vc-flow fails with Invalid derivation origin error

civicteam · May 6, 2024 · a36e3b1 · a36e3b1
1 parent 8e822d6
commit a36e3b1
Show file tree

Hide file tree

Showing 7 changed files with 123 additions and 33 deletions.
diff --git a/src/civic_canister_backend/civic_canister_backend.did b/src/civic_canister_backend/civic_canister_backend.did
@@ -12,11 +12,29 @@ type CredentialSpec = record {
   arguments : opt vec record { text; ArgumentValue };
   credential_type : text;
 };
+type DerivationOriginData = record { origin : text };
+type DerivationOriginError = variant {
+  Internal : text;
+  UnsupportedOrigin : text;
+};
+type DerivationOriginRequest = record { frontend_hostname : text };
 type GetCredentialRequest = record {
   signed_id_alias : SignedIdAlias;
   prepared_context : opt blob;
   credential_spec : CredentialSpec;
 };
+type HttpRequest = record {
+  url : text;
+  method : text;
+  body : blob;
+  headers : vec record { text; text };
+  certificate_version : opt nat16;
+};
+type HttpResponse = record {
+  body : blob;
+  headers : vec record { text; text };
+  status_code : nat16;
+};
 type IssueCredentialError = variant {
   Internal : text;
   SignatureNotFound : text;
@@ -37,12 +55,16 @@ type PrepareCredentialRequest = record {
   credential_spec : CredentialSpec;
 };
 type PreparedCredentialData = record { prepared_context : opt blob };
-type Result = variant { Ok : vec StoredCredential; Err : CredentialError };
-type Result_1 = variant {
+type Result = variant {
+  Ok : DerivationOriginData;
+  Err : DerivationOriginError;
+};
+type Result_1 = variant { Ok : vec StoredCredential; Err : CredentialError };
+type Result_2 = variant {
   Ok : IssuedCredentialData;
   Err : IssueCredentialError;
 };
-type Result_2 = variant {
+type Result_3 = variant {
   Ok : PreparedCredentialData;
   Err : IssueCredentialError;
 };
@@ -57,7 +79,9 @@ type StoredCredential = record {
 service : (opt IssuerInit) -> {
   add_credentials : (principal, vec StoredCredential) -> (text);
   configure : (IssuerInit) -> ();
-  get_all_credentials : (principal) -> (Result) query;
-  get_credential : (GetCredentialRequest) -> (Result_1) query;
-  prepare_credential : (PrepareCredentialRequest) -> (Result_2);
+  derivation_origin : (DerivationOriginRequest) -> (Result);
+  get_all_credentials : (principal) -> (Result_1) query;
+  get_credential : (GetCredentialRequest) -> (Result_2) query;
+  http_request : (HttpRequest) -> (HttpResponse) query;
+  prepare_credential : (PrepareCredentialRequest) -> (Result_3);
 }
diff --git a/src/civic_canister_backend/civic_canister_backend.wasm.gz b/src/civic_canister_backend/civic_canister_backend.wasm.gz
diff --git a/src/civic_canister_backend/src/lib.rs b/src/civic_canister_backend/src/lib.rs
@@ -25,13 +25,15 @@ use std::cell::RefCell;
 use asset_util::{collect_assets, CertifiedAssets};
 use vc_util::issuer_api::{
     CredentialSpec, GetCredentialRequest, IssueCredentialError, IssuedCredentialData,
-    PrepareCredentialRequest, PreparedCredentialData, SignedIdAlias,
+    PrepareCredentialRequest, PreparedCredentialData, SignedIdAlias, DerivationOriginData, DerivationOriginError,
+    DerivationOriginRequest
 };
 use vc_util::{ did_for_principal, get_verified_id_alias_from_jws, vc_jwt_to_jws,
     vc_signing_input, vc_signing_input_hash, AliasTuple,
 };
 use ic_cdk::api;
 use lazy_static::lazy_static;
+use ic_cdk_macros::post_upgrade;
 use identity_credential::credential::{CredentialBuilder};
 use identity_core::common::{Timestamp, Url};
 
@@ -158,10 +160,10 @@ fn init(init_arg: Option<IssuerInit>) {
     init_assets();
 }
 
-// #[post_upgrade]
-// fn post_upgrade(init_arg: Option<IssuerInit>) {
-//     init(init_arg);
-// }
+#[post_upgrade]
+fn post_upgrade(init_arg: Option<IssuerInit>) {
+    init(init_arg);
+}
 
 #[update]
 #[candid_method]
@@ -413,6 +415,30 @@ fn verify_credential_spec(spec: &CredentialSpec) -> Result<SupportedCredentialTy
     }
 }
 
+#[update]
+#[candid_method]
+async fn derivation_origin(
+    req: DerivationOriginRequest,
+) -> Result<DerivationOriginData, DerivationOriginError> {
+    get_derivation_origin(&req.frontend_hostname)
+}
+
+fn get_derivation_origin(hostname: &str) -> Result<DerivationOriginData, DerivationOriginError> {
+    CONFIG.with_borrow(|config| {
+        let config = config.get();
+
+        // We don't currently rely on the value provided, so if it doesn't match
+        // we just print a warning
+        if hostname != config.frontend_hostname {
+            println!("*** achtung! bad frontend hostname {}", hostname,);
+        }
+
+        Ok(DerivationOriginData {
+            origin: config.derivation_origin.clone(),
+        })
+    })
+}
+
 
 #[update]
 #[candid_method]

diff --git a/src/declarations/civic_canister_backend/civic_canister_backend.did b/src/declarations/civic_canister_backend/civic_canister_backend.did
@@ -12,6 +12,12 @@ type CredentialSpec = record {
   arguments : opt vec record { text; ArgumentValue };
   credential_type : text;
 };
+type DerivationOriginData = record { origin : text };
+type DerivationOriginError = variant {
+  Internal : text;
+  UnsupportedOrigin : text;
+};
+type DerivationOriginRequest = record { frontend_hostname : text };
 type GetCredentialRequest = record {
   signed_id_alias : SignedIdAlias;
   prepared_context : opt blob;
@@ -49,12 +55,16 @@ type PrepareCredentialRequest = record {
   credential_spec : CredentialSpec;
 };
 type PreparedCredentialData = record { prepared_context : opt blob };
-type Result = variant { Ok : vec StoredCredential; Err : CredentialError };
-type Result_1 = variant {
+type Result = variant {
+  Ok : DerivationOriginData;
+  Err : DerivationOriginError;
+};
+type Result_1 = variant { Ok : vec StoredCredential; Err : CredentialError };
+type Result_2 = variant {
   Ok : IssuedCredentialData;
   Err : IssueCredentialError;
 };
-type Result_2 = variant {
+type Result_3 = variant {
   Ok : PreparedCredentialData;
   Err : IssueCredentialError;
 };
@@ -69,8 +79,9 @@ type StoredCredential = record {
 service : (opt IssuerInit) -> {
   add_credentials : (principal, vec StoredCredential) -> (text);
   configure : (IssuerInit) -> ();
-  get_all_credentials : (principal) -> (Result) query;
-  get_credential : (GetCredentialRequest) -> (Result_1) query;
+  derivation_origin : (DerivationOriginRequest) -> (Result);
+  get_all_credentials : (principal) -> (Result_1) query;
+  get_credential : (GetCredentialRequest) -> (Result_2) query;
   http_request : (HttpRequest) -> (HttpResponse) query;
-  prepare_credential : (PrepareCredentialRequest) -> (Result_2);
+  prepare_credential : (PrepareCredentialRequest) -> (Result_3);
 }
diff --git a/src/declarations/civic_canister_backend/civic_canister_backend.did.d.ts b/src/declarations/civic_canister_backend/civic_canister_backend.did.d.ts
@@ -15,6 +15,10 @@ export interface CredentialSpec {
   'arguments' : [] | [Array<[string, ArgumentValue]>],
   'credential_type' : string,
 }
+export interface DerivationOriginData { 'origin' : string }
+export type DerivationOriginError = { 'Internal' : string } |
+  { 'UnsupportedOrigin' : string };
+export interface DerivationOriginRequest { 'frontend_hostname' : string }
 export interface GetCredentialRequest {
   'signed_id_alias' : SignedIdAlias,
   'prepared_context' : [] | [Uint8Array | number[]],
@@ -52,11 +56,13 @@ export interface PrepareCredentialRequest {
 export interface PreparedCredentialData {
   'prepared_context' : [] | [Uint8Array | number[]],
 }
-export type Result = { 'Ok' : Array<StoredCredential> } |
+export type Result = { 'Ok' : DerivationOriginData } |
+  { 'Err' : DerivationOriginError };
+export type Result_1 = { 'Ok' : Array<StoredCredential> } |
   { 'Err' : CredentialError };
-export type Result_1 = { 'Ok' : IssuedCredentialData } |
+export type Result_2 = { 'Ok' : IssuedCredentialData } |
   { 'Err' : IssueCredentialError };
-export type Result_2 = { 'Ok' : PreparedCredentialData } |
+export type Result_3 = { 'Ok' : PreparedCredentialData } |
   { 'Err' : IssueCredentialError };
 export interface SignedIdAlias { 'credential_jws' : string }
 export interface StoredCredential {
@@ -69,10 +75,11 @@ export interface StoredCredential {
 export interface _SERVICE {
   'add_credentials' : ActorMethod<[Principal, Array<StoredCredential>], string>,
   'configure' : ActorMethod<[IssuerInit], undefined>,
-  'get_all_credentials' : ActorMethod<[Principal], Result>,
-  'get_credential' : ActorMethod<[GetCredentialRequest], Result_1>,
+  'derivation_origin' : ActorMethod<[DerivationOriginRequest], Result>,
+  'get_all_credentials' : ActorMethod<[Principal], Result_1>,
+  'get_credential' : ActorMethod<[GetCredentialRequest], Result_2>,
   'http_request' : ActorMethod<[HttpRequest], HttpResponse>,
-  'prepare_credential' : ActorMethod<[PrepareCredentialRequest], Result_2>,
+  'prepare_credential' : ActorMethod<[PrepareCredentialRequest], Result_3>,
 }
 export declare const idlFactory: IDL.InterfaceFactory;
 export declare const init: (args: { IDL: typeof IDL }) => IDL.Type[];
diff --git a/src/declarations/civic_canister_backend/civic_canister_backend.did.js b/src/declarations/civic_canister_backend/civic_canister_backend.did.js
@@ -23,8 +23,20 @@ export const idlFactory = ({ IDL }) => {
     'claim' : IDL.Vec(Claim),
     'issuer' : IDL.Text,
   });
-  const CredentialError = IDL.Variant({ 'NoCredentialsFound' : IDL.Text });
+  const DerivationOriginRequest = IDL.Record({
+    'frontend_hostname' : IDL.Text,
+  });
+  const DerivationOriginData = IDL.Record({ 'origin' : IDL.Text });
+  const DerivationOriginError = IDL.Variant({
+    'Internal' : IDL.Text,
+    'UnsupportedOrigin' : IDL.Text,
+  });
   const Result = IDL.Variant({
+    'Ok' : DerivationOriginData,
+    'Err' : DerivationOriginError,
+  });
+  const CredentialError = IDL.Variant({ 'NoCredentialsFound' : IDL.Text });
+  const Result_1 = IDL.Variant({
     'Ok' : IDL.Vec(StoredCredential),
     'Err' : CredentialError,
   });
@@ -48,7 +60,7 @@ export const idlFactory = ({ IDL }) => {
     'UnknownSubject' : IDL.Text,
     'UnsupportedCredentialSpec' : IDL.Text,
   });
-  const Result_1 = IDL.Variant({
+  const Result_2 = IDL.Variant({
     'Ok' : IssuedCredentialData,
     'Err' : IssueCredentialError,
   });
@@ -71,7 +83,7 @@ export const idlFactory = ({ IDL }) => {
   const PreparedCredentialData = IDL.Record({
     'prepared_context' : IDL.Opt(IDL.Vec(IDL.Nat8)),
   });
-  const Result_2 = IDL.Variant({
+  const Result_3 = IDL.Variant({
     'Ok' : PreparedCredentialData,
     'Err' : IssueCredentialError,
   });
@@ -82,10 +94,11 @@ export const idlFactory = ({ IDL }) => {
         [],
       ),
     'configure' : IDL.Func([IssuerInit], [], []),
-    'get_all_credentials' : IDL.Func([IDL.Principal], [Result], ['query']),
-    'get_credential' : IDL.Func([GetCredentialRequest], [Result_1], ['query']),
+    'derivation_origin' : IDL.Func([DerivationOriginRequest], [Result], []),
+    'get_all_credentials' : IDL.Func([IDL.Principal], [Result_1], ['query']),
+    'get_credential' : IDL.Func([GetCredentialRequest], [Result_2], ['query']),
     'http_request' : IDL.Func([HttpRequest], [HttpResponse], ['query']),
-    'prepare_credential' : IDL.Func([PrepareCredentialRequest], [Result_2], []),
+    'prepare_credential' : IDL.Func([PrepareCredentialRequest], [Result_3], []),
   });
 };
 export const init = ({ IDL }) => {

diff --git a/src/relying_canister_frontend/src/index.ts b/src/relying_canister_frontend/src/index.ts
@@ -6,7 +6,7 @@ import type { Principal } from "@dfinity/principal";
 import {  createActor, CreateActorOptions } from "../../declarations/civic_canister_backend/index";
 import {_SERVICE} from "../../declarations/civic_canister_backend/civic_canister_backend.did"
 
-const canisterId = "bkyz2-fmaaa-aaaaa-qaaaq-cai" //hardcoded civic canister id
+const canisterId = "b77ix-eeaaa-aaaaa-qaada-cai" //hardcoded civic canister id
 // get it using dfx canister id civic_canister_backend
 // process.env.CIVIC_CANISTER_BACKEND_ID;
 
@@ -72,8 +72,8 @@ const credentialData = {
 
 // Define the issuer data
 const issuerData = {
-  "origin": "http://127.0.0.1:4943/?canisterId=br5f7-7uaaa-aaaaa-qaaca-cai&id=bkyz2-fmaaa-aaaaa-qaaaq-cai",
-  "canisterId": "bkyz2-fmaaa-aaaaa-qaaaq-cai"
+  "origin": "http://b77ix-eeaaa-aaaaa-qaada-cai.localhost:4943",
+  "canisterId": canisterId
 };
 
 // Callback functions
@@ -88,7 +88,16 @@ const onError = (error) => {
 
 const identityProvider = local_ii_url;
 
-requestVerifiablePresentation(onSuccess, onError, credentialData, issuerData, identityProvider);
+const requestParams = {
+  onSuccess,
+  onError,
+  credentialData,
+  issuerData,
+  identityProvider
+};
+
+requestVerifiablePresentation(requestParams);
+
 
 const displayCredential = (credential) => {
   // Update the DOM or state with the credential information