8998019047

Committed 08 May 2024 07:31AM UTC coverage: 47.171% (-0.7%) from 47.829%

Build # 8998019047

Build Type

Committed by

Commit Message

chore: pr cleanup

Pull Request Pull Request #1021: feat: oidc4vc credential configuration and metadata endpoints [WIP]

Run Details

2 of 253 new or added lines in 12 files covered. (0.79%)

186 existing lines in 51 files now uncovered.

7388 of 15662 relevant lines covered (47.17%)

0.47 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

80.6

/pollux/core/src/main/scala/org/hyperledger/identus/pollux/core/model/schema/CredentialSchema.scala

package org.hyperledger.identus.pollux.core.model.schema

import org.hyperledger.identus.pollux.core.model.error.CredentialSchemaError
import org.hyperledger.identus.pollux.core.model.error.CredentialSchemaError.*
import org.hyperledger.identus.pollux.core.model.schema.`type`.anoncred.AnoncredSchemaSerDesV1
import org.hyperledger.identus.pollux.core.model.schema.`type`.{
  AnoncredSchemaType,
  CredentialJsonSchemaType,
  CredentialSchemaType
}
import org.hyperledger.identus.pollux.core.model.schema.validator.{JsonSchemaValidator, JsonSchemaValidatorImpl}
import org.hyperledger.identus.pollux.core.service.URIDereferencer
import zio.*
import zio.json.*
import zio.json.ast.Json

import java.net.URI
import java.time.{OffsetDateTime, ZoneOffset}
import java.util.UUID

type Schema = zio.json.ast.Json

/** @param guid
  *   Globally unique identifier of the CredentialSchema object It's calculated as a UUID from string that contains the
  *   following fields: author, id and version
  * @param id
  *   Locally unique identifier of the CredentialSchema. It is UUID When the version of the credential schema changes
  *   this `id` keeps the same value
  * @param name
  *   Human readable name of the CredentialSchema
  * @param version
  *   Version of the CredentialSchema
  * @param author
  *   DID of the CredentialSchema's author
  * @param authored
  *   Datetime stamp of the schema creation
  * @param tags
  *   Tags of the CredentialSchema used for convenient lookup
  * @param description
  *   Human readable description of the schema
  * @param schema
  *   Internal schema object that depends on concrete implementation For W3C JsonSchema it is a JsonSchema object For
  *   AnonCreds schema is a AnonCreds schema
  */
case class CredentialSchema(
    guid: UUID,
    id: UUID,
    name: String,
    version: String,
    author: String,
    authored: OffsetDateTime,
    tags: Seq[String],
    description: String,
    `type`: String,
    schema: Schema
) {
  def longId = CredentialSchema.makeLongId(author, id, version)
}

object CredentialSchema {

  def makeLongId(author: String, id: UUID, version: String) =
    s"$author/${id.toString}?version=${version}"

  def makeGUID(author: String, id: UUID, version: String) =
    UUID.nameUUIDFromBytes(makeLongId(author, id, version).getBytes)

  def make(in: Input): ZIO[Any, Nothing, CredentialSchema] = {
    for {
      id <- zio.Random.nextUUID
      cs <- make(id, in)
    } yield cs
  }
  def make(id: UUID, in: Input): ZIO[Any, Nothing, CredentialSchema] = {
    for {
      ts <- zio.Clock.currentDateTime.map(
        _.atZoneSameInstant(ZoneOffset.UTC).toOffsetDateTime
      )
      guid = makeGUID(in.author, id, in.version)
    } yield CredentialSchema(
      guid = guid,
      id = id,
      name = in.name,
      version = in.version,
      author = in.author,
      authored = ts,
      tags = in.tags,
      description = in.description,
      `type` = in.`type`,
      schema = in.schema
    )
  }

  val defaultAgentDid = "did:prism:agent"

  case class Input(
      name: String,
      version: String,
      description: String,
      authored: Option[OffsetDateTime],
      tags: Seq[String],
      author: String = defaultAgentDid,
      `type`: String,
      schema: Schema
  )

  case class Filter(
      author: Option[String] = None,
      name: Option[String] = None,
      version: Option[String] = None,
      tags: Option[String] = None
  )

  case class FilteredEntries(entries: Seq[CredentialSchema], count: Long, totalCount: Long)

  given JsonEncoder[CredentialSchema] = DeriveJsonEncoder.gen[CredentialSchema]
  given JsonDecoder[CredentialSchema] = DeriveJsonDecoder.gen[CredentialSchema]

  def resolveJWTSchema(uri: URI, uriDereferencer: URIDereferencer): IO[CredentialSchemaError, Json] = {
    for {
      content <- uriDereferencer.dereference(uri).mapError(err => UnexpectedError(err.toString))
      json <- ZIO
        .fromEither(content.fromJson[Json])
        .mapError(error =>
          CredentialSchemaError.CredentialSchemaParsingError(s"Failed to parse resolved schema content as Json: $error")
        )
    } yield json
  }

  def validSchemaValidator(
      schemaId: String,
      uriDereferencer: URIDereferencer
  ): IO[CredentialSchemaError, JsonSchemaValidator] = {
    for {
      uri <- ZIO.attempt(new URI(schemaId)).mapError(t => URISyntaxError(t.getMessage))
      json <- resolveJWTSchema(uri, uriDereferencer)
      schemaValidator <- JsonSchemaValidatorImpl
        .from(json)
        .orElse(
          ZIO
            .fromEither(json.as[CredentialSchema])
            .mapError(error => CredentialSchemaParsingError(s"Failed to parse schema content as Json or OEA: $error"))
            .flatMap(cs => JsonSchemaValidatorImpl.from(cs.schema).mapError(SchemaError.apply))
        )
    } yield schemaValidator
  }

  def validateJWTCredentialSubject(
      schemaId: String,
      credentialSubject: String,
      uriDereferencer: URIDereferencer
  ): IO[CredentialSchemaError, Unit] = {
    for {
      schemaValidator <- validSchemaValidator(schemaId, uriDereferencer)
      _ <- schemaValidator.validate(credentialSubject).mapError(SchemaError.apply)
    } yield ()
  }

  def validateAnonCredsClaims(
      schemaId: String,
      claims: String,
      uriDereferencer: URIDereferencer
  ): IO[CredentialSchemaError, Unit] = {
    for {
      uri <- ZIO.attempt(new URI(schemaId)).mapError(t => URISyntaxError(t.getMessage))
      content <- uriDereferencer.dereference(uri).mapError(err => UnexpectedError(err.toString))
      validAttrNames <-
        AnoncredSchemaSerDesV1.schemaSerDes
          .deserialize(content)
          .mapError(error => CredentialSchemaParsingError(s"AnonCreds Schema parsing error: $error"))
          .map(_.attrNames)
      jsonClaims <- ZIO.fromEither(claims.fromJson[Json]).mapError(err => UnexpectedError(err))
      _ <- jsonClaims match
        case Json.Obj(fields) =>
          ZIO.foreach(fields) {
            case (k, _) if !validAttrNames.contains(k) =>
              ZIO.fail(UnexpectedError(s"Claim name undefined in schema: $k"))
            case (k, Json.Str(v)) => ZIO.succeed(k -> v)
            case (k, _)           => ZIO.fail(UnexpectedError(s"Claim value should be a string: $k"))
          }
        case _ => ZIO.fail(UnexpectedError("Provided 'claims' is not a JSON object"))
    } yield ()
  }

  private val supportedCredentialSchemaTypes: Map[String, CredentialSchemaType] =
    IndexedSeq(CredentialJsonSchemaType, AnoncredSchemaType)
      .map(credentialSchemaType => (credentialSchemaType.`type`, credentialSchemaType))
      .toMap

  def resolveCredentialSchemaType(`type`: String): IO[CredentialSchemaError, CredentialSchemaType] = {
    ZIO
      .fromOption(supportedCredentialSchemaTypes.get(`type`))
      .mapError(_ => UnsupportedCredentialSchemaType(s"Unsupported VC Schema type ${`type`}"))
  }

  def validateCredentialSchema(vcSchema: CredentialSchema): IO[CredentialSchemaError, Unit] = {
    for {
      resolvedSchemaType <- resolveCredentialSchemaType(vcSchema.`type`)
      _ <- resolvedSchemaType.validate(vcSchema.schema).mapError(SchemaError.apply)
    } yield ()
  }

}

1	package org.hyperledger.identus.pollux.core.model.schema
2
3	import org.hyperledger.identus.pollux.core.model.error.CredentialSchemaError
4	import org.hyperledger.identus.pollux.core.model.error.CredentialSchemaError.*
5	import org.hyperledger.identus.pollux.core.model.schema.`type`.anoncred.AnoncredSchemaSerDesV1
6	import org.hyperledger.identus.pollux.core.model.schema.`type`.{
7	AnoncredSchemaType,
8	CredentialJsonSchemaType,
9	CredentialSchemaType
10	}
11	import org.hyperledger.identus.pollux.core.model.schema.validator.{JsonSchemaValidator, JsonSchemaValidatorImpl}
12	import org.hyperledger.identus.pollux.core.service.URIDereferencer
13	import zio.*
14	import zio.json.*
15	import zio.json.ast.Json
16
17	import java.net.URI
18	import java.time.{OffsetDateTime, ZoneOffset}
19	import java.util.UUID
20
21	type Schema = zio.json.ast.Json
22
23	/** @param guid
24	* Globally unique identifier of the CredentialSchema object It's calculated as a UUID from string that contains the
25	* following fields: author, id and version
26	* @param id
27	* Locally unique identifier of the CredentialSchema. It is UUID When the version of the credential schema changes
28	* this `id` keeps the same value
29	* @param name
30	* Human readable name of the CredentialSchema
31	* @param version
32	* Version of the CredentialSchema
33	* @param author
34	* DID of the CredentialSchema's author
35	* @param authored
36	* Datetime stamp of the schema creation
37	* @param tags
38	* Tags of the CredentialSchema used for convenient lookup
39	* @param description
40	* Human readable description of the schema
41	* @param schema
42	* Internal schema object that depends on concrete implementation For W3C JsonSchema it is a JsonSchema object For
43	* AnonCreds schema is a AnonCreds schema
44	*/
45	case class CredentialSchema(
46	guid: UUID,
47	id: UUID,
48	name: String,
49	version: String,
50	author: String,
51	authored: OffsetDateTime,
52	tags: Seq[String],
53	description: String,
54	`type`: String,
55	schema: Schema
56	) {
57	def longId = CredentialSchema.makeLongId(author, id, version)	1✔
58	}
59
60	object CredentialSchema {
61
62	def makeLongId(author: String, id: UUID, version: String) =	1✔
63	s"$author/${id.toString}?version=${version}"	1✔
64
65	def makeGUID(author: String, id: UUID, version: String) =	1✔
66	UUID.nameUUIDFromBytes(makeLongId(author, id, version).getBytes)	1✔
67
68	def make(in: Input): ZIO[Any, Nothing, CredentialSchema] = {	1✔
69	for {	1✔
70	id <- zio.Random.nextUUID	1✔
71	cs <- make(id, in)	1✔
72	} yield cs
73	}
74	def make(id: UUID, in: Input): ZIO[Any, Nothing, CredentialSchema] = {	1✔
75	for {	1✔
76	ts <- zio.Clock.currentDateTime.map(	1✔
77	_.atZoneSameInstant(ZoneOffset.UTC).toOffsetDateTime	1✔
78	)
79	guid = makeGUID(in.author, id, in.version)	1✔
80	} yield CredentialSchema(	1✔
81	guid = guid,
82	id = id,
83	name = in.name,
84	version = in.version,
85	author = in.author,
86	authored = ts,
87	tags = in.tags,
88	description = in.description,
89	`type` = in.`type`,
90	schema = in.schema
91	)
92	}
93
94	val defaultAgentDid = "did:prism:agent"
95
96	case class Input(
97	name: String,
98	version: String,	×
99	description: String,
100	authored: Option[OffsetDateTime],
101	tags: Seq[String],
102	author: String = defaultAgentDid,
103	`type`: String,
104	schema: Schema
105	)
106
107	case class Filter(
108	author: Option[String] = None,
109	name: Option[String] = None,
110	version: Option[String] = None,
111	tags: Option[String] = None
112	)
113
114	case class FilteredEntries(entries: Seq[CredentialSchema], count: Long, totalCount: Long)
115
116	given JsonEncoder[CredentialSchema] = DeriveJsonEncoder.gen[CredentialSchema]	×
117	given JsonDecoder[CredentialSchema] = DeriveJsonDecoder.gen[CredentialSchema]	×
118
119	def resolveJWTSchema(uri: URI, uriDereferencer: URIDereferencer): IO[CredentialSchemaError, Json] = {	1✔
120	for {	1✔
121	content <- uriDereferencer.dereference(uri).mapError(err => UnexpectedError(err.toString))	1✔
122	json <- ZIO	1✔
123	.fromEither(content.fromJson[Json])	1✔
124	.mapError(error =>
125	CredentialSchemaError.CredentialSchemaParsingError(s"Failed to parse resolved schema content as Json: $error")	×
126	)
127	} yield json
128	}
129
130	def validSchemaValidator(	1✔
131	schemaId: String,
132	uriDereferencer: URIDereferencer
133	): IO[CredentialSchemaError, JsonSchemaValidator] = {
134	for {	1✔
UNCOV 135	uri <- ZIO.attempt(new URI(schemaId)).mapError(t => URISyntaxError(t.getMessage))	×
136	json <- resolveJWTSchema(uri, uriDereferencer)	1✔
137	schemaValidator <- JsonSchemaValidatorImpl	1✔
138	.from(json)	1✔
139	.orElse(
140	ZIO	×
141	.fromEither(json.as[CredentialSchema])	×
142	.mapError(error => CredentialSchemaParsingError(s"Failed to parse schema content as Json or OEA: $error"))	×
143	.flatMap(cs => JsonSchemaValidatorImpl.from(cs.schema).mapError(SchemaError.apply))	×
144	)
145	} yield schemaValidator
146	}
147
148	def validateJWTCredentialSubject(	1✔
149	schemaId: String,
150	credentialSubject: String,
151	uriDereferencer: URIDereferencer
152	): IO[CredentialSchemaError, Unit] = {
153	for {	1✔
154	schemaValidator <- validSchemaValidator(schemaId, uriDereferencer)	1✔
155	_ <- schemaValidator.validate(credentialSubject).mapError(SchemaError.apply)	1✔
156	} yield ()	1✔
157	}
158
159	def validateAnonCredsClaims(	1✔
160	schemaId: String,
161	claims: String,
162	uriDereferencer: URIDereferencer
163	): IO[CredentialSchemaError, Unit] = {
164	for {	1✔
165	uri <- ZIO.attempt(new URI(schemaId)).mapError(t => URISyntaxError(t.getMessage))	1✔
166	content <- uriDereferencer.dereference(uri).mapError(err => UnexpectedError(err.toString))	1✔
167	validAttrNames <-	1✔
168	AnoncredSchemaSerDesV1.schemaSerDes	1✔
169	.deserialize(content)
170	.mapError(error => CredentialSchemaParsingError(s"AnonCreds Schema parsing error: $error"))	×
171	.map(_.attrNames)
172	jsonClaims <- ZIO.fromEither(claims.fromJson[Json]).mapError(err => UnexpectedError(err))	1✔
173	_ <- jsonClaims match	1✔
174	case Json.Obj(fields) =>	1✔
175	ZIO.foreach(fields) {	1✔
176	case (k, _) if !validAttrNames.contains(k) =>	1✔
177	ZIO.fail(UnexpectedError(s"Claim name undefined in schema: $k"))	×
178	case (k, Json.Str(v)) => ZIO.succeed(k -> v)	1✔
179	case (k, _) => ZIO.fail(UnexpectedError(s"Claim value should be a string: $k"))	×
180	}
181	case _ => ZIO.fail(UnexpectedError("Provided 'claims' is not a JSON object"))	×
182	} yield ()	1✔
183	}
184
185	private val supportedCredentialSchemaTypes: Map[String, CredentialSchemaType] =
186	IndexedSeq(CredentialJsonSchemaType, AnoncredSchemaType)	1✔
187	.map(credentialSchemaType => (credentialSchemaType.`type`, credentialSchemaType))	1✔
188	.toMap
189
190	def resolveCredentialSchemaType(`type`: String): IO[CredentialSchemaError, CredentialSchemaType] = {	1✔
191	ZIO	1✔
192	.fromOption(supportedCredentialSchemaTypes.get(`type`))	1✔
193	.mapError(_ => UnsupportedCredentialSchemaType(s"Unsupported VC Schema type ${`type`}"))	1✔
194	}
195
196	def validateCredentialSchema(vcSchema: CredentialSchema): IO[CredentialSchemaError, Unit] = {	1✔
197	for {	1✔
198	resolvedSchemaType <- resolveCredentialSchemaType(vcSchema.`type`)	1✔
199	_ <- resolvedSchemaType.validate(vcSchema.schema).mapError(SchemaError.apply)	1✔
200	} yield ()	1✔
201	}
202
203	}

hyperledger / identus-cloud-agent / 8998019047

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous