Feat/manage x509 cert (#1492)

* added x509 cert for mdoc

Signed-off-by: Rinkal Bhojani <[email protected]>

* removed commented code

Signed-off-by: Rinkal Bhojani <[email protected]>

* removed commented code

Signed-off-by: Rinkal Bhojani <[email protected]>

---------

Signed-off-by: Rinkal Bhojani <[email protected]>

Author: RinkalBhojani

apps/api-gateway/src/oid4vc-issuance/dtos/oid4vc-issuer-template.dto.ts

@@ -14,6 +14,7 @@ import {
 import { ApiExtraModels, ApiProperty, ApiPropertyOptional, getSchemaPath, PartialType } from '@nestjs/swagger';
 import { Type } from 'class-transformer';
 import { DisplayDto } from './oid4vc-issuer.dto';
+import { SignerOption } from '@prisma/client';
 
 export class CredentialAttributeDto {
   @ApiProperty({ required: false, description: 'Whether the attribute is mandatory' })
@@ -104,10 +105,6 @@ export class AppearanceDto {
   display: CredentialDisplayDto[];
 }
 
-export enum SignerOption {
-  DID = 'did',
-  X509 = 'x509'
-}
 @ApiExtraModels(CredentialAttributeDto)
 export class CreateCredentialTemplateDto {
   @ApiProperty({ description: 'Template name' })
@@ -185,15 +182,6 @@ export class CreateCredentialTemplateDto {
             uri: 'https://upload.wikimedia.org/wikipedia/commons/2/2f/ABC-2021-LOGO.svg',
             alt_text: 'abc_logo'
           }
-        },
-        {
-          locale: 'ar',
-          name: 'شهادة الميلاد',
-          description: 'سجل رسمي للولادة',
-          logo: {
-            uri: 'https://upload.wikimedia.org/wikipedia/commons/2/2f/ABC-2021-LOGO.svg',
-            alt_text: 'شعار abc'
-          }
         }
       ]
     }

apps/oid4vc-issuance/interfaces/oid4vc-template.interfaces.ts

@@ -1,21 +1,18 @@
-import { Prisma } from '@prisma/client';
+import { Prisma, SignerOption } from '@prisma/client';
 import { Display } from './oid4vc-issuance.interfaces';
+import { CredentialFormat } from '@credebl/enum/enum';
 
 export interface CredentialAttribute {
   mandatory?: boolean;
   value_type: string;
   display?: Display[];
 }
 
-export enum SignerOption {
-  DID = 'did',
-  X509 = 'x509'
-}
 export interface CreateCredentialTemplate {
   name: string;
   description?: string;
-  signerOption?: SignerOption;
-  format: 'sd-jwt-vc' | 'mdoc';
+  signerOption?: SignerOption; //SignerOption;
+  format: CredentialFormat;
   issuer: string;
   canBeRevoked: boolean;
   attributes: Prisma.JsonValue;

apps/oid4vc-issuance/src/oid4vc-issuance.controller.ts

@@ -47,7 +47,7 @@ export class Oid4vcIssuanceController {
   }
 
   @MessagePattern({ cmd: 'oid4vc-get-issuers-issuance' })
-  async oidcGetIssuers(payload: { orgId: string }): Promise<object> {
+  async oidcGetIssuers(payload: { orgId: string }): Promise<oidc_issuer[]> {
     const { orgId } = payload;
     return this.oid4vcIssuanceService.oidcIssuers(orgId);
   }

apps/oid4vc-issuance/src/oid4vc-issuance.repository.ts

@@ -5,6 +5,8 @@ import { Prisma, credential_templates, oidc_issuer, org_agents } from '@prisma/c
 import { PrismaService } from '@credebl/prisma-service';
 import { IssuerMetadata, IssuerUpdation, OrgAgent } from '../interfaces/oid4vc-issuance.interfaces';
 import { ResponseMessages } from '@credebl/common/response-messages';
+import { x5cKeyType, x5cRecordStatus } from '@credebl/enum/enum';
+import { X509CertificateRecord } from '@credebl/common/interfaces/x509.interface';
 
 @Injectable()
 export class Oid4vcIssuanceRepository {
@@ -111,6 +113,24 @@ export class Oid4vcIssuanceRepository {
     }
   }
 
+  async getAllOidcIssuersByOrg(orgId: string): Promise<oidc_issuer[]> {
+    try {
+      return await this.prisma.oidc_issuer.findMany({
+        where: {
+          orgAgent: {
+            orgId
+          }
+        },
+        orderBy: {
+          createDateTime: 'desc'
+        }
+      });
+    } catch (error) {
+      this.logger.error(`Error in getOidcIssuerByOrg: ${error.message}`);
+      throw error;
+    }
+  }
+
   async getOidcIssuerDetailsById(issuerId: string): Promise<oidc_issuer> {
     try {
       return await this.prisma.oidc_issuer.findFirstOrThrow({
@@ -122,6 +142,35 @@ export class Oid4vcIssuanceRepository {
     }
   }
 
+  async getCurrentActiveCertificate(orgId: string, keyType: x5cKeyType): Promise<X509CertificateRecord> {
+    try {
+      const now = new Date();
+
+      const certificate = await this.prisma.x509_certificates.findFirst({
+        where: {
+          org_agents: {
+            orgId
+          },
+          status: x5cRecordStatus.Active,
+          keyType,
+          validFrom: {
+            lte: now
+          },
+          expiry: {
+            gte: now
+          }
+        },
+        orderBy: {
+          createdAt: 'desc'
+        }
+      });
+      return certificate;
+    } catch (error) {
+      this.logger.error(`Error in getCurrentActiveCertificate: ${error.message}`);
+      throw error;
+    }
+  }
+
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   async addOidcIssuerDetails(issuerMetadata: IssuerMetadata, issuerProfileJson): Promise<oidc_issuer> {
     try {

apps/oid4vc-issuance/src/oid4vc-issuance.service.ts

@@ -23,7 +23,7 @@ import { ResponseMessages } from '@credebl/common/response-messages';
 import { ClientProxy, RpcException } from '@nestjs/microservices';
 import { map } from 'rxjs';
 import { getAgentUrl } from '@credebl/common/common.utils';
-import { credential_templates, oidc_issuer, user } from '@prisma/client';
+import { credential_templates, oidc_issuer, SignerOption, user } from '@prisma/client';
 import {
   IAgentOIDCIssuerCreate,
   IssuerCreation,
@@ -57,6 +57,7 @@ import {
   buildCredentialOfferUrl,
   CredentialOfferPayload
 } from '../libs/helpers/credential-sessions.builder';
+import { x5cKeyType } from '@credebl/enum/enum';
 
 type CredentialDisplayItem = {
   logo?: { uri: string; alt_text?: string };
@@ -222,27 +223,15 @@ export class Oid4vcIssuanceService {
     }
   }
 
-  async oidcIssuers(orgId: string): Promise<IssuerResponse[]> {
+  async oidcIssuers(orgId: string): Promise<oidc_issuer[]> {
     try {
       const agentDetails = await this.oid4vcIssuanceRepository.getAgentEndPoint(orgId);
       if (!agentDetails?.agentEndPoint) {
         throw new NotFoundException(ResponseMessages.issuance.error.agentEndPointNotFound);
       }
+      const getIssuers = await this.oid4vcIssuanceRepository.getAllOidcIssuersByOrg(orgId);
 
-      const url = await getAgentUrl(agentDetails.agentEndPoint, CommonConstants.OIDC_GET_ALL_ISSUERS);
-      const issuersDetails = await this._oidcGetIssuers(url, orgId);
-      if (!issuersDetails || null == issuersDetails.response) {
-        throw new InternalServerErrorException('Error from agent while oidcIssuers');
-      }
-      //TODO: Fix the response type from agent
-      const raw = issuersDetails.response as unknown;
-      const response: IssuerResponse[] =
-        'string' === typeof raw ? (JSON.parse(raw) as IssuerResponse[]) : (raw as IssuerResponse[]);
-
-      if (!Array.isArray(response)) {
-        throw new InternalServerErrorException('Invalid issuer payload from agent');
-      }
-      return response;
+      return getIssuers;
     } catch (error: any) {
       const msg = error?.message ?? 'unknown error';
       this.logger.error(`[oidcIssuers] - error in oidcIssuers: ${msg}`);
@@ -294,13 +283,14 @@ export class Oid4vcIssuanceService {
       const metadata = {
         name,
         description,
-        format,
+        format: format.toString(),
         canBeRevoked,
         attributes,
         appearance: appearance ?? {},
         issuerId,
         signerOption
       };
+      console.log(`service - createTemplate: `, issuerId);
       // Persist in DB
       const createdTemplate = await this.oid4vcIssuanceRepository.createTemplate(issuerId, metadata);
       if (!createdTemplate) {
@@ -473,14 +463,45 @@ export class Oid4vcIssuanceService {
 
       //TDOD: signerOption should be under credentials change this with x509 support
       const signerOptions = [];
-      getAllOfferTemplates.forEach((template) => {
-        if (template.signerOption === SignerMethodOption.DID) {
+      for (const template of getAllOfferTemplates) {
+        if (template.signerOption === SignerOption.DID) {
           signerOptions.push({
             method: SignerMethodOption.DID,
             did: agentDetails.orgDid
           });
         }
-      });
+
+        if (template.signerOption == SignerOption.X509_P256) {
+          const activeCertificate = await this.oid4vcIssuanceRepository.getCurrentActiveCertificate(
+            orgId,
+            x5cKeyType.P256
+          );
+
+          if (!activeCertificate) {
+            throw new NotFoundException('No active certificate(p256) found for issuer');
+          }
+          signerOptions.push({
+            method: SignerMethodOption.X5C,
+            x5c: [activeCertificate.certificateBase64]
+          });
+        }
+
+        if (template.signerOption == SignerOption.X509_ED25519) {
+          const activeCertificate = await this.oid4vcIssuanceRepository.getCurrentActiveCertificate(
+            orgId,
+            x5cKeyType.Ed25519
+          );
+
+          if (!activeCertificate) {
+            throw new NotFoundException('No active certificate(ed25519) found for issuer');
+          }
+          signerOptions.push({
+            method: SignerMethodOption.X5C,
+            x5c: [activeCertificate.certificateBase64]
+          });
+        }
+      }
+      console.log(`Setup signerOptions `, signerOptions);
       //TODO: Implement x509 support and discuss with team
       const buildOidcCredentialOffer: CredentialOfferPayload = buildCredentialOfferPayload(
         createOidcCredentialOffer,

libs/prisma-service/prisma/migrations/20250814141522_add_supported_protocol/migration.sql

@@ -1,18 +1,3 @@
-/*
-  Warnings:
-
-  - You are about to drop the column `supported_protocol` on the `ledgers` table. All the data in the column will be lost.
-  - You are about to drop the column `supported_protocol` on the `organisation` table. All the data in the column will be lost.
-
-*/
--- AlterTable
-ALTER TABLE "ledgers" DROP COLUMN "supported_protocol";
-
--- AlterTable
-ALTER TABLE "organisation" DROP COLUMN "supported_protocol";
-
--- DropEnum
-DROP TYPE "CredentialExchangeProtocol";
 
 -- CreateTable
 CREATE TABLE "oid4vc_credentials" (

libs/prisma-service/prisma/migrations/20251013125236_added_x509_certificate_table/migration.sql

@@ -0,0 +1,14 @@
+/*
+  Warnings:
+
+  - The values [did,x509] on the enum `SignerOption` will be removed. If these variants are still used in the database, this will fail.
+
+*/
+-- AlterEnum
+BEGIN;
+CREATE TYPE "SignerOption_new" AS ENUM ('DID', 'X509_P256', 'X509_ED25519');
+ALTER TABLE "credential_templates" ALTER COLUMN "signerOption" TYPE "SignerOption_new" USING ("signerOption"::text::"SignerOption_new");
+ALTER TYPE "SignerOption" RENAME TO "SignerOption_old";
+ALTER TYPE "SignerOption_new" RENAME TO "SignerOption";
+DROP TYPE "SignerOption_old";
+COMMIT;

libs/prisma-service/prisma/migrations/20251017081348_changed_signer_options_values/migration.sql

@@ -601,8 +601,9 @@ model oid4vc_credentials {
 }
 
 enum SignerOption {
-  did
-  x509
+  DID
+  X509_P256
+  X509_ED25519
 }
 
 model credential_templates {