[INJICERT-434] generate RSA key for signing VCs

Signed-off-by: Harsh Vardhan <[email protected]>
mosip · Oct 8, 2024 · 5710c5e · 5710c5e
1 parent d5200b7
commit 5710c5e
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 10 deletions.
diff --git a/certify-core/src/main/java/io/mosip/certify/core/constants/Constants.java b/certify-core/src/main/java/io/mosip/certify/core/constants/Constants.java
@@ -15,5 +15,6 @@ public class Constants {
     public static final String CLIENT_ID = "client_id";
     public static final String CERTIFY_PARTNER_APP_ID = "CERTIFY_PARTNER";
     public static final String CERTIFY_SERVICE_APP_ID = "CERTIFY_SERVICE";
+    public static final String CERTIFY_MOCK_RSA = "CERTIFY_MOCK_RSA";
     public static final String ROOT_KEY = "ROOT";
 }
diff --git a/certify-core/src/main/java/io/mosip/certify/core/entity/TemplateId.java b/certify-core/src/main/java/io/mosip/certify/core/entity/TemplateId.java
@@ -1,17 +1,18 @@
 package io.mosip.certify.core.entity;
 
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
 import java.io.Serializable;
 import java.util.Objects;
 
+@Data
+@AllArgsConstructor
+@NoArgsConstructor
 public class TemplateId implements Serializable {
     private String context;
     private String credentialType;
 
-    public TemplateId(String context, String credentialType) {
-        this.context = context;
-        this.credentialType = credentialType;
-    }
-
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;

diff --git a/certify-service/src/main/java/io/mosip/certify/config/AppConfig.java b/certify-service/src/main/java/io/mosip/certify/config/AppConfig.java
@@ -84,7 +84,11 @@ public void run(ApplicationArguments args) throws Exception {
         // Set the reference id to empty string, as keymanager is expecting the same for initialization
         masterKeyRequest.setReferenceId(org.apache.commons.lang3.StringUtils.EMPTY);
         keymanagerService.generateMasterKey(objectType, masterKeyRequest);
-        // TODO: Generate an EC & ED key. Ask Taheer.
+        // TODO: Generate an EC & ED key via K8s Job(INJICERT-469)
+        KeyPairGenerateRequestDto rsaKeyRequest = new KeyPairGenerateRequestDto();
+        rsaKeyRequest.setApplicationId(Constants.CERTIFY_MOCK_RSA);
+        rsaKeyRequest.setForce(false);
+        keymanagerService.generateMasterKey("certificate", rsaKeyRequest);
         if(!StringUtils.isEmpty(cacheSecretKeyRefId)) {
             SymmetricKeyGenerateRequestDto symmetricKeyGenerateRequestDto = new SymmetricKeyGenerateRequestDto();
             symmetricKeyGenerateRequestDto.setApplicationId(Constants.CERTIFY_SERVICE_APP_ID);

diff --git a/certify-service/src/main/java/io/mosip/certify/services/KeymanagerLibSigner.java b/certify-service/src/main/java/io/mosip/certify/services/KeymanagerLibSigner.java
@@ -1,6 +1,5 @@
 package io.mosip.certify.services;
 
-import com.apicatalog.jsonld.JsonLd;
 import foundation.identity.jsonld.JsonLDException;
 import foundation.identity.jsonld.JsonLDObject;
 import info.weboftrust.ldsignatures.LdProof;
@@ -64,8 +63,8 @@ public VCResult<JsonLDObject> perform(String templatedVC, Map<String, String> ke
         JWSSignatureRequestDto payload = new JWSSignatureRequestDto();
         // TODO: Set the alg
         payload.setDataToSign(vcEncodedData);
-        payload.setApplicationId(""); // set the key name
-        payload.setReferenceId(""); // alg
+        payload.setApplicationId(Constants.CERTIFY_MOCK_RSA);
+        payload.setReferenceId(""); // alg, empty = RSA
         payload.setIncludePayload(false);
         payload.setIncludeCertificate(false);
         payload.setIncludeCertHash(true);

diff --git a/certify-service/src/main/java/io/mosip/certify/services/VCIssuanceServiceImpl.java b/certify-service/src/main/java/io/mosip/certify/services/VCIssuanceServiceImpl.java
@@ -142,7 +142,9 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
                     if (CredentialUtils.isVC2_0Request(vcRequestDto)) {
                         try {
                             Map<String, Object> identityData = dataModelService.fetchData(parsedAccessToken.getClaims());
-                            String templatedVC = vcFormatter.format(identityData, null);
+                            Map<String, Object> templateParams = new HashMap<>();
+                            templateParams.put("templateName", CredentialUtils.getTemplateName(vcRequestDto));
+                            String templatedVC = vcFormatter.format(identityData, templateParams);
                             vcResult = vcSigner.perform(templatedVC, null);
                         } catch(DataProviderExchangeException e) {
                             throw new CertifyException(e.getErrorCode());

diff --git a/db_scripts/mosip_certify/dml/certify-key_policy_def.csv b/db_scripts/mosip_certify/dml/certify-key_policy_def.csv
@@ -2,3 +2,4 @@ app_id,key_validity_duration,pre_expire_days,access_allowed,is_active,cr_by,cr_d
 ROOT,2920,1125,NA,TRUE,mosipadmin,now()
 CERTIFY_SERVICE,1095,60,NA,TRUE,mosipadmin,now()
 CERTIFY_PARTNER,1095,60,NA,TRUE,mosipadmin,now()
+CERTIFY_MOCK_RSA|1095|60|NA|TRUE|mosipadmin|now()