Skip to content

Commit

Permalink
🐛 Filter VCs based on expirationDate
Browse files Browse the repository at this point in the history
  • Loading branch information
@agmangas
agmangas committed Jun 28, 2024
1 parent f37d9b4 commit 4361743
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 31 deletions.
31 changes: 20 additions & 11 deletions connector/iam/src/main/java/eu/datacellar/iam/VCIdentityService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,36 +70,43 @@ public Result<TokenRepresentation> obtainClientCredentials(TokenParameters param
matchCredentialsResponse = identityServices
.matchCredentials(presentationDefinition);
} catch (IOException e) {
return Result.failure("Failed to match credentials: %s".formatted(e.getMessage()));
String errMsg = "Failed to match credentials: %s".formatted(e.getMessage());
monitor.warning(errMsg);
return Result.failure(errMsg);
}

String jwtEncodedVC = matchCredentialsResponse.getMostRecentJWTEncoded();
monitor.debug("JWT-encoded Verifiable Credential: %s".formatted(jwtEncodedVC));
String jwtEncodedVC = matchCredentialsResponse.getLatestActiveAsJWT();
monitor.debug("JWT-encoded Verifiable Credentials: %s".formatted(jwtEncodedVC));

if (jwtEncodedVC == null) {
String errMsg = "No active credentials found";
monitor.warning(errMsg);
return Result.failure(errMsg);
}

Jwk<?> anchorJwk;

try {
anchorJwk = keyResolver.resolveDIDToPublicKeyJWK(didTrustAnchor);
} catch (IOException e) {
return Result.failure("Failed to resolve DID trust anchor: %s".formatted(e.getMessage()));
String errMsg = "Failed to resolve DID trust anchor: %s".formatted(e.getMessage());
monitor.warning(errMsg);
return Result.failure(errMsg);
}

PresentationBuilder presentationBuilder = new PresentationBuilder(anchorJwk, identityServices);

presentationBuilder
.addJwtCredential(jwtEncodedVC)
.setAudience(audience);
presentationBuilder.addJwtCredential(jwtEncodedVC).setAudience(audience);

String jwtEncodedVP;

try {
jwtEncodedVP = presentationBuilder.buildPresentationJwt();
} catch (IOException e) {
return Result.failure("Failed to build presentation: %s".formatted(e.getMessage()));
String errMsg = "Failed to build presentation: %s".formatted(e.getMessage());
monitor.warning(errMsg);
return Result.failure(errMsg);
}

monitor.debug("JWT-encoded Verifiable Presentation: %s".formatted(jwtEncodedVP));

var token = new VerifiablePresentationToken();
token.setAudience(audience);
token.setClientId(clientId);
Expand All @@ -110,6 +117,8 @@ public Result<TokenRepresentation> obtainClientCredentials(TokenParameters param
.token(typeManager.writeValueAsString(token))
.build();

monitor.debug("TokenRepresentation: %s".formatted(tokenRepresentation.getToken()));

return Result.success(tokenRepresentation);
}

Expand Down
64 changes: 44 additions & 20 deletions connector/iam/src/main/java/eu/datacellar/iam/WaltIDIdentityServices.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import java.io.IOException;
import java.time.ZonedDateTime;
import java.util.Arrays;
import java.util.Base64;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Map;
Expand Down Expand Up @@ -327,36 +328,48 @@ public boolean isEmpty() {
return matchingCredentials == null || matchingCredentials.isEmpty();
}

/**
* Retrieves the latest JSONObject from the list of matching credentials.
*
* @return The latest JSONObject, or null if no matching credentials are found.
*/
public JSONObject getMostRecent() {
if (isEmpty()) {
return null;
private JSONObject parseVCFromJWTDocument(String jwtCredential) {
String[] parts = jwtCredential.split("\\.");
String payload = parts[1];
String decodedPayload = new String(Base64.getUrlDecoder().decode(payload));
JSONObject jwtCredentialObj = new JSONObject(decodedPayload);
return jwtCredentialObj.getJSONObject("vc");
}

private boolean isActive(String jwtCredential) {
try {
JSONObject vcObj = parseVCFromJWTDocument(jwtCredential);
return ZonedDateTime.parse(vcObj.getString("expirationDate")).isAfter(ZonedDateTime.now());
} catch (Exception e) {
return false;
}
}

return IntStream.range(0, matchingCredentials.length())
.mapToObj(matchingCredentials::getJSONObject)
.max(Comparator.comparing(o -> ZonedDateTime.parse(o.getString("addedOn"))))
.orElse(null);
private ZonedDateTime getIssuanceDate(String jwtCredential) {
try {
JSONObject vcObj = parseVCFromJWTDocument(jwtCredential);
return ZonedDateTime.parse(vcObj.getString("issuanceDate"));
} catch (Exception e) {
return null;
}
}

/**
* Retrieves the most recent JWT encoded document.
* Retrieves a list of active JWT tokens encoded as strings.
*
* @return The most recent JWT encoded document as a String, or null if no
* document is available.
* @return A list of active JWT tokens encoded as strings, or null if there are
* no matching credentials.
*/
public String getMostRecentJWTEncoded() {
JSONObject latest = getMostRecent();

if (latest == null) {
public String getLatestActiveAsJWT() {
if (isEmpty()) {
return null;
}

return latest.getString("document");
return IntStream.range(0, matchingCredentials.length())
.mapToObj(i -> matchingCredentials.getJSONObject(i).getString("document"))
.filter(this::isActive)
.max(Comparator.comparing(this::getIssuanceDate))
.orElse(null);
}
}

Expand Down Expand Up @@ -412,6 +425,17 @@ public JSONObject getJsonObject() {
}
});
}
},
new HashMap<String, Object>() {
{
put("path", Arrays.asList("$.expirationDate"));
put("filter", new HashMap<String, Object>() {
{
put("type", "string");
put("format", "date-time");
}
});
}
}));
}
};
Expand Down

0 comments on commit 4361743

Please sign in to comment.