Merge branch 'main' into oidc

build.sbt

@@ -67,6 +67,8 @@ lazy val V = new {
 
   val typesafeConfig = "1.4.3"
   val protobuf = "3.1.9"
+  val grpcOkHttp = "1.63.0"
+
   val testContainersScala = "0.41.3"
   val testContainersJavaKeycloak = "3.2.0" // scala-steward:off
 
@@ -77,7 +79,6 @@ lazy val V = new {
   val logback = "1.4.14"
   val slf4j = "2.0.13"
 
-  val prismSdk = "1.4.1" // scala-steward:off
   val scalaUri = "4.0.3"
 
   val jwtCirceVersion = "9.4.6"
@@ -138,6 +139,7 @@ lazy val D = new {
   val scalaPbRuntime: ModuleID =
     "com.thesamet.scalapb" %% "scalapb-runtime" % scalapb.compiler.Version.scalapbVersion % "protobuf"
   val scalaPbGrpc: ModuleID = "com.thesamet.scalapb" %% "scalapb-runtime-grpc" % scalapb.compiler.Version.scalapbVersion
+  val grpcOkHttp: ModuleID = "io.grpc" % "grpc-okhttp" % V.grpcOkHttp
 
   val testcontainersPostgres: ModuleID =
     "com.dimafeng" %% "testcontainers-scala-postgresql" % V.testContainersScala % Test
@@ -165,16 +167,6 @@ lazy val D = new {
   val monocleMacro: ModuleID = "dev.optics" %% "monocle-macro" % V.monocle % Test
 
   val apollo = "io.iohk.atala.prism.apollo" % "apollo-jvm" % V.apollo
-  // We have to exclude bouncycastle since for some reason bitcoinj depends on bouncycastle jdk15to18
-  // (i.e. JDK 1.5 to 1.8), but we are using JDK 11
-  val prismCrypto = "io.iohk.atala" % "prism-crypto-jvm" % V.prismSdk excludeAll
-    ExclusionRule(
-      organization = "org.bouncycastle"
-    )
-  // Added here to make prism-crypto works.
-  // Once migrated to apollo, re-evaluate if this should be removed.
-  val bouncyBcpkix = "org.bouncycastle" % "bcpkix-jdk18on" % V.bouncyCastle
-  val bouncyBcprov = "org.bouncycastle" % "bcprov-jdk18on" % V.bouncyCastle
 
   // LIST of Dependencies
   val doobieDependencies: Seq[ModuleID] =
@@ -204,9 +196,6 @@ lazy val D_SharedCrypto = new {
     Seq(
       D.zioJson,
       D.apollo,
-      D.bouncyBcpkix,
-      D.bouncyBcprov,
-      D.prismCrypto, // TODO: remove after migrated all primitives to apollo
       D.nimbusJwt,
       D.zioTest,
       D.zioTestSbt,
@@ -290,7 +279,6 @@ lazy val D_Pollux = new {
     D.zioMock,
     D.munit,
     D.munitZio,
-    D.prismCrypto,
     // shared,
     logback,
     slf4jApi,
@@ -399,7 +387,6 @@ lazy val D_CloudAgent = new {
     D.micrometer,
     D.micrometerPrometheusRegistry
   )
-  val bouncyDependencies: Seq[ModuleID] = Seq(D.bouncyBcpkix, D.bouncyBcprov)
   val tapirDependencies: Seq[ModuleID] =
     Seq(
       tapirSwaggerUiBundle,
@@ -417,7 +404,7 @@ lazy val D_CloudAgent = new {
 
   // Project Dependencies
   lazy val keyManagementDependencies: Seq[ModuleID] =
-    baseDependencies ++ bouncyDependencies ++ D.doobieDependencies ++ Seq(D.zioCatsInterop, D.zioMock, vaultDriver)
+    baseDependencies ++ D.doobieDependencies ++ Seq(D.zioCatsInterop, D.zioMock, vaultDriver)
 
   lazy val iamDependencies: Seq[ModuleID] = Seq(keycloakAuthz, D.jwtCirce)
 
@@ -697,7 +684,7 @@ val prismNodeClient = project
   .in(file("prism-node/client/scala-client"))
   .settings(
     name := "prism-node-client",
-    libraryDependencies ++= Seq(D.scalaPbGrpc, D.scalaPbRuntime),
+    libraryDependencies ++= Seq(D.scalaPbGrpc, D.scalaPbRuntime, D.grpcOkHttp),
     coverageEnabled := false,
     // gRPC settings
     Compile / PB.targets := Seq(scalapb.gen() -> (Compile / sourceManaged).value / "scalapb"),

castor/src/main/scala/org/hyperledger/identus/castor/core/model/did/PrismDID.scala

@@ -1,7 +1,7 @@
 package org.hyperledger.identus.castor.core.model.did
 
 import org.hyperledger.identus.castor.core.model.ProtoModelHelper
-import io.iohk.atala.prism.crypto.{Sha256, Sha256Digest}
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 import io.iohk.atala.prism.protos.node_models
 import io.iohk.atala.prism.protos.node_models.AtalaOperation.Operation
 import org.hyperledger.identus.shared.models.Base64UrlString
@@ -30,7 +30,7 @@ object PrismDID extends ProtoModelHelper {
   val LONG_FORM_SUFFIX_REGEX: Regex = "^([0-9a-f]{64}):([A-Za-z0-9_-]+$)".r
 
   def buildCanonical(stateHash: Array[Byte]): Either[String, CanonicalPrismDID] =
-    Try(Sha256Digest.fromBytes(stateHash)).toEither.left
+    Try(Sha256Hash.fromBytes(stateHash)).toEither.left
       .map(_.getMessage)
       .map(_ => CanonicalPrismDID(HexString.fromByteArray(stateHash)))
 
@@ -109,7 +109,7 @@ final case class LongFormPrismDID private[did] (atalaOperation: node_models.Atal
 
   override val stateHash: HexString = {
     val encodedState = atalaOperation.toByteArray
-    HexString.fromByteArray(Sha256.compute(encodedState).getValue)
+    HexString.fromByteArray(Sha256Hash.compute(encodedState).bytes.toArray)
   }
 
   override val suffix: DIDMethodSpecificId = {

castor/src/main/scala/org/hyperledger/identus/castor/core/model/did/PrismDIDOperation.scala

@@ -1,15 +1,15 @@
 package org.hyperledger.identus.castor.core.model.did
 
 import org.hyperledger.identus.castor.core.model.ProtoModelHelper
-import io.iohk.atala.prism.crypto.Sha256
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 
 import scala.collection.compat.immutable.ArraySeq
 import io.iohk.atala.prism.protos.node_models
 
 sealed trait PrismDIDOperation {
   def did: CanonicalPrismDID
   def toAtalaOperation: node_models.AtalaOperation
-  def toAtalaOperationHash: Array[Byte] = Sha256.compute(toAtalaOperation.toByteArray).getValue
+  def toAtalaOperationHash: Array[Byte] = Sha256Hash.compute(toAtalaOperation.toByteArray).bytes.toArray
 }
 
 object PrismDIDOperation extends ProtoModelHelper {
@@ -38,7 +38,7 @@ final case class SignedPrismDIDOperation(
     import ProtoModelHelper.*
     this.toProto
   }
-  def toAtalaOperationId: Array[Byte] = Sha256.compute(toSignedAtalaOperation.toByteArray).getValue
+  def toAtalaOperationId: Array[Byte] = Sha256Hash.compute(toSignedAtalaOperation.toByteArray).bytes.toArray
 }
 
 final case class ScheduleDIDOperationOutcome(

castor/src/test/scala/org/hyperledger/identus/castor/core/model/did/PrismDIDSpec.scala

@@ -1,7 +1,7 @@
 package org.hyperledger.identus.castor.core.model.did
 
 import com.google.protobuf.ByteString
-import io.iohk.atala.prism.crypto.{Sha256, Sha256Digest}
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 import io.iohk.atala.prism.protos.node_models
 import org.hyperledger.identus.shared.models.Base64UrlString
 import zio.*
@@ -11,11 +11,11 @@ import zio.test.Assertion.*
 object PrismDIDSpec extends ZIOSpecDefault {
 
   private val canonicalSuffixHex = "9b5118411248d9663b6ab15128fba8106511230ff654e7514cdcc4ce919bde9b"
-  private val canonicalSuffix = Sha256Digest.fromHex(canonicalSuffixHex)
+  private val canonicalSuffix = Sha256Hash.fromHex(canonicalSuffixHex)
   private val encodedStateUsedBase64 =
     "Cj8KPRI7CgdtYXN0ZXIwEAFKLgoJc2VjcDI1NmsxEiEDHpf-yhIns-LP3tLvA8icC5FJ1ZlBwbllPtIdNZ3q0jU"
 
-  private val short = PrismDID.buildCanonical(canonicalSuffix.getValue).toOption.get
+  private val short = PrismDID.buildCanonical(canonicalSuffix.bytes.toArray).toOption.get
   private val long = PrismDID
     .buildLongFormFromAtalaOperation(
       node_models.AtalaOperation.parseFrom(Base64UrlString.fromStringUnsafe(encodedStateUsedBase64).toByteArray)
@@ -26,7 +26,7 @@ object PrismDIDSpec extends ZIOSpecDefault {
 
   private val didParserSpec = suite("PrismDID.fromString")(
     test("success for valid DID") {
-      val stateHash = Sha256.compute(Array()).getValue
+      val stateHash = Sha256Hash.compute(Array()).bytes.toArray
       val validDID = PrismDID.buildCanonical(stateHash).toOption.get
       val unsafeDID = PrismDID.fromString(validDID.toString)
       assert(unsafeDID)(isRight(equalTo(validDID)))
@@ -57,7 +57,7 @@ object PrismDIDSpec extends ZIOSpecDefault {
       )
       val encodedState = mockAtalaOperation.toByteArray
       val encodedStateBase64 = Base64UrlString.fromByteArray(encodedState).toStringNoPadding
-      val stateHash = Sha256.compute(encodedState).getHexValue
+      val stateHash = Sha256Hash.compute(encodedState).hexEncoded
       val didString = s"did:prism:$stateHash:$encodedStateBase64"
       val unsafeDID = PrismDID.fromString(didString)
       assert(unsafeDID)(isLeft(containsString("CreateDid Atala operation expected")))

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authentication/apikey/ApiKeyAuthenticatorImpl.scala

@@ -5,7 +5,7 @@ import org.hyperledger.identus.agent.walletapi.model.Wallet
 import org.hyperledger.identus.agent.walletapi.service.{EntityService, WalletManagementService}
 import org.hyperledger.identus.iam.authentication.AuthenticationError
 import org.hyperledger.identus.iam.authentication.AuthenticationError.*
-import io.iohk.atala.prism.crypto.Sha256
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 import org.hyperledger.identus.shared.models.WalletAdministrationContext
 import org.hyperledger.identus.shared.models.WalletId
 import zio.{IO, URLayer, ZIO, ZLayer}
@@ -73,7 +73,7 @@ case class ApiKeyAuthenticatorImpl(
     for {
       saltAndApiKey <- ZIO.succeed(apiKeyConfig.salt + apiKey)
       secret <- ZIO
-        .fromTry(Try(Sha256.compute(saltAndApiKey.getBytes).getHexValue))
+        .fromTry(Try(Sha256Hash.compute(saltAndApiKey.getBytes).hexEncoded))
         .logError("Failed to compute SHA256 hash")
         .mapError(cause => AuthenticationRepositoryError.UnexpectedError(cause))
       entityId <- repository
@@ -88,7 +88,7 @@ case class ApiKeyAuthenticatorImpl(
     for {
       saltAndApiKey <- ZIO.succeed(apiKeyConfig.salt + apiKey)
       secret <- ZIO
-        .fromTry(Try(Sha256.compute(saltAndApiKey.getBytes).getHexValue))
+        .fromTry(Try(Sha256Hash.compute(saltAndApiKey.getBytes).hexEncoded))
         .logError("Failed to compute SHA256 hash")
         .mapError(cause => AuthenticationError.UnexpectedError(cause.getMessage))
       _ <- repository
@@ -102,7 +102,7 @@ case class ApiKeyAuthenticatorImpl(
     for {
       saltAndApiKey <- ZIO.succeed(apiKeyConfig.salt + apiKey)
       secret <- ZIO
-        .fromTry(Try(Sha256.compute(saltAndApiKey.getBytes).getHexValue))
+        .fromTry(Try(Sha256Hash.compute(saltAndApiKey.getBytes).hexEncoded))
         .logError("Failed to compute SHA256 hash")
         .mapError(cause => AuthenticationError.UnexpectedError(cause.getMessage))
       _ <- repository

cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/model/KeyManagement.scala

@@ -3,7 +3,7 @@ package org.hyperledger.identus.agent.walletapi.model
 import org.hyperledger.identus.castor.core.model.did.EllipticCurve
 import org.hyperledger.identus.castor.core.model.did.InternalKeyPurpose
 import org.hyperledger.identus.castor.core.model.did.VerificationRelationship
-import io.iohk.atala.prism.crypto.Sha256
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 import org.hyperledger.identus.shared.crypto.DerivationPath
 import org.hyperledger.identus.shared.crypto.Ed25519KeyPair
 import org.hyperledger.identus.shared.crypto.X25519KeyPair
@@ -17,7 +17,7 @@ object WalletSeed {
   extension (s: WalletSeed) {
     final def toString(): String = "<REDACTED>"
     def toByteArray: Array[Byte] = s.toArray
-    def sha256Digest: Array[Byte] = Sha256.compute(toByteArray).getValue()
+    def sha256Digest: Array[Byte] = Sha256Hash.compute(toByteArray).bytes.toArray
   }
 
   def fromByteArray(bytes: Array[Byte]): Either[String, WalletSeed] = {

cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/vault/VaultDIDSecretStorage.scala

@@ -4,7 +4,7 @@ import com.nimbusds.jose.jwk.OctetKeyPair
 import org.hyperledger.identus.agent.walletapi.storage.DIDSecretStorage
 import org.hyperledger.identus.mercury.model.DidId
 import org.hyperledger.identus.castor.core.model.did.PrismDID
-import io.iohk.atala.prism.crypto.Sha256
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 import org.hyperledger.identus.shared.crypto.jwk.FromJWK
 import org.hyperledger.identus.shared.crypto.jwk.JWK
 import org.hyperledger.identus.shared.models.HexString
@@ -74,7 +74,7 @@ class VaultDIDSecretStorage(vaultKV: VaultKVClient, useSemanticPath: Boolean) ex
     if (useSemanticPath) {
       s"$basePath/$relativePath" -> Map.empty
     } else {
-      val relativePathHash = Sha256.compute(relativePath.getBytes(StandardCharsets.UTF_8)).getHexValue()
+      val relativePathHash = Sha256Hash.compute(relativePath.getBytes(StandardCharsets.UTF_8)).hexEncoded
       s"$basePath/$relativePathHash" -> Map(SEMANTIC_PATH_METADATA_KEY -> relativePath)
     }
   }
@@ -88,7 +88,7 @@ class VaultDIDSecretStorage(vaultKV: VaultKVClient, useSemanticPath: Boolean) ex
     if (useSemanticPath) {
       s"$basePath/$relativePath" -> Map.empty
     } else {
-      val relativePathHash = Sha256.compute(relativePath.getBytes(StandardCharsets.UTF_8)).getHexValue()
+      val relativePathHash = Sha256Hash.compute(relativePath.getBytes(StandardCharsets.UTF_8)).hexEncoded
       s"$basePath/$relativePathHash" -> Map(SEMANTIC_PATH_METADATA_KEY -> relativePath)
     }
   }

cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/vault/VaultGenericSecretStorage.scala

@@ -2,7 +2,7 @@ package org.hyperledger.identus.agent.walletapi.vault
 
 import org.hyperledger.identus.agent.walletapi.storage.GenericSecret
 import org.hyperledger.identus.agent.walletapi.storage.GenericSecretStorage
-import io.iohk.atala.prism.crypto.Sha256
+import org.hyperledger.identus.shared.crypto.Sha256Hash
 import org.hyperledger.identus.shared.models.WalletAccessContext
 import org.hyperledger.identus.shared.models.WalletId
 import zio.*
@@ -43,7 +43,7 @@ class VaultGenericSecretStorage(vaultKV: VaultKVClient, useSemanticPath: Boolean
     if (useSemanticPath) {
       s"$basePath/$relativePath" -> Map.empty
     } else {
-      val relativePathHash = Sha256.compute(relativePath.getBytes(StandardCharsets.UTF_8)).getHexValue()
+      val relativePathHash = Sha256Hash.compute(relativePath.getBytes(StandardCharsets.UTF_8)).hexEncoded
       s"$basePath/$relativePathHash" -> Map(SEMANTIC_PATH_METADATA_KEY -> relativePath)
     }
   }