diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java index 460c5a41..483dbdfc 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java @@ -33,22 +33,51 @@ public interface WalletKeyRepository extends BaseRepository { /** * Gets by wallet id and algorithm. * - * @param id the id - * param algorithm the algorithm + * @param id the id param algorithm the algorithm + * @param algorithm the algorithm * @return the by wallet id */ WalletKey getByWalletIdAndAlgorithm(Long id, String algorithm); /** * Gets by wallet id. - * @param id - * @return WalletKey + * + * @param id the id + * @return WalletKey by wallet id */ WalletKey getByWalletId(Long id); + /** + * Find first by wallet bpn wallet key. + * + * @param bpn the bpn + * @return the wallet key + */ WalletKey findFirstByWallet_Bpn(String bpn); + /** + * Find first by wallet did wallet key. + * + * @param did the did + * @return the wallet key + */ WalletKey findFirstByWallet_Did(String did); + /** + * Gets by key id and algorithm. + * + * @param keyId the key id + * @param algorithm the algorithm + * @return the by key id and algorithm + */ WalletKey getByKeyIdAndAlgorithm(String keyId, String algorithm); + + /** + * Gets by algorithm and wallet bpn. + * + * @param name the name + * @param keyName the key name + * @return the by algorithm and wallet bpn + */ + WalletKey getByAlgorithmAndWallet_Bpn(String name, String keyName); } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java index 820cbfef..df590a20 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalKeyProvider.java @@ -25,7 +25,6 @@ import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms; import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey; import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; import org.eclipse.tractusx.managedidentitywallets.domain.DID; import org.eclipse.tractusx.managedidentitywallets.domain.KeyPair; import org.eclipse.tractusx.managedidentitywallets.domain.KeyStorageType; @@ -43,13 +42,12 @@ public class LocalKeyProvider implements KeyProvider { private final WalletKeyRepository walletKeyRepository; - private final WalletRepository walletRepository; - private final EncryptionUtils encryptionUtils; @Override - public byte[] getPrivateKey(String keyName, SupportedAlgorithms algorithm) { // - return walletKeyService.getPrivateKeyByKeyId(keyName, algorithm); + public byte[] getPrivateKey(String keyName, SupportedAlgorithms algorithm) { + WalletKey walletKey = walletKeyRepository.getByAlgorithmAndWallet_Bpn(algorithm.name(), keyName); + return walletKeyService.getPrivateKeyByKeyId(walletKey.getKeyId(), algorithm); } @Override diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java index f211f95e..1cef961c 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/signing/LocalSigningServiceImpl.java @@ -61,7 +61,6 @@ import org.eclipse.tractusx.ssi.lib.model.JsonLdObject; import org.eclipse.tractusx.ssi.lib.model.base.EncodeType; import org.eclipse.tractusx.ssi.lib.model.proof.Proof; -import org.eclipse.tractusx.ssi.lib.model.proof.jws.JWSSignature2020; import org.eclipse.tractusx.ssi.lib.model.verifiable.Verifiable; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder; @@ -102,6 +101,7 @@ public class LocalSigningServiceImpl implements LocalSigningService { @Override public SignerResult createCredential(CredentialCreationConfig config) { + byte[] privateKeyBytes = keyProvider.getPrivateKey(config.getKeyName(), config.getAlgorithm()); VerifiableEncoding encoding = Objects.requireNonNull(config.getEncoding()); SignerResult.SignerResultBuilder resultBuilder = SignerResult.builder().encoding(encoding); @@ -259,7 +259,7 @@ private VerifiablePresentation generateJsonLdPresentation(PresentationCreationCo verifiablePresentation.put(Verifiable.PROOF, proof); return verifiablePresentation; } - + @SneakyThrows private static VerifiableCredential createVerifiableCredential(CredentialCreationConfig config, byte[] privateKeyBytes) { //VC Builder @@ -270,10 +270,6 @@ private static VerifiableCredential createVerifiableCredential(CredentialCreatio config.getContexts().add(jwsUri); } - // check if the expiryDate is set - // if its null then it will be ignored from the SSI Lib (VerifiableCredentialBuilder) and will not be added to the VC - Instant expiryInstant = config.getExpiryDate().toInstant(); - URI id = URI.create(UUID.randomUUID().toString()); VerifiableCredentialBuilder builder = new VerifiableCredentialBuilder() @@ -281,7 +277,7 @@ private static VerifiableCredential createVerifiableCredential(CredentialCreatio .id(URI.create(config.getIssuerDoc().getId() + "#" + id)) .type(config.getTypes()) .issuer(config.getIssuerDoc().getId()) - .expirationDate(expiryInstant) + .expirationDate(config.getExpiryDate() != null ? config.getExpiryDate().toInstant() : null) .issuanceDate(Instant.now()) .credentialSubject(config.getSubject()); @@ -289,9 +285,7 @@ private static VerifiableCredential createVerifiableCredential(CredentialCreatio LinkedDataProofGenerator generator = LinkedDataProofGenerator.newInstance(SignatureType.JWS); URI verificationMethod = config.getIssuerDoc().getVerificationMethods().get(0).getId(); - JWSSignature2020 proof = - (JWSSignature2020) generator.createProof(builder.build(), verificationMethod, new X25519PrivateKey(privateKeyBytes)); - + Proof proof = generator.createProof(builder.build(), verificationMethod, new X25519PrivateKey(privateKeyBytes)); //Adding Proof to VC builder.proof(proof); diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java index 9aff5e49..d6f6d0b1 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialServiceTest.java @@ -37,11 +37,18 @@ import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey; import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository; import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository; +import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository; +import org.eclipse.tractusx.managedidentitywallets.domain.SigningServiceType; import org.eclipse.tractusx.managedidentitywallets.dto.CredentialVerificationRequest; import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse; import org.eclipse.tractusx.managedidentitywallets.dto.IssueDismantlerCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.dto.IssueFrameworkCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.dto.IssueMembershipCredentialRequest; +import org.eclipse.tractusx.managedidentitywallets.interfaces.SecureTokenService; +import org.eclipse.tractusx.managedidentitywallets.signing.LocalKeyProvider; +import org.eclipse.tractusx.managedidentitywallets.signing.LocalSigningServiceImpl; +import org.eclipse.tractusx.managedidentitywallets.signing.SigningService; +import org.eclipse.tractusx.managedidentitywallets.utils.EncryptionUtils; import org.eclipse.tractusx.managedidentitywallets.utils.MockUtil; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; import org.eclipse.tractusx.ssi.lib.crypt.KeyPair; @@ -78,6 +85,7 @@ import java.time.Duration; import java.time.Instant; import java.util.Collections; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; @@ -90,6 +98,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -104,6 +113,8 @@ class IssuersCredentialServiceTest { private static WalletKeyService walletKeyService; + private static WalletKeyRepository walletKeyRepository; + private static HoldersCredentialRepository holdersCredentialRepository; private static CommonService commonService; @@ -112,6 +123,10 @@ class IssuersCredentialServiceTest { private static IssuersCredentialService issuersCredentialService; + private static SecureTokenService secureTokenService; + + private static EncryptionUtils encryptionUtils; + private static final ObjectMapper objectMapper = new ObjectMapper(); @BeforeAll @@ -122,12 +137,17 @@ public static void beforeAll() throws SQLException { holdersCredentialRepository = Mockito.mock(HoldersCredentialRepository.class); commonService = Mockito.mock(CommonService.class); issuersCredentialRepository = mock(IssuersCredentialRepository.class); + secureTokenService = mock(SecureTokenService.class); + walletKeyRepository = mock(WalletKeyRepository.class); Connection connection = mock(Connection.class); DataSource dataSource = mock(DataSource.class); when(dataSource.getConnection()).thenReturn(connection); + when(miwSettings.encryptionKey()).thenReturn("26FlcjRKOEML8YW699CXlg=="); + encryptionUtils = new EncryptionUtils(miwSettings); + issuersCredentialService = new IssuersCredentialService( issuersCredentialRepository, miwSettings, @@ -171,11 +191,25 @@ void shouldIssueCredentialAsJwt() when(walletKey.getKeyId()).thenReturn(KEY_ID); when(walletKey.getId()).thenReturn(42L); when(baseWallet.getAlgorithm()).thenReturn("ED25519"); + when(baseWallet.getSigningServiceType()).thenReturn(SigningServiceType.LOCAL); when(walletKeyService.getPrivateKeyByWalletIdAndAlgorithm(baseWallet.getId(), SupportedAlgorithms.valueOf(baseWallet.getAlgorithm()))) .thenReturn(new X25519PrivateKey(keyPair.getPrivateKey().asStringForStoring(), true)); when(walletKeyService.getWalletKeyIdByWalletId(baseWallet.getId(), SupportedAlgorithms.ED25519)).thenReturn(walletKeyId); when(walletKeyService.getPrivateKeyByWalletIdAsBytes(baseWallet.getId(), "ED25519")).thenReturn(keyPair.getPrivateKey() .asByte()); + + + when(walletKeyService.getPrivateKeyByKeyId(anyString(), any())).thenReturn(keyPair.getPrivateKey() + .asByte()); + when(walletKeyRepository.getByAlgorithmAndWallet_Bpn(anyString(), anyString())).thenReturn(walletKey); + + LocalSigningServiceImpl localSigningService = new LocalSigningServiceImpl(secureTokenService); + localSigningService.setKeyProvider(new LocalKeyProvider(walletKeyService, walletKeyRepository, encryptionUtils)); + + Map map = new HashMap<>(); + map.put(SigningServiceType.LOCAL, localSigningService); + + issuersCredentialService.setKeyService(map); CredentialsResponse credentialsResponse = assertDoesNotThrow( () -> issuersCredentialService.issueMembershipCredential( issueMembershipCredentialRequest, @@ -228,6 +262,20 @@ void shouldIssueCredentialAsJwt() .thenReturn(new X25519PrivateKey(keyPair.getPrivateKey().asStringForStoring(), true)); when(walletKeyService.getWalletKeyIdByWalletId(baseWallet.getId(), SupportedAlgorithms.ED25519)).thenReturn(walletKeyId); + + when(baseWallet.getSigningServiceType()).thenReturn(SigningServiceType.LOCAL); + when(walletKeyService.getPrivateKeyByKeyId(anyString(), any())).thenReturn(keyPair.getPrivateKey() + .asByte()); + when(walletKeyRepository.getByAlgorithmAndWallet_Bpn(anyString(), anyString())).thenReturn(walletKey); + + LocalSigningServiceImpl localSigningService = new LocalSigningServiceImpl(secureTokenService); + localSigningService.setKeyProvider(new LocalKeyProvider(walletKeyService, walletKeyRepository, encryptionUtils)); + + Map map = new HashMap<>(); + map.put(SigningServiceType.LOCAL, localSigningService); + + issuersCredentialService.setKeyService(map); + CredentialsResponse credentialsResponse = assertDoesNotThrow( () -> issuersCredentialService.issueFrameworkCredential(request, true, baseWalletBpn)); validateCredentialResponse(credentialsResponse, MockUtil.buildDidDocument(new Did(new DidMethod("web"), @@ -268,6 +316,19 @@ void shouldIssueCredentialAsJwt() throws IOException, InvalidPrivateKeyFormatExc when(walletKeyService.getPrivateKeyByWalletIdAsBytes(baseWallet.getId(), "ED25519")).thenReturn(keyPair.getPrivateKey().asByte()); when(walletKeyService.getWalletKeyIdByWalletId(baseWallet.getId(), SupportedAlgorithms.ED25519)).thenReturn(walletKeyId); + + when(baseWallet.getSigningServiceType()).thenReturn(SigningServiceType.LOCAL); + when(walletKeyService.getPrivateKeyByKeyId(anyString(), any())).thenReturn(keyPair.getPrivateKey() + .asByte()); + when(walletKeyRepository.getByAlgorithmAndWallet_Bpn(anyString(), anyString())).thenReturn(walletKey); + + LocalSigningServiceImpl localSigningService = new LocalSigningServiceImpl(secureTokenService); + localSigningService.setKeyProvider(new LocalKeyProvider(walletKeyService, walletKeyRepository, encryptionUtils)); + + Map map = new HashMap<>(); + map.put(SigningServiceType.LOCAL, localSigningService); + + issuersCredentialService.setKeyService(map); CredentialsResponse credentialsResponse = assertDoesNotThrow( () -> issuersCredentialService.issueDismantlerCredential(request, true, baseWalletBpn)); validateCredentialResponse(credentialsResponse, MockUtil.buildDidDocument(new Did(new DidMethod("web"), @@ -321,6 +382,19 @@ public HoldersCredential answer(InvocationOnMock invocation) throws Throwable { .thenReturn(new X25519PrivateKey(keyPair.getPrivateKey().asStringForStoring(), true)); when(walletKeyService.getWalletKeyIdByWalletId(baseWallet.getId(), SupportedAlgorithms.ED25519)).thenReturn(walletKeyId); + when(baseWallet.getSigningServiceType()).thenReturn(SigningServiceType.LOCAL); + when(walletKeyService.getPrivateKeyByKeyId(anyString(), any())).thenReturn(keyPair.getPrivateKey() + .asByte()); + when(walletKeyRepository.getByAlgorithmAndWallet_Bpn(anyString(), anyString())).thenReturn(walletKey); + + LocalSigningServiceImpl localSigningService = new LocalSigningServiceImpl(secureTokenService); + localSigningService.setKeyProvider(new LocalKeyProvider(walletKeyService, walletKeyRepository, encryptionUtils)); + + Map map = new HashMap<>(); + map.put(SigningServiceType.LOCAL, localSigningService); + + issuersCredentialService.setKeyService(map); + CredentialsResponse credentialsResponse = assertDoesNotThrow( () -> issuersCredentialService.issueCredentialUsingBaseWallet( holderWalletBpn,