hyperledger · patlo-iog · Jul 1, 2024 · Jul 1, 2024 · Jul 1, 2024
@@ -731,10 +731,18 @@ lazy val polluxCore = project
     name := "pollux-core",
     libraryDependencies ++= D_Pollux.coreDependencies
   )
-  .dependsOn(shared)
-  .dependsOn(agentWalletAPI)
-  .dependsOn(polluxVcJWT)
-  .dependsOn(vc, resolver, agentDidcommx, eventNotification, polluxAnoncreds, polluxSDJWT)
+  .dependsOn(
+    shared,
+    castorCore % "compile->compile;test->test", // Test is for MockDIDService
+    agentWalletAPI % "compile->compile;test->test", // Test is for MockManagedDIDService
+    vc,
+    resolver,
+    agentDidcommx,
+    eventNotification,
+    polluxAnoncreds,
+    polluxVcJWT,
+    polluxSDJWT,
+  )
 
 lazy val polluxDoobie = project
   .in(file("pollux/sql-doobie"))
@@ -864,17 +872,16 @@ lazy val cloudAgentServer = project
   .enablePlugins(BuildInfoPlugin)
   .dependsOn(agentWalletAPI % "compile->compile;test->test")
   .dependsOn(
+    sharedTest % "test->test",
     agent,
-    polluxCore,
+    polluxCore % "compile->compile;test->test",
     polluxDoobie,
     polluxAnoncreds,
-    connectCore,
+    connectCore % "compile->compile;test->test", // Test is for MockConnectionService
     connectDoobie,
     castorCore,
-    eventNotification
+    eventNotification,
   )
-  .dependsOn(sharedTest % "test->test")
-  .dependsOn(polluxCore % "compile->compile;test->test")
 
 // ############################
 // ####  Release process  #####

@@ -2,5 +2,7 @@ package.json
 docs
 
 # ignore broken files
+models/CredentialRequest.ts
+models/Proof2.ts
 models/Service.ts
 models/UpdateManagedDIDServiceAction.ts
@@ -0,0 +1,78 @@
+/**
+ * Identus Cloud Agent API Reference
+ *  The Identus Cloud Agent API facilitates the integration and management of self-sovereign identity capabilities within applications. It supports DID (Decentralized Identifiers) management, verifiable credential exchange, and secure messaging based on DIDComm standards. The API is designed to be interoperable with various blockchain and DLT (Distributed Ledger Technology) platforms, ensuring wide compatibility and flexibility. Key features include connection management, credential issuance and verification, and secure, privacy-preserving communication between entities. Additional information and the full list of capabilities can be found in the [Open Enterprise Agent documentation](https://docs.atalaprism.io/docs/category/prism-cloud-agent) 
+ *
+ * OpenAPI spec version: 1.37.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { AnoncredsCredentialRequest } from '../models/AnoncredsCredentialRequest';
+import { CredentialDefinition } from '../models/CredentialDefinition';
+import { CredentialFormat } from '../models/CredentialFormat';
+import { CredentialResponseEncryption } from '../models/CredentialResponseEncryption';
+import { JwtCredentialRequest } from '../models/JwtCredentialRequest';
+import { Proof2 } from '../models/Proof2';
+import { HttpFile } from '../http/http';
+
+export class CredentialRequest {
+    'format': CredentialFormat;
+    'proof'?: Proof2;
+    'credentialIdentifier'?: string;
+    'credentialResponseEncryption'?: CredentialResponseEncryption;
+    'credentialDefinition'?: CredentialDefinition;
+    'anoncreds': string;
+
+    static readonly discriminator: string | undefined = "format";
+
+    static readonly attributeTypeMap: Array<{name: string, baseName: string, type: string, format: string}> = [
+        {
+            "name": "format",
+            "baseName": "format",
+            "type": "CredentialFormat",
+            "format": ""
+        },
+        {
+            "name": "proof",
+            "baseName": "proof",
+            "type": "Proof2",
+            "format": ""
+        },
+        {
+            "name": "credentialIdentifier",
+            "baseName": "credential_identifier",
+            "type": "string",
+            "format": ""
+        },
+        {
+            "name": "credentialResponseEncryption",
+            "baseName": "credential_response_encryption",
+            "type": "CredentialResponseEncryption",
+            "format": ""
+        },
+        {
+            "name": "credentialDefinition",
+            "baseName": "credential_definition",
+            "type": "CredentialDefinition",
+            "format": ""
+        },
+        {
+            "name": "anoncreds",
+            "baseName": "anoncreds",
+            "type": "string",
+            "format": ""
+        }    ];
+
+    static getAttributeTypeMap() {
+        return CredentialRequest.attributeTypeMap;
+    }
+
+    public constructor() {
+    }
+}
+
+
+
@@ -0,0 +1,62 @@
+/**
+ * Identus Cloud Agent API Reference
+ *  The Identus Cloud Agent API facilitates the integration and management of self-sovereign identity capabilities within applications. It supports DID (Decentralized Identifiers) management, verifiable credential exchange, and secure messaging based on DIDComm standards. The API is designed to be interoperable with various blockchain and DLT (Distributed Ledger Technology) platforms, ensuring wide compatibility and flexibility. Key features include connection management, credential issuance and verification, and secure, privacy-preserving communication between entities. Additional information and the full list of capabilities can be found in the [Open Enterprise Agent documentation](https://docs.atalaprism.io/docs/category/prism-cloud-agent) 
+ *
+ * OpenAPI spec version: 1.37.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+import { CwtProof } from '../models/CwtProof';
+import { JwtProof } from '../models/JwtProof';
+import { LdpProof } from '../models/LdpProof';
+import { ProofType } from '../models/ProofType';
+import { HttpFile } from '../http/http';
+
+export class Proof2 {
+    'proofType': ProofType;
+    'cwt': string;
+    'jwt': string;
+    'vp': string;
+
+    static readonly discriminator: string | undefined = "proofType";
+
+    static readonly attributeTypeMap: Array<{name: string, baseName: string, type: string, format: string}> = [
+        {
+            "name": "proofType",
+            "baseName": "proof_type",
+            "type": "ProofType",
+            "format": ""
+        },
+        {
+            "name": "cwt",
+            "baseName": "cwt",
+            "type": "string",
+            "format": ""
+        },
+        {
+            "name": "jwt",
+            "baseName": "jwt",
+            "type": "string",
+            "format": ""
+        },
+        {
+            "name": "vp",
+            "baseName": "vp",
+            "type": "string",
+            "format": ""
+        }    ];
+
+    static getAttributeTypeMap() {
+        return Proof2.attributeTypeMap;
+    }
+
+    public constructor() {
+    }
+}
+
+
+
@@ -33,7 +33,7 @@ dependencies {
     testImplementation("io.ktor:ktor-server-netty:2.3.0")
     testImplementation("io.ktor:ktor-client-apache:2.3.0")
     // RestAPI client
-    testImplementation("org.hyperledger.identus:cloud-agent-client-kotlin:1.36.1")
+    testImplementation("org.hyperledger.identus:cloud-agent-client-kotlin:1.37.0")
     // Test helpers library
     testImplementation("io.iohk.atala:atala-automation:0.4.0")
     // Hoplite for configuration

@@ -10,4 +10,5 @@ data class Role(
     val authHeader: String = "apikey",
     val webhook: Webhook?,
     val agentRole: AgentRole?,
+    val oid4vciAuthServer: URL?,
 )
@@ -18,10 +18,11 @@ data class Keycloak(
     @ConfigAlias("client_id") val clientId: String = "prism-agent",
     @ConfigAlias("client_secret") val clientSecret: String = "prism-agent-demo-secret",
     @ConfigAlias("keep_running") override val keepRunning: Boolean = false,
+    @ConfigAlias("compose_file") val keycloakComposeFile: String = "src/test/resources/containers/keycloak.yml",
+    @ConfigAlias("extra_envs") val extraEnvs: Map<String, String> = emptyMap(),
 ) : ServiceBase() {
     private val logger = Logger.get<Keycloak>()
-    private val keycloakComposeFile = "src/test/resources/containers/keycloak.yml"
-    private val keycloakEnvConfig: Map<String, String> = mapOf(
+    private val keycloakEnvConfig: Map<String, String> = extraEnvs + mapOf(
         "KEYCLOAK_HTTP_PORT" to httpPort.toString(),
     )
     override val logServices: List<String> = listOf("keycloak")

@@ -5,5 +5,6 @@ import com.sksamuel.hoplite.ConfigAlias
 data class Service(
     @ConfigAlias("prism_node") val prismNode: VerifiableDataRegistry?,
     val keycloak: Keycloak?,
+    @ConfigAlias("keycloak_oid4vci") val keycloakOid4vci: Keycloak,
     val vault: Vault?,
 )
@@ -4,8 +4,7 @@ import abilities.ListenToEvents
 import com.sksamuel.hoplite.ConfigException
 import com.sksamuel.hoplite.ConfigLoader
 import common.TestConstants
-import config.AgentRole
-import config.Config
+import config.*
 import io.cucumber.java.AfterAll
 import io.cucumber.java.BeforeAll
 import io.restassured.RestAssured
@@ -35,6 +34,7 @@ object Setup {
      */
     fun initServices() {
         config.services?.keycloak?.setUsers(config.roles)?.start()
+        config.services?.keycloakOid4vci?.setUsers(config.roles.filter { it.name == "Holder" })?.start()
         config.services?.prismNode?.start()
         config.services?.vault?.start()
         config.agents?.forEach {
@@ -100,7 +100,10 @@ object Setup {
             config.roles.forEach { role ->
                 val actor = cast.actorNamed(role.name)
                 try {
-                    actor.remember("BEARER_TOKEN", config.services.keycloak.getKeycloakAuthToken(actor.name, actor.name))
+                    actor.remember(
+                        "BEARER_TOKEN",
+                        config.services.keycloak.getKeycloakAuthToken(actor.name, actor.name),
+                    )
                 } catch (e: NullPointerException) {
                     throw ConfigException("Keycloak is configured, but no token found for user ${actor.name}!")
                 }
@@ -126,6 +129,14 @@ object Setup {
             }
             actor.remember("baseUrl", role.url.toExternalForm())
         }
+        if (config.services?.keycloakOid4vci != null) {
+            val role = config.roles.find { it.name == "Issuer" } ?: throw ConfigException("Issuer role does not exist")
+            val url = role.oid4vciAuthServer ?: throw ConfigException("Issuer's oid4vci_auth_server must be provided")
+            val actor = cast.actorNamed(role.name)
+            actor.remember("OID4VCI_AUTH_SERVER_URL", url.toExternalForm())
+            actor.remember("OID4VCI_AUTH_SERVER_CLIENT_ID", config.services.keycloakOid4vci.clientId)
+            actor.remember("OID4VCI_AUTH_SERVER_CLIENT_SECRET", config.services.keycloakOid4vci.clientSecret)
+        }
         OnStage.setTheStage(cast)
     }
 

@@ -0,0 +1,75 @@
+package steps.oid4vci
+
+import common.CredentialSchema
+import interactions.*
+import io.cucumber.java.en.*
+import io.iohk.atala.automation.extensions.get
+import io.iohk.atala.automation.serenity.ensure.Ensure
+import net.serenitybdd.rest.SerenityRest
+import net.serenitybdd.screenplay.Actor
+import org.apache.http.HttpStatus
+import org.hyperledger.identus.client.models.*
+
+class ManageCredentialConfigSteps {
+    @Given("{actor} has {string} credential configuration created from {}")
+    fun issuerHasExistingCredentialConfig(issuer: Actor, configurationId: String, schema: CredentialSchema) {
+        ManageIssuerSteps().issuerHasExistingCredentialIssuer(issuer)
+        issuerCreateCredentialConfiguration(issuer, schema, configurationId)
+    }
+
+    @When("{actor} uses {} to create a credential configuration {string}")
+    fun issuerCreateCredentialConfiguration(issuer: Actor, schema: CredentialSchema, configurationId: String) {
+        val credentialIssuer = issuer.recall<CredentialIssuer>("oid4vciCredentialIssuer")
+        val schemaGuid = issuer.recall<String>(schema.name)
+        val baseUrl = issuer.recall<String>("baseUrl")
+        issuer.attemptsTo(
+            Post.to("/oid4vci/issuers/${credentialIssuer.id}/credential-configurations")
+                .with {
+                    it.body(
+                        CreateCredentialConfigurationRequest(
+                            configurationId = configurationId,
+                            format = CredentialFormat.JWT_VC_JSON,
+                            schemaId = "$baseUrl/schema-registry/schemas/$schemaGuid/schema",
+                        ),
+                    )
+                },
+            Ensure.thatTheLastResponse().statusCode().isEqualTo(HttpStatus.SC_CREATED),
+        )
+    }
+
+    @When("{actor} deletes {string} credential configuration")
+    fun issuerDeletesCredentialConfiguration(issuer: Actor, configurationId: String) {
+        val credentialIssuer = issuer.recall<CredentialIssuer>("oid4vciCredentialIssuer")
+        issuer.attemptsTo(
+            Delete("/oid4vci/issuers/${credentialIssuer.id}/credential-configurations/$configurationId"),
+            Ensure.thatTheLastResponse().statusCode().isEqualTo(HttpStatus.SC_OK),
+        )
+    }
+
+    @Then("{actor} sees the {string} configuration on IssuerMetadata endpoint")
+    fun issuerSeesCredentialConfiguration(issuer: Actor, configurationId: String) {
+        val credentialIssuer = issuer.recall<CredentialIssuer>("oid4vciCredentialIssuer")
+        issuer.attemptsTo(
+            Get("/oid4vci/issuers/${credentialIssuer.id}/.well-known/openid-credential-issuer"),
+            Ensure.thatTheLastResponse().statusCode().isEqualTo(HttpStatus.SC_OK),
+        )
+        val metadata = SerenityRest.lastResponse().get<IssuerMetadata>()
+        val credConfig = metadata.credentialConfigurationsSupported[configurationId]!!
+        issuer.attemptsTo(
+            Ensure.that(credConfig.scope).isEqualTo(configurationId),
+        )
+    }
+
+    @Then("{actor} cannot see the {string} configuration on IssuerMetadata endpoint")
+    fun issuerCannotSeeCredentialConfiguration(issuer: Actor, configurationId: String) {
+        val credentialIssuer = issuer.recall<CredentialIssuer>("oid4vciCredentialIssuer")
+        issuer.attemptsTo(
+            Get("/oid4vci/issuers/${credentialIssuer.id}/.well-known/openid-credential-issuer"),
+            Ensure.thatTheLastResponse().statusCode().isEqualTo(HttpStatus.SC_OK),
+        )
+        val metadata = SerenityRest.lastResponse().get<IssuerMetadata>()
+        issuer.attemptsTo(
+            Ensure.that(metadata.credentialConfigurationsSupported.keys).doesNotContain(configurationId),
+        )
+    }
+}