Skip to content

Commit

Permalink
feat(config): make wallet application and paths configurable (#230)
Browse files Browse the repository at this point in the history
Refs: #226
Co-authored-by: Evelyn Gurschler <evelyn.gurschler@bmw.de>
Reviewed-by: Evelyn Gurschler <evelyn.gurschler@bmw.de>
  • Loading branch information
Phil91 and evegufy authored Aug 14, 2024
1 parent a1dd326 commit 7232f27
Show file tree
Hide file tree
Showing 10 changed files with 89 additions and 25 deletions.
5 changes: 5 additions & 0 deletions charts/ssi-credential-issuer/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,11 @@ dependencies:
| processesworker.wallet.grantType | string | `"client_credentials"` | |
| processesworker.wallet.clientId | string | `"wallet-client-id"` | Provide wallet client-id from CX IAM centralidp. |
| processesworker.wallet.clientSecret | string | `""` | Client-secret for wallet client-id. Secret-key 'wallet-client-secret'. |
| processesworker.wallet.application | string | `"catena-x-portal"` | the application set in the wallet |
| processesworker.wallet.createCredentialPath | string | `"api/v2.0.0/credentials"` | path to create a credential |
| processesworker.wallet.signCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to sign a specific credential; {0} will be replaced by the credential id |
| processesworker.wallet.getCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to get a specific credential; {0} will be replaced by the credential id |
| processesworker.wallet.revokeCredentialPath | string | `"/api/v2.0.0/credentials/{0}"` | path to revoke a specific credential; {0} will be replaced by the credential id |
| credentialExpiry.name | string | `"expiry"` | |
| credentialExpiry.image.name | string | `"docker.io/tractusx/ssi-credential-expiry-app"` | |
| credentialExpiry.image.tag | string | `""` | |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,16 @@ spec:
secretKeyRef:
name: "{{ template "issuer.secretName" . }}"
key: "credential-encryption-key0"
- name: "WALLET__WALLETAPPLICATION"
value: "{{ .Values.processesworker.wallet.application }}"
- name: "WALLET__CREATECREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.createCredentialPath }}"
- name: "WALLET__SIGNCREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.signCredentialPath }}"
- name: "WALLET__GETCREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.getCredentialPath }}"
- name: "WALLET__REVOKECREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.revokeCredentialPath }}"
- name: "SERILOG__MINIMUMLEVEL__Default"
value: "{{ .Values.processesworker.logging.default }}"
- name: "PROCESSES__IDENTITYID"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,16 @@ spec:
secretKeyRef:
name: "{{ template "issuer.secretName" . }}"
key: "credential-encryption-key0"
- name: "WALLET__WALLETAPPLICATION"
value: "{{ .Values.processesworker.wallet.application }}"
- name: "WALLET__CREATECREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.createCredentialPath }}"
- name: "WALLET__SIGNCREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.signCredentialPath }}"
- name: "WALLET__GETCREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.getCredentialPath }}"
- name: "WALLET__REVOKECREDENTIALPATH"
value: "{{ .Values.processesworker.wallet.revokeCredentialPath }}"
ports:
- name: http
containerPort: {{ .Values.portContainer }}
Expand Down
10 changes: 10 additions & 0 deletions charts/ssi-credential-issuer/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,16 @@ processesworker:
clientId: "wallet-client-id"
# -- Client-secret for wallet client-id. Secret-key 'wallet-client-secret'.
clientSecret: ""
# -- the application set in the wallet
application: "catena-x-portal"
# -- path to create a credential
createCredentialPath: "api/v2.0.0/credentials"
# -- path to sign a specific credential; {0} will be replaced by the credential id
signCredentialPath: "/api/v2.0.0/credentials/{0}"
# -- path to get a specific credential; {0} will be replaced by the credential id
getCredentialPath: "/api/v2.0.0/credentials/{0}"
# -- path to revoke a specific credential; {0} will be replaced by the credential id
revokeCredentialPath: "/api/v2.0.0/credentials/{0}"

credentialExpiry:
name: "expiry"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,19 @@ public class WalletSettings : BasicAuthSettings

[Required]
public int EncryptionConfigIndex { get; set; }

[Required]
public string WalletApplication { get; set; } = null!;

[Required]
public string CreateCredentialPath { get; set; } = null!;

[Required]
public string SignCredentialPath { get; set; } = null!;

[Required]
public string GetCredentialPath { get; set; } = null!;

[Required]
public string RevokeCredentialPath { get; set; } = null!;
}
36 changes: 15 additions & 21 deletions src/externalservices/Wallet.Service/Services/WalletService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -28,25 +28,19 @@

namespace Org.Eclipse.TractusX.SsiCredentialIssuer.Wallet.Service.Services;

public class WalletService : IWalletService
public class WalletService(IBasicAuthTokenService basicAuthTokenService, IOptions<WalletSettings> options)
: IWalletService
{
private const string NoIdErrorMessage = "Response must contain a valid id";
private static readonly JsonSerializerOptions Options = new() { PropertyNamingPolicy = JsonNamingPolicy.CamelCase };

private readonly IBasicAuthTokenService _basicAuthTokenService;
private readonly WalletSettings _settings;

public WalletService(IBasicAuthTokenService basicAuthTokenService, IOptions<WalletSettings> options)
{
_basicAuthTokenService = basicAuthTokenService;
_settings = options.Value;
}
private readonly WalletSettings _settings = options.Value;

public async Task<Guid> CreateCredential(JsonDocument payload, CancellationToken cancellationToken)
{
using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
var data = new CreateCredentialRequest("catena-x-portal", new CredentialPayload(payload));
var result = await client.PostAsJsonAsync("api/v2.0.0/credentials", data, Options, cancellationToken)
using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
var data = new CreateCredentialRequest(_settings.WalletApplication, new CredentialPayload(payload));
var result = await client.PostAsJsonAsync(_settings.CreateCredentialPath, data, Options, cancellationToken)
.CatchingIntoServiceExceptionFor("create-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
.ConfigureAwait(false);
Expand All @@ -61,9 +55,9 @@ public async Task<Guid> CreateCredential(JsonDocument payload, CancellationToken

public async Task<string> SignCredential(Guid credentialId, CancellationToken cancellationToken)
{
using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
var data = new SignCredentialRequest(new SignPayload(new SignUpdate("external", "jwt")));
var result = await client.PatchAsJsonAsync($"/api/v2.0.0/credentials/{credentialId}", data, Options, cancellationToken)
var result = await client.PatchAsJsonAsync(string.Format(_settings.SignCredentialPath, credentialId), data, Options, cancellationToken)
.CatchingIntoServiceExceptionFor("sign-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
.ConfigureAwait(false);
Expand All @@ -78,8 +72,8 @@ public async Task<string> SignCredential(Guid credentialId, CancellationToken ca

public async Task<JsonDocument> GetCredential(Guid externalCredentialId, CancellationToken cancellationToken)
{
using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
var result = await client.GetAsync($"/api/v2.0.0/credentials/{externalCredentialId}", cancellationToken)
using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
var result = await client.GetAsync(string.Format(_settings.GetCredentialPath, externalCredentialId), cancellationToken)
.CatchingIntoServiceExceptionFor("get-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
.ConfigureAwait(false);
Expand All @@ -100,9 +94,9 @@ public async Task<Guid> CreateCredentialForHolder(string holderWalletUrl, string
ClientSecret = clientSecret,
TokenAddress = $"{holderWalletUrl}/oauth/token"
};
using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(authSettings, cancellationToken);
var data = new DeriveCredentialData("catena-x-portal", new DeriveCredentialPayload(new DeriveCredential(credential)));
var result = await client.PostAsJsonAsync("/api/v2.0.0/credentials", data, Options, cancellationToken)
using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(authSettings, cancellationToken);
var data = new DeriveCredentialData(_settings.WalletApplication, new DeriveCredentialPayload(new DeriveCredential(credential)));
var result = await client.PostAsJsonAsync(_settings.CreateCredentialPath, data, Options, cancellationToken)
.CatchingIntoServiceExceptionFor("create-holder-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
.ConfigureAwait(false);
Expand All @@ -117,9 +111,9 @@ public async Task<Guid> CreateCredentialForHolder(string holderWalletUrl, string

public async Task RevokeCredentialForIssuer(Guid externalCredentialId, CancellationToken cancellationToken)
{
using var client = await _basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
using var client = await basicAuthTokenService.GetBasicAuthorizedClient<WalletService>(_settings, cancellationToken);
var data = new RevokeCredentialRequest(new RevokePayload(true));
await client.PatchAsJsonAsync($"/api/v2.0.0/credentials/{externalCredentialId}", data, Options, cancellationToken)
await client.PatchAsJsonAsync(string.Format(_settings.RevokeCredentialPath, externalCredentialId), data, Options, cancellationToken)
.CatchingIntoServiceExceptionFor("revoke-credential", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE,
async x => (false, await x.Content.ReadAsStringAsync().ConfigureAwait(ConfigureAwaitOptions.None)))
.ConfigureAwait(false);
Expand Down
7 changes: 6 additions & 1 deletion src/issuer/SsiCredentialIssuer.Service/appsettings.json
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,12 @@
"TokenAddress": "",
"BaseAddress": "",
"EncryptionConfigIndex": 0,
"EncryptionConfigs": []
"EncryptionConfigs": [],
"WalletApplication": "",
"CreateCredentialPath": "",
"SignCredentialPath": "",
"GetCredentialPath": "",
"RevokeCredentialPath": ""
},
"Credential": {
"IssuerDid": "",
Expand Down
7 changes: 6 additions & 1 deletion src/processes/Processes.Worker/appsettings.json
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,11 @@
"TokenAddress": "",
"BaseAddress": "",
"EncryptionConfigIndex": 0,
"EncryptionConfigs": []
"EncryptionConfigs": [],
"WalletApplication": "",
"CreateCredentialPath": "",
"SignCredentialPath": "",
"GetCredentialPath": "",
"RevokeCredentialPath": ""
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,12 @@ public WalletServiceTests()
ClientId = "CatenaX",
ClientSecret = "pass@Secret",
TokenAddress = "https://example.org/token",
EncryptionConfigIndex = 0
EncryptionConfigIndex = 0,
WalletApplication = "catena-x-portal",
CreateCredentialPath = "api/v2.0.0/credentials",
SignCredentialPath = "/api/v2.0.0/credentials/{0}",
GetCredentialPath = "/api/v2.0.0/credentials/{0}",
RevokeCredentialPath = "/api/v2.0.0/credentials/{0}"
});
_sut = new WalletService(_basicAuthTokenService, _options);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@
"CipherMode": "CBC",
"PaddingMode": "PKCS7"
}
]
],
"WalletApplication": "catena-x-portal",
"CreateCredentialPath": "api/v2.0.0/credentials",
"SignCredentialPath": "/api/v2.0.0/credentials/{0}",
"GetCredentialPath": "/api/v2.0.0/credentials/{0}",
"RevokeCredentialPath": "/api/v2.0.0/credentials/{0}"
}
}

0 comments on commit 7232f27

Please sign in to comment.