Merge pull request #41 from gunet/pid-revocation-check

check for revocation status in vid auth component. use family_name to store the vid revocation record in crl
gunet · Sep 10, 2024 · dd8f0fa · dd8f0fa
2 parents 191cff9 + 8685846
commit dd8f0fa
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/...configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts b/...configurations/ehic-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts
@@ -14,6 +14,7 @@ import { openidForPresentationReceivingService, verifierConfigurationService } f
 import { UserAuthenticationMethod } from "../../types/UserAuthenticationMethod.enum";
 import { PresentationDefinitionTypeWithFormat } from "../verifier/VerifierConfigurationService";
 import base64url from "base64url";
+import axios from 'axios';
 
 export class VIDAuthenticationComponent extends AuthenticationComponent {
 
@@ -69,6 +70,21 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 			return { valid: false };
 		}
 
+		try { // check revocation list
+			const credentialStatusIdValue = parsedCredPayload.vc.credentialStatus.id;
+			const [revocationListUrl, id] = credentialStatusIdValue.split('#')
+			const revocationListRes = await axios.get(revocationListUrl);
+			const revocationList = revocationListRes.data.crl;
+			const record = revocationList.filter((record: any) => record.id == id)[0];
+			if (record && record.revocation_date != null) {
+				return { valid: false }
+			}
+		}
+		catch(err) {
+			console.error("Failed to get revocation status for this credential");
+			return { valid: false };
+		}
+
 		return { valid: true };
 	}
 

diff --git a/...configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts b/...configurations/pda1-issuer/src/configuration/authentication/VIDAuthenticationComponent.ts
@@ -14,6 +14,7 @@ import { openidForPresentationReceivingService, verifierConfigurationService } f
 import { UserAuthenticationMethod } from "../../types/UserAuthenticationMethod.enum";
 import { PresentationDefinitionTypeWithFormat } from "../verifier/VerifierConfigurationService";
 import base64url from "base64url";
+import axios from 'axios';
 
 export class VIDAuthenticationComponent extends AuthenticationComponent {
 
@@ -69,6 +70,21 @@ export class VIDAuthenticationComponent extends AuthenticationComponent {
 			return { valid: false };
 		}
 
+		try { // check revocation list
+			const credentialStatusIdValue = parsedCredPayload.vc.credentialStatus.id;
+			const [revocationListUrl, id] = credentialStatusIdValue.split('#')
+			const revocationListRes = await axios.get(revocationListUrl);
+			const revocationList = revocationListRes.data.crl;
+			const record = revocationList.filter((record: any) => record.id == id)[0];
+			if (record && record.revocation_date != null) {
+				return { valid: false }
+			}
+		}
+		catch(err) {
+			console.error("Failed to get revocation status for this credential");
+			return { valid: false };
+		}
+
 		return { valid: true };
 	}
 

diff --git a/...issuer/src/configuration/SupportedCredentialsConfiguration/VIDSupportedCredentialSdJwt.ts b/...issuer/src/configuration/SupportedCredentialsConfiguration/VIDSupportedCredentialSdJwt.ts
@@ -85,7 +85,7 @@ export class VIDSupportedCredentialSdJwt implements SupportedCredentialProtocol
 				"id": holderDID,
 			},
 			"credentialStatus": {
-				"id": `${config.crl.url}#${(await CredentialStatusList.insert(data.User, data.pid_id)).id}`,
+				"id": `${config.crl.url}#${(await CredentialStatusList.insert(data.family_name, data.pid_id)).id}`,
 				"type": "CertificateRevocationList"
 			},
 			"credentialBranding": {