Merge pull request #51 from OpenMined/howard/#21-revocation

Implement Revocation API

Author: wip-abramson

libs/aries-basic-controller/aries_basic_controller/aries_controller.py

@@ -17,6 +17,7 @@
 from .controllers.server import ServerController
 from .controllers.oob import OOBController
 from .controllers.action_menu import ActionMenuController
+from .controllers.revocation import RevocationController
 
 import logging
 
@@ -36,6 +37,7 @@ def __init__(
         messaging: bool = True,
         issuer: bool = True,
         action_menu: bool = True,
+        revocations: bool = True,
         api_key: str = None,
     ):
 
@@ -75,6 +77,11 @@ def __init__(
 
         if action_menu:
             self.action_menu = ActionMenuController(self.admin_url, self.client_session)
+        if revocations:
+            self.revocations = RevocationController(
+                self.admin_url,
+                self.client_session
+            )
 
     def register_listeners(self, listeners, defaults=True):
         if defaults:
@@ -85,7 +92,6 @@ def register_listeners(self, listeners, defaults=True):
             if self.proofs:
                 pub.subscribe(self.proofs.default_handler, "present_proof")
 
-
         for listener in listeners:
             pub.subscribe(listener["handler"], listener["topic"])
 
@@ -108,11 +114,7 @@ async def handle_webhook(self, topic, payload):
         pub.sendMessage(topic, payload=payload)
         return web.Response(status=200)
 
-
     async def terminate(self):
         await self.client_session.close()
         if self.webhook_site:
             await self.webhook_site.stop()
-
-
-

libs/aries-basic-controller/aries_basic_controller/controllers/base.py

@@ -16,6 +16,7 @@
 
 EVENT_LOGGER = logging.getLogger("event")
 
+
 class repr_json:
     def __init__(self, val):
         self.val = val
@@ -52,7 +53,6 @@ def handle_output(self, *output, source: str = None, **kwargs):
             color = None
         log_msg(*output, color=color, prefix=self.prefix_str, end=end, **kwargs)
 
-
     async def admin_request(
         self, method, path, json_data=None, text=False, params=None, data=None
     ) -> ClientResponse:
@@ -71,7 +71,6 @@ async def admin_request(
                     raise Exception(f"Error decoding JSON: {resp_text}") from e
             return resp_text
 
-
     async def admin_GET(self, path, text=False, params=None) -> ClientResponse:
         try:
             EVENT_LOGGER.debug("Controller GET %s request to Agent", path)
@@ -95,13 +94,54 @@ async def admin_POST(
             )
             response = await self.admin_request("POST", path, json_data, text, params, data)
             EVENT_LOGGER.debug(
-                "Response from POST %s received: \n%s", path, repr_json(response),
+                "Response from POST %s received: \n%s",
+                path,
+                repr_json(response),
             )
             return response
         except ClientError as e:
             self.log(f"Error during POST {path}: {str(e)}")
             raise
 
+    async def admin_PATCH(
+        self, path, json_data=None, text=False, params=None, data=None
+    ) -> ClientResponse:
+        try:
+            EVENT_LOGGER.debug(
+                "Controller PATCH %s request to Agent%s",
+                path,
+                (" with data: \n{}".format(repr_json(json_data)) if json_data else ""),
+            )
+            response = await self.admin_request("PATCH", path, json_data, text, params, data)
+            EVENT_LOGGER.debug(
+                "Response from PATCH %s received: \n%s",
+                path,
+                repr_json(response)
+            )
+            return response
+        except ClientError as e:
+            self.log(f"Error during PATCH {path}: {str(e)}")
+            raise
+
+    async def admin_PUT(
+        self, path, json_data=None, text=False, params=None, data=None
+    ) -> ClientResponse:
+        try:
+            EVENT_LOGGER.debug(
+                "Controller PUT %s request to Agent%s",
+                path,
+                (" with data: \n{}".format(repr_json(json_data)) if json_data else ""),
+            )
+            response = await self.admin_request("PUT", path, json_data, text, params, data)
+            EVENT_LOGGER.debug(
+                "Response from PUT %s received: \n%s",
+                path,
+                repr_json(response)
+            )
+            return response
+        except ClientError as e:
+            self.log(f"Error during PUT {path}: {str(e)}")
+            raise
 
     async def admin_DELETE(
             self, path, text=False, params=None

libs/aries-basic-controller/aries_basic_controller/controllers/credential.py

@@ -30,4 +30,4 @@ async def get_all(self, wql_query: str = None, count: int = None, start: int = N
         return await self.admin_GET("/credentials", params=params)
 
     async def is_revoked(self, credential_id):
-        return await self.admin_GET(f"credential/revoked/{credential_id}")
+        return await self.admin_GET(f"/credential/revoked/{credential_id}")

libs/aries-basic-controller/aries_basic_controller/controllers/revocation.py

@@ -0,0 +1,216 @@
+from .base import BaseController
+from ..models.errors import InputError
+
+from aiohttp import (
+    ClientSession,
+)
+import asyncio
+
+
+class RevocationController(BaseController):
+
+    def __init__(self, admin_url: str, client_session: ClientSession):
+        super().__init__(admin_url, client_session)
+        self.base_url = "/revocation"
+        self.revocation_states = set([
+            "init", "generated", "posted", "active", "full"
+        ])
+
+    async def revoke_credential(self, cred_ex_id: str = "", cred_rev_id: str = "", rev_reg_id: str = "", publish: bool = False):
+        """
+        Revoke an issued credential.
+
+        This method does not publish revocation to the ledger immediately by default - instead, marks it as pending.
+        Either (cred_ex_id) OR (cred_rev_id AND rev_reg_id) are required.
+        """
+
+        req_body = {
+            "publish": publish
+        }
+        if cred_ex_id:
+            req_body["cred_ex_id"] = cred_ex_id
+        elif cred_rev_id and rev_reg_id:
+            req_body["cred_rev_id"] = cred_rev_id
+            req_body["rev_reg_id"] = rev_reg_id
+        else:
+            raise InputError(
+                "Either (cred_ex_id) OR (cred_rev_id AND rev_reg_id) are required."
+            )
+
+        return await self.admin_POST(f"{self.base_url}/revoke", json_data=req_body)
+
+    async def publish_pending_revocations(self, pending_revs):
+        """
+        Publish pending revocations to ledger.
+
+        Takes in a list of dicts with str key-values, transforms into the correct
+        API schema.
+
+        eg. pending_revs = [{ "sample-rev-reg-id": "sample-cred-rev-id" }]
+        """
+
+        req_body = {
+            "rrid2crid": {}
+        }
+
+        for rev in pending_revs:
+            # check if revocation registry id already exists in map, if so, simply append to array
+            if rev.rev_reg_id in req_body["rrid2crid"]:
+                req_body["rrid2crid"][rev.rev_reg_id].append(rev.cred_rev_id)
+            else:
+                req_body["rrid2crid"][rev.rev_reg_id] = [rev.cred_rev_id]
+
+        return await self.admin_POST(f"{self.base_url}/publish-revocations", json_data=req_body)
+
+    async def clear_pending_revocations(self, pending_revs):
+        """
+        Clear pending revocations.
+
+        Takes in a list of dicts with str key-values, transforms into the correct
+        API schema.
+
+        eg. pending_revs = [{ "sample-rev-reg-id": "sample-cred-rev-id" }]
+        """
+
+        req_body = {
+            "purge": {}
+        }
+
+        for rev in pending_revs:
+            # check if revocation registry id already exists in map, if so, simply append to array
+            if rev.rev_reg_id in req_body["purge"]:
+                req_body["purge"][rev.rev_reg_id].append(rev.cred_rev_id)
+            else:
+                req_body["purge"][rev.rev_reg_id] = [rev.cred_rev_id]
+
+        return await self.admin_POST(f"{self.base_url}/clear-pending-revocations", json_data=req_body)
+
+    async def get_credential_revocation_status(self, cred_ex_id: str, cred_rev_id: str, rev_reg_id: str):
+        """
+        Get credential revocation status.
+        """
+
+        params = {}
+        if cred_ex_id:
+            params["cred_ex_id"] = cred_ex_id
+        if cred_rev_id:
+            params["cred_rev_id"] = cred_rev_id
+        if rev_reg_id:
+            params["rev_reg_id"] = rev_reg_id
+
+        return await self.admin_GET(f"{self.base_url}/credential-record", params=params)
+
+    async def get_created_revocation_registries(self, cred_def_id: str, rev_reg_state: str):
+        """
+        Search for matching revocation registries that current agnet created.
+        """
+
+        params = {}
+        if cred_def_id:
+            params["cred_def_id"] = cred_def_id
+        if rev_reg_state:
+            if not self.__validate_revocation_registry_state(rev_reg_state):
+                raise InputError("invalid revocation registry state input")
+            params["state"] = rev_reg_state
+
+        return await self.admin_GET(f"{self.base_url}/registries/created", params=params)
+
+    async def get_revocation_registry(self, rev_reg_id: str):
+        """
+        Get revocation registry by revocation registry id
+        """
+
+        return await self.admin_GET(f"{self.base_url}/registry/{rev_reg_id}")
+
+    async def update_revocation_registry_tails_file(self, rev_reg_id: str, tail_file_uri: str):
+        """
+        Update revocation registry by revocation registry id.
+        """
+
+        req_body = {
+            "tails_public_uri": tail_file_uri
+        }
+
+        return await self.admin_PATCH(f"{self.base_url}/registry/{rev_reg_id}", json_data=req_body)
+
+    async def get_active_revocation_registry_by_cred_def(self, cred_def_id: str):
+        """
+        Get current active revocation registry by credential definition id.
+        """
+
+        return await self.admin_GET(f"{self.base_url}/active-registry/{cred_def_id}")
+
+    async def get_num_credentials_issued_by_revocation_registry(self, rev_reg_id: str):
+        """
+        Get number of credentials issued against revocation registry.
+        """
+
+        response = await self.admin_GET(f"{self.base_url}/registry/{rev_reg_id}/issued")
+        return response["result"]
+
+    async def create_revocation_registry(self, cred_def_id: str, max_cred_num: int):
+        """
+        Creates a new revocation registry.
+        """
+
+        req_body = {
+            "credential_definition_id": cred_def_id,
+            "max_cred_num": max_cred_num
+        }
+
+        return await self.admin_POST(f"{self.base_url}/create-registry", json_data=req_body)
+
+    async def send_revocation_registry_definition(self, rev_reg_id: str):
+        """
+        Send revocation registry definition to ledger.
+        """
+
+        return await self.admin_POST(f"{self.base_url}/registry/{rev_reg_id}/definition")
+
+    async def send_revocation_registry_entry(self, rev_reg_id: str):
+        """
+        Send revocation registry entry to ledger.
+        """
+
+        return await self.admin_POST(f"{self.base_url}/registry/{rev_reg_id}/entry")
+
+    async def upload_revocation_registry_tails_file(self, rev_reg_id: str):
+        """
+        Upload local tails file to server.
+        """
+
+        return await self.admin_PUT(f"{self.base_url}/registry/{rev_reg_id}/tails-file")
+
+    """
+    TODO: this API call downloads the Tails file as an octet stream. We need to consider if we
+    want to build support for this
+    """
+    # async def get_revocation_registry_tails_file(self, rev_reg_id: str):
+    #     """
+    #     Download tails file.
+    #     """
+    #     return await self.admin_GET(f"{self.base_url}/registry/{rev_reg_id}/tails-file")
+
+    async def update_revocation_registry_state(self, rev_reg_id: str, state: str):
+        """
+        Set revocation registry state manually.
+        """
+
+        params = {}
+        if state:
+            if not self.__validate_revocation_registry_state(state):
+                raise InputError("invalid revocation registry state input")
+            params["state"] = state
+
+        return await self.admin_PATCH(f"{self.base_url}/registry/{rev_reg_id}/set-state", params=params)
+
+    """
+    Private utility methods.
+    """
+
+    def __validate_revocation_registry_state(self, state: str) -> bool:
+        """
+        Validate if state input is one of init, generated, posted, active, full.
+        """
+
+        return state in self.revocation_states

libs/aries-basic-controller/aries_basic_controller/models/errors.py

@@ -0,0 +1,14 @@
+class Error(Exception):
+    """Base class for exceptions in this module."""
+    pass
+
+
+class InputError(Error):
+    """Exception raised for errors in the input.
+
+    Attributes:
+        message -- explanation of the error
+    """
+
+    def __init__(self, message):
+        self.message = message