From 3c1d965f913b1da7f0f5d58c99e89ea36c58fffc Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Thu, 13 Jul 2023 18:29:36 +0530 Subject: [PATCH] feat: check expiry of VC while VP validate support added and test cases updated --- .../constant/StringPool.java | 1 + .../service/CommonService.java | 19 ++++++++++++ .../service/IssuersCredentialService.java | 17 +--------- .../service/PresentationService.java | 31 ++++++++----------- .../vp/PresentationTest.java | 3 ++ 5 files changed, 37 insertions(+), 34 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java index 37a4add04..d30d67700 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java @@ -36,6 +36,7 @@ public class StringPool { public static final String VALID = "valid"; public static final String VALIDATE_AUDIENCE = "validateAudience"; public static final String VALIDATE_EXPIRY_DATE = "validateExpiryDate"; + public static final String VALIDATE_JWT_EXPIRY_DATE = "validateJWTExpiryDate"; public static final String DID_DOCUMENT = "didDocument"; public static final String VEHICLE_DISMANTLE = "vehicleDismantle"; public static final String CREATED_AT = "createdAt"; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java index e11928839..0a86cca0f 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java @@ -30,8 +30,12 @@ import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils; import org.eclipse.tractusx.managedidentitywallets.utils.Validate; import org.eclipse.tractusx.ssi.lib.exception.DidParseException; +import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.springframework.stereotype.Service; +import java.time.Instant; +import java.util.Map; + @Service @Slf4j @RequiredArgsConstructor @@ -61,4 +65,19 @@ public Wallet getWalletByIdentifier(String identifier) { return wallet; } + public static boolean validateExpiry(boolean withCredentialExpiryDate, VerifiableCredential verifiableCredential, Map response) { + //validate expiry date + boolean dateValidation = true; + if (withCredentialExpiryDate) { + Instant expirationDate = verifiableCredential.getExpirationDate(); + if (expirationDate.isBefore(Instant.now())) { + dateValidation = false; + response.put(StringPool.VALIDATE_EXPIRY_DATE, false); + } else { + response.put(StringPool.VALIDATE_EXPIRY_DATE, true); + } + } + return dateValidation; + } + } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index d7d4f45e6..a7ad80948 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -450,7 +450,7 @@ public Map credentialsValidation(Map data, boole Map response = new HashMap<>(); //check expiry - boolean dateValidation = validateExpiry(withCredentialExpiryDate, verifiableCredential, response); + boolean dateValidation = commonService.validateExpiry(withCredentialExpiryDate, verifiableCredential, response); response.put(StringPool.VALID, valid && dateValidation); response.put("vc", verifiableCredential); @@ -458,21 +458,6 @@ public Map credentialsValidation(Map data, boole return response; } - private static boolean validateExpiry(boolean withCredentialExpiryDate, VerifiableCredential verifiableCredential, Map response) { - //validate expiry date - boolean dateValidation = true; - if (withCredentialExpiryDate) { - Instant expirationDate = verifiableCredential.getExpirationDate(); - if (expirationDate.isBefore(Instant.now())) { - dateValidation = false; - response.put(StringPool.VALIDATE_EXPIRY_DATE, false); - } else { - response.put(StringPool.VALIDATE_EXPIRY_DATE, true); - } - } - return dateValidation; - } - private void validateAccess(String callerBpn, Wallet issuerWallet) { //validate BPN access, VC must be issued by base wallet diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java index 8643828bf..296b64fd0 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java @@ -184,10 +184,12 @@ public Map validatePresentation(Map vp, boolean //validate audience boolean validateAudience = validateAudience(audience, signedJWT); - //validate date - boolean validateExpiryDate = validateExpiryDate(withCredentialExpiryDate, signedJWT); + //validate jwt date + boolean validateJWTExpiryDate = validateJWTExpiryDate(signedJWT); + response.put(StringPool.VALIDATE_JWT_EXPIRY_DATE, validateJWTExpiryDate); boolean validCredential = true; + boolean validateExpiryDate = true; try { final ObjectMapper mapper = new ObjectMapper(); Map claims = mapper.readValue(signedJWT.getPayload().toBytes(), Map.class); @@ -197,6 +199,7 @@ public Map validatePresentation(Map vp, boolean VerifiablePresentation presentation = jsonLdSerializer.deserializePresentation(new SerializedVerifiablePresentation(vpClaim)); for (VerifiableCredential credential : presentation.getVerifiableCredentials()) { + validateExpiryDate = commonService.validateExpiry(withCredentialExpiryDate, credential, response); if (!validateCredential(credential)) { validCredential = false; } @@ -205,15 +208,12 @@ public Map validatePresentation(Map vp, boolean throw new BadDataException(String.format("Validation of VP in form of JSON-LD is not supported. Invalid Json-LD: %s", e.getMessage())); } - response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential)); + response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential && validateJWTExpiryDate)); if (StringUtils.hasText(audience)) { response.put(StringPool.VALIDATE_AUDIENCE, validateAudience); } - if (withCredentialExpiryDate) { - response.put(StringPool.VALIDATE_EXPIRY_DATE, validateExpiryDate); - } } else { throw new BadDataException("Validation of VP in form of JSON-LD is not supported"); @@ -237,19 +237,14 @@ private boolean validateSignature(SignedJWT signedJWT) { } } - private boolean validateExpiryDate(boolean withCredentialExpiryDate, SignedJWT signedJWT) { - if (withCredentialExpiryDate) { - try { - SignedJwtValidator jwtValidator = new SignedJwtValidator(); - jwtValidator.validateDate(signedJWT); - return true; - } catch (Exception e) { - log.error("Can not expiry date ", e); - return false; - } - - } else { + private boolean validateJWTExpiryDate(SignedJWT signedJWT) { + try { + SignedJwtValidator jwtValidator = new SignedJwtValidator(); + jwtValidator.validateDate(signedJWT); return true; + } catch (Exception e) { + log.error("Can not expiry date ", e); + return false; } } diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java index 0190cfbae..22b35b533 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java @@ -121,6 +121,7 @@ void validateVPAsJwt() throws JsonProcessingException, DidDocumentResolverNotReg Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_AUDIENCE)); Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_EXPIRY_DATE)); + Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_JWT_EXPIRY_DATE)); } } @@ -149,6 +150,7 @@ void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidatio Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_JWT_EXPIRY_DATE).toString())); } } @@ -176,6 +178,7 @@ void validateVPAsJwtWithValidAudienceAndDateValidation() throws JsonProcessingEx Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_JWT_EXPIRY_DATE).toString())); } }