Merge pull request #48 from skyforce77/feat/credential-endpoint

[feature] VCI Credential endpoint

Author: skyforce77

pom.xml

@@ -12,8 +12,8 @@
   <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
-    <authlete.java.common.version>3.68</authlete.java.common.version>
-    <authlete.java.jaxrs.version>2.61</authlete.java.jaxrs.version>
+    <authlete.java.common.version>3.75</authlete.java.common.version>
+    <authlete.java.jaxrs.version>2.62</authlete.java.jaxrs.version>
     <javax.servlet-api.version>3.0.1</javax.servlet-api.version>
     <jersey.version>2.30.1</jersey.version>
     <jetty.version>9.4.27.v20200227</jetty.version>

src/main/java/com/authlete/jaxrs/server/api/OBBTokenTask.java

@@ -70,7 +70,7 @@ private static boolean needsProcessing(
 
         // If the token request is a refresh token request.
         String grantType = requestParams.getFirst("grant_type");
-        if (grantType != null && grantType.equals("refresht_token"))
+        if (grantType != null && grantType.equals("refresh_token"))
         {
             // Because Open Baning Brasil prohibits refresh token rotation,
             // no new refresh token is issued by the refresh token request.

src/main/java/com/authlete/jaxrs/server/api/vci/AbstractCredentialEndpoint.java

@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2023 Authlete, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package com.authlete.jaxrs.server.api.vci;
+
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
+import com.authlete.common.api.AuthleteApi;
+import com.authlete.common.dto.IntrospectionRequest;
+import com.authlete.common.dto.IntrospectionResponse;
+import com.authlete.jaxrs.BaseResourceEndpoint;
+import com.authlete.jaxrs.server.util.ExceptionUtil;
+
+
+public abstract class AbstractCredentialEndpoint extends BaseResourceEndpoint
+{
+    protected String checkContentExtractToken(final HttpServletRequest request,
+                                 final String requestContent)
+    {
+        if (requestContent == null)
+        {
+            throw ExceptionUtil.badRequestException("Missing request content.");
+        }
+
+        final String accessToken = processAccessToken(request);
+        if (accessToken == null)
+        {
+            throw ExceptionUtil.badRequestException("Missing access token.");
+        }
+
+        return accessToken;
+    }
+
+
+    private String processAccessToken(final HttpServletRequest request)
+    {
+        // The value of the "Authorization" header.
+        final String authorization = request.getHeader(HttpHeaders.AUTHORIZATION);
+
+        return super.extractAccessToken(authorization, null);
+    }
+
+
+    protected IntrospectionResponse introspect(final AuthleteApi api,
+                                final String accessToken)
+            throws WebApplicationException
+    {
+        final IntrospectionRequest introspectionRequest = new IntrospectionRequest()
+                .setToken(accessToken);
+
+        final IntrospectionResponse response = api.introspection(introspectionRequest);
+        final String content = response.getResponseContent();
+
+        switch (response.getAction())
+        {
+            case BAD_REQUEST:
+                throw ExceptionUtil.badRequestException(content);
+
+            case UNAUTHORIZED:
+                throw ExceptionUtil.unauthorizedException(accessToken, content);
+
+            case FORBIDDEN:
+                throw ExceptionUtil.forbiddenException(content);
+
+            case OK:
+                return response;
+
+            case INTERNAL_SERVER_ERROR:
+            default:
+                throw ExceptionUtil.internalServerErrorException(content);
+        }
+    }
+}

src/main/java/com/authlete/jaxrs/server/api/vci/BatchCredentialEndpoint.java

@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2023 Authlete, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package com.authlete.jaxrs.server.api.vci;
+
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import com.authlete.common.api.AuthleteApi;
+import com.authlete.common.api.AuthleteApiFactory;
+import com.authlete.common.dto.CredentialBatchIssueRequest;
+import com.authlete.common.dto.CredentialBatchIssueResponse;
+import com.authlete.common.dto.CredentialBatchParseRequest;
+import com.authlete.common.dto.CredentialBatchParseResponse;
+import com.authlete.common.dto.CredentialIssuanceOrder;
+import com.authlete.common.dto.CredentialRequestInfo;
+import com.authlete.common.dto.IntrospectionResponse;
+import com.authlete.jaxrs.server.util.CredentialUtil;
+import com.authlete.jaxrs.server.util.ExceptionUtil;
+import com.authlete.jaxrs.server.util.ResponseUtil;
+import com.authlete.jaxrs.server.util.StringUtil;
+
+
+@Path("/api/batch_credential")
+public class BatchCredentialEndpoint extends AbstractCredentialEndpoint
+{
+    @POST
+    @Consumes(MediaType.APPLICATION_JSON)
+    public Response post(@Context HttpServletRequest request,
+                         final String requestContent)
+    {
+        final AuthleteApi api = AuthleteApiFactory.getDefaultApi();
+
+        // Check request content
+        final String accessToken = super.checkContentExtractToken(request, requestContent);
+
+        // Validate access token
+        final IntrospectionResponse introspection = introspect(api, accessToken);
+
+        // Parse credential and make it an order
+        final CredentialRequestInfo[] credential =
+                credentialBatchParse(api, requestContent, accessToken);
+
+        final CredentialIssuanceOrder[] orders;
+        try {
+            orders = CredentialUtil.toOrder(introspection, credential);
+        } catch (final CredentialUtil.UnknownCredentialFormatException e) {
+            return ResponseUtil.badRequestJson(e.getJsonError());
+        }
+
+        // Issue
+        return credentialIssue(api, orders, accessToken);
+    }
+
+
+    private CredentialRequestInfo[] credentialBatchParse(final AuthleteApi api,
+                                     final String requestContent,
+                                     final String accessToken)
+            throws WebApplicationException
+    {
+        final CredentialBatchParseRequest parseRequest =
+                new CredentialBatchParseRequest()
+                        .setRequestContent(requestContent)
+                        .setAccessToken(accessToken);
+
+        final CredentialBatchParseResponse response =
+                api.credentialBatchParse(parseRequest);
+        final String content = response.getResponseContent();
+
+        switch (response.getAction())
+        {
+            case BAD_REQUEST:
+                throw ExceptionUtil.badRequestExceptionJson(content);
+
+            case UNAUTHORIZED:
+                throw ExceptionUtil.unauthorizedException(accessToken, content);
+
+            case FORBIDDEN:
+                throw ExceptionUtil.forbiddenExceptionJson(content);
+
+            case OK:
+                return response.getInfo();
+
+            case INTERNAL_SERVER_ERROR:
+            default:
+                throw ExceptionUtil.internalServerErrorException(content);
+        }
+    }
+
+
+    private Response credentialIssue(final AuthleteApi api,
+                            final CredentialIssuanceOrder[] orders,
+                            final String accessToken)
+    {
+        final CredentialBatchIssueRequest credentialBatchIssueRequest = new CredentialBatchIssueRequest()
+                .setAccessToken(accessToken)
+                .setOrders(orders);
+
+        final CredentialBatchIssueResponse response = api.credentialBatchIssue(credentialBatchIssueRequest);
+        final String content = response.getResponseContent();
+
+        switch (response.getAction())
+        {
+            case CALLER_ERROR:
+                return ResponseUtil.badRequest(content);
+
+            case UNAUTHORIZED:
+                return ResponseUtil.unauthorized(accessToken, content);
+
+            case FORBIDDEN:
+                return ResponseUtil.forbiddenJson(content);
+
+            case OK:
+                return ResponseUtil.okJson(content);
+
+            case INTERNAL_SERVER_ERROR:
+            default:
+                throw ExceptionUtil.internalServerErrorExceptionJson(content);
+        }
+    }
+}

src/main/java/com/authlete/jaxrs/server/api/vci/CredentialDefinitionType.java

@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2023 Authlete, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the
+ * License.
+ */
+package com.authlete.jaxrs.server.api.vci;
+
+
+import java.util.Arrays;
+import com.authlete.common.types.StandardClaims;
+
+
+public enum CredentialDefinitionType
+{
+    IDENTITY_CREDENTIAL("IdentityCredential", new String[]{
+            StandardClaims.GIVEN_NAME,
+            StandardClaims.FAMILY_NAME,
+            StandardClaims.BIRTHDATE
+    });
+
+
+    final String id;
+    final String[] claims;
+
+
+    CredentialDefinitionType(final String typeId,
+                             final String[] claims)
+    {
+        this.id = typeId;
+        this.claims = claims;
+    }
+
+
+    public String getId()
+    {
+        return id;
+    }
+
+
+    public String[] getClaims()
+    {
+        return claims;
+    }
+
+
+    public static CredentialDefinitionType byId(final String id)
+    {
+        return Arrays.stream(CredentialDefinitionType.values())
+                .filter(format -> format.getId().equals(id))
+                .findFirst()
+                .orElse(null);
+    }
+}