Closed pimotte closed 5 years ago
Test with mocks that made me realize this issue exists.
it("should not be able to verify an attestation, if the original claim is revoked", async() => {
let ssid = {did: 'did:discipl:mock:111'}
let attestorSsid = {did: 'did:discipl:mock:attestor'}
let claimlink = 'link:discipl:mock:claimRef'
let claimrevocationlink = 'link:discipl:mock:claimRevocationRef'
let attestationlink = 'link:discipl:mock:attestationRef'
let attestationrevocationlink = 'link:discipl:mock:attestationRevocationRef'
let verifyStub = sinon.stub()
verifyStub.onCall(0).returns('attestationRef')
verifyStub.onCall(1).returns(null)
verifyStub.onCall(2).returns('claimRevocationRef')
verifyStub.onCall(3).returns(null)
verifyStub.onCall(4).returns(null)
let getSsidOfClaimStub = sinon.stub()
getSsidOfClaimStub.onCall(0).returns({pubkey: '111'})
getSsidOfClaimStub.onCall(1).returns({pubkey: 'attestor'})
let getNameStub = sinon.stub().returns("mock")
let stubConnector = {verify: verifyStub, getName: getNameStub, getSsidOfClaim: getSsidOfClaimStub}
await discipl.registerConnector('mock', stubConnector)
let verifiedAttestor = await discipl.verify('agree', claimlink, [attestorSsid])
expect(verifyStub.callCount).to.equal(5)
expect(verifyStub.args[0]).to.deep.equal([{did: 'did:discipl:mock:attestor', connector: stubConnector, pubkey: 'attestor'}, {agree: claimlink}])
expect(verifyStub.args[1]).to.deep.equal([{did: 'did:discipl:mock:attestor', connector: stubConnector, pubkey: 'attestor'}, {revoke: attestationlink}])
expect(verifyStub.args[2]).to.deep.equal([{did: ssid.did, connector: stubConnector, pubkey: '111'}, {revoke: claimlink}])
expect(verifyStub.args[3]).to.deep.equal([{did: ssid.did, connector: stubConnector, pubkey: '111'}, {revoke: claimrevocationlink}])
expect(verifyStub.args[4]).to.deep.equal([{did: 'did:discipl:mock:attestor', connector: stubConnector, pubkey: 'attestor'}, {revoke: claimlink}])
expect(getSsidOfClaimStub.calledTwice).to.equal(true)
expect(getSsidOfClaimStub.args[0]).to.deep.equal(['claimRef'])
expect(getSsidOfClaimStub.args[1]).to.deep.equal(['claimRevocationRef'])
expect(getNameStub.callCount).to.equal(3)
expect(verifiedAttestor).to.equal(null)
})
Code to reproduce:
Underlying reason is that when the revocation is verified, it checks for revocation of the original claim, rather than a revocation on a revocation.
I'm unsure what the expected behaviour should be.