-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for issuer custom/alternative origin #2356
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -91,16 +91,32 @@ const verifyCredentials = async ({ | |
} | ||
} | ||
|
||
const validationResult = await withLoader(() => | ||
// Verify that principals may be issued to RP using the specified | ||
// derivation origin | ||
const validRpDerivationOrigin = await withLoader(() => | ||
validateDerivationOrigin(rpOrigin_, rpDerivationOrigin) | ||
); | ||
if (validationResult.result === "invalid") { | ||
if (validRpDerivationOrigin.result === "invalid") { | ||
return abortedCredentials({ reason: "bad_derivation_origin_rp" }); | ||
} | ||
validationResult.result satisfies "valid"; | ||
validRpDerivationOrigin.result satisfies "valid"; | ||
const rpOrigin = rpDerivationOrigin ?? rpOrigin_; | ||
|
||
const vcIssuer = new VcIssuer(issuerCanisterId); | ||
|
||
const issuerDerivationOriginResult = await getValidatedIssuerDerivationOrigin( | ||
{ | ||
vcIssuer, | ||
issuerOrigin, | ||
} | ||
); | ||
|
||
if (issuerDerivationOriginResult.kind === "error") { | ||
return abortedCredentials({ reason: issuerDerivationOriginResult.err }); | ||
} | ||
|
||
const issuerDerivationOrigin = issuerDerivationOriginResult.origin; | ||
|
||
// XXX: We don't check that the language matches the user's language. We need | ||
// to figure what to do UX-wise first. | ||
const consentInfo = await vcIssuer.getConsentMessage({ credentialSpec }); | ||
|
@@ -164,7 +180,7 @@ const verifyCredentials = async ({ | |
|
||
const pAliasPending = getAliasCredentials({ | ||
rpOrigin, | ||
issuerOrigin, | ||
issuerOrigin: issuerDerivationOrigin /* Use the actual derivation origin */, | ||
authenticatedConnection, | ||
}); | ||
|
||
|
@@ -180,7 +196,7 @@ const verifyCredentials = async ({ | |
|
||
const issuedCredential = await issueCredential({ | ||
vcIssuer, | ||
issuerOrigin, | ||
issuerOrigin: issuerDerivationOrigin, | ||
issuerAliasCredential: pAlias.issuerAliasCredential, | ||
credentialSpec, | ||
authenticatedConnection, | ||
|
@@ -302,6 +318,46 @@ const getAliasCredentials = async ({ | |
return { ok: { rpAliasCredential, issuerAliasCredential } }; | ||
}; | ||
|
||
// Looks up and verify the derivation origin to be used by the issuer | ||
const getValidatedIssuerDerivationOrigin = async ({ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do I understand correctly that there are no unit tests because everything is tested with e2e tests? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No, there's no particular reason. How would you test this with a unit test? |
||
vcIssuer, | ||
issuerOrigin, | ||
}: { | ||
vcIssuer: VcIssuer; | ||
issuerOrigin: string; | ||
}): Promise< | ||
| { | ||
kind: "error"; | ||
err: | ||
| "derivation_origin_issuer_error" | ||
| "invalid_derivation_origin_issuer"; | ||
} | ||
| { kind: "ok"; origin: string } | ||
> => { | ||
const result = await vcIssuer.getDerivationOrigin({ origin: issuerOrigin }); | ||
|
||
if (result.kind === "error") { | ||
return { kind: "error", err: "derivation_origin_issuer_error" }; | ||
} | ||
|
||
result.kind satisfies "origin"; | ||
|
||
const validDerivationOrigin = await validateDerivationOrigin( | ||
issuerOrigin, | ||
result.origin | ||
); | ||
if (validDerivationOrigin.result === "invalid") { | ||
console.error( | ||
"Invalid derivation origin for issuer", | ||
JSON.stringify(validDerivationOrigin) | ||
); | ||
return { kind: "error", err: "invalid_derivation_origin_issuer" }; | ||
} | ||
validDerivationOrigin.result satisfies "valid"; | ||
|
||
return { kind: "ok", origin: result.origin }; | ||
}; | ||
|
||
// Contact the issuer to issue the credentials | ||
const issueCredential = async ({ | ||
vcIssuer, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please annotate with
#[ignore]
rather than deleting.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain why that's better? If the test needs to be resurrected it can always be found in the git history
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is more convenient to re-enable and is nagging in the test output to do something about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's unfortunate! I think the cleanest way would be to track this somewhere, otherwise (by ignoring the test) it might never get done though it will always be a slight annoyance when running the tests. And in case we never re-add the test, having it ignored is just wasted real estate in the file! Nothing as permanent as temporary solutions.