From 0b549264f27a70000bad96c87a22bd471289b4d9 Mon Sep 17 00:00:00 2001 From: mishasizov-SK <109598497+mishasizov-SK@users.noreply.github.com> Date: Fri, 23 Aug 2024 17:55:58 +0300 Subject: [PATCH] feat: bdd test - verify vc without status list (#1750) Signed-off-by: Misha Sizov --- test/bdd/features/oidc4vc_api.feature | 14 +- .../vc_v1_issue_verify_revoke_api.feature | 2 +- test/bdd/fixtures/profile/profiles.json | 144 ++++++++++++++++++ test/bdd/pkg/v1/oidc4vc/oidc4vci.go | 12 +- test/bdd/pkg/v1/vc/credential.go | 26 ++-- test/bdd/pkg/v1/vc/vc_steps.go | 4 +- 6 files changed, 179 insertions(+), 23 deletions(-) diff --git a/test/bdd/features/oidc4vc_api.feature b/test/bdd/features/oidc4vc_api.feature index 44cf9ccca..b6dd94338 100644 --- a/test/bdd/features/oidc4vc_api.feature +++ b/test/bdd/features/oidc4vc_api.feature @@ -22,17 +22,19 @@ Feature: OIDC4VC REST API And Verifier with profile "" requests deleted interactions claims Examples: - | issuerProfile | credentialType | clientRegistrationMethod | credentialTemplate | verifierProfile | presentationDefinitionID | fields | + | issuerProfile | credentialType | clientRegistrationMethod | credentialTemplate | verifierProfile | presentationDefinitionID | fields | # SDJWT issuer, JWT verifier, no limit disclosure in PD query. - | bank_issuer/v1.0 | UniversityDegreeCredential | dynamic | universityDegreeTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-single-field | degree_type_id | + | bank_issuer/v1.0 | UniversityDegreeCredential | dynamic | universityDegreeTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-single-field | degree_type_id | # SDJWT issuer, JWT verifier, limit disclosure and optional fields in PD query. - | bank_issuer/v1.0 | CrudeProductCredential | discoverable | crudeProductCredentialTemplateID | v_myprofile_jwt/v1.0 | 3c8b1d9a-limit-disclosure-optional-fields | unit_of_measure_barrel,api_gravity,category,supplier_address | + | bank_issuer/v1.0 | CrudeProductCredential | discoverable | crudeProductCredentialTemplateID | v_myprofile_jwt/v1.0 | 3c8b1d9a-limit-disclosure-optional-fields | unit_of_measure_barrel,api_gravity,category,supplier_address | # JWT issuer, JWT verifier, no limit disclosure and optional fields in PD query. - | i_myprofile_ud_es256k_jwt/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification | + | i_myprofile_ud_es256k_jwt/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification | +# JWT issuer with status list feature disabled, JWT verifier, no limit disclosure and optional fields in PD query. + | i_myprofile_ud_es256k_jwt_no_csl/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification | # LDP Data Integrity issuer, LDP verifier, no limit disclosure and schema match in PD query. - | i_myprofile_ud_di_ecdsa-2019/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_ldp/v1.0 | 062759b1-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification | + | i_myprofile_ud_di_ecdsa-2019/v1.0 | PermanentResidentCard | pre-registered | permanentResidentCardTemplateID | v_myprofile_ldp/v1.0 | 062759b1-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification | # LDP issuer, LDP verifier, no limit disclosure and schema match in PD query. - | i_myprofile_cmtr_p256_ldp/v1.0 | CrudeProductCredential | pre-registered | crudeProductCredentialTemplateID | v_myprofile_ldp/v1.0 | lp403pb9-schema-match | schema_id | + | i_myprofile_cmtr_p256_ldp/v1.0 | CrudeProductCredential | pre-registered | crudeProductCredentialTemplateID | v_myprofile_ldp/v1.0 | lp403pb9-schema-match | schema_id | @oidc4vc_rest_auth_flow_batch_credential_configuration_id Scenario Outline: OIDC Batch credential issuance and verification Auth flow (request all credentials by credentialConfigurationID) diff --git a/test/bdd/features/vc_v1_issue_verify_revoke_api.feature b/test/bdd/features/vc_v1_issue_verify_revoke_api.feature index 2a29788df..682a9b2a9 100644 --- a/test/bdd/features/vc_v1_issue_verify_revoke_api.feature +++ b/test/bdd/features/vc_v1_issue_verify_revoke_api.feature @@ -51,7 +51,7 @@ Feature: Using VC REST API And V1 New verifiable credential is issued from "" under "" profile And issued credential history is updated And Profile "" verifier has been authorized with username "profile-user-verifier-1" and password "profile-user-verifier-1-pwd" - And V1 verifiable credential with wrong format is unable to be verified under "" profile + And V1 verifiable credential is unable to be verified under "" profile error: "invalid format" Examples: | issuerProfile | wrongVerifierProfile | credential | diff --git a/test/bdd/fixtures/profile/profiles.json b/test/bdd/fixtures/profile/profiles.json index 74dec7fa8..28043fe2f 100644 --- a/test/bdd/fixtures/profile/profiles.json +++ b/test/bdd/fixtures/profile/profiles.json @@ -589,6 +589,150 @@ }, "createDID": true }, + { + "issuer": { + "id": "i_myprofile_ud_es256k_jwt_no_csl", + "version": "v1.0", + "groupID": "group_i_myprofile_ud_es256k_jwt_no_csl", + "name": "i_myprofile_ud_es256k_jwt_no_csl", + "organizationID": "00000000-0000-0000-0000-000000000001", + "url": "http://vc-rest-echo.trustbloc.local:8075", + "active": true, + "vcConfig": { + "refreshServiceEnabled": false, + "signingAlgorithm": "ES256K", + "signatureRepresentation": 1, + "keyType": "ECDSASecp256k1DER", + "format": "jwt", + "didMethod": "ion", + "status": { + "disable": true + } + }, + "oidcConfig": { + "client_id": "7d4u50e7w6nfq8tfayhzplgjf", + "client_secret_handle": "282ks4fkuqfosus5k0x30abnv", + "redirect_uri": "https://api-gateway.trustbloc.local:5566/oidc/redirect", + "issuer_well_known": "http://cognito-mock.trustbloc.local:9229/local_5a9GzRvB/.well-known/openid-configuration", + "scopes_supported": [ + "openid", + "profile" + ], + "grant_types_supported": [ + "authorization_code", + "urn:ietf:params:oauth:grant-type:pre-authorized_code" + ], + "response_types_supported": [ + "code" + ], + "token_endpoint_auth_methods_supported": [ + "none" + ], + "enable_dynamic_client_registration": true, + "wallet_initiated_auth_flow_supported": true, + "pre-authorized_grant_anonymous_access_supported": true, + "claims_endpoint": "https://mock-login-consent.example.com:8099/claim-data?credentialType=PermanentResidentCard" + }, + "credentialTemplates": [ + { + "contexts": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/citizenship/v1" + ], + "type": "PermanentResidentCard", + "id": "permanentResidentCardTemplateID", + "issuer": "did:orb:i_myprofile_ud_es256k_jwt", + "checks": { + "strict": false + } + } + ], + "credentialMetadata": { + "display": [], + "credential_configurations_supported": { + "PermanentResidentCardIdentifier": { + "format": "jwt_vc_json", + "display": [ + { + "name": "Permanent Resident Card", + "locale": "en-US", + "logo": { + "uri": "https://example.com/public/logo.png", + "alt_text": "a square logo" + }, + "background_color": "#12107c", + "text_color": "#FFFFFF" + } + ], + "credential_definition": { + "credentialSubject": { + "displayName": { + "display": [ + { + "name": "Employee", + "locale": "en-US" + } + ] + }, + "givenName": { + "display": [ + { + "name": "Given Name", + "locale": "en-US" + } + ] + }, + "jobTitle": { + "display": [ + { + "name": "Job Title", + "locale": "en-US" + } + ] + }, + "surname": { + "display": [ + { + "name": "Surname", + "locale": "en-US" + } + ] + }, + "preferredLanguage": { + "display": [ + { + "name": "Preferred Language", + "locale": "en-US" + } + ] + }, + "mail": { + "display": [ + { + "name": "Mail", + "locale": "en-US" + } + ] + }, + "photo": { + "display": [ + { + "name": "Photo" + } + ] + } + }, + "type": [ + "VerifiableCredential", + "PermanentResidentCard" + ] + } + } + } + } + }, + "createDID": true + }, { "issuer": { "id": "i_myprofile_ud_es256k_jwt", diff --git a/test/bdd/pkg/v1/oidc4vc/oidc4vci.go b/test/bdd/pkg/v1/oidc4vc/oidc4vci.go index d41c273aa..64b4f2b3f 100644 --- a/test/bdd/pkg/v1/oidc4vc/oidc4vci.go +++ b/test/bdd/pkg/v1/oidc4vc/oidc4vci.go @@ -1301,13 +1301,15 @@ func (s *Steps) checkIssuedCredentialHistoryStep() error { } func (s *Steps) checkVC(vc *verifiable.Credential) error { - expectedStatusType := s.issuerProfile.VCConfig.Status.Type - err := checkCredentialStatusType(vc, string(expectedStatusType)) - if err != nil { - return err + vcStatusConfig := s.issuerProfile.VCConfig.Status + if !vcStatusConfig.Disable { + err := checkCredentialStatusType(vc, string(vcStatusConfig.Type)) + if err != nil { + return err + } } - err = checkIssuer(vc, s.issuerProfile.Name) + err := checkIssuer(vc, s.issuerProfile.Name) if err != nil { return err } diff --git a/test/bdd/pkg/v1/vc/credential.go b/test/bdd/pkg/v1/vc/credential.go index e2d54011f..a23d7f1bc 100644 --- a/test/bdd/pkg/v1/vc/credential.go +++ b/test/bdd/pkg/v1/vc/credential.go @@ -194,16 +194,20 @@ func (e *Steps) verifyRevokedVC(profileVersionedID string) error { return nil } -func (e *Steps) verifyVCInvalidFormat(verifierProfileVersionedID string) error { +func (e *Steps) verifyVCWithExpectedError(verifierProfileVersionedID, errorMsg string) error { chunks := strings.Split(verifierProfileVersionedID, "/") profileID, profileVersion := chunks[0], chunks[1] result, err := e.getVerificationResult(credentialServiceURL, profileID, profileVersion) if result != nil { - return fmt.Errorf("verification result is not nil") + return fmt.Errorf("verification result should be nil") } - if err == nil || !strings.Contains(err.Error(), "invalid format, should be") { - return fmt.Errorf("error expectd, but got nil") + if err == nil { + return fmt.Errorf("error expected, but got nil") + } + + if !strings.Contains(err.Error(), errorMsg) { + return fmt.Errorf("unexpected error %s should contain %s", err.Error(), errorMsg) } return nil @@ -281,7 +285,8 @@ func (e *Steps) revokeVC(profileVersionedID string) error { func (e *Steps) getVerificationResult( verifyCredentialURL, profileID, - profileVersion string) (*model.VerifyCredentialResponse, error) { + profileVersion string, +) (*model.VerifyCredentialResponse, error) { loader, err := bddutil.DocumentLoader() if err != nil { return nil, err @@ -340,10 +345,13 @@ func (e *Steps) checkVC(vcBytes []byte, profileVersionedID string, checkProof bo return err } - expectedStatusType := e.bddContext.IssuerProfiles[profileVersionedID].VCConfig.Status.Type - err = checkCredentialStatusType(vcMap, string(expectedStatusType)) - if err != nil { - return err + vcStatusConf := e.bddContext.IssuerProfiles[profileVersionedID].VCConfig.Status + if !vcStatusConf.Disable { + expectedStatusType := vcStatusConf.Type + err = checkCredentialStatusType(vcMap, string(expectedStatusType)) + if err != nil { + return err + } } err = checkIssuer(vcMap, strings.Split(profileVersionedID, "/")[0]) diff --git a/test/bdd/pkg/v1/vc/vc_steps.go b/test/bdd/pkg/v1/vc/vc_steps.go index 8b57a0a5a..39e3ef4b7 100644 --- a/test/bdd/pkg/v1/vc/vc_steps.go +++ b/test/bdd/pkg/v1/vc/vc_steps.go @@ -65,8 +65,8 @@ func (e *Steps) RegisterSteps(s *godog.ScenarioContext) { e.revokeVC) s.Step(`^V1 revoked credential is unable to be verified under "([^"]*)" profile$`, e.verifyRevokedVC) - s.Step(`^V1 verifiable credential with wrong format is unable to be verified under "([^"]*)" profile$`, - e.verifyVCInvalidFormat) + s.Step(`^V1 verifiable credential is unable to be verified under "([^"]*)" profile error: "([^"]*)"$`, + e.verifyVCWithExpectedError) s.Step(`^"([^"]*)" users request to create a vc and verify it "([^"]*)" with profiles issuer "([^"]*)" verify "([^"]*)" using "([^"]*)" concurrent requests$`, e.stressTestForMultipleUsers)