Initial support for revocation of Verifiable Credentials
This commit is contained in:
parent
01eb3b3468
commit
e7f6153c62
|
@ -440,6 +440,7 @@ class DID(models.Model):
|
||||||
related_name='dids',
|
related_name='dids',
|
||||||
null=True,
|
null=True,
|
||||||
)
|
)
|
||||||
|
# JSON-serialized DID document
|
||||||
didweb_document = models.TextField()
|
didweb_document = models.TextField()
|
||||||
|
|
||||||
def get_key_material(self, password):
|
def get_key_material(self, password):
|
||||||
|
@ -589,6 +590,7 @@ class VerificableCredential(models.Model):
|
||||||
on_delete=models.CASCADE,
|
on_delete=models.CASCADE,
|
||||||
related_name='vcredentials',
|
related_name='vcredentials',
|
||||||
)
|
)
|
||||||
|
revocationBitmapIndex = models.AutoField()
|
||||||
|
|
||||||
def get_data(self, password):
|
def get_data(self, password):
|
||||||
if not self.data:
|
if not self.data:
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
|
import json
|
||||||
import uuid
|
import uuid
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
@ -11,7 +12,7 @@ from django.shortcuts import get_object_or_404, redirect
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.http import HttpResponseRedirect, HttpResponse, Http404
|
from django.http import HttpResponseRedirect, HttpResponse, Http404
|
||||||
|
|
||||||
from idhub.models import DID
|
from idhub.models import DID, VerificableCredential
|
||||||
from idhub.email.views import NotifyActivateUserByEmail
|
from idhub.email.views import NotifyActivateUserByEmail
|
||||||
from trustchain_idhub import settings
|
from trustchain_idhub import settings
|
||||||
|
|
||||||
|
@ -79,7 +80,20 @@ class PasswordResetConfirmView(auth_views.PasswordResetConfirmView):
|
||||||
def serve_did(request, did_id):
|
def serve_did(request, did_id):
|
||||||
id_did = f'did:web:{settings.DOMAIN}:did-registry:{did_id}'
|
id_did = f'did:web:{settings.DOMAIN}:did-registry:{did_id}'
|
||||||
did = get_object_or_404(DID, did=id_did)
|
did = get_object_or_404(DID, did=id_did)
|
||||||
document = did.didweb_document
|
# Deserialize the base DID from JSON storage
|
||||||
|
document = json.loads(did.didweb_document)
|
||||||
|
revoked_credentials = did.verificablecredential_set.filter(status=VerificableCredential.Status.REVOKED)
|
||||||
|
revoked_credential_indexes = []
|
||||||
|
for credential in revoked_credentials:
|
||||||
|
revoked_credential_indexes.append(credential.revocationBitmapIndex)
|
||||||
|
encoded_revocation_bitmap = None # TODO
|
||||||
|
revocation_service = [{
|
||||||
|
"id": f"{id_did}#revocation",
|
||||||
|
"type": "RevocationBitmap2022",
|
||||||
|
"serviceEndpoint": f"data:application/octet-stream;base64,{encoded_revocation_bitmap}"
|
||||||
|
}]
|
||||||
|
# Serialize the DID + Revocation list in preparation for sending
|
||||||
|
document = json.dumps(document)
|
||||||
retval = HttpResponse(document)
|
retval = HttpResponse(document)
|
||||||
retval.headers["Content-Type"] = "application/json"
|
retval.headers["Content-Type"] = "application/json"
|
||||||
return retval
|
return retval
|
||||||
|
|
|
@ -101,7 +101,10 @@ def verify_credential(vc):
|
||||||
async def inner():
|
async def inner():
|
||||||
return await didkit.verify_credential(vc, '{"proofFormat": "ldp"}')
|
return await didkit.verify_credential(vc, '{"proofFormat": "ldp"}')
|
||||||
|
|
||||||
return asyncio.run(inner())
|
valid, reason = asyncio.run(inner())
|
||||||
|
if not valid:
|
||||||
|
return valid, reason
|
||||||
|
# Credential passes basic signature verification. Now check it against its schema.
|
||||||
|
|
||||||
|
|
||||||
def issue_verifiable_presentation(vp_template: Template, vc_list: list[str], jwk_holder: str, holder_did: str) -> str:
|
def issue_verifiable_presentation(vp_template: Template, vc_list: list[str], jwk_holder: str, holder_did: str) -> str:
|
||||||
|
|
Loading…
Reference in New Issue