feat: send verifier claim keys to Jaeger (#1313)

Signed-off-by: Andrii Holovko <[email protected]>

cmd/vc-rest/go.sum

@@ -131,7 +131,6 @@ github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.43.9 h1:k1S/29Bp2QD5ZopnGzIn0Sp63yyt3WH1JRE2OOU3Aig=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aws/aws-sdk-go-v2 v1.17.2/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=

component/wallet-cli/go.sum

@@ -1081,7 +1081,6 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
-go.opentelemetry.io/contrib/instrumentation/go.mongodb.org/mongo-driver/mongo/otelmongo v0.40.0 h1:hATJDiGtTPWglqQRlWUiT5df32bOu9AJV41djhfF4Ig=
 go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM=
 go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU=
 go.opentelemetry.io/otel/sdk v1.14.0 h1:PDCppFRDq8A1jL9v6KMI6dYesaq+DFcDZvjsoGvxGzY=

go.mod

@@ -8,7 +8,6 @@ go 1.19
 
 require (
 	github.com/alexliesenfeld/health v0.6.0
-	github.com/aws/aws-sdk-go v1.43.9
 	github.com/aws/aws-sdk-go-v2 v1.17.7
 	github.com/aws/aws-sdk-go-v2/config v1.18.4
 	github.com/aws/aws-sdk-go-v2/service/kms v1.20.0
@@ -25,6 +24,7 @@ require (
 	github.com/hyperledger/aries-framework-go v0.3.2
 	github.com/hyperledger/aries-framework-go-ext/component/storage/mongodb v0.0.0-20220728172020-0a8903e45149
 	github.com/hyperledger/aries-framework-go-ext/component/vdr/orb v1.0.0-rc5.0.20221201213446-c4c1e76daa49
+	github.com/hyperledger/aries-framework-go/component/models v0.0.0-20230501135648-a9a7ad029347
 	github.com/hyperledger/aries-framework-go/component/storageutil v0.0.0-20230427134832-0c9969493bd3
 	github.com/hyperledger/aries-framework-go/spi v0.0.0-20230427134832-0c9969493bd3
 	github.com/jinzhu/copier v0.3.5
@@ -120,12 +120,10 @@ require (
 	github.com/hyperledger/aries-framework-go-ext/component/vdr/sidetree v1.0.0-rc3.0.20221104150937-07bfbe450122 // indirect
 	github.com/hyperledger/aries-framework-go/component/kmscrypto v0.0.0-20230427134832-0c9969493bd3 // indirect
 	github.com/hyperledger/aries-framework-go/component/log v0.0.0-20230427134832-0c9969493bd3 // indirect
-	github.com/hyperledger/aries-framework-go/component/models v0.0.0-20230501135648-a9a7ad029347 // indirect
 	github.com/hyperledger/ursa-wrapper-go v0.3.1 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/ipfs/go-cid v0.0.7 // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/kawamuray/jsonpath v0.0.0-20201211160320-7483bafabd7e // indirect
 	github.com/kilic/bls12-381 v0.1.1-0.20210503002446-7b7597926c69 // indirect

go.sum

@@ -131,8 +131,6 @@ github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi
 github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
-github.com/aws/aws-sdk-go v1.43.9 h1:k1S/29Bp2QD5ZopnGzIn0Sp63yyt3WH1JRE2OOU3Aig=
-github.com/aws/aws-sdk-go v1.43.9/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aws/aws-sdk-go-v2 v1.17.2/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
 github.com/aws/aws-sdk-go-v2 v1.17.3/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw=
@@ -620,9 +618,7 @@ github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
 github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
-github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
-github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
@@ -1300,7 +1296,6 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220513224357-95641704303c/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=

pkg/observability/tracing/attributeutil/attribute_util.go

@@ -32,7 +32,7 @@ func JSON(key string, value interface{}, opts ...Opt) attribute.KeyValue {
 	}
 
 	for _, path := range op.redacted {
-		if gjson.GetBytes(b, path).Exists() {
+		if data := gjson.GetBytes(b, path); data.String() != "" {
 			b, _ = sjson.SetBytes(b, path, "[REDACTED]")
 		}
 	}

pkg/observability/tracing/wrappers/oidc4ci/oidc4ci_wrapper.go

@@ -11,7 +11,6 @@ package oidc4ci
 
 import (
 	"context"
-	"strings"
 
 	"github.com/samber/lo"
 	"go.opentelemetry.io/otel/attribute"
@@ -45,7 +44,7 @@ func (w *Wrapper) InitiateIssuance(
 	span.SetAttributes(attributeutil.JSON("initiate_issuance_request", req, attributeutil.WithRedacted("ClaimData")))
 
 	if req.ClaimData != nil {
-		span.SetAttributes(attributeutil.JSON("claim_data_fields", strings.Join(lo.Keys(req.ClaimData), ",")))
+		span.SetAttributes(attribute.StringSlice("claim_keys", lo.Keys(req.ClaimData)))
 	}
 
 	resp, err := w.svc.InitiateIssuance(ctx, req, profile)
@@ -86,7 +85,7 @@ func (w *Wrapper) ValidatePreAuthorizedCodeRequest(ctx context.Context, preAutho
 		return nil, err
 	}
 
-	span.SetAttributes(attribute.String("resolved tx_id", string(tx.ID)))
+	span.SetAttributes(attribute.String("tx_id", string(tx.ID)))
 
 	return tx, nil
 }

pkg/observability/tracing/wrappers/verifypresentation/verifypresentation_wrapper.go

@@ -10,6 +10,7 @@ package verifypresentation
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
 	"go.opentelemetry.io/otel/attribute"
@@ -43,12 +44,28 @@ func (w *Wrapper) VerifyPresentation(
 	defer span.End()
 
 	span.SetAttributes(attribute.String("profile_id", profile.ID))
-	span.SetAttributes(attributeutil.JSON("opts", opts))
+
+	if opts != nil {
+		span.SetAttributes(attributeutil.JSON("opts", opts))
+	}
 
 	res, err := w.svc.VerifyPresentation(ctx, presentation, opts, profile)
 	if err != nil {
+		w.setClaimKeys(span)
 		return nil, err
 	}
 
+	w.setClaimKeys(span)
 	return res, nil
 }
+
+func (w *Wrapper) setClaimKeys(span trace.Span) {
+	svc, ok := w.svc.(*verifypresentation.Service)
+	if !ok {
+		return
+	}
+
+	for id, claimKeys := range svc.GetClaimKeys() {
+		span.SetAttributes(attribute.StringSlice(fmt.Sprintf("claim_keys_%s", id), claimKeys))
+	}
+}

pkg/service/verifypresentation/verifypresentation_service.go

@@ -15,15 +15,14 @@ import (
 	"reflect"
 	"time"
 
-	"github.com/trustbloc/vcs/internal/logfields"
-
 	"github.com/hyperledger/aries-framework-go/pkg/doc/jsonld"
-	"github.com/hyperledger/aries-framework-go/pkg/doc/util/json"
+	jsonutil "github.com/hyperledger/aries-framework-go/pkg/doc/util/json"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
 	vdrapi "github.com/hyperledger/aries-framework-go/pkg/framework/aries/api/vdr"
 	"github.com/piprate/json-gold/ld"
 	"github.com/trustbloc/logutil-go/pkg/log"
 
+	"github.com/trustbloc/vcs/internal/logfields"
 	"github.com/trustbloc/vcs/pkg/doc/vc/crypto"
 	"github.com/trustbloc/vcs/pkg/internal/common/diddoc"
 	profileapi "github.com/trustbloc/vcs/pkg/profile"
@@ -45,13 +44,15 @@ type Service struct {
 	vdr            vdrapi.Registry
 	documentLoader ld.DocumentLoader
 	vcVerifier     vcVerifier
+	claimKeys      map[string][]string
 }
 
 func New(config *Config) *Service {
 	return &Service{
 		vdr:            config.VDR,
 		documentLoader: config.DocumentLoader,
 		vcVerifier:     config.VcVerifier,
+		claimKeys:      map[string][]string{},
 	}
 }
 
@@ -67,6 +68,9 @@ func (s *Service) VerifyPresentation( //nolint:funlen,gocognit
 	defer func() {
 		logger.Debug("VerifyPresentation", log.WithDuration(time.Since(startTime)))
 	}()
+
+	s.claimKeys = map[string][]string{}
+
 	var result []PresentationVerificationCheckResult
 
 	var lazyCredentials []*LazyCredential
@@ -171,18 +175,6 @@ func (s *Service) checkCredentialStrict(lazy []*LazyCredential) error { //nolint
 			return nil
 		}
 
-		if logger.IsEnabled(log.DEBUG) {
-			var claimsKeys []string
-			for k := range cred.CustomFields {
-				claimsKeys = append(claimsKeys, k)
-			}
-
-			logger.Debug("verifier strict validation check",
-				logfields.WithClaimKeys(claimsKeys),
-				logfields.WithCredentialID(cred.ID),
-			)
-		}
-
 		var credMap map[string]interface{}
 		var err error
 
@@ -193,19 +185,38 @@ func (s *Service) checkCredentialStrict(lazy []*LazyCredential) error { //nolint
 			}
 		} else {
 			cred.JWT = ""
+			var credentialBytes []byte
 
-			credentialBytes, err := cred.MarshalJSON()
+			credentialBytes, err = cred.MarshalJSON()
 			if err != nil {
 				return fmt.Errorf("unable to marshal credential: %w", err)
 			}
 
-			credMap, err = json.ToMap(credentialBytes)
+			credMap, err = jsonutil.ToMap(credentialBytes)
 			if err != nil {
 				return err
 			}
 		}
 
-		if err := jsonld.ValidateJSONLDMap(credMap,
+		var claimKeys []string
+
+		m, ok := credMap["credentialSubject"].(map[string]interface{})
+		if ok {
+			for k := range m {
+				claimKeys = append(claimKeys, k)
+			}
+		}
+
+		s.claimKeys[cred.ID] = claimKeys
+
+		if logger.IsEnabled(log.DEBUG) {
+			logger.Debug("verifier strict validation check",
+				logfields.WithClaimKeys(claimKeys),
+				logfields.WithCredentialID(cred.ID),
+			)
+		}
+
+		if err = jsonld.ValidateJSONLDMap(credMap,
 			jsonld.WithDocumentLoader(s.documentLoader),
 			jsonld.WithStrictValidation(true),
 		); err != nil {
@@ -390,3 +401,8 @@ func (s *Service) extractCredentialStatus(cred *LazyCredential) (*verifiable.Typ
 
 	return finalObj, issuerID, nil
 }
+
+// GetClaimKeys returns credential claim keys.
+func (s *Service) GetClaimKeys() map[string][]string {
+	return s.claimKeys
+}

pkg/service/verifypresentation/verifypresentation_service_test.go

@@ -56,6 +56,7 @@ func TestNew(t *testing.T) {
 				vdr:            &mockvdr.MockVDRegistry{},
 				documentLoader: testutil.DocumentLoader(t),
 				vcVerifier:     NewMockVcVerifier(gomock.NewController(t)),
+				claimKeys:      map[string][]string{},
 			},
 		},
 	}
@@ -789,6 +790,7 @@ func TestExtractCredentialStatus(t *testing.T) {
 
 func TestCredentialStrict(t *testing.T) {
 	l := NewLazyCredential(&verifiable.Credential{
+		ID: "credentialID",
 		Context: []string{
 			"https://www.w3.org/2018/credentials/v1",
 			"https://www.w3.org/2018/credentials/examples/v1",
@@ -820,4 +822,5 @@ func TestCredentialStrict(t *testing.T) {
 		DocumentLoader: ld.NewDefaultDocumentLoader(http.DefaultClient),
 	})
 	assert.NoError(t, s.checkCredentialStrict([]*LazyCredential{l}))
+	assert.ElementsMatch(t, []string{"type", "degree"}, s.GetClaimKeys()["credentialID"])
 }

test/stress/go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/bluele/gcache v0.0.2
 	github.com/google/uuid v1.3.0
 	github.com/greenpau/go-calculator v1.0.1
-	github.com/hyperledger/aries-framework-go v0.3.1
+	github.com/hyperledger/aries-framework-go v0.3.2
 	github.com/labstack/echo/v4 v4.9.0
 	github.com/trustbloc/logutil-go v1.0.0-rc1
 	github.com/trustbloc/vcs/component/wallet-cli v0.0.0-20230314165048-d06b1132a27b

test/stress/go.sum

@@ -535,8 +535,8 @@ github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpO
 github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo=
 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
 github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
-github.com/hyperledger/aries-framework-go v0.3.1 h1:44hOqFdVtXPRmfxK1dHds1g1mouJFNeP1D/PBjDxRv8=
-github.com/hyperledger/aries-framework-go v0.3.1/go.mod h1:SorUysWEBw+uyXhY5RAtg2iyNkWTIIPM8+Slkt1Spno=
+github.com/hyperledger/aries-framework-go v0.3.2 h1:GsSUaSEW82cr5X8b3Qf90GAi37kmTKHqpPJLhar13X8=
+github.com/hyperledger/aries-framework-go v0.3.2/go.mod h1:SorUysWEBw+uyXhY5RAtg2iyNkWTIIPM8+Slkt1Spno=
 github.com/hyperledger/aries-framework-go-ext/component/storage/mongodb v0.0.0-20220728172020-0a8903e45149 h1:8ja6Vnp5EUsh8Oe4mI8ZNwpJtiM7c87X/b9sO/hEFiY=
 github.com/hyperledger/aries-framework-go-ext/component/storage/mongodb v0.0.0-20220728172020-0a8903e45149/go.mod h1:GDANCnJONcCqBvv6QgKuk5Y2FWHyD/Hu26kyc7NTyfY=
 github.com/hyperledger/aries-framework-go-ext/component/vdr/jwk v0.0.0-20221213152252-f0c83a5a922c h1:74wqdvAd3S9BuKolIV0obbG8PhbChtF9sQrE/ov2se0=