Prevent revocable cred def being created without tails server

Signed-off-by: jamshale <[email protected]>
jamshale · Mar 21, 2024 · 74a6827 · 74a6827
1 parent 9059e87
commit 74a6827
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 1 deletion.
diff --git a/aries_cloudagent/anoncreds/issuer.py b/aries_cloudagent/anoncreds/issuer.py
@@ -312,6 +312,15 @@ async def create_and_register_credential_definition(
         if not isinstance(max_cred_num, int):
             raise ValueError("max_cred_num must be an integer")
 
+        # Don't allow revocable cred def to be created without tails server base url
+        if (
+            not self.profile.settings.get("tails_server_base_url")
+            and support_revocation
+        ):
+            raise AnonCredsIssuerError(
+                "tails_server_base_url not configured. Can't create revocable credential definition."  # noqa: E501
+            )
+
         anoncreds_registry = self.profile.inject(AnonCredsRegistry)
         schema_result = await anoncreds_registry.get_schema(self.profile, schema_id)
 

diff --git a/aries_cloudagent/anoncreds/routes.py b/aries_cloudagent/anoncreds/routes.py
@@ -322,6 +322,7 @@ class CredDefPostOptionsSchema(OpenAPISchema):
     revocation_registry_size = fields.Int(
         metadata={
             "description": "Maximum number of credential revocations per registry",
+            "example": 1000,
         },
         required=False,
     )

diff --git a/aries_cloudagent/messaging/credential_definitions/routes.py b/aries_cloudagent/messaging/credential_definitions/routes.py
@@ -14,7 +14,6 @@
     request_schema,
     response_schema,
 )
-
 from marshmallow import fields
 
 from ...admin.request_context import AdminRequestContext
@@ -211,6 +210,12 @@ async def credential_definitions_send_credential_definition(request: web.BaseReq
     tag = body.get("tag")
     rev_reg_size = body.get("revocation_registry_size")
 
+    # Don't allow revocable cred def to be created without tails server base url
+    if not profile.settings.get("tails_server_base_url") and support_revocation:
+        raise web.HTTPBadRequest(
+            reason="tails_server_base_url not configured. Can't create revocable credential definition."  # noqa: E501
+        )
+
     tag_query = {"schema_id": schema_id}
     async with profile.session() as session:
         storage = session.inject(BaseStorage)