[INJICERT-1135] Add credetial status to vc type and set credentialStatus from code (mosip#376)

* [INJICERT-1035] Add credetial status to vc type and set credentialStatus from code

Signed-off-by: Piyush7034 <[email protected]>

* Add enum for credential status purpose

Signed-off-by: Piyush7034 <[email protected]>
Signed-off-by: Vishwa <[email protected]>

* [INJICERT-1135] Add list type for credential status

Signed-off-by: Piyush7034 <[email protected]>

---------

Signed-off-by: Piyush7034 <[email protected]>

Author: Piyush7034

certify-core/src/main/java/io/mosip/certify/core/constants/Constants.java

@@ -35,4 +35,8 @@ public class Constants {
     public static final String INACTIVE = "inactive";
     public static final String DELIMITER = "::";  // delimiter is ::  its not used by url or within any context of VC name and is distinct
     public  static final String SIGNATURE_CRYPTO_SUITE = "SIGNATURE_CRYPTO_SUITE";
+    public  static final String VCT = "vct";
+    public  static final String CNF = "cnf";
+    public  static final String ISS = "iss";
+    public static final String TYPE = "type";
 }

certify-core/src/main/java/io/mosip/certify/core/constants/VCDM2Constants.java

@@ -9,4 +9,5 @@ public class VCDM2Constants {
     public static final String URL = "https://www.w3.org/ns/credentials/v2";
     public static final String VALID_UNITL = "validUntil";
     public static final String VALID_FROM = "validFrom";
+    public static final String CREDENTIAL_STATUS = "credentialStatus";
 }

certify-core/src/main/java/io/mosip/certify/core/dto/CredentialConfigurationDTO.java

@@ -73,4 +73,6 @@ public class CredentialConfigurationDTO {
     private String sdJwtVct;
 
     private List<Map<String, String>> pluginConfigurations;
+
+    private List<String> credentialStatusPurpose;
 }

certify-service/src/main/java/io/mosip/certify/entity/CredentialConfig.java

@@ -107,11 +107,13 @@ public class CredentialConfig {
     @Column(name = "plugin_configurations", columnDefinition = "jsonb")
     private List<Map<String, String>> pluginConfigurations;
 
+    @Column(name = "credential_status_purpose", columnDefinition = "TEXT[]")
+    private List<String> credentialStatusPurpose;
+
     @NotNull
     @Column(name = "cr_dtimes")
     private LocalDateTime createdTimes;
 
     @Column(name = "upd_dtimes")
     private LocalDateTime updatedTimes;
-
 }

certify-service/src/main/java/io/mosip/certify/mapper/CredentialConfigMapper.java

@@ -17,6 +17,7 @@ public interface CredentialConfigMapper {
     @Mapping(target = "updatedTimes", ignore = true)
     @Mapping(target = "context", source = "context", qualifiedByName = "listToCommaSeparatedString")
     @Mapping(target = "credentialType", source = "credentialType", qualifiedByName = "listToCommaSeparatedString")
+    @Mapping(target = "credentialStatusPurpose", ignore = true)
     CredentialConfig toEntity(CredentialConfigurationDTO dto);
 
     // Convert Entity to DTO
@@ -31,6 +32,7 @@ public interface CredentialConfigMapper {
     @Mapping(target = "updatedTimes", expression = "java(java.time.LocalDateTime.now())")
     @Mapping(target = "context", source = "context", qualifiedByName = "listToCommaSeparatedString")
     @Mapping(target = "credentialType", source = "credentialType", qualifiedByName = "listToCommaSeparatedString")
+    @Mapping(target = "credentialStatusPurpose", ignore = true)
     void updateEntityFromDto(CredentialConfigurationDTO dto, @MappingTarget CredentialConfig entity);
 
     @Named("listToCommaSeparatedString")

certify-service/src/main/java/io/mosip/certify/services/CertifyIssuanceServiceImpl.java

@@ -16,6 +16,7 @@
 import com.nimbusds.jwt.SignedJWT;
 import io.mosip.certify.api.util.AuditHelper;
 import io.mosip.certify.config.IndexedAttributesConfig;
+import io.mosip.certify.core.constants.VCDM2Constants;
 import io.mosip.certify.core.dto.*;
 import io.mosip.certify.core.spi.CredentialConfigurationService;
 import io.mosip.certify.entity.CredentialStatusTransaction;
@@ -142,12 +143,6 @@ public class CertifyIssuanceServiceImpl implements VCIssuanceService {
     @Autowired
     private IndexedAttributesConfig indexedAttributesConfig;
 
-    @Value("${mosip.certify.statuslist.enabled:false}")
-    private boolean statusListEnabled;
-
-    @Value("${mosip.certify.statuslist.default-purpose:revocation}")
-    private String defaultStatusPurpose;
-
     @Value("${mosip.certify.domain.url}")
     private String domainUrl;
 
@@ -264,8 +259,10 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
                     String templateName = CredentialUtils.getTemplateName(vcRequestDto);
                     templateParams.put(Constants.TEMPLATE_NAME, templateName);
                     templateParams.put(Constants.DID_URL, didUrl);
-                    if (statusListEnabled) {
-                        addCredentialStatus(jsonObject);
+                    jsonObject.put(Constants.TYPE, credentialRequest.getCredential_definition().getType());
+                    List<String> credentialStatusPurposeList = vcFormatter.getCredentialStatusPurpose(templateName);
+                    if (credentialStatusPurposeList != null && !credentialStatusPurposeList.isEmpty()) {
+                        addCredentialStatus(jsonObject, credentialStatusPurposeList.getFirst());
                     }
                     if (!StringUtils.isEmpty(renderTemplateId)) {
                         templateParams.put(Constants.RENDERING_TEMPLATE_ID, renderTemplateId);
@@ -274,6 +271,7 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
                     Credential cred = credentialFactory.getCredential(credentialRequest.getFormat()).orElseThrow(()-> new CertifyException(ErrorConstants.UNSUPPORTED_VC_FORMAT));
                     templateParams.putAll(jsonObject.toMap());
                     String unsignedCredential=cred.createCredential(templateParams, templateName);
+                    jsonObject.remove(VCDM2Constants.CREDENTIAL_STATUS);
                     return cred.addProof(unsignedCredential,"", vcFormatter.getProofAlgorithm(templateName), vcFormatter.getAppID(templateName), vcFormatter.getRefID(templateName),vcFormatter.getDidUrl(templateName), vcFormatter.getSignatureCryptoSuite(templateName));
                 } catch(DataProviderExchangeException e) {
                     throw new CertifyException(e.getErrorCode());
@@ -296,11 +294,11 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
                     Credential cred = credentialFactory.getCredential(CredentialFormat.VC_SD_JWT.toString()).orElseThrow(()-> new CertifyException(ErrorConstants.UNSUPPORTED_VC_FORMAT));
                     jsonObject.put("_holderId", holderId);
                     templateParams.putAll(jsonObject.toMap());
-                    templateParams.put("_vct", vcRequestDto.getVct());
+                    templateParams.put(Constants.VCT, vcRequestDto.getVct());
                     // This is with reference to the Representation of a Key ID for a Proof-of-Possession Key
                     // Ref: https://datatracker.ietf.org/doc/html/rfc7800#section-3.4
-                    templateParams.put("_cnf", Map.of("kid", holderId));
-                    templateParams.put("_iss", certifyIssuer);
+                    templateParams.put(Constants.CNF, Map.of("kid", holderId));
+                    templateParams.put(Constants.ISS, certifyIssuer);
                     String unsignedCredential=cred.createCredential(templateParams, templateName);
                     return cred.addProof(unsignedCredential,"", vcFormatter.getProofAlgorithm(templateName), vcFormatter.getAppID(templateName), vcFormatter.getRefID(templateName),vcFormatter.getDidUrl(templateName), vcFormatter.getSignatureCryptoSuite(templateName));
                 } catch(DataProviderExchangeException e) {
@@ -313,20 +311,20 @@ private VCResult<?> getVerifiableCredential(CredentialRequest credentialRequest,
     }
 
     @Transactional
-    private void addCredentialStatus(JSONObject jsonObject) {
+    private void addCredentialStatus(JSONObject jsonObject, String statusPurpose) {
         try {
             log.info("Adding credential status forstatus list integration");
 
             // Find or create a suitable status list
-            StatusListCredential statusList = statusListCredentialService.findOrCreateStatusList(defaultStatusPurpose);
+            StatusListCredential statusList = statusListCredentialService.findOrCreateStatusList(statusPurpose);
 
             // Assign next available index using database approach
             long assignedIndex = statusListCredentialService.findNextAvailableIndex(statusList.getId());
 
             // If the current list is full, create a new one
             if(assignedIndex == -1) {
                 log.info("Current status list is full, creating a new one");
-                statusList = statusListCredentialService.generateStatusListCredential(defaultStatusPurpose);
+                statusList = statusListCredentialService.generateStatusListCredential(statusPurpose);
                 assignedIndex = statusListCredentialService.findNextAvailableIndex(statusList.getId());
 
                 if(assignedIndex == -1) {
@@ -341,19 +339,19 @@ private void addCredentialStatus(JSONObject jsonObject) {
             String statusId = domainUrl + "/v1/certify/status-list/" + statusList.getId();
             credentialStatus.put("id", statusId + "#" + assignedIndex);
             credentialStatus.put("type", "BitstringStatusListEntry");
-            credentialStatus.put("statusPurpose", defaultStatusPurpose);
+            credentialStatus.put("statusPurpose", statusPurpose);
             credentialStatus.put("statusListIndex", String.valueOf(assignedIndex));
             credentialStatus.put("statusListCredential", statusId);
 
             // Add credential status to the VC data
-            jsonObject.put("credentialStatus", credentialStatus);
+            jsonObject.put(VCDM2Constants.CREDENTIAL_STATUS, credentialStatus);
 
             // Extract credential details for ledger storage
             String credentialType = extractCredentialType(jsonObject);
 
             // Prepare status details for ledger
             Map<String, Object> statusDetails = new HashMap<>();
-            statusDetails.put("status_purpose", defaultStatusPurpose);
+            statusDetails.put("status_purpose", statusPurpose);
             statusDetails.put("status_value", false); // Initially not revoked
             statusDetails.put("status_list_credential_id", statusList.getId());
             statusDetails.put("status_list_index", assignedIndex);
@@ -372,8 +370,8 @@ private void addCredentialStatus(JSONObject jsonObject) {
 
     private static String extractCredentialType(JSONObject jsonObject) {
         try {
-            if(jsonObject.has("type")) {
-                Object typeObj = jsonObject.get("type");
+            if(jsonObject.has(Constants.TYPE)) {
+                Object typeObj = jsonObject.get(Constants.TYPE);
                 if(typeObj instanceof org.json.JSONArray) {
                     org.json.JSONArray typeArray = (org.json.JSONArray) typeObj;
                     List<String> types = new ArrayList<>();

certify-service/src/main/java/io/mosip/certify/services/CredentialConfigurationServiceImpl.java

@@ -10,6 +10,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import io.mosip.certify.core.constants.Constants;
 import io.mosip.certify.core.constants.ErrorConstants;
+import io.mosip.certify.core.constants.VCDM2Constants;
 import io.mosip.certify.core.constants.VCFormats;
 import io.mosip.certify.core.dto.*;
 import io.mosip.certify.core.exception.CertifyException;
@@ -59,6 +60,9 @@ public class CredentialConfigurationServiceImpl implements CredentialConfigurati
     @Value("#{${mosip.certify.credential-config.issuer.display}}")
     private List<Map<String, String>> issuerDisplay;
 
+    @Value("#{${mosip.certify.data-provider-plugin.credential-status.supported-purposes:{}}}")
+    private List<String> credentialStatusSupportedPurposes;
+
     private static final String CREDENTIAL_CONFIG_CACHE_NAME = "credentialConfig";
 
     @Override
@@ -88,6 +92,8 @@ public CredentialConfigResponse addCredentialConfiguration(CredentialConfigurati
                             " is not supported for the signature algorithm: " + credentialConfig.getSignatureAlgo());
                 }
             }
+
+            credentialConfig.setCredentialStatusPurpose(credentialStatusSupportedPurposes);
         }
 
         validateCredentialConfiguration(credentialConfig);

certify-service/src/main/java/io/mosip/certify/vcformatters/VCFormatter.java

@@ -63,4 +63,11 @@ public interface VCFormatter {
      * @return
      */
     String getSignatureCryptoSuite(String templateName);
+
+    /**
+     * returns the credential status purpose used for adding credentialStatus to the VC.
+     * @param templateName
+     * @return
+     */
+    List<String> getCredentialStatusPurpose(String templateName);
 }

certify-service/src/main/java/io/mosip/certify/vcformatters/VelocityTemplatingEngineImpl.java

@@ -190,6 +190,11 @@ public String getSignatureCryptoSuite(String templateName) {
         return getCachedCredentialConfig(templateName).getSignatureCryptoSuite(); // NEW
     }
 
+    @Override
+    public List<String> getCredentialStatusPurpose(String templateName) {
+        return getCachedCredentialConfig(templateName).getCredentialStatusPurpose();
+    }
+
     /**
      * performs the templating
      * NOTE: the defaultSettings map should have the "templateName" key set to
@@ -349,20 +354,20 @@ public String format(Map<String, Object> templateInput) {
         }
         VelocityContext context = new VelocityContext(finalTemplate);
         engine.evaluate(context, writer, /*logTag */ templateName, vcTemplateString); // use vcTemplateString
+        JSONObject jsonObject = new JSONObject(writer.toString());
         if (StringUtils.isNotEmpty(idPrefix)) {
-            JSONObject j = new JSONObject(writer.toString());
-            j.put(VCDMConstants.ID, idPrefix + UUID.randomUUID());
-            return j.toString();
+            jsonObject.put(VCDMConstants.ID, idPrefix + UUID.randomUUID());
         }
-        if( templateInput.containsKey("_vct") && templateInput.containsKey("_cnf")
-                && templateInput.containsKey("_iss")) {
-            JSONObject j = new JSONObject(writer.toString());
-            j.put("vct", templateInput.get("_vct"));
-            j.put("cnf", templateInput.get("_cnf"));
-            j.put("iss", templateInput.get("_iss"));
-            return j.toString();
+        if(templateInput.containsKey(VCDM2Constants.CREDENTIAL_STATUS) && templateName.contains(VCDM2Constants.URL)) {
+            jsonObject.put(VCDM2Constants.CREDENTIAL_STATUS, templateInput.get(VCDM2Constants.CREDENTIAL_STATUS));
+        }
+        if( templateInput.containsKey(VCT) && templateInput.containsKey(CNF)
+                && templateInput.containsKey(ISS)) {
+            jsonObject.put(VCT, templateInput.get(VCT));
+            jsonObject.put(CNF, templateInput.get(CNF));
+            jsonObject.put(ISS, templateInput.get(ISS));
         }
 
-        return writer.toString();
+        return jsonObject.toString();
     }
 }

certify-service/src/main/resources/application-local.properties

@@ -20,7 +20,7 @@ mosip.certify.authorization.url=http://localhost:8088
 mosip.certify.discovery.issuer-id=${mosip.certify.domain.url}${server.servlet.path}
 mosip.certify.data-provider-plugin.issuer.vc-sign-algo=Ed25519Signature2020
 mosip.certify.plugin-mode=DataProvider
-#mosip.certify.data-provider-plugin.data-integrity.crypto-suite=ecdsa-rdfc-2019
+mosip.certify.data-provider-plugin.credential-status.supported-purposes={'revocation','suspension'}
 
 ##--------------change this later---------------------------------
 mosip.certify.supported.jwt-proof-alg={'RS256','PS256','ES256'}
@@ -226,7 +226,7 @@ mosip.certify.mock.authenticator.get-identity-url=http://localhost:8082/v1/mock-
 
 # details of VC issuer's public key & controller for DataProvider plugin
 mosip.certify.data-provider-plugin.issuer-public-key-uri=https://vharsh.github.io/DID/mock-rsa.json
-mosip.certify.data-provider-plugin.issuer-uri=did:web:jainhitesh9998.github.io:tempfiles:vc-local-ed25519
+mosip.certify.data-provider-plugin.did-url=did:web:jainhitesh9998.github.io:tempfiles:vc-local-ed25519
 
 ## ---------------------------------------- Cache configuration --------------------------------------------------------
 
@@ -241,7 +241,7 @@ mosip.certify.cache.security.algorithm-name=AES/ECB/PKCS5Padding
 #spring.data.redis.password=redis
 
 spring.cache.type=simple
-mosip.certify.cache.names=userinfo,vcissuance,templatecache
+mosip.certify.cache.names=userinfo,vcissuance,templatecache,certificatedatacache
 spring.cache.cache-names=${mosip.certify.cache.names}
 management.health.redis.enabled=false