feat: bdd test - verify vc without status list

Signed-off-by: Misha Sizov <[email protected]>
trustbloc · Aug 23, 2024 · c6022a6 · c6022a6
1 parent 57404f6
commit c6022a6
Show file tree

Hide file tree

Showing 6 changed files with 179 additions and 23 deletions.
diff --git a/test/bdd/features/oidc4vc_api.feature b/test/bdd/features/oidc4vc_api.feature
@@ -22,17 +22,19 @@ Feature: OIDC4VC REST API
     And Verifier with profile "<verifierProfile>" requests deleted interactions claims
 
     Examples:
-      | issuerProfile                     | credentialType             | clientRegistrationMethod | credentialTemplate               | verifierProfile      | presentationDefinitionID                     | fields                                                       |
+      | issuerProfile                         | credentialType             | clientRegistrationMethod | credentialTemplate               | verifierProfile      | presentationDefinitionID                     | fields                                                       |
 #      SDJWT issuer, JWT verifier, no limit disclosure in PD query.
-      | bank_issuer/v1.0                  | UniversityDegreeCredential | dynamic                  | universityDegreeTemplateID       | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-single-field    | degree_type_id                                               |
+      | bank_issuer/v1.0                      | UniversityDegreeCredential | dynamic                  | universityDegreeTemplateID       | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-single-field    | degree_type_id                                               |
 #      SDJWT issuer, JWT verifier, limit disclosure and optional fields in PD query.
-      | bank_issuer/v1.0                  | CrudeProductCredential     | discoverable             | crudeProductCredentialTemplateID | v_myprofile_jwt/v1.0 | 3c8b1d9a-limit-disclosure-optional-fields    | unit_of_measure_barrel,api_gravity,category,supplier_address |
+      | bank_issuer/v1.0                      | CrudeProductCredential     | discoverable             | crudeProductCredentialTemplateID | v_myprofile_jwt/v1.0 | 3c8b1d9a-limit-disclosure-optional-fields    | unit_of_measure_barrel,api_gravity,category,supplier_address |
 #     JWT issuer, JWT verifier, no limit disclosure and optional fields in PD query.
-      | i_myprofile_ud_es256k_jwt/v1.0    | PermanentResidentCard      | pre-registered           | permanentResidentCardTemplateID  | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification    |
+      | i_myprofile_ud_es256k_jwt/v1.0        | PermanentResidentCard      | pre-registered           | permanentResidentCardTemplateID  | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification    |
+#     JWT issuer with status list feature disabled, JWT verifier, no limit disclosure and optional fields in PD query.
+      | i_myprofile_ud_es256k_jwt_no_csl/v1.0 | PermanentResidentCard      | pre-registered           | permanentResidentCardTemplateID  | v_myprofile_jwt/v1.0 | 32f54163-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification    |
 #     LDP Data Integrity issuer, LDP verifier, no limit disclosure and schema match in PD query.
-      | i_myprofile_ud_di_ecdsa-2019/v1.0 | PermanentResidentCard      | pre-registered           | permanentResidentCardTemplateID  | v_myprofile_ldp/v1.0 | 062759b1-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification    |
+      | i_myprofile_ud_di_ecdsa-2019/v1.0     | PermanentResidentCard      | pre-registered           | permanentResidentCardTemplateID  | v_myprofile_ldp/v1.0 | 062759b1-no-limit-disclosure-optional-fields | lpr_category_id,registration_city,commuter_classification    |
 #     LDP issuer, LDP verifier, no limit disclosure and schema match in PD query.
-      | i_myprofile_cmtr_p256_ldp/v1.0    | CrudeProductCredential     | pre-registered           | crudeProductCredentialTemplateID | v_myprofile_ldp/v1.0 | lp403pb9-schema-match                        | schema_id                                                    |
+      | i_myprofile_cmtr_p256_ldp/v1.0        | CrudeProductCredential     | pre-registered           | crudeProductCredentialTemplateID | v_myprofile_ldp/v1.0 | lp403pb9-schema-match                        | schema_id                                                    |
 
   @oidc4vc_rest_auth_flow_batch_credential_configuration_id
   Scenario Outline: OIDC Batch credential issuance and verification Auth flow (request all credentials by credentialConfigurationID)

diff --git a/test/bdd/features/vc_v1_issue_verify_revoke_api.feature b/test/bdd/features/vc_v1_issue_verify_revoke_api.feature
@@ -51,7 +51,7 @@ Feature: Using VC REST API
     And V1 New verifiable credential is issued from "<credential>" under "<issuerProfile>" profile
     And issued credential history is updated
     And Profile "<wrongVerifierProfile>" verifier has been authorized with username "profile-user-verifier-1" and password "profile-user-verifier-1-pwd"
-    And   V1 verifiable credential with wrong format is unable to be verified under "<wrongVerifierProfile>" profile
+    And   V1 verifiable credential is unable to be verified under "<wrongVerifierProfile>" profile error: "invalid format"
 
     Examples:
       | issuerProfile                    | wrongVerifierProfile | credential                      |

diff --git a/test/bdd/fixtures/profile/profiles.json b/test/bdd/fixtures/profile/profiles.json
@@ -589,6 +589,150 @@
       },
       "createDID": true
     },
+    {
+      "issuer": {
+        "id": "i_myprofile_ud_es256k_jwt_no_csl",
+        "version": "v1.0",
+        "groupID": "group_i_myprofile_ud_es256k_jwt_no_csl",
+        "name": "i_myprofile_ud_es256k_jwt_no_csl",
+        "organizationID": "00000000-0000-0000-0000-000000000001",
+        "url": "http://vc-rest-echo.trustbloc.local:8075",
+        "active": true,
+        "vcConfig": {
+          "refreshServiceEnabled": false,
+          "signingAlgorithm": "ES256K",
+          "signatureRepresentation": 1,
+          "keyType": "ECDSASecp256k1DER",
+          "format": "jwt",
+          "didMethod": "ion",
+          "status": {
+            "disable": true
+          }
+        },
+        "oidcConfig": {
+          "client_id": "7d4u50e7w6nfq8tfayhzplgjf",
+          "client_secret_handle": "282ks4fkuqfosus5k0x30abnv",
+          "redirect_uri": "https://api-gateway.trustbloc.local:5566/oidc/redirect",
+          "issuer_well_known": "http://cognito-mock.trustbloc.local:9229/local_5a9GzRvB/.well-known/openid-configuration",
+          "scopes_supported": [
+            "openid",
+            "profile"
+          ],
+          "grant_types_supported": [
+            "authorization_code",
+            "urn:ietf:params:oauth:grant-type:pre-authorized_code"
+          ],
+          "response_types_supported": [
+            "code"
+          ],
+          "token_endpoint_auth_methods_supported": [
+            "none"
+          ],
+          "enable_dynamic_client_registration": true,
+          "wallet_initiated_auth_flow_supported": true,
+          "pre-authorized_grant_anonymous_access_supported": true,
+          "claims_endpoint": "https://mock-login-consent.example.com:8099/claim-data?credentialType=PermanentResidentCard"
+        },
+        "credentialTemplates": [
+          {
+            "contexts": [
+              "https://www.w3.org/2018/credentials/v1",
+              "https://w3id.org/citizenship/v1"
+            ],
+            "type": "PermanentResidentCard",
+            "id": "permanentResidentCardTemplateID",
+            "issuer": "did:orb:i_myprofile_ud_es256k_jwt",
+            "checks": {
+              "strict": false
+            }
+          }
+        ],
+        "credentialMetadata": {
+          "display": [],
+          "credential_configurations_supported": {
+            "PermanentResidentCardIdentifier": {
+              "format": "jwt_vc_json",
+              "display": [
+                {
+                  "name": "Permanent Resident Card",
+                  "locale": "en-US",
+                  "logo": {
+                    "uri": "https://example.com/public/logo.png",
+                    "alt_text": "a square logo"
+                  },
+                  "background_color": "#12107c",
+                  "text_color": "#FFFFFF"
+                }
+              ],
+              "credential_definition": {
+                "credentialSubject": {
+                  "displayName": {
+                    "display": [
+                      {
+                        "name": "Employee",
+                        "locale": "en-US"
+                      }
+                    ]
+                  },
+                  "givenName": {
+                    "display": [
+                      {
+                        "name": "Given Name",
+                        "locale": "en-US"
+                      }
+                    ]
+                  },
+                  "jobTitle": {
+                    "display": [
+                      {
+                        "name": "Job Title",
+                        "locale": "en-US"
+                      }
+                    ]
+                  },
+                  "surname": {
+                    "display": [
+                      {
+                        "name": "Surname",
+                        "locale": "en-US"
+                      }
+                    ]
+                  },
+                  "preferredLanguage": {
+                    "display": [
+                      {
+                        "name": "Preferred Language",
+                        "locale": "en-US"
+                      }
+                    ]
+                  },
+                  "mail": {
+                    "display": [
+                      {
+                        "name": "Mail",
+                        "locale": "en-US"
+                      }
+                    ]
+                  },
+                  "photo": {
+                    "display": [
+                      {
+                        "name": "Photo"
+                      }
+                    ]
+                  }
+                },
+                "type": [
+                  "VerifiableCredential",
+                  "PermanentResidentCard"
+                ]
+              }
+            }
+          }
+        }
+      },
+      "createDID": true
+    },
     {
       "issuer": {
         "id": "i_myprofile_ud_es256k_jwt",

diff --git a/test/bdd/pkg/v1/oidc4vc/oidc4vci.go b/test/bdd/pkg/v1/oidc4vc/oidc4vci.go
@@ -1301,13 +1301,15 @@ func (s *Steps) checkIssuedCredentialHistoryStep() error {
 }
 
 func (s *Steps) checkVC(vc *verifiable.Credential) error {
-	expectedStatusType := s.issuerProfile.VCConfig.Status.Type
-	err := checkCredentialStatusType(vc, string(expectedStatusType))
-	if err != nil {
-		return err
+	vcStatusConfig := s.issuerProfile.VCConfig.Status
+	if !vcStatusConfig.Disable {
+		err := checkCredentialStatusType(vc, string(vcStatusConfig.Type))
+		if err != nil {
+			return err
+		}
 	}
 
-	err = checkIssuer(vc, s.issuerProfile.Name)
+	err := checkIssuer(vc, s.issuerProfile.Name)
 	if err != nil {
 		return err
 	}

diff --git a/test/bdd/pkg/v1/vc/credential.go b/test/bdd/pkg/v1/vc/credential.go
@@ -194,16 +194,20 @@ func (e *Steps) verifyRevokedVC(profileVersionedID string) error {
 	return nil
 }
 
-func (e *Steps) verifyVCInvalidFormat(verifierProfileVersionedID string) error {
+func (e *Steps) verifyVCWithExpectedError(verifierProfileVersionedID, errorMsg string) error {
 	chunks := strings.Split(verifierProfileVersionedID, "/")
 	profileID, profileVersion := chunks[0], chunks[1]
 	result, err := e.getVerificationResult(credentialServiceURL, profileID, profileVersion)
 	if result != nil {
-		return fmt.Errorf("verification result is not nil")
+		return fmt.Errorf("verification result should be nil")
 	}
 
-	if err == nil || !strings.Contains(err.Error(), "invalid format, should be") {
-		return fmt.Errorf("error expectd, but got nil")
+	if err == nil {
+		return fmt.Errorf("error expected, but got nil")
+	}
+
+	if !strings.Contains(err.Error(), errorMsg) {
+		return fmt.Errorf("unexpected error %s should contain %s", err.Error(), errorMsg)
 	}
 
 	return nil
@@ -281,7 +285,8 @@ func (e *Steps) revokeVC(profileVersionedID string) error {
 func (e *Steps) getVerificationResult(
 	verifyCredentialURL,
 	profileID,
-	profileVersion string) (*model.VerifyCredentialResponse, error) {
+	profileVersion string,
+) (*model.VerifyCredentialResponse, error) {
 	loader, err := bddutil.DocumentLoader()
 	if err != nil {
 		return nil, err
@@ -340,10 +345,13 @@ func (e *Steps) checkVC(vcBytes []byte, profileVersionedID string, checkProof bo
 		return err
 	}
 
-	expectedStatusType := e.bddContext.IssuerProfiles[profileVersionedID].VCConfig.Status.Type
-	err = checkCredentialStatusType(vcMap, string(expectedStatusType))
-	if err != nil {
-		return err
+	vcStatusConf := e.bddContext.IssuerProfiles[profileVersionedID].VCConfig.Status
+	if !vcStatusConf.Disable {
+		expectedStatusType := vcStatusConf.Type
+		err = checkCredentialStatusType(vcMap, string(expectedStatusType))
+		if err != nil {
+			return err
+		}
 	}
 
 	err = checkIssuer(vcMap, strings.Split(profileVersionedID, "/")[0])

diff --git a/test/bdd/pkg/v1/vc/vc_steps.go b/test/bdd/pkg/v1/vc/vc_steps.go
@@ -65,8 +65,8 @@ func (e *Steps) RegisterSteps(s *godog.ScenarioContext) {
 		e.revokeVC)
 	s.Step(`^V1 revoked credential is unable to be verified under "([^"]*)" profile$`,
 		e.verifyRevokedVC)
-	s.Step(`^V1 verifiable credential with wrong format is unable to be verified under "([^"]*)" profile$`,
-		e.verifyVCInvalidFormat)
+	s.Step(`^V1 verifiable credential is unable to be verified under "([^"]*)" profile error: "([^"]*)"$`,
+		e.verifyVCWithExpectedError)
 	s.Step(`^"([^"]*)" users request to create a vc and verify it "([^"]*)" with profiles issuer "([^"]*)" verify "([^"]*)" using "([^"]*)" concurrent requests$`,
 		e.stressTestForMultipleUsers)