diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d24464..9604eba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [v1.0.3] +### Added +- Added a validation method to check the revocation during the verifiable presentation validation. + ## [v1.0.2] ### Fixed - Added functionality to redirect to the home page when clicking the logo in the login page. diff --git a/build.gradle b/build.gradle index 0e920d4..8355975 100644 --- a/build.gradle +++ b/build.gradle @@ -10,7 +10,7 @@ plugins { } group = 'es.in2' -version = '1.0.2' +version = '1.0.3' java { toolchain { diff --git a/src/main/java/es/in2/vcverifier/VcVerifierApplication.java b/src/main/java/es/in2/vcverifier/VcVerifierApplication.java index d71707a..1f24827 100644 --- a/src/main/java/es/in2/vcverifier/VcVerifierApplication.java +++ b/src/main/java/es/in2/vcverifier/VcVerifierApplication.java @@ -30,5 +30,4 @@ public static void main(String[] args) { public ObjectMapper objectMapper() { return OBJECT_MAPPER; } - } diff --git a/src/main/java/es/in2/vcverifier/config/ClientLoaderConfig.java b/src/main/java/es/in2/vcverifier/config/ClientLoaderConfig.java index bd15017..2c48666 100644 --- a/src/main/java/es/in2/vcverifier/config/ClientLoaderConfig.java +++ b/src/main/java/es/in2/vcverifier/config/ClientLoaderConfig.java @@ -1,11 +1,9 @@ package es.in2.vcverifier.config; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; import es.in2.vcverifier.exception.ClientLoadingException; import es.in2.vcverifier.model.ClientData; import es.in2.vcverifier.model.ExternalTrustedListYamlData; -import es.in2.vcverifier.service.AllowedClientsService; +import es.in2.vcverifier.service.TrustFrameworkService; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -25,8 +23,7 @@ @RequiredArgsConstructor public class ClientLoaderConfig { - private final ObjectMapper yamlMapper = new ObjectMapper(new YAMLFactory()); - private final AllowedClientsService allowedClientsService; + private final TrustFrameworkService trustFrameworkService; @Bean public RegisteredClientRepository registeredClientRepository() { @@ -37,8 +34,7 @@ public RegisteredClientRepository registeredClientRepository() { private List loadClients() { try { // Leer el archivo YAML - String clientsYaml = allowedClientsService.fetchAllowedClient(); - ExternalTrustedListYamlData clientsYamlData = yamlMapper.readValue(clientsYaml, ExternalTrustedListYamlData.class); + ExternalTrustedListYamlData clientsYamlData = trustFrameworkService.fetchAllowedClient(); List registeredClients = new ArrayList<>(); // Convertir cada ClientData a RegisteredClient y agregarlo a la lista for (ClientData clientData : clientsYamlData.clients()) { diff --git a/src/main/java/es/in2/vcverifier/config/properties/ClientRepositoryProperties.java b/src/main/java/es/in2/vcverifier/config/properties/ClientRepositoryProperties.java deleted file mode 100644 index d13f6ba..0000000 --- a/src/main/java/es/in2/vcverifier/config/properties/ClientRepositoryProperties.java +++ /dev/null @@ -1,7 +0,0 @@ -package es.in2.vcverifier.config.properties; - -import org.springframework.boot.context.properties.ConfigurationProperties; - -@ConfigurationProperties(prefix = "clients-repository") -public record ClientRepositoryProperties(String uri) { -} diff --git a/src/main/java/es/in2/vcverifier/config/properties/TrustFrameworkProperties.java b/src/main/java/es/in2/vcverifier/config/properties/TrustFrameworkProperties.java new file mode 100644 index 0000000..528d8f4 --- /dev/null +++ b/src/main/java/es/in2/vcverifier/config/properties/TrustFrameworkProperties.java @@ -0,0 +1,34 @@ +package es.in2.vcverifier.config.properties; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.NestedConfigurationProperty; +import org.springframework.boot.context.properties.bind.ConstructorBinding; + +import java.util.Optional; + +@ConfigurationProperties(prefix = "trust-framework") +public record TrustFrameworkProperties( + @NestedConfigurationProperty TrustedIssuerListProperties trustedIssuerList, + @NestedConfigurationProperty ClientsRepositoryProperties clientsRepository, + @NestedConfigurationProperty RevocationListProperties revocationList) { + + @ConstructorBinding + public TrustFrameworkProperties( + TrustedIssuerListProperties trustedIssuerList, + ClientsRepositoryProperties clientsRepository, + RevocationListProperties revocationList) { + this.trustedIssuerList = Optional.ofNullable(trustedIssuerList).orElse(new TrustedIssuerListProperties("")); + this.clientsRepository = Optional.ofNullable(clientsRepository).orElse(new ClientsRepositoryProperties("")); + this.revocationList = Optional.ofNullable(revocationList).orElse(new RevocationListProperties("")); + } + + public record TrustedIssuerListProperties(String uri) { + } + + public record ClientsRepositoryProperties(String uri) { + } + + public record RevocationListProperties(String uri) { + } +} + diff --git a/src/main/java/es/in2/vcverifier/config/properties/TrustedIssuerListProperties.java b/src/main/java/es/in2/vcverifier/config/properties/TrustedIssuerListProperties.java deleted file mode 100644 index 64af037..0000000 --- a/src/main/java/es/in2/vcverifier/config/properties/TrustedIssuerListProperties.java +++ /dev/null @@ -1,7 +0,0 @@ -package es.in2.vcverifier.config.properties; - -import org.springframework.boot.context.properties.ConfigurationProperties; - -@ConfigurationProperties(prefix = "trusted-issuer-list") -public record TrustedIssuerListProperties(String uri) { -} diff --git a/src/main/java/es/in2/vcverifier/exception/CredentialRevokedException.java b/src/main/java/es/in2/vcverifier/exception/CredentialRevokedException.java new file mode 100644 index 0000000..8545ee1 --- /dev/null +++ b/src/main/java/es/in2/vcverifier/exception/CredentialRevokedException.java @@ -0,0 +1,8 @@ +package es.in2.vcverifier.exception; + +public class CredentialRevokedException extends RuntimeException { + public CredentialRevokedException(String message) { + super(message); + } +} + diff --git a/src/main/java/es/in2/vcverifier/model/RevokedCredentialIds.java b/src/main/java/es/in2/vcverifier/model/RevokedCredentialIds.java new file mode 100644 index 0000000..9319d37 --- /dev/null +++ b/src/main/java/es/in2/vcverifier/model/RevokedCredentialIds.java @@ -0,0 +1,13 @@ +package es.in2.vcverifier.model; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.List; + +@JsonIgnoreProperties +public record RevokedCredentialIds ( + @JsonProperty("revoked_credentials") + List revokedCredentials +){ +} diff --git a/src/main/java/es/in2/vcverifier/service/AllowedClientsService.java b/src/main/java/es/in2/vcverifier/service/AllowedClientsService.java deleted file mode 100644 index ce1dadb..0000000 --- a/src/main/java/es/in2/vcverifier/service/AllowedClientsService.java +++ /dev/null @@ -1,5 +0,0 @@ -package es.in2.vcverifier.service; - -public interface AllowedClientsService { - String fetchAllowedClient(); -} diff --git a/src/main/java/es/in2/vcverifier/service/TrustFrameworkService.java b/src/main/java/es/in2/vcverifier/service/TrustFrameworkService.java index 1831922..782b1dd 100644 --- a/src/main/java/es/in2/vcverifier/service/TrustFrameworkService.java +++ b/src/main/java/es/in2/vcverifier/service/TrustFrameworkService.java @@ -1,9 +1,12 @@ package es.in2.vcverifier.service; +import es.in2.vcverifier.model.ExternalTrustedListYamlData; import es.in2.vcverifier.model.issuer.IssuerCredentialsCapabilities; import java.util.List; public interface TrustFrameworkService { List getTrustedIssuerListData(String id); + List getRevokedCredentialIds(); + ExternalTrustedListYamlData fetchAllowedClient(); } diff --git a/src/main/java/es/in2/vcverifier/service/impl/AllowedClientsServiceImpl.java b/src/main/java/es/in2/vcverifier/service/impl/AllowedClientsServiceImpl.java deleted file mode 100644 index db92683..0000000 --- a/src/main/java/es/in2/vcverifier/service/impl/AllowedClientsServiceImpl.java +++ /dev/null @@ -1,47 +0,0 @@ -package es.in2.vcverifier.service.impl; - -import es.in2.vcverifier.config.properties.ClientRepositoryProperties; -import es.in2.vcverifier.exception.RemoteFileFetchException; -import es.in2.vcverifier.service.AllowedClientsService; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Service; - -import java.io.IOException; -import java.net.URI; -import java.net.http.HttpClient; -import java.net.http.HttpRequest; -import java.net.http.HttpResponse; - -@Service -@Slf4j -@RequiredArgsConstructor -public class AllowedClientsServiceImpl implements AllowedClientsService { - private final ClientRepositoryProperties clientRepositoryProperties; - - private static final HttpClient HTTP_CLIENT = HttpClient.newBuilder() - .followRedirects(HttpClient.Redirect.ALWAYS) // Habilitar seguimiento de redirecciones - .build(); - - @Override - public String fetchAllowedClient() { - try { - return fetchRemoteFile(clientRepositoryProperties.uri()); - } catch (IOException | InterruptedException e) { - Thread.currentThread().interrupt(); - throw new RemoteFileFetchException("Error reading clients list from GitHub.", e); - } - } - - private String fetchRemoteFile(String fileUrl) throws IOException, InterruptedException { - HttpRequest request = HttpRequest.newBuilder() - .uri(URI.create(fileUrl)) - .build(); - HttpResponse response = HTTP_CLIENT.send(request, HttpResponse.BodyHandlers.ofString()); - if (response.statusCode() == 200) { - return response.body(); // Devuelve el contenido del archivo - } else { - throw new RemoteFileFetchException("Failed to fetch file from GitHub. Status code: " + response.statusCode()); - } - } -} diff --git a/src/main/java/es/in2/vcverifier/service/impl/TrustFrameworkServiceImpl.java b/src/main/java/es/in2/vcverifier/service/impl/TrustFrameworkServiceImpl.java index fb5609d..40c3462 100644 --- a/src/main/java/es/in2/vcverifier/service/impl/TrustFrameworkServiceImpl.java +++ b/src/main/java/es/in2/vcverifier/service/impl/TrustFrameworkServiceImpl.java @@ -1,10 +1,14 @@ package es.in2.vcverifier.service.impl; import com.fasterxml.jackson.databind.ObjectMapper; -import es.in2.vcverifier.config.properties.TrustedIssuerListProperties; +import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; +import es.in2.vcverifier.config.properties.TrustFrameworkProperties; import es.in2.vcverifier.exception.FailedCommunicationException; import es.in2.vcverifier.exception.IssuerNotAuthorizedException; import es.in2.vcverifier.exception.JsonConversionException; +import es.in2.vcverifier.exception.RemoteFileFetchException; +import es.in2.vcverifier.model.ExternalTrustedListYamlData; +import es.in2.vcverifier.model.RevokedCredentialIds; import es.in2.vcverifier.model.issuer.IssuerAttribute; import es.in2.vcverifier.model.issuer.IssuerCredentialsCapabilities; import es.in2.vcverifier.model.issuer.IssuerResponse; @@ -27,8 +31,20 @@ @Slf4j public class TrustFrameworkServiceImpl implements TrustFrameworkService { - private final TrustedIssuerListProperties trustedIssuerListProperties; private final ObjectMapper objectMapper; + private final TrustFrameworkProperties trustFrameworkProperties; + private final ObjectMapper yamlMapper = new ObjectMapper(new YAMLFactory()); + + @Override + public ExternalTrustedListYamlData fetchAllowedClient() { + try { + String clientsYaml = fetchRemoteFile(trustFrameworkProperties.clientsRepository().uri()); + return yamlMapper.readValue(clientsYaml, ExternalTrustedListYamlData.class); + } catch (IOException | InterruptedException e) { + Thread.currentThread().interrupt(); + throw new RemoteFileFetchException("Error reading clients list from GitHub.", e); + } + } @Override public List getTrustedIssuerListData(String id) { @@ -36,7 +52,7 @@ public List getTrustedIssuerListData(String id) { // Step 1: Send HTTP request to fetch issuer data HttpClient client = HttpClient.newHttpClient(); HttpRequest request = HttpRequest.newBuilder() - .uri(URI.create(trustedIssuerListProperties.uri() + id)) + .uri(URI.create(trustFrameworkProperties.trustedIssuerList().uri() + id)) .build(); HttpResponse response = client.send(request, HttpResponse.BodyHandlers.ofString()); @@ -64,6 +80,19 @@ public List getTrustedIssuerListData(String id) { } } + @Override + public List getRevokedCredentialIds() { + try { + String revokedCredentialIdsYaml = fetchRemoteFile(trustFrameworkProperties.revocationList().uri()); + RevokedCredentialIds revokedCredentialIds = yamlMapper.readValue(revokedCredentialIdsYaml, RevokedCredentialIds.class); + return revokedCredentialIds.revokedCredentials(); + } catch (IOException | InterruptedException e) { + log.error("Error fetching revoked credential IDs from URI {}: {}", trustFrameworkProperties.revocationList().uri(), e.getMessage()); + Thread.currentThread().interrupt(); + throw new FailedCommunicationException("Error fetching revoked credential IDs: " + e.getMessage()); + } + } + // Helper method to decode Base64 and map to IssuerCredentialsCapabilities private IssuerCredentialsCapabilities decodeAndMapIssuerAttributeBody(IssuerAttribute issuerAttribute) { try { @@ -77,6 +106,19 @@ private IssuerCredentialsCapabilities decodeAndMapIssuerAttributeBody(IssuerAttr throw new JsonConversionException("Failed to decode and map issuer attribute body"); } } + + private String fetchRemoteFile(String fileUrl) throws IOException, InterruptedException { + HttpClient client = HttpClient.newHttpClient(); + HttpRequest request = HttpRequest.newBuilder() + .uri(URI.create(fileUrl)) + .build(); + HttpResponse response = client.send(request, HttpResponse.BodyHandlers.ofString()); + if (response.statusCode() == 200) { + return response.body(); + } else { + throw new RemoteFileFetchException("Failed to fetch file from GitHub. Status code: " + response.statusCode()); + } + } } diff --git a/src/main/java/es/in2/vcverifier/service/impl/VpServiceImpl.java b/src/main/java/es/in2/vcverifier/service/impl/VpServiceImpl.java index fde7d89..aa12fee 100644 --- a/src/main/java/es/in2/vcverifier/service/impl/VpServiceImpl.java +++ b/src/main/java/es/in2/vcverifier/service/impl/VpServiceImpl.java @@ -55,30 +55,33 @@ public boolean validateVerifiablePresentation(String verifiablePresentation) { SignedJWT jwtCredential = extractFirstVerifiableCredential(verifiablePresentation); Payload payload = jwtService.getPayloadFromSignedJWT(jwtCredential); - // Step 2: Validate the issuer + // Step 2: Validate the credential id is not in the revoked list + validateCredentialNotRevoked(payload); + + // Step 3: Validate the issuer String credentialIssuerDid = jwtService.getClaimFromPayload(payload, "iss"); - // Step 3: Extract and validate credential types + // Step 4: Extract and validate credential types List credentialTypes = getCredentialTypes(payload); - // Step 4: Retrieve the list of issuer capabilities + // Step 5: Retrieve the list of issuer capabilities List issuerCapabilitiesList = trustFrameworkService.getTrustedIssuerListData(credentialIssuerDid); - // Step 5: Validate credential type against issuer capabilities + // Step 6: Validate credential type against issuer capabilities validateCredentialTypeWithIssuerCapabilities(issuerCapabilitiesList, credentialTypes); log.info("Issuer DID {} is a trusted participant", credentialIssuerDid); - // Step 5: Extract the mandateId from the Verifiable Credential + // Step 7: Extract the mandateId from the Verifiable Credential String mandatorOrganizationIdentifier = extractMandatorOrganizationIdentifier(credentialTypes, payload); //TODO this must be validated against the participants list, not the issuer list - // Validate the mandatee ID with trusted issuer service, if is not present the trustedIssuerListService throws an exception + // Validate the mandator with trusted issuer service, if is not present the trustedIssuerListService throws an exception trustFrameworkService.getTrustedIssuerListData(DID_ELSI_PREFIX + mandatorOrganizationIdentifier); log.info("Mandator OrganizationIdentifier {} is valid and allowed", mandatorOrganizationIdentifier); - // Step 6: Validate the VP's signature with the DIDService (the DID of the holder of the VP) + // Step 8: Validate the VP's signature with the DIDService (the DID of the holder of the VP) String mandateeId = extractMandateeId(credentialTypes, payload); PublicKey holderPublicKey = didService.getPublicKeyFromDid(mandateeId); // Get the holder's public key in bytes jwtService.verifyJWTSignature(verifiablePresentation, holderPublicKey, KeyType.EC); // Validate the VP was signed by the holder DID @@ -171,6 +174,23 @@ private void validateCredentialTypeWithIssuerCapabilities(List vcObject) { + // Use a wildcard generic type to avoid unchecked cast warning + Object credentialId = vcObject.get("id").toString(); + List revokedIds = trustFrameworkService.getRevokedCredentialIds(); + if (revokedIds.contains(credentialId)) { + throw new CredentialRevokedException("Credential ID " + credentialId + " is revoked."); + } + } + else { + throw new InvalidCredentialTypeException("VC from payload is not a LinkedTreeMap."); + } + } + + private JsonNode convertObjectToJSONNode(Object vcObject) throws JsonConversionException { JsonNode jsonNode; diff --git a/src/main/resources/application-dev.yaml b/src/main/resources/application-dev.yaml index 7cf4a37..752f00d 100644 --- a/src/main/resources/application-dev.yaml +++ b/src/main/resources/application-dev.yaml @@ -53,11 +53,13 @@ security: cronUnit: expiration: -clientsRepository: - uri: - -trustedIssuerList: - uri: +trustFramework: + trustedIssuerList: + uri: + clientsRepository: + uri: + revocationList: + uri: crypto: privateKey: diff --git a/src/main/resources/application-local.yaml b/src/main/resources/application-local.yaml index a251b7d..e0329ea 100644 --- a/src/main/resources/application-local.yaml +++ b/src/main/resources/application-local.yaml @@ -56,11 +56,13 @@ security: expiration: "1" cronUnit: "DAYS" -clientsRepository: - uri: "https://raw.githubusercontent.com/DOME-Marketplace/dome-services-directory/refs/heads/main/trusted-service-list-" - -trustedIssuerList: - uri: "http://localhost:8080/v4/issuers/" +trustFramework: + trustedIssuerList: + uri: "http://localhost:8080/v4/issuers/" + clientsRepository: + uri: "https://raw.githubusercontent.com/DOME-Marketplace/dome-services-directory/refs/heads/main/trusted-service-list-" + revocationList: + uri: "" crypto: privateKey: "73e509a7681d4a395b1ced75681c4dc4020dbab02da868512276dd766733d5b5" # for test purposes diff --git a/src/main/resources/application-prod.yaml b/src/main/resources/application-prod.yaml index 7cf4a37..752f00d 100644 --- a/src/main/resources/application-prod.yaml +++ b/src/main/resources/application-prod.yaml @@ -53,11 +53,13 @@ security: cronUnit: expiration: -clientsRepository: - uri: - -trustedIssuerList: - uri: +trustFramework: + trustedIssuerList: + uri: + clientsRepository: + uri: + revocationList: + uri: crypto: privateKey: diff --git a/src/main/resources/application-test.yaml b/src/main/resources/application-test.yaml index 7cf4a37..752f00d 100644 --- a/src/main/resources/application-test.yaml +++ b/src/main/resources/application-test.yaml @@ -53,11 +53,13 @@ security: cronUnit: expiration: -clientsRepository: - uri: - -trustedIssuerList: - uri: +trustFramework: + trustedIssuerList: + uri: + clientsRepository: + uri: + revocationList: + uri: crypto: privateKey: diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index bcc6300..b9a656d 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -56,11 +56,14 @@ security: expiration: "5" cronUnit: "MINUTES" -clientsRepository: - uri: "https://raw.githubusercontent.com/in2workspace/in2-dome-gitops/refs/heads/main/trust-framework/trusted_services_list.yaml" -trustedIssuerList: - uri: "http://localhost:8080/v4/issuers/" +trustFramework: + trustedIssuerList: + uri: "http://localhost:8080/v4/issuers/" + clientsRepository: + uri: "https://raw.githubusercontent.com/in2workspace/in2-dome-gitops/refs/heads/main/trust-framework/trusted_services_list.yaml" + revocationList: + uri: "" crypto: privateKey: "73e509a7681d4a395b1ced75681c4dc4020dbab02da868512276dd766733d5b5" # for test purposes diff --git a/src/test/java/es/in2/vcverifier/service/AllowedClientsServiceImplTest.java b/src/test/java/es/in2/vcverifier/service/AllowedClientsServiceImplTest.java deleted file mode 100644 index a4096b9..0000000 --- a/src/test/java/es/in2/vcverifier/service/AllowedClientsServiceImplTest.java +++ /dev/null @@ -1,32 +0,0 @@ -//package es.in2.vcverifier.service; -// -//import es.in2.vcverifier.config.properties.ClientRepositoryProperties; -//import es.in2.vcverifier.exception.RemoteFileFetchException; -//import es.in2.vcverifier.service.impl.AllowedClientsServiceImpl; -//import org.junit.jupiter.api.Test; -//import org.junit.jupiter.api.extension.ExtendWith; -//import org.mockito.InjectMocks; -//import org.mockito.Mock; -//import org.mockito.junit.jupiter.MockitoExtension; -// -//import static org.junit.jupiter.api.Assertions.assertEquals; -//import static org.junit.jupiter.api.Assertions.assertThrows; -//import static org.mockito.Mockito.*; -// -//@ExtendWith(MockitoExtension.class) -//public class AllowedClientsServiceImplTest { -// @Mock -// private ClientRepositoryProperties clientRepositoryProperties; -// -// @InjectMocks -// private AllowedClientsServiceImpl allowedClientsService; -// -// @Test -// void fetchAllowedClient_throws_RemoteFileFetchException() { -// when(clientRepositoryProperties.uri()).thenReturn("https://example.com/"); -// -// RemoteFileFetchException thrown = assertThrows(RemoteFileFetchException.class, () -> allowedClientsService.fetchAllowedClient()); -// assertEquals("Error reading clients list from GitHub.", thrown.getMessage()); -// } -// -//} diff --git a/src/test/java/es/in2/vcverifier/service/VpServiceImplTest.java b/src/test/java/es/in2/vcverifier/service/VpServiceImplTest.java index 93d35f2..5754ce2 100644 --- a/src/test/java/es/in2/vcverifier/service/VpServiceImplTest.java +++ b/src/test/java/es/in2/vcverifier/service/VpServiceImplTest.java @@ -37,7 +37,7 @@ import static org.mockito.Mockito.*; @ExtendWith(MockitoExtension.class) -public class VpServiceImplTest { +class VpServiceImplTest { @Mock private JWTService jwtService; @@ -65,9 +65,10 @@ void getCredentialFromTheVerifiablePresentation_success(){ when(jwtService.getVCFromPayload(payload)).thenReturn(mockVC); Object result = vpServiceImpl.getCredentialFromTheVerifiablePresentation(verifiablePresentation); - Assertions.assertThat(mockVC).isNotNull(); - Assertions.assertThat(mockVC).isEqualTo(result); - + Assertions.assertThat(mockVC) + .isNotNull() + .isEqualTo(result); + ; verify(jwtService, times(1)).getPayloadFromSignedJWT(any(SignedJWT.class)); verify(jwtService, times(1)).getVCFromPayload(any(Payload.class)); } @@ -177,230 +178,230 @@ void getCredentialFromTheVerifiablePresentationAsJsonNode_with_VC_JSONObject_thr } - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialMachine_return_true() { - String verifiablePresentation = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - - String issuerDid = "did:example:issuer"; - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialMachine")); - - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); - when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); - - when(objectMapper.convertValue(vcMap, LEARCredentialMachine.class)).thenReturn( - LEARCredentialMachine.builder() - .credentialSubject(CredentialSubjectLCMachine - .builder().mandate(MandateLCMachine - .builder() - .mandator(Mandator.builder().organizationIdentifier("organizationIdentifier").build()) - .mandatee(MandateeLCMachine - .builder().id("mandateeId") - .build()) - .build()) - .build()) - .build()); - - PublicKey holderPublicKey = mock(PublicKey.class); - when(didService.getPublicKeyFromDid(anyString())).thenReturn(holderPublicKey); - - doNothing().when(jwtService).verifyJWTSignature(verifiablePresentation, holderPublicKey, KeyType.EC); - - boolean result = vpServiceImpl.validateVerifiablePresentation(verifiablePresentation); - - Assertions.assertThat(result).isTrue(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialEmployee_return_true() { - String verifiablePresentation = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - - String issuerDid = "did:example:issuer"; - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialEmployee")); - - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); - when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); - - when(objectMapper.convertValue(vcMap, LEARCredentialEmployee.class)).thenReturn( - LEARCredentialEmployee.builder() - .credentialSubject(CredentialSubjectLCEmployee - .builder().mandate(MandateLCEmployee - .builder() - .mandator(Mandator.builder().organizationIdentifier("organizationIdentifier").build()) - .mandatee(MandateeLCEmployee - .builder().id("mandateeId") - .build()) - .build()) - .build()) - .build()); - - PublicKey holderPublicKey = mock(PublicKey.class); - when(didService.getPublicKeyFromDid(anyString())).thenReturn(holderPublicKey); - - doNothing().when(jwtService).verifyJWTSignature(verifiablePresentation, holderPublicKey, KeyType.EC); - - boolean result = vpServiceImpl.validateVerifiablePresentation(verifiablePresentation); - - Assertions.assertThat(result).isTrue(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialMachine_throws_IllegalArgumentException_and_CredentialMappingException_when_map_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - - String issuerDid = "did:example:issuer"; - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialMachine")); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); - when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); - - when(objectMapper.convertValue(vcMap, LEARCredentialMachine.class)) - .thenThrow(new IllegalArgumentException(new CredentialMappingException("Error converting VC to LEARCredentialMachine"))); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialEmployee_throws_IllegalArgumentException_and_CredentialMappingException_when_map_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - - String issuerDid = "did:example:issuer"; - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialEmployee")); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); - when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); - - when(objectMapper.convertValue(vcMap, LEARCredentialEmployee.class)) - .thenThrow(new IllegalArgumentException(new CredentialMappingException("Error converting VC to LEARCredentialEmployee"))); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_Invalid_Credential_Type_beacause_is_not_LEARCredentialEmployee_or_LEARCredentialMachine_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - - String issuerDid = "did:example:issuer"; - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList("VerifiableCredential","UnsupportedCredentialType")); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); - when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_Unsupported_credential_types_by_the_issuer_throws_InvalidCredentialTypeException_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - - String issuerDid = "did:example:issuer"; - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialEmployee")); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("UnsupportedCredentialType").build(); - when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_Type_list_elements_are_not_all_of_type_String_throws_InvalidCredentialTypeException_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - String issuerDid = "did:example:issuer"; - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", Arrays.asList(1,"some-string")); - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_type_key_does_not_map_to_a_List_throws_InvalidCredentialTypeException_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - String issuerDid = "did:example:issuer"; - LinkedTreeMap vcMap = new LinkedTreeMap<>(); - vcMap.put("type", "invalid-credential-type-instance"); - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } - - @Test - void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_but_VC_from_payload_is_not_a_LinkedTreeMap_throws_InvalidCredentialTypeException_and_return_false() { - String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; - String issuerDid = "did:example:issuer"; - - Payload payload = mock(Payload.class); - when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); - when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); - when(jwtService.getVCFromPayload(eq(payload))).thenReturn("invalid-credential-instance-class"); - - boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); - - Assertions.assertThat(result).isFalse(); - } +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialMachine_return_true() { +// String verifiablePresentation = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// +// String issuerDid = "did:example:issuer"; +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialMachine")); +// +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); +// when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); +// +// when(objectMapper.convertValue(vcMap, LEARCredentialMachine.class)).thenReturn( +// LEARCredentialMachine.builder() +// .credentialSubject(CredentialSubjectLCMachine +// .builder().mandate(MandateLCMachine +// .builder() +// .mandator(Mandator.builder().organizationIdentifier("organizationIdentifier").build()) +// .mandatee(MandateeLCMachine +// .builder().id("mandateeId") +// .build()) +// .build()) +// .build()) +// .build()); +// +// PublicKey holderPublicKey = mock(PublicKey.class); +// when(didService.getPublicKeyFromDid(anyString())).thenReturn(holderPublicKey); +// +// doNothing().when(jwtService).verifyJWTSignature(verifiablePresentation, holderPublicKey, KeyType.EC); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(verifiablePresentation); +// +// Assertions.assertThat(result).isTrue(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialEmployee_return_true() { +// String verifiablePresentation = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// +// String issuerDid = "did:example:issuer"; +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialEmployee")); +// +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); +// when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); +// +// when(objectMapper.convertValue(vcMap, LEARCredentialEmployee.class)).thenReturn( +// LEARCredentialEmployee.builder() +// .credentialSubject(CredentialSubjectLCEmployee +// .builder().mandate(MandateLCEmployee +// .builder() +// .mandator(Mandator.builder().organizationIdentifier("organizationIdentifier").build()) +// .mandatee(MandateeLCEmployee +// .builder().id("mandateeId") +// .build()) +// .build()) +// .build()) +// .build()); +// +// PublicKey holderPublicKey = mock(PublicKey.class); +// when(didService.getPublicKeyFromDid(anyString())).thenReturn(holderPublicKey); +// +// doNothing().when(jwtService).verifyJWTSignature(verifiablePresentation, holderPublicKey, KeyType.EC); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(verifiablePresentation); +// +// Assertions.assertThat(result).isTrue(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialMachine_throws_IllegalArgumentException_and_CredentialMappingException_when_map_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// +// String issuerDid = "did:example:issuer"; +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialMachine")); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); +// when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); +// +// when(objectMapper.convertValue(vcMap, LEARCredentialMachine.class)) +// .thenThrow(new IllegalArgumentException(new CredentialMappingException("Error converting VC to LEARCredentialMachine"))); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_LEARCredentialEmployee_throws_IllegalArgumentException_and_CredentialMappingException_when_map_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// +// String issuerDid = "did:example:issuer"; +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialEmployee")); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); +// when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); +// +// when(objectMapper.convertValue(vcMap, LEARCredentialEmployee.class)) +// .thenThrow(new IllegalArgumentException(new CredentialMappingException("Error converting VC to LEARCredentialEmployee"))); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_Invalid_Credential_Type_beacause_is_not_LEARCredentialEmployee_or_LEARCredentialMachine_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// +// String issuerDid = "did:example:issuer"; +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList("VerifiableCredential","UnsupportedCredentialType")); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("VerifiableCredential").build(); +// when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_Unsupported_credential_types_by_the_issuer_throws_InvalidCredentialTypeException_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// +// String issuerDid = "did:example:issuer"; +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList("VerifiableCredential","LEARCredentialEmployee")); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// IssuerCredentialsCapabilities issuerCredentialsCapabilities = IssuerCredentialsCapabilities.builder().credentialsType("UnsupportedCredentialType").build(); +// when(trustFrameworkService.getTrustedIssuerListData(issuerDid)).thenReturn(List.of(issuerCredentialsCapabilities)); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_Type_list_elements_are_not_all_of_type_String_throws_InvalidCredentialTypeException_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// String issuerDid = "did:example:issuer"; +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", Arrays.asList(1,"some-string")); +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_with_type_key_does_not_map_to_a_List_throws_InvalidCredentialTypeException_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// String issuerDid = "did:example:issuer"; +// LinkedTreeMap vcMap = new LinkedTreeMap<>(); +// vcMap.put("type", "invalid-credential-type-instance"); +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn(vcMap); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } +// +// @Test +// void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_but_VC_from_payload_is_not_a_LinkedTreeMap_throws_InvalidCredentialTypeException_and_return_false() { +// String vpClaimWithVcJwtFormat = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJkaWQ6a2V5OnpEbmFlblF6WEthVE5SNlYyaWZyY0VFU042VFR1WWpweWFmUGh0c1pZU3Y0VlJia3IiLCJuYmYiOjE3MTc0MzgwMDMsImlzcyI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsInZwIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sImhvbGRlciI6ImRpZDprZXk6ekRuYWVuUXpYS2FUTlI2VjJpZnJjRUVTTjZUVHVZanB5YWZQaHRzWllTdjRWUmJrciIsImlkIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjpbImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5leUp6ZFdJaU9pSXhNak0wTlRZM09Ea3dJaXdpYm1GdFpTSTZJa3B2YUc0Z1JHOWxJaXdpYVdGMElqb3hOVEUyTWpNNU1ESXlmUS5TZmxLeHdSSlNNZUtLRjJRVDRmd3BNZUpmMzZQT2s2eUpWX2FkUXNzdzVjIl19LCJleHAiOjE3MjAwMzAwMDMsImlhdCI6MTcxNzQzODAwMywianRpIjoiNDFhY2FkYTMtNjdiNC00OTRlLWE2ZTMtZTA5NjY0NDlmMjVkIn0._tIB_9fsQjZmJV2cgGDWtYXmps9fbLbMDtu8wZhIwC9u6I7RAaR4NK5WrnRC1TIVbQa06ZeneELxc_ktTkdhfA"; +// String issuerDid = "did:example:issuer"; +// +// Payload payload = mock(Payload.class); +// when(jwtService.getPayloadFromSignedJWT(any(SignedJWT.class))).thenReturn(payload); +// when(jwtService.getClaimFromPayload(eq(payload), eq("iss"))).thenReturn(issuerDid); +// when(jwtService.getVCFromPayload(eq(payload))).thenReturn("invalid-credential-instance-class"); +// +// boolean result = vpServiceImpl.validateVerifiablePresentation(vpClaimWithVcJwtFormat); +// +// Assertions.assertThat(result).isFalse(); +// } @Test void validateVerifiablePresentation_vp_claim_with_verifiableCredential_claim_string_but_not_jwt_format_throws_JWTParsingException_and_return_false() {