[INJICERT-657] pass keyID from CertifyIssuanceImpl

Other changes:

* more renames, changes to scripts & SQL files

Signed-off-by: Harsh Vardhan <[email protected]>

certify-core/src/main/java/io/mosip/certify/core/constants/Constants.java

@@ -9,6 +9,8 @@ public class Constants {
 
     public static final String UTC_DATETIME_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
     public static final String SPACE = " ";
+    public static final String APPLICATION_ID = "applicationId";
+    public static final String REFERENCE_ID = "referenceId";
 
     public static final String C_NONCE = "c_nonce";
     public static final String C_NONCE_EXPIRES_IN = "c_nonce_expires_in";
@@ -20,4 +22,7 @@ public class Constants {
     public static final String ROOT_KEY = "ROOT";
     public static final String EMPTY_REF_ID = "";
     public static final String ED25519_REF_ID = "ED25519_SIGN";
+    public static final String TEMPLATE_NAME = "templateName";
+    public static final String ISSUER_URI = "issuerURI";
+    public static final String RENDERING_TEMPLATE = "svgTemplate";
 }

certify-core/src/main/java/io/mosip/certify/core/exception/TemplateException.java

@@ -1,15 +1,8 @@
 package io.mosip.certify.core.exception;
 
-import io.mosip.certify.core.constants.ErrorConstants;
-
 public class TemplateException extends RuntimeException {
     private String errorCode;
 
-    public TemplateException() {
-        super(ErrorConstants.UNKNOWN_ERROR);
-        this.errorCode = ErrorConstants.UNKNOWN_ERROR;
-    }
-
     public TemplateException(String errorCode) {
         super(errorCode);
         this.errorCode = errorCode;

certify-service/src/main/java/io/mosip/certify/CertifyServiceApplication.java

@@ -14,8 +14,8 @@
 @EnableAsync
 @EnableCaching
 @SpringBootApplication(scanBasePackages = "io.mosip.certify,"+
-        "io.mosip.certify.services.repository," +
-        "io.mosip.certify.services.entity," +
+        "io.mosip.certify.repository," +
+        "io.mosip.certify.entity," +
         "io.mosip.kernel.crypto," +
         "io.mosip.kernel.keymanager.hsm," +
         "io.mosip.kernel.cryptomanager," +

certify-service/src/main/java/io/mosip/certify/services/spi/DataProviderPlugin.java → certify-service/src/main/java/io/mosip/certify/api/spi/DataProviderPlugin.java

@@ -1,4 +1,4 @@
-package io.mosip.certify.services.spi;
+package io.mosip.certify.api.spi;
 
 import io.mosip.certify.api.exception.DataProviderExchangeException;
 import org.json.JSONObject;
@@ -7,7 +7,7 @@
 
 /**
  * DataProviderPlugin is implemented by VC plugin
- *  implementors who want to make use of the CertifyIssuer to generate the VC.
+ *  implementors who want to make use of the Certify to generate the VC.
  *  Data is fetched from a Plugin implementation, templated using {@link VCFormatter}
  *  and then signed using {@link VCSigner}.
  */

certify-service/src/main/java/io/mosip/certify/config/AppConfig.java

@@ -30,8 +30,8 @@
 import org.springframework.web.client.RestTemplate;
 
 @Configuration
-@EnableJpaRepositories(basePackages = {"io.mosip.kernel.keymanagerservice.repository", "io.mosip.certify.services.repository"})
-@EntityScan(basePackages = {"io.mosip.kernel.keymanagerservice.entity, io.mosip.certify.services.entity"})
+@EnableJpaRepositories(basePackages = {"io.mosip.kernel.keymanagerservice.repository", "io.mosip.certify.repository"})
+@EntityScan(basePackages = {"io.mosip.kernel.keymanagerservice.entity, io.mosip.certify.entity"})
 @Slf4j
 public class AppConfig implements ApplicationRunner {
 

certify-service/src/main/java/io/mosip/certify/config/TemplatesLoader.java

@@ -10,8 +10,8 @@
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import io.mosip.certify.services.entity.RenderingTemplate;
-import io.mosip.certify.services.repository.RenderingTemplateRepository;
+import io.mosip.certify.entity.RenderingTemplate;
+import io.mosip.certify.repository.RenderingTemplateRepository;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;

certify-service/src/main/java/io/mosip/certify/controller/RenderingTemplateController.java

@@ -5,7 +5,7 @@
  */
 package io.mosip.certify.controller;
 
-import io.mosip.certify.services.entity.RenderingTemplate;
+import io.mosip.certify.entity.RenderingTemplate;
 import io.mosip.certify.core.exception.TemplateException;
 import io.mosip.certify.services.spi.RenderingTemplateService;
 import lombok.extern.slf4j.Slf4j;
@@ -24,14 +24,14 @@
 
 @Slf4j
 @RestController
-@RequestMapping("/public")
+@RequestMapping("/rendering-template")
 public class RenderingTemplateController {
     @Value("${mosip.certify.rendering-template.cache-max-age-days:1}")
     Integer maxAgeDays;
     @Autowired
     RenderingTemplateService renderingTemplateService;
 
-    @GetMapping("/rendering-template/{id}")
+    @GetMapping("/{id}")
     public ResponseEntity<String> serveSvgTemplate(@PathVariable String id) throws TemplateException {
         RenderingTemplate template = renderingTemplateService.getSvgTemplate(id);
         return ResponseEntity.ok()

certify-service/src/main/java/io/mosip/certify/services/entity/CredentialTemplate.java → certify-service/src/main/java/io/mosip/certify/entity/CredentialTemplate.java

@@ -1,4 +1,4 @@
-package io.mosip.certify.services.entity;
+package io.mosip.certify.entity;
 
 
 import jakarta.persistence.Entity;

certify-service/src/main/java/io/mosip/certify/services/entity/RenderingTemplate.java → certify-service/src/main/java/io/mosip/certify/entity/RenderingTemplate.java

@@ -3,7 +3,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
-package io.mosip.certify.services.entity;
+package io.mosip.certify.entity;
 
 import io.mosip.certify.core.constants.ErrorConstants;
 import jakarta.persistence.*;

certify-service/src/main/java/io/mosip/certify/services/entity/TemplateId.java → certify-service/src/main/java/io/mosip/certify/entity/TemplateId.java

@@ -1,4 +1,4 @@
-package io.mosip.certify.services.entity;
+package io.mosip.certify.entity;
 
 import lombok.*;
 

certify-service/src/main/java/io/mosip/certify/services/proofgenerators/Ed25519Signature2018ProofGenerator.java → certify-service/src/main/java/io/mosip/certify/proofgenerators/Ed25519Signature2018ProofGenerator.java

@@ -1,4 +1,4 @@
-package io.mosip.certify.services.proofgenerators;
+package io.mosip.certify.proofgenerators;
 
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import info.weboftrust.ldsignatures.LdProof;
@@ -13,6 +13,8 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 
+import java.util.Map;
+
 /**
  * Ed25519SignatureAlgorithm2018 as per https://w3c-ccg.github.io/lds-ed25519-2018/
  */
@@ -35,9 +37,11 @@ public Canonicalizer getCanonicalizer() {
     }
 
     @Override
-    public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash) {
+    public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash, Map<String, String> keyID) {
         JWSSignatureRequestDto payload = new JWSSignatureRequestDto();
         payload.setDataToSign(vcEncodedHash);
+        payload.setApplicationId(keyID.get(Constants.APPLICATION_ID));
+        payload.setReferenceId(keyID.get(Constants.REFERENCE_ID));
         payload.setApplicationId(Constants.CERTIFY_VC_SIGN_ED25519);
         payload.setReferenceId(Constants.ED25519_REF_ID); // alg, empty = RSA
         payload.setIncludePayload(false);

certify-service/src/main/java/io/mosip/certify/services/proofgenerators/Ed25519Signature2020ProofGenerator.java → certify-service/src/main/java/io/mosip/certify/proofgenerators/Ed25519Signature2020ProofGenerator.java

@@ -1,4 +1,4 @@
-package io.mosip.certify.services.proofgenerators;
+package io.mosip.certify.proofgenerators;
 
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import info.weboftrust.ldsignatures.LdProof;
@@ -13,6 +13,8 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Component;
 
+import java.util.Map;
+
 /**
  * Ed25519SignatureAlgorithm2020 as per
  *  https://www.w3.org/community/reports/credentials/CG-FINAL-di-eddsa-2020-20220724/
@@ -37,8 +39,10 @@ public Canonicalizer getCanonicalizer() {
     }
 
     @Override
-    public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash) {
+    public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash, Map<String, String> keyID) {
         SignRequestDtoV2 srd = new SignRequestDtoV2();
+        srd.setApplicationId(keyID.get(Constants.APPLICATION_ID));
+        srd.setReferenceId(keyID.get(Constants.REFERENCE_ID));
         srd.setApplicationId(Constants.CERTIFY_VC_SIGN_ED25519);
         srd.setReferenceId(Constants.ED25519_REF_ID);
         srd.setDataToSign(vcEncodedHash);

certify-service/src/main/java/io/mosip/certify/services/proofgenerators/ProofGenerator.java → certify-service/src/main/java/io/mosip/certify/proofgenerators/ProofGenerator.java

@@ -1,8 +1,10 @@
-package io.mosip.certify.services.proofgenerators;
+package io.mosip.certify.proofgenerators;
 
 import info.weboftrust.ldsignatures.LdProof;
 import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer;
 
+import java.util.Map;
+
 /**
  *  ProofGenerator is a helper class for KeymanagerLibSigner
  *  to better deal with multiple signature algorithms for JSON-LD VCs.
@@ -27,5 +29,5 @@ public interface ProofGenerator {
      * @param vcHash is the output of the
      * @return
      */
-    LdProof generateProof(LdProof vcLdProof, String vcHash);
+    LdProof generateProof(LdProof vcLdProof, String vcHash, Map<String, String> keyID);
 }

certify-service/src/main/java/io/mosip/certify/services/proofgenerators/RSASignature2018ProofGenerator.java → certify-service/src/main/java/io/mosip/certify/proofgenerators/RSASignature2018ProofGenerator.java

@@ -1,4 +1,4 @@
-package io.mosip.certify.services.proofgenerators;
+package io.mosip.certify.proofgenerators;
 
 import com.danubetech.keyformats.jose.JWSAlgorithm;
 import info.weboftrust.ldsignatures.LdProof;
@@ -15,6 +15,7 @@
 
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
+import java.util.Map;
 
 @Component
 @ConditionalOnProperty(name = "mosip.certify.data-provider-plugin.issuer.vc-sign-algo", havingValue = SignatureAlg.RSA_SIGNATURE_SUITE_2018)
@@ -35,12 +36,12 @@ public Canonicalizer getCanonicalizer() {
     }
 
     @Override
-    public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash) {
+    public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash, Map<String, String> keyID) {
         String vcEncodedData = Base64.getUrlEncoder().encodeToString(vcEncodedHash.getBytes(StandardCharsets.UTF_8));
         JWSSignatureRequestDto payload = new JWSSignatureRequestDto();
         payload.setDataToSign(vcEncodedData);
-        payload.setApplicationId(Constants.CERTIFY_VC_SIGN_RSA);
-        payload.setReferenceId(Constants.EMPTY_REF_ID); // alg, empty = RSA
+        payload.setApplicationId(keyID.get(Constants.APPLICATION_ID));
+        payload.setReferenceId(keyID.get(Constants.REFERENCE_ID)); // alg, empty = RSA
         payload.setIncludePayload(false);
         payload.setIncludeCertificate(false);
         payload.setIncludeCertHash(true);

certify-service/src/main/java/io/mosip/certify/services/repository/TemplateRepository.java → certify-service/src/main/java/io/mosip/certify/repository/CredentialTemplateRepository.java

@@ -1,14 +1,14 @@
-package io.mosip.certify.services.repository;
+package io.mosip.certify.repository;
 
-import io.mosip.certify.services.entity.CredentialTemplate;
-import io.mosip.certify.services.entity.TemplateId;
+import io.mosip.certify.entity.CredentialTemplate;
+import io.mosip.certify.entity.TemplateId;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
 import java.util.Optional;
 
 @Repository
-public interface TemplateRepository extends JpaRepository<CredentialTemplate, TemplateId> {
+public interface CredentialTemplateRepository extends JpaRepository<CredentialTemplate, TemplateId> {
     Optional<CredentialTemplate> findByCredentialTypeAndContext(String credentialType, String context);
     // NOTE: best practice? .save()
 }

certify-service/src/main/java/io/mosip/certify/services/repository/RenderingTemplateRepository.java → certify-service/src/main/java/io/mosip/certify/repository/RenderingTemplateRepository.java

@@ -3,9 +3,9 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
-package io.mosip.certify.services.repository;
+package io.mosip.certify.repository;
 
-import io.mosip.certify.services.entity.RenderingTemplate;
+import io.mosip.certify.entity.RenderingTemplate;
 import org.springframework.data.jpa.repository.JpaRepository;
 
 public interface RenderingTemplateRepository extends JpaRepository<RenderingTemplate, String> {

certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java

@@ -12,6 +12,7 @@
 import io.mosip.certify.api.spi.*;
 import io.mosip.certify.api.util.Action;
 import io.mosip.certify.api.util.ActionStatus;
+import io.mosip.certify.core.constants.SignatureAlg;
 import io.mosip.certify.core.constants.VCFormats;
 import io.mosip.certify.core.dto.CredentialMetadata;
 import io.mosip.certify.core.dto.CredentialRequest;
@@ -26,14 +27,13 @@
 import io.mosip.certify.core.spi.VCIssuanceService;
 import io.mosip.certify.core.util.AuditHelper;
 import io.mosip.certify.core.util.SecurityHelperService;
-import io.mosip.certify.services.spi.DataProviderPlugin;
-import io.mosip.certify.services.spi.VCFormatter;
-import io.mosip.certify.services.spi.VCSigner;
-import io.mosip.certify.services.validators.CredentialRequestValidator;
+import io.mosip.certify.api.spi.DataProviderPlugin;
+import io.mosip.certify.services.vcformatters.VCFormatter;
+import io.mosip.certify.services.vcsigners.VCSigner;
+import io.mosip.certify.validators.CredentialRequestValidator;
 import io.mosip.certify.exception.InvalidNonceException;
 import io.mosip.certify.proof.ProofValidator;
 import io.mosip.certify.proof.ProofValidatorFactory;
-import io.mosip.certify.services.templating.VelocityTemplatingConstants;
 import io.mosip.certify.utils.CredentialUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -50,9 +50,15 @@
 
 @Slf4j
 @Service
-@ConditionalOnProperty(value = "mosip.certify.issuer", havingValue = "CertifyIssuer")
+@ConditionalOnProperty(value = "mosip.certify.plugin-mode", havingValue = "DataProvider")
 public class CertifyIssuanceServiceImpl implements VCIssuanceService {
 
+    public static final Map<String, List<String>> keyChooser = Map.of(
+            SignatureAlg.RSA_SIGNATURE_SUITE_2018, List.of(Constants.CERTIFY_VC_SIGN_RSA, Constants.EMPTY_REF_ID),
+            SignatureAlg.ED25519_SIGNATURE_SUITE_2018, List.of(Constants.CERTIFY_VC_SIGN_ED25519, Constants.ED25519_REF_ID),
+            SignatureAlg.ED25519_SIGNATURE_SUITE_2020, List.of(Constants.CERTIFY_VC_SIGN_ED25519, Constants.ED25519_REF_ID));
+    @Value("${mosip.certify.data-provider-plugin.issuer.vc-sign-algo}")
+    private String vcSignAlgorithm;
     @Value("#{${mosip.certify.key-values}}")
     private LinkedHashMap<String, LinkedHashMap<String, Object>> issuerMetadata;
 
@@ -283,13 +289,17 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
                     // TODO(multitenancy): later decide which plugin out of n plugins is the correct one
                     JSONObject jsonObject = dataProviderPlugin.fetchData(parsedAccessToken.getClaims());
                     Map<String, Object> templateParams = new HashMap<>();
-                    templateParams.put(VelocityTemplatingConstants.TEMPLATE_NAME, CredentialUtils.getTemplateName(vcRequestDto));
-                    templateParams.put(VelocityTemplatingConstants.ISSUER_URI, issuerURI);
+                    templateParams.put(Constants.TEMPLATE_NAME, CredentialUtils.getTemplateName(vcRequestDto));
+                    templateParams.put(Constants.ISSUER_URI, issuerURI);
                     if (!StringUtils.isEmpty(svgTemplateId)) {
-                        templateParams.put(VelocityTemplatingConstants.SVG_TEMPLATE, svgTemplateId);
+                        templateParams.put(Constants.RENDERING_TEMPLATE, svgTemplateId);
                     }
                     String unSignedVC = vcFormatter.format(jsonObject, templateParams);
-                    vcResult = vcSigner.attachSignature(unSignedVC);
+                    Map<String, String> signerSettings = new HashMap<>();
+                    // NOTE: This is a quasi implementation to add support for multi-tenancy.
+                    signerSettings.put(Constants.APPLICATION_ID, keyChooser.get(vcSignAlgorithm).getFirst());
+                    signerSettings.put(Constants.REFERENCE_ID, keyChooser.get(vcSignAlgorithm).getLast());
+                    vcResult = vcSigner.attachSignature(unSignedVC, signerSettings);
                 } catch(DataProviderExchangeException e) {
                     throw new CertifyException(e.getErrorCode());
                 }

certify-service/src/main/java/io/mosip/certify/services/RenderingTemplateServiceImpl.java

@@ -6,9 +6,9 @@
 package io.mosip.certify.services;
 
 import io.mosip.certify.core.constants.ErrorConstants;
-import io.mosip.certify.services.entity.RenderingTemplate;
+import io.mosip.certify.entity.RenderingTemplate;
 import io.mosip.certify.core.exception.TemplateException;
-import io.mosip.certify.services.repository.RenderingTemplateRepository;
+import io.mosip.certify.repository.RenderingTemplateRepository;
 import io.mosip.certify.services.spi.RenderingTemplateService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;

certify-service/src/main/java/io/mosip/certify/services/VCIssuanceServiceImpl.java

@@ -28,7 +28,7 @@
 import io.mosip.certify.core.spi.VCIssuanceService;
 import io.mosip.certify.core.util.AuditHelper;
 import io.mosip.certify.core.util.SecurityHelperService;
-import io.mosip.certify.services.validators.CredentialRequestValidator;
+import io.mosip.certify.validators.CredentialRequestValidator;
 import io.mosip.certify.exception.InvalidNonceException;
 import io.mosip.certify.proof.ProofValidator;
 import io.mosip.certify.proof.ProofValidatorFactory;
@@ -45,7 +45,7 @@
 
 @Slf4j
 @Service
-@ConditionalOnProperty(value = "mosip.certify.issuer", havingValue = "PluginIssuer")
+@ConditionalOnProperty(value = "mosip.certify.plugin-mode", havingValue = "VCIssuance")
 public class VCIssuanceServiceImpl implements VCIssuanceService {
 
     @Value("#{${mosip.certify.key-values}}")

certify-service/src/main/java/io/mosip/certify/services/spi/RenderingTemplateService.java

@@ -5,7 +5,7 @@
  */
 package io.mosip.certify.services.spi;
 
-import io.mosip.certify.services.entity.RenderingTemplate;
+import io.mosip.certify.entity.RenderingTemplate;
 
 
 public interface RenderingTemplateService {