Initial support for revocation of Verifiable Credentials

2024-01-31 10:54:40 +01:00 · 2024-01-31 10:54:40 +01:00 · e7f6153c62
parent 01eb3b3468
commit e7f6153c62
3 changed files with 22 additions and 3 deletions
--- a/idhub/models.py
+++ b/idhub/models.py
@ -440,6 +440,7 @@ class DID(models.Model):
        related_name='dids',
        null=True,
    )
+    # JSON-serialized DID document
    didweb_document = models.TextField()

    def get_key_material(self, password):
@ -589,6 +590,7 @@ class VerificableCredential(models.Model):
        on_delete=models.CASCADE,
        related_name='vcredentials',
    )
+    revocationBitmapIndex = models.AutoField()

    def get_data(self, password):
        if not self.data:
--- a/idhub/views.py
+++ b/idhub/views.py
@ -1,3 +1,4 @@
+import json
 import uuid

 from django.conf import settings
@ -11,7 +12,7 @@ from django.shortcuts import get_object_or_404, redirect
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import HttpResponseRedirect, HttpResponse, Http404

-from idhub.models import DID
+from idhub.models import DID, VerificableCredential
 from idhub.email.views import NotifyActivateUserByEmail
 from trustchain_idhub import settings

@ -79,7 +80,20 @@ class PasswordResetConfirmView(auth_views.PasswordResetConfirmView):
 def serve_did(request, did_id):
    id_did = f'did:web:{settings.DOMAIN}:did-registry:{did_id}'
    did = get_object_or_404(DID, did=id_did)
-    document = did.didweb_document
+    # Deserialize the base DID from JSON storage
+    document = json.loads(did.didweb_document)
+    revoked_credentials = did.verificablecredential_set.filter(status=VerificableCredential.Status.REVOKED)
+    revoked_credential_indexes = []
+    for credential in revoked_credentials:
+        revoked_credential_indexes.append(credential.revocationBitmapIndex)
+    encoded_revocation_bitmap = None  # TODO
+    revocation_service = [{
+        "id": f"{id_did}#revocation",
+        "type": "RevocationBitmap2022",
+        "serviceEndpoint": f"data:application/octet-stream;base64,{encoded_revocation_bitmap}"
+    }]
+    # Serialize the DID + Revocation list in preparation for sending
+    document = json.dumps(document)
    retval = HttpResponse(document)
    retval.headers["Content-Type"] = "application/json"
    return retval
--- a/utils/idhub_ssikit/init.py
+++ b/utils/idhub_ssikit/init.py
@ -101,7 +101,10 @@ def verify_credential(vc):
    async def inner():
        return await didkit.verify_credential(vc, '{"proofFormat": "ldp"}')

-    return asyncio.run(inner())
+    valid, reason = asyncio.run(inner())
+    if not valid:
+        return valid, reason
+    # Credential passes basic signature verification. Now check it against its schema.


 def issue_verifiable_presentation(vp_template: Template, vc_list: list[str], jwk_holder: str, holder_did: str) -> str: