[INJIMOB-1588] mso_mdoc VC support for mock plugin (#51)

* [INJIMOB-1588] add mock mdoc Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] Get issuer certificate + keypair from local p12 file Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] Populate mock mDoc from DB Build mdoc from mock DB using the cached transaction and in case of any issue give hardcoded set of data Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1788] generate mdoc Library used - open-wallet-foundation-labs/identity-credetial Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] produce mso_mdoc VC from individualId provided Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] read crypto details for signing mso_mdoc vc Other changes: removing unused classes/ debug logs Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] remove debug logs , optimize imports Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] remove unused declared dependencies Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] add respository for identity-credential dependency Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] update snapshot version Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] remove debug logs Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] refactor unused fields, renaming Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] git ignore .DS_Store Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] perform base64 url safe encoding Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] refactor variable name Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] Get issuer and ca cryto details from config property Signed-off-by: KiruthikaJeyashankar <[email protected]> * [INJIMOB-1588] revert IDE format changes Signed-off-by: KiruthikaJeyashankar <[email protected]> --------- Signed-off-by: KiruthikaJeyashankar <[email protected]>
mosip · Aug 28, 2024 · 4448c7b · 4448c7b
1 parent fa0aee7
commit 4448c7b
Show file tree

Hide file tree

Showing 9 changed files with 423 additions and 12 deletions.
diff --git a/.gitignore b/.gitignore
@@ -32,3 +32,4 @@ target/
 .setting/
 .mvn/
 .project/
+*.DS_Store
diff --git a/mock-certify-plugin/pom.xml b/mock-certify-plugin/pom.xml
@@ -10,7 +10,7 @@
 
       <groupId>io.mosip.certify</groupId>
       <artifactId>mock-certify-plugin</artifactId>
-      <version>0.2.0-SNAPSHOT</version>
+      <version>0.3.0-SNAPSHOT</version>
       <packaging>jar</packaging>
 
       <name>mock-certify-integration-impl</name>
@@ -52,23 +52,21 @@
         <git-commit-id-plugin.version>3.0.1</git-commit-id-plugin.version>
         <maven.jacoco.version>0.8.11</maven.jacoco.version>
         <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
+        <kotlin.version>2.0.0</kotlin.version>
     </properties>
-    <dependencies>
 
+    <dependencies>
         <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok</artifactId>
-            <version>1.18.30</version>
-            <scope>provided</scope>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-cbor</artifactId>
+            <version>2.10.1</version>
         </dependency>
-
         <dependency>
             <groupId>io.mosip.certify</groupId>
             <artifactId>certify-core</artifactId>
             <version>0.9.0-SNAPSHOT</version>
             <scope>provided</scope>
         </dependency>
-
         <dependency>
             <groupId>io.mosip.esignet</groupId>
             <artifactId>esignet-core</artifactId>
@@ -130,6 +128,26 @@
             <artifactId>slf4j-api</artifactId>
             <version>2.0.12</version>
         </dependency>
+        <dependency>
+            <groupId>org.jetbrains.kotlinx</groupId>
+            <artifactId>kotlinx-datetime-jvm</artifactId>
+            <version>0.6.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.android.identity</groupId>
+            <artifactId>identity-credential</artifactId>
+            <version>20231002</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.10.1</version>
+        </dependency>
+        <dependency>
+            <groupId>co.nstant.in</groupId>
+            <artifactId>cbor</artifactId>
+            <version>0.9</version>
+        </dependency>
     </dependencies>
 
     <repositories>
@@ -151,10 +169,19 @@
                 <enabled>false</enabled>
             </snapshots>
         </repository>
+        <repository>
+            <id>waltid</id>
+            <name>walt.id</name>
+            <url>https://maven.walt.id/repository/waltid/</url>
+        </repository>
         <repository>
             <id>danubetech-maven-public</id>
             <url>https://repo.danubetech.com/repository/maven-public/</url>
         </repository>
+        <repository>
+            <id>google</id>
+            <url>https://maven.google.com/</url>
+        </repository>
     </repositories>
 
     <distributionManagement>
@@ -355,6 +382,70 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.jetbrains.kotlin</groupId>
+                <artifactId>kotlin-maven-plugin</artifactId>
+                <version>${kotlin.version}</version>
+                <executions>
+                    <execution>
+                        <id>compile</id>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>compile</goal>
+                        </goals>
+                        <configuration>
+                            <sourceDirs>
+                                <source>src/main/java</source>
+                                <source>target/generated-sources/annotations</source>
+                            </sourceDirs>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>test-compile</id>
+                        <phase>test-compile</phase>
+                        <goals>
+                            <goal>test-compile</goal>
+                        </goals>
+                        <configuration>
+                            <sourceDirs>
+                                <source>src/test/java</source>
+                                <source>target/generated-test-sources/test-annotations</source>
+                            </sourceDirs>
+                        </configuration>
+                    </execution>
+                </executions>
+                <configuration>
+                    <jvmTarget>${maven.compiler.target}</jvmTarget>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>default-compile</id>
+                        <phase>none</phase>
+                    </execution>
+                    <execution>
+                        <id>default-testCompile</id>
+                        <phase>none</phase>
+                    </execution>
+                    <execution>
+                        <id>compile</id>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>compile</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>testCompile</id>
+                        <phase>test-compile</phase>
+                        <goals>
+                            <goal>testCompile</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 </project>
diff --git a/...-plugin/src/main/java/io.mosip.certify.mock.integration/service/MockVCIssuancePlugin.java b/...-plugin/src/main/java/io.mosip.certify.mock.integration/service/MockVCIssuancePlugin.java
@@ -24,7 +24,6 @@
 import io.mosip.certify.api.exception.VCIExchangeException;
 import io.mosip.certify.api.spi.VCIssuancePlugin;
 import io.mosip.certify.api.util.ErrorConstants;
-import io.mosip.certify.core.dto.ParsedAccessToken;
 import io.mosip.certify.core.exception.CertifyException;
 import io.mosip.esignet.core.dto.OIDCTransaction;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -93,7 +92,13 @@ public class MockVCIssuancePlugin implements VCIssuancePlugin {
 	@Value("#{${mosip.certify.mock.vciplugin.vc-credential-contexts:{'https://www.w3.org/2018/credentials/v1','https://schema.org/'}}}")
 	private List<String> vcCredentialContexts;
 
-	private static final String ACCESS_TOKEN_HASH = "accessTokenHash";
+    @Value("${mosip.certify.mock.vciplugin.issuer.key-cert:empty}")
+	private String issuerKeyAndCertificate = null;
+
+	@Value("${mosip.certify.mock.vciplugin.ca.key-cert:empty}")
+	private String caKeyAndCertificate = null;
+
+    private static final String ACCESS_TOKEN_HASH = "accessTokenHash";
 
 	public static final String UTC_DATETIME_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
 
@@ -203,7 +208,7 @@ private String decryptIndividualId(String encryptedIndividualId) {
 			Cipher cipher = Cipher.getInstance(aesECBTransformation);
 			byte[] decodedBytes = Base64.getUrlDecoder().decode(encryptedIndividualId);
 			cipher.init(Cipher.DECRYPT_MODE, getSecretKeyFromHSM());
-			return new String(cipher.doFinal(decodedBytes, 0, decodedBytes.length));
+            return new String(cipher.doFinal(decodedBytes, 0, decodedBytes.length));
 		} catch(Exception e) {
 			log.error("Error Cipher Operations of provided secret data.", e);
 			throw new CertifyException(AES_CIPHER_FAILED);
@@ -235,10 +240,48 @@ private static String getUTCDateTime() {
 	@Override
 	public VCResult<String> getVerifiableCredential(VCRequestDto vcRequestDto, String holderId,
 													Map<String, Object> identityDetails) throws VCIExchangeException {
+		String accessTokenHash = identityDetails.get(ACCESS_TOKEN_HASH).toString();
+        Map<String, Object> data = new HashMap<>();
+        String documentNumber;
+        try {
+			documentNumber = getIndividualId(getUserInfoTransaction(accessTokenHash));
+		} catch (Exception e) {
+			log.error("Error getting documentNumber", e);
+			throw new VCIExchangeException(ErrorConstants.VCI_EXCHANGE_FAILED);
+		}
+
+        log.info("Setting up the data for mDoc");
+		data.put("issue_date", "2024-01-12");
+		data.put("expiry_date", "2025-01-12");
+		data.put("family_name","Agatha");
+		data.put("given_name","Joseph");
+		data.put("birth_date", "1994-11-06");
+		data.put("issuing_country", "Island");
+		data.put("document_number",documentNumber);
+		data.put("driving_privileges",new HashMap<>(){{
+			put("vehicle_category_code","A");
+			put("issue_date","2023-01-01");
+			put("expiry_date","2043-01-01");
+		}});
+
+		if(vcRequestDto.getFormat().equals("mso_mdoc")){
+			VCResult<String> vcResult = new VCResult<>();
+			String mdocVc = null;
+			try {
+				 mdocVc = new io.mosip.certify.mock.integration.mocks.MdocGenerator().generate(data,holderId, caKeyAndCertificate,issuerKeyAndCertificate);
+			} catch (Exception e) {
+                log.error("Exception on mdoc creation", e);
+				throw new VCIExchangeException(ErrorConstants.VCI_EXCHANGE_FAILED);
+			}
+			vcResult.setCredential(mdocVc);
+			vcResult.setFormat("mso_mdoc");
+			return  vcResult;
+		}
+        log.error("not implemented the format {}", vcRequestDto);
 		throw new VCIExchangeException(ErrorConstants.NOT_IMPLEMENTED);
 	}
 
 	public OIDCTransaction getUserInfoTransaction(String accessTokenHash) {
-		return cacheManager.getCache(USERINFO_CACHE).get(accessTokenHash, OIDCTransaction.class);
+        return cacheManager.getCache(USERINFO_CACHE).get(accessTokenHash, OIDCTransaction.class);
 	}
 }
diff --git a/mock-certify-plugin/src/main/java/io/mosip/certify/mock/integration/mocks/MdocGenerator.kt b/mock-certify-plugin/src/main/java/io/mosip/certify/mock/integration/mocks/MdocGenerator.kt
@@ -0,0 +1,119 @@
+package io.mosip.certify.mock.integration.mocks
+
+import co.nstant.`in`.cbor.CborBuilder
+import co.nstant.`in`.cbor.CborEncoder
+import co.nstant.`in`.cbor.model.DataItem
+import com.android.identity.credential.NameSpacedData
+import com.android.identity.internal.Util
+import com.android.identity.mdoc.mso.MobileSecurityObjectGenerator
+import com.android.identity.mdoc.util.MdocUtil
+import com.android.identity.util.Timestamp
+import io.mosip.certify.util.*
+import java.io.ByteArrayOutputStream
+import io.mosip.certify.util.IssuerKeyPairAndCertificate
+import java.util.*
+
+
+class MdocGenerator {
+    companion object {
+        const val NAMESPACE: String = "org.iso.18013.5.1"
+        const val DOCTYPE: String = "$NAMESPACE.mDL"
+        const val DIGEST_ALGORITHM = "SHA-256"
+        const val ECDSA_ALGORITHM = "SHA256withECDSA"
+        const val SEED = 42L
+    }
+
+    fun generate(
+        data: MutableMap<String, out Any>,
+        holderId: String,
+        caKeyAndCertificate: String,
+        issuerKeyAndCertificate: String
+    ): String? {
+        val issuerKeyPairAndCertificate: IssuerKeyPairAndCertificate? = readKeypairAndCertificates(
+            caKeyAndCertificate,issuerKeyAndCertificate
+        )
+        if(issuerKeyPairAndCertificate == null) {
+            throw RuntimeException("Unable to load Crypto details")
+        }
+        val devicePublicKey = JwkToKeyConverter().convertToPublicKey(holderId.replace("did:jwk:", ""))
+        val issuerKeypair = issuerKeyPairAndCertificate.issuerKeypair()
+
+        val nameSpacedDataBuilder: NameSpacedData.Builder = NameSpacedData.Builder()
+        data.keys.forEach { key ->
+            nameSpacedDataBuilder.putEntryString(NAMESPACE, key, data[key].toString())
+        }
+        val nameSpacedData: NameSpacedData =
+            nameSpacedDataBuilder
+                .build()
+        val generatedIssuerNameSpaces: MutableMap<String, MutableList<ByteArray>> =
+            MdocUtil.generateIssuerNameSpaces(nameSpacedData, Random(SEED), 16)
+        val calculateDigestsForNameSpace =
+            MdocUtil.calculateDigestsForNameSpace(NAMESPACE, generatedIssuerNameSpaces, DIGEST_ALGORITHM)
+
+        val mobileSecurityObjectGenerator = MobileSecurityObjectGenerator(DIGEST_ALGORITHM, NAMESPACE, devicePublicKey)
+        mobileSecurityObjectGenerator.addDigestIdsForNamespace(NAMESPACE, calculateDigestsForNameSpace)
+        val expirationTime: Long = kotlinx.datetime.Instant.Companion.DISTANT_FUTURE.toEpochMilliseconds()
+        mobileSecurityObjectGenerator.setValidityInfo(
+            Timestamp.now(),
+            Timestamp.now(),
+            Timestamp.ofEpochMilli(expirationTime),
+            null
+        )
+        val mso: ByteArray = mobileSecurityObjectGenerator.generate()
+
+        val coseSign1Sign: DataItem = Util.coseSign1Sign(
+            issuerKeypair.private,
+            ECDSA_ALGORITHM,
+            mso.copyOf(),
+            null,
+            listOf(issuerKeyPairAndCertificate.caCertificate(), issuerKeyPairAndCertificate.issuerCertificate())
+        )
+
+        return construct(generatedIssuerNameSpaces, coseSign1Sign)
+    }
+
+    @Throws(Exception::class)
+    private fun readKeypairAndCertificates(caKeyAndCertificate: String,issuerKeyAndCertificate: String): IssuerKeyPairAndCertificate? {
+        val pkcS12Reader = PKCS12Reader()
+        val caDetails: KeyPairAndCertificate = pkcS12Reader.extract(caKeyAndCertificate)
+        val issuerDetails: KeyPairAndCertificate = pkcS12Reader.extract(issuerKeyAndCertificate)
+        if (issuerDetails != null && caDetails != null) {
+            return IssuerKeyPairAndCertificate(
+                issuerDetails.keyPair,
+                issuerDetails.certificate,
+                caDetails.certificate
+            )
+        }
+        return null
+    }
+
+    private fun construct(nameSpaces: MutableMap<String, MutableList<ByteArray>>, issuerAuth: DataItem): String? {
+        val mDoc = MDoc(DOCTYPE, IssuerSigned(nameSpaces, issuerAuth))
+        val cbor = mDoc.toCBOR()
+        return Base64.getUrlEncoder().encodeToString(cbor)
+    }
+}
+
+data class MDoc(val docType: String, val issuerSigned: IssuerSigned) {
+    fun toCBOR(): ByteArray {
+        val byteArrayOutputStream = ByteArrayOutputStream()
+        CborEncoder(byteArrayOutputStream).encode(
+            CborBuilder().addMap()
+                .put("docType", docType)
+                .put(CBORConverter.toDataItem("issuerSigned"), CBORConverter.toDataItem(issuerSigned.toMap()))
+                .end()
+                .build()
+        )
+        return byteArrayOutputStream.toByteArray()
+
+    }
+}
+
+data class IssuerSigned(val nameSpaces: MutableMap<String, MutableList<ByteArray>>, val issuerAuth: DataItem) {
+    fun toMap(): Map<String, Any> {
+        return buildMap {
+            put("nameSpaces", CBORConverter.toDataItem(nameSpaces))
+            put("issuerAuth", issuerAuth)
+        }
+    }
+}