[INJICERT-434] add optional id URI to json-ld VC

Signed-off-by: Harsh Vardhan <[email protected]>

certify-core/src/main/java/io/mosip/certify/core/constants/ErrorConstants.java

@@ -25,4 +25,5 @@ public class ErrorConstants {
     public static final String UNSUPPORTED_OPENID_VERSION = "unsupported_openid4vci_draft_version";
     public static final String INVALID_TEMPLATE_ID = "template_with_id_not_found";
     public static final String EMPTY_TEMPLATE_CONTENT = "empty_template_content";
+    public static final String JSON_TEMPLATING_ERROR = "json_templating_error";
 }

certify-integration-api/src/main/java/io/mosip/certify/api/spi/VCModifier.java

@@ -0,0 +1,18 @@
+package io.mosip.certify.api.spi;
+
+import org.json.JSONObject;
+
+/**
+ * VCModifier is a modifier which takes @param templateInput and
+ * returns a modified VC as per configuration.
+ *
+ * Some implementations include
+ * - add an id which is a UUID
+ *
+ * Future possible implementations:
+ * - Support for SD-JWT
+ * - Support for additional validations
+ */
+public interface VCModifier {
+    JSONObject perform(String templateInput);
+}

certify-integration-api/src/main/java/io/mosip/certify/api/spi/VCSigner.java

@@ -1,10 +1,11 @@
 package io.mosip.certify.api.spi;
 
 import io.mosip.certify.api.dto.VCResult;
+import org.json.JSONObject;
 
 /**
  * VCSigner can sign any VC provided a vcHash & Signer inputs
  */
 public interface VCSigner {
-    VCResult<?> perform(String templatedVC);
+    VCResult<?> perform(JSONObject templatedVC);
 }

certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java

@@ -62,6 +62,9 @@ public class CertifyIssuanceServiceImpl implements VCIssuanceService {
     @Autowired
     private VCFormatter vcFormatter;
 
+    @Autowired
+    private VCModifier vcModifier;
+
     @Autowired
     private VCSigner vcSigner;
 
@@ -159,7 +162,9 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
                         templateParams.put(VelocityTemplatingConstants.SVG_TEMPLATE, svg);
                     }
                     String templatedVC = vcFormatter.format(jsonObject, templateParams);
-                    vcResult = vcSigner.perform(templatedVC);
+                    JSONObject credential = vcModifier.perform(templatedVC);
+                    // vcFormatter.format()
+                    vcResult = vcSigner.perform(credential);
                 } catch(DataProviderExchangeException e) {
                     throw new CertifyException(e.getErrorCode());
                 }

certify-service/src/main/java/io/mosip/certify/services/ConfigurableJSONLDvcModifier.java

@@ -0,0 +1,32 @@
+package io.mosip.certify.services;
+
+import io.mosip.certify.api.spi.VCModifier;
+import io.mosip.certify.core.constants.ErrorConstants;
+import io.mosip.certify.core.exception.CertifyException;
+import lombok.extern.slf4j.Slf4j;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Service;
+
+import java.util.UUID;
+
+@Service
+@Slf4j
+@ConditionalOnProperty(name = "mosip.certify.issuer.modifier.enabled", value = "AddID")
+public class ConfigurableJSONLDvcModifier implements VCModifier {
+    // TODO: Add support for more configurable "AddOns" to update the VC later
+    @Override
+    public JSONObject perform(String templateInput) {
+        JSONObject j;
+        try {
+           j = new JSONObject(templateInput);
+           j.put("id", "did:rcw:" + UUID.randomUUID());
+           return j;
+        } catch (JSONException e) {
+            log.error("Received JSON: " + templateInput);
+            log.error(e.getMessage());
+            throw new CertifyException(ErrorConstants.JSON_TEMPLATING_ERROR);
+        }
+    }
+}

certify-service/src/main/java/io/mosip/certify/services/KeymanagerLibSigner.java

@@ -15,6 +15,7 @@
 import io.mosip.certify.core.exception.CertifyException;
 import io.mosip.certify.services.ldsigner.ProofSignatureStrategy;
 import lombok.extern.slf4j.Slf4j;
+import org.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
@@ -50,17 +51,17 @@ public class KeymanagerLibSigner implements VCSigner {
     private String hostedKey;
 
     @Override
-    public VCResult<JsonLDObject> perform(String templatedVC) {
+    public VCResult<JsonLDObject> perform(JSONObject c) {
         // Can the below lines be done at Templating side itself ?
+        JsonLDObject cred = JsonLDObject.fromJson(c.toString());
         VCResult<JsonLDObject> VC = new VCResult<>();
-        JsonLDObject j = JsonLDObject.fromJson(templatedVC);
-        j.setDocumentLoader(null);
+        cred.setDocumentLoader(null);
         // NOTE: other aspects can be configured via keyMgrInput map
         String validFrom;
-        if (j.getJsonObject().containsKey(VCDM1Constants.ISSUANCE_DATE)) {
-            validFrom = j.getJsonObject().get(VCDM1Constants.ISSUANCE_DATE).toString();
-        } else if (j.getJsonObject().containsKey(VCDM2Constants.VALID_FROM)){
-            validFrom = j.getJsonObject().get(VCDM2Constants.VALID_FROM).toString();
+        if (cred.getJsonObject().containsKey(VCDM1Constants.ISSUANCE_DATE)) {
+            validFrom = cred.getJsonObject().get(VCDM1Constants.ISSUANCE_DATE).toString();
+        } else if (cred.getJsonObject().containsKey(VCDM2Constants.VALID_FROM)){
+            validFrom = cred.getJsonObject().get(VCDM2Constants.VALID_FROM).toString();
         } else {
             validFrom = ZonedDateTime.now(ZoneOffset.UTC)
                     .format(DateTimeFormatter.ofPattern(Constants.UTC_DATETIME_PATTERN));
@@ -80,16 +81,16 @@ public VCResult<JsonLDObject> perform(String templatedVC) {
         Canonicalizer canonicalizer = signProps.getCanonicalizer();
         byte[] vcSignBytes = null;
         try {
-            vcSignBytes = canonicalizer.canonicalize(vcLdProof, j);
+            vcSignBytes = canonicalizer.canonicalize(vcLdProof, cred);
         } catch (IOException | GeneralSecurityException | JsonLDException e) {
             log.error("Error during canonicalization", e.getMessage());
             throw new CertifyException("Error during canonicalization");
         }
         String vcEncodedHash = Base64.getUrlEncoder().encodeToString(vcSignBytes);
         String sign = signProps.getProof(vcEncodedHash);
         LdProof ldProofWithJWS = signProps.buildProof(vcLdProof, sign);
-        ldProofWithJWS.addToJsonLDObject(j);
-        VC.setCredential(j);
+        ldProofWithJWS.addToJsonLDObject(cred);
+        VC.setCredential(cred);
         return VC;
         // MOSIP ref: https://github.com/mosip/id-authentication/blob/master/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/VciServiceImpl.java#L281
     }

certify-service/src/main/java/io/mosip/certify/services/NoOpVCModifier.java

@@ -0,0 +1,27 @@
+package io.mosip.certify.services;
+
+import io.mosip.certify.api.spi.VCModifier;
+import io.mosip.certify.core.constants.ErrorConstants;
+import io.mosip.certify.core.exception.CertifyException;
+import lombok.extern.slf4j.Slf4j;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Service;
+
+@Service
+@Slf4j
+@ConditionalOnProperty(name = "mosip.certify.issuer.modifier.enabled", value = "NoOp")
+public class NoOpVCModifier implements VCModifier {
+    @Override
+    public JSONObject perform(String templateInput) {
+        try {
+           JSONObject j = new JSONObject(templateInput);
+           return j;
+        } catch (JSONException e) {
+            log.error("Received JSON: " + templateInput);
+            log.error(e.getMessage());
+            throw new CertifyException(ErrorConstants.JSON_TEMPLATING_ERROR);
+        }
+    }
+}

certify-service/src/main/resources/application-local.properties

@@ -20,7 +20,7 @@ mosip.certify.authorization.url=http://localhost:8088
 mosip.certify.discovery.issuer-id=${mosip.certify.domain.url}${server.servlet.path}
 mosip.certify.issuer.vc-sign-algo=Ed25519Signature2018
 mosip.certify.issuer=CertifyIssuer
-
+mosip.certify.issuer.modifier.enabled=AddID
 ##--------------change this later---------------------------------
 mosip.certify.supported.jwt-proof-alg={'RS256','PS256','ES256'}
 

certify-service/src/test/java/io/mosip/certify/services/ConfigurableJSONLDvcModifierTest.java

@@ -0,0 +1,23 @@
+package io.mosip.certify.services;
+
+import lombok.SneakyThrows;
+import org.json.JSONObject;
+import org.junit.jupiter.api.Test;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class ConfigurableJSONLDvcModifierTest {
+    ConfigurableJSONLDvcModifier modifier = new ConfigurableJSONLDvcModifier();
+    @SneakyThrows
+    @Test
+    void perform() {
+        JSONObject json = new JSONObject();
+        json.put("item", "apple");
+        JSONObject actual = modifier.perform(json.toString());
+        assertDoesNotThrow(() -> URI.create(actual.get("id").toString()));
+        assertTrue(actual.has("item"));
+    }
+}

certify-service/src/test/java/io/mosip/certify/services/KeymanagerLibSignerTest.java

@@ -4,10 +4,10 @@
 import info.weboftrust.ldsignatures.LdProof;
 import info.weboftrust.ldsignatures.canonicalizer.URDNA2015Canonicalizer;
 import io.mosip.certify.api.dto.VCResult;
-import io.mosip.certify.core.constants.VCDMConstants;
 import io.mosip.certify.services.ldsigner.ProofSignatureStrategy;
-import io.mosip.certify.services.ldsigner.RsaProofSignature2018;
 import io.mosip.kernel.signature.dto.JWTSignatureResponseDto;
+import org.json.JSONException;
+import org.json.JSONObject;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -19,10 +19,8 @@
 import org.springframework.test.util.ReflectionTestUtils;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
-import java.sql.Ref;
 import java.util.Map;
 
 @RunWith(MockitoJUnitRunner.class)
@@ -71,9 +69,9 @@ public void setup() {
     }
 
     @Test
-    public void testPerformSuccess_VC2() {
+    public void testPerformSuccess_VC2() throws JSONException {
         // Mock Templated VC and Key Manager Input
-        String VCs[] = new String[]{VC_1, VC_2};
+        String[] VCs = new String[]{VC_1, VC_2};
         for (String templatedVC : VCs) {
             // Prepare a FakeSignature2018 implementation
             JWTSignatureResponseDto jwsSignedData = new JWTSignatureResponseDto();
@@ -84,14 +82,13 @@ public void testPerformSuccess_VC2() {
             when(signProps.getProof(anyString())).thenReturn("fake-jws-proof");
             LdProof l = LdProof.builder().jws("fake-jws-proof").type("FakeSignature2018").proofPurpose("assertionMethod").build();
             when(signProps.buildProof(any(), any())).thenReturn(l);
-
+            JSONObject json = new JSONObject(templatedVC);
             // invoke
-            VCResult<JsonLDObject> vcResult = signer.perform(templatedVC);
+            VCResult<JsonLDObject> vcResult = signer.perform(json);
 
             // test
             assert vcResult != null;
             JsonLDObject credential = vcResult.getCredential();
-            Assert.assertNotNull(credential.getJsonObject().containsKey("proof"));
             Map<String, Object> proof = (Map<String, Object>) credential.getJsonObject().get("proof");
             Assert.assertEquals("fake-jws-proof", proof.get("jws"));
         }

db_scripts/mosip_certify/dml/certify-key_policy_def.csv

@@ -4,3 +4,4 @@ CERTIFY_SERVICE,1095,60,NA,TRUE,mosipadmin,now()
 CERTIFY_PARTNER,1095,60,NA,TRUE,mosipadmin,now()
 CERTIFY_MOCK_RSA,1095,60,NA,TRUE,mosipadmin,now()
 CERTIFY_MOCK_ED25519,1095,60,NA,TRUE,mosipadmin,now()
+BASE,730,60,NA,TRUE,mosipadmin,now()