HYP-64 Revocation walkthrough (#42)

* Improve message formatting when submitting identities * Shell script for revoking certificate * Add sample certificate PDF * Edit time * version bump * Reggie watches for revocation not Emma * Update basic-demo.md text for revocation
digicatapult · Dec 18, 2023 · 16e3363 · 16e3363
1 parent 47486d4
commit 16e3363
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 19 deletions.
diff --git a/scripts/1_load_identities.sh b/scripts/1_load_identities.sh
@@ -5,40 +5,40 @@ emma=$(curl -s http://localhost:9010/v1/self -H 'accept: application/json' | jq
 reginald=$(curl -s http://localhost:9020/v1/self -H 'accept: application/json' | jq -r .address)
 
 # First persona (Heidi the Hydrogen Producer)
-curl -X 'PUT' http://localhost:9000/v1/members/$heidi \
+curl -s -X 'PUT' http://localhost:9000/v1/members/$heidi \
   -H 'Content-Type: application/json' \
-  -d '{"alias":"Heidi"}'
+  -d '{"alias":"Heidi"}' | jq -r
 
-curl -X 'PUT' http://localhost:9000/v1/members/$emma \
+curl -s -X 'PUT' http://localhost:9000/v1/members/$emma \
   -H 'Content-Type: application/json' \
-  -d '{"alias": "Emma"}'
+  -d '{"alias": "Emma"}' | jq -r
 
-curl -X 'PUT' http://localhost:9000/v1/members/$reginald \
+curl -s -X 'PUT' http://localhost:9000/v1/members/$reginald \
   -H 'Content-Type: application/json' \
-  -d '{"alias": "Reginald"}'
+  -d '{"alias": "Reginald"}' | jq -r
 
 # Second persona (Emma the Energy Producer)
-curl -X 'PUT' http://localhost:9010/v1/members/$heidi \
+curl -s -X 'PUT' http://localhost:9010/v1/members/$heidi \
   -H 'Content-Type: application/json' \
-  -d '{"alias":"Heidi"}'
+  -d '{"alias":"Heidi"}' | jq -r
 
-curl -X 'PUT' http://localhost:9010/v1/members/$emma \
+curl -s -X 'PUT' http://localhost:9010/v1/members/$emma \
   -H 'Content-Type: application/json' \
-  -d '{"alias": "Emma"}'
+  -d '{"alias": "Emma"}' | jq -r
 
-curl -X 'PUT' http://localhost:9010/v1/members/$reginald \
+curl -s -X 'PUT' http://localhost:9010/v1/members/$reginald \
   -H 'Content-Type: application/json' \
-  -d '{"alias": "Reginald"}'
+  -d '{"alias": "Reginald"}' | jq -r
 
 # Third persona (Reginald the Regulator)
-curl -X 'PUT' http://localhost:9020/v1/members/$heidi \
+curl -s -X 'PUT' http://localhost:9020/v1/members/$heidi \
   -H 'Content-Type: application/json' \
-  -d '{"alias":"Heidi"}'
+  -d '{"alias":"Heidi"}' | jq -r
 
-curl -X 'PUT' http://localhost:9020/v1/members/$emma \
+curl -s -X 'PUT' http://localhost:9020/v1/members/$emma \
   -H 'Content-Type: application/json' \
-  -d '{"alias": "Emma"}'
+  -d '{"alias": "Emma"}' | jq -r
 
-curl -X 'PUT' http://localhost:9020/v1/members/$reginald \
+curl -s -X 'PUT' http://localhost:9020/v1/members/$reginald \
   -H 'Content-Type: application/json' \
-  -d '{"alias": "Reginald"}'
+  -d '{"alias": "Reginald"}' | jq -r
diff --git a/scripts/5_revoke_certificate.sh b/scripts/5_revoke_certificate.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+# Run script using 'source ./5_revoke_certificate.sh' or '. ./5_revoke_certificate.sh'
+
+reggie_response=$(curl -s -X 'GET' http://localhost:8020/v1/certificate -H 'accept: application/json')
+
+export reggie_local_id=$(echo $reggie_response | jq -r '.[] | .id')
+
+echo "Reginald the Regulator submits the documentation explaining the grounds for revocation"
+
+file_id=$(curl -s -X 'POST' http://localhost:8020/v1/attachment \
+  -H 'accept: application/json' \
+  -H 'Content-Type: multipart/form-data' \
+  -F 'file=@Revocation_Reason.pdf;type=application/pdf' | jq -r .id)
+
+sleep 2
+
+echo "Reginald the Regulator now revokes the certificate"
+
+revoked_cert=$(curl -s -X 'POST' http://localhost:8020/v1/certificate/$reggie_local_id/revocation \
+  -H 'accept: application/json' \
+  -H 'Content-Type: application/json' \
+  -d '{
+  "reason": "'"$file_id"'"
+}')
+
+sleep 1 
+
+echo "Waiting for certificate to be revoked on-chain"
+
+state=$(curl -s http://localhost:8020/v1/certificate/$reggie_local_id -H 'accept: application/json' | jq -r .state)
+
+while [ "$state" != "revoked" ] 
+do 
+sleep 2
+state=$(curl -s http://localhost:8020/v1/certificate/$reggie_local_id -H 'accept: application/json' | jq -r .state)
+echo $state
+done
+
+echo "The final certificate as seen by the Regulator"
+
+curl -s http://localhost:8020/v1/certificate/$reggie_local_id -H 'accept: application/json' | jq -r
diff --git a/scripts/Revocation_Reason.pdf b/scripts/Revocation_Reason.pdf
diff --git a/scripts/basic-demo.md b/scripts/basic-demo.md
@@ -91,4 +91,17 @@ You will first check that this additional private data matches against that whic
 
 You will then add the eCO2 to the `initialised` certificate on the ledger and the final certificate will be `issued`.
 
-Run `. ./4_add_eCO2.sh`
+Run `. ./4_add_eCO2.sh`
+
+
+### 5. Revoke the certificate
+
+Reginald the Regulator has identified a problem with this hydrogen certificate. The reasons for revocation are contained within the PDF document titled `Revocation_Reason.pdf`.
+
+Inform the audience that Reginald will first upload the document explaining the grounds for revocation into the system, and then trigger the revocation of the certificate.
+
+This revocation will then be finalised by the shared `ledger` so that both the reason and revocation are visible by all.
+
+Run `. ./5_revoke_certificate.sh`
+
+It is important to state that the system is designed like this to prevent revocation from happening without a reason first being given and indelibly linked to the certificate that it is revoking.