Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[INJICERT-248] Simplify configuration of the well-known config (#49) #64

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
+240 −340
Open

[INJICERT-248] Simplify configuration of the well-known config (#49) #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
234a5b4
[INJICERT-248] Simplify configuration of the well-known config (#49)
vharsh Jul 26, 2024
db6b6ed
[INJICERT-248] update URL of VCI well-known
vharsh Aug 9, 2024
a718e79
[INJICERT-248] remove old configurations
vharsh Aug 12, 2024
c937d45
[INJICERT-248] rename config keys
vharsh Aug 12, 2024
81c6c3d
[INJICERT-248] use local issuerMetadataConfig for local & test
vharsh Nov 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ Execute installation script
* Registry Url `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.registry-get-url`
* Template Url `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.template-url`
* Credential schema version `mosip.certify.vciplugin.sunbird-rc.credential-type.{credential type}.cred-schema-version`
* Change these properties for different credential types supported `mosip.certify.key-values` based on OID4VCI version.
* Change these properties for different credential types supported `mosip.certify.issuer-metadata.config-url` based on OID4VCI version.
## Web interface for VC Issuance (optional)
Expand Down
1 change: 1 addition & 0 deletions certify-core/src/main/java/io/mosip/certify/core/constants/ErrorConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,5 @@ public class ErrorConstants {
public static final String UNSUPPORTED_OPENID_VERSION = "unsupported_openid4vci_draft_version";
public static final String INVALID_TEMPLATE_ID = "template_with_id_not_found";
public static final String EMPTY_TEMPLATE_CONTENT = "empty_template_content";
public static final String MISSING_WELLKNOWN_CONFIG = "missing_wellknown_config";
}
52 changes: 46 additions & 6 deletions certify-service/src/main/java/io/mosip/certify/services/VCIssuanceServiceImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
*/
package io.mosip.certify.services;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import foundation.identity.jsonld.JsonLDObject;

import io.mosip.certify.api.dto.VCRequestDto;
Expand Down Expand Up @@ -32,19 +34,24 @@
import io.mosip.certify.exception.InvalidNonceException;
import io.mosip.certify.proof.ProofValidator;
import io.mosip.certify.proof.ProofValidatorFactory;
import jakarta.annotation.PostConstruct;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.security.oauth2.jwt.JwtClaimNames;
import org.springframework.stereotype.Service;
import org.springframework.web.client.RestTemplate;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Files;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.*;

@Slf4j
@Service
Expand All @@ -53,7 +60,12 @@ public class VCIssuanceServiceImpl implements VCIssuanceService {

private static final String TYPE_VERIFIABLE_CREDENTIAL = "VerifiableCredential";

@Value("#{${mosip.certify.key-values}}")
@Value("${mosip.certify.issuer-metadata.config-url}")
private String issuerMetadataConfigURL;

@Autowired
private RestTemplate restTemplate;

private LinkedHashMap<String, LinkedHashMap<String, Object>> issuerMetadata;
vishwa-vyom marked this conversation as resolved.
Show resolved Hide resolved

@Value("${mosip.certify.cnonce-expire-seconds:300}")
Expand All @@ -77,6 +89,34 @@ public class VCIssuanceServiceImpl implements VCIssuanceService {
@Autowired
private AuditPlugin auditWrapper;

@Autowired
private ObjectMapper objectMapper;

@Value("${spring.profiles.active}")
private String activeProfile;


@PostConstruct
public void postConstructMetadata() throws FileNotFoundException {
String issuerMetadataString;
if (activeProfile.equals("local") || activeProfile.equals("test")) {
Resource resource = new ClassPathResource(issuerMetadataConfigURL);
try {
issuerMetadataString = (Files.readString(resource.getFile().toPath()));
} catch (IOException e) {
throw new FileNotFoundException("missing local issuer metadata file " + e.getMessage());
}
} else {
issuerMetadataString = restTemplate.getForObject(issuerMetadataConfigURL, String.class);
}

try {
issuerMetadata = objectMapper.readValue(issuerMetadataString, LinkedHashMap.class);
} catch (JsonProcessingException e) {
throw new CertifyException(ErrorConstants.MISSING_WELLKNOWN_CONFIG);
}
}

@Override
public CredentialResponse getCredential(CredentialRequest credentialRequest) {
boolean isValidCredentialRequest = new CredentialRequestValidatorFactory().isValid(credentialRequest);
Expand Down Expand Up @@ -251,4 +291,4 @@ private VCIssuanceTransaction createVCITransaction() {
transaction.setCNonceExpireSeconds(cNonceExpireSeconds);
return vciCacheService.setVCITransaction(parsedAccessToken.getAccessTokenHash(), transaction);
}
}
}
147 changes: 2 additions & 145 deletions certify-service/src/main/resources/application-local.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,151 +31,8 @@ mosip.certify.authn.filter-urls={ '${server.servlet.path}/issuance/credential',
mosip.certify.authn.issuer-uri=http://localhost:8088/v1/esignet
mosip.certify.authn.jwk-set-uri=http://localhost:8088/v1/esignet/oauth/.well-known/jwks.json
mosip.certify.authn.allowed-audiences={ '${mosip.certify.domain.url}${server.servlet.path}/issuance/credential', 'http://localhost:8088/v1/esignet/vci/credential' }
mosip.certify.dataprovider.types={'MockVerifiableCredential','StudentCredential','UniversityCredential'}
mosip.certify.key-values={\
'vd12' : {\
'credential_issuer': '${mosip.certify.identifier}', \
'authorization_servers': {'${mosip.certify.authorization.url}'}, \
'credential_endpoint': '${mosipbox.public.url}${server.servlet.path}/issuance/vd12/credential', \
'display': {{'name': 'Insurance', 'locale': 'en'}},\
'credentials_supported' : { \
'InsuranceCredential' : {\
'format': 'ldp_vc',\
'scope' : 'sunbird_rc_insurance_vc_ldp',\
'cryptographic_binding_methods_supported': {'did:jwk'},\
'cryptographic_suites_supported': {'Ed25519Signature2020'},\
'proof_types_supported': {'jwt'},\
'credential_definition': {\
'type': {'VerifiableCredential','MockCredential'},\
'credentialSubject': {\
'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \
'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\
'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\
'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\
'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\
'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\
'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\
'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\
'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\
'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\
}},\
'display': {{'name': 'Sunbird RC Insurance Verifiable Credential', \
'locale': 'en', \
'logo': {'url': 'https://sunbird.org/images/sunbird-logo-new.png','alt_text': 'a square logo of a Sunbird'},\
'background_color': '#FDFAF9',\
'text_color': '#7C4616'}},\
'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\
},\
"LifeInsuranceCredential":{\
'format': 'ldp_vc',\
'scope' : 'life_insurance_vc_ldp',\
'cryptographic_binding_methods_supported': {'did:jwk'},\
'cryptographic_suites_supported': {'Ed25519Signature2020'},\
'proof_types_supported': {'jwt'},\
'credential_definition': {\
'type': {'VerifiableCredential', 'MockCredential'},\
'credentialSubject': {\
'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \
'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\
'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\
'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\
'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\
'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\
'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\
'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\
'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\
'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\
}},\
'display': {{'name': 'Life Insurance Verifiable Credential', \
'locale': 'en', \
'logo': {'url': 'https://sunbird.org/images/sunbird-logo-new.png','alt_text': 'a square logo of a Sunbird'},\
'background_color': '#FDFAF9',\
'text_color': '#7C4616'}},\
'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\
}}\
},\
'latest' : {\
'credential_issuer': '${mosip.certify.identifier}', \
'authorization_servers': {'${mosip.certify.authorization.url}'}, \
'credential_endpoint': '${mosipbox.public.url}${server.servlet.path}/issuance/credential', \
'display': {{'name': 'Insurance', 'locale': 'en'}},\
'credential_configurations_supported' : { \
'InsuranceCredential' : {\
'format': 'ldp_vc',\
'scope' : 'sample_vc_ldp',\
'cryptographic_binding_methods_supported': {'did:jwk'},\
'credential_signing_alg_values_supported': {'Ed25519Signature2020'},\
'proof_types_supported': {'jwt': {'proof_signing_alg_values_supported': {'RS256', 'PS256'}}},\
'credential_definition': {\
'type': {'VerifiableCredential','MockVerifiableCredential'},\
'credentialSubject': {\
'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \
'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\
'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\
'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\
'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\
'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\
'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\
'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\
'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\
'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\
}},\
'display': {{'name': 'Sunbird RC Insurance Verifiable Credential', \
'locale': 'en', \
'logo': {'url': 'https://sunbird.org/images/sunbird-logo-new.png','alt_text': 'a square logo of a Sunbird'},\
'background_color': '#FDFAF9',\
'background_image': { 'uri': 'https://sunbird.org/images/sunbird-logo-new.png' }, \
'text_color': '#7C4616'}},\
'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\
},\
'LifeInsuranceCredential':{\
'format': 'ldp_vc',\
'scope' : 'sample_vc_ldp',\
'cryptographic_binding_methods_supported': {'did:jwk'},\
'credential_signing_alg_values_supported': {'Ed25519Signature2020'},\
'proof_types_supported': {'jwt': {'proof_signing_alg_values_supported': {'RS256', 'ES256'}}},\
'credential_definition': {\
'type': {'VerifiableCredential', 'MockCredential'},\
'credentialSubject': {\
'fullName': {'display': {{'name': 'Name','locale': 'en'}}}, \
'mobile': {'display': {{'name': 'Phone Number','locale': 'en'}}},\
'dob': {'display': {{'name': 'Date of Birth','locale': 'en'}}},\
'gender': {'display': {{'name': 'Gender','locale': 'en'}}},\
'benefits': {'display': {{'name': 'Benefits','locale': 'en'}}},\
'email': {'display': {{'name': 'Email Id','locale': 'en'}}},\
'policyIssuedOn': {'display': {{'name': 'Policy Issued On','locale': 'en'}}},\
'policyExpiresOn': {'display': {{'name': 'Policy Expires On','locale': 'en'}}},\
'policyName': {'display': {{'name': 'Policy Name','locale': 'en'}}},\
'policyNumber': {'display': {{'name': 'Policy Number','locale': 'en'}}}\
}},\
'display': {{'name': 'Life Insurance Verifiable Credential', \
'locale': 'en', \
'background_image': { 'uri': 'https://sunbird.org/images/sunbird-logo-new.png' }, \
'logo': {'url': 'https://sunbird.org/images/sunbird-logo-new.png','alt_text': 'a square logo of a Sunbird'},\
'background_color': '#FDFAF9',\
'text_color': '#7C4616'}},\
'order' : {'fullName','policyName','policyExpiresOn','policyIssuedOn','policyNumber','mobile','dob','gender','benefits','email'}\
},\
"DrivingLicenseCredential":{\
'format': 'mso_mdoc',\
'doctype': 'org.iso.18013.5.1.mDL',\
'scope' : 'sample_vc_mdoc',\
'cryptographic_binding_methods_supported': {'cose_key'},\
'credential_signing_alg_values_supported': {'ES256'},\
'proof_types_supported': {'jwt': {'proof_signing_alg_values_supported': {'ES256'}}},\
'claims': {\
'org.iso.18013.5.1': {'given_name': {'display': {{'name': 'Given Name','locale': 'en'}}},'family_name': {'display': {{'name': 'Family Name','locale': 'en'}}},'issue_date': {'display': {{'name': 'Issue Date','locale': 'en'}}},'expiry_date': {'display': {{'name': 'Expiry Date','locale': 'en'}}},'birth_date': {'display': {{'name': 'Birth Date','locale': 'en'}}},'issuing_country': {'display': {{'name': 'Issuing Country','locale': 'en'}}},'document_number': {'display': {{'name': 'Document Number','locale': 'en'}}}}},\
'display': {{'name': 'Mobile Driving License Verifiable Credential', \
'locale': 'en', \
'background_image': { 'uri': 'https://sunbird.org/images/sunbird-logo-new.png' }, \
'logo': {'url': 'https://sunbird.org/images/sunbird-logo-new.png','alt_text': 'a square logo of a Sunbird Mobile Driving License'},\
'background_color': '#FDFAF9',\
'text_color': '#7C4616'}},\
'order' : {'org.iso.18013.5.1~family_name','org.iso.18013.5.1~given_name','org.iso.18013.5.1~document_number','org.iso.18013.5.1~issuing_country','org.iso.18013.5.1~issue_date','org.iso.18013.5.1~expiry_date','org.iso.18013.5.1~birth_date'}\
}}\
}\
}
mosip.certify.svg-templates=svg-template.json
mosip.certify.issuer-metadata.config-url=openid4vci-wk.json

## ------------------------------------------- Integrations ------------------------------------------------------------
#mosip.certify.integration.scan-base-package=io.mosip.certify.sunbirdrc.integration
Expand Down Expand Up @@ -203,14 +60,14 @@ mosip.certify.integration.scan-base-package=io.mosip.certify.mock.integration
mosip.certify.integration.audit-plugin=LoggerAuditService
mosip.certify.integration.vci-plugin=MockVCIssuancePlugin
mosip.certify.mock.vciplugin.verification-method=${mosip.certify.authn.jwk-set-uri}
mosip.certify.mock.authenticator.get-identity-url=http://localhost:8082/v1/mock-identity-system/identity
#TODO: get the secret for key-cert onboarded for local test
mosip.certify.mock.vciplugin.issuer.key-cert="dummy-issuer-cert"
mosip.certify.mock.vciplugin.ca.key-cert="dummy-ca-cert"

# details of VC issuer's public key & controller for DataProvider plugin
mosip.certify.issuer.pub.key=https://vharsh.github.io/DID/mock-rsa.json
mosip.certify.issuer.uri=https://vharsh.github.io/DID/mock-rsac.json
mosip.certify.mock.authenticator.get-identity-url=http://localhost:9000/path/to/server
vishwa-vyom marked this conversation as resolved.
Show resolved Hide resolved

## ---------------------------------------- Cache configuration --------------------------------------------------------

Expand Down
Loading
Loading