demo-ing revocation: include revoked/expired VCs in wallet.List(), always update statuslist credential

Author: reinkrul

vcr/holder/sql_wallet.go

@@ -20,7 +20,6 @@ package holder
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"time"
 
@@ -128,13 +127,15 @@ func (h sqlWallet) List(_ context.Context, holderDID did.DID) ([]vc.VerifiableCr
 	// now validate credentials and remove invalid ones
 	validCredentials := make([]vc.VerifiableCredential, 0, len(credentials))
 	for _, credential := range credentials {
+		validCredentials = append(validCredentials, credential)
+		// TODO: Disabled for now in project GF, because we want to actively demo with expired credentials.
 		// we only want to check expiration and revocation status
-		if err = h.verifier.Verify(credential, true, false, nil); err == nil {
-			validCredentials = append(validCredentials, credential)
-		} else if !errors.Is(err, types.ErrCredentialNotValidAtTime) && !errors.Is(err, types.ErrRevoked) {
-			// a possible technical error has occurred that should be logged.
-			log.Logger().WithError(err).WithField(core.LogFieldCredentialID, credential.ID).Warn("unable to verify credential")
-		}
+		//if err = h.verifier.Verify(credential, true, false, nil); err == nil {
+		//	validCredentials = append(validCredentials, credential)
+		//} else if !errors.Is(err, types.ErrCredentialNotValidAtTime) && !errors.Is(err, types.ErrRevoked) {
+		//	// a possible technical error has occurred that should be logged.
+		//	log.Logger().WithError(err).WithField(core.LogFieldCredentialID, credential.ID).Warn("unable to verify credential")
+		//}
 	}
 
 	return validCredentials, nil

vcr/revocation/statuslist2021_verifier.go

@@ -25,7 +25,6 @@ import (
 	"io"
 	"net/http"
 	"strconv"
-	"time"
 
 	"github.com/nuts-foundation/go-did/vc"
 	"github.com/nuts-foundation/nuts-node/core"
@@ -102,6 +101,7 @@ func (cs *StatusList2021) Verify(credentialToVerify vc.VerifiableCredential) err
 func (cs *StatusList2021) statusList(statusListCredential string) (*credentialRecord, error) {
 	cr, err := cs.loadCredential(statusListCredential)
 	if err != nil {
+		log.Logger().WithError(err).Warnf("Failed to load StatusList2021Credential from database, fetching from issuer (url=%s)", statusListCredential)
 		// assume any error means we don't have the credential, so try fetching remote
 		return cs.update(statusListCredential)
 	}
@@ -111,23 +111,11 @@ func (cs *StatusList2021) statusList(statusListCredential string) (*credentialRe
 		return cr, nil
 	}
 
-	// TODO: renewal criteria need to be reconsidered if we add other purposes. A 'suspension' may have been canceled
-	// renew expired certificates
-	if (cr.Expires != nil && time.Unix(*cr.Expires, 0).Before(time.Now())) || // expired
-		time.Unix(cr.CreatedAt, 0).Add(cs.maxAge).Before(time.Now()) { // older than 15 min
-		crUpdated, err := cs.update(statusListCredential)
-		if err == nil {
-			return crUpdated, nil
-		}
-		// use known StatusList2021Credential if we can't fetch a new one, even if it is older/expired
-		if cr.Expires != nil && time.Unix(*cr.Expires, 0).Before(time.Now()) {
-			// log warning if using expired StatusList2021Credential
-			log.Logger().WithError(err).WithField(core.LogFieldCredentialSubject, statusListCredential).
-				Info("Validating credentialStatus using expired StatusList2021Credential")
-		}
+	// PROJECT-GF: for demo purposes, we always update the statuslist credentials, so we can demo revocation.
+	crUpdated, err := cs.update(statusListCredential)
+	if err == nil {
+		return crUpdated, nil
 	}
-
-	// return credentialRecord, which could be outdated but is the best information available.
 	return cr, nil
 }
 

vcr/revocation/statuslist2021_verifier_test.go

@@ -132,6 +132,7 @@ func TestStatusList2021_statusList(t *testing.T) {
 		return *cr, cir
 	}
 	t.Run("ok - known credential", func(t *testing.T) {
+		t.Skip("PROJECT-GF: for demo purposes, we always update the statuslist credentials, so we can demo revocation.")
 		cs, entry, _ := testSetup(t, false)
 		cs.client = nil // panics if attempts to update
 		expectedCR, _ := makeRecords(entry.StatusListCredential)