Implement Verifier solution (#10)

* Update pipelines (#3) Updates project files * feature/verifier-h2m-m2m-flows (#4) * New DOME login page * New Crypto feature (generate ECKey + did:key from a Private Key) New Security Config with scaffolding for OpenID Connect * WIP in custom OpenID Connect Authorization Code Flow for Verifiable Credentials * Update info * Update did:key creation and decode New JWT service * add validation fot the auth request of the OPENID CORE * add verifiactions, and fix problem during did generation * Add conditional for H2M and M2M * Update CustomAuthorizationRequestConverter.java * Filters for security * h2m flow added qr generation page and jwt request retrival. * Added auth response logic to validate the vp * vp validation chnges * merge h2m m2m * wip: refactor ClientLoaderConfig * wip: add test * wip: add check structure * Finish JWT Claims checks * refactor didResolver implementation * adapt verifications the certificate validation signature is failing * add some tests * Update VpValidationServiceImpl.java * add some tests * Update VpValidationServiceImpl.java * wip: VP certificated input error * Vo validation * wip: VP certificated input error * change settings gradle rootproject name * wip: check vp from vp_token in assertion * fix: check vp from vp_token in assertion * New changes * solve merge conflicts * wip: Custom token * Test for generate the access token * add jwtcustomizer * wip: Custom token * return custom token * delete jwtCustomizer bean * add JWT type into header * uncomment validation * WIP: TODOs * Add logic to retrieve the token response * Delete the OAuthAuthorization after consum the request * Add TODOs checks * Add logic for verificate client in the auth code flow * Remove Controller for tests * Add new client * solve merge conflicts * getScope method * getScope method * refactor LEARCredentialMachine * add same device login * remove localhost for testing * adjust padding for qr image background * Retrieval of the trustFramework via GitHub repository * Correct error on remote url * update application profiles * add url of github repository as config variable * change application.yaml names * add info to CHANGELOG.md * delete dependency * change header image * solve pr comments * add custom exception * add custom exception handler * delete ResponseEntity response from Oid4vp controller * delete import * add exception for the CustomExceptionHandler to manage cache retrieval * refactor global exception handler * refactor Controller to RestController * rollback RestController * change client loader config implementation to external yaml config file * add interface against the trusted issuer list * add interface against the trusted issuer list and validations on vp service * solve PR comments * fix default env profile implementation * wip: logs to deployment * expose health endpoint * add management dependency * add local configs * change LEARCredentialMachine dto attributes names * fix some reference to LearCredentialMachine * fix some attributes from LearCredentialEmployee * add logs for debugging * update scope for learcredential * add logs for debugging * change scope name * fix exp access token * fix fixme * add websocket logic for redirection * update scope * remove origin retrieval from the token request * remove state validation for testing * add some tests * add some tests * add token log * add state validation on token request as optional * add CUstom Token Request Converter M2M tests * add Auth Provider Tests * add H2M Converter Tests * update scope * add Custom Error Response Handler unit tests * init CustomAuthorizationRequestConverterTest --------- Co-authored-by: Oriol Canadés <oriol.canades@in2.es> Co-authored-by: Oriol Canadés <83498869+oriolcanadesin2@users.noreply.github.com> Co-authored-by: RubenModamioGarcia <ruben.modamio@in2.es> Co-authored-by: albertrodriguezin2 <166031280+albertrodriguezin2@users.noreply.github.com> * update changelog and version * init AllowedClientsServiceImplTest * do init AllowedClientsServiceImplTest * do init VpServiceTests * wip: add some tests * wip: comment fail test * wip: refactor test * wip: increase coverage * fix(login): extract urls and make it environment variables * fix(login): comment same device frontend section * fix(login): rename uris environment variables * feat(login): improved html borders (by Roger) * wip: increase coverage * wip: increase coverage * wip: increase coverage * add test * wip: increase coverage * wip: increase coverage * refactor tir list implementation * refactor tests * comment test * sonar exclusions * sonar exclusions * Review * Review * Review * Review * change check to mandate instead mandatee * change check to mandatorOrganizationIdentifier instead mandatee and refactor tests * fix register link * update CHANGELOG.md and build.gradle * - Added functionality to redirect to the home page when clicking the logo in the login page. - Added a timeout that redirects to the home page when the QR code expires in the login page. * rename property * rename property * Added a validation method to check the revocation during the verifiable presentation validation. * Added a validation method to check the revocation during the verifiable presentation validation. * Update pipelines * Update pipelines * Update Changelog --------- Co-authored-by: javieralvarezin2 <145534842+javieralvarezin2@users.noreply.github.com> Co-authored-by: Oriol Canadés <83498869+oriolcanadesin2@users.noreply.github.com> Co-authored-by: RubenModamioGarcia <ruben.modamio@in2.es> Co-authored-by: albertrodriguezin2 <166031280+albertrodriguezin2@users.noreply.github.com> Co-authored-by: javieralvarezin2 <javier.alvarez@in2.es> Co-authored-by: Albert Rodríguez <albert.rodriguez@in2.es>
in2workspace · Nov 11, 2024 · decfd54 · decfd54
1 parent ae97736
commit decfd54
Show file tree

Hide file tree

Showing 128 changed files with 8,170 additions and 44 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,34 +4,56 @@ on:
     branches:
       - main
   pull_request:
+    branches:
+      - main
     types: [opened, synchronize, reopened]
+
 jobs:
   build:
     name: Build and analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
-          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0
+
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 17
-          distribution: 'zulu' # Alternative distribution options are available
+          distribution: 'zulu'
+
       - name: Make Gradlew Executable
         run: chmod +x ./gradlew
+
+      - name: Check for existing release tag (only on PR)
+        if: github.event_name == 'pull_request'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          VERSION=$(./gradlew -q printVersion)
+          TAG_EXISTS=$(curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/${{ github.repository }}/releases | jq -r ".[] | select(.tag_name == \"v$VERSION\") | .tag_name")
+          if [ "$TAG_EXISTS" == "v$VERSION" ]; then
+            echo "Release tag v$VERSION already exists. Rejecting PR."
+            exit 1
+          else
+            echo "No existing release with tag v$VERSION found. Proceeding with build."
+          fi
+
       - name: Cache SonarCloud packages
         uses: actions/cache@v3
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
+
       - name: Cache Gradle packages
         uses: actions/cache@v3
         with:
           path: ~/.gradle/caches
           key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
           restore-keys: ${{ runner.os }}-gradle
+
       - name: Build and analyze
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,95 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+    types: [opened, synchronize, reopened]
+
+permissions:
+  contents: write
+
+jobs:
+  release-snapshot:
+    if: github.event_name == 'pull_request'
+    name: release-snapshot
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'adopt'
+          java-version: '17'
+
+      - name: Make Gradlew Executable
+        run: chmod +x ./gradlew
+
+      - name: Get Project Version
+        id: get_version
+        run: echo "VERSION=$(./gradlew -q printVersion)" >> $GITHUB_ENV
+
+      - name: Build and Push docker image
+        run: |
+          ./gradlew printProjectName
+          PROJECT_NAME=$(./gradlew -q printProjectName)
+          IMAGE_TAG="$PROJECT_NAME:v$VERSION$SUFFIX"
+          docker build --file Dockerfile --build-arg SKIP_TESTS=true --tag $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG .
+          echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
+          docker push $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG
+        env:
+          VERSION: ${{ env.VERSION }}
+          SUFFIX: -snapshot
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+          DOCKER_HUB_CLIENT_NAME: in2workspace
+
+  release:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    name: release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'adopt'
+          java-version: '17'
+
+      - name: Make Gradlew Executable
+        run: chmod +x ./gradlew
+
+      - name: Get Project Version
+        id: get_version
+        run: echo "VERSION=$(./gradlew -q printVersion)" >> $GITHUB_ENV
+
+      - name: Build and Push docker image
+        run: |
+          ./gradlew printProjectName
+          PROJECT_NAME=$(./gradlew -q printProjectName)
+          IMAGE_TAG="$PROJECT_NAME:v$VERSION"
+          docker build --file Dockerfile --build-arg SKIP_TESTS=true --tag $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG .
+          echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
+          docker push $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG
+        env:
+          VERSION: ${{ env.VERSION }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+          DOCKER_HUB_CLIENT_NAME: in2workspace
+
+      - name: Create GitHub Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: "v${{ env.VERSION }}"
+          release_name: "v${{ env.VERSION }}"
+          body: "Release of version v${{ env.VERSION }}"
+          draft: false
+          prerelease: false
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,5 +4,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Pre-release](https://github.com/in2workspace/in2-vc-verifier/releases/tag/v0.1.0): v0.1.0
-- Project scafoldings and setup
+## [v1.0.3](https://github.com/in2workspace/in2-verifier-api/releases/tag/v1.0.3)
+### Added
+- Support for OpenID Connect.
+  - Support Authentication using the Authorization Code Flow.
+  - Support Claims with Requesting Claims using Scope Values (openid learcredential)
+  - Support Passing Request Parameters as JWTs (Passing a Request Object by Reference).
+  - Support Client Authentication method with Private Key JWT.
+  - Support for P-256 ECDSA keys for Signing.
+- Support for OpenID for Verifiable Presentations (OID4VP).
+  - Implement VP Proof of Possession verification.
+  - Implement Issuers, Participants and Services verification against the DOME Trust Framework.
+  - Implement VC verification against the DOME Revoked Credentials List.
+- Implement DOME Human-To-Machine (H2M) authentication.
+  - Implement Login page with QR code.
+- Implement DOME Machine-To-Machine (M2M) authentication.
+- Integrate with the DOME Trust Framework.
+
+### Fixed
+- Fix the issue with Login page not showing Wallet URL.
+- Fix the issue with Login page not valid Registration URL.
+- Fix the issue with Login page not redirecting to the Relying Party after expiration of the QR code.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -27,9 +27,9 @@ Pull requests are the best way to propose changes to the codebase. We actively w
 
 As we want your work to be as open and accessible as others in the project.
 
-## Report bugs using GitHub's [Issues](https://github.com/in2workspace/in2-vc-verifier/issues)
+## Report bugs using GitHub's [Issues](https://github.com/in2workspace/in2-verifier-api/issues)
 
-We use GitHub issues to track public bugs. Report a bug by [opening a new issue](https://github.com/in2workspace/in2-vc-verifier/issues/new); it's that easy!
+We use GitHub issues to track public bugs. Report a bug by [opening a new issue](https://github.com/in2workspace/in2-verifier-api/issues/new); it's that easy!
 
 ## Write Bug Reports With Detail, Background, and Sample Code
 

diff --git a/README.md b/README.md
@@ -1,22 +1,33 @@
 <div align="center">
-
-  <h1>VC Verifier</h1>
+  <h1>IN2 Verifier API</h1>
   <span>by </span><a href="https://in2.es">in2.es</a>
-
   <p><p>
-
-  [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=alert_status)](https://sonarcloud.io/dashboard?id=in2workspace_in2-vc-verifier)
-
-  [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=bugs)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-vc-verifier)
-  [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=in2workspace_in2-vc-verifier)
-  [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=security_rating)](https://sonarcloud.io/dashboard?id=in2workspace_in2-vc-verifier)
-  [![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-vc-verifier)
-  [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=ncloc)](https://sonarcloud.io/dashboard?id=in2workspace_in2-vc-verifier)
-
-  [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=coverage)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-vc-verifier)
-  [![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-vc-verifier)
-  [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=in2workspace_in2-vc-verifier)
-  [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=in2workspace_in2-vc-verifier)
-  [![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-vc-verifier&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-vc-verifier)
 
+  [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=alert_status)](https://sonarcloud.io/dashboard?id=in2workspace_in2-verifier-api)
+
+  [![Bugs](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=bugs)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-verifier-api)
+  [![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=in2workspace_in2-verifier-api)
+  [![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=security_rating)](https://sonarcloud.io/dashboard?id=in2workspace_in2-verifier-api)
+  [![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=code_smells)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-verifier-api)
+  [![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=ncloc)](https://sonarcloud.io/dashboard?id=in2workspace_in2-verifier-api)
+
+  [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=coverage)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-verifier-api)
+  [![Duplicated Lines (%)](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=duplicated_lines_density)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-verifier-api)
+  [![Reliability Rating](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=reliability_rating)](https://sonarcloud.io/dashboard?id=in2workspace_in2-verifier-api)
+  [![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=sqale_rating)](https://sonarcloud.io/dashboard?id=in2workspace_in2-verifier-api)
+  [![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=in2workspace_in2-verifier-api&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=in2workspace_in2-verifier-api)
 </div>
+
+# Introduction
+
+Spring Authorization Server is a framework that provides implementations of the OAuth 2.1 and OpenID Connect 1.0 specifications and other related specifications. 
+It is built on top of Spring Security to provide a secure, light-weight, 
+and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products.
+
+# Testing
+
+We test the first call by sending a GET request to the '/oauth2/authorize' endpoint.
+
+```text
+http://localhost:9000/oauth2/authorize?response_type=code&client_id=did:key:wejkdew87fwhef9833f4&request_uri=https://dome-marketplace.org/api/v1/request.jwt%23GkurKxf5T0Y-mnPFCHqWOMiZi4VS138cQO_V7PZHAdM&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj
+```
diff --git a/build.gradle b/build.gradle
@@ -10,7 +10,7 @@ plugins {
 }
 
 group = 'es.in2'
-version = '0.1.0'
+version = '1.0.3'
 
 java {
 	toolchain {
@@ -41,24 +41,44 @@ checkstyleTest {
 
 sonar {
 	properties {
-		property "sonar.projectName", "VC Verifier"
-		property "sonar.projectKey", "in2workspace_in2-vc-verifier"
+		property "sonar.projectName", "IN2 Verifier API"
+		property "sonar.projectKey", "in2workspace_in2-verifier-api"
 		property "sonar.organization", "in2workspace"
 		property "sonar.host.url", "https://sonarcloud.io"
+		property 'sonar.coverage.exclusions',
+				"src/main/java/es/in2/vcverifier/VcVerifierApplication.java, " +
+						"src/main/java/es/in2/vcverifier/service/impl/ClientAssertionValidationServiceImpl.java, " +
+						"src/main/java/es/in2/vcverifier/security/filters/CustomAuthorizationRequestConverter.java, " +
+						"src/main/java/es/in2/vcverifier/service/impl/TrustFrameworkServiceImpl.java, "
 	}
 }
 
 repositories {
 	mavenCentral()
+	maven { url "https://jitpack.io" }
 }
 
 dependencies {
 	// Starters
-	implementation 'org.springframework.boot:spring-boot-starter-web'
+	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 	implementation 'org.springframework.boot:spring-boot-starter-oauth2-authorization-server'
+	implementation 'org.springframework.boot:spring-boot-starter-validation'
+	implementation 'org.springframework.boot:spring-boot-starter-actuator'
+	// Cryptography
+	implementation 'com.nimbusds:nimbus-jose-jwt:9.40'
+	implementation 'org.bitcoinj:bitcoinj-core:0.17-alpha5'
+	implementation 'io.github.novacrypto:Base58:2022.01.17'
+	//Jackson
+	implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.2'
+	// JSON
+	implementation 'org.json:json:20230227'
+	// QR GENERATOR
+	implementation 'com.github.kenglxn.QRGen:javase:3.0.1'
 	// DevTools
 	compileOnly 'org.projectlombok:lombok'
 	annotationProcessor 'org.projectlombok:lombok'
+	// Websocket
+	implementation 'org.springframework.boot:spring-boot-starter-websocket'
 	// Testing
 	testImplementation 'org.springframework.boot:spring-boot-starter-test'
 	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
@@ -99,4 +119,11 @@ tasks.jacocoTestReport {
 		csv.required.set(false)
 		html.outputLocation.set(layout.buildDirectory.dir("jacocoHtml"))
 	}
+	classDirectories.setFrom(files(classDirectories.files.collect {
+		fileTree(dir: it, exclude: [
+				"**/AuthorizationResponseProcessorServiceImpl.class",
+				"**/CustomAuthorizationRequestConverter.class",
+				"**/TrustFrameworkServiceImpl.class",
+		])
+	}))
 }
diff --git a/settings.gradle b/settings.gradle
@@ -1 +1 @@
-rootProject.name = 'vcverifier'
+rootProject.name = 'in2-verifier-api'
diff --git a/src/main/java/es/in2/vcverifier/VcVerifierApplication.java b/src/main/java/es/in2/vcverifier/VcVerifierApplication.java
@@ -1,13 +1,33 @@
 package es.in2.vcverifier;
 
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.MapperFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.json.JsonMapper;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
 
 @SpringBootApplication
+@EnableConfigurationProperties
+@ConfigurationPropertiesScan
 public class VcVerifierApplication {
 
+    private static final ObjectMapper OBJECT_MAPPER =
+            JsonMapper.builder()
+                    .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false)
+                    .configure(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY, true)
+                    .serializationInclusion(JsonInclude.Include.NON_NULL)
+                    .build();
     public static void main(String[] args) {
         SpringApplication.run(VcVerifierApplication.class, args);
     }
 
+    @Bean
+    public ObjectMapper objectMapper() {
+        return OBJECT_MAPPER;
+    }
 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		rootProject.name = 'vcverifier'
		rootProject.name = 'in2-verifier-api'