Initial support for revocation of Verifiable Credentials

This commit is contained in:
Daniel Armengod 2024-01-31 10:54:40 +01:00
parent 01eb3b3468
commit e7f6153c62
3 changed files with 22 additions and 3 deletions

View File

@ -440,6 +440,7 @@ class DID(models.Model):
related_name='dids', related_name='dids',
null=True, null=True,
) )
# JSON-serialized DID document
didweb_document = models.TextField() didweb_document = models.TextField()
def get_key_material(self, password): def get_key_material(self, password):
@ -589,6 +590,7 @@ class VerificableCredential(models.Model):
on_delete=models.CASCADE, on_delete=models.CASCADE,
related_name='vcredentials', related_name='vcredentials',
) )
revocationBitmapIndex = models.AutoField()
def get_data(self, password): def get_data(self, password):
if not self.data: if not self.data:

View File

@ -1,3 +1,4 @@
import json
import uuid import uuid
from django.conf import settings from django.conf import settings
@ -11,7 +12,7 @@ from django.shortcuts import get_object_or_404, redirect
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.http import HttpResponseRedirect, HttpResponse, Http404 from django.http import HttpResponseRedirect, HttpResponse, Http404
from idhub.models import DID from idhub.models import DID, VerificableCredential
from idhub.email.views import NotifyActivateUserByEmail from idhub.email.views import NotifyActivateUserByEmail
from trustchain_idhub import settings from trustchain_idhub import settings
@ -79,7 +80,20 @@ class PasswordResetConfirmView(auth_views.PasswordResetConfirmView):
def serve_did(request, did_id): def serve_did(request, did_id):
id_did = f'did:web:{settings.DOMAIN}:did-registry:{did_id}' id_did = f'did:web:{settings.DOMAIN}:did-registry:{did_id}'
did = get_object_or_404(DID, did=id_did) did = get_object_or_404(DID, did=id_did)
document = did.didweb_document # Deserialize the base DID from JSON storage
document = json.loads(did.didweb_document)
revoked_credentials = did.verificablecredential_set.filter(status=VerificableCredential.Status.REVOKED)
revoked_credential_indexes = []
for credential in revoked_credentials:
revoked_credential_indexes.append(credential.revocationBitmapIndex)
encoded_revocation_bitmap = None # TODO
revocation_service = [{
"id": f"{id_did}#revocation",
"type": "RevocationBitmap2022",
"serviceEndpoint": f"data:application/octet-stream;base64,{encoded_revocation_bitmap}"
}]
# Serialize the DID + Revocation list in preparation for sending
document = json.dumps(document)
retval = HttpResponse(document) retval = HttpResponse(document)
retval.headers["Content-Type"] = "application/json" retval.headers["Content-Type"] = "application/json"
return retval return retval

View File

@ -101,7 +101,10 @@ def verify_credential(vc):
async def inner(): async def inner():
return await didkit.verify_credential(vc, '{"proofFormat": "ldp"}') return await didkit.verify_credential(vc, '{"proofFormat": "ldp"}')
return asyncio.run(inner()) valid, reason = asyncio.run(inner())
if not valid:
return valid, reason
# Credential passes basic signature verification. Now check it against its schema.
def issue_verifiable_presentation(vp_template: Template, vc_list: list[str], jwk_holder: str, holder_did: str) -> str: def issue_verifiable_presentation(vp_template: Template, vc_list: list[str], jwk_holder: str, holder_did: str) -> str: