chore: update local script to create credential issuer

Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io> fix: integrate metadata in demp script Signed-off-by: Pat Losoponkul <pat.losoponkul@iohk.io>
hyperledger · May 13, 2024 · 1c383f3 · 1c383f3
1 parent ba4374e
commit 1c383f3
Show file tree

Hide file tree

Showing 13 changed files with 79 additions and 49 deletions.
diff --git a/...ice/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerEndpoints.scala b/...ice/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerEndpoints.scala
@@ -86,12 +86,12 @@ object CredentialIssuerEndpoints {
 
   val createCredentialOfferEndpoint: Endpoint[
     (ApiKeyCredentials, JwtCredentials),
-    (RequestContext, String, CredentialOfferRequest),
+    (RequestContext, UUID, CredentialOfferRequest),
     ErrorResponse,
     CredentialOfferResponse,
     Any
   ] = baseIssuerPrivateEndpoint.post
-    .in(didRefPathSegment / "credential-offers")
+    .in(issuerIdPathSegment / "credential-offers")
     .in(jsonBody[CredentialOfferRequest])
     .out(
       statusCode(StatusCode.Created).description("CredentialOffer created successfully"),

diff --git a/...rver/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerServerEndpoints.scala b/...rver/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerServerEndpoints.scala
@@ -34,9 +34,9 @@ case class CredentialIssuerServerEndpoints(
     CredentialIssuerEndpoints.createCredentialOfferEndpoint
       .zServerSecurityLogic(SecurityLogic.authorizeWalletAccessWith(_)(authenticator, authorizer))
       .serverLogic { wac =>
-        { case (rc, id, request) =>
+        { case (rc, issuerId, request) =>
           credentialIssuerController
-            .createCredentialOffer(rc, id, request)
+            .createCredentialOffer(rc, issuerId, request)
             .provideSomeLayer(ZLayer.succeed(wac))
             .logTrace(rc)
         }

diff --git a/...rc/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala b/...rc/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala
@@ -28,7 +28,7 @@ trait CredentialIssuerController {
 
   def createCredentialOffer(
       ctx: RequestContext,
-      didRef: String,
+      issuerId: UUID,
       credentialOfferRequest: CredentialOfferRequest
   ): ZIO[WalletAccessContext, ErrorResponse, CredentialOfferResponse]
 
@@ -216,13 +216,12 @@ case class CredentialIssuerControllerImpl(
 
   override def createCredentialOffer(
       ctx: RequestContext,
-      didRef: String,
+      issuerId: UUID,
       credentialOfferRequest: CredentialOfferRequest
   ): ZIO[WalletAccessContext, ErrorResponse, CredentialOfferResponse] = {
     for {
-      canonicalPrismDID <- parseIssuerDIDBasicError(didRef)
       resp <- credentialIssuerService
-        .createCredentialOffer(canonicalPrismDID, credentialOfferRequest.claims)
+        .createCredentialOffer(issuerId, credentialOfferRequest.claims)
         .map(offer => CredentialOfferResponse(offer.offerUri))
         .mapError(ue =>
           internalServerError(detail = Some(s"Unexpected error while creating credential offer: ${ue.message}"))

diff --git a/.../src/main/scala/org/hyperledger/identus/oid4vci/service/OIDCCredentialIssuerService.scala b/.../src/main/scala/org/hyperledger/identus/oid4vci/service/OIDCCredentialIssuerService.scala
@@ -13,6 +13,7 @@ import org.hyperledger.identus.shared.models.{WalletAccessContext, WalletId}
 import zio.*
 
 import java.time.Instant
+import java.util.UUID
 import scala.util.Try
 
 // TODO: move to pollux
@@ -36,7 +37,7 @@ trait OIDCCredentialIssuerService {
   ): IO[Error, JWT]
 
   def createCredentialOffer(
-      issuerDID: PrismDID,
+      issuerId: UUID,
       claims: zio.json.ast.Json
   ): ZIO[WalletAccessContext, Error, CredentialOffer]
 
@@ -154,18 +155,22 @@ case class OIDCCredentialIssuerServiceImpl(
       .someOrFail(ServiceError(s"The IssuanceSession with the issuerState $issuerState does not exist"))
 
   override def createCredentialOffer(
-      issuingDid: PrismDID,
+      issuerId: UUID,
       claims: zio.json.ast.Json
   ): ZIO[WalletAccessContext, OIDCCredentialIssuerService.Error, CredentialOffer] =
-    val canonicalIssuingDid = issuingDid.asCanonical
+    // TODO: do not use hardcoded value
+    val canonicalIssuingDid = PrismDID
+      .fromString("did:prism:0000000000000000000000000000000000000000000000000000000000000000")
+      .toOption
+      .get
+      .asCanonical
     for {
       session <- buildNewIssuanceSession(canonicalIssuingDid, claims)
       _ <- issuanceSessionStorage
         .start(session)
         .mapError(e => ServiceError(s"Failed to start issuance session: ${e.message}"))
     } yield CredentialOffer(
-      credential_issuer =
-        s"http://localhost:8080/prism-agent/${canonicalIssuingDid.toString}", // TODO: add issuer metadata endpoint
+      credential_issuer = s"http://localhost:8080/prism-agent/${issuerId}", // TODO: add issuer metadata endpoint
       credential_configuration_ids = Seq("UniversityDegreeCredential"), // TODO: allow credential configuration CRUD
       grants = Some(
         CredentialOfferGrant(

diff --git a/examples/.nickel/versions.ncl b/examples/.nickel/versions.ncl
@@ -1,6 +1,6 @@
 {
   # identus
-  agent = "1.32.0-SNAPSHOT",
+  agent = "1.33.0-SNAPSHOT",
   node = "2.2.1",
   # 3rd party
   caddy = "2.7.6-alpine",

diff --git a/examples/mt-keycloak-vault/compose.yaml b/examples/mt-keycloak-vault/compose.yaml
@@ -53,7 +53,7 @@ services:
       SECRET_STORAGE_BACKEND: vault
       VAULT_ADDR: http://vault-default:8200
       VAULT_TOKEN: admin
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-default:
     configs:

diff --git a/examples/mt-keycloak/compose.yaml b/examples/mt-keycloak/compose.yaml
@@ -51,7 +51,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-default:8080/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-default:
     configs:

diff --git a/examples/mt/compose.yaml b/examples/mt/compose.yaml
@@ -44,7 +44,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-default:8080/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-default:
     configs:

diff --git a/examples/st-multi/compose.yaml b/examples/st-multi/compose.yaml
@@ -76,7 +76,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-holder:8081/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   agent-issuer:
     depends_on:
@@ -106,7 +106,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-issuer:8080/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   agent-verifier:
     depends_on:
@@ -136,7 +136,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-verifier:8082/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-holder:
     configs:

diff --git a/examples/st-oid4vci/compose.yaml b/examples/st-oid4vci/compose.yaml
@@ -44,7 +44,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-issuer:8080/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-issuer:
     configs:

diff --git a/examples/st-oid4vci/demo.py b/examples/st-oid4vci/demo.py
@@ -12,6 +12,7 @@
 
 AGENT_URL = "http://localhost:8080/prism-agent"
 CREDENTIAL_ISSUER = None
+CREDENTIAL_ISSUER_DID = None
 CREDENTIAL_CONFIGURATION_ID = "UniversityDegreeCredential"
 AUTHORIZATION_SERVER = "http://localhost:9980/realms/students"
 
@@ -36,6 +37,7 @@ def prepare_mock_server():
 
 
 def prepare_issuer():
+    # prepare issuging DID
     dids = requests.get(f"{AGENT_URL}/did-registrar/dids").json()["contents"]
     if len(dids) == 0:
         requests.post(
@@ -62,11 +64,53 @@ def prepare_issuer():
             requests.post(
                 f"{AGENT_URL}/did-registrar/dids/{canonical_did}/publications"
             )
+    canonical_did = issuer_did["did"]
+    global CREDENTIAL_ISSUER_DID
+    CREDENTIAL_ISSUER_DID = canonical_did
 
+    # prepare schema
+    schema = requests.post(
+        f"{AGENT_URL}/schema-registry/schemas",
+        json={
+            "name": "UniversityDegree",
+            "version": "1.0.0",
+            "type": "https://w3c-ccg.github.io/vc-json-schemas/schema/2.0/schema.json",
+            "schema": {
+                "$id": "https://example.com/driving-license-1.0",
+                "$schema": "https://json-schema.org/draft/2020-12/schema",
+                "type": "object",
+                "properties": {
+                    "firstName": {"type": "string"},
+                    "grade": {"type": "number"},
+                },
+                "required": ["firstName", "grade"],
+                "additionalProperties": False,
+            },
+            "tags": [],
+            "author": canonical_did,
+        },
+    ).json()
+    schema_guid = schema["guid"]
+
+    # prepare issuer
+    credential_issuer = requests.post(
+        f"{AGENT_URL}/oid4vci/issuers",
+        json={"authorizationServer": AUTHORIZATION_SERVER},
+    ).json()
+    issuer_id = credential_issuer["id"]
     global CREDENTIAL_ISSUER
-    canonical_did = issuer_did["did"]
-    CREDENTIAL_ISSUER = f"{AGENT_URL}/oid4vci/issuers/{canonical_did}"
-    print(f"CREDENTIAL_ISSUER: {CREDENTIAL_ISSUER}")
+    CREDENTIAL_ISSUER = f"{AGENT_URL}/oid4vci/issuers/{issuer_id}"
+
+    # prepare credential configuration
+    cred_config = requests.post(
+        f"{CREDENTIAL_ISSUER}/credential-configurations",
+        json={
+            "configurationId": CREDENTIAL_CONFIGURATION_ID,
+            "format": "jwt_vc_json",
+            # TODO: align docker host URL
+            "schemaId": f"http://localhost:8085/schema-registry/schemas/{schema_guid}/schema",
+        },
+    ).json()
 
 
 def issuer_create_credential_offer(claims):
@@ -78,35 +122,17 @@ def issuer_create_credential_offer(claims):
 
 
 def holder_get_issuer_metadata(credential_issuer: str):
-    # metadata_url = f"{credential_issuer}/.well-known/openid-credential-issuer"
-    # TODO: OEA should return these instead of hardcoded values
-    return {
-        "credential_issuer": CREDENTIAL_ISSUER,
-        "authorization_servers": [AUTHORIZATION_SERVER],
-        "credential_endpoint": f"{CREDENTIAL_ISSUER}/credentials",
-        "credential_identifiers_supported": False,
-        "credential_configurations_supported": {
-            CREDENTIAL_CONFIGURATION_ID: {
-                "format": "jwt_vc_json",
-                "scope": CREDENTIAL_CONFIGURATION_ID,
-                "credential_signing_alg_values_supported": ["ES256K"],
-                "credential_definition": {
-                    "type": ["VerifiableCredential", "UniversityDegreeCredential"],
-                    "credentialSubject": {
-                        "degree": {},
-                        "gpa": {"display": [{"name": "GPA"}]},
-                    },
-                },
-            }
-        },
-    }
+    metadata_url = f"{CREDENTIAL_ISSUER}/.well-known/openid-credential-issuer"
+    response = requests.get(metadata_url).json()
+    # TODO: use credential_endpoint from response
+    response["credential_endpoint"] = f"{AGENT_URL}/oid4vci/issuers/did:prism:0000000000000000000000000000000000000000000000000000000000000000/credentials"
+    return response
 
 
 def holder_get_issuer_as_metadata(authorization_server: str):
     metadata_url = f"{authorization_server}/.well-known/openid-configuration"
     response = requests.get(metadata_url)
     metadata = response.json()
-    # print(json.dumps(metadata, indent=2))
     return metadata
 
 

diff --git a/examples/st-vault/compose.yaml b/examples/st-vault/compose.yaml
@@ -46,7 +46,7 @@ services:
       SECRET_STORAGE_BACKEND: vault
       VAULT_ADDR: http://vault-issuer:8200
       VAULT_TOKEN: admin
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-issuer:
     configs:

diff --git a/examples/st/compose.yaml b/examples/st/compose.yaml
@@ -44,7 +44,7 @@ services:
       PRISM_NODE_PORT: '50053'
       REST_SERVICE_URL: http://caddy-issuer:8080/prism-agent
       SECRET_STORAGE_BACKEND: postgres
-    image: ghcr.io/hyperledger/identus-cloud-agent:1.32.0-SNAPSHOT
+    image: ghcr.io/hyperledger/identus-cloud-agent:1.33.0-SNAPSHOT
     restart: always
   caddy-issuer:
     configs: