WIP progress

Signed-off-by: mineme0110 <shailesh.patil@iohk.io>
hyperledger · May 20, 2024 · 46313eb · 46313eb
1 parent b497297
commit 46313eb
Show file tree

Hide file tree

Showing 10 changed files with 291 additions and 67 deletions.
diff --git a/...nt/service/server/src/main/scala/org/hyperledger/identus/controller/http/ManagedDID.scala b/...nt/service/server/src/main/scala/org/hyperledger/identus/controller/http/ManagedDID.scala
@@ -203,14 +203,10 @@ final case class ManagedDIDKeyTemplate(
     @description(ManagedDIDKeyTemplate.annotations.purpose.description)
     @encodedExample(ManagedDIDKeyTemplate.annotations.purpose.example)
     purpose: Purpose,
-    // @description(ManagedDIDKeyTemplate.annotations.curve.description)
-    // @encodedExample(ManagedDIDKeyTemplate.annotations.curve.example)
-    // curve: Option[Curve]
-) {
-  // TODO: this curve option is hidden for now, to be added back after integration test with node
-  def curve: Option[Curve] = None
-}
-
+    @description(ManagedDIDKeyTemplate.annotations.curve.description)
+    @encodedExample(ManagedDIDKeyTemplate.annotations.curve.example)
+    curve: Option[Curve]
+)
 object ManagedDIDKeyTemplate {
   object annotations {
     object id

diff --git a/...scala/org/hyperledger/identus/presentproof/controller/http/RequestPresentationInput.scala b/...scala/org/hyperledger/identus/presentproof/controller/http/RequestPresentationInput.scala
@@ -101,6 +101,7 @@ object RequestPresentationInput {
           validator = Validator.enumeration(
             List(
               Some("JWT"),
+              Some("vc+sd-jwt"),
               Some("AnonCreds")
             )
           )

diff --git a/...re/src/main/scala/org/hyperledger/identus/pollux/core/service/CredentialServiceImpl.scala b/...re/src/main/scala/org/hyperledger/identus/pollux/core/service/CredentialServiceImpl.scala
@@ -1,5 +1,6 @@
 package org.hyperledger.identus.pollux.core.service
 
+import com.nimbusds.jose.jwk.OctetKeyPair
 import io.circe.Json
 import io.circe.syntax.*
 import org.hyperledger.identus.agent.walletapi.model.{ManagedDIDState, PublicationState}
@@ -32,13 +33,15 @@ import org.hyperledger.identus.shared.utils.aspects.CustomMetricsAspect
 import zio.*
 import zio.prelude.ZValidation
 import org.hyperledger.identus.castor.core.model.did.EllipticCurve
+
 import java.net.URI
 import java.rmi.UnexpectedException
 import java.time.{Instant, ZoneId}
 import java.util.UUID
 import scala.language.implicitConversions
 import org.hyperledger.identus.pollux.sdjwt
 import org.hyperledger.identus.pollux.sdjwt.*
+import org.hyperledger.identus.shared.crypto.{Ed25519KeyPair, Ed25519PublicKey}
 
 object CredentialServiceImpl {
   val layer: URLayer[
@@ -458,6 +461,17 @@ private class CredentialServiceImpl(
               s"${record.id}_issuance_flow_holder_req_pending_to_generated"
             )
           } yield count
+        case (CredentialFormat.SDJWT, Some(subjectId)) =>
+          for {
+            _ <- ZIO
+              .fromEither(PrismDID.fromString(subjectId))
+              .mapError(_ => CredentialServiceError.UnsupportedDidFormat(subjectId))
+            count <- credentialRepository
+              .updateWithSubjectId(recordId, subjectId, ProtocolState.RequestPending)
+              .mapError(RepositoryError.apply) @@ CustomMetricsAspect.startRecordingTime(
+              s"${record.id}_issuance_flow_holder_req_pending_to_generated"
+            )
+          } yield count
         case (CredentialFormat.AnonCreds, None) =>
           credentialRepository
             .updateCredentialRecordProtocolState(recordId, ProtocolState.OfferReceived, ProtocolState.RequestPending)
@@ -548,13 +562,12 @@ private class CredentialServiceImpl(
       )
     } yield jwtIssuer
   }
-  private[this] def getSDJwtIssuerKeys(
+
+  private[this] def getEd25519SigningKeyPair(
       jwtIssuerDID: PrismDID,
       verificationRelationship: VerificationRelationship
   ) = {
-    import org.hyperledger.identus.shared.crypto.Ed25519KeyPair
     for {
-      // Automatically infer keyId to use by resolving DID and choose the corresponding VerificationRelationship
       issuingKeyId <- didService
         .resolveDID(jwtIssuerDID)
         .mapError(e => UnexpectedError(s"Error occured while resolving Issuing DID during VC creation: ${e.toString}"))
@@ -563,14 +576,43 @@ private class CredentialServiceImpl(
         .someOrFail(
           UnexpectedError(s"Issuing DID doesn't have a key in ${verificationRelationship.name} to use: $jwtIssuerDID")
         )
-      ecKeyPair <- managedDIDService
+      ed25519keyPair <- managedDIDService
         .findDIDKeyPair(jwtIssuerDID.asCanonical, issuingKeyId)
         .map(_.collect { case keyPair: Ed25519KeyPair => keyPair })
         .mapError(e => UnexpectedError(s"Error occurred while getting issuer key-pair: ${e.toString}"))
         .someOrFail(
           UnexpectedError(s"Issuer key-pair does not exist in the wallet: ${jwtIssuerDID.toString}#$issuingKeyId")
         )
-    } yield ecKeyPair
+    } yield ed25519keyPair
+  }
+
+  /** @param jwtIssuerDID
+    *   This can holder prism did / issuer prism did
+    * @param verificationRelationship
+    *   Holder it Authentication and Issuer it is AssertionMethod
+    * @return
+    *   JwtIssuer
+    * @see
+    *   org.hyperledger.identus.pollux.vc.jwt.Issuer
+    */
+  private[this] def getSDJwtIssuer(
+      jwtIssuerDID: PrismDID,
+      verificationRelationship: VerificationRelationship
+  ): ZIO[WalletAccessContext, UnexpectedError, JwtIssuer] = {
+    for {
+      ed25519keyPair <- getEd25519SigningKeyPair(jwtIssuerDID, verificationRelationship)
+    } yield {
+
+      val d = java.util.Base64.getUrlEncoder.withoutPadding().encodeToString(ed25519keyPair.privateKey.getEncoded)
+      val x = java.util.Base64.getUrlEncoder.withoutPadding().encodeToString(ed25519keyPair.publicKey.getEncoded)
+      val okpJson = s"""{"kty":"OKP","crv":"Ed25519","d":"$d","x":"$x"}"""
+      val octetKeyPair = OctetKeyPair.parse(okpJson)
+      JwtIssuer(
+        org.hyperledger.identus.pollux.vc.jwt.DID(jwtIssuerDID.toString),
+        EdSigner(ed25519keyPair),
+        Ed25519PublicKey.toJavaPublicKey(ed25519keyPair.publicKey)
+      )
+    }
   }
 
   override def generateJWTCredentialRequest(
@@ -611,11 +653,11 @@ private class CredentialServiceImpl(
     } yield record
   }
 
+  // Holder requesting the credential
   override def generateSDJWTCredentialRequest(
       recordId: DidCommID
   ): ZIO[WalletAccessContext, CredentialServiceError, IssueCredentialRecord] = {
     for {
-      // TODO similar logic generateJWTCredentialRequest
       record <- getRecordWithState(recordId, ProtocolState.RequestPending)
       subjectId <- ZIO
         .fromOption(record.subjectId)
@@ -624,7 +666,7 @@ private class CredentialServiceImpl(
         .fromEither(PrismDID.fromString(subjectId))
         .mapError(_ => CredentialServiceError.UnsupportedDidFormat(subjectId))
       longFormPrismDID <- getLongForm(subjectDID, true).mapError(err => UnexpectedError(err.getMessage))
-      jwtIssuer <- createJwtIssuer(longFormPrismDID, VerificationRelationship.Authentication)
+      jwtIssuer <- getSDJwtIssuer(longFormPrismDID, VerificationRelationship.Authentication)
       presentationPayload <- createPresentationPayload(record, jwtIssuer)
       signedPayload = JwtPresentation.encodeJwt(presentationPayload.toJwtPresentationPayload, jwtIssuer)
       formatAndOffer <- ZIO
@@ -1278,7 +1320,7 @@ private class CredentialServiceImpl(
       record <- markCredentialGenerated(record, issueCredential)
     } yield record
   }
-
+  // Issuer Generating the credential
   override def generateSDJWTCredential(
       recordId: DidCommID,
   ): ZIO[WalletAccessContext, CredentialServiceError, IssueCredentialRecord] = {
@@ -1308,7 +1350,7 @@ private class CredentialServiceImpl(
             .mapError(t => RepositoryError(t)),
         payload => ZIO.logInfo("JWT Presentation Validation Successful!")
       )
-      jwtIssuerKey <- getSDJwtIssuerKeys(longFormPrismDID, VerificationRelationship.AssertionMethod)
+      ed25519KeyPair <- getEd25519SigningKeyPair(longFormPrismDID, VerificationRelationship.AssertionMethod)
       offerCredentialData <- ZIO
         .fromOption(record.offerCredentialData)
         .mapError(_ =>
@@ -1318,8 +1360,7 @@ private class CredentialServiceImpl(
         )
       preview = offerCredentialData.body.credential_preview
       claims <- CredentialService.convertAttributesToJsonClaims(preview.body.attributes)
-
-      sdJwtPrivateKey = sdjwt.IssuerPrivateKey(jwtIssuerKey.privateKey)
+      sdJwtPrivateKey = sdjwt.IssuerPrivateKey(ed25519KeyPair.privateKey)
       credential = SDJWT.issueCredential(sdJwtPrivateKey, claims.asJson.noSpaces, ???) // FIXME
 
       issueCredential = IssueCredential.build(

diff --git a/pollux/sd-jwt/src/main/scala/org/hyperledger/identus/pollux/sdjwt/SDJWT.scala b/pollux/sd-jwt/src/main/scala/org/hyperledger/identus/pollux/sdjwt/SDJWT.scala
@@ -9,8 +9,7 @@ import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory
 import scala.util.Try
 import scala.util.Failure
 import scala.util.Success
-import org.bouncycastle.cert.path.CertPathValidationResult
-
+import zio.json.*
 // TODO move to apollo
 private[sdjwt] object Utils {
 
@@ -134,12 +133,28 @@ object PresentationJson {
 }
 
 object SDJWT {
-
+  given encoder: JsonEncoder[String | Int] = new JsonEncoder[String | Int] {
+    override def unsafeEncode(b: String | Int, indent: Option[Int], out: zio.json.internal.Write): Unit = {
+      b match {
+        case obj: String => JsonEncoder.string.unsafeEncode(obj, indent, out)
+        case obj: Int    => JsonEncoder.int.unsafeEncode(obj, indent, out)
+      }
+    }
+  }
   def issueCredential(
       issueKey: IssuerPrivateKey,
       claims: String,
   ): CredentialJson = issueCredential(issueKey, claims, None)
 
+  def issueCredential(
+      issueKey: IssuerPrivateKey,
+      claimsMap: Map[String, String],
+  ): CredentialJson = {
+    val claims = claimsMap ++
+      Map("sub" -> "did:example:holder", "iss" -> "did:example:issuer", "iat" -> 1683000000, "exp" -> 1883000000)
+    issueCredential(issueKey, claims.toJson, None)
+  }
+
   def issueCredential(
       issueKey: IssuerPrivateKey,
       claims: String,

diff --git a/pollux/sd-jwt/src/test/scala/org/hyperledger/identus/pollux/sdjwt/SDJWTSpec.scala b/pollux/sd-jwt/src/test/scala/org/hyperledger/identus/pollux/sdjwt/SDJWTSpec.scala
@@ -109,6 +109,10 @@ object SDJWTSpec extends ZIOSpecDefault {
     test("make presentation") {
       val credential = SDJWT.issueCredential(ISSUER_KEY, CLAIMS)
       val presentation = SDJWT.createPresentation(credential, CLAIMS_PRESENTED)
+      println("**************")
+      println(s"${presentation.value}")
+      println("**************")
+
       assertTrue(!presentation.value.isEmpty())
     },
     test("verify presentation") {

diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/DidJWT.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/DidJWT.scala
@@ -1,16 +1,16 @@
 package org.hyperledger.identus.pollux.vc.jwt
 
-import com.nimbusds.jose.{JWSAlgorithm, JWSHeader}
-import com.nimbusds.jose.crypto.ECDSASigner
+import com.nimbusds.jose.crypto.{ECDSASigner, Ed25519Signer}
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton
-import com.nimbusds.jose.jwk.{Curve, ECKey}
+import com.nimbusds.jose.jwk.{Curve, ECKey, OctetKeyPair}
+import com.nimbusds.jose.{JWSAlgorithm, JWSHeader}
 import com.nimbusds.jwt.{JWTClaimsSet, SignedJWT}
 import io.circe.*
+import org.hyperledger.identus.shared.crypto.Ed25519KeyPair
 import zio.*
-import pdi.jwt.algorithms.JwtECDSAAlgorithm
-import pdi.jwt.{JwtAlgorithm, JwtCirce}
 
 import java.security.*
+import java.util.Base64
 
 opaque type JWT = String
 
@@ -40,7 +40,7 @@ class ES256KSigner(privateKey: PrivateKey) extends Signer {
   }
 
   override def generateProofForJson(payload: Json, pk: PublicKey): Task[Proof] = {
-    EddsaJcs2022ProofGenerator.generateProof(payload, privateKey, pk)
+    EcdsaJcs2019ProofGenerator.generateProof(payload, privateKey, pk)
   }
 
   override def encode(claim: Json): JWT = {
@@ -54,6 +54,31 @@ class ES256KSigner(privateKey: PrivateKey) extends Signer {
   }
 }
 
+class EdSigner(ed25519KeyPair: Ed25519KeyPair) extends Signer {
+  lazy val signer: Ed25519Signer = {
+    val d = java.util.Base64.getUrlEncoder.withoutPadding().encodeToString(ed25519KeyPair.privateKey.getEncoded)
+    val x = java.util.Base64.getUrlEncoder.withoutPadding().encodeToString(ed25519KeyPair.publicKey.getEncoded)
+    val okpJson = s"""{"kty":"OKP","crv":"Ed25519","d":"$d","x":"$x"}"""
+    val octetKeyPair = OctetKeyPair.parse(okpJson)
+    val ed25519Signer = Ed25519Signer(octetKeyPair)
+    ed25519Signer
+  }
+
+  override def generateProofForJson(payload: Json, pk: PublicKey): Task[Proof] = {
+    EddsaJcs2022ProofGenerator.generateProof(payload, ed25519KeyPair)
+  }
+
+  override def encode(claim: Json): JWT = {
+    val claimSet = JWTClaimsSet.parse(claim.noSpaces)
+    val signedJwt = SignedJWT(
+      new JWSHeader.Builder(JWSAlgorithm.EdDSA).build(),
+      claimSet
+    )
+    signedJwt.sign(signer)
+    JWT(signedJwt.serialize())
+  }
+}
+
 def toJWKFormat(holderJwk: ECKey): JsonWebKey = {
   JsonWebKey(
     kty = "EC",