* Add support of CredentialPojo creation and verification

Author: chaoxinhu

src/main/java/com/webank/weid/http/constant/WeIdentityFunctionNames.java

@@ -40,6 +40,8 @@ public final class WeIdentityFunctionNames {
     public static final String FUNCNAME_GET_WEID_DOCUMENT_JSON = "getWeIdDocumentJson";
     public static final String FUNCNAME_QUERY_AUTHORITY_ISSUER = "queryAuthorityIssuer";
     public static final String FUNCNAME_QUERY_CPT = "queryCpt";
+    public static final String FUNCNAME_CREATE_CREDENTIALPOJO = "createCredentialPojo";
+    public static final String FUNCNAME_VERIFY_CREDENTIALPOJO = "verifyCredentialPojo";
 
     /**
      * Function names to be assembled in SDK Function call. Case sensitive.

src/main/java/com/webank/weid/http/service/InvokerCredentialService.java

@@ -19,6 +19,7 @@
 
 package com.webank.weid.http.service;
 
+import com.webank.weid.protocol.base.CredentialPojo;
 import org.springframework.stereotype.Service;
 
 import com.webank.weid.http.protocol.request.InputArg;
@@ -43,4 +44,20 @@ public interface InvokerCredentialService {
      * @return the Boolean response data
      */
     HttpResponseData<Object> verifyCredentialInvoke(InputArg verifyCredentialFuncArgs);
+
+    /**
+     * Create Credential Pojo. Need format conversion.
+     *
+     * @param createCredentialPojoFuncArgs
+     * @return credentialpojo
+     */
+    HttpResponseData<Object> createCredentialPojoInvoke(InputArg createCredentialPojoFuncArgs);
+
+    /**
+     * Verify the validity of a Credential Pojo. Need format conversion.
+     *
+     * @param verifyCredentialPojoFuncArgs
+     * @return boolean
+     */
+    HttpResponseData<Boolean> verifyCredentialPojoInvoke(InputArg verifyCredentialPojoFuncArgs);
 }

src/main/java/com/webank/weid/http/service/impl/InvokerCredentialServiceImpl.java

@@ -20,6 +20,13 @@
 
 package com.webank.weid.http.service.impl;
 
+import com.webank.weid.protocol.base.CredentialPojo;
+import com.webank.weid.protocol.base.WeIdAuthentication;
+import com.webank.weid.protocol.request.CreateCredentialPojoArgs;
+import com.webank.weid.rpc.CredentialPojoService;
+import com.webank.weid.service.impl.CredentialPojoServiceImpl;
+import com.webank.weid.util.CredentialPojoUtils;
+import com.webank.weid.util.DataToolUtils;
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
@@ -58,14 +65,16 @@ public class InvokerCredentialServiceImpl extends BaseService implements Invoker
     private Logger logger = LoggerFactory.getLogger(InvokerCredentialServiceImpl.class);
 
     private CredentialService credentialService = new CredentialServiceImpl();
+    private CredentialPojoService credentialPojoService = new CredentialPojoServiceImpl();
 
     /**
-     * Generate a credential for client to sign. The signature field is null, and both full claim
-     * and claimHash will be returned. The returned json String is an key-ordered compact json.
+     * Generate a credential for client to sign. The signature field is null, and both full claim and claimHash will be returned. The returned json
+     * String is an key-ordered compact json.
      *
      * @param createCredentialFuncArgs the functionArgs
      * @return the Map contains Credential content and claimHash.
      */
+    @Override
     public HttpResponseData<Object> createCredentialInvoke(
         InputArg createCredentialFuncArgs) {
         try {
@@ -150,7 +159,7 @@ public HttpResponseData<Object> createCredentialInvoke(
                 // this is the server-hosting privkey approach
                 String privateKey = KeyUtil
                     .getPrivateKeyByWeId(KeyUtil.SDK_PRIVKEY_PATH, keyIndexNode.textValue());
-                if (StringUtils.isEmpty(privateKey)) {
+                if (!KeyUtil.isPrivateKeyLengthValid(privateKey)) {
                     return new HttpResponseData<>(null, HttpReturnCode.INVOKER_ILLEGAL);
                 }
                 Map<String, String> credentialProof = CredentialUtils
@@ -185,6 +194,7 @@ public HttpResponseData<Object> createCredentialInvoke(
      * @param verifyCredentialFuncArgs the credential json args
      * @return the Boolean response data
      */
+    @Override
     public HttpResponseData<Object> verifyCredentialInvoke(InputArg verifyCredentialFuncArgs) {
         Credential credential = null;
         try {
@@ -222,4 +232,123 @@ public HttpResponseData<Object> verifyCredentialInvoke(InputArg verifyCredential
                 HttpReturnCode.WEID_SDK_ERROR.getCodeDesc().concat(e.getMessage()));
         }
     }
+
+    @Override
+    public HttpResponseData<Object> createCredentialPojoInvoke(InputArg createCredentialPojoFuncArgs) {
+        JsonNode cptIdNode;
+        JsonNode issuerNode;
+        JsonNode expirationDateNode;
+        JsonNode claimNode;
+        try {
+            JsonNode functionArgNode = new ObjectMapper()
+                .readTree(createCredentialPojoFuncArgs.getFunctionArg());
+            cptIdNode = functionArgNode.get(ParamKeyConstant.CPT_ID);
+            issuerNode = functionArgNode.get(ParamKeyConstant.ISSUER);
+            expirationDateNode = functionArgNode.get(ParamKeyConstant.EXPIRATION_DATE);
+            claimNode = functionArgNode.get(ParamKeyConstant.CLAIM);
+            if (cptIdNode == null || StringUtils.isEmpty(cptIdNode.toString())
+                || issuerNode == null || StringUtils.isEmpty(issuerNode.textValue())
+                || expirationDateNode == null || StringUtils.isEmpty(expirationDateNode.textValue())
+                || claimNode == null || StringUtils.isEmpty(claimNode.toString())) {
+                return new HttpResponseData<>(null, HttpReturnCode.INPUT_NULL);
+            }
+        } catch (Exception e) {
+            logger.error("[createCredentialPojoInvoke]: input args error: {}", createCredentialPojoFuncArgs, e);
+            return new HttpResponseData<>(null, HttpReturnCode.VALUE_FORMAT_ILLEGAL);
+        }
+
+        Integer cptId;
+        try {
+            cptId = Integer.valueOf(JsonUtil.removeDoubleQuotes(cptIdNode.toString()));
+        } catch (Exception e) {
+            return new HttpResponseData<>(null, HttpReturnCode.VALUE_FORMAT_ILLEGAL);
+        }
+
+        Long expirationDate;
+        try {
+            expirationDate = DateUtils
+                .convertUtcDateToTimeStamp(expirationDateNode.textValue());
+        } catch (Exception e) {
+            return new HttpResponseData<>(null,
+                ErrorCode.CREDENTIAL_EXPIRE_DATE_ILLEGAL.getCode(),
+                ErrorCode.CREDENTIAL_EXPIRE_DATE_ILLEGAL.getCodeDesc());
+        }
+
+        CredentialPojo credential = new CredentialPojo();
+        credential.setId(UUID.randomUUID().toString());
+        credential.setCptId(cptId);
+        credential.setIssuer(issuerNode.textValue());
+        credential.setExpirationDate(expirationDate);
+        credential.setContext(CredentialConstant.DEFAULT_CREDENTIAL_CONTEXT);
+        credential.setIssuanceDate(DateUtils.getNoMillisecondTimeStamp());
+        Map<String, Object> claimMap;
+        try {
+            claimMap = (Map<String, Object>) JsonUtil
+                .jsonStrToObj(new HashMap<String, Object>(), claimNode.toString());
+        } catch (Exception e) {
+            return new HttpResponseData<>(null,
+                ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL.getCode(),
+                ErrorCode.CREDENTIAL_CLAIM_DATA_ILLEGAL.getCodeDesc());
+        }
+        credential.setClaim(claimMap);
+
+        WeIdAuthentication weIdAuthentication;
+        try {
+            JsonNode txnArgNode = new ObjectMapper().readTree(createCredentialPojoFuncArgs.getTransactionArg());
+            JsonNode keyIndexNode = txnArgNode.get(WeIdentityParamKeyConstant.KEY_INDEX);
+            String privateKey = KeyUtil
+                .getPrivateKeyByWeId(KeyUtil.SDK_PRIVKEY_PATH, keyIndexNode.textValue());
+            weIdAuthentication = KeyUtil.buildWeIdAuthenticationFromPrivKey(privateKey);
+            if (weIdAuthentication == null) {
+                return new HttpResponseData<>(null, HttpReturnCode.INVOKER_ILLEGAL);
+            }
+        } catch (Exception e) {
+            return new HttpResponseData<>(null, ErrorCode.CREDENTIAL_PRIVATE_KEY_NOT_EXISTS.getCode(),
+                ErrorCode.CREDENTIAL_PRIVATE_KEY_NOT_EXISTS.getCodeDesc());
+        }
+
+        // Client-side check of validity
+        CreateCredentialPojoArgs createArg = new CreateCredentialPojoArgs();
+        createArg.setClaim(claimMap);
+        createArg.setCptId(cptId);
+        createArg.setIssuer(issuerNode.textValue());
+        createArg.setIssuanceDate(credential.getIssuanceDate());
+        createArg.setExpirationDate(expirationDate);
+        createArg.setContext(credential.getContext());
+        createArg.setId(credential.getId());
+        createArg.setWeIdAuthentication(weIdAuthentication);
+        ErrorCode errorCode = CredentialPojoUtils.isCreateCredentialPojoArgsValid(createArg);
+        if (errorCode.getCode() != ErrorCode.SUCCESS.getCode()) {
+            return new HttpResponseData<>(null, errorCode.getCode(),
+                errorCode.getCodeDesc());
+        }
+        ResponseData<CredentialPojo> createResp = credentialPojoService.createCredential(createArg);
+        // TODO unify with Credential
+        Map<String, Object> credMap = (Map<String, Object>) JsonUtil.jsonStrToObj(new HashMap<String, Object>(),
+            DataToolUtils.serialize(createResp.getResult()));
+        return new HttpResponseData<>(credMap, createResp.getErrorCode(), createResp.getErrorMessage());
+    }
+
+    @Override
+    public HttpResponseData<Boolean> verifyCredentialPojoInvoke(InputArg verifyCredentialPojoFuncArgs) {
+        CredentialPojo credential;
+        try {
+            credential = DataToolUtils.deserialize(verifyCredentialPojoFuncArgs.getFunctionArg(), CredentialPojo.class);
+        } catch (Exception e) {
+            logger.error("Input credential format illegal: {}", verifyCredentialPojoFuncArgs);
+            return new HttpResponseData<>(null, HttpReturnCode.INPUT_ILLEGAL.getCode(),
+                HttpReturnCode.INPUT_ILLEGAL.getCodeDesc().concat(e.getMessage()));
+        }
+        try {
+            ResponseData<Boolean> responseData = credentialPojoService.verify(credential.getIssuer(), credential);
+            return new HttpResponseData<>(responseData.getResult(),
+                responseData.getErrorCode(), responseData.getErrorMessage());
+        } catch (Exception e) {
+            logger.error("[verifyCredentialInvoke]: SDK error. reqCredentialArgs:{}",
+                verifyCredentialPojoFuncArgs,
+                e);
+            return new HttpResponseData<>(null, HttpReturnCode.WEID_SDK_ERROR.getCode(),
+                HttpReturnCode.WEID_SDK_ERROR.getCodeDesc().concat(e.getMessage()));
+        }
+    }
 }

src/main/java/com/webank/weid/http/service/impl/TransactionServiceImpl.java

@@ -1,5 +1,5 @@
 /*
- *       Copyright© (2019) WeBank Co., Ltd.
+ *       Copyright© (2019-2020) WeBank Co., Ltd.
  *
  *       This file is part of weid-http-service.
  *
@@ -21,6 +21,7 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.webank.weid.protocol.base.CredentialPojo;
 import org.apache.commons.lang3.StringUtils;
 import org.bcos.web3j.protocol.core.methods.request.RawTransaction;
 import org.slf4j.Logger;
@@ -69,6 +70,7 @@ public class TransactionServiceImpl extends BaseService implements TransactionSe
      * params into SDK readable format to send there; apiVersion is for extensibility purpose.
      * @return encoded transaction in Base64 format, and the data segment in RawTransaction.
      */
+    @Override
     public HttpResponseData<Object> encodeTransaction(
         String encodeTransactionJsonArgs) {
         try {
@@ -139,6 +141,7 @@ public HttpResponseData<Object> encodeTransaction(
      * (including all business related params), transactionArgs, functionName and apiVersion.
      * @return the json string from SDK response.
      */
+    @Override
     public HttpResponseData<Object> sendTransaction(String sendTransactionJsonArgs) {
         try {
             HttpResponseData<InputArg> resp = TransactionEncoderUtil
@@ -240,6 +243,7 @@ public HttpResponseData<Object> sendTransaction(String sendTransactionJsonArgs)
      * (including all business related params), EMPTY transactionArgs, functionName and apiVersion.
      * @return the json string from SDK response.
      */
+    @Override
     public HttpResponseData<Object> invokeFunction(String invokeFunctionJsonArgs) {
         HttpResponseData<InputArg> resp = TransactionEncoderUtil
             .buildInputArg(invokeFunctionJsonArgs);
@@ -253,9 +257,16 @@ public HttpResponseData<Object> invokeFunction(String invokeFunctionJsonArgs) {
             if (functionName.equalsIgnoreCase(WeIdentityFunctionNames.FUNCNAME_CREATE_CREDENTIAL)) {
                 return invokerCredentialService.createCredentialInvoke(inputArg);
             }
+            if (functionName.equalsIgnoreCase(WeIdentityFunctionNames.FUNCNAME_CREATE_CREDENTIALPOJO)) {
+                return invokerCredentialService.createCredentialPojoInvoke(inputArg);
+            }
             if (functionName.equalsIgnoreCase(WeIdentityFunctionNames.FUNCNAME_VERIFY_CREDENTIAL)) {
                 return invokerCredentialService.verifyCredentialInvoke(inputArg);
             }
+            if (functionName.equalsIgnoreCase(WeIdentityFunctionNames.FUNCNAME_VERIFY_CREDENTIALPOJO)) {
+                HttpResponseData<Boolean> respData = invokerCredentialService.verifyCredentialPojoInvoke(inputArg);
+                return new HttpResponseData<>(respData.getRespBody(), respData.getErrorCode(), respData.getErrorMessage());
+            }
             if (functionName
                 .equalsIgnoreCase(WeIdentityFunctionNames.FUNCNAME_QUERY_AUTHORITY_ISSUER)) {
                 return invokerAuthorityIssuerService.queryAuthorityIssuerInfoInvoke(inputArg);

src/main/java/com/webank/weid/http/util/KeyUtil.java

@@ -19,15 +19,22 @@
 
 package com.webank.weid.http.util;
 
+import com.webank.weid.protocol.base.WeIdAuthentication;
+import com.webank.weid.protocol.base.WeIdPrivateKey;
+import com.webank.weid.util.WeIdUtils;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
+import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 
 import org.apache.commons.lang3.StringUtils;
+import org.fisco.bcos.web3j.abi.datatypes.Address;
+import org.fisco.bcos.web3j.crypto.ECKeyPair;
+import org.fisco.bcos.web3j.crypto.Keys;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -54,8 +61,7 @@ public class KeyUtil {
     private static final String SLASH_CHARACTER = "/";
 
     /**
-     * this method stores weId private key information by file and stores private key information by
-     * itself in actual scene.
+     * this method stores weId private key information by file and stores private key information by itself in actual scene.
      *
      * @param path save path
      * @param weId the weId
@@ -211,4 +217,41 @@ public static String saveFile(String filePath, String dataStr) {
         }
         return StringUtils.EMPTY;
     }
+
+    /**
+     * Build a default WeIdAuthentication from passed-in private key.
+     *
+     * @param privateKey the private key in String
+     * @return weIdAuthentication
+     */
+    public static WeIdAuthentication buildWeIdAuthenticationFromPrivKey(String privateKey) {
+        if (StringUtils.isBlank(privateKey) || !isPrivateKeyLengthValid(privateKey)) {
+            logger.error("Private key format or size illegal.");
+            return null;
+        }
+        ECKeyPair keyPair = ECKeyPair.create(new BigInteger(privateKey));
+        String keyWeId = WeIdUtils
+            .convertAddressToWeId(new Address(Keys.getAddress(keyPair)).toString());
+        WeIdAuthentication weIdAuthentication = new WeIdAuthentication();
+        weIdAuthentication.setWeId(keyWeId);
+        weIdAuthentication.setWeIdPublicKeyId(keyWeId + "#keys-0");
+        WeIdPrivateKey weIdPrivateKey = new WeIdPrivateKey();
+        weIdPrivateKey.setPrivateKey(privateKey);
+        weIdAuthentication.setWeIdPrivateKey(weIdPrivateKey);
+        return weIdAuthentication;
+    }
+
+    public static boolean isPrivateKeyLengthValid(String privateKey) {
+        if (StringUtils.isBlank(privateKey)) {
+            return false;
+        }
+        WeIdPrivateKey weIdPrivateKey = new WeIdPrivateKey();
+        weIdPrivateKey.setPrivateKey(privateKey);
+        if (WeIdUtils.isPrivateKeyValid(weIdPrivateKey)) {
+            BigInteger privKeyBig = new BigInteger(privateKey, 10);
+            BigInteger MAX_PRIVKEY_VALUE = new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16);
+            return (privKeyBig.compareTo(MAX_PRIVKEY_VALUE) <= 0);
+        }
+        return false;
+    }
 }

src/test/java/com/webank/weid/http/service/PureInvokerTest.java

@@ -19,6 +19,7 @@
 
 package com.webank.weid.http.service;
 
+import com.webank.weid.protocol.base.CredentialPojo;
 import java.math.BigInteger;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -207,6 +208,36 @@ public void testInvokeIntegration() throws Exception {
         HttpResponseData<Object> resp9 =
             transactionService.invokeFunction(JsonUtil.objToJsonStr(inputParamMap));
         System.out.println(JsonUtil.objToJsonStr(resp9));
-        Assert.assertNotNull(resp9.getRespBody());
+        Assert.assertTrue((Boolean) resp9.getRespBody());
+
+        // create credentialPojo using the same cpt id
+        txnArgMap = new LinkedHashMap<>();
+        txnArgMap.put(WeIdentityParamKeyConstant.KEY_INDEX, weId);
+        inputParamMap = new LinkedHashMap<>();
+        inputParamMap.put(WeIdentityParamKeyConstant.FUNCTION_ARG, funcArgMap);
+        inputParamMap.put(WeIdentityParamKeyConstant.TRANSACTION_ARG, txnArgMap);
+        inputParamMap.put(WeIdentityParamKeyConstant.API_VERSION,
+            WeIdentityParamKeyConstant.DEFAULT_API_VERSION);
+        inputParamMap.put(WeIdentityParamKeyConstant.FUNCTION_NAME,
+            WeIdentityFunctionNames.FUNCNAME_CREATE_CREDENTIALPOJO);
+        HttpResponseData<Object> resp10 =
+            transactionService.invokeFunction(JsonUtil.objToJsonStr(inputParamMap));
+        System.out.println(JsonUtil.objToJsonStr(resp10));
+        Assert.assertNotNull(resp10.getRespBody());
+
+        // verify credentialPojo
+        credJsonMap = (Map<String, Object>) resp10.getRespBody();
+        txnArgMap = new LinkedHashMap<>();
+        inputParamMap = new LinkedHashMap<>();
+        inputParamMap.put(WeIdentityParamKeyConstant.FUNCTION_ARG, credJsonMap);
+        inputParamMap.put(WeIdentityParamKeyConstant.TRANSACTION_ARG, txnArgMap);
+        inputParamMap.put(WeIdentityParamKeyConstant.API_VERSION,
+            WeIdentityParamKeyConstant.DEFAULT_API_VERSION);
+        inputParamMap.put(WeIdentityParamKeyConstant.FUNCTION_NAME,
+            WeIdentityFunctionNames.FUNCNAME_VERIFY_CREDENTIALPOJO);
+        HttpResponseData<Object> resp11 =
+            transactionService.invokeFunction(JsonUtil.objToJsonStr(inputParamMap));
+        System.out.println(JsonUtil.objToJsonStr(resp11));
+        Assert.assertTrue((Boolean) resp11.getRespBody());
     }
 }