feat: OID4VC, OID4VP and X509 capabilities - experimental feature

.env.demo

@@ -102,6 +102,9 @@ UTILITIES_NKEY_SEED=
 CLOUD_WALLET_NKEY_SEED=
 GEOLOCATION_NKEY_SEED=
 NOTIFICATION_NKEY_SEED=
+X509_NKEY_SEED=
+OIDC4VC_ISSUANCE_NKEY_SEED=
+OIDC4VC_VERIFICATION_NKEY_SEED=
 
 KEYCLOAK_DOMAIN=http://localhost:8080/
 KEYCLOAK_ADMIN_URL=http://localhost:8080
@@ -141,6 +144,8 @@ ELK_PASSWORD=xxxxxx # ELK user password
 ORGANIZATION=credebl
 CONTEXT=platform
 APP=api
+# Default is true too, if nothing is passed
+HIDE_EXPERIMENTAL_OIDC_CONTROLLERS=true
 
 #Schema-file-server
 APP_PORT=4000

.env.sample

@@ -67,7 +67,8 @@ POSTGRES_PORT=5432
 POSTGRES_USER='postgres'
 POSTGRES_PASSWORD='xxxxx'
 POSTGRES_DATABASE= // Please provide your DB name
-
+# Default is true too, set to 'false', to view OIDC controllers in openAPI docs
+HIDE_EXPERIMENTAL_OIDC_CONTROLLERS=true
 SENDGRID_API_KEY=xxxxxxxxxxxxxx // Please provide your sendgrid API key
 
 FRONT_END_URL=http://localhost:3000
@@ -109,18 +110,21 @@ AGENT_PROTOCOL=http
 GEO_LOCATION_MASTER_DATA_IMPORT_SCRIPT=/prisma/scripts/geo_location_data_import.sh
 UPDATE_CLIENT_CREDENTIAL_SCRIPT=/prisma/scripts/update_client_credential_data.sh
 
-USER_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for user service
-API_GATEWAY_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for api-gateway
-ORGANIZATION_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for organization service
-AGENT_PROVISIONING_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for agent provisioning service
-AGENT_SERVICE_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for agent service
-VERIFICATION_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for verification service
-ISSUANCE_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for issuance service
-CONNECTION_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for connection service
-CREDENTAILDEFINITION_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for credential-definition service
-SCHEMA_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for schema service
-UTILITIES_NKEY_SEED= xxxxxxxxxxxxx // Please provide Nkeys secret for utilities service
-GEOLOCATION_NKEY_SEED= xxxxxxxxxxx // Please provide Nkeys secret for geo-location service
+USER_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for user service
+API_GATEWAY_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for api-gateway
+ORGANIZATION_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for organization service
+AGENT_PROVISIONING_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for agent provisioning service
+AGENT_SERVICE_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for agent service
+VERIFICATION_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for verification service
+ISSUANCE_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for issuance service
+CONNECTION_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for connection service
+CREDENTAILDEFINITION_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for credential-definition service
+SCHEMA_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for schema service
+UTILITIES_NKEY_SEED=xxxxxxxxxxxxx // Please provide Nkeys secret for utilities service
+GEOLOCATION_NKEY_SEED=xxxxxxxxxxx // Please provide Nkeys secret for geo-location service
+X509_NKEY_SEED=xxxxxxxxxxx // Please provide Nkeys secret for x509 service
+OIDC4VC_ISSUANCE_NKEY_SEED=xxxxxxxxxxx // Please provide Nkeys secret for x509 service
+OIDC4VC_VERIFICATION_NKEY_SEED=xxxxxxxxxxx // Please provide Nkeys secret for x509 service
 
 AFJ_AGENT_TOKEN_PATH=/apps/agent-provisioning/AFJ/token/
 

.github/workflows/continuous-delivery.yml

@@ -31,6 +31,9 @@ jobs:
           - webhook
           - organization
           - seed
+          - x509
+          - oid4vc-issuance
+          - oid4vc-verification
 
     permissions:
       contents: read

Dockerfiles/Dockerfile.oid4vc-issuance

@@ -0,0 +1,43 @@
+# Stage 1: Build the application
+FROM node:18-alpine as build
+# Install OpenSSL
+RUN apk add --no-cache openssl
+RUN npm install -g pnpm
+# Set the working directory
+WORKDIR /app
+
+# Copy package.json and package-lock.json
+COPY package.json ./
+COPY pnpm-workspace.yaml ./
+
+ENV PUPPETEER_SKIP_DOWNLOAD=true
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN pnpm i --ignore-scripts
+
+# Copy the rest of the application code
+COPY . .
+RUN cd libs/prisma-service && npx prisma generate
+
+# Build the oid4vc-issuance service
+RUN npm run build oid4vc-issuance
+
+
+# Stage 2: Create the final image
+FROM node:18-alpine
+# Install OpenSSL
+RUN apk add --no-cache openssl
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the compiled code from the build stage
+COPY --from=build /app/dist/apps/oid4vc-issuance/ ./dist/apps/oid4vc-issuance/
+
+# Copy the libs folder from the build stage
+COPY --from=build /app/libs/ ./libs/
+
+COPY --from=build /app/node_modules  ./node_modules
+
+# Set the command to run the microservice
+CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/oid4vc-issuance/main.js"]

Dockerfiles/Dockerfile.oid4vc-verification

@@ -0,0 +1,44 @@
+# Stage 1: Build the application
+FROM node:18-alpine as build
+# Install OpenSSL
+RUN apk add --no-cache openssl
+RUN npm install -g pnpm
+# Set the working directory
+WORKDIR /app
+
+# Copy package.json and package-lock.json
+COPY package.json ./
+COPY pnpm-workspace.yaml ./
+
+ENV PUPPETEER_SKIP_DOWNLOAD=true
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN pnpm i --ignore-scripts
+
+# Copy the rest of the application code
+COPY . .
+
+RUN cd libs/prisma-service && npx prisma generate
+
+# Build the oid4vc-verification service
+RUN npm run build oid4vc-verification
+
+
+# Stage 2: Create the final image
+FROM node:18-alpine
+# Install OpenSSL
+RUN apk add --no-cache openssl
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the compiled code from the build stage
+COPY --from=build /app/dist/apps/oid4vc-verification/ ./dist/apps/oid4vc-verification/
+
+# Copy the libs folder from the build stage
+COPY --from=build /app/libs/ ./libs/
+
+COPY --from=build /app/node_modules  ./node_modules
+
+# Set the command to run the microservice
+CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/oid4vc-verification/main.js"]

Dockerfiles/Dockerfile.x509

@@ -0,0 +1,43 @@
+# Stage 1: Build the application
+FROM node:18-alpine as build
+# Install OpenSSL
+RUN apk add --no-cache openssl
+RUN npm install -g pnpm
+# Set the working directory
+WORKDIR /app
+
+COPY package.json ./
+COPY pnpm-workspace.yaml ./
+
+ENV PUPPETEER_SKIP_DOWNLOAD=true
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN pnpm i --ignore-scripts
+
+# Copy the rest of the application code
+COPY . .
+
+RUN cd libs/prisma-service && npx prisma generate
+
+# Build the x509 service
+RUN npm run build x509
+
+
+# Stage 2: Create the final image
+FROM node:18-alpine
+# Install OpenSSL
+RUN apk add --no-cache openssl
+
+# Set the working directory
+WORKDIR /app
+
+# Copy the compiled code from the build stage
+COPY --from=build /app/dist/apps/x509/ ./dist/apps/x509/
+
+# Copy the libs folder from the build stage
+COPY --from=build /app/libs/ ./libs/
+
+COPY --from=build /app/node_modules  ./node_modules
+
+# Set the command to run the microservice
+CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/x509/main.js"]

apps/agent-service/src/agent-service.controller.ts

@@ -1,4 +1,4 @@
-import { Controller } from '@nestjs/common';
+import { Controller, Logger } from '@nestjs/common';
 import { MessagePattern } from '@nestjs/microservices';
 import { AgentServiceService } from './agent-service.service';
 import {
@@ -27,9 +27,16 @@ import { user } from '@prisma/client';
 import { InvitationMessage } from '@credebl/common/interfaces/agent-service.interface';
 import { AgentSpinUpStatus } from '@credebl/enum/enum';
 import { SignDataDto } from '../../api-gateway/src/agent-service/dto/agent-service.dto';
+import {
+  IX509ImportCertificateOptionsDto,
+  x509CertificateDecodeDto,
+  X509CreateCertificateOptions
+} from '@credebl/common/interfaces/x509.interface';
+import { CreateVerifier, UpdateVerifier } from '@credebl/common/interfaces/oid4vp-verification';
 
 @Controller()
 export class AgentServiceController {
+  private readonly logger = new Logger('AgentServiceController');
   constructor(private readonly agentServiceService: AgentServiceService) {}
 
   /**
@@ -323,4 +330,140 @@ export class AgentServiceController {
   async agentdetailsByOrgId(payload: { orgId: string }): Promise<IStoreAgent> {
     return this.agentServiceService.getAgentDetails(payload.orgId);
   }
+
+  @MessagePattern({ cmd: 'agent-create-oid4vc-issuer' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcIssuerCreate(payload: { issuerCreation; url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcIssuerCreate(payload.issuerCreation, payload.url, payload.orgId);
+  }
+  @MessagePattern({ cmd: 'delete-oid4vc-issuer' })
+  async oidcDeleteIssuer(payload: { url: string; orgId: string }): Promise<object | string> {
+    return this.agentServiceService.deleteOidcIssuer(payload.url, payload.orgId);
+  }
+  @MessagePattern({ cmd: 'agent-create-oid4vc-template' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcIssuerTemplate(payload: { templatePayload; url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcIssuerTemplate(payload.templatePayload, payload.url, payload.orgId);
+  }
+  //TODO: change message for oid4vc
+  @MessagePattern({ cmd: 'oid4vc-get-issuer-by-id' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcGetIssuerById(payload: { url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcGetIssuerById(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'oid4vc-get-issuers-agent-service' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcGetIssuers(payload: { url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcGetIssuers(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-service-oid4vc-create-credential-offer' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcCreateCredentialOffer(payload: { credentialPayload; url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcCreateCredentialOffer(payload.credentialPayload, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-service-oid4vc-update-credential-offer' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcUpdateCredentialOffer(payload: { issuanceMetadata; url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcUpdateCredentialOffer(payload.issuanceMetadata, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-service-oid4vc-get-credential-offer-by-id' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcGetCredentialOfferById(payload: { url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcGetCredentialOfferById(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-service-oid4vc-get-all-credential-offers' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcGetAllCredentialOffers(payload: { url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcGetAllCredentialOffers(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-service-oid4vc-delete-credential-offer' })
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async oidcDeleteCredentialOffer(payload: { url: string; orgId: string }): Promise<any> {
+    return this.agentServiceService.oidcDeleteCredentialOffer(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-create-x509-certificate' })
+  async createX509Certificate(payload: {
+    options: X509CreateCertificateOptions;
+    url: string;
+    orgId: string;
+  }): Promise<object> {
+    return this.agentServiceService.createX509Certificate(payload.options, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-decode-x509-certificate' })
+  async decodeX509Certificate(payload: {
+    options: x509CertificateDecodeDto;
+    url: string;
+    orgId: string;
+  }): Promise<object> {
+    return this.agentServiceService.decodeX509Certificate(payload.options, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-import-x509-certificate' })
+  async importX509Certificate(payload: {
+    options: IX509ImportCertificateOptionsDto;
+    url: string;
+    orgId: string;
+  }): Promise<object> {
+    return this.agentServiceService.importX509Certificate(payload.options, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-create-oid4vp-verifier' })
+  async createOid4vpVerifier(payload: {
+    verifierDetails: CreateVerifier;
+    url: string;
+    orgId: string;
+  }): Promise<object> {
+    this.logger.log(
+      `[createOid4vpVerifier] Received 'agent-create-oid4vp-verifier' request for orgId=${payload?.orgId || 'N/A'}`
+    );
+    return this.agentServiceService.createOid4vpVerifier(payload.verifierDetails, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-delete-oid4vp-verifier' })
+  async deleteOid4vpVerifier(payload: { url: string; orgId: string }): Promise<object> {
+    this.logger.log(
+      `[deleteOid4vpVerifier] Received 'agent-delete-oid4vp-verifier' request for orgId=${payload?.orgId || 'N/A'}`
+    );
+    return this.agentServiceService.deleteOid4vpVerifier(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-update-oid4vp-verifier' })
+  async updateOid4vpVerifier(payload: {
+    verifierDetails: UpdateVerifier;
+    url: string;
+    orgId: string;
+  }): Promise<object> {
+    this.logger.log(
+      `[updateOid4vpVerifier] Received 'agent-update-oid4vp-verifier' request for orgId=${payload?.orgId || 'N/A'}`
+    );
+    return this.agentServiceService.updateOid4vpVerifier(payload.verifierDetails, payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-get-oid4vp-verifier-session' })
+  async getOid4vpVerifierSession(payload: { url: string; orgId: string }): Promise<object> {
+    this.logger.log(
+      `[getOid4vpVerifierSession] Received 'agent-get-oid4vp-verifier-session' request for orgId=${payload?.orgId || 'N/A'}`
+    );
+    return this.agentServiceService.getOid4vpVerifierSession(payload.url, payload.orgId);
+  }
+
+  @MessagePattern({ cmd: 'agent-create-oid4vp-verification-session' })
+  async oid4vpCreateVerificationSession(payload: {
+    sessionRequest: object;
+    url: string;
+    orgId: string;
+  }): Promise<object> {
+    this.logger.log(
+      `[oid4vpCreateVerificationSession] Received 'agent-create-oid4vp-verification-session' request for orgId=${payload?.orgId || 'N/A'}`
+    );
+    return this.agentServiceService.createOid4vpVerificationSession(payload.sessionRequest, payload.url, payload.orgId);
+  }
 }