aries-cloudagent-python icon indicating copy to clipboard operation
aries-cloudagent-python copied to clipboard
verified publisher icon hyperledger

Clearing pending revocations from a revocation registry clears all pending revocations from other registries.

Open cl0ete opened this issue 1 year ago • 0 comments

Below I have 3 registries with pending publications. First two on the same credential definition, third one on a different credential definition.

GET /revocation/registry/NbLJt2RgxGFZLW55kkcuaz%3A4%3ANbLJt2RgxGFZLW55kkcuaz%3A3%3ACL%3A8%3AEpic%3ACL_ACCUM%3Aa077e29b-78b7-44d1-8f92-f9451ae20139'

Response body:

{
 "result": {
   "state": "active",
   "created_at": "2024-05-06T09:02:00.406414Z",
...
   "pending_pub": [
     "2",
     "3",
     "4",
     "5"
   ]
 }
}

GET /revocation/registry/NbLJt2RgxGFZLW55kkcuaz%3A4%3ANbLJt2RgxGFZLW55kkcuaz%3A3%3ACL%3A8%3AEpic%3ACL_ACCUM%3A657200c3-daa1-4619-b2d8-16353974433a'

Response body:

{
 "result": {
   "state": "full",
   "created_at": "2024-05-06T09:01:57.320175Z",
 ...
   "pending_pub": [
     "17",
     "2",
     "5"
   ]
 }
}

GET /revocation/registry/NbLJt2RgxGFZLW55kkcuaz%3A4%3ANbLJt2RgxGFZLW55kkcuaz%3A3%3ACL%3A18%3Alekker%3ACL_ACCUM%3A4edd4a62-0ed0-48ed-a66a-ff0008ff2419'

Response body:

{
 "result": {
   "state": "active",
   "created_at": "2024-05-06T09:32:26.444582Z",
   ...
   "pending_pub": [
     "1"
   ]
 }
}

I then clear one pending revocation from first registry above:

POST /revocation/clear-pending-revocations'

With body:

{
  "purge": {
    "NbLJt2RgxGFZLW55kkcuaz:4:NbLJt2RgxGFZLW55kkcuaz:3:CL:8:Epic:CL_ACCUM:a077e29b-78b7-44d1-8f92-f9451ae20139":["2"]
  }
}

Response body:

{
  "rrid2crid": {
    "NbLJt2RgxGFZLW55kkcuaz:4:NbLJt2RgxGFZLW55kkcuaz:3:CL:8:Epic:CL_ACCUM:a077e29b-78b7-44d1-8f92-f9451ae20139": [
      "3",
      "4",
      "5"
    ]
  }
}

I have cleared cred_rev_id: "2" from the pending list BUT when getting the other two registries we see:

GET /revocation/registry/NbLJt2RgxGFZLW55kkcuaz%3A4%3ANbLJt2RgxGFZLW55kkcuaz%3A3%3ACL%3A8%3AEpic%3ACL_ACCUM%3A657200c3-daa1-4619-b2d8-16353974433a'

Response body:

{
 "result": {
   "state": "full",
   "created_at": "2024-05-06T09:01:57.320175Z",
 ...
   "pending_pub": []
 }
}

GET /revocation/registry/NbLJt2RgxGFZLW55kkcuaz%3A4%3ANbLJt2RgxGFZLW55kkcuaz%3A3%3ACL%3A18%3Alekker%3ACL_ACCUM%3A4edd4a62-0ed0-48ed-a66a-ff0008ff2419'

Response body:

{
 "result": {
   "state": "active",
   "created_at": "2024-05-06T09:32:26.444582Z",
 ...
   "pending_pub": []
 }
}

All the pending revocations are gone.

Taking a look at the revocation code at line 335 to 351:

       result = {}
       notify = []

       async with self._profile.transaction() as txn:
           issuer_rr_recs = await IssuerRevRegRecord.query_by_pending(txn)
           for issuer_rr_rec in issuer_rr_recs:
               rrid = issuer_rr_rec.revoc_reg_id
               await issuer_rr_rec.clear_pending(txn, (purge or {}).get(rrid))
               if issuer_rr_rec.pending_pub:
                   result[rrid] = issuer_rr_rec.pending_pub
               notify.append(rrid)
           await txn.commit()

       for rrid in notify:
           await notify_pending_cleared_event(self._profile, rrid)

       return result

It looks like issuer_rr_recs should be filtered by the id's passed in the purge payload before clearing them, if I am reading this right...

cl0ete avatar May 06 '24 11:05 cl0ete