Merge branch 'main' into update/main/internal

.github/workflows/auto-merge.yml

@@ -0,0 +1,79 @@
+name: Auto Merge Main into Feature Branch
+
+# Automatically merge main into a feature branch when a pull request is labeled with 'autoupdate'
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened, labeled]
+
+jobs:
+  auto-merge:
+    if: contains(github.event.pull_request.labels.*.name, 'autoupdate')
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: main
+
+      - name: Set up GPG key to extract the Git configuration
+        uses: crazy-max/ghaction-import-gpg@v3
+        id: import_gpg
+        with:
+          gpg-private-key: ${{ secrets.HYP_BOT_GPG_PRIVATE }}
+          passphrase: ${{ secrets.HYP_BOT_GPG_PASSWORD }}
+          git-user-signingkey: true
+          git-commit-gpgsign: true
+          git_config_global: true
+          git_tag_gpgsign: true
+
+      - name: Set up Git
+        run: |
+          git config --global user.name '${{ steps.import_gpg.outputs.name }}'
+          git config --global user.email '${{ steps.import_gpg.outputs.email }}'
+
+      - name: Fetch all branches
+        run: git fetch origin
+
+      - name: Checkout the feature branch
+        run: git checkout ${{ github.event.pull_request.head.ref }}
+
+      - name: Merge main into feature branch
+        run: git merge --squash origin/main
+
+      - name: Commit changes
+        run: git commit -S -s -m "Merge main into ${{ github.event.pull_request.head.ref }}"
+        if: success()
+
+      - name: Push changes
+        run: git push origin ${{ github.event.pull_request.head.ref }}
+        if: success()
+
+      - name: Add comment to PR
+        if: success()
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const prNumber = ${{ github.event.pull_request.number }};
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+              body: 'The main branch has been successfully merged into this feature branch! :rocket:'
+            });
+
+      - name: Add sad comment to PR
+        if: failure()
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const prNumber = ${{ github.event.pull_request.number }};
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+              body: 'The main branch cannot be merged into the feature branch without your help :cry:'
+            });

.mega-linter.yml

@@ -32,6 +32,7 @@ DISABLE_ERRORS_LINTERS:
   - KOTLIN_KTLINT
   - PROTOBUF_PROTOLINT
   - MARKDOWN_MARKDOWN_LINK_CHECK
+  - ACTION_ACTIONLINT
 
 DISABLE: [COPYPASTE, SPELL, CREDENTIALS]
 SHOW_ELAPSED_TIME: false

build.sbt

@@ -122,6 +122,9 @@ lazy val D = new {
 
   val jwtCirce = "com.github.jwt-scala" %% "jwt-circe" % V.jwtCirceVersion
   val jsonCanonicalization: ModuleID = "io.github.erdtman" % "java-json-canonicalization" % "1.1"
+  val titaniumJsonLd: ModuleID = "com.apicatalog" % "titanium-json-ld" % "1.4.0"
+  val jakartaJson: ModuleID = "org.glassfish" % "jakarta.json" % "2.0.1"
+  val ironVC: ModuleID = "com.apicatalog" % "iron-verifiable-credentials" % "0.14.0"
   val scodecBits: ModuleID = "org.scodec" %% "scodec-bits" % "1.1.38"
 
   // https://mvnrepository.com/artifact/org.didcommx/didcomm/0.3.2
@@ -184,6 +187,9 @@ lazy val D_Shared = new {
       D.zioCatsInterop,
       D.zioPrelude,
       D.jsonCanonicalization,
+      D.titaniumJsonLd,
+      D.jakartaJson,
+      D.ironVC,
       D.scodecBits,
     )
 }
@@ -746,8 +752,6 @@ lazy val polluxDoobie = project
 
 lazy val polluxAnoncreds = project
   .in(file("pollux/anoncreds"))
-  .enablePlugins(BuildInfoPlugin)
-  .enablePlugins(JavaAppPackaging)
   .settings(
     name := "pollux-anoncreds",
     Compile / unmanagedJars += baseDirectory.value / "anoncreds-jvm-1.0-SNAPSHOT.jar",

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/jobs/BackgroundJobsHelper.scala

@@ -15,7 +15,7 @@ import org.hyperledger.identus.mercury.{AgentPeerService, DidAgent}
 import org.hyperledger.identus.mercury.model.DidId
 import org.hyperledger.identus.pollux.core.model.error.PresentationError
 import org.hyperledger.identus.pollux.sdjwt.SDJWT.*
-import org.hyperledger.identus.pollux.vc.jwt.{DIDResolutionFailed, DIDResolutionSucceeded, ES256KSigner, EdSigner, *}
+import org.hyperledger.identus.pollux.vc.jwt.{DIDResolutionFailed, DIDResolutionSucceeded, ES256KSigner, *}
 import org.hyperledger.identus.pollux.vc.jwt.{DidResolver as JwtDidResolver, Issuer as JwtIssuer}
 import org.hyperledger.identus.shared.crypto.{
   Ed25519KeyPair,
@@ -24,6 +24,7 @@ import org.hyperledger.identus.shared.crypto.{
   Secp256k1KeyPair,
   X25519KeyPair
 }
+import org.hyperledger.identus.shared.models.KeyId
 import org.hyperledger.identus.shared.models.WalletAccessContext
 import zio.{ZIO, ZLayer}
 
@@ -125,7 +126,7 @@ trait BackgroundJobsHelper {
   def findHolderEd25519SigningKey(
       proverDid: PrismDID,
       verificationRelationship: VerificationRelationship,
-      keyId: String
+      keyId: KeyId
   ): ZIO[DIDService & ManagedDIDService & WalletAccessContext, RuntimeException, Ed25519KeyPair] = {
     for {
       managedDIDService <- ZIO.service[ManagedDIDService]
@@ -137,7 +138,7 @@ trait BackgroundJobsHelper {
         .map { case (_, didData) =>
           didData.publicKeys
             .find(pk =>
-              pk.id == keyId
+              pk.id == keyId.value
                 && pk.purpose == verificationRelationship && pk.publicKeyData.crv == EllipticCurve.ED25519
             )
             .map(_.id)
@@ -153,70 +154,6 @@ trait BackgroundJobsHelper {
         )
     } yield ed25519keyPair
   }
-  def getEd25519SigningKeyPair(
-      proverDid: PrismDID,
-      verificationRelationship: VerificationRelationship,
-      keyId: Option[String] = None
-  ): ZIO[DIDService & ManagedDIDService & WalletAccessContext, RuntimeException, Ed25519KeyPair] = {
-    for {
-      managedDIDService <- ZIO.service[ManagedDIDService]
-      didService <- ZIO.service[DIDService]
-      issuingKeyId <- didService
-        .resolveDID(proverDid)
-        .mapError(e => RuntimeException(s"Error occured while resolving Issuing DID during VC creation: ${e.toString}"))
-        .someOrFail(RuntimeException(s"Issuing DID resolution result is not found"))
-        .map { case (_, didData) =>
-          keyId match {
-            case Some(kid) =>
-              didData.publicKeys
-                .find(pk =>
-                  pk.id.endsWith(
-                    s"#$kid"
-                  ) && pk.purpose == verificationRelationship && pk.publicKeyData.crv == EllipticCurve.ED25519
-                )
-                .map(_.id)
-            case None => // TODO Remove this None mean we cannot use the holder binding In SDJWT you will always have keyID with credentil since you did when you accept the offer with keyId
-              didData.publicKeys
-                .find(pk => pk.purpose == verificationRelationship && pk.publicKeyData.crv == EllipticCurve.ED25519)
-                .map(_.id)
-          }
-        }
-        .someOrFail(
-          RuntimeException(s"Issuing DID doesn't have a key in ${verificationRelationship.name} to use: $proverDid")
-        )
-      ed25519keyPair <- managedDIDService
-        .findDIDKeyPair(proverDid.asCanonical, issuingKeyId)
-        .map(_.collect { case keyPair: Ed25519KeyPair => keyPair })
-        .someOrFail(
-          RuntimeException(s"Issuer key-pair does not exist in the wallet: ${proverDid.toString}#$issuingKeyId")
-        )
-    } yield ed25519keyPair
-  }
-
-  /** @param proverDid
-    *   This is holder prism did
-    * @param verificationRelationship
-    *   Holder it Authentication and Issuer it is AssertionMethod
-    * @return
-    *   JwtIssuer
-    * @see
-    *   org.hyperledger.identus.pollux.vc.jwt.Issuer
-    */
-  def getSDJwtIssuer(
-      proverDid: PrismDID,
-      verificationRelationship: VerificationRelationship,
-      keyId: Option[String]
-  ): ZIO[DIDService & ManagedDIDService & WalletAccessContext, RuntimeException, JwtIssuer] = {
-    for {
-      ed25519keyPair <- getEd25519SigningKeyPair(proverDid, verificationRelationship, keyId)
-    } yield {
-      JwtIssuer(
-        org.hyperledger.identus.pollux.vc.jwt.DID(proverDid.toString),
-        EdSigner(ed25519keyPair, keyId),
-        Ed25519PublicKey.toJavaEd25519PublicKey(ed25519keyPair.publicKey.getEncoded)
-      )
-    }
-  }
 
   def resolveToEd25519PublicKey(did: String): ZIO[JwtDidResolver, PresentationError, Ed25519PublicKey] = {
     for {

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/jobs/IssueBackgroundJobs.scala

@@ -615,19 +615,16 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
     aux
       .tapError(
         {
-          case walletNotFound: WalletNotFoundError =>
-            ZIO.logErrorCause(
-              s"Issue Credential- Error processing record: ${record.id}",
-              Cause.fail(walletNotFound)
-            )
+          case walletNotFound: WalletNotFoundError            => ZIO.unit
+          case CredentialServiceError.RecordNotFound(_, _)    => ZIO.unit
+          case CredentialServiceError.UnsupportedDidFormat(_) => ZIO.unit
           case ((walletAccessContext, e)) =>
             for {
               credentialService <- ZIO.service[CredentialService]
               _ <- credentialService
                 .reportProcessingFailure(record.id, Some(e.toString))
                 .provideSomeLayer(ZLayer.succeed(walletAccessContext))
             } yield ()
-
         }
       )
       .catchAll(e => ZIO.logErrorCause(s"Issue Credential - Error processing record: ${record.id} ", Cause.fail(e)))

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/jobs/PresentBackgroundJobs.scala

@@ -144,46 +144,6 @@ object PresentBackgroundJobs extends BackgroundJobsHelper {
         case None => ZIO.succeed(None)
 
     } yield optionalHolderPrivateKey
-  // Holder / Prover Get the Holder/Prover PrismDID from the IssuedCredential
-  // When holder accepts offer he provides the subjectdid
-  private def getPrismDIDForHolderFromCredentials(
-      presentationId: DidCommID,
-      credentialsToUse: Seq[String]
-  ) =
-    for {
-      credentialService <- ZIO.service[CredentialService]
-      // Choose first credential from the list to detect the subject DID to be used in Presentation.
-      // Holder binding check implies that any credential record can be chosen to detect the DID to use in VP.
-      credentialRecordId <- ZIO
-        .fromOption(credentialsToUse.headOption)
-        .mapError(_ =>
-          PresentationError.UnexpectedError(s"No credential found in the Presentation record: $presentationId")
-        )
-      credentialRecordUuid <- ZIO
-        .attempt(DidCommID(credentialRecordId))
-        .mapError(_ => PresentationError.UnexpectedError(s"$credentialRecordId is not a valid DidCommID"))
-      credentialRecord <- credentialService
-        .findById(credentialRecordUuid)
-        .someOrFail(CredentialServiceError.RecordNotFound(credentialRecordUuid))
-      vcSubjectId <- ZIO
-        .fromOption(credentialRecord.subjectId)
-        .orDieWith(_ => RuntimeException(s"VC SubjectId not found in credential record: $credentialRecordUuid"))
-
-      proverDID <- ZIO
-        .fromEither(PrismDID.fromString(vcSubjectId))
-        .mapError(e =>
-          PresentationError
-            .UnexpectedError(
-              s"One of the credential(s) subject is not a valid Prism DID: ${vcSubjectId}"
-            )
-        )
-      longFormProverPrismDID <- getLongForm(proverDID, true)
-      jwtIssuer <- getSDJwtIssuer(
-        longFormProverPrismDID,
-        VerificationRelationship.Authentication,
-        credentialRecord.keyId
-      )
-    } yield jwtIssuer
 
   private def performPresentProofExchange(record: PresentationRecord): URIO[
     AppConfig & DidOps & DIDResolver & JwtDidResolver & HttpClient & PresentationService & CredentialService &

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/credentialstatus/controller/http/StatusListCredential.scala

@@ -38,9 +38,6 @@ case class StatusListCredential(
 )
 
 case class CredentialSubject(
-    @description(annotations.credentialSubject.id.description)
-    @encodedExample(annotations.credentialSubject.id.example)
-    id: String,
     @description(annotations.credentialSubject.`type`.description)
     @encodedExample(annotations.credentialSubject.`type`.example)
     `type`: String,

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/didcomm/controller/DIDCommControllerImpl.scala

@@ -55,7 +55,6 @@ class DIDCommControllerImpl(
           .catchAll {
             case f: Failure                    => ZIO.fail(f)
             case _: DIDCommMessageParsingError => ZIO.fail(UnexpectedError(StatusCode.BadRequest))
-            case _: PresentationError          => ZIO.fail(UnexpectedError(StatusCode.UnprocessableContent))
           }
           .provideSomeLayer(ZLayer.succeed(msgAndContext._2))
       } yield ()

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/issue/controller/IssueControllerImpl.scala

@@ -21,6 +21,7 @@ import org.hyperledger.identus.pollux.core.model.{CredentialFormat, DidCommID}
 import org.hyperledger.identus.pollux.core.model.CredentialFormat.{AnonCreds, JWT, SDJWT}
 import org.hyperledger.identus.pollux.core.model.IssueCredentialRecord.Role
 import org.hyperledger.identus.pollux.core.service.CredentialService
+import org.hyperledger.identus.shared.models.KeyId
 import org.hyperledger.identus.shared.models.WalletAccessContext
 import zio.{URLayer, ZIO, ZLayer}
 
@@ -161,7 +162,7 @@ class IssueControllerImpl(
         case Some(did) => extractPrismDIDFromString(did).flatMap(validatePrismDID(_, true, Role.Holder))
         case None      => ZIO.succeed(())
       id <- extractDidCommIdFromString(recordId)
-      outcome <- credentialService.acceptCredentialOffer(id, request.subjectId, request.keyId)
+      outcome <- credentialService.acceptCredentialOffer(id, request.subjectId, request.keyId.map(KeyId(_)))
     } yield IssueCredentialRecord.fromDomain(outcome)
   }
 

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/issue/controller/http/AcceptCredentialOfferRequest.scala

@@ -2,6 +2,7 @@ package org.hyperledger.identus.issue.controller.http
 
 import org.hyperledger.identus.api.http.Annotation
 import org.hyperledger.identus.issue.controller.http.AcceptCredentialOfferRequest.annotations
+import org.hyperledger.identus.shared.models.KeyId
 import sttp.tapir.{Schema, Validator}
 import sttp.tapir.Schema.annotations.{description, encodedExample, validate}
 import zio.json.{DeriveJsonDecoder, DeriveJsonEncoder, JsonDecoder, JsonEncoder}

examples/st-oid4vci/demo.py

@@ -1,12 +1,10 @@
 import json
-import jwt
-import requests
 import time
 import urllib
 
+import jwt
+import requests
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives import serialization
-
 
 MOCKSERVER_URL = "http://localhost:7777"
 LOGIN_REDIRECT_URL = "http://localhost:7777/cb"