Skip to content

Commit

Permalink
fixed module structure
Browse files Browse the repository at this point in the history
  • Loading branch information
paullatzelsperger committed Oct 21, 2023
1 parent b89f482 commit 30fe45f
Show file tree
Hide file tree
Showing 20 changed files with 239 additions and 139 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/
plugins {
`java-library`
`java-test-fixtures`
}

dependencies {
implementation(libs.nimbus.jwt)

implementation(project(":spi:common:json-ld-spi"))
implementation(project(":spi:common:identity-trust-spi"))
implementation(project(":core:common:util"))
implementation(project(":extensions:common:iam:decentralized-identity:identity-did-crypto"))


testImplementation(project(":extensions:common:json-ld"))
testImplementation(project(":core:common:junit"))

testFixturesImplementation(libs.nimbus.jwt)
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.iam.identitytrust.verification;
package org.eclipse.edc.verifiablecredentials.jwt;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
Expand Down Expand Up @@ -53,7 +53,7 @@
*
* <em>Note: VP-JWTs may only contain VCs also represented in JWT format. Mixing formats is not allowed.</em>
*/
class JwtPresentationVerifier implements CredentialVerifier {
public class JwtPresentationVerifier implements CredentialVerifier {
public static final String VERIFIABLE_CREDENTIAL_JSON_KEY = "verifiableCredential";
public static final String VP_CLAIM = "vp";
public static final String VC_CLAIM = "vc";
Expand All @@ -65,7 +65,7 @@ class JwtPresentationVerifier implements CredentialVerifier {
*
* @param jwtVerifier The JwtVerifier instance used to verify the JWT token.
*/
JwtPresentationVerifier(JwtVerifier jwtVerifier, ObjectMapper objectMapper) {
public JwtPresentationVerifier(JwtVerifier jwtVerifier, ObjectMapper objectMapper) {
this.jwtVerifier = jwtVerifier;
this.objectMapper = objectMapper;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.iam.identitytrust.verification;
package org.eclipse.edc.verifiablecredentials.jwt;

import com.nimbusds.jwt.SignedJWT;
import org.eclipse.edc.iam.did.crypto.JwtUtils;
Expand All @@ -39,9 +39,7 @@
* If no such {@code kid} header is present, then the <em>first</em> verification method is used.
* <p>
* Please note that <strong>no structural</strong> validation is done beyond the very basics (must have iss and aud claim).
* This is done by the {@link org.eclipse.edc.iam.identitytrust.validation.SelfIssuedIdTokenValidator}.
*
* @see org.eclipse.edc.iam.identitytrust.validation.SelfIssuedIdTokenValidator For SI Token validation.
* This is done by the {@link SelfIssuedIdTokenVerifier}.
*/
public class SelfIssuedIdTokenVerifier implements JwtVerifier {
private final DidResolverRegistry resolverRegistry;
Expand Down

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.iam.identitytrust;
package org.eclipse.edc.verifiablecredentials.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

package org.eclipse.edc.verifiablecredentials.jwt;

public interface TestConstants {
String CENTRAL_ISSUER_KEY_ID = "#central-issuer-key1";
String PRESENTER_KEY_ID = "#my-key1";
String VP_HOLDER_ID = "did:web:test-issuer";
String MY_OWN_DID = "did:web:myself";
String CENTRAL_ISSUER_DID = "did:web:some-official-issuer";

// taken straight from here: https://www.w3.org/TR/vc-data-model/#example-verifiable-presentation-using-jwt-compact-serialization-non-normative
String VC_CONTENT_DEGREE_EXAMPLE = """
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"type": [
"VerifiableCredential",
"UniversityDegreeCredential"
],
"credentialSubject": {
"id": "degreeSub",
"degree": {
"type": "BachelorDegree",
"name": "<span lang='fr-CA'>Baccalauréat en musiques numériques</span>"
}
}
}
""";

String VC_CONTENT_CERTIFICATE_EXAMPLE = """
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"type": [
"VerifiableCredential",
"IsoCertificateCredential"
],
"issuer":"did:web:test-issuer",
"issuanceDate": "2022-10-18T12:56:00Z",
"credentialSubject": {
"id": "https://w3id.org/example/isoCred",
"degree": {
"type": "Iso9001Certificate",
"name": "ISO 9001 Certificate for excellence in many things"
}
}
}
""";

// taken straight from here: https://www.w3.org/TR/vc-data-model/#example-verifiable-presentation-using-jwt-compact-serialization-non-normative
String VP_CONTENT_TEMPLATE = """
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://www.w3.org/2018/credentials/examples/v1"
],
"id": "https://exapmle.com/test-vp",
"holder": "https://holder.test.com",
"type": [
"VerifiablePresentation"
],
"verifiableCredential": [
%s
]
}
""";
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.linkeddata.verifiablecredentials;
package org.eclipse.edc.verifiablecredentials.linkeddata;

import com.apicatalog.jsonld.InvalidJsonLdValue;
import com.apicatalog.jsonld.JsonLdReader;
Expand Down Expand Up @@ -44,6 +44,7 @@
import jakarta.json.JsonValue;
import org.eclipse.edc.identitytrust.model.VerifiableCredential;
import org.eclipse.edc.identitytrust.verification.CredentialVerifier;
import org.eclipse.edc.identitytrust.verification.SignatureSuiteRegistry;
import org.eclipse.edc.identitytrust.verification.VerifierContext;
import org.eclipse.edc.jsonld.spi.JsonLd;
import org.eclipse.edc.jsonld.spi.JsonLdKeywords;
Expand Down Expand Up @@ -350,7 +351,14 @@ public Builder signatureSuite(SignatureSuite signatureSuiteProvider) {
return this;
}

public Builder signatureSuite(SignatureSuiteProvider provider) {
public Builder signatureSuites(SignatureSuiteProvider provider) {
this.verifier.suiteProvider = provider;
return this;
}

public Builder signatureSuites(SignatureSuiteRegistry registry) {
var provider = new SignatureSuiteMapper();
registry.getAllSuites().forEach(provider::add);
this.verifier.suiteProvider = provider;
return this;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.linkeddata.verifiablecredentials;
package org.eclipse.edc.verifiablecredentials.linkeddata;

import com.apicatalog.jsonld.JsonLdError;
import com.apicatalog.jsonld.JsonLdErrorCode;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,9 @@
*
*/

package org.eclipse.edc.linkeddata.verifiablecredentials;
package org.eclipse.edc.verifiablecredentials.linkeddata;

import com.apicatalog.jsonld.loader.SchemeRouter;
import com.apicatalog.ld.signature.SignatureSuiteMapper;
import com.apicatalog.vc.integrity.DataIntegrityProofOptions;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
Expand All @@ -26,11 +25,11 @@
import jakarta.json.JsonObject;
import org.eclipse.edc.identitytrust.verification.VerifierContext;
import org.eclipse.edc.jsonld.TitaniumJsonLd;
import org.eclipse.edc.linkeddata.verfiablecredentials.LdpCreationUtils;
import org.eclipse.edc.linkeddata.verfiablecredentials.TestData;
import org.eclipse.edc.security.signature.jws2020.JwsSignature2020Suite;
import org.eclipse.edc.security.signature.jws2020.TestDocumentLoader;
import org.eclipse.edc.security.signature.jws2020.TestFunctions;
import org.eclipse.edc.verifiablecredentials.verfiablecredentials.LdpCreationUtils;
import org.eclipse.edc.verifiablecredentials.verfiablecredentials.TestData;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
Expand All @@ -41,9 +40,9 @@

import static org.eclipse.edc.jsonld.util.JacksonJsonLd.createObjectMapper;
import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat;
import static org.eclipse.edc.linkeddata.verfiablecredentials.TestData.VC_CONTENT_CERTIFICATE_EXAMPLE;
import static org.eclipse.edc.linkeddata.verfiablecredentials.TestData.createMembershipCredential;
import static org.eclipse.edc.linkeddata.verfiablecredentials.TestData.createNameCredential;
import static org.eclipse.edc.verifiablecredentials.verfiablecredentials.TestData.VC_CONTENT_CERTIFICATE_EXAMPLE;
import static org.eclipse.edc.verifiablecredentials.verfiablecredentials.TestData.createMembershipCredential;
import static org.eclipse.edc.verifiablecredentials.verfiablecredentials.TestData.createNameCredential;
import static org.mockito.Mockito.mock;

class LdpVerifierTest {
Expand All @@ -67,9 +66,8 @@ void setUp() throws URISyntaxException {
jsonLd.registerCachedDocument("https://w3id.org/security/suites/jws-2020/v1", Thread.currentThread().getContextClassLoader().getResource("jws2020.json").toURI());
jsonLd.registerCachedDocument("https://www.w3.org/2018/credentials/v1", Thread.currentThread().getContextClassLoader().getResource("credentials.v1.json").toURI());
jsonLd.registerCachedDocument("https://www.w3.org/2018/credentials/examples/v1", Thread.currentThread().getContextClassLoader().getResource("examples.v1.json").toURI());
var provider = new SignatureSuiteMapper().add(jwsSignatureSuite);
ldpVerifier = LdpVerifier.Builder.newInstance()
.signatureSuite(provider)
.signatureSuite(jwsSignatureSuite)
.jsonLd(jsonLd)
.objectMapper(mapper)
.loader(testDocLoader)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.linkeddata.verfiablecredentials;
package org.eclipse.edc.verifiablecredentials.verfiablecredentials;

import com.apicatalog.jsonld.loader.DocumentLoader;
import com.apicatalog.ld.DocumentError;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.linkeddata.verfiablecredentials;
package org.eclipse.edc.verifiablecredentials.verfiablecredentials;

import jakarta.json.Json;
import jakarta.json.JsonObject;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ dependencies {
implementation(project(":core:common:util"))
implementation(project(":core:common:jwt-core"))
implementation(project(":extensions:common:crypto:jws2020"))
implementation(project(":extensions:common:crypto:jwt-verifiable-credentials"))
implementation(project(":extensions:common:crypto:ldp-verifiable-credentials"))
implementation(project(":extensions:common:iam:identity-trust:identity-trust-service"))
implementation(project(":extensions:common:iam:identity-trust:identity-trust-sts-embedded"))
implementation(libs.nimbus.jwt)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
import org.eclipse.edc.iam.identitytrust.IdentityAndTrustService;
import org.eclipse.edc.iam.identitytrust.validation.SelfIssuedIdTokenValidator;
import org.eclipse.edc.iam.identitytrust.verification.MultiFormatPresentationVerifier;
import org.eclipse.edc.iam.identitytrust.verification.SelfIssuedIdTokenVerifier;
import org.eclipse.edc.identitytrust.CredentialServiceClient;
import org.eclipse.edc.identitytrust.SecureTokenService;
import org.eclipse.edc.identitytrust.TrustedIssuerRegistry;
Expand All @@ -35,6 +34,9 @@
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;
import org.eclipse.edc.spi.types.TypeManager;
import org.eclipse.edc.verifiablecredentials.jwt.JwtPresentationVerifier;
import org.eclipse.edc.verifiablecredentials.jwt.SelfIssuedIdTokenVerifier;
import org.eclipse.edc.verifiablecredentials.linkeddata.LdpVerifier;

import static org.eclipse.edc.spi.CoreConstants.JSON_LD;

Expand Down Expand Up @@ -87,7 +89,16 @@ public JwtValidator getJwtValidator() {

@Provider
public PresentationVerifier createPresentationVerifier(ServiceExtensionContext context) {
return new MultiFormatPresentationVerifier(getJwtVerifier(), getOwnDid(context), typeManager.getMapper(JSON_LD), signatureSuiteRegistry, jsonLd);
var mapper = typeManager.getMapper(JSON_LD);

var jwtVerifier = new JwtPresentationVerifier(getJwtVerifier(), mapper);
var ldpVerifier = LdpVerifier.Builder.newInstance()
.signatureSuites(signatureSuiteRegistry)
.jsonLd(jsonLd)
.objectMapper(mapper)
.build();

return new MultiFormatPresentationVerifier(getOwnDid(context), jwtVerifier, ldpVerifier);
}

@Provider
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,15 +8,16 @@ dependencies {
api(project(":spi:common:identity-did-spi"))
implementation(project(":extensions:common:crypto:jws2020"))
implementation(project(":extensions:common:crypto:ldp-verifiable-credentials"))
implementation(project(":extensions:common:crypto:jwt-verifiable-credentials"))

implementation(project(":core:common:util"))
implementation(project(":extensions:common:iam:decentralized-identity:identity-did-crypto"))
implementation(libs.nimbus.jwt)
implementation(libs.iron.ed25519)
testImplementation(testFixtures(project(":spi:common:identity-trust-spi")))
testImplementation(project(":core:common:junit"))
testImplementation(project(":extensions:common:json-ld"))
implementation(testFixtures(project(":extensions:common:crypto:ldp-verifiable-credentials")))
implementation(testFixtures(project(":extensions:common:crypto:jwt-verifiable-credentials")))

}

Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.iam.TokenRepresentation;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.verifiablecredentials.jwt.SelfIssuedIdTokenVerifier;

import java.text.ParseException;
import java.util.Objects;
Expand All @@ -39,9 +40,9 @@
* <li>{@code exp < now()} token not expired, epsilon = 60s</li>
* </ul>
* <p>
* Please note that the signature of the JWT is <strong>not</strong> verified, that is done by the {@link org.eclipse.edc.iam.identitytrust.verification.SelfIssuedIdTokenVerifier}.
* Please note that the signature of the JWT is <strong>not</strong> verified, that is done by the {@link SelfIssuedIdTokenVerifier}.
*
* @see org.eclipse.edc.iam.identitytrust.verification.SelfIssuedIdTokenVerifier SI Token signature verification
* @see SelfIssuedIdTokenVerifier SI Token signature verification
*/
public class SelfIssuedIdTokenValidator implements JwtValidator {

Expand Down
Loading

0 comments on commit 30fe45f

Please sign in to comment.