Create VC endpoint implementation

c9425555 · Lyuben Penkovski · fb1effb2 · c9425555 · c9425555 · c9425555
Commit c9425555 authored 1 year ago by Lyuben Penkovski
--- a/cmd/signer/main.go
+++ b/cmd/signer/main.go
@@ -65,7 +65,7 @@ func main() {
 	)
 	{
 		signerSvc = signer.New(vault, cfg.Vault.SupportedKeys, httpClient, logger)
-		healthSvc = health.New()
+		healthSvc = health.New(Version)
 	}

 	// create endpoints
@@ -112,7 +112,6 @@ func main() {
 	// read and not decoded in some other way.
 	// Can these definitions be simplified or taken out into a function for better readability?
 	{
-
 		signerServer.VerifyCredential = goasignersrv.NewVerifyCredentialHandler(
 			signerEndpoints.VerifyCredential,
 			mux,

--- a/go.sum
+++ b/go.sum
--- a/internal/service/health/service.go
+++ b/internal/service/health/service.go
 package health

-import "context"
+import (
+	"context"

-type Service struct{}
+	"gitlab.eclipse.org/eclipse/xfsc/tsa/signer/gen/health"
+)

-func New() *Service {
-	return &Service{}
+type Service struct {
+	ver string
 }

-func (s *Service) Liveness(_ context.Context) error {
-	return nil
+func New(version string) *Service {
+	return &Service{ver: version}
 }

-func (s *Service) Readiness(_ context.Context) error {
-	return nil
+func (s *Service) Liveness(_ context.Context) (*health.HealthResponse, error) {
+	return &health.HealthResponse{
+		Service: "signer",
+		Status:  "up",
+		Version: s.ver,
+	}, nil
+}
+
+func (s *Service) Readiness(_ context.Context) (*health.HealthResponse, error) {
+	return &health.HealthResponse{
+		Service: "signer",
+		Status:  "up",
+		Version: s.ver,
+	}, nil
 }
--- a/internal/service/signer/service.go
+++ b/internal/service/signer/service.go
@@ -128,7 +128,7 @@ func (s *Service) NamespaceKeys(ctx context.Context, req *signer.NamespaceKeysRe
 // VerificationMethod returns a single public key formatted as DID verification method.
 func (s *Service) VerificationMethod(ctx context.Context, req *signer.VerificationMethodRequest) (*signer.DIDVerificationMethod, error) {
 	logger := s.logger.With(
-		zap.String("operation", "getKey"),
+		zap.String("operation", "verificationMethod"),
 		zap.String("namespace", req.Namespace),
 		zap.String("key", req.Key),
 		zap.String("did", req.Did),
@@ -165,7 +165,7 @@ func (s *Service) VerificationMethod(ctx context.Context, req *signer.Verificati
 // VerificationMethods returns all public keys from Vault or OCM.
 func (s *Service) VerificationMethods(ctx context.Context, req *signer.VerificationMethodsRequest) (res []*signer.DIDVerificationMethod, err error) {
 	logger := s.logger.With(
-		zap.String("operation", "getKeys"),
+		zap.String("operation", "verificationMethods"),
 		zap.String("namespace", req.Namespace),
 		zap.String("did", req.Did),
 	)
@@ -324,6 +324,64 @@ func (s *Service) PresentationProof(ctx context.Context, req *signer.Presentatio
 	return vpWithProof, nil
 }

+// CreateCredential creates Verifiable Credential with proof from raw JSON data.
+func (s *Service) CreateCredential(ctx context.Context, req *signer.CreateCredentialRequest) (interface{}, error) {
+	logger := s.logger.With(
+		zap.String("operation", "createCredential"),
+		zap.String("namespace", req.Namespace),
+		zap.String("key", req.Key),
+		zap.String("issuer", req.Issuer),
+	)
+
+	if req.CredentialSubject == nil {
+		logger.Error("invalid or missing credential subject")
+		return nil, errors.New(errors.BadRequest, "invalid or missing credential subject")
+	}
+
+	credSubject, ok := req.CredentialSubject.(map[string]interface{})
+	if !ok || len(credSubject) == 0 {
+		logger.Error("invalid credential subject: non-empty map is expected")
+		return nil, errors.New(errors.BadRequest, "invalid credential subject: non-empty map is expected")
+	}
+
+	// add additional jsonld contexts only if they are different from the default
+	jsonldContexts := defaultJSONLDContexts
+	for _, jsonldContext := range req.Context {
+		if !containContext(defaultJSONLDContexts, jsonldContext) {
+			jsonldContexts = append(jsonldContexts, jsonldContext)
+		}
+	}
+
+	var subject verifiable.Subject
+	if subjectID, ok := credSubject["id"].(string); ok && len(subjectID) > 0 {
+		subject.ID = subjectID
+		delete(credSubject, "id")
+	}
+	subject.CustomFields = credSubject
+
+	vc := &verifiable.Credential{
+		Context: jsonldContexts,
+		Types:   []string{verifiable.VCType},
+		Issuer:  verifiable.Issuer{ID: req.Issuer},
+		Issued:  &util.TimeWrapper{Time: time.Now()},
+		Subject: subject,
+	}
+
+	err := validateCredentialSubject(vc.Subject)
+	if err != nil {
+		logger.Error("invalid credential subject", zap.Error(err))
+		return nil, errors.New(errors.BadRequest, err)
+	}
+
+	vcWithProof, err := s.addCredentialProof(ctx, req.Issuer, req.Namespace, req.Key, vc)
+	if err != nil {
+		logger.Error("error making credential proof", zap.Error(err))
+		return nil, err
+	}
+
+	return vcWithProof, nil
+}
+
 // CreatePresentation creates VP with proof from raw JSON data.
 func (s *Service) CreatePresentation(ctx context.Context, req *signer.CreatePresentationRequest) (interface{}, error) {
 	logger := s.logger.With(
@@ -595,11 +653,11 @@ func validateCredentialSubject(subject interface{}) error {
 func validateSubjectID(id string) error {
 	s := strings.Split(id, ":")
 	if len(s) < 2 {
-		return fmt.Errorf("invalid format of subject id")
+		return fmt.Errorf("invalid subject id: must be URI")
 	}

 	if len(s[0]) == 0 || len(s[1]) == 0 {
-		return fmt.Errorf("invalid format of subject id")
+		return fmt.Errorf("invalid subject id: must be URI")
 	}

 	return nil