Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: make VP request to CredentialService #3618

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion DEPENDENCIES
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ maven/mavencentral/io.swagger.parser.v3/swagger-parser/2.1.10, None, restricted,
maven/mavencentral/io.swagger/swagger-annotations/1.6.9, Apache-2.0, approved, #3792
maven/mavencentral/io.swagger/swagger-compat-spec-parser/1.0.64, None, restricted, #11479
maven/mavencentral/io.swagger/swagger-core/1.6.9, Apache-2.0, approved, #4358
maven/mavencentral/io.swagger/swagger-models/1.6.9, LicenseRef-scancode-proprietary-license, restricted, #11476
maven/mavencentral/io.swagger/swagger-models/1.6.9, Apache-2.0, approved, #11476
maven/mavencentral/io.swagger/swagger-parser/1.0.64, Apache-2.0, approved, #4359
maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,9 @@ dependencies {
implementation(project(":extensions:common:iam:identity-trust:identity-trust-sts:identity-trust-sts-embedded"))
implementation(libs.nimbus.jwt)

testImplementation(testFixtures(project(":spi:common:identity-trust-spi")))
testImplementation(project(":core:common:junit"))
testImplementation(testFixtures(project(":spi:common:identity-trust-spi")))
testImplementation(libs.nimbus.jwt)
testImplementation(project(":extensions:common:json-ld"))
}

Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@

package org.eclipse.edc.iam.identitytrust.core;

import jakarta.json.Json;
import org.eclipse.edc.iam.did.spi.resolution.DidResolverRegistry;
import org.eclipse.edc.iam.identitytrust.IdentityAndTrustService;
import org.eclipse.edc.iam.identitytrust.core.defaults.DefaultCredentialServiceClient;
import org.eclipse.edc.iam.identitytrust.validation.SelfIssuedIdTokenValidator;
import org.eclipse.edc.iam.identitytrust.verification.MultiFormatPresentationVerifier;
import org.eclipse.edc.identitytrust.CredentialServiceClient;
Expand All @@ -41,6 +43,7 @@
import org.eclipse.edc.verification.jwt.SelfIssuedIdTokenVerifier;

import java.time.Clock;
import java.util.Map;

import static org.eclipse.edc.spi.CoreConstants.JSON_LD;

Expand Down Expand Up @@ -126,8 +129,8 @@ public JwtVerifier getJwtVerifier() {

@Provider
public CredentialServiceClient createClient(ServiceExtensionContext context) {
context.getMonitor().warning("Using a dummy CredentialServiceClient, that'll return null always. Don't use this in production use cases!");
return (csUrl, siTokenJwt, scopes) -> null;
return new DefaultCredentialServiceClient(httpClient, Json.createBuilderFactory(Map.of()),
typeManager.getMapper(JSON_LD), typeTransformerRegistry, jsonLd, context.getMonitor());
}

private String getOwnDid(ServiceExtensionContext context) {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

package org.eclipse.edc.iam.identitytrust.core.defaults;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import jakarta.json.JsonBuilderFactory;
import jakarta.json.JsonObject;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import org.eclipse.edc.identitytrust.CredentialServiceClient;
import org.eclipse.edc.identitytrust.VcConstants;
import org.eclipse.edc.identitytrust.model.CredentialFormat;
import org.eclipse.edc.identitytrust.model.VerifiablePresentation;
import org.eclipse.edc.identitytrust.model.VerifiablePresentationContainer;
import org.eclipse.edc.identitytrust.model.credentialservice.PresentationQuery;
import org.eclipse.edc.identitytrust.model.credentialservice.PresentationResponse;
import org.eclipse.edc.jsonld.spi.JsonLd;
import org.eclipse.edc.jsonld.spi.JsonLdKeywords;
import org.eclipse.edc.spi.http.EdcHttpClient;
import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.result.AbstractResult;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.transform.spi.TypeTransformerRegistry;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;

import static org.eclipse.edc.spi.result.Result.failure;
import static org.eclipse.edc.spi.result.Result.success;

public class DefaultCredentialServiceClient implements CredentialServiceClient {
private final EdcHttpClient httpClient;
private final JsonBuilderFactory jsonFactory;
private final ObjectMapper objectMapper;
private final TypeTransformerRegistry transformerRegistry;
private final JsonLd jsonLd;
private final Monitor monitor;

public DefaultCredentialServiceClient(EdcHttpClient httpClient, JsonBuilderFactory jsonFactory, ObjectMapper jsonLdMapper, TypeTransformerRegistry transformerRegistry, JsonLd jsonLd, Monitor monitor) {
this.httpClient = httpClient;
this.jsonFactory = jsonFactory;
this.objectMapper = jsonLdMapper.enable(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY);
this.transformerRegistry = transformerRegistry;
this.jsonLd = jsonLd;
this.monitor = monitor;
}

@Override
public Result<List<VerifiablePresentationContainer>> requestPresentation(String credentialServiceUrl, String selfIssuedTokenJwt, List<String> scopes) {
var query = createPresentationQuery(scopes);

try {
var requestJson = objectMapper.writeValueAsString(query);
var request = new Request.Builder()
.post(RequestBody.create(requestJson, MediaType.parse("application/json")))
.url(credentialServiceUrl)
.addHeader("Authorization", "%s".formatted(selfIssuedTokenJwt))
.build();

var response = httpClient.execute(request);

var body = "";
if (response.body() != null) {
body = response.body().string();
}

if (response.isSuccessful() && response.body() != null) {
var presentationResponse = objectMapper.readValue(body, PresentationResponse.class);
return parseResponse(presentationResponse);
}
return failure("Presentation Query failed: HTTP %s, message: %s".formatted(response.code(), body));

} catch (IOException e) {
monitor.warning("Error requesting VP", e);
return failure("Error requesting VP: %s".formatted(e.getMessage()));
}

}

private Result<List<VerifiablePresentationContainer>> parseResponse(PresentationResponse presentationResponse) throws IOException {
var vpResults = Stream.of(presentationResponse.vpToken())
.map(this::parseVpToken)
.toList();

if (vpResults.stream().anyMatch(AbstractResult::failed)) {
return failure("One or more VP tokens could not be parsed. Details: %s".formatted(vpResults.stream().filter(Result::failed).map(AbstractResult::getFailureDetail).collect(Collectors.joining(","))));
}

return success(vpResults.stream().map(AbstractResult::getContent).toList());
}

private Result<VerifiablePresentationContainer> parseVpToken(Object vpObj) {
if (vpObj instanceof String) { // JWT VP
return parseJwtVp(vpObj.toString());
} else if (vpObj instanceof Map) { // LDP VP
return parseLdpVp(vpObj);
} else {
return failure("Unknown VP format: " + vpObj.getClass());
}
}

private Result<VerifiablePresentationContainer> parseLdpVp(Object vpObj) {
var jsonObj = objectMapper.convertValue(vpObj, JsonObject.class);
var rawStr = jsonObj.toString();

return jsonLd.expand(jsonObj)
.compose(expanded -> transformerRegistry.transform(expanded, VerifiablePresentation.class))
.map(vp -> new VerifiablePresentationContainer(rawStr, CredentialFormat.JSON_LD, vp));
}

private Result<VerifiablePresentationContainer> parseJwtVp(String rawJwt) {
return transformerRegistry.transform(rawJwt, VerifiablePresentation.class)
.map(pres -> new VerifiablePresentationContainer(rawJwt, CredentialFormat.JWT, pres));

}

private JsonObject createPresentationQuery(List<String> scopes) {
var scopeArray = jsonFactory.createArrayBuilder();
scopes.forEach(scopeArray::add);
return jsonFactory.createObjectBuilder()
.add(JsonLdKeywords.CONTEXT, jsonFactory.createArrayBuilder()
.add(VcConstants.PRESENTATION_EXCHANGE_URL)
.add(VcConstants.IATP_CONTEXT_URL))
.add(JsonLdKeywords.TYPE, PresentationQuery.PRESENTATION_QUERY_TYPE_PROPERTY)
.add("scope", scopeArray.build())
.build();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

package org.eclipse.edc.iam.identitytrust.core.defaults;

import jakarta.json.Json;
import okhttp3.MediaType;
import okhttp3.Protocol;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.eclipse.edc.identitytrust.model.CredentialFormat;
import org.eclipse.edc.identitytrust.model.CredentialSubject;
import org.eclipse.edc.identitytrust.model.Issuer;
import org.eclipse.edc.identitytrust.model.VerifiableCredential;
import org.eclipse.edc.identitytrust.model.VerifiablePresentation;
import org.eclipse.edc.jsonld.spi.JsonLd;
import org.eclipse.edc.spi.http.EdcHttpClient;
import org.eclipse.edc.transform.spi.TypeTransformerRegistry;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

import java.io.IOException;
import java.time.Instant;
import java.util.List;
import java.util.Map;

import static org.assertj.core.api.Assertions.assertThat;
import static org.eclipse.edc.jsonld.util.JacksonJsonLd.createObjectMapper;
import static org.eclipse.edc.junit.testfixtures.TestUtils.getResourceFileContentAsString;
import static org.eclipse.edc.spi.result.Result.success;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;

class DefaultCredentialServiceClientTest {

private static final String CS_URL = "http://test.com/cs";
private final EdcHttpClient httpClientMock = mock();
private DefaultCredentialServiceClient client;

@BeforeEach
void setup() {
var registry = mock(TypeTransformerRegistry.class);
when(registry.transform(any(), eq(VerifiablePresentation.class)))
.thenReturn(success(createPresentation()));
var jsonLdMock = mock(JsonLd.class);
when(jsonLdMock.expand(any())).thenAnswer(a -> success(a.getArgument(0)));
client = new DefaultCredentialServiceClient(httpClientMock, Json.createBuilderFactory(Map.of()),
createObjectMapper(), registry, jsonLdMock, mock());
}

@Test
@DisplayName("CS returns a single LDP-VP")
void requestPresentation_singleLdpVp() throws IOException {
when(httpClientMock.execute(any()))
.thenReturn(response(200, getResourceFileContentAsString("single_ldp-vp.json")));

var result = client.requestPresentation(CS_URL, "foo", List.of());
assertThat(result.succeeded()).isTrue();
assertThat(result.getContent()).hasSize(1).allMatch(vpc -> vpc.format() == CredentialFormat.JSON_LD);
}

@Test
@DisplayName("CS returns a single JWT-VP")
void requestPresentation_singleJwtVp() throws IOException {
when(httpClientMock.execute(any()))
.thenReturn(response(200, getResourceFileContentAsString("single_jwt-vp.json")));

var result = client.requestPresentation(CS_URL, "foo", List.of());
assertThat(result.succeeded()).isTrue();
assertThat(result.getContent()).hasSize(1).allMatch(vpc -> vpc.format() == CredentialFormat.JWT);
}

@Test
@DisplayName("CS returns multiple VPs, one LDP-VP and a JWT-VP")
void requestPresentationLdp_multipleVp_mixed() throws IOException {
when(httpClientMock.execute(any()))
.thenReturn(response(200, getResourceFileContentAsString("multiple_vp-token_mixed.json")));

var result = client.requestPresentation(CS_URL, "foo", List.of());
assertThat(result.succeeded()).isTrue();
assertThat(result.getContent()).hasSize(2)
.anySatisfy(vp -> assertThat(vp.format()).isEqualTo(CredentialFormat.JSON_LD))
.anySatisfy(vp -> assertThat(vp.format()).isEqualTo(CredentialFormat.JWT));
}

@Test
@DisplayName("CS returns multiple LDP-VPs")
void requestPresentation_mulipleVp_onlyLdp() throws IOException {
when(httpClientMock.execute(any()))
.thenReturn(response(200, getResourceFileContentAsString("multiple_vp-token_ldp.json")));

var result = client.requestPresentation(CS_URL, "foo", List.of());
assertThat(result.succeeded()).isTrue();
assertThat(result.getContent()).hasSize(2)
.allSatisfy(vp -> assertThat(vp.format()).isEqualTo(CredentialFormat.JSON_LD));
}

@Test
@DisplayName("CS returns multiple JWT-VPs")
void requestPresentation_mulipleVp_onlyJwt() throws IOException {
when(httpClientMock.execute(any()))
.thenReturn(response(200, getResourceFileContentAsString("multiple_vp-token_jwt.json")));

var result = client.requestPresentation(CS_URL, "foo", List.of());
assertThat(result.succeeded()).isTrue();
assertThat(result.getContent()).hasSize(2)
.allSatisfy(vp -> assertThat(vp.format()).isEqualTo(CredentialFormat.JWT));
}

@ParameterizedTest(name = "CS returns HTTP error code {0}")
@ValueSource(ints = { 400, 401, 403, 503, 501 })
void requestPresentation_csReturnsError(int httpCode) throws IOException {
when(httpClientMock.execute(any()))
.thenReturn(response(httpCode, "Test failure"));

var res = client.requestPresentation(CS_URL, "foo", List.of());
assertThat(res.failed()).isTrue();
assertThat(res.getFailureDetail()).isEqualTo("Presentation Query failed: HTTP %s, message: Test failure".formatted(httpCode));
}

private VerifiablePresentation createPresentation() {
return VerifiablePresentation.Builder.newInstance()
.type("VerifiablePresentation")
.credential(VerifiableCredential.Builder.newInstance()
.issuer(new Issuer("test-issuer", Map.of()))
.type("VerifiableCredential")
.issuanceDate(Instant.now())
.credentialSubject(CredentialSubject.Builder.newInstance()
.id("test-subject")
.claim("foo", "bar")
.build())
.build())
.build();
}

private Response response(int code, String body) {
return new Response.Builder()
.request(mock())
.protocol(Protocol.HTTP_2)
.code(code) // status code
.message("")
.body(ResponseBody.create(
body,
MediaType.get("application/json; charset=utf-8")
))
.build();
}


}
Loading
Loading