Prevent revocable cred def being created without tails server (openwa…

…llet-foundation#2849)

Signed-off-by: jamshale <[email protected]>

aries_cloudagent/anoncreds/issuer.py

@@ -313,6 +313,15 @@ async def create_and_register_credential_definition(
         if not isinstance(max_cred_num, int):
             raise ValueError("max_cred_num must be an integer")
 
+        # Don't allow revocable cred def to be created without tails server base url
+        if (
+            not self.profile.settings.get("tails_server_base_url")
+            and support_revocation
+        ):
+            raise AnonCredsIssuerError(
+                "tails_server_base_url not configured. Can't create revocable credential definition."  # noqa: E501
+            )
+
         anoncreds_registry = self.profile.inject(AnonCredsRegistry)
         schema_result = await anoncreds_registry.get_schema(self.profile, schema_id)
 

aries_cloudagent/anoncreds/routes.py

@@ -338,6 +338,7 @@ class CredDefPostOptionsSchema(OpenAPISchema):
     revocation_registry_size = fields.Int(
         metadata={
             "description": "Maximum number of credential revocations per registry",
+            "example": 1000,
         },
         required=False,
     )

aries_cloudagent/messaging/credential_definitions/routes.py

@@ -214,6 +214,12 @@ async def credential_definitions_send_credential_definition(request: web.BaseReq
     tag = body.get("tag")
     rev_reg_size = body.get("revocation_registry_size")
 
+    # Don't allow revocable cred def to be created without tails server base url
+    if not profile.settings.get("tails_server_base_url") and support_revocation:
+        raise web.HTTPBadRequest(
+            reason="tails_server_base_url not configured. Can't create revocable credential definition."  # noqa: E501
+        )
+
     tag_query = {"schema_id": schema_id}
     async with profile.session() as session:
         storage = session.inject(BaseStorage)