string{ - protocol.RevocationStatusRequestMessageType: {"*"}, - }, - targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypeZKPMessage, - expected: false, - strictMode: true, - disable: false, - }, - { - name: "strictMode = false. Protocol message not in the allow list", - allowList: map[iden3comm.ProtocolMessage][]string{ - protocol.RevocationStatusRequestMessageType: {"*"}, + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, }, targetProtocolMessage: protocol.CredentialFetchRequestMessageType, targetMediatype: packers.MediaTypeZKPMessage, expected: true, - strictMode: false, - disable: false, + enabled: true, }, { - name: "Protocol message on the allow list with '*'", + name: "AllowList enabled. Type in the list with wildcard", allowList: map[iden3comm.ProtocolMessage][]string{ protocol.CredentialFetchRequestMessageType: {"*"}, }, targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypePlainMessage, + targetMediatype: packers.MediaTypeZKPMessage, expected: true, - strictMode: true, - disable: false, + enabled: true, }, { - name: "Protocol message on the allow list with allow media type", + name: "AllowList enabled. Type not in the list", allowList: map[iden3comm.ProtocolMessage][]string{ - protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.RevocationStatusRequestMessageType: {"*"}, }, targetProtocolMessage: protocol.CredentialFetchRequestMessageType, targetMediatype: packers.MediaTypeZKPMessage, - expected: true, - strictMode: true, - disable: false, + expected: false, + enabled: true, }, { - name: "Protocol message on the allow list with NOT allow media type", + name: "AllowList enabled. Type does not exist", allowList: map[iden3comm.ProtocolMessage][]string{ - protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypeZKPMessage)}, + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypePlainMessage)}, }, targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypePlainMessage, - expected: false, - strictMode: true, - disable: false, - }, - { - name: "strictMode = true. Empty allow list", - allowList: map[iden3comm.ProtocolMessage][]string{}, - targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypePlainMessage, + targetMediatype: packers.MediaTypeZKPMessage, expected: false, - strictMode: true, - disable: false, + enabled: true, }, { - name: "strictMode = false. Empty allow list", - allowList: map[iden3comm.ProtocolMessage][]string{}, - targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypePlainMessage, - expected: true, - strictMode: false, - disable: false, - }, - { - name: "strictMode = true. Disable = true", - allowList: map[iden3comm.ProtocolMessage][]string{}, + name: "AllowList disabled. Type does not exist", + allowList: map[iden3comm.ProtocolMessage][]string{ + protocol.CredentialFetchRequestMessageType: {string(packers.MediaTypePlainMessage)}, + }, targetProtocolMessage: protocol.CredentialFetchRequestMessageType, - targetMediatype: packers.MediaTypePlainMessage, + targetMediatype: packers.MediaTypeZKPMessage, expected: true, - strictMode: true, - disable: true, + enabled: false, }, } for _, tt := range testcases { t.Run(tt.name, func(t *testing.T) { mdm := services.NewMediaTypeManager( - tt.allowList, tt.strictMode, tt.disable, + tt.allowList, tt.enabled, ) actual := mdm.AllowMediaType( tt.targetProtocolMessage, tt.targetMediatype, diff --git a/internal/core/services/tests/identity_test.go b/internal/core/services/tests/identity_test.go index b04cd67c7..011f3f0ec 100644 --- a/internal/core/services/tests/identity_test.go +++ b/internal/core/services/tests/identity_test.go @@ -51,7 +51,6 @@ func Test_identity_UpdateState(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, mediaTypeManager) diff --git a/internal/core/services/tests/link_test.go b/internal/core/services/tests/link_test.go index 660cc0b78..3a7c5adb8 100644 --- a/internal/core/services/tests/link_test.go +++ b/internal/core/services/tests/link_test.go @@ -49,7 +49,6 @@ func Test_link_issueClaim(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) claimsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, mediaTypeManager) diff --git a/internal/core/services/tests/notification_test.go b/internal/core/services/tests/notification_test.go index f7c444fa1..a128c4459 100644 --- a/internal/core/services/tests/notification_test.go +++ b/internal/core/services/tests/notification_test.go @@ -51,7 +51,6 @@ func TestNotification_SendNotification(t *testing.T) { protocol.RevocationStatusRequestMessageType: {"*"}, }, true, - false, ) credentialsService := services.NewClaim(claimsRepo, identityService, nil, mtService, identityStateRepo, docLoader, storage, cfg.CredentialStatus.Iden3CommAgentStatus.GetURL(), pubsub.NewMock(), ipfsGateway, revocationStatusResolver, mediaTypeManager) diff --git a/pkg/protocol/verify.go b/pkg/protocol/verify.go index 354d3e510..0d617e11b 100644 --- a/pkg/protocol/verify.go +++ b/pkg/protocol/verify.go @@ -1,6 +1,11 @@ package protocol import ( + "encoding/json" + "math/big" + "time" + + "github.com/ethereum/go-ethereum/accounts/abi/bind" "github.com/iden3/contracts-abi/state/go/abi" "github.com/iden3/go-circuits/v2" "github.com/iden3/iden3comm/v2/packers" @@ -25,30 +30,30 @@ func stateVerificationHandler(ethStateContract *abi.State) packers.VerificationH // authV2CircuitStateVerification `authV2` circuit state verification func authV2CircuitStateVerification(contract *abi.State, pubsignals []string) error { - // bytePubsig, err := json.Marshal(pubsignals) - // if err != nil { - // return err - // } - - // authPubSignals := circuits.AuthV2PubSignals{} - // err = authPubSignals.PubSignalsUnmarshal(bytePubsig) - // if err != nil { - // return err - // } - - // globalState := authPubSignals.GISTRoot.BigInt() - // globalStateInfo, err := contract.GetGISTRootInfo(&bind.CallOpts{}, globalState) - // if err != nil { - // return err - // } - - // if globalState.Cmp(globalStateInfo.Root) != 0 { - // return errors.Errorf("invalid global state info in the smart contract, expected root %s, got %s", globalState.String(), globalStateInfo.Root.String()) - // } - - // if (big.NewInt(0)).Cmp(globalStateInfo.ReplacedByRoot) != 0 && time.Since(time.Unix(globalStateInfo.ReplacedAtTimestamp.Int64(), 0)) > time.Minute*15 { - // return errors.Errorf("global state is too old, replaced timestamp is %v", globalStateInfo.ReplacedAtTimestamp.Int64()) - // } + bytePubsig, err := json.Marshal(pubsignals) + if err != nil { + return err + } + + authPubSignals := circuits.AuthV2PubSignals{} + err = authPubSignals.PubSignalsUnmarshal(bytePubsig) + if err != nil { + return err + } + + globalState := authPubSignals.GISTRoot.BigInt() + globalStateInfo, err := contract.GetGISTRootInfo(&bind.CallOpts{}, globalState) + if err != nil { + return err + } + + if globalState.Cmp(globalStateInfo.Root) != 0 { + return errors.Errorf("invalid global state info in the smart contract, expected root %s, got %s", globalState.String(), globalStateInfo.Root.String()) + } + + if (big.NewInt(0)).Cmp(globalStateInfo.ReplacedByRoot) != 0 && time.Since(time.Unix(globalStateInfo.ReplacedAtTimestamp.Int64(), 0)) > time.Minute*15 { + return errors.Errorf("global state is too old, replaced timestamp is %v", globalStateInfo.ReplacedAtTimestamp.Int64()) + } return nil } From fbdcb0cfd77d1ecfe9bc4e4caea4d2cbc3b056db Mon Sep 17 00:00:00 2001 From: Ilya Date: Thu, 20 Jun 2024 19:34:57 +0300 Subject: [PATCH 3/4] clear code --- internal/core/services/claims.go | 2 +- internal/core/services/identity.go | 40 +++++++++++------------------- 2 files changed, 16 insertions(+), 26 deletions(-) diff --git a/internal/core/services/claims.go b/internal/core/services/claims.go index 5a044a30b..243970374 100644 --- a/internal/core/services/claims.go +++ b/internal/core/services/claims.go @@ -370,7 +370,7 @@ func (c *claim) GetCredentialQrCode(ctx context.Context, issID *w3c.DID, id uuid func (c *claim) Agent(ctx context.Context, req *ports.AgentRequest, mediatype iden3comm.MediaType) (*domain.Agent, error) { if !c.mediatypeManager.AllowMediaType(req.Type, mediatype) { - err := fmt.Errorf("unsupported media type '%s' for message type '%s'", req.Typ, req.Type) + err := fmt.Errorf("unsupported media type '%s' for message type '%s'", mediatype, req.Type) log.Error(ctx, "agent: unsupported media type", "err", err) return nil, err } diff --git a/internal/core/services/identity.go b/internal/core/services/identity.go index c15d8502d..bbfde530d 100644 --- a/internal/core/services/identity.go +++ b/internal/core/services/identity.go @@ -749,32 +749,22 @@ func (i *identity) createIdentity(ctx context.Context, tx db.Querier, hostURL st return nil, nil, fmt.Errorf("can't create RHS publisher: %w", err) } - if len(rhsPublishers) > 0 { - if rhsMode == reverse_hash.RHSModeOnChain && !i.autoPublishingToOnChainRHS { - log.Info(ctx, - "state info (bigints):", - "root:", identity.State.TreeState().State.BigInt().String(), - "claimsTreeRoot:", claimsTree.Root().BigInt().String(), - "revocationsTreeRoot:", merkletree.HashZero.BigInt().String(), - "rootOfRootsTreeRoot:", merkletree.HashZero.BigInt().String(), - ) - } else { - log.Info(ctx, "publishing state to RHS", "publishers", len(rhsPublishers)) - for _, rhsPublisher := range rhsPublishers { - err := rhsPublisher.PublishNodesToRHS(ctx, []mtproof.Node{ - { - Hash: identity.State.TreeState().State, - Children: []*merkletree.Hash{ - claimsTree.Root(), - &merkletree.HashZero, - &merkletree.HashZero, - }, + if len(rhsPublishers) > 0 && !(rhsMode == reverse_hash.RHSModeOnChain && !i.autoPublishingToOnChainRHS) { + log.Info(ctx, "publishing state to RHS", "publishers", len(rhsPublishers)) + for _, rhsPublisher := range rhsPublishers { + err := rhsPublisher.PublishNodesToRHS(ctx, []mtproof.Node{ + { + Hash: identity.State.TreeState().State, + Children: []*merkletree.Hash{ + claimsTree.Root(), + &merkletree.HashZero, + &merkletree.HashZero, }, - }) - if err != nil { - log.Error(ctx, "publishing state to RHS", "err", err) - return nil, nil, err - } + }, + }) + if err != nil { + log.Error(ctx, "publishing state to RHS", "err", err) + return nil, nil, err } } } From 5a580c9f73188294ee3415aa978a126b26462a84 Mon Sep 17 00:00:00 2001 From: Ilya Date: Thu, 20 Jun 2024 20:37:32 +0300 Subject: [PATCH 4/4] add new envs in sample --- .env-issuer.sample | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.env-issuer.sample b/.env-issuer.sample index d2b3b9a90..cf340c54d 100644 --- a/.env-issuer.sample +++ b/.env-issuer.sample @@ -46,4 +46,8 @@ ISSUER_CREDENTIAL_STATUS_ONCHAIN_TREE_STORE_SUPPORTED_CONTRACT=0x3d3763eC0a50CE1 ISSUER_CREDENTIAL_STATUS_RHS_URL=http://localhost:3001 ISSUER_CREDENTIAL_STATUS_PUBLISHING_KEY_PATH=pbkey ISSUER_CREDENTIAL_STATUS_RHS_MODE=None -ISSUER_CREDENTIAL_STATUS_RHS_CHAIN_ID=<80002 | 80001 | 137> \ No newline at end of file +ISSUER_CREDENTIAL_STATUS_RHS_CHAIN_ID=<80002 | 80001 | 137> + +ISSUER_MEDIA_TYPE_MANAGER_ENABLED=true + +ISSUER_AUTO_PUBLISHING_TO_ON_CHAIN_RHS=true