fix: direct access to WalletKeyService while signing VC removed

src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/MIWVerifiableCredentialType.java

@@ -21,9 +21,12 @@
 
 package org.eclipse.tractusx.managedidentitywallets.constant;
 
+import lombok.experimental.UtilityClass;
+
 /**
  * The type Miw verifiable credential type.
  */
+@UtilityClass
 public class MIWVerifiableCredentialType {
 
     public static final String VERIFIABLE_CREDENTIAL = "VerifiableCredential";

src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/repository/WalletKeyRepository.java

@@ -39,14 +39,6 @@ public interface WalletKeyRepository extends BaseRepository<WalletKey, Long> {
      */
     WalletKey getByWalletIdAndAlgorithm(Long id, String algorithm);
 
-    /**
-     * Gets by wallet id.
-     *
-     * @param id the id
-     * @return WalletKey by wallet id
-     */
-    WalletKey getByWalletId(Long id);
-
     /**
      * Find first by wallet bpn wallet key.
      *

src/main/java/org/eclipse/tractusx/managedidentitywallets/domain/CredentialCreationConfig.java

@@ -24,8 +24,10 @@
 import lombok.Builder;
 import lombok.Getter;
 import lombok.NonNull;
+import lombok.Setter;
 import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialStatus;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject;
 
@@ -68,8 +70,13 @@ public class CredentialCreationConfig {
     private String keyName;
 
     @NonNull
+    @Setter
     private VerifiableEncoding encoding;
 
+    @Setter
+    //This is used when we issue VC as JWT
+    private VerifiableCredential verifiableCredential;
+
     public static class CredentialCreationConfigBuilder {
         public CredentialCreationConfigBuilder vcId(Object object) {
             if (!(object instanceof URI) && !(object instanceof String)) {

src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java

@@ -44,7 +44,6 @@
 import org.eclipse.tractusx.managedidentitywallets.dto.CredentialsResponse;
 import org.eclipse.tractusx.managedidentitywallets.exception.CredentialNotFoundProblem;
 import org.eclipse.tractusx.managedidentitywallets.exception.ForbiddenException;
-import org.eclipse.tractusx.managedidentitywallets.signing.KeyProvider;
 import org.eclipse.tractusx.managedidentitywallets.signing.SignerResult;
 import org.eclipse.tractusx.managedidentitywallets.signing.SigningService;
 import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
@@ -82,9 +81,6 @@ public class HoldersCredentialService extends BaseService<HoldersCredential, Lon
 
     private final Map<SigningServiceType, SigningService> availableSigningServices;
 
-    private final KeyProvider keyProvider;
-
-    private final WalletKeyService walletKeyService;
 
     @Override
     protected BaseRepository<HoldersCredential, Long> getRepository() {
@@ -138,10 +134,27 @@ public PageImpl<CredentialsResponse> getCredentials(GetCredentialsCommand comman
 
         List<CredentialsResponse> list = new ArrayList<>(filter.getContent().size());
 
+        Wallet issuerWallet = command.getIdentifier() != null ? commonService.getWalletByIdentifier(command.getIdentifier()) : holderWallet;
+
         for (HoldersCredential credential : filter.getContent()) {
             CredentialsResponse cr = new CredentialsResponse();
             if (command.isAsJwt()) {
-                cr.setJwt(CommonUtils.vcAsJwt(command.getIdentifier() != null ? commonService.getWalletByIdentifier(command.getIdentifier()) : holderWallet, holderWallet, credential.getData(), walletKeyService));
+
+                CredentialCreationConfig config = CredentialCreationConfig.builder()
+                        .algorithm(SupportedAlgorithms.ED25519)
+                        .issuerDoc(issuerWallet.getDidDocument())
+                        .holderDid(holderWallet.getDid())
+                        .keyName(issuerWallet.getBpn())
+                        .verifiableCredential(credential.getData())
+                        .subject(credential.getData().getCredentialSubject().get(0))
+                        .contexts(credential.getData().getContext())
+                        .vcId(credential.getData().getId())
+                        .types(credential.getData().getTypes())
+                        .encoding(VerifiableEncoding.JWT)
+                        .build();
+
+                SignerResult signerResult = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(config);
+                cr.setJwt(signerResult.getJwt());
             } else {
                 cr.setVc(credential.getData());
             }
@@ -199,7 +212,10 @@ public CredentialsResponse issueCredential(Map<String, Object> data, String call
 
         // Return VC
         if (asJwt) {
-            cr.setJwt(CommonUtils.vcAsJwt(issuerWallet, commonService.getWalletByIdentifier(callerBpn), credential.getData(), walletKeyService));
+            holdersCredentialCreationConfig.setVerifiableCredential(credential.getData());
+            holdersCredentialCreationConfig.setEncoding(VerifiableEncoding.JWT);
+            SignerResult signerJwtResult = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
+            cr.setJwt(signerJwtResult.getJwt());
         } else {
             cr.setVc(credential.getData());
         }

src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java

@@ -117,7 +117,6 @@ public class IssuersCredentialService extends BaseService<IssuersCredential, Lon
 
     private final ObjectMapper objectMapper;
 
-    private final WalletKeyService walletKeyService;
     private Map<SigningServiceType, SigningService> availableSigningServices;
 
 
@@ -172,10 +171,27 @@ public PageImpl<CredentialsResponse> getCredentials(GetCredentialsCommand comman
         Page<IssuersCredential> filter = filter(filterRequest, request, CriteriaOperator.AND);
 
         List<CredentialsResponse> list = new ArrayList<>(filter.getContent().size());
+
+        Wallet holderWallet = command.getIdentifier() != null ? commonService.getWalletByIdentifier(command.getIdentifier()) : issuerWallet;
+
         for (IssuersCredential credential : filter.getContent()) {
             CredentialsResponse cr = new CredentialsResponse();
             if (command.isAsJwt()) {
-                cr.setJwt(CommonUtils.vcAsJwt(issuerWallet, command.getIdentifier() != null ? commonService.getWalletByIdentifier(command.getIdentifier()) : issuerWallet, credential.getData(), walletKeyService));
+                CredentialCreationConfig config = CredentialCreationConfig.builder()
+                        .algorithm(SupportedAlgorithms.ED25519)
+                        .issuerDoc(issuerWallet.getDidDocument())
+                        .holderDid(holderWallet.getDid())
+                        .keyName(issuerWallet.getBpn())
+                        .verifiableCredential(credential.getData())
+                        .subject(credential.getData().getCredentialSubject().get(0))
+                        .contexts(credential.getData().getContext())
+                        .vcId(credential.getData().getId())
+                        .types(credential.getData().getTypes())
+                        .encoding(VerifiableEncoding.JWT)
+                        .build();
+
+                SignerResult signerResult = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(config);
+                cr.setJwt(signerResult.getJwt());
             } else {
                 cr.setVc(credential.getData());
             }
@@ -298,7 +314,10 @@ public CredentialsResponse issueFrameworkCredential(IssueFrameworkCredentialRequ
 
         // Return VC
         if (asJwt) {
-            cr.setJwt(CommonUtils.vcAsJwt(baseWallet, holderWallet, issuersCredential.getData(), walletKeyService));
+            holdersCredentialCreationConfig.setVerifiableCredential(issuersCredential.getData());
+            holdersCredentialCreationConfig.setEncoding(VerifiableEncoding.JWT);
+            SignerResult credential = availableSigningServices.get(baseWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
+            cr.setJwt(credential.getJwt());
         } else {
             cr.setVc(issuersCredential.getData());
         }
@@ -373,7 +392,10 @@ public CredentialsResponse issueDismantlerCredential(IssueDismantlerCredentialRe
 
         // Return VC
         if (asJwt) {
-            cr.setJwt(CommonUtils.vcAsJwt(issuerWallet, holderWallet, issuersCredential.getData(), walletKeyService));
+            holdersCredentialCreationConfig.setVerifiableCredential(issuersCredential.getData());
+            holdersCredentialCreationConfig.setEncoding(VerifiableEncoding.JWT);
+            SignerResult credential = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
+            cr.setJwt(credential.getJwt());
         } else {
             cr.setVc(issuersCredential.getData());
         }
@@ -452,7 +474,10 @@ public CredentialsResponse issueMembershipCredential(IssueMembershipCredentialRe
 
         // Return VC
         if (asJwt) {
-            cr.setJwt(CommonUtils.vcAsJwt(issuerWallet, holderWallet, issuersCredential.getData(), walletKeyService));
+            holdersCredentialCreationConfig.setVerifiableCredential(issuersCredential.getData());
+            holdersCredentialCreationConfig.setEncoding(VerifiableEncoding.JWT);
+            SignerResult credential = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
+            cr.setJwt(credential.getJwt());
         } else {
             cr.setVc(issuersCredential.getData());
         }
@@ -519,7 +544,10 @@ public CredentialsResponse issueCredentialUsingBaseWallet(String holderDid, Map<
 
         // Return VC
         if (asJwt) {
-            cr.setJwt(CommonUtils.vcAsJwt(issuerWallet, holderWallet, issuersCredential.getData(), walletKeyService));
+            holdersCredentialCreationConfig.setVerifiableCredential(issuersCredential.getData());
+            holdersCredentialCreationConfig.setEncoding(VerifiableEncoding.JWT);
+            SignerResult credential = availableSigningServices.get(issuerWallet.getSigningServiceType()).createCredential(holdersCredentialCreationConfig);
+            cr.setJwt(credential.getJwt());
         } else {
             cr.setVc(issuersCredential.getData());
         }
@@ -580,6 +608,7 @@ private boolean validateJWTExpiryDate(boolean withExpiryDate, SignedJWT signedJW
     /**
      * Credentials validation map.
      *
+     * @param verificationRequest      the verification request
      * @param withCredentialExpiryDate the with credential expiry date
      * @return the map
      */
@@ -610,7 +639,6 @@ public Map<String, Object> credentialsValidation(CredentialVerificationRequest v
 
         if (verificationRequest.containsKey(StringPool.VC_JWT_KEY)) {
             JWTVerificationResult result = verifyVCAsJWT((String) verificationRequest.get(StringPool.VC_JWT_KEY), didResolver, withCredentialsValidation, withCredentialExpiryDate);
-            verifiableCredential = result.verifiableCredential;
             valid = result.valid;
         } else {
 
@@ -653,15 +681,7 @@ private boolean isSelfIssued(String holderBpn) {
     }
 
 
-    /**
-     * Update summery credentials.
-     *
-     * @param issuerDidDocument the issuer did document
-     * @param baseWalletId      the issuer base wallet id
-     * @param holderBpn         the holder bpn
-     * @param holderDid         the holder did
-     * @param type              the type
-     */
+
     private void updateSummeryCredentials(DidDocument issuerDidDocument, String issuerDid, String holderBpn, String holderDid, String type, SigningServiceType signingServiceType, SupportedAlgorithms algorithm) {
 
         //get last issued summary vc to holder to update items
@@ -756,6 +776,11 @@ private Page<IssuersCredential> getLastIssuedSummaryCredential(String issuerDid,
         return filter(filterRequest);
     }
 
+    /**
+     * Sets key service.
+     *
+     * @param availableKeyStorage the available key storage
+     */
     @Autowired
     public void setKeyService(Map<SigningServiceType, SigningService> availableKeyStorage) {
         this.availableSigningServices = availableKeyStorage;

src/main/java/org/eclipse/tractusx/managedidentitywallets/service/JwtPresentationES256KService.java

@@ -30,30 +30,18 @@
 import com.nimbusds.jose.JWSSigner;
 import com.nimbusds.jose.crypto.ECDSASigner;
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
-import com.nimbusds.jose.jwk.Curve;
 import com.nimbusds.jose.jwk.ECKey;
-import com.nimbusds.jose.jwk.KeyUse;
-import com.nimbusds.jose.jwk.gen.ECKeyGenerator;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
-import org.eclipse.tractusx.managedidentitywallets.constant.SupportedAlgorithms;
-import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
-import org.eclipse.tractusx.managedidentitywallets.dao.entity.WalletKey;
-import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.exception.SignatureFailureException;
 import org.eclipse.tractusx.managedidentitywallets.exception.UnsupportedAlgorithmException;
-import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
-import org.eclipse.tractusx.managedidentitywallets.utils.EncryptionUtils;
 import org.eclipse.tractusx.ssi.lib.model.did.Did;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
 import org.eclipse.tractusx.ssi.lib.model.did.DidDocumentBuilder;
-import org.eclipse.tractusx.ssi.lib.model.did.DidMethod;
-import org.eclipse.tractusx.ssi.lib.model.did.DidMethodIdentifier;
 import org.eclipse.tractusx.ssi.lib.model.did.JWKVerificationMethod;
 import org.eclipse.tractusx.ssi.lib.model.did.VerificationMethod;
 import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
@@ -63,9 +51,6 @@
 import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedVerifiablePresentation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Isolation;
-import org.springframework.transaction.annotation.Propagation;
-import org.springframework.transaction.annotation.Transactional;
 
 import java.io.IOException;
 import java.net.URI;
@@ -78,12 +63,6 @@
 import java.util.UUID;
 import java.util.stream.Collectors;
 
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.COLON_SEPARATOR;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.PRIVATE_KEY;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.PUBLIC_KEY;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.REFERENCE_KEY;
-import static org.eclipse.tractusx.managedidentitywallets.constant.StringPool.VAULT_ACCESS_TOKEN;
-import static org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils.getKeyString;
 import static org.eclipse.tractusx.ssi.lib.model.did.JWKVerificationMethod.JWK_CURVE;
 import static org.eclipse.tractusx.ssi.lib.model.did.JWKVerificationMethod.JWK_KEK_TYPE;
 import static org.eclipse.tractusx.ssi.lib.model.did.JWKVerificationMethod.JWK_X;
@@ -101,16 +80,10 @@ public class JwtPresentationES256KService {
 
     private JsonLdSerializer jsonLdSerializer;
     private Did agentDid;
-    private WalletRepository walletRepository;
-    private EncryptionUtils encryptionUtils;
-    private WalletKeyService walletKeyService;
     private MIWSettings miwSettings;
 
     @Autowired
-    public JwtPresentationES256KService(WalletRepository walletRepository, EncryptionUtils encryptionUtils, WalletKeyService walletKeyService, MIWSettings miwSettings) {
-        this.walletRepository = walletRepository;
-        this.encryptionUtils = encryptionUtils;
-        this.walletKeyService = walletKeyService;
+    public JwtPresentationES256KService(MIWSettings miwSettings) {
         this.miwSettings = miwSettings;
     }
 
@@ -132,50 +105,6 @@ public SignedJWT createPresentation(Did issuer, List<VerifiableCredential> crede
         return createSignedJwt(verifiablePresentation.getId(), issuer, audience, serializedVerifiablePresentation, ecPrivateKey);
     }
 
-    @Transactional(isolation = Isolation.READ_UNCOMMITTED, propagation = Propagation.REQUIRES_NEW)
-    public Wallet storeWalletKeyES256K(Wallet wallet, String keyId) {
-        try {
-            ECKey ecKey = new ECKeyGenerator(Curve.SECP256K1)
-                    .keyUse(KeyUse.SIGNATURE)
-                    .keyID(keyId)
-                    .provider(BouncyCastleProviderSingleton.getInstance())
-                    .generate();
-
-            Did did = getDidFromDidString(wallet.getDid());
-
-            JWKVerificationMethod jwkVerificationMethod = getJwkVerificationMethod(ecKey, did);
-            DidDocument didDocument = wallet.getDidDocument();
-            List<VerificationMethod> verificationMethods = didDocument.getVerificationMethods();
-            verificationMethods.add(jwkVerificationMethod);
-            DidDocument updatedDidDocument = buildDidDocument(wallet.getBpn(), did, verificationMethods);
-
-            wallet = walletRepository.getByDid(wallet.getDid());
-            wallet.setDidDocument(updatedDidDocument);
-            walletRepository.save(wallet);
-
-            WalletKey walletKeyES256K = WalletKey.builder()
-                    .keyId(keyId)
-                    .referenceKey(REFERENCE_KEY)
-                    .vaultAccessToken(VAULT_ACCESS_TOKEN)
-                    .privateKey(encryptionUtils.encrypt(CommonUtils.getKeyString(ecKey.toECPrivateKey().getEncoded(), PRIVATE_KEY)))
-                    .publicKey(encryptionUtils.encrypt(getKeyString(ecKey.toECPublicKey().getEncoded(), PUBLIC_KEY)))
-                    .algorithm(SupportedAlgorithms.ES256K.toString())
-                    .build();
-            //Save key ES256K
-            walletKeyService.getRepository().save(walletKeyES256K);
-        } catch (JOSEException e) {
-            throw new BadDataException("Could not generate EC Jwk", e);
-        }
-        return wallet;
-    }
-
-    private Did getDidFromDidString(String didString) {
-        int index = StringUtils.ordinalIndexOf(didString, COLON_SEPARATOR, 2);
-        String identifier = didString.substring(index + 1);
-        DidMethod didMethod = new DidMethod("web");
-        DidMethodIdentifier methodIdentifier = new DidMethodIdentifier(identifier);
-        return new Did(didMethod, methodIdentifier, null);
-    }
 
     public JWKVerificationMethod getJwkVerificationMethod(ECKey ecKey, Did did) {
         Map<String, Object> verificationMethodJson = new HashMap<>();

src/main/java/org/eclipse/tractusx/managedidentitywallets/service/LocalSecureTokenService.java

@@ -27,7 +27,6 @@
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.JtiRecord;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.JtiRepository;
-import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository;
 import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
 import org.eclipse.tractusx.managedidentitywallets.domain.BusinessPartnerNumber;
 import org.eclipse.tractusx.managedidentitywallets.domain.DID;