Merge branch '37-regofunc-issuer-did' into 'main'

Rego extension function to retrieve organization DID (issuer of proofs)

Closes #37

See merge request !29

README.md

@@ -30,7 +30,7 @@ flowchart LR
 The policy service exposes HTTP endpoints to evaluate/execute policies.
 The endpoint interface is conformant to the TSA requirements document.
 
-To evaluate a policy a POST request is sent to the evaluation URL.
+To evaluate a policy a GET or POST request is sent to the evaluation URL.
 The example URL below is given for the local docker-compose environment. 
 The `host` and `port` parts will be different for the different environments.
 
@@ -48,10 +48,11 @@ are also important during policy development (see below) as `group`
 and `policy` **must** be used as package name inside the policy 
 source code file.
 
-The body of the POST request **must** be JSON and it is passed directly
-to the policy execution runtime. Inside the policy it is accessed with
-the global variable name `input`. For example, if you pass to the evaluation
-endpoint the following JSON, it will be accessible by `input.message`:
+The body of the POST request can be empty, but if it's not empty, it 
+**must** be JSON. It is passed directly to the policy execution runtime. 
+Inside the policy it is accessed with the global variable name `input`. 
+For example, if you pass to the evaluation endpoint the following JSON, 
+it will be accessible by `input.message`:
 ```json
 {
   "message": "hello world"

cmd/policy/main.go

@@ -90,7 +90,8 @@ func main() {
 		regofunc.Register("taskListCreate", rego.Function2(taskFuncs.CreateTaskListFunc()))
 		regofunc.Register("getKey", rego.Function1(keysFuncs.GetKeyFunc()))
 		regofunc.Register("getAllKeys", rego.FunctionDyn(keysFuncs.GetAllKeysFunc()))
-		regofunc.Register("strictBuiltinErrors", rego.StrictBuiltinErrors(true))
+		regofunc.Register("getAllKeys", rego.FunctionDyn(keysFuncs.GetAllKeysFunc()))
+		regofunc.Register("issuer", rego.FunctionDyn(keysFuncs.IssuerDID()))
 	}
 
 	// subscribe the cache for policy data changes

internal/regofunc/pubkeys.go

@@ -103,3 +103,39 @@ func (pf *PubkeyFuncs) GetAllKeysFunc() (*rego.Function, rego.BuiltinDyn) {
 			return ast.NewTerm(v), nil
 		}
 }
+
+func (pf *PubkeyFuncs) IssuerDID() (*rego.Function, rego.BuiltinDyn) {
+	return &rego.Function{
+			Name:    "issuer",
+			Decl:    types.NewFunction(nil, types.A),
+			Memoize: true,
+		},
+		func(bctx rego.BuiltinContext, terms []*ast.Term) (*ast.Term, error) {
+			uri, err := url.ParseRequestURI(pf.signerAddr + "/v1/issuerDID")
+			if err != nil {
+				return nil, err
+			}
+
+			req, err := http.NewRequest("GET", uri.String(), nil)
+			if err != nil {
+				return nil, err
+			}
+
+			resp, err := pf.httpClient.Do(req.WithContext(bctx.Context))
+			if err != nil {
+				return nil, err
+			}
+			defer resp.Body.Close() // nolint:errcheck
+
+			if resp.StatusCode != http.StatusOK {
+				return nil, fmt.Errorf("unexpected response from signer: %s", resp.Status)
+			}
+
+			v, err := ast.ValueFromReader(resp.Body)
+			if err != nil {
+				return nil, err
+			}
+
+			return ast.NewTerm(v), nil
+		}
+}

internal/regofunc/pubkeys_test.go

@@ -75,3 +75,24 @@ func TestGetAllKeysFunc(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, expected, string(resultBytes))
 }
+
+func TestIssuerDID(t *testing.T) {
+	expected := `{"did":"did:web:123"}`
+	signerSrv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		_, _ = fmt.Fprint(w, expected)
+	}))
+	defer signerSrv.Close()
+
+	keysFuncs := regofunc.NewPubkeyFuncs(signerSrv.URL, http.DefaultClient)
+	r := rego.New(
+		rego.Query(`issuer()`),
+		rego.FunctionDyn(keysFuncs.IssuerDID()),
+		rego.StrictBuiltinErrors(true),
+	)
+	resultSet, err := r.Eval(context.Background())
+	assert.NoError(t, err)
+
+	resultBytes, err := json.Marshal(resultSet[0].Expressions[0].Value)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, string(resultBytes))
+}