Merge branch 'main' into feat/ATL-6983-zio-stream-kafka-poc-in-connec…

…t-bg-jobs Signed-off-by: Benjamin Voiturier <[email protected]>
hyperledger · Sep 30, 2024 · 7f5d2c5 · 7f5d2c5
2 parents b35cbff + d81b4f0
commit 7f5d2c5
Show file tree

Hide file tree

Showing 15 changed files with 70 additions and 28 deletions.
diff --git a/...ice/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerEndpoints.scala b/...ice/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerEndpoints.scala
@@ -1,6 +1,7 @@
 package org.hyperledger.identus.oid4vci
 
 import org.hyperledger.identus.api.http.{EndpointOutputs, ErrorResponse, RequestContext}
+import org.hyperledger.identus.api.http.EndpointOutputs.FailureVariant
 import org.hyperledger.identus.iam.authentication.apikey.ApiKeyCredentials
 import org.hyperledger.identus.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import org.hyperledger.identus.iam.authentication.oidc.JwtCredentials
@@ -197,7 +198,14 @@ object CredentialIssuerEndpoints {
       statusCode(StatusCode.Created).description("Credential configuration created successfully")
     )
     .out(jsonBody[CredentialConfiguration])
-    .errorOut(EndpointOutputs.basicFailureAndNotFoundAndForbidden)
+    .errorOut(
+      EndpointOutputs.basicFailuresWith(
+        FailureVariant.notFound,
+        FailureVariant.unauthorized,
+        FailureVariant.forbidden,
+        FailureVariant.conflict
+      )
+    )
     .name("createCredentialConfiguration")
     .summary("Create a new  credential configuration")
     .description(

diff --git a/...rc/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala b/...rc/main/scala/org/hyperledger/identus/oid4vci/controller/CredentialIssuerController.scala
@@ -125,10 +125,12 @@ case class CredentialIssuerControllerImpl(
   import CredentialIssuerController.Errors.*
   import OIDCCredentialIssuerService.Errors.*
 
-  private def parseURL(url: String): IO[ErrorResponse, URL] =
+  private def parseAbsoluteURL(url: String): IO[ErrorResponse, URL] =
     ZIO
-      .attempt(URI.create(url).toURL())
+      .attempt(URI.create(url))
       .mapError(ue => badRequest(detail = Some(s"Invalid URL: $url")))
+      .filterOrFail(_.isAbsolute())(badRequest(detail = Some(s"Relative URL '$url' is not allowed")))
+      .map(_.toURL())
 
   private def baseCredentialIssuerUrl(issuerId: UUID): URL =
     URI(s"$agentBaseUrl/oid4vci/issuers/$issuerId").toURL()
@@ -255,7 +257,7 @@ case class CredentialIssuerControllerImpl(
       request: CreateCredentialIssuerRequest
   ): ZIO[WalletAccessContext, ErrorResponse, CredentialIssuer] =
     for {
-      authServerUrl <- parseURL(request.authorizationServer.url)
+      authServerUrl <- parseAbsoluteURL(request.authorizationServer.url)
       id = request.id.getOrElse(UUID.randomUUID())
       issuerToCreate = PolluxCredentialIssuer(
         id,
@@ -287,7 +289,7 @@ case class CredentialIssuerControllerImpl(
       maybeAuthServerUrl <- ZIO
         .succeed(request.authorizationServer.flatMap(_.url))
         .flatMap {
-          case Some(url) => parseURL(url).asSome
+          case Some(url) => parseAbsoluteURL(url).asSome
           case None      => ZIO.none
         }
       issuer <- issuerMetadataService.updateCredentialIssuer(

diff --git a/...erledger/identus/agent/walletapi/service/ManagedDIDServiceWithEventNotificationImpl.scala b/...erledger/identus/agent/walletapi/service/ManagedDIDServiceWithEventNotificationImpl.scala
@@ -3,8 +3,7 @@ package org.hyperledger.identus.agent.walletapi.service
 import org.hyperledger.identus.agent.walletapi.model.error.CommonWalletStorageError
 import org.hyperledger.identus.agent.walletapi.model.ManagedDIDDetail
 import org.hyperledger.identus.agent.walletapi.storage.{DIDNonSecretStorage, DIDSecretStorage, WalletSecretStorage}
-import org.hyperledger.identus.castor.core.model.did.CanonicalPrismDID
-import org.hyperledger.identus.castor.core.model.did.Service as DidDocumentService
+import org.hyperledger.identus.castor.core.model.did.{CanonicalPrismDID, Service as DidDocumentService}
 import org.hyperledger.identus.castor.core.model.error.DIDOperationError
 import org.hyperledger.identus.castor.core.service.DIDService
 import org.hyperledger.identus.castor.core.util.DIDOperationValidator

diff --git a/...main/scala/org/hyperledger/identus/agent/walletapi/util/ManagedDIDTemplateValidator.scala b/...main/scala/org/hyperledger/identus/agent/walletapi/util/ManagedDIDTemplateValidator.scala
@@ -2,8 +2,11 @@ package org.hyperledger.identus.agent.walletapi.util
 
 import org.hyperledger.identus.agent.walletapi.model.ManagedDIDTemplate
 import org.hyperledger.identus.agent.walletapi.service.ManagedDIDService
-import org.hyperledger.identus.castor.core.model.did.{EllipticCurve, VerificationRelationship}
-import org.hyperledger.identus.castor.core.model.did.Service as DidDocumentService
+import org.hyperledger.identus.castor.core.model.did.{
+  EllipticCurve,
+  Service as DidDocumentService,
+  VerificationRelationship
+}
 
 object ManagedDIDTemplateValidator {
 

diff --git a/examples/st-oid4vci/demo/requirements.txt b/examples/st-oid4vci/demo/requirements.txt
@@ -1,7 +1,7 @@
 certifi==2024.7.4
 cffi==1.16.0
 charset-normalizer==3.3.2
-cryptography==42.0.8
+cryptography==43.0.1
 idna==3.7
 pycparser==2.22
 PyJWT==2.8.0

diff --git a/...rc/main/scala/org/hyperledger/identus/pollux/core/model/error/CredentialSchemaError.scala b/...rc/main/scala/org/hyperledger/identus/pollux/core/model/error/CredentialSchemaError.scala
@@ -1,5 +1,6 @@
 package org.hyperledger.identus.pollux.core.model.error
 
+import org.hyperledger.identus.shared.http.GenericUriResolverError
 import org.hyperledger.identus.shared.json.JsonSchemaError
 import org.hyperledger.identus.shared.models.{Failure, StatusCode}
 
@@ -46,4 +47,10 @@ object CredentialSchemaError {
         StatusCode.BadRequest,
         s"Unsupported credential schema type: ${`type`}"
       )
+
+  final case class SchemaDereferencingError(cause: GenericUriResolverError)
+      extends CredentialSchemaError(
+        StatusCode.InternalServerError,
+        s"The schema was not successfully dereferenced: cause=[${cause.userFacingMessage}]"
+      )
 }
diff --git a/...re/src/main/scala/org/hyperledger/identus/pollux/core/model/schema/CredentialSchema.scala b/...re/src/main/scala/org/hyperledger/identus/pollux/core/model/schema/CredentialSchema.scala
@@ -120,9 +120,14 @@ object CredentialSchema {
   given JsonEncoder[CredentialSchema] = DeriveJsonEncoder.gen[CredentialSchema]
   given JsonDecoder[CredentialSchema] = DeriveJsonDecoder.gen[CredentialSchema]
 
-  def resolveJWTSchema(uri: URI, uriResolver: UriResolver): IO[CredentialSchemaParsingError, Json] = {
+  def resolveJWTSchema(
+      uri: URI,
+      uriResolver: UriResolver
+  ): IO[CredentialSchemaParsingError | SchemaDereferencingError, Json] = {
     for {
-      content <- uriResolver.resolve(uri.toString).orDieAsUnmanagedFailure
+      content <- uriResolver
+        .resolve(uri.toString)
+        .mapError(SchemaDereferencingError(_))
       json <- ZIO
         .fromEither(content.fromJson[Json])
         .mapError(error => CredentialSchemaParsingError(error))
@@ -132,7 +137,7 @@ object CredentialSchema {
   def validSchemaValidator(
       schemaId: String,
       uriResolver: UriResolver
-  ): IO[InvalidURI | CredentialSchemaParsingError, JsonSchemaValidator] = {
+  ): IO[InvalidURI | CredentialSchemaParsingError | SchemaDereferencingError, JsonSchemaValidator] = {
     for {
       uri <- ZIO.attempt(new URI(schemaId)).mapError(_ => InvalidURI(schemaId))
       json <- resolveJWTSchema(uri, uriResolver)
@@ -153,7 +158,10 @@ object CredentialSchema {
       schemaId: String,
       credentialSubject: String,
       uriResolver: UriResolver
-  ): IO[InvalidURI | CredentialSchemaParsingError | CredentialSchemaValidationError, Unit] = {
+  ): IO[
+    InvalidURI | CredentialSchemaParsingError | CredentialSchemaValidationError | SchemaDereferencingError,
+    Unit
+  ] = {
     for {
       schemaValidator <- validSchemaValidator(schemaId, uriResolver)
       _ <- schemaValidator.validate(credentialSubject).mapError(CredentialSchemaValidationError.apply)

diff --git a/...re/src/main/scala/org/hyperledger/identus/pollux/core/service/CredentialServiceImpl.scala b/...re/src/main/scala/org/hyperledger/identus/pollux/core/service/CredentialServiceImpl.scala
@@ -4,7 +4,6 @@ import cats.implicits.*
 import io.circe.*
 import io.circe.parser.*
 import io.circe.syntax.*
-import io.circe.Json
 import org.hyperledger.identus.agent.walletapi.model.{ManagedDIDState, PublicationState}
 import org.hyperledger.identus.agent.walletapi.service.ManagedDIDService
 import org.hyperledger.identus.agent.walletapi.storage.GenericSecretStorage

diff --git a/...e/src/main/scala/org/hyperledger/identus/pollux/core/service/GenericUriResolverImpl.scala b/...e/src/main/scala/org/hyperledger/identus/pollux/core/service/GenericUriResolverImpl.scala
@@ -2,8 +2,7 @@ package org.hyperledger.identus.pollux.core.service
 
 import org.hyperledger.identus.pollux.core.service.uriResolvers.*
 import org.hyperledger.identus.pollux.vc.jwt.DidResolver
-import org.hyperledger.identus.shared.http.{GenericUriResolver, GenericUriResolverError, UriResolver}
-import org.hyperledger.identus.shared.http.DataUrlResolver
+import org.hyperledger.identus.shared.http.{DataUrlResolver, GenericUriResolver, GenericUriResolverError, UriResolver}
 import zio.*
 import zio.http.*
 

diff --git a/...main/scala/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataService.scala b/...main/scala/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataService.scala
@@ -1,12 +1,17 @@
 package org.hyperledger.identus.pollux.core.service
 
-import org.hyperledger.identus.pollux.core.model.error.CredentialSchemaError.{CredentialSchemaParsingError, InvalidURI}
+import org.hyperledger.identus.pollux.core.model.error.CredentialSchemaError.{
+  CredentialSchemaParsingError,
+  InvalidURI,
+  SchemaDereferencingError
+}
 import org.hyperledger.identus.pollux.core.model.oid4vci.{CredentialConfiguration, CredentialIssuer}
 import org.hyperledger.identus.pollux.core.model.schema.CredentialSchema
 import org.hyperledger.identus.pollux.core.model.CredentialFormat
 import org.hyperledger.identus.pollux.core.repository.OID4VCIIssuerMetadataRepository
 import org.hyperledger.identus.pollux.core.service.OID4VCIIssuerMetadataServiceError.{
   CredentialConfigurationNotFound,
+  DuplicateCredentialConfigId,
   InvalidSchemaId,
   IssuerIdNotFound,
   UnsupportedCredentialFormat
@@ -45,6 +50,12 @@ object OID4VCIIssuerMetadataServiceError {
         s"Invalid schemaId $schemaId. $msg"
       )
 
+  final case class DuplicateCredentialConfigId(id: String)
+      extends OID4VCIIssuerMetadataServiceError(
+        StatusCode.Conflict,
+        s"Duplicated credential configuration id: $id"
+      )
+
   final case class UnsupportedCredentialFormat(format: CredentialFormat)
       extends OID4VCIIssuerMetadataServiceError(
         StatusCode.BadRequest,
@@ -68,7 +79,11 @@ trait OID4VCIIssuerMetadataService {
       format: CredentialFormat,
       configurationId: String,
       schemaId: String
-  ): ZIO[WalletAccessContext, InvalidSchemaId | UnsupportedCredentialFormat | IssuerIdNotFound, CredentialConfiguration]
+  ): ZIO[
+    WalletAccessContext,
+    InvalidSchemaId | UnsupportedCredentialFormat | IssuerIdNotFound | DuplicateCredentialConfigId,
+    CredentialConfiguration
+  ]
   def getCredentialConfigurations(
       issuerId: UUID
   ): IO[IssuerIdNotFound, Seq[CredentialConfiguration]]
@@ -130,11 +145,13 @@ class OID4VCIIssuerMetadataServiceImpl(repository: OID4VCIIssuerMetadataReposito
       schemaId: String
   ): ZIO[
     WalletAccessContext,
-    InvalidSchemaId | UnsupportedCredentialFormat | IssuerIdNotFound,
+    InvalidSchemaId | UnsupportedCredentialFormat | IssuerIdNotFound | DuplicateCredentialConfigId,
     CredentialConfiguration
   ] = {
     for {
       _ <- getCredentialIssuer(issuerId)
+      _ <- getCredentialConfigurationById(issuerId, configurationId).flip
+        .mapError(_ => DuplicateCredentialConfigId(configurationId))
       _ <- format match {
         case CredentialFormat.JWT => ZIO.unit
         case f                    => ZIO.fail(UnsupportedCredentialFormat(f))
@@ -144,6 +161,7 @@ class OID4VCIIssuerMetadataServiceImpl(repository: OID4VCIIssuerMetadataReposito
         .validSchemaValidator(schemaUri.toString(), uriResolver)
         .catchAll {
           case e: InvalidURI                   => ZIO.fail(InvalidSchemaId(schemaId, e.userFacingMessage))
+          case e: SchemaDereferencingError     => ZIO.fail(InvalidSchemaId(schemaId, e.userFacingMessage))
           case e: CredentialSchemaParsingError => ZIO.fail(InvalidSchemaId(schemaId, e.cause))
         }
       now <- ZIO.clockWith(_.instant)

diff --git a/.../main/scala/org/hyperledger/identus/pollux/core/service/uriResolvers/DidUrlResolver.scala b/.../main/scala/org/hyperledger/identus/pollux/core/service/uriResolvers/DidUrlResolver.scala
@@ -5,8 +5,7 @@ import org.hyperledger.identus.pollux.vc.jwt
 import org.hyperledger.identus.pollux.vc.jwt.*
 import org.hyperledger.identus.shared.crypto.Sha256Hash
 import org.hyperledger.identus.shared.http.{GenericUriResolverError, UriResolver}
-import org.hyperledger.identus.shared.models.PrismEnvelopeData
-import org.hyperledger.identus.shared.models.StatusCode
+import org.hyperledger.identus.shared.models.{PrismEnvelopeData, StatusCode}
 import zio.*
 import zio.json.*
 

diff --git a/...a/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataServiceSpecSuite.scala b/...a/org/hyperledger/identus/pollux/core/service/OID4VCIIssuerMetadataServiceSpecSuite.scala
@@ -96,7 +96,7 @@ object OID4VCIIssuerMetadataServiceSpecSuite {
         exit1 <- createCredConfig("not a uri").exit
         exit2 <- createCredConfig("http://localhost/schema").exit
       } yield assert(exit1)(failsWithA[InvalidSchemaId]) &&
-        assert(exit2)(dies(anything))
+        assert(exit2)(failsWithA[InvalidSchemaId])
     },
     test("list credential configurations for non-existing issuer should fail") {
       for {

diff --git a/pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/model/db/package.scala b/pollux/sql-doobie/src/main/scala/org/hyperledger/identus/pollux/sql/model/db/package.scala
@@ -1,8 +1,8 @@
 package org.hyperledger.identus.pollux.sql.model
 
-import doobie._
-import doobie.postgres._
-import doobie.postgres.implicits._
+import doobie.*
+import doobie.postgres.*
+import doobie.postgres.implicits.*
 import io.getquill.doobie.DoobieContext
 import io.getquill.MappedEncoding
 import org.hyperledger.identus.pollux.core.model.ResourceResolutionMethod

diff --git a/shared/core/src/main/scala/org/hyperledger/identus/shared/http/GenericUriResolver.scala b/shared/core/src/main/scala/org/hyperledger/identus/shared/http/GenericUriResolver.scala
@@ -1,8 +1,7 @@
 package org.hyperledger.identus.shared.http
 
 import io.lemonlabs.uri.{Uri, Url, Urn}
-import org.hyperledger.identus.shared.models.{Failure, StatusCode}
-import org.hyperledger.identus.shared.models.PrismEnvelopeData
+import org.hyperledger.identus.shared.models.{Failure, PrismEnvelopeData, StatusCode}
 import org.hyperledger.identus.shared.utils.Base64Utils
 import zio.*
 import zio.json.*

diff --git a/shared/core/src/main/scala/org/hyperledger/identus/shared/models/Failure.scala b/shared/core/src/main/scala/org/hyperledger/identus/shared/models/Failure.scala
@@ -38,6 +38,7 @@ object StatusCode {
   val Unauthorized: StatusCode = StatusCode(401)
   val Forbidden: StatusCode = StatusCode(403)
   val NotFound: StatusCode = StatusCode(404)
+  val Conflict: StatusCode = StatusCode(409)
   val UnprocessableContent: StatusCode = StatusCode(422)
 
   val InternalServerError: StatusCode = StatusCode(500)