Merge pull request #102 from dc4eu/masv_using_rest_calls

pre-paris changes

.gitignore

@@ -6,5 +6,5 @@ redis-data/
 kraft[0-9]*-data/
 *.orig
 **/.*.orig
+developer_tools/*.pem
 .env
-

.vscode/settings.json

@@ -4,6 +4,7 @@
         "apiv",
         "auditlog",
         "bson",
+        "datastoreclient",
         "eduseal",
         "ehic",
         "eidas",

Makefile

@@ -258,6 +258,9 @@ swagger-apigw:
 swagger-issuer:
 	swag init -d internal/issuer/apiv1/ -g client.go --output docs/issuer --parseDependency --packageName docs
 
+diagram:
+	plantuml docs/diagrams/*.puml
+
 install-tools:
 	$(info Install from apt)
 	apt-get update && apt-get install -y \
@@ -277,7 +280,8 @@ vscode:
 	$(info Install APT packages)
 	sudo apt-get update && sudo apt-get install -y \
 		protobuf-compiler \
-		netcat-openbsd
+		netcat-openbsd \
+		plantuml
 	$(info Install go packages)
 	go install github.com/swaggo/swag/cmd/swag@latest && \
 	go install google.golang.org/protobuf/cmd/protoc-gen-go@latest && \

cmd/issuer/main.go

@@ -8,14 +8,10 @@ import (
 	"syscall"
 	"vc/internal/issuer/apiv1"
 	"vc/internal/issuer/auditlog"
-	"vc/internal/issuer/db"
 	"vc/internal/issuer/grpcserver"
 	"vc/internal/issuer/httpserver"
-	"vc/internal/issuer/simplequeue"
 	"vc/pkg/configuration"
-	"vc/pkg/kvclient"
 	"vc/pkg/logger"
-	"vc/pkg/rpcclient"
 	"vc/pkg/trace"
 )
 
@@ -38,6 +34,7 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
+
 	tracer, err := trace.New(ctx, cfg, log, "vc", "issuer")
 	if err != nil {
 		panic(err)
@@ -49,36 +46,17 @@ func main() {
 		panic(err)
 	}
 
-	rpcClients, err := rpcclient.New(cfg, log.New("rpc"))
-	if err != nil {
-		panic(err)
-	}
-	dbService, err := db.New(ctx, cfg, tracer, log.New("db"))
-	services["dbService"] = dbService
-	if err != nil {
-		panic(err)
-	}
-	kvClient, err := kvclient.New(ctx, cfg, tracer, log.New("kvClient"))
-	services["kvClient"] = kvClient
+	apiv1Client, err := apiv1.New(ctx, auditLogService, cfg, tracer, log.New("apiv1"))
 	if err != nil {
 		panic(err)
 	}
 
-	simpleQueueService, err := simplequeue.New(ctx, kvClient, tracer, cfg, log.New("queue"))
-	services["queueService"] = simpleQueueService
-	if err != nil {
-		panic(err)
-	}
-
-	apiv1Client, err := apiv1.New(ctx, simpleQueueService, rpcClients, kvClient, dbService, auditLogService, cfg, tracer, log.New("apiv1"))
-	if err != nil {
-		panic(err)
-	}
 	httpService, err := httpserver.New(ctx, cfg, apiv1Client, tracer, log.New("httpserver"))
 	services["httpService"] = httpService
 	if err != nil {
 		panic(err)
 	}
+
 	grpcService, err := grpcserver.New(ctx, cfg, apiv1Client, log.New("grpcserver"))
 	services["grpcService"] = grpcService
 	if err != nil {

config.yaml

@@ -32,13 +32,12 @@ common:
       - "kafka1:9092"
 
 authentic_sources:
-  SUNET:
-    authentic_source_identifier: "SUNET_v1"
+  SUNET_v1:
     country_code: "SE"
     notification_endpoint:
       url: "http://vc_dev_apigw:8080/api/v1/document/notify"
     authentic_source_endpoint: 
-      url: "http://vc_dev_mockas:8080"
+      url: "http://vc_dev_apigw:8080"
     signature_service_endpoint: 
       url: "http://vc_dev_issuer:8080"
     revocation_service_endpoint: 
@@ -48,19 +47,36 @@ authentic_sources:
         profile: "SD-JWT"
       PDA1:
         profile: "SD-JWT"
+  SUNET_v2:
+    country_code: "SE"
+    notification_endpoint:
+      url: "http://vc_dev_apigw:8080/api/v1/document/notify"
+    authentic_source_endpoint:
+      url: "http://vc_dev_mockas:8080"
+    signature_service_endpoint:
+      url: "http://vc_dev_issuer:8080"
+    revocation_service_endpoint:
+      url: "http://vc_dev_apigw:8080/api/v1/document/revok"
+    datastore_service_endpoint:
+      url: "http://vc_dev_apigw:8080"
+    credential_types:
+      EHIC:
+        profile: "SD-JWT"
+      PDA1:
+        profile: "SD-JWT"
 
 issuer:
+  identifier: "SUNET_v1"
   api_server:
     addr: :8080
   grpc_server:
     addr: vc_dev_issuer:8090
-  datastore:
-    addr: datastore:8080
-  identifier: "SUNET_v1"
-  trust_model:
-    type: "openid_federation"
-    trust_anchors:
-      - "https://example.com/trust_anchor.pem"
+  signing_key_path: "/private_ec256.pem"
+  jwt_attribute:
+    issuer:  https://issuer.sunet.se
+    enable_not_before: true
+    valid_duration: 3600
+    verifiable_credential_type: "https://credential.sunet.se/identity_credential"
 
 verifier:
   api_server:
@@ -82,6 +98,11 @@ persistent:
     addr: :8080
 
 apigw:
+  identifier: "SUNET_v1"
+  trust_model:
+    type: "openid_federation"
+    trust_anchors:
+      - "https://example.com/trust_anchor.pem"
   api_server:
     addr: :8080
     basic_auth:

developer_tools/gen_ec_sign_key.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# generate a private key for a curve
+openssl ecparam -name prime256v1 -genkey -noout -out private_ec256.pem
+
+# generate corresponding public key
+openssl ec -in private_ec256.pem -pubout -out public_ec256.pem

docker-compose.yaml

@@ -46,6 +46,7 @@ services:
     volumes:
       - ./config.yaml:/config.yaml:ro
       - /var/log/sunet:/var/log/sunet
+      - ./developer_tools/private_ec256.pem:/private_ec256.pem:ro
     depends_on:
       - redis
       - mongo

docs/diagrams/issuer_many_authentic_source.puml

@@ -0,0 +1,12 @@
+@startuml
+
+rectangle Issuer as i
+rectangle AuthenticSource_1 as as1
+rectangle AuthenticSource_2 as as2
+rectangle AuthenticSource_3 as as3
+
+i <-- as1
+i <-- as2
+i <-- as3
+
+@enduml

docs/diagrams/many_issuer_one_authentic_source.puml

@@ -0,0 +1,12 @@
+@startuml
+
+rectangle Issuer_1 as i1
+rectangle Issuer_2 as i2
+rectangle Issuer_3 as i3
+rectangle AuthenticSource as as
+
+i1 <-- as
+i2 <-- as
+i3 <-- as
+
+@enduml

internal/apigw/apiv1/client.go

@@ -4,28 +4,26 @@ import (
 	"context"
 	"vc/internal/apigw/db"
 	"vc/internal/apigw/simplequeue"
+	"vc/pkg/datastoreclient"
 	"vc/pkg/kvclient"
 	"vc/pkg/logger"
 	"vc/pkg/model"
 	"vc/pkg/trace"
 )
 
-var (
-	BuildVarGitCommit string
-)
-
 //	@title		Datastore API
 //	@version	2.8
 //	@BasePath	/api/v1
 
 // Client holds the public api object
 type Client struct {
-	cfg         *model.Cfg
-	db          *db.Service
-	log         *logger.Log
-	tp          *trace.Tracer
-	kv          *kvclient.Client
-	simpleQueue *simplequeue.Service
+	cfg             *model.Cfg
+	db              *db.Service
+	log             *logger.Log
+	tp              *trace.Tracer
+	kv              *kvclient.Client
+	simpleQueue     *simplequeue.Service
+	datastoreClient *datastoreclient.Client
 }
 
 // New creates a new instance of the public api
@@ -39,6 +37,16 @@ func New(ctx context.Context, kv *kvclient.Client, db *db.Service, simplequeue *
 		simpleQueue: simplequeue,
 	}
 
+	// Specifies the issuer configuration based on the issuer identifier, should be initialized in main I guess.
+	issuerIdentifier := cfg.Issuer.Identifier
+	issuerCFG := cfg.AuthenticSources[issuerIdentifier]
+
+	var err error
+	c.datastoreClient, err = datastoreclient.New(&datastoreclient.Config{URL: issuerCFG.AuthenticSourceEndpoint.URL})
+	if err != nil {
+		return nil, err
+	}
+
 	c.log.Info("Started")
 
 	return c, nil

internal/apigw/apiv1/handlers_issuer.go

@@ -3,9 +3,9 @@ package apiv1
 import (
 	"context"
 	"encoding/json"
-	"vc/internal/apigw/db"
 	"vc/internal/gen/issuer/apiv1_issuer"
 	"vc/internal/gen/registry/apiv1_registry"
+	"vc/pkg/datastoreclient"
 	"vc/pkg/helpers"
 	"vc/pkg/model"
 
@@ -15,15 +15,11 @@ import (
 
 // CredentialRequest is the request for Credential
 type CredentialRequest struct {
-	AuthenticSource         string `json:"authentic_source" validate:"required"`
-	AuthenticSourcePersonID string `json:"authentic_source_person_id" validate:"required"`
-	DocumentType            string `json:"document_type" validate:"required"`
-	CredentialType          string `json:"credential_type" validate:"required"`
-
-	// Identity        *model.Identity `json:"identity" validate:"required"`
-	// DocumentID      string          `json:"document_id" validate:"required"`
-	// DocumentVersion string          `json:"document_version" validate:"required"`
-	// CollectID       string          `json:"collect_id" validate:"required"`
+	AuthenticSource string          `json:"authentic_source" validate:"required"`
+	Identity        *model.Identity `json:"identity" validate:"required"`
+	DocumentType    string          `json:"document_type" validate:"required"`
+	CredentialType  string          `json:"credential_type" validate:"required"`
+	CollectID       string          `json:"collect_id" validate:"required"`
 }
 
 // Credential makes a credential
@@ -43,22 +39,16 @@ func (c *Client) Credential(ctx context.Context, req *CredentialRequest) (*apiv1
 		return nil, err
 	}
 
-	c.log.Info("Credential", "req", req)
-	// IDMapping
-
-	// GetDocument
-	document, err := c.db.VCDatastoreColl.GetDocumentForCredential(ctx, &db.GetDocumentForCredential{
-		Meta: &model.MetaData{
-			AuthenticSource: req.AuthenticSource,
-			DocumentType:    req.DocumentType,
-		},
-		Identity: &model.Identity{
-			AuthenticSourcePersonID: req.AuthenticSourcePersonID,
-		},
+	document, _, err := c.datastoreClient.DocumentService.CollectID(ctx, &datastoreclient.DocumentCollectIDQuery{
+		AuthenticSource: req.AuthenticSource,
+		DocumentType:    req.DocumentType,
+		CollectID:       req.CollectID,
+		Identity:        req.Identity,
 	})
 	if err != nil {
 		return nil, err
 	}
+
 	if document == nil || document.DocumentData == nil {
 		return nil, helpers.ErrNoDocumentFound
 	}
@@ -78,17 +68,8 @@ func (c *Client) Credential(ctx context.Context, req *CredentialRequest) (*apiv1
 	client := apiv1_issuer.NewIssuerServiceClient(conn)
 
 	reply, err := client.MakeSDJWT(ctx, &apiv1_issuer.MakeSDJWTRequest{
-		AuthenticSource:         req.AuthenticSource,
-		AuthenticSourcePersonID: req.AuthenticSourcePersonID,
-		DocumentType:            req.DocumentType,
-		//	DocumentID:              req.DocumentID,
-		//	DocumentVersion:         req.DocumentVersion,
-		//	DateOfBirth:             req.Identity.BirthDate,
-		//	CollectID:               req.CollectID,
-		//	LastName:                req.Identity.FamilyName,
-		//	FirstName:               req.Identity.GivenName,
-		CredentialType: req.CredentialType,
-		DocumentData:   documentData,
+		DocumentType: req.DocumentType,
+		DocumentData: documentData,
 	})
 	if err != nil {
 		c.log.Error(err, "failed to call MakeSDJWT")

internal/apigw/db/methods_vc_datastore.go

@@ -289,16 +289,15 @@ func (c *VCDatastoreColl) GetDocumentCollectID(ctx context.Context, query *GetDo
 		"meta.collect.id":           bson.M{"$eq": query.Meta.Collect.ID},
 		"meta.document_type":        bson.M{"$eq": query.Meta.DocumentType},
 		"identities.schema.version": bson.M{"$eq": query.Identity.Schema.Version},
+		"identities.schema.name":    bson.M{"$eq": query.Identity.Schema.Name},
 	}
 
 	if query.Identity.AuthenticSourcePersonID != "" {
 		filter["identities.authentic_source_person_id"] = bson.M{"$eq": query.Identity.AuthenticSourcePersonID}
 	} else {
-		filter = bson.M{
-			"identities.family_name": bson.M{"$eq": query.Identity.FamilyName},
-			"identities.given_name":  bson.M{"$eq": query.Identity.GivenName},
-			"identities.birth_date":  bson.M{"$eq": query.Identity.BirthDate},
-		}
+		filter["identities.family_name"] = bson.M{"$eq": query.Identity.FamilyName}
+		filter["identities.given_name"] = bson.M{"$eq": query.Identity.GivenName}
+		filter["identities.birth_date"] = bson.M{"$eq": query.Identity.BirthDate}
 	}
 
 	opts := options.FindOne().SetProjection(bson.M{