feat(prism-agent): VerificationOptions are configurable for PrismAgent (

#449) * feat(prsim-agent): VerificationOptions are configuration for PrismAgent * fix the compilation issue
hyperledger · Mar 16, 2023 · ee93880 · ee93880
1 parent 0983c71
commit ee93880
Show file tree

Hide file tree

Showing 3 changed files with 67 additions and 16 deletions.
diff --git a/prism-agent/service/server/src/main/resources/application.conf b/prism-agent/service/server/src/main/resources/application.conf
@@ -91,4 +91,26 @@ agent {
         password = ${?AGENT_DB_PASSWORD}
         awaitConnectionThreads = 8
     }
+    verification {
+        options {
+            credential {
+               verifySignature = true
+               verifyDates = false
+               leeway = 0 seconds
+               verifySignature = ${?CREDENTIAL_VERIFY_SIGNATURE}
+               verifyDates = ${?CREDENTIAL_VERIFY_DATES}
+               leeway = ${?CREDENTIAL_LEEWAY}  
+            }
+            presentation {
+               verifySignature = true
+               verifyDates = false
+               verifyHoldersBinding = false
+               leeway = 0 seconds
+               verifySignature = ${?PRESENTATION_VERIFY_SIGNATURE}
+               verifyDates = ${?PRESENTATION_VERIFY_DATES}
+               verifyHoldersBinding = ${?PRESENTATION_VERIFY_HOLDER_BINDING}
+               leeway = ${?PRESENTATION_LEEWAY}  
+            }
+        }
+    }
 }
diff --git a/prism-agent/service/server/src/main/scala/io/iohk/atala/agent/server/config/AppConfig.scala b/prism-agent/service/server/src/main/scala/io/iohk/atala/agent/server/config/AppConfig.scala
@@ -3,6 +3,9 @@ package io.iohk.atala.agent.server.config
 import zio.config.*
 import zio.config.magnolia.Descriptor
 import java.time.Duration
+import io.iohk.atala.pollux.vc.jwt._
+import io.iohk.atala.pollux.vc.jwt.JwtPresentation
+import io.iohk.atala.castor.core.model.did.VerificationRelationship
 
 final case class AppConfig(
     iris: IrisConfig,
@@ -46,10 +49,46 @@ final case class DatabaseConfig(
     awaitConnectionThreads: Int
 )
 
+final case class PresentationVerificationConfig(
+    verifySignature: Boolean,
+    verifyDates: Boolean,
+    verifyHoldersBinding: Boolean,
+    leeway: Duration,
+)
+
+final case class CredentialVerificationConfig(
+    verifySignature: Boolean,
+    verifyDates: Boolean,
+    leeway: Duration,
+)
+
+final case class Options(credential: CredentialVerificationConfig, presentation: PresentationVerificationConfig)
+
+final case class VerificationConfig(options: Options) {
+  def toPresentationVerificationOptions(): JwtPresentation.PresentationVerificationOptions = {
+    JwtPresentation.PresentationVerificationOptions(
+      maybeProofPurpose = Some(VerificationRelationship.Authentication),
+      verifySignature = options.presentation.verifySignature,
+      verifyDates = options.presentation.verifyDates,
+      verifyHoldersBinding = options.presentation.verifyHoldersBinding,
+      leeway = options.presentation.leeway,
+      maybeCredentialOptions = Some(
+        CredentialVerification.CredentialVerificationOptions(
+          verifySignature = options.credential.verifySignature,
+          verifyDates = options.credential.verifyDates,
+          leeway = options.credential.leeway,
+          maybeProofPurpose = Some(VerificationRelationship.AssertionMethod)
+        )
+      )
+    )
+  }
+}
+
 final case class AgentConfig(
     httpEndpoint: HttpEndpointConfig,
     didCommServiceEndpointUrl: String,
-    database: DatabaseConfig
+    database: DatabaseConfig,
+    verification: VerificationConfig
 )
 
 final case class HttpEndpointConfig(http: HttpConfig)

diff --git a/...-agent/service/server/src/main/scala/io/iohk/atala/agent/server/jobs/BackgroundJobs.scala b/...-agent/service/server/src/main/scala/io/iohk/atala/agent/server/jobs/BackgroundJobs.scala
@@ -482,7 +482,7 @@ object BackgroundJobs {
       record: PresentationRecord
   ): URIO[
     DidOps & DIDResolver & JwtDidResolver & HttpClient & PresentationService & CredentialService & DIDService &
-      ManagedDIDService,
+      ManagedDIDService & AppConfig,
     Unit
   ] = {
     import io.iohk.atala.pollux.core.model.PresentationRecord.ProtocolState._
@@ -659,25 +659,15 @@ object BackgroundJobs {
                             JwtPresentation.validatePresentation(JWT(base64Decoded), options.domain, options.challenge)
                           case _ => Validation.unit
                       })
+                      verificationConfig <- ZIO.service[AppConfig].map(_.agent.verification)
+                      _ <- ZIO.log(s"VerificationConfig: ${verificationConfig}")
+
                       // https://www.w3.org/TR/vc-data-model/#proofs-signatures-0
                       // A proof is typically attached to a verifiable presentation for authentication purposes
                       // and to a verifiable credential as a method of assertion.
                       result <- JwtPresentation.verify(
                         JWT(base64Decoded),
-                        JwtPresentation.PresentationVerificationOptions(
-                          maybeProofPurpose = Some(VerificationRelationship.Authentication),
-                          verifySignature = true,
-                          verifyDates = false,
-                          leeway = Duration.Zero,
-                          maybeCredentialOptions = Some(
-                            CredentialVerification.CredentialVerificationOptions(
-                              verifySignature = true,
-                              verifyDates = false,
-                              leeway = Duration.Zero,
-                              maybeProofPurpose = Some(VerificationRelationship.AssertionMethod)
-                            )
-                          )
-                        )
+                        verificationConfig.toPresentationVerificationOptions()
                       )(didResolverService)(clock)
                     } yield result