Merge branch 'main' into fix/askar-anoncreds-multi-ledger

jamshale · web-flow · commit 7097f15ef674 · 2025-03-19T11:19:04.000-07:00
diff --git a/acapy_agent/anoncreds/events.py b/acapy_agent/anoncreds/events.py
@@ -53,7 +53,12 @@ def with_payload(
     ):
         """With payload."""
         payload = CredDefFinishedPayload(
-            schema_id, cred_def_id, issuer_id, support_revocation, max_cred_num, options
+            schema_id=schema_id,
+            cred_def_id=cred_def_id,
+            issuer_id=issuer_id,
+            support_revocation=support_revocation,
+            max_cred_num=max_cred_num,
+            options=options,
         )
         return cls(payload)
 
diff --git a/acapy_agent/anoncreds/issuer.py b/acapy_agent/anoncreds/issuer.py
@@ -21,6 +21,7 @@
 from ..core.error import BaseError
 from ..core.event_bus import Event, EventBus
 from ..core.profile import Profile
+from ..protocols.endorse_transaction.v1_0.util import is_author_role
 from .base import AnonCredsSchemaAlreadyExists, BaseAnonCredsError
 from .error_messages import ANONCREDS_PROFILE_REQUIRED_MSG
 from .events import CredDefFinishedEvent
@@ -306,9 +307,22 @@ async def create_and_register_credential_definition(
 
         """
         options = options or {}
-        support_revocation = options.get("support_revocation", False)
-        if not isinstance(support_revocation, bool):
-            raise ValueError("support_revocation must be a boolean")
+        support_revocation_option = options.get("support_revocation")
+
+        if support_revocation_option is None:
+            # Support revocation not set - Default to auto-create rev reg if author role
+            is_author = is_author_role(self.profile)
+            auto_create_rev_reg = self.profile.settings.get(
+                "endorser.auto_create_rev_reg", False
+            )
+
+            support_revocation = bool(is_author and auto_create_rev_reg)
+        else:
+            # If support_revocation is explicitly set, use that value
+            if not isinstance(support_revocation_option, bool):
+                raise ValueError("support_revocation must be a boolean")
+
+            support_revocation = support_revocation_option
 
         max_cred_num = options.get("revocation_registry_size", DEFAULT_MAX_CRED_NUM)
         if not isinstance(max_cred_num, int):
@@ -317,7 +331,8 @@ async def create_and_register_credential_definition(
         # Don't allow revocable cred def to be created without tails server base url
         if not self.profile.settings.get("tails_server_base_url") and support_revocation:
             raise AnonCredsIssuerError(
-                "tails_server_base_url not configured. Can't create revocable credential definition."  # noqa: E501
+                "tails_server_base_url not configured. "
+                "Can't create revocable credential definition."
             )
 
         anoncreds_registry = self.profile.inject(AnonCredsRegistry)
@@ -331,31 +346,31 @@ async def create_and_register_credential_definition(
         ) = await asyncio.get_event_loop().run_in_executor(
             None,
             lambda: CredentialDefinition.create(
-                schema_id,
-                schema_result.schema.serialize(),
-                issuer_id,
-                tag or DEFAULT_CRED_DEF_TAG,
-                signature_type or DEFAULT_SIGNATURE_TYPE,
+                schema_id=schema_id,
+                schema=schema_result.schema.serialize(),
+                issuer_id=issuer_id,
+                tag=tag or DEFAULT_CRED_DEF_TAG,
+                signature_type=signature_type or DEFAULT_SIGNATURE_TYPE,
                 support_revocation=support_revocation,
             ),
         )
 
         try:
             cred_def_result = await anoncreds_registry.register_credential_definition(
-                self.profile,
-                schema_result,
-                CredDef.from_native(cred_def),
-                options,
+                profile=self.profile,
+                schema=schema_result,
+                credential_definition=CredDef.from_native(cred_def),
+                options=options,
             )
 
             await self.store_credential_definition(
-                schema_result,
-                cred_def_result,
-                cred_def_private,
-                key_proof,
-                support_revocation,
-                max_cred_num,
-                options,
+                schema_result=schema_result,
+                cred_def_result=cred_def_result,
+                cred_def_private=cred_def_private,
+                key_proof=key_proof,
+                support_revocation=support_revocation,
+                max_cred_num=max_cred_num,
+                options=options,
             )
 
             return cred_def_result
@@ -415,12 +430,12 @@ async def store_credential_definition(
             if cred_def_result.credential_definition_state.state == STATE_FINISHED:
                 await self.notify(
                     CredDefFinishedEvent.with_payload(
-                        schema_result.schema_id,
-                        identifier,
-                        cred_def_result.credential_definition_state.credential_definition.issuer_id,
-                        support_revocation,
-                        max_cred_num,
-                        options,
+                        schema_id=schema_result.schema_id,
+                        cred_def_id=identifier,
+                        issuer_id=cred_def_result.credential_definition_state.credential_definition.issuer_id,
+                        support_revocation=support_revocation,
+                        max_cred_num=max_cred_num,
+                        options=options,
                     )
                 )
         except AskarError as err:
diff --git a/acapy_agent/anoncreds/revocation_setup.py b/acapy_agent/anoncreds/revocation_setup.py
@@ -67,11 +67,8 @@ def register_events(self, event_bus: EventBus):
     async def on_cred_def(self, profile: Profile, event: CredDefFinishedEvent):
         """Handle cred def finished."""
         payload = event.payload
-        auto_create_revocation = is_author_role(profile) and profile.settings.get(
-            "endorser.auto_create_rev_reg", False
-        )
 
-        if payload.support_revocation or auto_create_revocation:
+        if payload.support_revocation:
             revoc = AnonCredsRevocation(profile)
             for registry_count in range(self.INITIAL_REGISTRY_COUNT):
                 await revoc.create_and_register_revocation_registry_definition(
diff --git a/acapy_agent/anoncreds/routes.py b/acapy_agent/anoncreds/routes.py
@@ -187,7 +187,7 @@ async def schemas_post(request: web.BaseRequest):
                 a null value.
                 schema : The schema. If the value of the schema_state.state response field
                 is finished, this field MUST be present and MUST NOT have a null value.
-            registration_metadata : This field contains metadata about hte registration
+            registration_metadata : This field contains metadata about the registration
             process
             schema_metadata : This fields contains metadata about the schema.
 
diff --git a/acapy_agent/anoncreds/tests/test_issuer.py b/acapy_agent/anoncreds/tests/test_issuer.py
@@ -462,9 +462,167 @@ async def test_create_and_register_credential_definition_invalid_options_raises_
                 issuer_id="issuer-id",
                 schema_id="schema-id",
                 signature_type="CL",
-                options={"support_revocation": "100"},  # requires integer
+                options={"revocation_registry_size": "100"},  # requires integer
             )
 
+    @mock.patch.object(CredDef, "from_native", return_value=MockCredDefEntry())
+    @mock.patch(
+        "anoncreds.CredentialDefinition.create",
+        return_value=(mock.MagicMock(), mock.MagicMock(), mock.MagicMock()),
+    )
+    async def test_create_and_register_credential_definition_support_revocation_conditions(
+        self, mock_cred_def_create, _
+    ):
+        schema_result = GetSchemaResult(
+            schema_id="schema-id",
+            schema=AnonCredsSchema(
+                issuer_id="issuer-id",
+                name="schema-name",
+                version="1.0",
+                attr_names=["attr1", "attr2"],
+            ),
+            schema_metadata={},
+            resolution_metadata={},
+        )
+
+        cred_def_result = CredDefResult(
+            job_id="job-id",
+            credential_definition_state=CredDefState(
+                state="finished",
+                credential_definition=CredDef(
+                    issuer_id="did:sov:3avoBCqDMFHFaKUHug9s8W",
+                    schema_id="schema-id",
+                    tag="tag",
+                    type="CL",
+                    value=CredDefValue(
+                        primary=CredDefValuePrimary("n", "s", {}, "rctxt", "z")
+                    ),
+                ),
+                credential_definition_id="cred-def-id",
+            ),
+            credential_definition_metadata={},
+            registration_metadata={},
+        )
+
+        self.profile.inject = mock.Mock(
+            return_value=mock.MagicMock(
+                get_schema=mock.CoroutineMock(return_value=schema_result),
+                register_credential_definition=mock.CoroutineMock(
+                    return_value=cred_def_result
+                ),
+            )
+        )
+
+        # Configure author role and auto create rev reg -- expectation: support revocation is True when not specified
+        self.profile.settings.set_value("endorser.author", True)
+        self.profile.settings.set_value("endorser.auto_create_rev_reg", True)
+
+        # First assert AnonCredsIssuerError if tails_server_base_url is not set
+        with self.assertRaises(test_module.AnonCredsIssuerError) as exc:
+            await self.issuer.create_and_register_credential_definition(
+                issuer_id="issuer-id",
+                schema_id="schema-id",
+                signature_type="CL",
+                tag="tag",
+            )
+        assert (
+            str(exc.exception.message)
+            == "tails_server_base_url not configured. Can't create revocable credential definition."
+        )
+
+        # Now, set the tails_server_base_url
+        self.profile.settings.set_value("tails_server_base_url", "https://example.com")
+
+        for support_revocation in [True, False, None]:
+            # Mock the store_credential_definition method
+            with mock.patch.object(
+                self.issuer, "store_credential_definition"
+            ) as mock_store_cred_def:
+                # Reset the mocks for each iteration
+                mock_cred_def_create.reset_mock()
+                mock_store_cred_def.reset_mock()
+
+                await self.issuer.create_and_register_credential_definition(
+                    issuer_id="issuer-id",
+                    schema_id="schema-id",
+                    signature_type="CL",
+                    tag="tag",
+                    options={"support_revocation": support_revocation},
+                )
+
+                # Check if support_revocation is True when None or True was passed
+                expected_support_revocation = (
+                    support_revocation if support_revocation is not None else True
+                )
+
+                # Assert CredentialDefinition.create call was made with correct support_revocation value
+                mock_cred_def_create.assert_called_once_with(
+                    schema_id="schema-id",
+                    schema=schema_result.schema.serialize(),
+                    issuer_id="issuer-id",
+                    tag="tag",
+                    signature_type="CL",
+                    support_revocation=expected_support_revocation,
+                )
+
+                # Assert store_credential_definition call args
+                mock_store_cred_def.assert_called_once_with(
+                    schema_result=schema_result,
+                    cred_def_result=mock.ANY,
+                    cred_def_private=mock.ANY,
+                    key_proof=mock.ANY,
+                    support_revocation=expected_support_revocation,
+                    max_cred_num=mock.ANY,
+                    options=mock.ANY,
+                )
+
+        # Now, disable author role and auto create rev reg -- expectation: support revocation is False when not specified
+        self.profile.settings.set_value("endorser.author", False)
+        self.profile.settings.set_value("endorser.auto_create_rev_reg", False)
+
+        for support_revocation in [True, False, None]:
+            # Mock the CredentialDefinition.create call, and the store_credential_definition method
+            with mock.patch.object(
+                self.issuer, "store_credential_definition"
+            ) as mock_store_cred_def:
+                # Reset the mock for each iteration
+                mock_cred_def_create.reset_mock()
+                mock_store_cred_def.reset_mock()
+
+                await self.issuer.create_and_register_credential_definition(
+                    issuer_id="issuer-id",
+                    schema_id="schema-id",
+                    signature_type="CL",
+                    tag="tag",
+                    options={"support_revocation": support_revocation},
+                )
+
+                # Check if support_revocation is False when set to None
+                expected_support_revocation = (
+                    support_revocation if support_revocation is not None else False
+                )
+
+                # Assert CredentialDefinition.create call was made with correct support_revocation value
+                mock_cred_def_create.assert_called_once_with(
+                    schema_id="schema-id",
+                    schema=schema_result.schema.serialize(),
+                    issuer_id="issuer-id",
+                    tag="tag",
+                    signature_type="CL",
+                    support_revocation=expected_support_revocation,
+                )
+
+                # Assert store_credential_definition call args
+                mock_store_cred_def.assert_called_once_with(
+                    schema_result=schema_result,
+                    cred_def_result=mock.ANY,
+                    cred_def_private=mock.ANY,
+                    key_proof=mock.ANY,
+                    support_revocation=expected_support_revocation,
+                    max_cred_num=mock.ANY,
+                    options=mock.ANY,
+                )
+
     @mock.patch.object(test_module.AnonCredsIssuer, "notify")
     async def test_create_and_register_credential_definition_finishes(self, mock_notify):
         self.profile.inject = mock.Mock(
diff --git a/acapy_agent/anoncreds/tests/test_revocation_setup.py b/acapy_agent/anoncreds/tests/test_revocation_setup.py
@@ -53,55 +53,7 @@ async def test_on_cred_def_support_revocation_registers_revocation_def(
         "create_and_register_revocation_registry_definition",
         return_value=None,
     )
-    async def test_on_cred_def_author_with_auto_create_rev_reg_config_registers_reg_def(
-        self, mock_register_revocation_registry_definition
-    ):
-        self.profile.settings["endorser.author"] = True
-        self.profile.settings["endorser.auto_create_rev_reg"] = True
-        event = CredDefFinishedEvent(
-            CredDefFinishedPayload(
-                schema_id="schema_id",
-                cred_def_id="cred_def_id",
-                issuer_id="issuer_id",
-                support_revocation=False,
-                max_cred_num=100,
-                options={},
-            )
-        )
-        await self.revocation_setup.on_cred_def(self.profile, event)
-
-        assert mock_register_revocation_registry_definition.called
-
-    @mock.patch.object(
-        AnonCredsRevocation,
-        "create_and_register_revocation_registry_definition",
-        return_value=None,
-    )
-    async def test_on_cred_def_author_with_auto_create_rev_reg_config_and_support_revoc_option_registers_reg_def(
-        self, mock_register_revocation_registry_definition
-    ):
-        self.profile.settings["endorser.author"] = True
-        self.profile.settings["endorser.auto_create_rev_reg"] = True
-        event = CredDefFinishedEvent(
-            CredDefFinishedPayload(
-                schema_id="schema_id",
-                cred_def_id="cred_def_id",
-                issuer_id="issuer_id",
-                support_revocation=True,
-                max_cred_num=100,
-                options={},
-            )
-        )
-        await self.revocation_setup.on_cred_def(self.profile, event)
-
-        assert mock_register_revocation_registry_definition.called
-
-    @mock.patch.object(
-        AnonCredsRevocation,
-        "create_and_register_revocation_registry_definition",
-        return_value=None,
-    )
-    async def test_on_cred_def_not_author_or_support_rev_option(
+    async def test_on_cred_def_not_support_rev_option(
         self, mock_register_revocation_registry_definition
     ):
         event = CredDefFinishedEvent(
