Merge pull request #209 from wistefan/optional-args-tir-policy

Support policies with optional arguments

Author: severinstampler

build.gradle.kts

@@ -110,6 +110,7 @@ dependencies {
     testImplementation("io.kotest:kotest-runner-junit5:5.5.4")
     testImplementation("io.kotest:kotest-assertions-core:5.5.4")
     testImplementation("io.kotest:kotest-assertions-json:5.5.4")
+
 }
 
 tasks.withType<Test> {

src/main/kotlin/id/walt/auditor/PolicyRegistry.kt

@@ -2,32 +2,48 @@ package id.walt.auditor
 
 import com.beust.klaxon.JsonObject
 import com.beust.klaxon.Klaxon
+import com.beust.klaxon.KlaxonException
 import id.walt.auditor.dynamic.DynamicPolicy
 import id.walt.auditor.dynamic.DynamicPolicyArg
 import id.walt.common.deepMerge
 import id.walt.common.resolveContent
 import id.walt.model.dif.PresentationDefinition
 import id.walt.services.context.ContextManager
 import id.walt.services.hkvstore.HKVKey
+import mu.KotlinLogging
 import java.io.StringReader
+import java.lang.reflect.InvocationTargetException
 import kotlin.reflect.KClass
 import kotlin.reflect.full.createInstance
 import kotlin.reflect.full.primaryConstructor
 
+private val log = KotlinLogging.logger {}
+
 open class PolicyFactory<P : VerificationPolicy, A : Any>(
     val policyType: KClass<P>,
     val argType: KClass<A>?,
     val name: String,
-    val description: String? = null
+    val description: String? = null,
+    val optionalArgument: Boolean = false
 ) {
     open fun create(argument: Any? = null): P {
-        return argType?.let {
-            policyType.primaryConstructor!!.call(argument)
+        try {
+            return argType?.let {
+                if(optionalArgument) {
+                    argument?.let {
+                        return policyType.primaryConstructor!!.call(it)
+                    }
+                } else {
+                    return policyType.primaryConstructor!!.call(argument)
+                }
+            } ?: policyType.createInstance()
+        } catch (e: KlaxonException) {
+            throw IllegalArgumentException("Provided argument was of wrong type.", e)
+        } catch (e: InvocationTargetException) {
+            throw IllegalArgumentException("No argument was provided.", e)
         }
-            ?: policyType.createInstance()
     }
 
-
     val requiredArgumentType = when (argType) {
         null -> "None"
         else -> argType.simpleName!!
@@ -75,8 +91,9 @@ object PolicyRegistry {
     fun <P : ParameterizedVerificationPolicy<A>, A : Any> register(
         policy: KClass<P>,
         argType: KClass<A>,
-        description: String? = null
-    ) = policies.put(policy.simpleName!!, PolicyFactory(policy, argType, policy.simpleName!!, description))
+        description: String? = null,
+        optionalArgument: Boolean = false
+    ) = policies.put(policy.simpleName!!, PolicyFactory(policy, argType, policy.simpleName!!, description, optionalArgument))
 
     fun <P : SimpleVerificationPolicy> register(policy: KClass<P>, description: String? = null) =
         policies.put(policy.simpleName!!, PolicyFactory<P, Unit>(policy, null, policy.simpleName!!, description))
@@ -173,7 +190,12 @@ object PolicyRegistry {
         //register(JsonSchemaPolicy::class, "Verify by JSON schema")
         register(TrustedSchemaRegistryPolicy::class, "Verify by EBSI Trusted Schema Registry")
         register(TrustedIssuerDidPolicy::class, "Verify by trusted issuer did")
-        register(TrustedIssuerRegistryPolicy::class, "Verify by trusted EBSI Trusted Issuer Registry record")
+        register(
+            TrustedIssuerRegistryPolicy::class,
+            TrustedIssuerRegistryPolicyArg::class,
+            "Verify by an EBSI Trusted Issuers Registry compliant api.",
+            true
+        )
         register(TrustedSubjectDidPolicy::class, "Verify by trusted subject did")
         register(IssuedDateBeforePolicy::class, "Verify by issuance date")
         register(ValidFromBeforePolicy::class, "Verify by valid from")

src/main/kotlin/id/walt/auditor/VerificationPolicy.kt

@@ -57,6 +57,8 @@ abstract class SimpleVerificationPolicy : VerificationPolicy()
 
 abstract class ParameterizedVerificationPolicy<T>(val argument: T) : VerificationPolicy()
 
+abstract class OptionalParameterizedVerificationPolicy<T>(val argument: T?) : VerificationPolicy()
+
 class SignaturePolicy : SimpleVerificationPolicy() {
     override val description: String = "Verify by signature"
     override fun doVerify(vc: VerifiableCredential) = runCatching {
@@ -102,8 +104,21 @@ class TrustedIssuerDidPolicy : SimpleVerificationPolicy() {
     }
 }
 
-class TrustedIssuerRegistryPolicy : SimpleVerificationPolicy() {
-    override val description: String = "Verify by trusted EBSI Trusted Issuer Registry record"
+
+data class TrustedIssuerRegistryPolicyArg(val registryAddress: String)
+
+class TrustedIssuerRegistryPolicy(registryArg: TrustedIssuerRegistryPolicyArg) :
+    ParameterizedVerificationPolicy<TrustedIssuerRegistryPolicyArg>(registryArg) {
+
+    constructor(registryAddress: String) : this(
+        TrustedIssuerRegistryPolicyArg(registryAddress)
+    )
+
+    constructor() : this(
+        TrustedIssuerRegistryPolicyArg("https://api-pilot.ebsi.eu/trusted-issuers-registry/v2/issuers/")
+    )
+
+    override val description: String = "Verify by an EBSI Trusted Issuers Registry compliant api."
     override fun doVerify(vc: VerifiableCredential): Boolean {
 
         // VPs are not considered
@@ -119,17 +134,23 @@ class TrustedIssuerRegistryPolicy : SimpleVerificationPolicy() {
             log.debug { "Resolved DID ${resolvedIssuerDid.id} does not match the issuer DID $issuerDid" }
             return false
         }
+        var tirRecord: TrustedIssuer
 
-        val tirRecord = runCatching {
-            TrustedIssuerClient.getIssuer(issuerDid)
-        }.getOrElse { throw Exception("Could not resolve issuer TIR record of $issuerDid", it) }
 
-        return isValidTrustedIssuerRecord(tirRecord)
+        runCatching {
+            tirRecord = TrustedIssuerClient.getIssuer(issuerDid, argument.registryAddress)
+            return isValidTrustedIssuerRecord(tirRecord)
+        }.getOrElse {
+            log.debug { it }
+            log.warn { "Could not resolve issuer TIR record of $issuerDid" }
+            return false
+        }
     }
 
     private fun isValidTrustedIssuerRecord(tirRecord: TrustedIssuer): Boolean {
         for (attribute in tirRecord.attributes) {
             val attributeInfo = AttributeInfo.from(attribute.body)
+            log.warn { attributeInfo }
             if (TIR_TYPE_ATTRIBUTE == attributeInfo?.type && TIR_NAME_ISSUER == attributeInfo.name) {
                 return true
             }
@@ -140,6 +161,7 @@ class TrustedIssuerRegistryPolicy : SimpleVerificationPolicy() {
     override var applyToVP: Boolean = false
 }
 
+
 class TrustedSubjectDidPolicy : SimpleVerificationPolicy() {
     override val description: String = "Verify by trusted subject did"
     override fun doVerify(vc: VerifiableCredential): Boolean {
@@ -220,7 +242,8 @@ class CredentialStatusPolicy : SimpleVerificationPolicy() {
 
 data class ChallengePolicyArg(val challenges: Set<String>, val applyToVC: Boolean = true, val applyToVP: Boolean = true)
 
-class ChallengePolicy(challengeArg: ChallengePolicyArg) : ParameterizedVerificationPolicy<ChallengePolicyArg>(challengeArg) {
+class ChallengePolicy(challengeArg: ChallengePolicyArg) :
+    ParameterizedVerificationPolicy<ChallengePolicyArg>(challengeArg) {
     constructor(challenge: String, applyToVC: Boolean = true, applyToVP: Boolean = true) : this(
         ChallengePolicyArg(
             setOf(

src/main/kotlin/id/walt/services/ecosystems/essif/TrustedIssuerClient.kt

@@ -112,17 +112,25 @@ object TrustedIssuerClient {
         return@runBlocking trustedIssuer
     }
 
-    fun getIssuer(did: String): TrustedIssuer = runBlocking {
+
+    fun getIssuer(did: String, registryAddress: String): TrustedIssuer = runBlocking {
         log.debug { "Getting trusted issuer with DID $did" }
 
+        val registryUrl = registryAddress + did
+
         val trustedIssuer: String =
-            WaltIdServices.http.get("https://api-pilot.ebsi.eu/trusted-issuers-registry/v2/issuers/$did").bodyAsText()
+            WaltIdServices.http.get(registryUrl).bodyAsText()
 
         log.debug { trustedIssuer }
 
         return@runBlocking Klaxon().parse<TrustedIssuer>(trustedIssuer)!!
     }
 
+    fun getIssuer(did: String): TrustedIssuer = runBlocking {
+        log.debug { "Getting trusted issuer with DID $did" }
+        return@runBlocking getIssuer(did, "https://api-pilot.ebsi.eu/trusted-issuers-registry/v2/issuers/")
+    }
+
     ///////////////////////////////////////////////////////////////////////////////////////////////
     //TODO: the methods below are stubbed - to be considered
 

src/test/kotlin/id/walt/auditor/PolicyFactoryTest.kt

@@ -0,0 +1,52 @@
+package id.walt.auditor
+
+import io.kotest.assertions.throwables.shouldThrow
+import io.kotest.core.spec.style.AnnotationSpec
+import io.kotest.matchers.should
+import io.kotest.matchers.shouldBe
+import io.kotest.matchers.types.beInstanceOf
+import org.junit.jupiter.api.Assertions.assertAll
+
+class PolicyFactoryTest : AnnotationSpec() {
+
+    private val testArgument = TrustedIssuerRegistryPolicyArg("testArg")
+    private val wrongArg = AnotherArg("Else")
+    private val defaultARg = TrustedIssuerRegistryPolicyArg("https://api-pilot.ebsi.eu/trusted-issuers-registry/v2/issuers/")
+
+    @Test
+    fun createTrustedIssuerRegistryPolicyWithoutOptionalArg() {
+        val factoryToTest =
+            PolicyFactory(TrustedIssuerRegistryPolicy::class, TrustedIssuerRegistryPolicyArg::class, "testPolicy", null, false)
+
+        assertAll(
+            { factoryToTest.create(testArgument).argument shouldBe testArgument },
+            { shouldThrow<IllegalArgumentException> { factoryToTest.create() } },
+            { shouldThrow<IllegalArgumentException> { factoryToTest.create(wrongArg) } }
+        )
+    }
+
+    @Test
+    fun createTrustedIssuerRegistryPolicyWithOptionalArg() {
+        val factoryToTest =
+            PolicyFactory(TrustedIssuerRegistryPolicy::class, TrustedIssuerRegistryPolicyArg::class, "testPolicy", null, true)
+        assertAll(
+            { factoryToTest.create(testArgument).argument shouldBe testArgument },
+            { factoryToTest.create().argument shouldBe defaultARg },
+            { shouldThrow<IllegalArgumentException> { factoryToTest.create(wrongArg) } }
+        )
+    }
+
+    @Test
+    fun createSimplePolicy() {
+        val factoryToTest =
+            PolicyFactory<SignaturePolicy, Unit>(SignaturePolicy::class, null, "testPolicy", null)
+
+        assertAll(
+            { factoryToTest.create() should beInstanceOf<SignaturePolicy>() },
+            { factoryToTest.create(testArgument) shouldBe beInstanceOf<SignaturePolicy>() }
+        )
+    }
+}
+
+
+data class AnotherArg(val somethingElse: String)

src/test/kotlin/id/walt/auditor/TrustedIssuerRegistryPolicyTest.kt

@@ -15,12 +15,19 @@ import id.walt.signatory.Signatory
 import io.kotest.core.spec.style.AnnotationSpec
 import io.kotest.core.test.TestCase
 import io.kotest.matchers.shouldBe
+import io.mockk.CapturingSlot
 import io.mockk.every
 import io.mockk.mockkObject
+import org.junit.jupiter.api.assertAll
 
 class TrustedIssuerRegistryPolicyTest : AnnotationSpec() {
 
-    private val testedPolicy = TrustedIssuerRegistryPolicy()
+    private val defaultRegistry = "https://api-pilot.ebsi.eu/trusted-issuers-registry/v2/issuers/"
+    private val otherRegistry = "http://my-other-registry.org/v3/issuers/"
+
+    private val simplePolicy = TrustedIssuerRegistryPolicy();
+    private val parameterizedPolicy = TrustedIssuerRegistryPolicy(otherRegistry);
+
     private val mockedHash = "mockHash"
     private val validAttrInfoJson =
         "{\"@context\":\"https://ebsi.eu\",\"type\":\"attribute\",\"name\":\"issuer\",\"data\":\"5d50b3fa18dde32b384d8c6d096869de\"}"
@@ -56,17 +63,29 @@ class TrustedIssuerRegistryPolicyTest : AnnotationSpec() {
     @Test
     fun whenTrustedIssuerRegistryContainsValidAttributeThenReturnTrue() {
         val attributeList = listOf(Attribute(mockedHash, encBase64Str(validAttrInfoJson)))
-        mockTrustedIssuerWithAttributes(attributeList)
+        val capture = mockTrustedIssuerWithAttributes(attributeList)
 
-        testedPolicy.verify(verifiableCredential) shouldBe true
+        assertAll(
+            { simplePolicy.verify(verifiableCredential) shouldBe true },
+            { capture.captured shouldBe defaultRegistry }
+        )
+
+        assertAll(
+            { parameterizedPolicy.verify(verifiableCredential) shouldBe true },
+            { capture.captured shouldBe otherRegistry }
+        )
     }
 
+
     @Test
     fun whenTrustedIssuerRegistryContainsInvalidBase64AttributeThenReturnFalse() {
         val attributeList = listOf(Attribute(mockedHash, "invalidBase64EncodedString"))
         mockTrustedIssuerWithAttributes(attributeList)
 
-        testedPolicy.verify(verifiableCredential) shouldBe false
+        assertAll(
+            { simplePolicy.verify(verifiableCredential) shouldBe false },
+            { parameterizedPolicy.verify(verifiableCredential) shouldBe false }
+        )
     }
 
     @Test
@@ -75,14 +94,25 @@ class TrustedIssuerRegistryPolicyTest : AnnotationSpec() {
         val attr2 = Attribute(mockedHash, encBase64Str("invalidAttr"))
         val attr3 = Attribute(mockedHash, encBase64Str(validAttrInfoJson))
         val attributeList = listOf(attr1, attr2, attr3)
-        mockTrustedIssuerWithAttributes(attributeList)
+        val capture = mockTrustedIssuerWithAttributes(attributeList)
+
+        assertAll(
+            { simplePolicy.verify(verifiableCredential) shouldBe true },
+            { capture.captured shouldBe defaultRegistry }
+        )
+
+        assertAll(
+            { parameterizedPolicy.verify(verifiableCredential) shouldBe true },
+            { capture.captured shouldBe otherRegistry }
+        )
 
-        testedPolicy.verify(verifiableCredential) shouldBe true
     }
 
-    private fun mockTrustedIssuerWithAttributes(attributeList: List<Attribute>) {
+    private fun mockTrustedIssuerWithAttributes(attributeList: List<Attribute>): CapturingSlot<String> {
         val tirRecord = TrustedIssuer(did, attributeList)
+        val slot = CapturingSlot<String>()
         mockkObject(TrustedIssuerClient)
-        every { TrustedIssuerClient.getIssuer(any()) } returns tirRecord
+        every { TrustedIssuerClient.getIssuer(any(), capture(slot)) } returns tirRecord
+        return slot
     }
 }