diff --git a/build.sbt b/build.sbt index 515717e031..6fded75559 100644 --- a/build.sbt +++ b/build.sbt @@ -303,12 +303,6 @@ lazy val D_Pollux = new { lazy val D_Pollux_VC_JWT = new { - private lazy val circeJsonSchema = ("net.reactivecore" %% "circe-json-schema" % "0.4.1") - .cross(CrossVersion.for3Use2_13) - .exclude("io.circe", "circe-core_2.13") - .exclude("io.circe", "circe-generic_2.13") - .exclude("io.circe", "circe-parser_2.13") - val zio = "dev.zio" %% "zio" % V.zio val zioPrelude = "dev.zio" %% "zio-prelude" % V.zioPreludeVersion @@ -321,7 +315,7 @@ lazy val D_Pollux_VC_JWT = new { // Dependency Modules val zioDependencies: Seq[ModuleID] = Seq(zio, zioPrelude, zioTest, zioTestSbt, zioTestMagnolia) val baseDependencies: Seq[ModuleID] = - zioDependencies :+ D.jwtCirce :+ circeJsonSchema :+ networkntJsonSchemaValidator :+ D.nimbusJwt :+ D.scalaTest + zioDependencies :+ D.jwtCirce :+ networkntJsonSchemaValidator :+ D.nimbusJwt :+ D.scalaTest // Project Dependencies lazy val polluxVcJwtDependencies: Seq[ModuleID] = baseDependencies diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala index c849369651..e6c894ce23 100644 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala +++ b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/VerifiableCredentialPayload.scala @@ -8,7 +8,6 @@ import io.circe.parser.decode import io.circe.syntax.* import org.hyperledger.identus.castor.core.model.did.VerificationRelationship import org.hyperledger.identus.pollux.vc.jwt.revocation.BitString -import org.hyperledger.identus.pollux.vc.jwt.schema.{SchemaResolver, SchemaValidator} import org.hyperledger.identus.shared.crypto.{KmpSecp256k1KeyOps, PublicKey as ApolloPublicKey} import org.hyperledger.identus.shared.http.UriResolver import org.hyperledger.identus.shared.utils.Base64Utils @@ -170,69 +169,6 @@ object CredentialPayloadValidation { ) ) } - - def validateCredentialSchema( - maybeCredentialSchema: Option[Json] - )(schemaToValidator: Json => Validation[String, SchemaValidator]): Validation[String, Option[SchemaValidator]] = { - maybeCredentialSchema.fold(Validation.succeed(Option.empty))(credentialSchema => { - schemaToValidator(credentialSchema).map(Some(_)) - }) - } - - def validateCredentialSubjectSchema( - credentialSubject: Json, - credentialSchemaValidator: SchemaValidator - ): Validation[String, Json] = - credentialSchemaValidator.validate(credentialSubject) - - def validateCredentialSubject( - credentialSubject: Json, - maybeCredentialSchemaValidator: Option[SchemaValidator] - ): Validation[String, Json] = { - for { - validatedCredentialSubjectNotEmpty <- validateCredentialSubjectNotEmpty(credentialSubject) - validatedCredentialSubjectHasId <- validateCredentialSubjectHasId(validatedCredentialSubjectNotEmpty) - validatedCredentialSubjectSchema <- maybeCredentialSchemaValidator - .map(validateCredentialSubjectSchema(validatedCredentialSubjectHasId, _)) - .getOrElse(Validation.succeed(validatedCredentialSubjectHasId)) - } yield validatedCredentialSubjectSchema - } - - def validate[C <: CredentialPayload](credentialPayload: C): Validation[String, C] = - Validation.validateWith( - CredentialPayloadValidation.validateContext(credentialPayload.`@context`), - CredentialPayloadValidation.validateVcType(credentialPayload.`type`) - ) { (`@context`, `type`) => credentialPayload } - - def validateSchema[C <: CredentialPayload](credentialPayload: C)(schemaResolver: SchemaResolver)( - schemaToValidator: Json => Validation[String, SchemaValidator] - ): IO[String, C] = - val validation = - for { - resolvedSchema <- ZIO.foreach(credentialPayload.maybeCredentialSchema)(schemaResolver.resolve) - maybeDocumentValidator <- CredentialPayloadValidation - .validateCredentialSchema(resolvedSchema)(schemaToValidator) - .toZIO - maybeValidatedCredentialSubject <- CredentialPayloadValidation - .validateCredentialSubject( - credentialPayload.credentialSubject, - maybeDocumentValidator - ) - .toZIO - } yield maybeValidatedCredentialSubject - validation.map(_ => credentialPayload) - - private def validateCredentialSubjectNotEmpty(credentialSubject: Json): Validation[String, Json] = { - Validation - .fromPredicateWith("credentialSubject is empty.")(credentialSubject)(_.isObject) - } - - private def validateCredentialSubjectHasId(credentialSubject: Json): Validation[String, Json] = { - Validation - .fromPredicateWith("credentialSubject must contain id.")(credentialSubject)( - _.asObject.exists(jsonObject => jsonObject.toMap.contains("id")) - ) - } } case class JwtVc( @@ -796,28 +732,6 @@ object JwtCredential { )(_.iss) } - def validateJwtSchema( - jwt: JWT - )(schemaResolver: SchemaResolver)( - schemaToValidator: Json => Validation[String, SchemaValidator] - ): IO[String, Validation[String, Unit]] = { - val decodeJWT = - Validation.fromTry(JwtCirce.decodeRawAll(jwt.value, JwtOptions(false, false, false))).mapError(_.getMessage) - - val validatedDecodedClaim: Validation[String, JwtCredentialPayload] = - for { - decodedJwtTask <- decodeJWT - (_, claim, _) = decodedJwtTask - decodedClaim <- Validation.fromEither(decode[JwtCredentialPayload](claim).left.map(_.toString)) - } yield decodedClaim - - ValidationUtils.foreach( - validatedDecodedClaim.map(decodedClaim => - CredentialPayloadValidation.validateSchema(decodedClaim)(schemaResolver)(schemaToValidator) - ) - )(_.replicateZIODiscard(1)) - } - def validateExpiration(jwt: JWT, dateTime: OffsetDateTime): Validation[String, Unit] = { Validation .fromTry( @@ -838,19 +752,6 @@ object JwtCredential { .mapError(_.getMessage) } - def validateSchemaAndSignature( - jwt: JWT - )(didResolver: DidResolver)(schemaResolver: SchemaResolver)( - schemaToValidator: Json => Validation[String, SchemaValidator] - ): IO[String, Validation[String, Unit]] = { - for { - validatedJwtSchema <- validateJwtSchema(jwt)(schemaResolver)(schemaToValidator) - validateJwtSignature <- validateEncodedJWT(jwt)(didResolver) - } yield { - Validation.validateWith(validatedJwtSchema, validateJwtSignature)((a, _) => a) - } - } - def verifyDates(jwtPayload: JwtVerifiableCredentialPayload, leeway: TemporalAmount)(implicit clock: Clock ): Validation[String, Unit] = { diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala deleted file mode 100644 index d78e69fc0b..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/PlaceholderSchemaValidator.scala +++ /dev/null @@ -1,14 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe -import io.circe.Json -import zio.prelude.* - -class PlaceholderSchemaValidator extends SchemaValidator { - override def validate(payloadToValidate: Json): Validation[String, Json] = Validation.succeed(payloadToValidate) -} - -object PlaceholderSchemaValidator { - def fromSchema(schema: Json): Validation[String, PlaceholderSchemaValidator] = - Validation.succeed(PlaceholderSchemaValidator()) -} diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala deleted file mode 100644 index a10ec28fce..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/ReactiveCoreSchemaValidator.scala +++ /dev/null @@ -1,22 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe -import io.circe.{Encoder, Json} -import io.circe.generic.auto.* -import io.circe.syntax.* -import net.reactivecore.cjs.{DocumentValidator, Loader} -import zio.prelude.* -import zio.NonEmptyChunk - -class ReactiveCoreSchemaValidator(documentValidator: DocumentValidator) extends SchemaValidator { - override def validate(payloadToValidate: Json): Validation[String, Json] = - NonEmptyChunk - .fromIterableOption( - documentValidator.validate(payloadToValidate.asJson).violations.map(_.toString) - ) - .fold(Validation.succeed(payloadToValidate))(Validation.failNonEmptyChunk) -} -object ReactiveCoreSchemaValidator { - def fromSchema(schema: Json): Either[String, ReactiveCoreSchemaValidator] = - Loader.empty.fromJson(schema).left.map(_.message).map(a => ReactiveCoreSchemaValidator(a)) -} diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala deleted file mode 100644 index 886a758006..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaResolver.scala +++ /dev/null @@ -1,9 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe.Json -import org.hyperledger.identus.pollux.vc.jwt.CredentialSchema -import zio.IO - -trait SchemaResolver { - def resolve(credentialSchema: CredentialSchema): IO[String, Json] -} diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala deleted file mode 100644 index 470dfb110f..0000000000 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/schema/SchemaValidator.scala +++ /dev/null @@ -1,8 +0,0 @@ -package org.hyperledger.identus.pollux.vc.jwt.schema - -import io.circe.Json -import zio.prelude.Validation - -trait SchemaValidator { - def validate(payloadToValidate: Json): Validation[String, Json] -}