fix(callback): set the correct base address for the callback (#83)

* fix(callback): set the correct base address for the callback
* fix(schema): adjust membership and framework schemas
* feat(api): add new endpoint to fetch own credentials
* add endpoint /api/issuer/owned-credentials to fetch all credentials for a specific company
* fix: adjust wallet configuration

Refs: #71
Reviewed-By: Norbert Truchsess <[email protected]>

charts/ssi-credential-issuer/templates/cronjob-issuer-processes.yaml

@@ -123,7 +123,7 @@ spec:
               value: "{{ .Values.processesworker.wallet.scope }}"
             - name: "WALLET__USERNAME"
               value: "empty"
-            - name: "WALLET__ENCRYPTIONCONFIG__ENCRYPTIONCONFIGINDEX"
+            - name: "WALLET__ENCRYPTIONCONFIGINDEX"
               value: "{{ .Values.processesworker.wallet.encryptionConfigIndex }}"
             - name: "WALLET__ENCRYPTIONCONFIGS__0__INDEX"
               value: "{{ .Values.processesworker.wallet.encryptionConfigs.index0.index}}"

src/database/SsiCredentialIssuer.DbAccess/Models/OwnedVerifiedCredentialData.cs

@@ -0,0 +1,29 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+using Org.Eclipse.TractusX.SsiCredentialIssuer.Entities.Enums;
+
+namespace Org.Eclipse.TractusX.SsiCredentialIssuer.DBAccess.Models;
+
+public record OwnedVerifiedCredentialData(
+    VerifiedCredentialTypeId CredentialType,
+    CompanySsiDetailStatusId Status,
+    DateTimeOffset? ExpiryDate,
+    string Authority
+);

src/database/SsiCredentialIssuer.DbAccess/Repositories/CompanySsiDetailsRepository.cs

@@ -176,6 +176,17 @@ public IQueryable<CompanySsiDetail> GetAllCredentialDetails(CompanySsiDetailStat
                 (!companySsiDetailStatusId.HasValue || c.CompanySsiDetailStatusId == companySsiDetailStatusId.Value) &&
                 (!credentialTypeId.HasValue || c.VerifiedCredentialTypeId == credentialTypeId));
 
+    /// <inheritdoc />
+    public IAsyncEnumerable<OwnedVerifiedCredentialData> GetOwnCredentialDetails(string bpnl) =>
+        _context.CompanySsiDetails.AsNoTracking()
+            .Where(c => c.Bpnl == bpnl)
+            .Select(c => new OwnedVerifiedCredentialData(
+                c.VerifiedCredentialTypeId,
+                c.CompanySsiDetailStatusId,
+                c.ExpiryDate,
+                c.IssuerBpn))
+            .ToAsyncEnumerable();
+
     /// <inheritdoc />
     public Task<(bool exists, SsiApprovalData data)> GetSsiApprovalData(Guid credentialId) =>
         _context.CompanySsiDetails

src/database/SsiCredentialIssuer.DbAccess/Repositories/ICompanySsiDetailsRepository.cs

@@ -87,6 +87,12 @@ public interface ICompanySsiDetailsRepository
     /// <returns>Returns data to create the pagination</returns>
     IQueryable<CompanySsiDetail> GetAllCredentialDetails(CompanySsiDetailStatusId? companySsiDetailStatusId, VerifiedCredentialTypeId? credentialTypeId);
 
+    /// <summary>
+    /// Gets all credentials for a specific bpn
+    /// </summary>
+    /// <param name="bpnl">The bpn to filter the credentials for</param>
+    IAsyncEnumerable<OwnedVerifiedCredentialData> GetOwnCredentialDetails(string bpnl);
+
     Task<(bool exists, SsiApprovalData data)> GetSsiApprovalData(Guid credentialId);
     Task<(bool Exists, CompanySsiDetailStatusId Status, VerifiedCredentialTypeId Type, Guid? ProcessId, IEnumerable<Guid> ProcessStepIds)> GetSsiRejectionData(Guid credentialId);
     void AttachAndModifyCompanySsiDetails(Guid id, Action<CompanySsiDetail>? initialize, Action<CompanySsiDetail> updateFields);

src/externalservices/Callback.Service/DependencyInjection/CallbackSettings.cs

@@ -18,9 +18,12 @@
  ********************************************************************************/
 
 using Org.Eclipse.TractusX.Portal.Backend.Framework.Token;
+using System.ComponentModel.DataAnnotations;
 
 namespace Org.Eclipse.TractusX.SsiCredentialIssuer.Callback.Service.DependencyInjection;
 
 public class CallbackSettings : KeyVaultAuthSettings
 {
+    [Required(AllowEmptyStrings = false)]
+    public string BaseAddress { get; set; } = null!;
 }

src/externalservices/Callback.Service/DependencyInjection/ServiceCollectionExtensions.cs

@@ -19,6 +19,7 @@
 
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
 using Org.Eclipse.TractusX.Portal.Backend.Framework.HttpClientExtensions;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.Callback.Service.Services;
 
@@ -35,8 +36,10 @@ public static IServiceCollection AddCallbackService(this IServiceCollection serv
 
         services.AddTransient<LoggingHandler<CallbackService>>();
 
+        var sp = services.BuildServiceProvider();
+        var settings = sp.GetRequiredService<IOptions<CallbackSettings>>();
         return services
             .AddScoped<ICallbackService, CallbackService>()
-            .AddCustomHttpClientWithAuthentication<CallbackService>(null);
+            .AddCustomHttpClientWithAuthentication<CallbackService>(settings.Value.BaseAddress);
     }
 }

src/externalservices/Wallet.Service/DependencyInjection/WalletSettings.cs

@@ -32,5 +32,5 @@ public class WalletSettings : BasicAuthSettings
     public IEnumerable<EncryptionModeConfig> EncryptionConfigs { get; set; } = null!;
 
     [Required]
-    public int EncrptionConfigIndex { get; set; }
+    public int EncryptionConfigIndex { get; set; }
 }

src/externalservices/Wallet.Service/Schemas/FRAMEWORKCredential.schema.json

@@ -2,6 +2,16 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://eclipse-tractusx.github.io/FrameworkCredential.schema.json",
   "type": "object",
+  "required": [
+    "id",
+    "type",
+    "issuer",
+    "@context",
+    "issuanceDate",
+    "expirationDate",
+    "credentialStatus",
+    "credentialSubject"
+  ],
   "properties": {
     "id": {
       "type": "string"
@@ -51,6 +61,7 @@
     },
     "credentialSubject": {
       "type": "object",
+      "required": ["id", "holderIdentifier", "group", "useCase", "contractTemplate", "contractVersion"],
       "properties": {
         "id": {
           "type": "string"
@@ -71,9 +82,7 @@
         "contractVersion": {
           "type": "string"
         }
-      },
-      "required": ["id", "holderIdentifier", "group", "useCase", "contractTemplate", "contractVersion"]
+      }
     }
-  },
-  "required": ["id", "@context", "type", "issuanceDate", "expirationDate", "issuer", "credentialSubject"]
+  }
 }

src/externalservices/Wallet.Service/Schemas/MEMBERSHIPCredential.schema.json

@@ -2,8 +2,17 @@
   "$schema": "https://json-schema.org/draft/2020-12/schema",
   "$id": "https://eclipse-tractusx.github.io/MembershipCredential.schema.json",
   "type": "object",
+  "required": [
+    "id",
+    "type",
+    "issuer",
+    "@context",
+    "issuanceDate",
+    "expirationDate",
+    "credentialStatus",
+    "credentialSubject"
+  ],
   "properties": {
-
     "id": {
       "type": "string"
     },
@@ -52,19 +61,22 @@
     },
     "credentialSubject": {
       "type": "object",
+      "required": [
+        "id",
+        "memberOf",
+        "holderIdentifier"
+      ],
       "properties": {
         "id": {
           "type": "string"
         },
-        "holderIdentifier": {
+        "memberOf": {
           "type": "string"
         },
-        "memberOf": {
+        "holderIdentifier": {
           "type": "string"
         }
-      },
-      "required": ["id", "holderIdentifier", "memberOf"]
+      }
     }
-  },
-  "required": ["id", "@context", "type", "issuanceDate", "expirationDate", "issuer", "credentialSubject"]
+  }
 }

src/issuer/SsiCredentialIssuer.Service/BusinessLogic/IIssuerBusinessLogic.cs

@@ -31,6 +31,7 @@ public interface IIssuerBusinessLogic
     Task<IEnumerable<CertificateParticipationData>> GetSsiCertificatesAsync();
 
     Task<Pagination.Response<CredentialDetailData>> GetCredentials(int page, int size, CompanySsiDetailStatusId? companySsiDetailStatusId, VerifiedCredentialTypeId? credentialTypeId, CompanySsiDetailSorting? sorting);
+    IAsyncEnumerable<OwnedVerifiedCredentialData> GetCredentialsForBpn();
 
     Task ApproveCredential(Guid credentialId, CancellationToken cancellationToken);
 

src/issuer/SsiCredentialIssuer.Service/BusinessLogic/IssuerBusinessLogic.cs

@@ -174,6 +174,11 @@ await _repositories
             ));
     }
 
+    public IAsyncEnumerable<OwnedVerifiedCredentialData> GetCredentialsForBpn() =>
+        _repositories
+            .GetInstance<ICompanySsiDetailsRepository>()
+            .GetOwnCredentialDetails(_identity.Bpnl);
+
     /// <inheritdoc />
     public async Task ApproveCredential(Guid credentialId, CancellationToken cancellationToken)
     {

src/issuer/SsiCredentialIssuer.Service/Controllers/IssuerController.cs

@@ -36,6 +36,7 @@ public static class IssuerController
 {
     private const string RequestSsiRole = "request_ssicredential";
     private const string DecisionSsiRole = "decision_ssicredential";
+    private const string ViewCredentialRequestRole = "view_credential_requests";
 
     public static RouteGroupBuilder MapIssuerApi(this RouteGroupBuilder group)
     {
@@ -93,6 +94,17 @@ public static RouteGroupBuilder MapIssuerApi(this RouteGroupBuilder group)
             .WithDefaultResponses()
             .Produces(StatusCodes.Status200OK, typeof(IEnumerable<CredentialDetailData>), Constants.JsonContentType);
 
+        issuer.MapGet("owned-credentials", (IIssuerBusinessLogic logic) => logic.GetCredentialsForBpn())
+            .WithSwaggerDescription("Gets all outstanding, existing and inactive credentials for the company of the user",
+                "Example: GET: /api/issuer/owned-credentials")
+            .RequireAuthorization(r =>
+            {
+                r.RequireRole(ViewCredentialRequestRole);
+                r.AddRequirements(new MandatoryIdentityClaimRequirement(PolicyTypeId.ValidBpn));
+            })
+            .WithDefaultResponses()
+            .Produces(StatusCodes.Status200OK, typeof(IEnumerable<CredentialDetailData>), Constants.JsonContentType);
+
         issuer.MapPost("bpn", ([FromBody] CreateBpnCredentialRequest requestData, CancellationToken cancellationToken, IIssuerBusinessLogic logic) => logic.CreateBpnCredential(requestData, cancellationToken))
             .WithSwaggerDescription("Creates a bpn credential for the given data",
                 "POST: api/issuer/bpn",

src/processes/CredentialProcess.Library/DependencyInjection/CredentialHandlerExtensions.cs

@@ -17,30 +17,26 @@
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
 
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.CredentialProcess.Library.Creation;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.CredentialProcess.Library.Expiry;
-using Org.Eclipse.TractusX.SsiCredentialIssuer.Wallet.Service.DependencyInjection;
 
 namespace Org.Eclipse.TractusX.SsiCredentialIssuer.CredentialProcess.Library.DependencyInjection;
 
 public static class CredentialHandlerExtensions
 {
-    public static IServiceCollection AddCredentialCreationProcessHandler(this IServiceCollection services, IConfiguration config)
+    public static IServiceCollection AddCredentialCreationProcessHandler(this IServiceCollection services)
     {
         services
-            .AddTransient<ICredentialCreationProcessHandler, Creation.CredentialCreationProcessHandler>()
-            .AddWalletService(config);
+            .AddTransient<ICredentialCreationProcessHandler, CredentialCreationProcessHandler>();
 
         return services;
     }
 
-    public static IServiceCollection AddCredentialExpiryProcessHandler(this IServiceCollection services, IConfiguration config)
+    public static IServiceCollection AddCredentialExpiryProcessHandler(this IServiceCollection services)
     {
         services
-            .AddTransient<ICredentialExpiryProcessHandler, CredentialExpiryProcessHandler>()
-            .AddWalletService(config);
+            .AddTransient<ICredentialExpiryProcessHandler, CredentialExpiryProcessHandler>();
 
         return services;
     }

src/processes/CredentialProcess.Worker/DependencyInjection/CredentialProcessCollectionExtensions.cs

@@ -17,7 +17,6 @@
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
 
-using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.CredentialProcess.Library.DependencyInjection;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.CredentialProcess.Worker.Expiry;
@@ -27,13 +26,13 @@ namespace Org.Eclipse.TractusX.SsiCredentialIssuer.CredentialProcess.Worker.Depe
 
 public static class CredentialProcessCollectionExtensions
 {
-    public static IServiceCollection AddCredentialCreationProcessExecutor(this IServiceCollection services, IConfiguration config) =>
+    public static IServiceCollection AddCredentialCreationProcessExecutor(this IServiceCollection services) =>
         services
             .AddTransient<IProcessTypeExecutor, Creation.CredentialCreationProcessTypeExecutor>()
-            .AddCredentialCreationProcessHandler(config);
+            .AddCredentialCreationProcessHandler();
 
-    public static IServiceCollection AddCredentialExpiryProcessExecutor(this IServiceCollection services, IConfiguration config) =>
+    public static IServiceCollection AddCredentialExpiryProcessExecutor(this IServiceCollection services) =>
         services
             .AddTransient<IProcessTypeExecutor, CredentialExpiryProcessTypeExecutor>()
-            .AddCredentialExpiryProcessHandler(config);
+            .AddCredentialExpiryProcessHandler();
 }

src/processes/Processes.Worker/Program.cs

@@ -26,6 +26,7 @@
 using Org.Eclipse.TractusX.SsiCredentialIssuer.DBAccess;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.Portal.Service.DependencyInjection;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.Processes.Worker.Library;
+using Org.Eclipse.TractusX.SsiCredentialIssuer.Wallet.Service.DependencyInjection;
 using Serilog;
 
 LoggingExtensions.EnsureInitialized();
@@ -42,8 +43,9 @@
                 .AddProcessExecutionService(hostContext.Configuration.GetSection("Processes"))
                 .AddPortalService(hostContext.Configuration.GetSection("Portal"))
                 .AddCallbackService(hostContext.Configuration.GetSection("Callback"))
-                .AddCredentialCreationProcessExecutor(hostContext.Configuration)
-                .AddCredentialExpiryProcessExecutor(hostContext.Configuration);
+                .AddWalletService(hostContext.Configuration)
+                .AddCredentialCreationProcessExecutor()
+                .AddCredentialExpiryProcessExecutor();
         })
         .AddLogging()
         .Build();

tests/database/SsiCredentialIssuer.DbAccess.Tests/CompanySsiDetailsRepositoryTests.cs

@@ -191,6 +191,44 @@ public async Task GetSsiCertificates_WithValidData_ReturnsExpected()
 
     #endregion
 
+    #region GetOwnCredentialDetails
+
+    [Fact]
+    public async Task GetOwnCredentialDetails_WithValidData_ReturnsExpected()
+    {
+        // Arrange
+        var sut = await CreateSut();
+
+        // Act
+        var result = await sut.GetOwnCredentialDetails(ValidBpnl).ToListAsync().ConfigureAwait(false);
+
+        // Assert
+        result.Should().HaveCount(6)
+            .And.Satisfy(
+                x => x.CredentialType == VerifiedCredentialTypeId.TRACEABILITY_FRAMEWORK && x.Status == CompanySsiDetailStatusId.PENDING,
+                x => x.CredentialType == VerifiedCredentialTypeId.PCF_FRAMEWORK && x.Status == CompanySsiDetailStatusId.PENDING,
+                x => x.CredentialType == VerifiedCredentialTypeId.DISMANTLER_CERTIFICATE && x.Status == CompanySsiDetailStatusId.PENDING,
+                x => x.CredentialType == VerifiedCredentialTypeId.BEHAVIOR_TWIN_FRAMEWORK && x.Status == CompanySsiDetailStatusId.INACTIVE,
+                x => x.CredentialType == VerifiedCredentialTypeId.DISMANTLER_CERTIFICATE && x.Status == CompanySsiDetailStatusId.INACTIVE,
+                x => x.CredentialType == VerifiedCredentialTypeId.DISMANTLER_CERTIFICATE && x.Status == CompanySsiDetailStatusId.INACTIVE
+            );
+    }
+
+    [Fact]
+    public async Task GetOwnCredentialDetails_WithBpnWithoutCredential_ReturnsExpected()
+    {
+        // Arrange
+        var sut = await CreateSut();
+
+        // Act
+        var result = await sut.GetOwnCredentialDetails("BPNL000000INVALID").ToListAsync().ConfigureAwait(false);
+
+        // Assert
+        result.Should().BeEmpty();
+    }
+
+    #endregion
+
     #region CreateSsiDetails
 
     [Fact]