@@ -1208,19 +1208,33 @@ async def revoke_pending_credentials(
1208
1208
Tuple with the update revocation list, list of cred rev ids not revoked
1209
1209
1210
1210
"""
1211
+ LOGGER .info (
1212
+ "Starting revocation process for registry %s with "
1213
+ "additional_crids=%s, limit_crids=%s" ,
1214
+ revoc_reg_id ,
1215
+ additional_crids ,
1216
+ limit_crids ,
1217
+ )
1211
1218
updated_list = None
1212
1219
failed_crids = set ()
1213
1220
max_attempt = 5
1214
1221
attempt = 0
1215
1222
1216
1223
while True :
1217
1224
attempt += 1
1225
+ LOGGER .debug ("Revocation attempt %d/%d" , attempt , max_attempt )
1218
1226
if attempt >= max_attempt :
1227
+ LOGGER .error (
1228
+ "Max attempts (%d) reached while trying to update registry %s" ,
1229
+ max_attempt ,
1230
+ revoc_reg_id ,
1231
+ )
1219
1232
raise AnonCredsRevocationError (
1220
1233
"Repeated conflict attempting to update registry"
1221
1234
)
1222
1235
try :
1223
1236
async with self .profile .session () as session :
1237
+ LOGGER .debug ("Fetching revocation registry data for %s" , revoc_reg_id )
1224
1238
rev_reg_def_entry = await session .handle .fetch (
1225
1239
CATEGORY_REV_REG_DEF , revoc_reg_id
1226
1240
)
@@ -1231,6 +1245,11 @@ async def revoke_pending_credentials(
1231
1245
CATEGORY_REV_REG_DEF_PRIVATE , revoc_reg_id
1232
1246
)
1233
1247
except AskarError as err :
1248
+ LOGGER .error (
1249
+ "Failed to retrieve revocation registry data for %s: %s" ,
1250
+ revoc_reg_id ,
1251
+ str (err ),
1252
+ )
1234
1253
raise AnonCredsRevocationError (
1235
1254
"Error retrieving revocation registry"
1236
1255
) from err
@@ -1240,41 +1259,53 @@ async def revoke_pending_credentials(
1240
1259
or not rev_list_entry
1241
1260
or not rev_reg_def_private_entry
1242
1261
):
1262
+ missing_data = []
1263
+ if not rev_reg_def_entry :
1264
+ missing_data .append ("revocation registry definition" )
1265
+ if not rev_list_entry :
1266
+ missing_data .append ("revocation list" )
1267
+ if not rev_reg_def_private_entry :
1268
+ missing_data .append ("revocation registry private definition" )
1269
+ LOGGER .error (
1270
+ "Missing required revocation registry data for %s: %s" ,
1271
+ revoc_reg_id ,
1272
+ ", " .join (missing_data ),
1273
+ )
1243
1274
raise AnonCredsRevocationError (
1244
- (
1245
- "Missing required revocation registry data: "
1246
- "revocation registry definition"
1247
- if not rev_reg_def_entry
1248
- else ""
1249
- ),
1250
- "revocation list" if not rev_list_entry else "" ,
1251
- (
1252
- "revocation registry private definition"
1253
- if not rev_reg_def_private_entry
1254
- else ""
1255
- ),
1275
+ f"Missing required revocation registry data: { ' ' .join (missing_data )} "
1256
1276
)
1257
1277
1258
1278
try :
1259
1279
async with self .profile .session () as session :
1280
+ cred_def_id = rev_reg_def_entry .value_json ["credDefId" ]
1281
+ LOGGER .debug ("Fetching credential definition %s" , cred_def_id )
1260
1282
cred_def_entry = await session .handle .fetch (
1261
- CATEGORY_CRED_DEF , rev_reg_def_entry . value_json [ "credDefId" ]
1283
+ CATEGORY_CRED_DEF , cred_def_id
1262
1284
)
1263
1285
except AskarError as err :
1286
+ LOGGER .error (
1287
+ "Failed to retrieve credential definition %s: %s" ,
1288
+ cred_def_id ,
1289
+ str (err ),
1290
+ )
1264
1291
raise AnonCredsRevocationError (
1265
- f"Error retrieving cred def { rev_reg_def_entry . value_json [ 'credDefId' ] } " # noqa: E501
1292
+ f"Error retrieving cred def { cred_def_id } "
1266
1293
) from err
1267
1294
1268
1295
try :
1269
1296
# TODO This is a little rough; stored tails location will have public uri
1270
1297
# but library needs local tails location
1298
+ LOGGER .debug ("Deserializing revocation registry data" )
1271
1299
rev_reg_def = RevRegDef .deserialize (rev_reg_def_entry .value_json )
1272
1300
rev_reg_def .value .tails_location = self .get_local_tails_path (rev_reg_def )
1273
1301
cred_def = CredDef .deserialize (cred_def_entry .value_json )
1274
1302
rev_reg_def_private = RevocationRegistryDefinitionPrivate .load (
1275
1303
rev_reg_def_private_entry .value_json
1276
1304
)
1277
1305
except AnoncredsError as err :
1306
+ LOGGER .error (
1307
+ "Failed to load revocation registry definition: %s" , str (err )
1308
+ )
1278
1309
raise AnonCredsRevocationError (
1279
1310
"Error loading revocation registry definition"
1280
1311
) from err
@@ -1286,21 +1317,29 @@ async def revoke_pending_credentials(
1286
1317
cred_revoc_ids = (rev_info ["pending" ] or []) + (additional_crids or [])
1287
1318
rev_list = RevList .deserialize (rev_info ["rev_list" ])
1288
1319
1320
+ LOGGER .info (
1321
+ "Processing %d credential revocation IDs for registry %s" ,
1322
+ len (cred_revoc_ids ),
1323
+ revoc_reg_id ,
1324
+ )
1325
+
1289
1326
for rev_id in cred_revoc_ids :
1290
1327
if rev_id < 1 or rev_id > max_cred_num :
1291
1328
LOGGER .error (
1292
1329
"Skipping requested credential revocation "
1293
- "on rev reg id %s, cred rev id=%s not in range" ,
1330
+ "on rev reg id %s, cred rev id=%s not in range (1-%d) " ,
1294
1331
revoc_reg_id ,
1295
1332
rev_id ,
1333
+ max_cred_num ,
1296
1334
)
1297
1335
failed_crids .add (rev_id )
1298
1336
elif rev_id >= rev_info ["next_index" ]:
1299
1337
LOGGER .warning (
1300
1338
"Skipping requested credential revocation "
1301
- "on rev reg id %s, cred rev id=%s not yet issued" ,
1339
+ "on rev reg id %s, cred rev id=%s not yet issued (next_index=%d) " ,
1302
1340
revoc_reg_id ,
1303
1341
rev_id ,
1342
+ rev_info ["next_index" ],
1304
1343
)
1305
1344
failed_crids .add (rev_id )
1306
1345
elif rev_list .revocation_list [rev_id ] == 1 :
@@ -1315,15 +1354,26 @@ async def revoke_pending_credentials(
1315
1354
rev_crids .add (rev_id )
1316
1355
1317
1356
if not rev_crids :
1357
+ LOGGER .info (
1358
+ "No valid credentials to revoke for registry %s" , revoc_reg_id
1359
+ )
1318
1360
break
1319
1361
1320
- if limit_crids is None :
1362
+ if limit_crids is None or limit_crids == [] :
1321
1363
skipped_crids = set ()
1322
1364
else :
1323
1365
skipped_crids = rev_crids - set (limit_crids )
1324
1366
rev_crids = rev_crids - skipped_crids
1325
1367
1368
+ LOGGER .info (
1369
+ "Revoking %d credentials, skipping %d credentials for registry %s" ,
1370
+ len (rev_crids ),
1371
+ len (skipped_crids ),
1372
+ revoc_reg_id ,
1373
+ )
1374
+
1326
1375
try :
1376
+ LOGGER .debug ("Updating revocation list with new revocations" )
1327
1377
updated_list = await asyncio .get_event_loop ().run_in_executor (
1328
1378
None ,
1329
1379
lambda : rev_list .to_native ().update (
@@ -1336,25 +1386,31 @@ async def revoke_pending_credentials(
1336
1386
),
1337
1387
)
1338
1388
except AnoncredsError as err :
1389
+ LOGGER .error ("Failed to update revocation registry: %s" , str (err ))
1339
1390
raise AnonCredsRevocationError (
1340
1391
"Error updating revocation registry"
1341
1392
) from err
1342
1393
1343
1394
try :
1344
1395
async with self .profile .transaction () as txn :
1396
+ LOGGER .debug ("Saving updated revocation list" )
1345
1397
rev_info_upd = await txn .handle .fetch (
1346
1398
CATEGORY_REV_LIST , revoc_reg_id , for_update = True
1347
1399
)
1348
1400
if not rev_info_upd :
1349
1401
LOGGER .warning (
1350
- f"Revocation registry missing, skipping update: { revoc_reg_id } " # noqa: E501
1402
+ "Revocation registry %s missing during update, skipping" ,
1403
+ revoc_reg_id ,
1351
1404
)
1352
1405
updated_list = None
1353
1406
break
1354
1407
tags = rev_info_upd .tags
1355
1408
rev_info_upd = rev_info_upd .value_json
1356
1409
if rev_info_upd != rev_info :
1357
- # handle concurrent update to the registry by retrying
1410
+ LOGGER .debug (
1411
+ "Concurrent update detected for registry %s, retrying" ,
1412
+ revoc_reg_id ,
1413
+ )
1358
1414
continue
1359
1415
rev_info_upd ["rev_list" ] = updated_list .to_dict ()
1360
1416
rev_info_upd ["pending" ] = (
@@ -1368,18 +1424,30 @@ async def revoke_pending_credentials(
1368
1424
tags = tags ,
1369
1425
)
1370
1426
await txn .commit ()
1427
+ LOGGER .info (
1428
+ "Successfully updated revocation list for registry %s" ,
1429
+ revoc_reg_id ,
1430
+ )
1371
1431
except AskarError as err :
1432
+ LOGGER .error ("Failed to save revocation registry: %s" , str (err ))
1372
1433
raise AnonCredsRevocationError (
1373
1434
"Error saving revocation registry"
1374
1435
) from err
1375
1436
break
1376
1437
1377
- return RevokeResult (
1438
+ result = RevokeResult (
1378
1439
prev = rev_list ,
1379
1440
curr = RevList .from_native (updated_list ) if updated_list else None ,
1380
1441
revoked = list (rev_crids ),
1381
1442
failed = [str (rev_id ) for rev_id in sorted (failed_crids )],
1382
1443
)
1444
+ LOGGER .info (
1445
+ "Completed revocation process for registry %s: %d revoked, %d failed" ,
1446
+ revoc_reg_id ,
1447
+ len (result .revoked ),
1448
+ len (result .failed ),
1449
+ )
1450
+ return result
1383
1451
1384
1452
async def mark_pending_revocations (self , rev_reg_def_id : str , * crids : int ):
1385
1453
"""Cred rev ids stored to publish later."""
0 commit comments