add negative test generation and helper functions

Signed-off-by: PatStLouis <[email protected]>

Author: PatStLouis

tests/4.13.2-envelopes.js

@@ -4,51 +4,45 @@
  * SPDX-License-Identifier: LicenseRef-w3c-3-clause-bsd-license-2008 OR LicenseRef-w3c-test-suite-license-2023
  */
 
-import {addPerTestMetadata, extractIfEnveloped, setupMatrix}
-  from './helpers.js';
+import {
+  addPerTestMetadata,
+  generateCredential,
+  generateEnvelope,
+  secureCredential,
+  setupMatrix
+} from './helpers.js';
+import {
+  vc_jwt,
+  vp_jwt
+} from './fixtures.js';
 import assert from 'node:assert/strict';
 import chai from 'chai';
-import {createRequire} from 'module';
 import {filterByTag} from 'vc-test-suite-implementations';
-import {shouldBeCredential} from './assertions.js';
 import {TestEndpoints} from './TestEndpoints.js';
 
-// eslint-disable-next-line no-unused-vars
 const should = chai.should();
 
-const require = createRequire(import.meta.url);
-
-const tag = 'vc2.0';
+const tag = 'EnvelopingProof';
 const {match} = filterByTag({tags: [tag]});
 
 // 4.12.1 Enveloped Verifiable Credentials https://w3c.github.io/vc-data-model/#enveloped-verifiable-credentials
-describe('VP - Enveloped Verifiable Credentials', function() {
+describe('Enveloped Verifiable Credentials', function() {
   setupMatrix.call(this, match);
   for(const [name, implementation] of match) {
     const endpoints = new TestEndpoints({implementation, tag});
-    const issuerEnvelopeSupport =
-      endpoints.issuer.settings.tags.includes(
-        'EnvelopingProof');
-    const vpVerifierEnvelopeSupport = endpoints.vpVerifier &&
-      endpoints.vpVerifier.settings.tags.includes(
-        'EnvelopingProof');
+    const issuer = implementation.issuers?.find(
+      issuer => issuer.tags.has(tag)) || null;
+    const verifier = implementation.verifiers?.find(
+      verifier => verifier.tags.has(tag)) || null;
 
     describe(name, function() {
-      let issuedVc;
+      let envelopedCredential;
+      let negativeFixture;
       before(async function() {
-        if(issuerEnvelopeSupport) {
-          try {
-            issuedVc = await endpoints.issue(require(
-              './input/credential-ok.json'));
-          } catch(e) {
-            console.error(
-              `Issuer: ${name} failed to issue "credential-ok.json".`,
-              e
-            );
-          }
-        } else {
-          issuedVc = null;
-        }
+        envelopedCredential = generateEnvelope({
+          type: 'EnvelopedVerifiableCredential',
+          id: `data:application/vc+jwt,${vc_jwt}`
+        });
       });
       beforeEach(addPerTestMetadata);
 
@@ -58,18 +52,27 @@ describe('VP - Enveloped Verifiable Credentials', function() {
         'terms as defined by the base context provided by this specification.',
       async function() {
         this.test.link = `https://w3c.github.io/vc-data-model/#enveloped-verifiable-credentials:~:text=The%20%40context%20property%20of%20the%20object%20MUST%20be%20present%20and%20include%20a%20context%2C%20such%20as%20the%20base%20context%20for%20this%20specification%2C%20that%20defines%20at%20least%20the%20id%2C%20type%2C%20and%20EnvelopedVerifiableCredential%20terms%20as%20defined%20by%20the%20base%20context%20provided%20by%20this%20specification.`;
-        if(!vpVerifierEnvelopeSupport) {
-          this.test.cell.skipMessage = 'No envelope support.';
-          this.skip();
-        } else {
-          await assert.doesNotReject(endpoints.verifyVp(require(
-            './input/presentation-enveloped-vc-ok.json')),
-          'Failed to accept a VP containing a enveloped VC.');
-          // TODO: add more `@context` variations to test handling?
-          await assert.rejects(endpoints.verifyVp(require(
-            './input/presentation-enveloped-vc-missing-type-fail.json')),
-          'Failed to reject a VP containing an enveloped VC with a missing ' +
-          '`type`.');
+        if(issuer) {
+          const issuedVc = await secureCredential(
+            {issuer, credential: generateCredential()});
+          should.exist(issuedVc, 'Expected credential to be issued.');
+          issuedVc.should.have.property('@context');
+        }
+        if(verifier) {
+          await assert.doesNotReject(endpoints.verify(envelopedCredential),
+            'Failed to accept an enveloped VC.');
+
+          // Replace context with an empty array
+          negativeFixture = structuredClone(envelopedCredential);
+          negativeFixture['@context'] = [];
+          await assert.rejects(endpoints.verify(negativeFixture),
+            'Failed to reject an enveloped VC with an empty context.');
+
+          // Replace context with an invalid value
+          negativeFixture = structuredClone(envelopedCredential);
+          negativeFixture['@context'] = 'https://www.w3.org/ns/credentials/examples/v2';
+          await assert.rejects(endpoints.verify(negativeFixture),
+            'Failed to reject an enveloped VC with an invalid context.');
         }
       });
 
@@ -78,44 +81,77 @@ describe('VP - Enveloped Verifiable Credentials', function() {
         'security scheme, such as Securing Verifiable Credentials using JOSE ' +
         'and COSE [VC-JOSE-COSE].', async function() {
         this.test.link = `https://w3c.github.io/vc-data-model/#enveloped-verifiable-credentials:~:text=The%20id%20value%20of%20the%20object%20MUST%20be%20a%20data%3A%20URL%20%5BRFC2397%5D%20that%20expresses%20a%20secured%20verifiable%20credential%20using%20an%20enveloping%20security%20scheme%2C%20such%20as%20Securing%20Verifiable%20Credentials%20using%20JOSE%20and%20COSE%20%5BVC%2DJOSE%2DCOSE%5D.`;
-        if(!issuerEnvelopeSupport) {
-          this.test.cell.skipMessage = 'No envelope support.';
-          this.skip();
-        } else {
+        if(issuer) {
+          const issuedVc = await secureCredential(
+            {issuer, credential: generateCredential()});
+          should.exist(issuedVc, 'Expected credential to be issued.');
           issuedVc.should.have.property('id').that.does
             .include('data:',
               `Expecting id field to be a 'data:' scheme URL [RFC2397].`);
-          const extractedCredential = extractIfEnveloped(issuedVc);
-          shouldBeCredential(extractedCredential);
+        }
+        if(verifier) {
+          await assert.doesNotReject(endpoints.verify(envelopedCredential),
+            'Failed to accept an enveloped VC.');
+
+          // Remove data uri portion of the id field
+          negativeFixture = structuredClone(envelopedCredential);
+          negativeFixture.id = negativeFixture.id.split(',').pop();
+          await assert.rejects(endpoints.verify(negativeFixture),
+            'Failed to reject an enveloped VC with an invalid data url id.');
         }
       });
 
       it('The type value of the object MUST be EnvelopedVerifiableCredential.',
         async function() {
           this.test.link = `https://w3c.github.io/vc-data-model/#enveloped-verifiable-credentials:~:text=The%20type%20value%20of%20the%20object%20MUST%20be%20EnvelopedVerifiableCredential.`;
-          if(!issuerEnvelopeSupport) {
-            this.test.cell.skipMessage = 'No envelope support.';
-            this.skip();
-          } else {
-            issuedVc.should.have.property('type').that.does
-              .include('EnvelopedVerifiableCredential',
-                `Expecting type field to be EnvelopedVerifiableCredential`);
+          if(issuer) {
+            const issuedVc = await secureCredential(
+              {issuer, credential: generateCredential()});
+            should.exist(issuedVc, 'Expected credential to be issued.');
+            issuedVc.should.have.property('type').that.is.equal(
+              'EnvelopedVerifiableCredential',
+              `Expecting type field to be EnvelopedVerifiableCredential`);
+          }
+          if(verifier) {
+            await assert.doesNotReject(endpoints.verify(envelopedCredential),
+              'Failed to accept an enveloped VC.');
+
+            // Remove type field
+            negativeFixture = structuredClone(envelopedCredential);
+            delete negativeFixture.type;
+            await assert.rejects(endpoints.verify(negativeFixture),
+              'Failed to reject an enveloped VC with an enveloped VC with a ' +
+          'missing `type`.');
+
+            // Replace type field
+            negativeFixture = structuredClone(envelopedCredential);
+            negativeFixture.type = ['VerifiableCredential'];
+            await assert.rejects(endpoints.verify(negativeFixture),
+              'Failed to reject an enveloped VC with an ' +
+          'invalid `type`.');
           }
         });
     });
   }
 });
 
 // 4.12.2 Enveloped Verifiable Presentations https://w3c.github.io/vc-data-model/#enveloped-verifiable-presentations
-describe('VP - Enveloped Verifiable Presentations', function() {
+describe('Enveloped Verifiable Presentations', function() {
   setupMatrix.call(this, match);
   for(const [name, implementation] of match) {
     const endpoints = new TestEndpoints({implementation, tag});
-    const vpVerifierEnvelopeSupport = endpoints.vpVerifier &&
-      endpoints.vpVerifier.settings.tags.includes(
-        'EnvelopingProof');
+    const vpVerifier = implementation.vpVerifiers?.find(
+      vpVerifier => vpVerifier.tags.has(tag)) || null;
 
     describe(name, function() {
+      let envelopedPresentation;
+      let negativeFixture;
+      before(async function() {
+        envelopedPresentation = generateEnvelope({
+          type: 'EnvelopedVerifiablePresentation',
+          id: `data:application/vp+jwt,${vp_jwt}`
+        });
+      });
       beforeEach(addPerTestMetadata);
 
       it('The @context property of the object MUST be present and include a ' +
@@ -124,14 +160,23 @@ describe('VP - Enveloped Verifiable Presentations', function() {
         'terms as defined by the base context provided by this specification.',
       async function() {
         this.test.link = `https://w3c.github.io/vc-data-model/#enveloped-verifiable-presentations:~:text=The%20%40context%20property%20of%20the%20object%20MUST%20be%20present%20and%20include%20a%20context%2C%20such%20as%20the%20base%20context%20for%20this%20specification%2C%20that%20defines%20at%20least%20the%20id%2C%20type%2C%20and%20EnvelopedVerifiablePresentation%20terms%20as%20defined%20by%20the%20base%20context%20provided%20by%20this%20specification.`;
-        if(!vpVerifierEnvelopeSupport) {
-          this.test.cell.skipMessage = 'No envelope support.';
-          this.skip();
-        } else {
+
+        if(vpVerifier) {
+          await assert.doesNotReject(endpoints.verifyVp(envelopedPresentation),
+            'Failed to accept an enveloped VP.');
+
+          // Replace context field with empty array
+          negativeFixture = structuredClone(envelopedPresentation);
+          negativeFixture['@context'] = [];
           await assert.rejects(
-            endpoints.verifyVp(require(
-              './input/enveloped-presentation-context-fail.json')),
+            endpoints.verifyVp(negativeFixture),
+            'Failed to reject Enveloped VP missing contexts.');
 
+          // Replace context field with invalid context
+          negativeFixture = structuredClone(envelopedPresentation);
+          negativeFixture['@context'] = ['https://www.w3.org/ns/credentials/examples/v2'];
+          await assert.rejects(
+            endpoints.verifyVp(negativeFixture),
             'Failed to reject Enveloped VP missing contexts.');
         }
       });
@@ -141,29 +186,33 @@ describe('VP - Enveloped Verifiable Presentations', function() {
         'securing mechanism, such as Securing Verifiable Credentials using ' +
         'JOSE and COSE [VC-JOSE-COSE].', async function() {
         this.test.link = `https://w3c.github.io/vc-data-model/#enveloped-verifiable-presentations:~:text=The%20id%20value%20of%20the%20object%20MUST%20be%20a%20data%3A%20URL%20%5BRFC2397%5D%20that%20expresses%20a%20secured%20verifiable%20presentation%20using%20an%20enveloping%20securing%20mechanism%2C%20such%20as%20Securing%20Verifiable%20Credentials%20using%20JOSE%20and%20COSE%20%5BVC%2DJOSE%2DCOSE%5D.`;
-        if(!vpVerifierEnvelopeSupport) {
-          this.test.cell.skipMessage = 'No envelope support.';
-          this.skip();
-        } else {
-          await assert.rejects(
-            endpoints.verifyVp(require(
-              './input/enveloped-presentation-id-fail.json')),
 
+        if(vpVerifier) {
+          await assert.doesNotReject(endpoints.verifyVp(envelopedPresentation),
+            'Failed to accept an enveloped VP.');
+
+          // Remove data uri portion from id field
+          negativeFixture = structuredClone(envelopedPresentation);
+          negativeFixture.id = negativeFixture.id.split(',').pop();
+          await assert.rejects(
+            endpoints.verifyVp(negativeFixture),
             'Failed to reject Enveloped VP with an id that is not a data url.');
         }
       });
 
       it('The type value of the object MUST be ' +
         'EnvelopedVerifiablePresentation.', async function() {
         this.test.link = `https://w3c.github.io/vc-data-model/#enveloped-verifiable-presentations:~:text=The%20type%20value%20of%20the%20object%20MUST%20be%20EnvelopedVerifiablePresentation.`;
-        if(!vpVerifierEnvelopeSupport) {
-          this.test.cell.skipMessage = 'No envelope support.';
-          this.skip();
-        } else {
-          await assert.rejects(
-            endpoints.verifyVp(require(
-              './input/enveloped-presentation-type-fail.json')),
 
+        if(vpVerifier) {
+          await assert.doesNotReject(endpoints.verifyVp(envelopedPresentation),
+            'Failed to accept an enveloped VP.');
+
+          // Replace type field
+          negativeFixture = structuredClone(envelopedPresentation);
+          negativeFixture.type = ['VerifiablePresentation'];
+          await assert.rejects(
+            endpoints.verifyVp(negativeFixture),
             'Failed to reject VP w/o type "EnvelopedVerifiablePresentation".');
         }
       });

tests/fixtures.js

@@ -0,0 +1,24 @@
+/* eslint-disable max-len */
+export const vc_jwt = 'eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJVbml2ZXJzaXR5RGVncmVlQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJodHRwczovL2V4YW1wbGUuZWR1L2lzc3VlcnMvNTY1MDQ5IiwidmFsaWRGcm9tIjoiMjAxMC0wMS0wMVQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSIsImRlZ3JlZSI6eyJ0eXBlIjoiQmFjaGVsb3JEZWdyZWUiLCJuYW1lIjoiQmFjaGVsb3Igb2YgU2NpZW5jZSBhbmQgQXJ0cyJ9fX0sImlzcyI6Imh0dHBzOi8vZXhhbXBsZS5lZHUvaXNzdWVycy81NjUwNDkiLCJqdGkiOiJodHRwOi8vZXhhbXBsZS5lZHUvY3JlZGVudGlhbHMvMzczMiIsInN1YiI6ImRpZDpleGFtcGxlOmViZmViMWY3MTJlYmM2ZjFjMjc2ZTEyZWMyMSJ9.0fkQPZOKlD0Sl0A798KBUNMOdGq90McQQIEtKU9tgSd9K1kRcxWVKDXQJcn_FJqLvo2bk793EHk-RTeEL1HyAQ';
+export const vp_jwt = 'eyJraWQiOiJFeEhrQk1XOWZtYmt2VjI2Nm1ScHVQMnNVWV9OX0VXSU4xbGFwVXpPOHJvIiwiYWxnIjoiRVMzODQifQ.eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvdjIiLCJodHRwczovL3d3dy53My5vcmcvbnMvY3JlZGVudGlhbHMvZXhhbXBsZXMvdjIiXSwiaWQiOiJodHRwOi8vdW5pdmVyc2l0eS5leGFtcGxlL2NyZWRlbnRpYWxzLzE4NzIiLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiRXhhbXBsZUFsdW1uaUNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiaHR0cHM6Ly91bml2ZXJzaXR5LmV4YW1wbGUvaXNzdWVycy81NjUwNDkiLCJ2YWxpZEZyb20iOiIyMDEwLTAxLTAxVDE5OjIzOjI0WiIsImNyZWRlbnRpYWxTY2hlbWEiOnsiaWQiOiJodHRwczovL2V4YW1wbGUub3JnL2V4YW1wbGVzL2RlZ3JlZS5qc29uIiwidHlwZSI6Ikpzb25TY2hlbWEifSwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZToxMjMiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX19.d2k4O3FytQJf83kLh-HsXuPvh6yeOlhJELVo5TF71gu7elslQyOf2ZItAXrtbXF4Kz9WivNdztOayz4VUQ0Mwa8yCDZkP9B2pH-9S_tcAFxeoeJ6Z4XnFuL_DOfkR1fP';
+export const credential = {
+  '@context': ['https://www.w3.org/ns/credentials/v2'],
+  type: ['VerifiableCredential'],
+  credentialSubject: {
+    name: 'Alice'
+  }
+};
+export const envelopedCredential = {
+  '@context': 'https://www.w3.org/ns/credentials/v2',
+  type: 'EnvelopedVerifiableCredential',
+  id: `data:application/vc+jwt,${vc_jwt}`
+};
+export const presentation = {
+  '@context': ['https://www.w3.org/ns/credentials/v2'],
+  type: ['VerifiablePresentation']
+};
+export const envelopedPresentation = {
+  '@context': 'https://www.w3.org/ns/credentials/v2',
+  type: 'EnvelopedVerifiablePresentation',
+  id: `data:application/vp+jwt,${vp_jwt}`
+};

tests/helpers.js

@@ -36,3 +36,51 @@ export function extractIfEnveloped(input) {
     return input;
   }
 }
+
+export const secureCredential = async ({
+  issuer,
+  credential,
+}) => {
+  const {settings: {id: issuerId, options = {}}} = issuer;
+  credential.issuer = issuerId;
+  const body = {credential, options};
+  const {data, result, error} = await issuer.post({json: body});
+  if(!result || !result.ok) {
+    // console.warn(
+    //   `initial vc creation failed for ${(result || error)?.requestUrl}`,
+    //   error,
+    //   JSON.stringify(data, null, 2)
+    // );
+    return null;
+  }
+  return data;
+};
+
+export function generateCredential({
+  context = ['https://www.w3.org/ns/credentials/v2'],
+  type = ['VerifiableCredential'],
+  credentialSubject = {
+    id: 'did:example:alice',
+    name: 'Alice'
+  }
+} = {}) {
+  const credential = {
+    '@context': context,
+    type,
+    credentialSubject
+  };
+  return credential;
+}
+
+export function generateEnvelope({
+  context = 'https://www.w3.org/ns/credentials/v2',
+  type,
+  id
+} = {}) {
+  const envelopeCredential = {
+    '@context': context,
+    type,
+    id
+  };
+  return envelopeCredential;
+}