Skip to content

Commit

Permalink
change check to mandatorOrganizationIdentifier instead mandatee and r…
Browse files Browse the repository at this point in the history 
…efactor tests
  • Loading branch information
@javieralvarezin2
javieralvarezin2 committed Oct 22, 2024
1 parent ab70f79 commit 31fc540
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 10 deletions.
31 changes: 24 additions & 7 deletions src/main/java/es/in2/vcverifier/service/impl/VpServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
import java.util.List;
import java.util.Map;

import static es.in2.vcverifier.util.Constants.DID_ELSI_PREFIX;

/**
* This class contains basic validation steps for the scope of validating a Verifiable Presentation (VP)
* that includes a LEARCredential, following the technical guidelines described in the DOME document.
Expand Down Expand Up @@ -66,17 +68,18 @@ public boolean validateVerifiablePresentation(String verifiablePresentation) {
validateCredentialTypeWithIssuerCapabilities(issuerCapabilitiesList, credentialTypes);
log.info("Issuer DID {} is a trusted participant", credentialIssuerDid);

// Step 5: Extract the mandateeId from the Verifiable Credential
String mandateeId = extractMandateeId(credentialTypes, payload);
// Step 5: Extract the mandateId from the Verifiable Credential
String mandatorOrganizationIdentifier = extractMandatorOrganizationIdentifier(credentialTypes, payload);

//TODO this must be validated against the participants list, not the issuer list

// Validate the mandatee ID with trusted issuer service, if is not present the trustedIssuerListService throws an exception
trustFrameworkService.getTrustedIssuerListData(mandateeId);
trustFrameworkService.getTrustedIssuerListData(DID_ELSI_PREFIX + mandatorOrganizationIdentifier);

log.info("Mandatee ID {} is valid and allowed", mandateeId);
log.info("Mandator OrganizationIdentifier {} is valid and allowed", mandatorOrganizationIdentifier);

// Step 6: Validate the VP's signature with the DIDService (the DID of the holder of the VP)
String mandateeId = extractMandateeId(credentialTypes, payload);
PublicKey holderPublicKey = didService.getPublicKeyFromDid(mandateeId); // Get the holder's public key in bytes
jwtService.verifyJWTSignature(verifiablePresentation, holderPublicKey, KeyType.EC); // Validate the VP was signed by the holder DID

Expand Down Expand Up @@ -124,16 +127,30 @@ private List<String> getCredentialTypes(Payload payload) {
}
}


private String extractMandateeId(List<String> credentialTypes, Payload payload) {
Object vcObject = jwtService.getVCFromPayload(payload);

if (credentialTypes.contains(LEARCredentialType.LEAR_CREDENTIAL_EMPLOYEE.getValue())) {
LEARCredentialEmployee learCredentialEmployee = mapCredentialToLEARCredentialEmployee(vcObject);
return learCredentialEmployee.credentialSubject().mandate().id();
return learCredentialEmployee.credentialSubject().mandate().mandatee().id();
} else if (credentialTypes.contains(LEARCredentialType.LEAR_CREDENTIAL_MACHINE.getValue())) {
LEARCredentialMachine learCredentialMachine = mapCredentialToLEARCredentialMachine(vcObject);
return learCredentialMachine.credentialSubject().mandate().mandatee().id();
} else {
throw new InvalidCredentialTypeException("Invalid Credential Type. LEARCredentialEmployee or LEARCredentialMachine required.");
}
}


private String extractMandatorOrganizationIdentifier(List<String> credentialTypes, Payload payload) {
Object vcObject = jwtService.getVCFromPayload(payload);

if (credentialTypes.contains(LEARCredentialType.LEAR_CREDENTIAL_EMPLOYEE.getValue())) {
LEARCredentialEmployee learCredentialEmployee = mapCredentialToLEARCredentialEmployee(vcObject);
return learCredentialEmployee.credentialSubject().mandate().mandator().organizationIdentifier();
} else if (credentialTypes.contains(LEARCredentialType.LEAR_CREDENTIAL_MACHINE.getValue())) {
LEARCredentialMachine learCredentialMachine = mapCredentialToLEARCredentialMachine(vcObject);
return learCredentialMachine.credentialSubject().mandate().id();
return learCredentialMachine.credentialSubject().mandate().mandator().organizationIdentifier();
} else {
throw new InvalidCredentialTypeException("Invalid Credential Type. LEARCredentialEmployee or LEARCredentialMachine required.");
}
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/es/in2/vcverifier/util/Constants.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ private Constants() {
public static final String RESPONSE_TYPE= "response_type";
public static final String SCOPE = "scope";
public static final String AUTHORIZATION_RESPONSE_ENDPOINT= "/oid4vp/auth-response";
public static final String DID_ELSI_PREFIX = "did:elsi:";

public static final long MSB = 0x80L;
public static final long MSBALL = 0xFFFFFF80L;

Expand Down
11 changes: 8 additions & 3 deletions src/test/java/es/in2/vcverifier/service/VpServiceImplTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import com.nimbusds.jwt.SignedJWT;
import es.in2.vcverifier.exception.CredentialMappingException;
import es.in2.vcverifier.exception.JsonConversionException;
import es.in2.vcverifier.model.credentials.Mandator;
import es.in2.vcverifier.model.credentials.employee.CredentialSubjectLCEmployee;
import es.in2.vcverifier.model.credentials.employee.LEARCredentialEmployee;
import es.in2.vcverifier.model.credentials.employee.MandateLCEmployee;
Expand Down Expand Up @@ -95,7 +96,7 @@ void getCredentialFromTheVerifiablePresentationAsJsonNode_with_VC_JSONObject_suc
}

@Test
void getCredentialFromTheVerifiablePresentationAsJsonNode_with_VC_Map_success() throws JsonProcessingException {
void getCredentialFromTheVerifiablePresentationAsJsonNode_with_VC_Map_success() {
String verifiablePresentation = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA";

Payload payload = mock(Payload.class);
Expand Down Expand Up @@ -198,7 +199,9 @@ void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_wit
LEARCredentialMachine.builder()
.credentialSubject(CredentialSubjectLCMachine
.builder().mandate(MandateLCMachine
.builder().mandatee(MandateeLCMachine
.builder()
.mandator(Mandator.builder().organizationIdentifier("organizationIdentifier").build())
.mandatee(MandateeLCMachine
.builder().id("mandateeId")
.build())
.build())
Expand Down Expand Up @@ -237,7 +240,9 @@ void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_wit
LEARCredentialEmployee.builder()
.credentialSubject(CredentialSubjectLCEmployee
.builder().mandate(MandateLCEmployee
.builder().mandatee(MandateeLCEmployee
.builder()
.mandator(Mandator.builder().organizationIdentifier("organizationIdentifier").build())
.mandatee(MandateeLCEmployee
.builder().id("mandateeId")
.build())
.build())
Expand Down

0 comments on commit 31fc540

Please sign in to comment.