From 45ebc1500c405807f1a852c731cde7ed83f70700 Mon Sep 17 00:00:00 2001
From: Georgi Michev <georgi.michev@vereign.com>
Date: Tue, 11 Apr 2023 12:58:58 +0300
Subject: [PATCH] Add tests for VP proofs
The tests should catch an error if any of the VC in the VP has been tampered.
---
.../resources/REST/json/Presentation.json | 299 ++++++++++++++++++
.../Signer_PresentationWithProof_schema.json | 270 ++++++++++++++++
.../signer/v1/presentation/proof/POST.feature | 24 +-
3 files changed, 588 insertions(+), 5 deletions(-)
create mode 100644 src/main/resources/REST/schemas/Signer_PresentationWithProof_schema.json
diff --git a/src/main/resources/REST/json/Presentation.json b/src/main/resources/REST/json/Presentation.json
index e98f5312..45970050 100644
--- a/src/main/resources/REST/json/Presentation.json
+++ b/src/main/resources/REST/json/Presentation.json
@@ -79,6 +79,80 @@
}]
}
},
+ "for_proof_with_proofs": {
+ "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "key": "key1",
+ "namespace": "transit",
+ "presentation": {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1"
+ ],
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "type": [
+ "VerifiablePresentation"
+ ],
+ "verifiableCredential": [
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "allow": true,
+ "array": {
+ "txt1": "1",
+ "txt2": "2"
+ },
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "num": 123
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:13:03.38201499Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEUCIFEQ_8NbyAyZGsq9wou6lBF9qBz8001ViR48Igtwsa6VAiEApUcE9AVMT-n18JQ4xBsHcFgmdzOX9PIXgqSmpdC98b8",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ },
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "age_over": 18,
+ "allow": true,
+ "citizenship": "France",
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation"
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:16:51.645723638Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEQCIGxdwsdZ9DGRfUQS1S61baeEIlr6IVehGiaX1oIfFldKAiBUGJEA0ArOR7tVd6MIY4hTJLs4VEnWzJExIvNnt_0qPg",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ }
+ ]
+ }
+ },
"for_proof_without_ID": {
"issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
"key": "key1",
@@ -687,5 +761,230 @@
}
]
}
+ },
+ "credential_tampered_verification_method":
+ {
+ "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "key": "key1",
+ "namespace": "transit",
+ "presentation": {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1"
+ ],
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "type": [
+ "VerifiablePresentation"
+ ],
+ "verifiableCredential": [
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "allow": true,
+ "array": {
+ "txt1": "1",
+ "txt2": "2"
+ },
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "num": 123
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:13:03.38201499Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEUCIFEQ_8NbyAyZGsq9wou6lBF9qBz8001ViR48Igtwsa6VAiEApUcE9AVMT-n18JQ4xBsHcFgmdzOX9PIXgqSmpdC98b8",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ },
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "age_over": 18,
+ "allow": true,
+ "citizenship": "France",
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation"
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:16:51.645723638Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEQCIGxdwsdZ9DGRfUQS1S61baeEIlr6IVehGiaX1oIfFldKAiBUGJEA0ArOR7tVd6MIY4hTJLs4VEnWzJExIvNnt_0qPg",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ }
+ ]
+ }
+ },
+ "credential_tampered_created":
+ {
+ "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "key": "key1",
+ "namespace": "transit",
+ "presentation": {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1"
+ ],
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "type": [
+ "VerifiablePresentation"
+ ],
+ "verifiableCredential": [
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "allow": true,
+ "array": {
+ "txt1": "1",
+ "txt2": "2"
+ },
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "num": 123
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2022-04-11T08:13:03.38201499Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEUCIFEQ_8NbyAyZGsq9wou6lBF9qBz8001ViR48Igtwsa6VAiEApUcE9AVMT-n18JQ4xBsHcFgmdzOX9PIXgqSmpdC98b8",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ },
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "age_over": 18,
+ "allow": true,
+ "citizenship": "France",
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation"
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:16:51.645723638Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEQCIGxdwsdZ9DGRfUQS1S61baeEIlr6IVehGiaX1oIfFldKAiBUGJEA0ArOR7tVd6MIY4hTJLs4VEnWzJExIvNnt_0qPg",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ }
+ ]
+ }
+ },
+ "credential_tampered_credentialSubject":
+ {
+ "issuer": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "key": "key1",
+ "namespace": "transit",
+ "presentation": {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://w3id.org/security/suites/jws-2020/v1"
+ ],
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "type": [
+ "VerifiablePresentation"
+ ],
+ "verifiableCredential": [
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "allow": true,
+ "array": {
+ "txt1": "1",
+ "txt2": "2"
+ },
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "num": 123
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:13:03.38201499Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEUCIFEQ_8NbyAyZGsq9wou6lBF9qBz8001ViR48Igtwsa6VAiEApUcE9AVMT-n18JQ4xBsHcFgmdzOX9PIXgqSmpdC98b8",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ },
+ {
+ "@context": [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://www.w3.org/2018/credentials/examples/v1",
+ "https://www.schema.org"
+ ],
+ "credentialSubject": {
+ "age_over": 48,
+ "allow": true,
+ "citizenship": "France",
+ "id": "did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation"
+ },
+ "id": "http://example.edu/credentials/3732",
+ "issuanceDate": "2010-01-01T00:00:00Z",
+ "issuer": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation",
+ "proof": {
+ "created": "2023-04-11T08:16:51.645723638Z",
+ "jws": "eyJhbGciOiJKc29uV2ViU2lnbmF0dXJlMjAyMCIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..MEQCIGxdwsdZ9DGRfUQS1S61baeEIlr6IVehGiaX1oIfFldKAiBUGJEA0ArOR7tVd6MIY4hTJLs4VEnWzJExIvNnt_0qPg",
+ "proofPurpose": "assertionMethod",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:ssi-dev.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1"
+ },
+ "type": [
+ "VerifiableCredential",
+ "UniversityDegreeCredential"
+ ]
+ }
+ ]
}
+ }
}
\ No newline at end of file
diff --git a/src/main/resources/REST/schemas/Signer_PresentationWithProof_schema.json b/src/main/resources/REST/schemas/Signer_PresentationWithProof_schema.json
new file mode 100644
index 00000000..907cde73
--- /dev/null
+++ b/src/main/resources/REST/schemas/Signer_PresentationWithProof_schema.json
@@ -0,0 +1,270 @@
+{
+ "$schema": "http://json-schema.org/draft-04/schema#",
+ "type": "object",
+ "properties": {
+ "@context": {
+ "type": "array",
+ "items": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ },
+ "id": {
+ "type": "string"
+ },
+ "proof": {
+ "type": "object",
+ "properties": {
+ "created": {
+ "type": "string"
+ },
+ "jws": {
+ "type": "string"
+ },
+ "proofPurpose": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ },
+ "verificationMethod": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "created",
+ "jws",
+ "proofPurpose",
+ "type",
+ "verificationMethod"
+ ]
+ },
+ "type": {
+ "type": "string"
+ },
+ "verifiableCredential": {
+ "type": "array",
+ "items": [
+ {
+ "type": "object",
+ "properties": {
+ "@context": {
+ "type": "array",
+ "items": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ },
+ "credentialSubject": {
+ "type": "object",
+ "properties": {
+ "allow": {
+ "type": "boolean"
+ },
+ "array": {
+ "type": "object",
+ "properties": {
+ "txt1": {
+ "type": "string"
+ },
+ "txt2": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "txt1",
+ "txt2"
+ ]
+ },
+ "id": {
+ "type": "string"
+ },
+ "num": {
+ "type": "integer"
+ }
+ },
+ "required": [
+ "allow",
+ "array",
+ "id",
+ "num"
+ ]
+ },
+ "id": {
+ "type": "string"
+ },
+ "issuanceDate": {
+ "type": "string"
+ },
+ "issuer": {
+ "type": "string"
+ },
+ "proof": {
+ "type": "object",
+ "properties": {
+ "created": {
+ "type": "string"
+ },
+ "jws": {
+ "type": "string"
+ },
+ "proofPurpose": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ },
+ "verificationMethod": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "created",
+ "jws",
+ "proofPurpose",
+ "type",
+ "verificationMethod"
+ ]
+ },
+ "type": {
+ "type": "array",
+ "items": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ }
+ },
+ "required": [
+ "@context",
+ "credentialSubject",
+ "id",
+ "issuanceDate",
+ "issuer",
+ "proof",
+ "type"
+ ]
+ },
+ {
+ "type": "object",
+ "properties": {
+ "@context": {
+ "type": "array",
+ "items": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ },
+ "credentialSubject": {
+ "type": "object",
+ "properties": {
+ "age_over": {
+ "type": "integer"
+ },
+ "allow": {
+ "type": "boolean"
+ },
+ "citizenship": {
+ "type": "string"
+ },
+ "id": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "age_over",
+ "allow",
+ "citizenship",
+ "id"
+ ]
+ },
+ "id": {
+ "type": "string"
+ },
+ "issuanceDate": {
+ "type": "string"
+ },
+ "issuer": {
+ "type": "string"
+ },
+ "proof": {
+ "type": "object",
+ "properties": {
+ "created": {
+ "type": "string"
+ },
+ "jws": {
+ "type": "string"
+ },
+ "proofPurpose": {
+ "type": "string"
+ },
+ "type": {
+ "type": "string"
+ },
+ "verificationMethod": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "created",
+ "jws",
+ "proofPurpose",
+ "type",
+ "verificationMethod"
+ ]
+ },
+ "type": {
+ "type": "array",
+ "items": [
+ {
+ "type": "string"
+ },
+ {
+ "type": "string"
+ }
+ ]
+ }
+ },
+ "required": [
+ "@context",
+ "credentialSubject",
+ "id",
+ "issuanceDate",
+ "issuer",
+ "proof",
+ "type"
+ ]
+ }
+ ]
+ }
+ },
+ "required": [
+ "@context",
+ "id",
+ "proof",
+ "type",
+ "verifiableCredential"
+ ]
+}
\ No newline at end of file
diff --git a/src/test/resources/features/tsa/signer/v1/presentation/proof/POST.feature b/src/test/resources/features/tsa/signer/v1/presentation/proof/POST.feature
index bbaeb5cc..1d9acebf 100644
--- a/src/test/resources/features/tsa/signer/v1/presentation/proof/POST.feature
+++ b/src/test/resources/features/tsa/signer/v1/presentation/proof/POST.feature
@@ -33,10 +33,11 @@ Feature: API - TSA - Signer presentation proof - v1/presentation/proof POST
And the field {proof.verificationMethod} has the value {<verificationMethod>}
Examples:
- | labelSuffix | profileOption | schema | verificationMethod |
- | | for_proof | Signer_PresentationProof_schema.json | did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1 |
- | alumni of | for_proof_alumni | Signer_PresentationProof_schema_alumni.json | https://example.edu/issuers/565049#key1 |
- | without ID | for_proof_without_ID | Signer_PresentationProof_schema.json | did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1 |
+ | labelSuffix | profileOption | schema | verificationMethod |
+ | | for_proof | Signer_PresentationProof_schema.json | did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1 |
+ | alumni of | for_proof_alumni | Signer_PresentationProof_schema_alumni.json | https://example.edu/issuers/565049#key1 |
+ | without ID | for_proof_without_ID | Signer_PresentationProof_schema.json | did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1 |
+ | with proofs | for_proof_with_proofs | Signer_PresentationWithProof_schema.json | did:web:gaiax.vereign.com:tsa:policy:policy:example:returnDID:1.0:evaluation#key1 |
@negative
Scenario: TSA - validate presentation proof with empty body - Negative
@@ -58,4 +59,17 @@ Feature: API - TSA - Signer presentation proof - v1/presentation/proof POST
Examples:
| labelSuffix | profileOption |
| space | for_proof_incorrect_ID_space |
- | symbols | for_proof_incorrect_ID_symbols |
\ No newline at end of file
+ | symbols | for_proof_incorrect_ID_symbols |
+
+ @negative
+ Scenario Outline: TSA - create presentation proof with tampered credential - Negative
+ When I load the REST request {Presentation.json} with profile {<profileOption>}
+ And I create presentation proof via TSA Signer API
+ Then the status code should be {400}
+ And the field {message} contains the value {error validating credential}
+
+ Examples:
+ | labelSuffix | profileOption |
+ | space | credential_tampered_verification_method |
+ | space | credential_tampered_created |
+ | space | credential_tampered_credentialSubject |
--
GitLab