feat(config): make wallet application and paths configurable

Refs: #226
eclipse-tractusx · Aug 2, 2024 · 3ded6d4 · 3ded6d4
1 parent 9ae194e
commit 3ded6d4
Show file tree

Hide file tree

Showing 10 changed files with 89 additions and 25 deletions.
diff --git a/charts/ssi-credential-issuer/README.md b/charts/ssi-credential-issuer/README.md
@@ -93,6 +93,11 @@ dependencies:
 | processesworker.wallet.grantType | string | `"client_credentials"` |  |
 | processesworker.wallet.clientId | string | `"wallet-client-id"` | Provide wallet client-id from CX IAM centralidp. |
 | processesworker.wallet.clientSecret | string | `""` | Client-secret for wallet client-id. Secret-key 'wallet-client-secret'. |
+| processesworker.wallet.application | string | `"catena-x-portal"` | the application set in the wallet |
+| processesworker.wallet.credentialCreationPath | string | `"api/v2.0.0/credentials"` | path to create a credential |
+| processesworker.wallet.signingCreationPath | string | `"/api/v2.0.0/credentials/{0}"` | path to sign a specific credential {0} will be replaced by the credential id |
+| processesworker.wallet.getCreationPath | string | `"/api/v2.0.0/credentials/{0}"` | path to get a specific credential {0} will be replaced by the credential id |
+| processesworker.wallet.revokeCreationPath | string | `"/api/v2.0.0/credentials/{0}"` | path to revoke a specific credential {0} will be replaced by the credential id |
 | credentialExpiry.name | string | `"expiry"` |  |
 | credentialExpiry.image.name | string | `"docker.io/tractusx/ssi-credential-expiry-app"` |  |
 | credentialExpiry.image.tag | string | `""` |  |

diff --git a/charts/ssi-credential-issuer/templates/cronjob-issuer-processes.yaml b/charts/ssi-credential-issuer/templates/cronjob-issuer-processes.yaml
@@ -136,6 +136,16 @@ spec:
                 secretKeyRef:
                   name: "{{ template "issuer.secretName" . }}"
                   key: "credential-encryption-key0"
+            - name: "WALLET__WALLETAPPLICATION"
+              value: "{{ .Values.processesworker.wallet.application }}"
+            - name: "WALLET__CREDENTIALCREATIONPATH"
+              value: "{{ .Values.processesworker.wallet.credentialCreationPath }}"
+            - name: "WALLET__SIGNINGCREDENTIALPATH"
+              value: "{{ .Values.processesworker.wallet.signingCreationPath }}"
+            - name: "WALLET__GETCREDENTIALPATH"
+              value: "{{ .Values.processesworker.wallet.getCreationPath }}"
+            - name: "WALLET__REVOKECREDENTIALPATH"
+              value: "{{ .Values.processesworker.wallet.revokeCreationPath }}"
             - name: "SERILOG__MINIMUMLEVEL__Default"
               value: "{{ .Values.processesworker.logging.default }}"
             - name: "PROCESSES__IDENTITYID"

diff --git a/charts/ssi-credential-issuer/templates/deployment-issuer-service.yaml b/charts/ssi-credential-issuer/templates/deployment-issuer-service.yaml
@@ -163,6 +163,16 @@ spec:
             secretKeyRef:
               name: "{{ template "issuer.secretName" . }}"
               key: "credential-encryption-key0"
+        - name: "WALLET__WALLETAPPLICATION"
+          value: "{{ .Values.processesworker.wallet.application }}"
+        - name: "WALLET__CREDENTIALCREATIONPATH"
+          value: "{{ .Values.processesworker.wallet.credentialCreationPath }}"
+        - name: "WALLET__SIGNINGCREDENTIALPATH"
+          value: "{{ .Values.processesworker.wallet.signingCreationPath }}"
+        - name: "WALLET__GETCREDENTIALPATH"
+          value: "{{ .Values.processesworker.wallet.getCreationPath }}"
+        - name: "WALLET__REVOKECREDENTIALPATH"
+          value: "{{ .Values.processesworker.wallet.revokeCreationPath }}"
         ports:
         - name: http
           containerPort: {{ .Values.portContainer }}

diff --git a/charts/ssi-credential-issuer/values.yaml b/charts/ssi-credential-issuer/values.yaml
@@ -124,6 +124,16 @@ processesworker:
     clientId: "wallet-client-id"
     # -- Client-secret for wallet client-id. Secret-key 'wallet-client-secret'.
     clientSecret: ""
+    # -- the application set in the wallet
+    application: "catena-x-portal"
+    # -- path to create a credential
+    credentialCreationPath: "api/v2.0.0/credentials"
+    # -- path to sign a specific credential {0} will be replaced by the credential id
+    signingCreationPath: "/api/v2.0.0/credentials/{0}"
+    # -- path to get a specific credential {0} will be replaced by the credential id
+    getCreationPath: "/api/v2.0.0/credentials/{0}"
+    # -- path to revoke a specific credential {0} will be replaced by the credential id
+    revokeCreationPath: "/api/v2.0.0/credentials/{0}"
 
 credentialExpiry:
   name: "expiry"

diff --git a/src/externalservices/Wallet.Service/DependencyInjection/WalletSettings.cs b/src/externalservices/Wallet.Service/DependencyInjection/WalletSettings.cs
@@ -33,4 +33,19 @@ public class WalletSettings : BasicAuthSettings
 
     [Required]
     public int EncryptionConfigIndex { get; set; }
+
+    [Required]
+    public string WalletApplication { get; set; } = null!;
+
+    [Required]
+    public string CredentialCreationPath { get; set; } = null!;
+
+    [Required]
+    public string SigningCredentialPath { get; set; } = null!;
+
+    [Required]
+    public string GetCredentialPath { get; set; } = null!;
+
+    [Required]
+    public string RevokeCredentialPath { get; set; } = null!;
 }
diff --git a/src/externalservices/Wallet.Service/Services/WalletService.cs b/src/externalservices/Wallet.Service/Services/WalletService.cs
@@ -28,25 +28,19 @@
 
 namespace Org.Eclipse.TractusX.SsiCredentialIssuer.Wallet.Service.Services;
 
-public class WalletService : IWalletService
+public class WalletService(IBasicAuthTokenService basicAuthTokenService, IOptions<WalletSettings> options)
+    : IWalletService
 {
     private const string NoIdErrorMessage = "Response must contain a valid id";
     private static readonly JsonSerializerOptions Options = new() { PropertyNamingPolicy = JsonNamingPolicy.CamelCase };
 
-    private readonly IBasicAuthTokenService _basicAuthTokenService;
-    private readonly WalletSettings _settings;
-
-    public WalletService(IBasicAuthTokenService basicAuthTokenService, IOptions<WalletSettings> options)
-    {
-        _basicAuthTokenService = basicAuthTokenService;
-        _settings = options.Value;
-    }
+    private readonly WalletSettings _settings = options.Value;
 
     public async Task<Guid> CreateCredential(JsonDocument payload, CancellationToken cancellationToken)
     {
-        using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
-        var data = new CreateCredentialRequest("catena-x-portal", new CredentialPayload(payload));
-        var result = await client.PostAsJsonAsync("api/v2.0.0/credentials", data, Options, cancellationToken)
+        using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
+        var data = new CreateCredentialRequest(_settings.WalletApplication, new CredentialPayload(payload));
+        var result = await client.PostAsJsonAsync(_settings.CredentialCreationPath, data, Options, cancellationToken)
             .CatchingIntoServiceExceptionFor("create-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
                 async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
             .ConfigureAwait(false);
@@ -61,9 +55,9 @@ public async Task<Guid> CreateCredential(JsonDocument payload, CancellationToken
 
     public async Task<string> SignCredential(Guid credentialId, CancellationToken cancellationToken)
     {
-        using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
+        using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
         var data = new SignCredentialRequest(new SignPayload(new SignUpdate("external", "jwt")));
-        var result = await client.PatchAsJsonAsync($"/api/v2.0.0/credentials/{credentialId}", data, Options, cancellationToken)
+        var result = await client.PatchAsJsonAsync(string.Format(_settings.SigningCredentialPath, credentialId), data, Options, cancellationToken)
             .CatchingIntoServiceExceptionFor("sign-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
                 async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
             .ConfigureAwait(false);
@@ -78,8 +72,8 @@ public async Task<string> SignCredential(Guid credentialId, CancellationToken ca
 
     public async Task<JsonDocument> GetCredential(Guid externalCredentialId, CancellationToken cancellationToken)
     {
-        using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
-        var result = await client.GetAsync($"/api/v2.0.0/credentials/{externalCredentialId}", cancellationToken)
+        using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
+        var result = await client.GetAsync(string.Format(_settings.SigningCredentialPath, externalCredentialId), cancellationToken)
             .CatchingIntoServiceExceptionFor("get-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
                 async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
             .ConfigureAwait(false);
@@ -100,9 +94,9 @@ public async Task<Guid> CreateCredentialForHolder(string holderWalletUrl, string
             ClientSecret = clientSecret,
             TokenAddress = $"{holderWalletUrl}/oauth/token"
         };
-        using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(authSettings, cancellationToken);
-        var data = new DeriveCredentialData("catena-x-portal", new DeriveCredentialPayload(new DeriveCredential(credential)));
-        var result = await client.PostAsJsonAsync("/api/v2.0.0/credentials", data, Options, cancellationToken)
+        using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(authSettings, cancellationToken);
+        var data = new DeriveCredentialData(_settings.WalletApplication, new DeriveCredentialPayload(new DeriveCredential(credential)));
+        var result = await client.PostAsJsonAsync(_settings.CredentialCreationPath, data, Options, cancellationToken)
             .CatchingIntoServiceExceptionFor("create-holder-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
                 async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
             .ConfigureAwait(false);
@@ -117,9 +111,9 @@ public async Task<Guid> CreateCredentialForHolder(string holderWalletUrl, string
 
     public async Task RevokeCredentialForIssuer(Guid externalCredentialId, CancellationToken cancellationToken)
     {
-        using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
+        using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
         var data = new RevokeCredentialRequest(new RevokePayload(true));
-        await client.PatchAsJsonAsync($"/api/v2.0.0/credentials/{externalCredentialId}", data, Options, cancellationToken)
+        await client.PatchAsJsonAsync(string.Format(_settings.RevokeCredentialPath, externalCredentialId), data, Options, cancellationToken)
             .CatchingIntoServiceExceptionFor("revoke-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
                 async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
             .ConfigureAwait(false);

diff --git a/src/issuer/SsiCredentialIssuer.Service/appsettings.json b/src/issuer/SsiCredentialIssuer.Service/appsettings.json
@@ -63,7 +63,12 @@
     "TokenAddress": "",
     "BaseAddress": "",
     "EncryptionConfigIndex": 0,
-    "EncryptionConfigs": []
+    "EncryptionConfigs": [],
+    "WalletApplication": "",
+    "CredentialCreationPath": "",
+    "SigningCredentialPath": "",
+    "GetCredentialPath": "",
+    "RevokeCredentialPath": ""
   },
   "Credential": {
     "IssuerDid": "",

diff --git a/src/processes/Processes.Worker/appsettings.json b/src/processes/Processes.Worker/appsettings.json
@@ -47,6 +47,11 @@
     "TokenAddress": "",
     "BaseAddress": "",
     "EncryptionConfigIndex": 0,
-    "EncryptionConfigs": []
+    "EncryptionConfigs": [],
+    "WalletApplication": "",
+    "CredentialCreationPath": "",
+    "SigningCredentialPath": "",
+    "GetCredentialPath": "",
+    "RevokeCredentialPath": ""
   }
 }
diff --git a/tests/externalservices/Wallet.Service.Tests/Services/WalletServiceTests.cs b/tests/externalservices/Wallet.Service.Tests/Services/WalletServiceTests.cs
@@ -38,7 +38,12 @@ public WalletServiceTests()
             ClientId = "CatenaX",
             ClientSecret = "pass@Secret",
             TokenAddress = "https://example.org/token",
-            EncryptionConfigIndex = 0
+            EncryptionConfigIndex = 0,
+            WalletApplication = "catena-x-portal",
+            CredentialCreationPath = "api/v2.0.0/credentials",
+            SigningCredentialPath = "/api/v2.0.0/credentials/{0}",
+            GetCredentialPath = "/api/v2.0.0/credentials/{0}",
+            RevokeCredentialPath = "/api/v2.0.0/credentials/{0}"
         });
         _sut = new WalletService(_basicAuthTokenService, _options);
     }

diff --git a/tests/issuer/SsiCredentialIssuer.Service.Tests/appsettings.IntegrationTests.json b/tests/issuer/SsiCredentialIssuer.Service.Tests/appsettings.IntegrationTests.json
@@ -62,6 +62,11 @@
         "CipherMode": "CBC",
         "PaddingMode": "PKCS7"
       }
-    ]
+    ],
+    "WalletApplication": "catena-x-portal",
+    "CredentialCreationPath": "api/v2.0.0/credentials",
+    "SigningCredentialPath": "/api/v2.0.0/credentials/{0}",
+    "GetCredentialPath": "/api/v2.0.0/credentials/{0}",
+    "RevokeCredentialPath": "/api/v2.0.0/credentials/{0}"
   }
 }