From 3585c5b9d8914ead309fe00e57271e1adbf23b7b Mon Sep 17 00:00:00 2001 From: jamshale <31809382+jamshale@users.noreply.github.com> Date: Fri, 22 Mar 2024 08:57:41 -0700 Subject: [PATCH] Prevent revocable cred def being created without tails server (#2849) Signed-off-by: jamshale --- aries_cloudagent/anoncreds/issuer.py | 9 +++++++++ aries_cloudagent/anoncreds/routes.py | 1 + .../messaging/credential_definitions/routes.py | 6 ++++++ 3 files changed, 16 insertions(+) diff --git a/aries_cloudagent/anoncreds/issuer.py b/aries_cloudagent/anoncreds/issuer.py index 0b6b1e0e42..1840d0de34 100644 --- a/aries_cloudagent/anoncreds/issuer.py +++ b/aries_cloudagent/anoncreds/issuer.py @@ -313,6 +313,15 @@ async def create_and_register_credential_definition( if not isinstance(max_cred_num, int): raise ValueError("max_cred_num must be an integer") + # Don't allow revocable cred def to be created without tails server base url + if ( + not self.profile.settings.get("tails_server_base_url") + and support_revocation + ): + raise AnonCredsIssuerError( + "tails_server_base_url not configured. Can't create revocable credential definition." # noqa: E501 + ) + anoncreds_registry = self.profile.inject(AnonCredsRegistry) schema_result = await anoncreds_registry.get_schema(self.profile, schema_id) diff --git a/aries_cloudagent/anoncreds/routes.py b/aries_cloudagent/anoncreds/routes.py index 062c2026f8..6cc3cec829 100644 --- a/aries_cloudagent/anoncreds/routes.py +++ b/aries_cloudagent/anoncreds/routes.py @@ -338,6 +338,7 @@ class CredDefPostOptionsSchema(OpenAPISchema): revocation_registry_size = fields.Int( metadata={ "description": "Maximum number of credential revocations per registry", + "example": 1000, }, required=False, ) diff --git a/aries_cloudagent/messaging/credential_definitions/routes.py b/aries_cloudagent/messaging/credential_definitions/routes.py index 31a07b9ae1..b2fcf0b3d4 100644 --- a/aries_cloudagent/messaging/credential_definitions/routes.py +++ b/aries_cloudagent/messaging/credential_definitions/routes.py @@ -214,6 +214,12 @@ async def credential_definitions_send_credential_definition(request: web.BaseReq tag = body.get("tag") rev_reg_size = body.get("revocation_registry_size") + # Don't allow revocable cred def to be created without tails server base url + if not profile.settings.get("tails_server_base_url") and support_revocation: + raise web.HTTPBadRequest( + reason="tails_server_base_url not configured. Can't create revocable credential definition." # noqa: E501 + ) + tag_query = {"schema_id": schema_id} async with profile.session() as session: storage = session.inject(BaseStorage)