diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/Modules.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/Modules.scala index 6f0dc8996f..492fb55b7c 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/Modules.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/Modules.scala @@ -38,7 +38,7 @@ import org.hyperledger.identus.iam.authentication.oidc.{ KeycloakConfig, KeycloakEntity } -import org.hyperledger.identus.iam.authorization.core.PermissionManagement +import org.hyperledger.identus.iam.authorization.core.PermissionManagementService import org.hyperledger.identus.iam.authorization.keycloak.admin.KeycloakPermissionManagementService import org.hyperledger.identus.pollux.vc.jwt.{DidResolver as JwtDidResolver, PrismDidResolver} import org.hyperledger.identus.shared.crypto.Apollo @@ -103,7 +103,7 @@ object AppModule { ) val keycloakAuthenticatorLayer: RLayer[ - AppConfig & WalletManagementService & Client & PermissionManagement.Service[KeycloakEntity], + AppConfig & WalletManagementService & Client & PermissionManagementService[KeycloakEntity], KeycloakAuthenticator ] = ZLayer.fromZIO { @@ -113,7 +113,7 @@ object AppModule { if (!isEnabled) KeycloakAuthenticatorImpl.disabled else ZLayer.makeSome[ - AppConfig & WalletManagementService & Client & PermissionManagement.Service[KeycloakEntity], + AppConfig & WalletManagementService & Client & PermissionManagementService[KeycloakEntity], KeycloakAuthenticator ]( KeycloakConfig.layer, @@ -125,14 +125,14 @@ object AppModule { }.flatten val keycloakPermissionManagementLayer - : RLayer[AppConfig & WalletManagementService & Client, PermissionManagement.Service[KeycloakEntity]] = { + : RLayer[AppConfig & WalletManagementService & Client, PermissionManagementService[KeycloakEntity]] = { ZLayer.fromZIO { ZIO .serviceWith[AppConfig](_.agent.authentication.keycloak.enabled) .map { isEnabled => if (!isEnabled) KeycloakPermissionManagementService.disabled else - ZLayer.makeSome[AppConfig & WalletManagementService & Client, PermissionManagement.Service[KeycloakEntity]]( + ZLayer.makeSome[AppConfig & WalletManagementService & Client, PermissionManagementService[KeycloakEntity]]( KeycloakClientImpl.authzClientLayer, KeycloakClientImpl.layer, KeycloakConfig.layer, diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticatorImpl.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticatorImpl.scala index 5c416a4d19..6f3426ecb4 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticatorImpl.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authentication/oidc/KeycloakAuthenticatorImpl.scala @@ -3,8 +3,8 @@ package org.hyperledger.identus.iam.authentication.oidc import org.hyperledger.identus.agent.walletapi.model.EntityRole import org.hyperledger.identus.iam.authentication.AuthenticationError import org.hyperledger.identus.iam.authentication.AuthenticationError.AuthenticationMethodNotEnabled -import org.hyperledger.identus.iam.authorization.core.PermissionManagement -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error.PermissionNotAvailable +import org.hyperledger.identus.iam.authorization.core.PermissionManagementService +import org.hyperledger.identus.iam.authorization.core.PermissionManagementServiceError.PermissionNotAvailable import org.hyperledger.identus.shared.models.{WalletAccessContext, WalletAdministrationContext} import zio.* @@ -13,7 +13,7 @@ import java.util.UUID class KeycloakAuthenticatorImpl( client: KeycloakClient, keycloakConfig: KeycloakConfig, - keycloakPermissionService: PermissionManagement.Service[KeycloakEntity], + keycloakPermissionService: PermissionManagementService[KeycloakEntity], ) extends KeycloakAuthenticator { override def isEnabled: Boolean = keycloakConfig.enabled @@ -48,7 +48,7 @@ class KeycloakAuthenticatorImpl( .listWalletPermissions(entity) .mapError { case PermissionNotAvailable(_, msg) => AuthenticationError.InvalidCredentials(msg) - case e => AuthenticationError.UnexpectedError(e.message) + case e => AuthenticationError.UnexpectedError(e.userFacingMessage) } .flatMap { case head +: Nil => ZIO.succeed(head) @@ -68,7 +68,7 @@ class KeycloakAuthenticatorImpl( .listWalletPermissions(entity) .provide(ZLayer.succeed(WalletAdministrationContext.Admin())) .mapBoth( - e => AuthenticationError.UnexpectedError(e.message), + e => AuthenticationError.UnexpectedError(e.userFacingMessage), wallets => WalletAdministrationContext.SelfService(wallets) ) @@ -90,7 +90,7 @@ class KeycloakAuthenticatorImpl( object KeycloakAuthenticatorImpl { val layer: RLayer[ - KeycloakClient & KeycloakConfig & PermissionManagement.Service[KeycloakEntity], + KeycloakClient & KeycloakConfig & PermissionManagementService[KeycloakEntity], KeycloakAuthenticator ] = ZLayer.fromFunction(KeycloakAuthenticatorImpl(_, _, _)) diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/DefaultPermissionManagementService.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/DefaultPermissionManagementService.scala index 53a33371f7..18121922b1 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/DefaultPermissionManagementService.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/DefaultPermissionManagementService.scala @@ -2,31 +2,38 @@ package org.hyperledger.identus.iam.authorization import org.hyperledger.identus.agent.walletapi.model.{BaseEntity, Entity} import org.hyperledger.identus.iam.authentication.oidc.KeycloakEntity -import org.hyperledger.identus.iam.authorization.core.PermissionManagement -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error +import org.hyperledger.identus.iam.authorization.core.{PermissionManagementService, PermissionManagementServiceError} import org.hyperledger.identus.shared.models.{WalletAdministrationContext, WalletId} import zio.* class DefaultPermissionManagementService( - entityPermission: PermissionManagement.Service[Entity], - keycloakPermission: PermissionManagement.Service[KeycloakEntity] -) extends PermissionManagement.Service[BaseEntity] { + entityPermission: PermissionManagementService[Entity], + keycloakPermission: PermissionManagementService[KeycloakEntity] +) extends PermissionManagementService[BaseEntity] { - def grantWalletToUser(walletId: WalletId, entity: BaseEntity): ZIO[WalletAdministrationContext, Error, Unit] = { + def grantWalletToUser( + walletId: WalletId, + entity: BaseEntity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] = { entity match { case entity: Entity => entityPermission.grantWalletToUser(walletId, entity) case kcEntity: KeycloakEntity => keycloakPermission.grantWalletToUser(walletId, kcEntity) } } - def revokeWalletFromUser(walletId: WalletId, entity: BaseEntity): ZIO[WalletAdministrationContext, Error, Unit] = { + def revokeWalletFromUser( + walletId: WalletId, + entity: BaseEntity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] = { entity match { case entity: Entity => entityPermission.revokeWalletFromUser(walletId, entity) case kcEntity: KeycloakEntity => keycloakPermission.revokeWalletFromUser(walletId, kcEntity) } } - def listWalletPermissions(entity: BaseEntity): ZIO[WalletAdministrationContext, Error, Seq[WalletId]] = { + def listWalletPermissions( + entity: BaseEntity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Seq[WalletId]] = { entity match { case entity: Entity => entityPermission.listWalletPermissions(entity) case kcEntity: KeycloakEntity => keycloakPermission.listWalletPermissions(kcEntity) @@ -37,8 +44,8 @@ class DefaultPermissionManagementService( object DefaultPermissionManagementService { def layer: URLayer[ - PermissionManagement.Service[KeycloakEntity] & PermissionManagement.Service[Entity], - PermissionManagement.Service[BaseEntity] + PermissionManagementService[KeycloakEntity] & PermissionManagementService[Entity], + PermissionManagementService[BaseEntity] ] = ZLayer.fromFunction(DefaultPermissionManagementService(_, _)) } diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementService.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementService.scala index 6b6f5ebba8..a27b8fd84c 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementService.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementService.scala @@ -2,38 +2,45 @@ package org.hyperledger.identus.iam.authorization.core import org.hyperledger.identus.agent.walletapi.model.Entity import org.hyperledger.identus.agent.walletapi.service.EntityService -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error.{ServiceError, WalletNotFoundById} +import org.hyperledger.identus.iam.authorization.core.PermissionManagementServiceError.* import org.hyperledger.identus.shared.models.{WalletAdministrationContext, WalletId} import zio.* import scala.language.implicitConversions -class EntityPermissionManagementService(entityService: EntityService) extends PermissionManagement.Service[Entity] { +class EntityPermissionManagementService(entityService: EntityService) extends PermissionManagementService[Entity] { - override def grantWalletToUser(walletId: WalletId, entity: Entity): ZIO[WalletAdministrationContext, Error, Unit] = { + override def grantWalletToUser( + walletId: WalletId, + entity: Entity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] = { for { _ <- ZIO .serviceWith[WalletAdministrationContext](_.isAuthorized(walletId)) - .filterOrFail(identity)(Error.WalletNotFoundById(walletId)) + .filterOrFail(identity)(WalletNotFoundById(walletId)) _ <- entityService.assignWallet(entity.id, walletId.toUUID).orDieAsUnmanagedFailure } yield () } - override def revokeWalletFromUser(walletId: WalletId, entity: Entity): ZIO[WalletAdministrationContext, Error, Unit] = - ZIO.fail(Error.ServiceError(s"Revoking wallet permission for an Entity is not yet supported.")) + override def revokeWalletFromUser( + walletId: WalletId, + entity: Entity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] = + ZIO.fail(ServiceError(s"Revoking wallet permission for an Entity is not yet supported.")) - override def listWalletPermissions(entity: Entity): ZIO[WalletAdministrationContext, Error, Seq[WalletId]] = { + override def listWalletPermissions( + entity: Entity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Seq[WalletId]] = { val walletId = WalletId.fromUUID(entity.walletId) ZIO .serviceWith[WalletAdministrationContext](_.isAuthorized(walletId)) - .filterOrFail(identity)(Error.WalletNotFoundById(walletId)) + .filterOrFail(identity)(WalletNotFoundById(walletId)) .as(Seq(walletId)) } } object EntityPermissionManagementService { - val layer: URLayer[EntityService, PermissionManagement.Service[Entity]] = + val layer: URLayer[EntityService, PermissionManagementService[Entity]] = ZLayer.fromFunction(EntityPermissionManagementService(_)) } diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagement.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagement.scala index ef10b8bbca..8b13789179 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagement.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagement.scala @@ -1,39 +1 @@ -package org.hyperledger.identus.iam.authorization.core -import org.hyperledger.identus.agent.walletapi.model.BaseEntity -import org.hyperledger.identus.shared.models.{WalletAdministrationContext, WalletId} -import zio.* - -import java.util.UUID - -object PermissionManagement { - trait Service[E <: BaseEntity] { - def grantWalletToUser(walletId: WalletId, entity: E): ZIO[WalletAdministrationContext, Error, Unit] - def revokeWalletFromUser(walletId: WalletId, entity: E): ZIO[WalletAdministrationContext, Error, Unit] - def listWalletPermissions(entity: E): ZIO[WalletAdministrationContext, Error, Seq[WalletId]] - } - - sealed trait Error(val message: String) - - object Error { - case class UserNotFoundById(userId: UUID, cause: Option[Throwable] = None) - extends Error(s"User $userId is not found" + cause.map(t => s" Cause: ${t.getMessage}")) - case class WalletNotFoundByUserId(userId: UUID) extends Error(s"Wallet for user $userId is not found") - - case class WalletNotFoundById(walletId: WalletId) extends Error(s"Wallet not found by ${walletId.toUUID}") - - case class WalletResourceNotFoundById(walletId: WalletId) - extends Error(s"Wallet resource not found by ${walletId.toUUID}") - - case class PermissionNotFoundById(userId: UUID, walletId: WalletId, walletResourceId: String) - extends Error( - s"Permission not found by userId: $userId, walletId: ${walletId.toUUID}, walletResourceId: $walletResourceId" - ) - - case class PermissionNotAvailable(userId: UUID, cause: String) extends Error(cause) - - case class UnexpectedError(cause: Throwable) extends Error(cause.getMessage) - - case class ServiceError(cause: String) extends Error(cause) - } -} diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagementService.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagementService.scala new file mode 100644 index 0000000000..ce309c1561 --- /dev/null +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagementService.scala @@ -0,0 +1,19 @@ +package org.hyperledger.identus.iam.authorization.core + +import org.hyperledger.identus.agent.walletapi.model.BaseEntity +import org.hyperledger.identus.shared.models.{WalletAdministrationContext, WalletId} +import zio.* + +trait PermissionManagementService[E <: BaseEntity] { + def grantWalletToUser( + walletId: WalletId, + entity: E + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] + def revokeWalletFromUser( + walletId: WalletId, + entity: E + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] + def listWalletPermissions( + entity: E + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Seq[WalletId]] +} diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagementServiceError.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagementServiceError.scala new file mode 100644 index 0000000000..7b8ca64b4a --- /dev/null +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/core/PermissionManagementServiceError.scala @@ -0,0 +1,50 @@ +package org.hyperledger.identus.iam.authorization.core + +import org.hyperledger.identus.shared.models.{Failure, StatusCode, WalletId} + +import java.util.UUID + +sealed trait PermissionManagementServiceError( + val statusCode: StatusCode, + val userFacingMessage: String +) extends Failure { + override val namespace: String = "PermissionManagementServiceError" +} + +object PermissionManagementServiceError { + + case class UserNotFoundById(userId: UUID, cause: Option[Throwable] = None) + extends PermissionManagementServiceError( + StatusCode.BadRequest, + s"User $userId is not found" + cause.map(t => s" Cause: ${t.getMessage}") + ) + + case class WalletNotFoundByUserId(userId: UUID) + extends PermissionManagementServiceError( + StatusCode.BadRequest, + s"Wallet for user $userId is not found" + ) + + case class WalletNotFoundById(walletId: WalletId) + extends PermissionManagementServiceError( + StatusCode.BadRequest, + s"Wallet not found by ${walletId.toUUID}" + ) + + case class WalletResourceNotFoundById(walletId: WalletId) + extends PermissionManagementServiceError( + StatusCode.BadRequest, + s"Wallet resource not found by ${walletId.toUUID}" + ) + + case class PermissionNotFoundById(userId: UUID, walletId: WalletId, walletResourceId: String) + extends PermissionManagementServiceError( + StatusCode.BadRequest, + s"Permission not found by userId: $userId, walletId: ${walletId.toUUID}, walletResourceId: $walletResourceId" + ) + + case class PermissionNotAvailable(userId: UUID, cause: String) + extends PermissionManagementServiceError(StatusCode.BadRequest, cause) + + case class ServiceError(cause: String) extends PermissionManagementServiceError(StatusCode.InternalServerError, cause) +} diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementService.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementService.scala index b06586d798..d4eb6963cc 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementService.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementService.scala @@ -3,9 +3,8 @@ package org.hyperledger.identus.iam.authorization.keycloak.admin import org.hyperledger.identus.agent.walletapi.model.Wallet import org.hyperledger.identus.agent.walletapi.service.WalletManagementService import org.hyperledger.identus.iam.authentication.oidc.{KeycloakClient, KeycloakEntity} -import org.hyperledger.identus.iam.authorization.core.PermissionManagement -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error.* +import org.hyperledger.identus.iam.authorization.core.{PermissionManagementService, PermissionManagementServiceError} +import org.hyperledger.identus.iam.authorization.core.PermissionManagementServiceError.* import org.hyperledger.identus.shared.models.{WalletAdministrationContext, WalletId} import org.keycloak.authorization.client.AuthzClient import org.keycloak.representations.idm.authorization.{ResourceRepresentation, UmaPermissionRepresentation} @@ -19,7 +18,7 @@ case class KeycloakPermissionManagementService( authzClient: AuthzClient, keycloakClient: KeycloakClient, walletManagementService: WalletManagementService -) extends PermissionManagement.Service[KeycloakEntity] { +) extends PermissionManagementService[KeycloakEntity] { private def walletResourceName(walletId: WalletId) = s"wallet-${walletId.toUUID.toString}" @@ -28,60 +27,58 @@ case class KeycloakPermissionManagementService( override def grantWalletToUser( walletId: WalletId, entity: KeycloakEntity - ): ZIO[WalletAdministrationContext, PermissionManagement.Error, Unit] = { + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] = { for { _ <- walletManagementService .findWallet(walletId) .someOrFail(WalletNotFoundById(walletId)) walletResourceOpt <- findWalletResource(walletId) - .logError("Error while finding wallet resource") - .mapError(UnexpectedError.apply) walletResource <- ZIO .fromOption(walletResourceOpt) .orElse(createWalletResource(walletId)) - .logError("Error while creating wallet resource") - .mapError(UnexpectedError.apply) _ <- ZIO.log(s"Wallet resource created ${walletResource.toString}") permission <- createResourcePermission(walletResource.getId, entity.id.toString) - .mapError(UnexpectedError.apply) _ <- ZIO.log(s"Permission created with id ${permission.getId} and name ${permission.getName}") } yield () } - private def createResourcePermission(resourceId: String, userId: String): Task[UmaPermissionRepresentation] = { + private def createResourcePermission(resourceId: String, userId: String): UIO[UmaPermissionRepresentation] = { val policy = UmaPermissionRepresentation() policy.setName(policyName(userId, resourceId)) policy.setUsers(Set(userId).asJava) for { - umaPermissionRepresentation <- ZIO.attemptBlocking( - authzClient - .protection() - .policy(resourceId) - .create(policy) - ) + umaPermissionRepresentation <- ZIO + .attemptBlocking( + authzClient + .protection() + .policy(resourceId) + .create(policy) + ) + .orDie } yield umaPermissionRepresentation } - private def findWalletResource(walletId: WalletId): Task[Option[ResourceRepresentation]] = { + private def findWalletResource(walletId: WalletId): UIO[Option[ResourceRepresentation]] = { for { walletResource <- ZIO .attemptBlocking( - authzClient.protection().resource().findById(walletId.toUUID.toString()) + authzClient.protection().resource().findById(walletId.toUUID.toString) ) .asSome .catchSome { case e: RuntimeException => - if (e.getMessage().contains("Could not find resource")) ZIO.none + if (e.getMessage.contains("Could not find resource")) ZIO.none else ZIO.fail(e) } + .orDie } yield walletResource } - private def createWalletResource(walletId: WalletId): Task[ResourceRepresentation] = { + private def createWalletResource(walletId: WalletId): UIO[ResourceRepresentation] = { val walletResource = ResourceRepresentation() walletResource.setId(walletId.toUUID.toString) walletResource.setUris(Set(s"/wallets/${walletResourceName(walletId)}").asJava) @@ -90,18 +87,22 @@ case class KeycloakPermissionManagementService( for { _ <- ZIO.log(s"Creating resource for the wallet ${walletId.toUUID.toString}") - response <- ZIO.attemptBlocking( - authzClient - .protection() - .resource() - .create(walletResource) - ) - resource <- ZIO.attemptBlocking( - authzClient - .protection() - .resource() - .findById(walletResource.getId) - ) + response <- ZIO + .attemptBlocking( + authzClient + .protection() + .resource() + .create(walletResource) + ) + .orDie + resource <- ZIO + .attemptBlocking( + authzClient + .protection() + .resource() + .findById(walletResource.getId) + ) + .orDie _ <- ZIO.log(s"Resource for the wallet created id: ${resource.getId}, name ${resource.getName}") } yield resource } @@ -109,17 +110,14 @@ case class KeycloakPermissionManagementService( override def revokeWalletFromUser( walletId: WalletId, entity: KeycloakEntity - ): ZIO[WalletAdministrationContext, PermissionManagement.Error, Unit] = { + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Unit] = { val userId = entity.id for { _ <- walletManagementService .findWallet(walletId) .someOrFail(WalletNotFoundById(walletId)) - walletResource <- findWalletResource(walletId) - .logError("Error while finding wallet resource") - .mapError(UnexpectedError.apply) - .someOrFail(WalletResourceNotFoundById(walletId)) + walletResource <- findWalletResource(walletId).someOrFail(WalletNotFoundById(walletId)) permissionOpt <- ZIO .attemptBlocking( @@ -133,9 +131,8 @@ case class KeycloakPermissionManagementService( 1 ) ) + .orDie .map(_.asScala.headOption) - .logError(s"Error while finding permission by name ${policyName(userId.toString, walletResource.getId)}") - .mapError(UnexpectedError.apply) permission <- ZIO .fromOption(permissionOpt) @@ -148,8 +145,7 @@ case class KeycloakPermissionManagementService( .policy(walletResource.getId) .delete(permission.getId) ) - .logError(s"Error while deleting permission ${permission.getId}") - .mapError(UnexpectedError.apply) + .orDie _ <- ZIO.log( s"Permission ${permission.getId} deleted for user ${userId.toString} and wallet ${walletResource.getId}" @@ -157,29 +153,33 @@ case class KeycloakPermissionManagementService( } yield () } - override def listWalletPermissions(entity: KeycloakEntity): ZIO[WalletAdministrationContext, Error, Seq[WalletId]] = { + override def listWalletPermissions( + entity: KeycloakEntity + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Seq[WalletId]] = { for { token <- ZIO .fromOption(entity.accessToken) - .mapError(_ => Error.ServiceError("AccessToken is missing for listing permissions.")) - tokenIsRpt <- ZIO.fromEither(token.isRpt).mapError(Error.ServiceError(_)) + .mapError(_ => ServiceError("AccessToken is missing for listing permissions.")) + tokenIsRpt <- ZIO.fromEither(token.isRpt).mapError(ServiceError.apply) rpt <- if (tokenIsRpt) ZIO.succeed(token) else if (keycloakClient.keycloakConfig.autoUpgradeToRPT) { keycloakClient .getRpt(token) .logError("Fail to obtail RPT for wallet permissions") - .mapError(e => Error.ServiceError(e.message)) - } else ZIO.fail(Error.PermissionNotAvailable(entity.id, s"AccessToken is not RPT.")) + .mapError(e => ServiceError(e.message)) + } else ZIO.fail(PermissionNotAvailable(entity.id, s"AccessToken is not RPT.")) permittedResources <- keycloakClient .checkPermissions(rpt) .logError("Fail to list resource permissions on keycloak") - .mapError(e => Error.ServiceError(e.message)) + .mapError(e => ServiceError(e.message)) permittedWallet <- getPermittedWallet(permittedResources) } yield permittedWallet.map(_.id) } - private def getPermittedWallet(resourceIds: Seq[String]): ZIO[WalletAdministrationContext, Error, Seq[Wallet]] = { + private def getPermittedWallet( + resourceIds: Seq[String] + ): ZIO[WalletAdministrationContext, PermissionManagementServiceError, Seq[Wallet]] = { val walletIds = resourceIds.flatMap(id => Try(UUID.fromString(id)).toOption).map(WalletId.fromUUID) walletManagementService .getWallets(walletIds) @@ -189,17 +189,27 @@ case class KeycloakPermissionManagementService( object KeycloakPermissionManagementService { val layer: URLayer[ AuthzClient & KeycloakClient & WalletManagementService, - PermissionManagement.Service[KeycloakEntity] + PermissionManagementService[KeycloakEntity] ] = ZLayer.fromFunction(KeycloakPermissionManagementService(_, _, _)) - val disabled: ULayer[PermissionManagement.Service[KeycloakEntity]] = + val disabled: ULayer[PermissionManagementService[KeycloakEntity]] = ZLayer.succeed { - val notEnabledError = ZIO.fail(PermissionManagement.Error.ServiceError("Keycloak is not enabled")) - new PermissionManagement.Service[KeycloakEntity] { - override def grantWalletToUser(walletId: WalletId, entity: KeycloakEntity): IO[Error, Unit] = notEnabledError - override def revokeWalletFromUser(walletId: WalletId, entity: KeycloakEntity): IO[Error, Unit] = notEnabledError - override def listWalletPermissions(entity: KeycloakEntity): IO[Error, Seq[WalletId]] = notEnabledError + val notEnabledError = ZIO.fail(ServiceError("Keycloak is not enabled")) + new PermissionManagementService[KeycloakEntity] { + override def grantWalletToUser( + walletId: WalletId, + entity: KeycloakEntity + ): IO[PermissionManagementServiceError, Unit] = notEnabledError + + override def revokeWalletFromUser( + walletId: WalletId, + entity: KeycloakEntity + ): IO[PermissionManagementServiceError, Unit] = notEnabledError + + override def listWalletPermissions( + entity: KeycloakEntity + ): IO[PermissionManagementServiceError, Seq[WalletId]] = notEnabledError } } } diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/wallet/http/controller/WalletManagementController.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/wallet/http/controller/WalletManagementController.scala index 2f070e39cc..ed271ffc85 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/wallet/http/controller/WalletManagementController.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/iam/wallet/http/controller/WalletManagementController.scala @@ -6,7 +6,7 @@ import org.hyperledger.identus.api.http.{ErrorResponse, RequestContext} import org.hyperledger.identus.api.http.model.{CollectionStats, PaginationInput} import org.hyperledger.identus.api.util.PaginationUtils import org.hyperledger.identus.iam.authentication.oidc.KeycloakEntity -import org.hyperledger.identus.iam.authorization.core.PermissionManagement +import org.hyperledger.identus.iam.authorization.core.PermissionManagementService import org.hyperledger.identus.iam.wallet.http.model.{ CreateWalletRequest, CreateWalletUmaPermissionRequest, @@ -41,26 +41,11 @@ trait WalletManagementController { )(implicit rc: RequestContext): ZIO[WalletAdministrationContext, ErrorResponse, Unit] } -object WalletManagementController { - given permissionManagementErrorConversion: Conversion[PermissionManagement.Error, ErrorResponse] = { - case e: PermissionManagement.Error.PermissionNotFoundById => ErrorResponse.badRequest(detail = Some(e.message)) - case e: PermissionManagement.Error.ServiceError => ErrorResponse.internalServerError(detail = Some(e.message)) - case e: PermissionManagement.Error.UnexpectedError => ErrorResponse.internalServerError(detail = Some(e.message)) - case e: PermissionManagement.Error.UserNotFoundById => ErrorResponse.badRequest(detail = Some(e.message)) - case e: PermissionManagement.Error.WalletNotFoundById => ErrorResponse.badRequest(detail = Some(e.message)) - case e: PermissionManagement.Error.WalletNotFoundByUserId => ErrorResponse.badRequest(detail = Some(e.message)) - case e: PermissionManagement.Error.WalletResourceNotFoundById => ErrorResponse.badRequest(detail = Some(e.message)) - case e: PermissionManagement.Error.PermissionNotAvailable => ErrorResponse.badRequest(detail = Some(e.message)) - } -} - class WalletManagementControllerImpl( walletService: WalletManagementService, - permissionService: PermissionManagement.Service[BaseEntity], + permissionService: PermissionManagementService[BaseEntity], ) extends WalletManagementController { - import WalletManagementController.given - override def listWallet( paginationInput: PaginationInput )(implicit rc: RequestContext): ZIO[WalletAdministrationContext, ErrorResponse, WalletDetailPage] = { @@ -152,6 +137,6 @@ class WalletManagementControllerImpl( } object WalletManagementControllerImpl { - val layer: URLayer[WalletManagementService & PermissionManagement.Service[BaseEntity], WalletManagementController] = + val layer: URLayer[WalletManagementService & PermissionManagementService[BaseEntity], WalletManagementController] = ZLayer.fromFunction(WalletManagementControllerImpl(_, _)) } diff --git a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerServerEndpoints.scala b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerServerEndpoints.scala index c1fb766d0d..f3bd3be37d 100644 --- a/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerServerEndpoints.scala +++ b/cloud-agent/service/server/src/main/scala/org/hyperledger/identus/oid4vci/CredentialIssuerServerEndpoints.scala @@ -2,6 +2,7 @@ package org.hyperledger.identus.oid4vci import org.hyperledger.identus.agent.walletapi.model.BaseEntity import org.hyperledger.identus.api.http.ErrorResponse +import org.hyperledger.identus.iam.authentication.* import org.hyperledger.identus.iam.authentication.{ Authenticator, Authorizer, diff --git a/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/agent/server/AgentInitializationSpec.scala b/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/agent/server/AgentInitializationSpec.scala index 9fbd912937..33db03632e 100644 --- a/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/agent/server/AgentInitializationSpec.scala +++ b/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/agent/server/AgentInitializationSpec.scala @@ -103,7 +103,7 @@ object AgentInitializationSpec extends ZIOSpecDefault, PostgresTestContainerSupp _ <- AgentInitialization.run.overrideConfig(seed = Some("0" * 128)) actualSeed <- ZIO .serviceWithZIO[WalletSecretStorage]( - _.getWalletSeed + _.findWalletSeed .provide(ZLayer.succeed(WalletAccessContext(WalletId.default))) ) } yield assert(actualSeed.get.toByteArray)(equalTo(Array.fill[Byte](64)(0))) diff --git a/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementSpec.scala b/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementSpec.scala index d1e1b9e1ac..6bb296c9a6 100644 --- a/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementSpec.scala +++ b/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/core/EntityPermissionManagementSpec.scala @@ -12,7 +12,10 @@ import org.hyperledger.identus.agent.walletapi.sql.{ JdbcWalletNonSecretStorage, JdbcWalletSecretStorage } -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error.{ServiceError, WalletNotFoundById} +import org.hyperledger.identus.iam.authorization.core.PermissionManagementServiceError.{ + ServiceError, + WalletNotFoundById +} import org.hyperledger.identus.shared.crypto.ApolloSpecHelper import org.hyperledger.identus.shared.models.{WalletAdministrationContext, WalletId} import org.hyperledger.identus.sharedtest.containers.PostgresTestContainerSupport @@ -48,7 +51,7 @@ object EntityPermissionManagementSpec extends ZIOSpecDefault, PostgresTestContai test("grant wallet access to the user") { for { entityService <- ZIO.service[EntityService] - permissionService <- ZIO.service[PermissionManagement.Service[Entity]] + permissionService <- ZIO.service[PermissionManagementService[Entity]] walletService <- ZIO.service[WalletManagementService] wallet1 <- walletService .createWallet(Wallet("test")) @@ -73,7 +76,7 @@ object EntityPermissionManagementSpec extends ZIOSpecDefault, PostgresTestContai test("revoke wallet is not support") { for { entityService <- ZIO.service[EntityService] - permissionService <- ZIO.service[PermissionManagement.Service[Entity]] + permissionService <- ZIO.service[PermissionManagementService[Entity]] walletService <- ZIO.service[WalletManagementService] wallet1 <- walletService .createWallet(Wallet("test")) @@ -94,7 +97,7 @@ object EntityPermissionManagementSpec extends ZIOSpecDefault, PostgresTestContai val walletId2 = WalletId.random for { entityService <- ZIO.service[EntityService] - permissionService <- ZIO.service[PermissionManagement.Service[Entity]] + permissionService <- ZIO.service[PermissionManagementService[Entity]] walletService <- ZIO.service[WalletManagementService] wallet1 <- walletService .createWallet(Wallet("test", walletId1)) @@ -117,7 +120,7 @@ object EntityPermissionManagementSpec extends ZIOSpecDefault, PostgresTestContai val walletId2 = WalletId.random for { entityService <- ZIO.service[EntityService] - permissionService <- ZIO.service[PermissionManagement.Service[Entity]] + permissionService <- ZIO.service[PermissionManagementService[Entity]] walletService <- ZIO.service[WalletManagementService] wallet1 <- walletService .createWallet(Wallet("test", walletId1)) diff --git a/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementServiceSpec.scala b/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementServiceSpec.scala index c215c0494e..c4e98d6d17 100644 --- a/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementServiceSpec.scala +++ b/cloud-agent/service/server/src/test/scala/org/hyperledger/identus/iam/authorization/keycloak/admin/KeycloakPermissionManagementServiceSpec.scala @@ -5,8 +5,8 @@ import org.hyperledger.identus.agent.walletapi.service.{WalletManagementService, import org.hyperledger.identus.agent.walletapi.sql.{JdbcWalletNonSecretStorage, JdbcWalletSecretStorage} import org.hyperledger.identus.iam.authentication.oidc.* import org.hyperledger.identus.iam.authentication.AuthenticationError.ResourceNotPermitted -import org.hyperledger.identus.iam.authorization.core.PermissionManagement -import org.hyperledger.identus.iam.authorization.core.PermissionManagement.Error.{UnexpectedError, WalletNotFoundById} +import org.hyperledger.identus.iam.authorization.core.PermissionManagementService +import org.hyperledger.identus.iam.authorization.core.PermissionManagementServiceError.WalletNotFoundById import org.hyperledger.identus.shared.crypto.ApolloSpecHelper import org.hyperledger.identus.shared.models.{WalletAccessContext, WalletAdministrationContext, WalletId} import org.hyperledger.identus.sharedtest.containers.{ @@ -72,7 +72,7 @@ object KeycloakPermissionManagementServiceSpec user <- createUser(username = username, password = password) entity = KeycloakEntity(id = UUID.fromString(user.getId)) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] _ <- permissionService.grantWalletToUser(wallet.id, entity) token <- client.getAccessToken(username, password).map(_.access_token) @@ -95,7 +95,7 @@ object KeycloakPermissionManagementServiceSpec user <- createUser(username = username, password = password) entity = KeycloakEntity(id = UUID.fromString(user.getId)) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] _ <- permissionService.grantWalletToUser(wallet.id, entity) token <- client.getAccessToken(username, password).map(_.access_token) @@ -116,7 +116,7 @@ object KeycloakPermissionManagementServiceSpec private val failureCasesSuite = suite("Failure Cases Suite")( test("grant wallet access to the user with invalid wallet id") { for { - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] entity = KeycloakEntity(id = UUID.randomUUID()) exit <- permissionService.grantWalletToUser(WalletId.random, entity).exit } yield assert(exit)(fails(isSubtype[WalletNotFoundById](anything))) @@ -128,9 +128,9 @@ object KeycloakPermissionManagementServiceSpec walletService <- ZIO.service[WalletManagementService] wallet <- walletService.createWallet(Wallet("test_1")) entity = KeycloakEntity(id = UUID.randomUUID()) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] exit <- permissionService.grantWalletToUser(wallet.id, entity).exit - } yield assert(exit)(fails(isSubtype[UnexpectedError](anything))) + } yield assert(exit)(dies(hasMessage(equalTo(s"Error creating policy for resource [${wallet.id}]")))) } ).provideSomeLayer(ZLayer.succeed(WalletAdministrationContext.Admin())) @@ -152,7 +152,7 @@ object KeycloakPermissionManagementServiceSpec user <- createUser(username = username, password = password) entity = KeycloakEntity(id = UUID.fromString(user.getId)) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] _ <- permissionService .grantWalletToUser(wallet.id, entity) .provideSomeLayer(ZLayer.succeed(WalletAdministrationContext.SelfService(Seq(walletId)))) @@ -179,7 +179,7 @@ object KeycloakPermissionManagementServiceSpec user <- createUser(username = username, password = password) entity = KeycloakEntity(id = UUID.fromString(user.getId)) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] _ <- permissionService .grantWalletToUser(wallet.id, entity) .provideSomeLayer(ZLayer.succeed(WalletAdministrationContext.Admin())) @@ -216,7 +216,7 @@ object KeycloakPermissionManagementServiceSpec user <- createUser(username = username, password = password) entity = KeycloakEntity(id = UUID.fromString(user.getId)) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] exit <- permissionService .grantWalletToUser(WalletId.random, entity) .provideSomeLayer(ZLayer.succeed(WalletAdministrationContext.SelfService(Seq(walletId)))) @@ -239,7 +239,7 @@ object KeycloakPermissionManagementServiceSpec user <- createUser(username = username, password = password) entity = KeycloakEntity(id = UUID.fromString(user.getId)) - permissionService <- ZIO.service[PermissionManagement.Service[KeycloakEntity]] + permissionService <- ZIO.service[PermissionManagementService[KeycloakEntity]] _ <- permissionService .grantWalletToUser(wallet.id, entity) .provideSomeLayer(ZLayer.succeed(WalletAdministrationContext.Admin())) diff --git a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDCreateHandler.scala b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDCreateHandler.scala index 4138581bc0..1c2f239b55 100644 --- a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDCreateHandler.scala +++ b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDCreateHandler.scala @@ -29,7 +29,7 @@ private[walletapi] class DIDCreateHandler( val operationFactory = OperationFactory(apollo) for { walletId <- ZIO.serviceWith[WalletAccessContext](_.walletId) - seed <- walletSecretStorage.getWalletSeed + seed <- walletSecretStorage.findWalletSeed .someOrElseZIO(ZIO.dieMessage(s"Wallet seed for wallet $walletId does not exist")) didIndex <- nonSecretStorage .getMaxDIDIndex() diff --git a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDUpdateHandler.scala b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDUpdateHandler.scala index 73d5d2eb57..de517075dd 100644 --- a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDUpdateHandler.scala +++ b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/service/handler/DIDUpdateHandler.scala @@ -40,7 +40,7 @@ private[walletapi] class DIDUpdateHandler( val did = state.createOperation.did for { walletId <- ZIO.serviceWith[WalletAccessContext](_.walletId) - seed <- walletSecretStorage.getWalletSeed + seed <- walletSecretStorage.findWalletSeed .someOrElseZIO(ZIO.dieMessage(s"Wallet seed for wallet $walletId does not exist")) keyCounter <- nonSecretStorage .getHdKeyCounter(did) diff --git a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/sql/JdbcWalletSecretStorage.scala b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/sql/JdbcWalletSecretStorage.scala index 3325880268..824b64b73d 100644 --- a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/sql/JdbcWalletSecretStorage.scala +++ b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/sql/JdbcWalletSecretStorage.scala @@ -36,7 +36,7 @@ class JdbcWalletSecretStorage(xa: Transactor[ContextAwareTask]) extends WalletSe } yield () } - override def getWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] = { + override def findWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] = { val cxnIO = sql""" | SELECT seed diff --git a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorage.scala b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorage.scala index f3da8a4684..b8c6f179d9 100644 --- a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorage.scala +++ b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorage.scala @@ -6,5 +6,5 @@ import zio.* trait WalletSecretStorage { def setWalletSeed(seed: WalletSeed): URIO[WalletAccessContext, Unit] - def getWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] + def findWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] } diff --git a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/util/KeyResolver.scala b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/util/KeyResolver.scala index 038752f898..81a5fa8035 100644 --- a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/util/KeyResolver.scala +++ b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/util/KeyResolver.scala @@ -29,7 +29,7 @@ class KeyResolver( } private def deriveHdKey(path: ManagedDIDHdKeyPath): RIO[WalletAccessContext, Option[Secp256k1KeyPair]] = - walletSecretStorage.getWalletSeed.flatMap { + walletSecretStorage.findWalletSeed.flatMap { case None => ZIO.none case Some(seed) => apollo.secp256k1.deriveKeyPair(seed.toByteArray)(path.derivationPath*).asSome } diff --git a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/vault/VaultWalletSecretStorage.scala b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/vault/VaultWalletSecretStorage.scala index 6c688e3145..f9ef9cd2b2 100644 --- a/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/vault/VaultWalletSecretStorage.scala +++ b/cloud-agent/service/wallet-api/src/main/scala/org/hyperledger/identus/agent/walletapi/vault/VaultWalletSecretStorage.scala @@ -20,7 +20,7 @@ class VaultWalletSecretStorage(vaultKV: VaultKVClient) extends WalletSecretStora } yield () } - override def getWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] = { + override def findWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] = { for { walletId <- ZIO.serviceWith[WalletAccessContext](_.walletId) path = walletSeedPath(walletId) diff --git a/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/memory/WalletSecretStorageInMemory.scala b/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/memory/WalletSecretStorageInMemory.scala index 27ea027dee..91fed64a93 100644 --- a/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/memory/WalletSecretStorageInMemory.scala +++ b/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/memory/WalletSecretStorageInMemory.scala @@ -14,7 +14,7 @@ class WalletSecretStorageInMemory(storeRef: Ref[Map[WalletId, WalletSeed]]) exte } yield () } - override def getWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] = { + override def findWalletSeed: URIO[WalletAccessContext, Option[WalletSeed]] = { for { walletId <- ZIO.serviceWith[WalletAccessContext](_.walletId) seed <- storeRef.get.map(_.get(walletId)) diff --git a/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/service/WalletManagementServiceSpec.scala b/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/service/WalletManagementServiceSpec.scala index 6be6eef494..be4d5e174c 100644 --- a/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/service/WalletManagementServiceSpec.scala +++ b/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/service/WalletManagementServiceSpec.scala @@ -88,7 +88,7 @@ object WalletManagementServiceSpec secretStorage <- ZIO.service[WalletSecretStorage] createdWallet <- svc.createWallet(Wallet("wallet-1")) listedWallets <- svc.listWallets().map(_._1) - seed <- secretStorage.getWalletSeed.provide(ZLayer.succeed(WalletAccessContext(createdWallet.id))) + seed <- secretStorage.findWalletSeed.provide(ZLayer.succeed(WalletAccessContext(createdWallet.id))) } yield assert(listedWallets)(hasSameElements(Seq(createdWallet))) && assert(seed)(isSome) }, @@ -99,7 +99,7 @@ object WalletManagementServiceSpec createdWallets <- ZIO.foreach(1 to 10)(i => svc.createWallet(Wallet(s"wallet-$i"))) listedWallets <- svc.listWallets().map(_._1) seeds <- ZIO.foreach(listedWallets) { wallet => - secretStorage.getWalletSeed.provide(ZLayer.succeed(WalletAccessContext(wallet.id))) + secretStorage.findWalletSeed.provide(ZLayer.succeed(WalletAccessContext(wallet.id))) } } yield assert(createdWallets)(hasSameElements(listedWallets)) && assert(seeds)(forall(isSome)) @@ -111,7 +111,7 @@ object WalletManagementServiceSpec seed1 = WalletSeed.fromByteArray(Array.fill[Byte](64)(0)).toOption.get createdWallet <- svc.createWallet(Wallet("wallet-1"), Some(seed1)) listedWallets <- svc.listWallets().map(_._1) - seed2 <- secretStorage.getWalletSeed.provide(ZLayer.succeed(WalletAccessContext(createdWallet.id))) + seed2 <- secretStorage.findWalletSeed.provide(ZLayer.succeed(WalletAccessContext(createdWallet.id))) } yield assert(listedWallets)(hasSameElements(Seq(createdWallet))) && assert(seed2)(isSome(equalTo(seed1))) }, @@ -123,7 +123,7 @@ object WalletManagementServiceSpec createdWallets <- ZIO.foreach(seeds1) { seed => svc.createWallet(Wallet("test-wallet"), Some(seed)) } listedWallets <- svc.listWallets().map(_._1) seeds2 <- ZIO.foreach(listedWallets) { wallet => - secretStorage.getWalletSeed.provide(ZLayer.succeed(WalletAccessContext(wallet.id))) + secretStorage.findWalletSeed.provide(ZLayer.succeed(WalletAccessContext(wallet.id))) } } yield assert(createdWallets)(hasSameElements(listedWallets)) && assert(seeds2.flatten)(hasSameElements(seeds1)) diff --git a/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorageSpec.scala b/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorageSpec.scala index d9b87b2f34..c201d7036b 100644 --- a/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorageSpec.scala +++ b/cloud-agent/service/wallet-api/src/test/scala/org/hyperledger/identus/agent/walletapi/storage/WalletSecretStorageSpec.scala @@ -46,9 +46,9 @@ object WalletSecretStorageSpec extends ZIOSpecDefault, PostgresTestContainerSupp .map(_.id) walletAccessCtx = ZLayer.succeed(WalletAccessContext(walletId)) seed = WalletSeed.fromByteArray(Array.fill[Byte](64)(0)).toOption.get - seedBefore <- storage.getWalletSeed.provide(walletAccessCtx) + seedBefore <- storage.findWalletSeed.provide(walletAccessCtx) _ <- storage.setWalletSeed(seed).provide(walletAccessCtx) - seedAfter <- storage.getWalletSeed.provide(walletAccessCtx) + seedAfter <- storage.findWalletSeed.provide(walletAccessCtx) } yield assert(seedBefore)(isNone) && assert(seedAfter)(isSome(equalTo(seed))) }, @@ -69,7 +69,7 @@ object WalletSecretStorageSpec extends ZIOSpecDefault, PostgresTestContainerSupp seeds <- ZIO .foreach(wallets) { wallet => val walletAccessCtx = ZLayer.succeed(WalletAccessContext(wallet.id)) - storage.getWalletSeed.provideSomeLayer(walletAccessCtx) + storage.findWalletSeed.provideSomeLayer(walletAccessCtx) } .map(_.flatten) } yield assert(seeds.size)(equalTo(10)) && assert(seeds)(isDistinct) diff --git a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/Proof.scala b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/Proof.scala index 0ee6ffebbf..8bf6ab2086 100644 --- a/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/Proof.scala +++ b/pollux/vc-jwt/src/main/scala/org/hyperledger/identus/pollux/vc/jwt/Proof.scala @@ -2,7 +2,6 @@ package org.hyperledger.identus.pollux.vc.jwt import cats.implicits.* import com.nimbusds.jose.{JWSAlgorithm, JWSHeader, JWSObject, Payload} -import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton import com.nimbusds.jose.crypto.ECDSASigner import com.nimbusds.jwt.SignedJWT import io.circe.* @@ -104,7 +103,6 @@ object EcdsaSecp256k1Signature2019ProofGenerator { } object EddsaJcs2022ProofGenerator { - private val provider = BouncyCastleProviderSingleton.getInstance private val ed25519MultiBaseHeader: Array[Byte] = Array(-19, 1) // 0xed01 private def pkToMultiKey(pk: Ed25519PublicKey): MultiKey = {