Skip to content

Commit

Permalink
[INJICERT-657] pass keyID from CertifyIssuanceImpl
Browse files Browse the repository at this point in the history
Other changes:

* more renames, changes to scripts & SQL files

Signed-off-by: Harsh Vardhan <[email protected]>
  • Loading branch information
vharsh committed Dec 17, 2024
1 parent a2fa2f8 commit 675118c
Show file tree
Hide file tree
Showing 42 changed files with 137 additions and 132 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ public class Constants {

public static final String UTC_DATETIME_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
public static final String SPACE = " ";
public static final String APPLICATION_ID = "applicationId";
public static final String REFERENCE_ID = "referenceId";

public static final String C_NONCE = "c_nonce";
public static final String C_NONCE_EXPIRES_IN = "c_nonce_expires_in";
Expand All @@ -20,4 +22,7 @@ public class Constants {
public static final String ROOT_KEY = "ROOT";
public static final String EMPTY_REF_ID = "";
public static final String ED25519_REF_ID = "ED25519_SIGN";
public static final String TEMPLATE_NAME = "templateName";
public static final String ISSUER_URI = "issuerURI";
public static final String RENDERING_TEMPLATE = "svgTemplate";
}
Original file line number Diff line number Diff line change
@@ -1,15 +1,8 @@
package io.mosip.certify.core.exception;

import io.mosip.certify.core.constants.ErrorConstants;

public class TemplateException extends RuntimeException {
private String errorCode;

public TemplateException() {
super(ErrorConstants.UNKNOWN_ERROR);
this.errorCode = ErrorConstants.UNKNOWN_ERROR;
}

public TemplateException(String errorCode) {
super(errorCode);
this.errorCode = errorCode;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@
@EnableAsync
@EnableCaching
@SpringBootApplication(scanBasePackages = "io.mosip.certify,"+
"io.mosip.certify.services.repository," +
"io.mosip.certify.services.entity," +
"io.mosip.certify.repository," +
"io.mosip.certify.entity," +
"io.mosip.kernel.crypto," +
"io.mosip.kernel.keymanager.hsm," +
"io.mosip.kernel.cryptomanager," +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@
import org.springframework.web.client.RestTemplate;

@Configuration
@EnableJpaRepositories(basePackages = {"io.mosip.kernel.keymanagerservice.repository", "io.mosip.certify.services.repository"})
@EntityScan(basePackages = {"io.mosip.kernel.keymanagerservice.entity, io.mosip.certify.services.entity"})
@EnableJpaRepositories(basePackages = {"io.mosip.kernel.keymanagerservice.repository", "io.mosip.certify.repository"})
@EntityScan(basePackages = {"io.mosip.kernel.keymanagerservice.entity, io.mosip.certify.entity"})
@Slf4j
public class AppConfig implements ApplicationRunner {

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.mosip.certify.services.entity.RenderingTemplate;
import io.mosip.certify.services.repository.RenderingTemplateRepository;
import io.mosip.certify.entity.RenderingTemplate;
import io.mosip.certify.repository.RenderingTemplateRepository;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/
package io.mosip.certify.controller;

import io.mosip.certify.services.entity.RenderingTemplate;
import io.mosip.certify.entity.RenderingTemplate;
import io.mosip.certify.core.exception.TemplateException;
import io.mosip.certify.services.spi.RenderingTemplateService;
import lombok.extern.slf4j.Slf4j;
Expand All @@ -24,14 +24,14 @@

@Slf4j
@RestController
@RequestMapping("/public")
@RequestMapping("/rendering-template")
public class RenderingTemplateController {
@Value("${mosip.certify.rendering-template.cache-max-age-days:1}")
Integer maxAgeDays;
@Autowired
RenderingTemplateService renderingTemplateService;

@GetMapping("/rendering-template/{id}")
@GetMapping("/{id}")
public ResponseEntity<String> serveSvgTemplate(@PathVariable String id) throws TemplateException {
RenderingTemplate template = renderingTemplateService.getSvgTemplate(id);
return ResponseEntity.ok()
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package io.mosip.certify.services.entity;
package io.mosip.certify.entity;


import jakarta.persistence.Entity;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
package io.mosip.certify.services.entity;
package io.mosip.certify.entity;

import io.mosip.certify.core.constants.ErrorConstants;
import jakarta.persistence.*;
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package io.mosip.certify.services.entity;
package io.mosip.certify.entity;

import lombok.*;

Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package io.mosip.certify.services.proofgenerators;
package io.mosip.certify.proofgenerators;

import com.danubetech.keyformats.jose.JWSAlgorithm;
import info.weboftrust.ldsignatures.LdProof;
Expand All @@ -13,6 +13,8 @@
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;

import java.util.Map;

/**
* Ed25519SignatureAlgorithm2018 as per https://w3c-ccg.github.io/lds-ed25519-2018/
*/
Expand All @@ -35,9 +37,11 @@ public Canonicalizer getCanonicalizer() {
}

@Override
public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash) {
public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash, Map<String, String> keyID) {
JWSSignatureRequestDto payload = new JWSSignatureRequestDto();
payload.setDataToSign(vcEncodedHash);
payload.setApplicationId(keyID.get(Constants.APPLICATION_ID));
payload.setReferenceId(keyID.get(Constants.REFERENCE_ID));
payload.setApplicationId(Constants.CERTIFY_VC_SIGN_ED25519);
payload.setReferenceId(Constants.ED25519_REF_ID); // alg, empty = RSA
payload.setIncludePayload(false);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package io.mosip.certify.services.proofgenerators;
package io.mosip.certify.proofgenerators;

import com.danubetech.keyformats.jose.JWSAlgorithm;
import info.weboftrust.ldsignatures.LdProof;
Expand All @@ -13,6 +13,8 @@
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;

import java.util.Map;

/**
* Ed25519SignatureAlgorithm2020 as per
* https://www.w3.org/community/reports/credentials/CG-FINAL-di-eddsa-2020-20220724/
Expand All @@ -37,8 +39,10 @@ public Canonicalizer getCanonicalizer() {
}

@Override
public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash) {
public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash, Map<String, String> keyID) {
SignRequestDtoV2 srd = new SignRequestDtoV2();
srd.setApplicationId(keyID.get(Constants.APPLICATION_ID));
srd.setReferenceId(keyID.get(Constants.REFERENCE_ID));
srd.setApplicationId(Constants.CERTIFY_VC_SIGN_ED25519);
srd.setReferenceId(Constants.ED25519_REF_ID);
srd.setDataToSign(vcEncodedHash);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
package io.mosip.certify.services.proofgenerators;
package io.mosip.certify.proofgenerators;

import info.weboftrust.ldsignatures.LdProof;
import info.weboftrust.ldsignatures.canonicalizer.Canonicalizer;

import java.util.Map;

/**
* ProofGenerator is a helper class for KeymanagerLibSigner
* to better deal with multiple signature algorithms for JSON-LD VCs.
Expand All @@ -27,5 +29,5 @@ public interface ProofGenerator {
* @param vcHash is the output of the
* @return
*/
LdProof generateProof(LdProof vcLdProof, String vcHash);
LdProof generateProof(LdProof vcLdProof, String vcHash, Map<String, String> keyID);
}
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package io.mosip.certify.services.proofgenerators;
package io.mosip.certify.proofgenerators;

import com.danubetech.keyformats.jose.JWSAlgorithm;
import info.weboftrust.ldsignatures.LdProof;
Expand All @@ -15,6 +15,7 @@

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;

@Component
@ConditionalOnProperty(name = "mosip.certify.data-provider-plugin.issuer.vc-sign-algo", havingValue = SignatureAlg.RSA_SIGNATURE_SUITE_2018)
Expand All @@ -35,12 +36,12 @@ public Canonicalizer getCanonicalizer() {
}

@Override
public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash) {
public LdProof generateProof(LdProof vcLdProof, String vcEncodedHash, Map<String, String> keyID) {
String vcEncodedData = Base64.getUrlEncoder().encodeToString(vcEncodedHash.getBytes(StandardCharsets.UTF_8));
JWSSignatureRequestDto payload = new JWSSignatureRequestDto();
payload.setDataToSign(vcEncodedData);
payload.setApplicationId(Constants.CERTIFY_VC_SIGN_RSA);
payload.setReferenceId(Constants.EMPTY_REF_ID); // alg, empty = RSA
payload.setApplicationId(keyID.get(Constants.APPLICATION_ID));
payload.setReferenceId(keyID.get(Constants.REFERENCE_ID)); // alg, empty = RSA
payload.setIncludePayload(false);
payload.setIncludeCertificate(false);
payload.setIncludeCertHash(true);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
package io.mosip.certify.services.repository;
package io.mosip.certify.repository;

import io.mosip.certify.services.entity.CredentialTemplate;
import io.mosip.certify.services.entity.TemplateId;
import io.mosip.certify.entity.CredentialTemplate;
import io.mosip.certify.entity.TemplateId;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;

import java.util.Optional;

@Repository
public interface TemplateRepository extends JpaRepository<CredentialTemplate, TemplateId> {
public interface CredentialTemplateRepository extends JpaRepository<CredentialTemplate, TemplateId> {
Optional<CredentialTemplate> findByCredentialTypeAndContext(String credentialType, String context);
// NOTE: best practice? .save()
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
*/
package io.mosip.certify.services.repository;
package io.mosip.certify.repository;

import io.mosip.certify.services.entity.RenderingTemplate;
import io.mosip.certify.entity.RenderingTemplate;
import org.springframework.data.jpa.repository.JpaRepository;

public interface RenderingTemplateRepository extends JpaRepository<RenderingTemplate, String> {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
import io.mosip.certify.api.spi.*;
import io.mosip.certify.api.util.Action;
import io.mosip.certify.api.util.ActionStatus;
import io.mosip.certify.core.constants.SignatureAlg;
import io.mosip.certify.core.constants.VCFormats;
import io.mosip.certify.core.dto.CredentialMetadata;
import io.mosip.certify.core.dto.CredentialRequest;
Expand All @@ -27,13 +28,12 @@
import io.mosip.certify.core.util.AuditHelper;
import io.mosip.certify.core.util.SecurityHelperService;
import io.mosip.certify.services.spi.DataProviderPlugin;
import io.mosip.certify.services.spi.VCFormatter;
import io.mosip.certify.services.spi.VCSigner;
import io.mosip.certify.services.validators.CredentialRequestValidator;
import io.mosip.certify.services.vcformatters.VCFormatter;
import io.mosip.certify.services.vcsigners.VCSigner;
import io.mosip.certify.validators.CredentialRequestValidator;
import io.mosip.certify.exception.InvalidNonceException;
import io.mosip.certify.proof.ProofValidator;
import io.mosip.certify.proof.ProofValidatorFactory;
import io.mosip.certify.services.templating.VelocityTemplatingConstants;
import io.mosip.certify.utils.CredentialUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
Expand All @@ -50,9 +50,15 @@

@Slf4j
@Service
@ConditionalOnProperty(value = "mosip.certify.issuer", havingValue = "CertifyIssuer")
@ConditionalOnProperty(value = "mosip.certify.plugin-mode", havingValue = "DataProvider")
public class CertifyIssuanceServiceImpl implements VCIssuanceService {

public static final Map<String, List<String>> keyChooser = Map.of(
SignatureAlg.RSA_SIGNATURE_SUITE_2018, List.of(Constants.CERTIFY_VC_SIGN_RSA, Constants.EMPTY_REF_ID),
SignatureAlg.ED25519_SIGNATURE_SUITE_2018, List.of(Constants.CERTIFY_VC_SIGN_ED25519, Constants.ED25519_REF_ID),
SignatureAlg.ED25519_SIGNATURE_SUITE_2020, List.of(Constants.CERTIFY_VC_SIGN_ED25519, Constants.ED25519_REF_ID));
@Value("${mosip.certify.data-provider-plugin.issuer.vc-sign-algo}")
private String vcSignAlgorithm;
@Value("#{${mosip.certify.key-values}}")
private LinkedHashMap<String, LinkedHashMap<String, Object>> issuerMetadata;

Expand Down Expand Up @@ -283,13 +289,17 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
// TODO(multitenancy): later decide which plugin out of n plugins is the correct one
JSONObject jsonObject = dataProviderPlugin.fetchData(parsedAccessToken.getClaims());
Map<String, Object> templateParams = new HashMap<>();
templateParams.put(VelocityTemplatingConstants.TEMPLATE_NAME, CredentialUtils.getTemplateName(vcRequestDto));
templateParams.put(VelocityTemplatingConstants.ISSUER_URI, issuerURI);
templateParams.put(Constants.TEMPLATE_NAME, CredentialUtils.getTemplateName(vcRequestDto));
templateParams.put(Constants.ISSUER_URI, issuerURI);
if (!StringUtils.isEmpty(svgTemplateId)) {
templateParams.put(VelocityTemplatingConstants.SVG_TEMPLATE, svgTemplateId);
templateParams.put(Constants.RENDERING_TEMPLATE, svgTemplateId);
}
String unSignedVC = vcFormatter.format(jsonObject, templateParams);
vcResult = vcSigner.attachSignature(unSignedVC);
Map<String, String> signerSettings = new HashMap<>();
// NOTE: This is a quasi implementation to add support for multi-tenancy.
signerSettings.put(Constants.APPLICATION_ID, keyChooser.get(vcSignAlgorithm).getFirst());
signerSettings.put(Constants.REFERENCE_ID, keyChooser.get(vcSignAlgorithm).getLast());
vcResult = vcSigner.attachSignature(unSignedVC, signerSettings);
} catch(DataProviderExchangeException e) {
throw new CertifyException(e.getErrorCode());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
package io.mosip.certify.services;

import io.mosip.certify.core.constants.ErrorConstants;
import io.mosip.certify.services.entity.RenderingTemplate;
import io.mosip.certify.entity.RenderingTemplate;
import io.mosip.certify.core.exception.TemplateException;
import io.mosip.certify.services.repository.RenderingTemplateRepository;
import io.mosip.certify.repository.RenderingTemplateRepository;
import io.mosip.certify.services.spi.RenderingTemplateService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
import io.mosip.certify.core.spi.VCIssuanceService;
import io.mosip.certify.core.util.AuditHelper;
import io.mosip.certify.core.util.SecurityHelperService;
import io.mosip.certify.services.validators.CredentialRequestValidator;
import io.mosip.certify.validators.CredentialRequestValidator;
import io.mosip.certify.exception.InvalidNonceException;
import io.mosip.certify.proof.ProofValidator;
import io.mosip.certify.proof.ProofValidatorFactory;
Expand All @@ -45,7 +45,7 @@

@Slf4j
@Service
@ConditionalOnProperty(value = "mosip.certify.issuer", havingValue = "PluginIssuer")
@ConditionalOnProperty(value = "mosip.certify.plugin-mode", havingValue = "VCIssuance")
public class VCIssuanceServiceImpl implements VCIssuanceService {

@Value("#{${mosip.certify.key-values}}")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

/**
* DataProviderPlugin is implemented by VC plugin
* implementors who want to make use of the CertifyIssuer to generate the VC.
* implementors who want to make use of the Certify to generate the VC.
* Data is fetched from a Plugin implementation, templated using {@link VCFormatter}
* and then signed using {@link VCSigner}.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/
package io.mosip.certify.services.spi;

import io.mosip.certify.services.entity.RenderingTemplate;
import io.mosip.certify.entity.RenderingTemplate;


public interface RenderingTemplateService {
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
package io.mosip.certify.services.spi;
package io.mosip.certify.services.vcformatters;

import java.util.Map;

import org.json.JSONObject;

import java.util.Map;
/**
* VCDataModelFormatter is a templating engine which takes @param templateInput and returns a templated VC.
* Some implementations include
Expand All @@ -17,12 +16,4 @@ public interface VCFormatter {
* @return a templated & unsigned VC
*/
String format(JSONObject valueMap, Map<String, Object> templateSettings);

/**
* an internal method for VCFormatters to fetch a VC template as per the key
*
* @param key an identifier for a VC template
* @return Template String against a @param key
*/
String getTemplate(String key);
}
Loading

0 comments on commit 675118c

Please sign in to comment.