feat: add credential proof types

.gitignore

@@ -17,6 +17,7 @@ infrastructure/local/.vault/policies
 infrastructure/local/.vault/file
 
 .fleet
+.vscode/
 
 # Test binary, built with `go test -c`
 *.test

api_ui/api.yaml

@@ -506,6 +506,10 @@ components:
         expiration:
           type: integer
           format: int64
+        signatureProof:
+          type: boolean
+        mtProof:
+          type: boolean
       example:
         credentialSchema: "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json/KYCAgeCredential-v3.json"
         type: "KYCAgeCredential"
@@ -514,6 +518,8 @@ components:
           birthday: 19960424
           documentType: 2
         expiration: 12345
+        signatureProof: true
+        mtProof: true
 
     Schema:
       type: object

internal/api/server.go

@@ -16,6 +16,7 @@ import (
 	"github.com/iden3/iden3comm/packers"
 	"github.com/iden3/iden3comm/protocol"
 
+	"github.com/polygonid/sh-id-platform/internal/common"
 	"github.com/polygonid/sh-id-platform/internal/config"
 	"github.com/polygonid/sh-id-platform/internal/core/domain"
 	"github.com/polygonid/sh-id-platform/internal/core/ports"
@@ -110,7 +111,7 @@ func (s *Server) CreateClaim(ctx context.Context, request CreateClaimRequestObje
 		return CreateClaim400JSONResponse{N400JSONResponse{Message: err.Error()}}, nil
 	}
 
-	req := ports.NewCreateClaimRequest(did, request.Body.CredentialSchema, request.Body.CredentialSubject, request.Body.Expiration, request.Body.Type, request.Body.Version, request.Body.SubjectPosition, request.Body.MerklizedRootPosition)
+	req := ports.NewCreateClaimRequest(did, request.Body.CredentialSchema, request.Body.CredentialSubject, request.Body.Expiration, request.Body.Type, request.Body.Version, request.Body.SubjectPosition, request.Body.MerklizedRootPosition, common.ToPointer(true), common.ToPointer(true))
 
 	resp, err := s.claimService.CreateClaim(ctx, req)
 	if err != nil {

internal/api/server_test.go

@@ -1326,7 +1326,7 @@ func TestServer_GetRevocationStatus(t *testing.T) {
 	expiration := int64(12345)
 
 	merklizedRootPosition := "value"
-	claim, err := claimsService.CreateClaim(context.Background(), ports.NewCreateClaimRequest(did, schema, credentialSubject, &expiration, typeC, nil, nil, &merklizedRootPosition))
+	claim, err := claimsService.CreateClaim(context.Background(), ports.NewCreateClaimRequest(did, schema, credentialSubject, &expiration, typeC, nil, nil, &merklizedRootPosition, common.ToPointer(true), common.ToPointer(true)))
 	assert.NoError(t, err)
 
 	type expected struct {

internal/api_admin/responses.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/iden3/go-schema-processor/verifiable"
 
+	"github.com/polygonid/sh-id-platform/internal/common"
 	"github.com/polygonid/sh-id-platform/internal/core/domain"
 )
 
@@ -36,10 +37,7 @@ func credentialResponse(w3c *verifiable.W3CCredential, credential *domain.Claim)
 		}
 	}
 
-	proofs := make([]string, len(w3c.Proof))
-	for i := range w3c.Proof {
-		proofs[i] = string(w3c.Proof[i].ProofType())
-	}
+	proofs := getProofs(w3c, credential)
 
 	return Credential{
 		Attributes: w3c.CredentialSubject,
@@ -55,6 +53,18 @@ func credentialResponse(w3c *verifiable.W3CCredential, credential *domain.Claim)
 	}
 }
 
+func getProofs(w3c *verifiable.W3CCredential, credential *domain.Claim) []string {
+	proofs := make([]string, 0)
+	if sp := getSigProof(w3c); sp != nil {
+		proofs = append(proofs, *sp)
+	}
+
+	if credential.MtProof {
+		proofs = append(proofs, "MTP")
+	}
+	return proofs
+}
+
 func connectionResponse(conn *domain.Connection, w3cs []*verifiable.W3CCredential, credentials []*domain.Claim) GetConnectionResponse {
 	credResp := make([]Credential, len(w3cs))
 	for i := range credentials {
@@ -71,3 +81,12 @@ func connectionResponse(conn *domain.Connection, w3cs []*verifiable.W3CCredentia
 		Credentials: credResp,
 	}
 }
+
+func getSigProof(w3c *verifiable.W3CCredential) *string {
+	for i := range w3c.Proof {
+		if string(w3c.Proof[i].ProofType()) == "BJJSignature2021" {
+			return common.ToPointer("BJJSignature2021")
+		}
+	}
+	return nil
+}

internal/api_admin/server.go

@@ -259,7 +259,11 @@ func writeFile(path string, w http.ResponseWriter) {
 
 // CreateCredential - creates a new credential
 func (s *Server) CreateCredential(ctx context.Context, request CreateCredentialRequestObject) (CreateCredentialResponseObject, error) {
-	req := ports.NewCreateClaimRequest(&s.cfg.APIUI.IssuerDID, request.Body.CredentialSchema, request.Body.CredentialSubject, request.Body.Expiration, request.Body.Type, nil, nil, nil)
+	if request.Body.SignatureProof == nil && request.Body.MtProof == nil {
+		return CreateCredential400JSONResponse{N400JSONResponse{Message: "you must to provide at least one proof type"}}, nil
+	}
+
+	req := ports.NewCreateClaimRequest(&s.cfg.APIUI.IssuerDID, request.Body.CredentialSchema, request.Body.CredentialSubject, request.Body.Expiration, request.Body.Type, nil, nil, nil, request.Body.SignatureProof, request.Body.MtProof)
 	resp, err := s.claimService.CreateClaim(ctx, req)
 	if err != nil {
 		if errors.Is(err, services.ErrJSONLdContext) {

internal/api_admin/server_test.go

@@ -22,6 +22,7 @@ import (
 	"github.com/polygonid/sh-id-platform/internal/common"
 	"github.com/polygonid/sh-id-platform/internal/config"
 	"github.com/polygonid/sh-id-platform/internal/core/domain"
+	"github.com/polygonid/sh-id-platform/internal/core/ports"
 	"github.com/polygonid/sh-id-platform/internal/core/services"
 	"github.com/polygonid/sh-id-platform/internal/db/tests"
 	"github.com/polygonid/sh-id-platform/internal/health"
@@ -651,13 +652,32 @@ func TestServer_CreateCredential(t *testing.T) {
 					"birthday":     19960424,
 					"documentType": 2,
 				},
-				Expiration: common.ToPointer(int64(12345)),
+				Expiration:     common.ToPointer(int64(12345)),
+				SignatureProof: common.ToPointer(true),
 			},
 			expected: expected{
 				response: CreateCredential201JSONResponse{},
 				httpCode: http.StatusCreated,
 			},
 		},
+		{
+			name: "Wrong request - no proof provided",
+			auth: authOk,
+			body: CreateCredentialRequest{
+				CredentialSchema: "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json/KYCAgeCredential-v3.json",
+				Type:             "KYCAgeCredential",
+				CredentialSubject: map[string]any{
+					"id":           "did:polygonid:polygon:mumbai:2qE1BZ7gcmEoP2KppvFPCZqyzyb5tK9T6Gec5HFANQ",
+					"birthday":     19960424,
+					"documentType": 2,
+				},
+				Expiration: common.ToPointer(int64(12345)),
+			},
+			expected: expected{
+				response: CreateCredential400JSONResponse{N400JSONResponse{Message: "you must to provide at least one proof type"}},
+				httpCode: http.StatusBadRequest,
+			},
+		},
 		{
 			name: "Wrong credential url",
 			auth: authOk,
@@ -669,7 +689,8 @@ func TestServer_CreateCredential(t *testing.T) {
 					"birthday":     19960424,
 					"documentType": 2,
 				},
-				Expiration: common.ToPointer(int64(12345)),
+				Expiration:     common.ToPointer(int64(12345)),
+				SignatureProof: common.ToPointer(true),
 			},
 			expected: expected{
 				response: CreateCredential400JSONResponse{N400JSONResponse{Message: "malformed url"}},
@@ -687,7 +708,8 @@ func TestServer_CreateCredential(t *testing.T) {
 					"birthday":     19960424,
 					"documentType": 2,
 				},
-				Expiration: common.ToPointer(int64(12345)),
+				Expiration:     common.ToPointer(int64(12345)),
+				SignatureProof: common.ToPointer(true),
 			},
 			expected: expected{
 				response: CreateCredential422JSONResponse{N422JSONResponse{Message: "cannot load schema"}},
@@ -857,10 +879,23 @@ func TestServer_GetCredential(t *testing.T) {
 	cfg.APIUI.IssuerDID = *did
 	server := NewServer(&cfg, NewIdentityMock(), claimsService, NewSchemaAdminMock(), connectionsService, NewPublisherMock(), NewPackageManagerMock(), nil)
 
-	fixture := tests.NewFixture(storage)
-	claim := fixture.NewClaim(t, did.String())
-	fixture.CreateClaim(t, claim)
+	credentialSubject := map[string]any{
+		"id":           "did:polygonid:polygon:mumbai:2qE1BZ7gcmEoP2KppvFPCZqyzyb5tK9T6Gec5HFANQ",
+		"birthday":     19960424,
+		"documentType": 2,
+	}
+	typeC := "KYCAgeCredential"
+
+	merklizedRootPosition := "index"
+	schema := "https://raw.githubusercontent.com/iden3/claim-schema-vocab/main/schemas/json/KYCAgeCredential-v3.json"
+	createdClaim1, err := claimsService.CreateClaim(context.Background(), ports.NewCreateClaimRequest(did, schema, credentialSubject, nil, typeC, nil, nil, &merklizedRootPosition, common.ToPointer(true), common.ToPointer(true)))
+	assert.NoError(t, err)
 
+	createdClaim2, err := claimsService.CreateClaim(context.Background(), ports.NewCreateClaimRequest(did, schema, credentialSubject, nil, typeC, nil, nil, &merklizedRootPosition, common.ToPointer(true), common.ToPointer(false)))
+	assert.NoError(t, err)
+
+	createdClaim3, err := claimsService.CreateClaim(context.Background(), ports.NewCreateClaimRequest(did, schema, credentialSubject, nil, typeC, nil, nil, &merklizedRootPosition, common.ToPointer(false), common.ToPointer(true)))
+	assert.NoError(t, err)
 	handler := getHandler(ctx, server)
 
 	type expected struct {
@@ -898,10 +933,64 @@ func TestServer_GetCredential(t *testing.T) {
 			},
 		},
 		{
-			name: "happy path",
+			name: "happy path with two proof",
+			auth: authOk,
+			request: GetCredentialRequestObject{
+				Id: createdClaim1.ID,
+			},
+			expected: expected{
+				response: Credential{
+					Attributes: map[string]interface{}{
+						"id":           "did:polygonid:polygon:mumbai:2qE1BZ7gcmEoP2KppvFPCZqyzyb5tK9T6Gec5HFANQ",
+						"birthday":     19960424,
+						"documentType": 2,
+						"type":         "KYCAgeCredential",
+					},
+					CreatedAt:  time.Now().UTC(),
+					Expired:    false,
+					ExpiresAt:  nil,
+					Id:         createdClaim1.ID,
+					ProofTypes: []string{"BJJSignature2021", "MTP"},
+					RevNonce:   uint64(createdClaim1.RevNonce),
+					Revoked:    createdClaim1.Revoked,
+					SchemaHash: createdClaim1.SchemaHash,
+					SchemaType: createdClaim1.SchemaType,
+				},
+				httpCode: http.StatusOK,
+			},
+		},
+		{
+			name: "happy path with signature proof",
+			auth: authOk,
+			request: GetCredentialRequestObject{
+				Id: createdClaim2.ID,
+			},
+			expected: expected{
+				response: Credential{
+					Attributes: map[string]interface{}{
+						"id":           "did:polygonid:polygon:mumbai:2qE1BZ7gcmEoP2KppvFPCZqyzyb5tK9T6Gec5HFANQ",
+						"birthday":     19960424,
+						"documentType": 2,
+						"type":         "KYCAgeCredential",
+					},
+					CreatedAt:  time.Now().UTC(),
+					Expired:    false,
+					ExpiresAt:  nil,
+					Id:         createdClaim2.ID,
+					ProofTypes: []string{"BJJSignature2021"},
+					RevNonce:   uint64(createdClaim2.RevNonce),
+					Revoked:    createdClaim2.Revoked,
+					SchemaHash: createdClaim2.SchemaHash,
+					SchemaType: createdClaim2.SchemaType,
+				},
+				httpCode: http.StatusOK,
+			},
+		},
+		{
+			name: "happy path with MTP proof",
 			auth: authOk,
 			request: GetCredentialRequestObject{
-				Id: claim.ID,
+				Id: createdClaim3.ID,
 			},
 			expected: expected{
 				response: Credential{
@@ -914,12 +1003,12 @@ func TestServer_GetCredential(t *testing.T) {
 					CreatedAt:  time.Now().UTC(),
 					Expired:    false,
 					ExpiresAt:  nil,
-					Id:         claim.ID,
-					ProofTypes: []string{},
-					RevNonce:   uint64(claim.RevNonce),
-					Revoked:    claim.Revoked,
-					SchemaHash: claim.SchemaHash,
-					SchemaType: claim.SchemaType,
+					Id:         createdClaim3.ID,
+					ProofTypes: []string{"MTP"},
+					RevNonce:   uint64(createdClaim3.RevNonce),
+					Revoked:    createdClaim3.Revoked,
+					SchemaHash: createdClaim3.SchemaHash,
+					SchemaType: createdClaim3.SchemaType,
 				},
 				httpCode: http.StatusOK,
 			},

internal/core/domain/claim.go

@@ -40,6 +40,8 @@ type Claim struct {
 	Status           *IdentityStatus `json:"status"`
 	CredentialStatus pgtype.JSONB    `json:"credential_status"`
 	HIndex           string          `json:"-"`
+
+	MtProof bool `json:"mt_poof"`
 }
 
 // FromClaimer TODO add description