fix: HTTPS Support for DIDComm Inbound port

- Add HTTPS Support for DIDComm Inbound port
- Add prc card scope in RP adapter
- Add citizenship json-ld context

Signed-off-by: Rolson Quadras <[email protected]>

.github/workflows/build.yml

@@ -61,6 +61,7 @@ jobs:
       - name: Run Issuer Adapter BDD test
         run: |
           echo '127.0.0.1 testnet.orb.local' | sudo tee -a /etc/hosts
+          echo '127.0.0.1 rp-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts
           echo '127.0.0.1 issuer-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts
           echo '127.0.0.1 issuer-hydra.trustbloc.local' | sudo tee -a /etc/hosts
           echo '127.0.0.1 mock-issuer-login.trustbloc.local' | sudo tee -a /etc/hosts
@@ -85,6 +86,7 @@ jobs:
       - name: Run RP Adapter BDD test
         run: |
           echo '127.0.0.1 testnet.orb.local' | sudo tee -a /etc/hosts
+          echo '127.0.0.1 rp-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts
           echo '127.0.0.1 issuer-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts
           echo '127.0.0.1 issuer-hydra.trustbloc.local' | sudo tee -a /etc/hosts
           echo '127.0.0.1 mock-issuer-login.trustbloc.local' | sudo tee -a /etc/hosts

cmd/adapter-rest/startcmd/start.go

@@ -1039,12 +1039,11 @@ func createAriesAgent( // nolint:gocyclo,cyclop
 		return nil, errors.New("didcomm inbound host is mandatory")
 	}
 
-	// TODO - enable TLS on aries inbound transports: https://github.com/trustbloc/edge-adapter/issues/303
 	inboundTransportOpt := defaults.WithInboundHTTPAddr(
 		parameters.didCommParameters.inboundHostInternal,
 		parameters.didCommParameters.inboundHostExternal,
-		"",
-		"",
+		parameters.tlsParams.serveCertPath,
+		parameters.tlsParams.serveKeyPath,
 	)
 
 	outbound, err := arieshttp.NewOutbound(arieshttp.WithOutboundTLSConfig(tlsConfig))

docs/build.md

@@ -16,6 +16,7 @@ Add following entries to the host file.
 
 ```
 127.0.0.1 testnet.orb.local
+127.0.0.1 rp-adapter-rest.trustbloc.local
 127.0.0.1 issuer-adapter-rest.trustbloc.local
 127.0.0.1 issuer-hydra.trustbloc.local
 127.0.0.1 mock-issuer-login.trustbloc.local

test/bdd/features/rp_e2e.feature

@@ -14,7 +14,7 @@ Feature: RP Adapter
 
   @rp_adapter_healthcheck
   Scenario: RP adapter healthcheck
-    When an HTTP GET is sent to "https://localhost:8070/healthcheck"
+    When an HTTP GET is sent to "https://rp-adapter-rest.trustbloc.local:8070/healthcheck"
     Then the JSON path "status" of the response equals "success"
 
   @rp_register_party

test/bdd/fixtures/adapter-rest/docker-compose.yml

@@ -17,7 +17,7 @@ services:
       - ADAPTER_REST_TLS_SERVE_CERT=/etc/tls/ec-pubCert.pem
       - ADAPTER_REST_TLS_SERVE_KEY=/etc/tls/ec-key.pem
       - ADAPTER_REST_DIDCOMM_INBOUND_HOST=0.0.0.0:9071
-      - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=http://issuer-adapter-rest.trustbloc.local:9071
+      - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=https://issuer-adapter-rest.trustbloc.local:9071
       - ADAPTER_REST_TRUSTBLOC_DOMAIN=${BLOC_DOMAIN}
       - ADAPTER_REST_UNIVERSAL_RESOLVER_URL=http://did.rest.example.com:8072/1.0/identifiers
       - ADAPTER_REST_DSN=mongodb://mongodb.example.com:27017
@@ -45,8 +45,8 @@ services:
     depends_on:
       - mongodb.example.com
 
-  rp.adapter.rest.example.com:
-    container_name: rp.adapter.rest.example.com
+  rp-adapter-rest.trustbloc.local:
+    container_name: rp-adapter-rest.trustbloc.local
     image: ${RP_ADAPTER_REST_IMAGE}:latest
     environment:
       - ADAPTER_REST_HOST_URL=0.0.0.0:8070
@@ -57,21 +57,22 @@ services:
       - ADAPTER_REST_DSN=mongodb://mongodb.example.com:27017
       - ADAPTER_REST_OP_URL=http://PUT-SOMETHING-HERE.com
       - ADAPTER_REST_PRESENTATION_DEFINITIONS_FILE=/etc/testdata/presentationdefinitions.json
-      - ADAPTER_REST_DIDCOMM_INBOUND_HOST=0.0.0.0:8071
-      - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=http://rp.adapter.rest.example.com:8071
+      - ADAPTER_REST_DIDCOMM_INBOUND_HOST=0.0.0.0:8075
+      - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=https://rp-adapter-rest.trustbloc.local:8075
       - ADAPTER_REST_TRUSTBLOC_DOMAIN=${BLOC_DOMAIN}
       - ADAPTER_REST_HYDRA_URL=https://hydra.trustbloc.local:4445
       - ADAPTER_REST_UNIVERSAL_RESOLVER_URL=http://did.rest.example.com:8072/1.0/identifiers
       - ADAPTER_REST_DSN_TIMEOUT=45
       - ADAPTER_REST_WALLET_APP_URL=http://demoapp/load
-      - ADAPTER_REST_EXTERNAL_URL=https://rp.adapter.rest.example.com:8070
+      - ADAPTER_REST_EXTERNAL_URL=https://rp-adapter-rest.trustbloc.local:8070
       - ADAPTER_REST_DID_ANCHOR_ORIGIN=https://testnet.orb.local
       - ADAPTER_REST_CONTEXT_PROVIDER_URL=${CONTEXT_PROVIDER_URL}
       - ADAPTER_REST_KEY_TYPE=${AGENT_KEY_TYPE}
       - ADAPTER_REST_KEY_AGREEMENT_TYPE=${AGENT_KEY_AGREEMENT_TYPE}
       - ADAPTER_REST_MEDIA_TYPE_PROFILES=${AGENT_MEDIA_TYPE_PROFILES}
     ports:
       - 8070:8070
+      - 8075:8075
     entrypoint: ""
     command: /bin/sh -c "adapter-rest start"
     volumes:
@@ -107,8 +108,8 @@ services:
     environment:
       - DSN=mysql://rpadapterhydra:rpadapterhydra-secret-pw@tcp(mysql:3306)/rpadapterhydra?max_conns=20&max_idle_conns=4
       - URLS_SELF_ISSUER=https://localhost:4444
-      - URLS_CONSENT=https://localhost:8070/consent
-      - URLS_LOGIN=https://localhost:8070/login
+      - URLS_CONSENT=https://rp-adapter-rest.trustbloc.local:8070/consent
+      - URLS_LOGIN=https://rp-adapter-rest.trustbloc.local:8070/login
       - SECRETS_SYSTEM=testSecretsSystem
       - OIDC_SUBJECT_TYPES_SUPPORTED=public
       - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=testSecretsSystem

test/bdd/fixtures/integration/docker-compose.yml

@@ -12,6 +12,8 @@ services:
     image: ${HUB_ROUTER_IMAGE}:${HUB_ROUTER_IMAGE_TAG}
     environment:
       - HUB_ROUTER_HOST_URL=0.0.0.0:${HUB_ROUTER_PORT}
+      - HUB_ROUTER_TLS_CACERTS=/etc/tls/ec-cacert.pem
+      - HUB_ROUTER_TLS_SYSTEMCERTPOOL=true      
       - HUB_ROUTER_DIDCOMM_HTTP_HOST=0.0.0.0:${HUB_ROUTER_DIDCOMM_HTTP_PORT}
       - HUB_ROUTER_DIDCOMM_HTTP_HOST_EXTERNAL=http://hub-router.com:${HUB_ROUTER_DIDCOMM_HTTP_PORT}
       - HUB_ROUTER_DIDCOMM_WS_HOST=0.0.0.0:${HUB_ROUTER_DIDCOMM_WS_PORT}
@@ -60,7 +62,10 @@ services:
     ports:
       - ${WALLET_AGENT_INBOUND_PORT}:${WALLET_AGENT_INBOUND_PORT}
       - ${WALLET_AGENT_API_PORT}:${WALLET_AGENT_API_PORT}
-    command: start
+    entrypoint: ""
+    command:  /bin/sh -c "cp /etc/tls/* /usr/local/share/ca-certificates/;update-ca-certificates; agent-rest start"
+    volumes:
+      - ../keys/tls:/etc/tls
     networks:
       adapter-rest_bdd_net:
         aliases:
@@ -96,7 +101,10 @@ services:
     ports:
       - ${ISSUER_AGENT_INBOUND_PORT}:${ISSUER_AGENT_INBOUND_PORT}
       - ${ISSUER_AGENT_API_PORT}:${ISSUER_AGENT_API_PORT}
-    command: start
+    entrypoint: ""
+    command:  /bin/sh -c "cp /etc/tls/* /usr/local/share/ca-certificates/;update-ca-certificates; agent-rest start"
+    volumes:
+      - ../keys/tls:/etc/tls
     networks:
       adapter-rest_bdd_net:
         aliases:

test/bdd/fixtures/testdata/contexts/test-contexts.json

@@ -60,6 +60,66 @@
         }
       }
     },
+    {
+      "url": "https://w3id.org/citizenship/v1",
+      "content": {
+        "@context": {
+          "@version": 1.1,
+          "@protected": true,
+          "name": "http://schema.org/name",
+          "description": "http://schema.org/description",
+          "identifier": "http://schema.org/identifier",
+          "image": {
+            "@id": "http://schema.org/image",
+            "@type": "@id"
+          },
+          "PermanentResidentCard": {
+            "@id": "https://w3id.org/citizenship#PermanentResidentCard",
+            "@context": {
+              "@version": 1.1,
+              "@protected": true,
+              "id": "@id",
+              "type": "@type",
+              "description": "http://schema.org/description",
+              "name": "http://schema.org/name",
+              "identifier": "http://schema.org/identifier",
+              "image": {
+                "@id": "http://schema.org/image",
+                "@type": "@id"
+              }
+            }
+          },
+          "PermanentResident": {
+            "@id": "https://w3id.org/citizenship#PermanentResident",
+            "@context": {
+              "@version": 1.1,
+              "@protected": true,
+              "id": "@id",
+              "type": "@type",
+              "ctzn": "https://w3id.org/citizenship#",
+              "schema": "http://schema.org/",
+              "xsd": "http://www.w3.org/2001/XMLSchema#",
+              "birthCountry": "ctzn:birthCountry",
+              "birthDate": {
+                "@id": "schema:birthDate",
+                "@type": "xsd:dateTime"
+              },
+              "commuterClassification": "ctzn:commuterClassification",
+              "familyName": "schema:familyName",
+              "gender": "schema:gender",
+              "givenName": "schema:givenName",
+              "lprCategory": "ctzn:lprCategory",
+              "lprNumber": "ctzn:lprNumber",
+              "residentSince": {
+                "@id": "ctzn:residentSince",
+                "@type": "xsd:dateTime"
+              }
+            }
+          },
+          "Person": "http://schema.org/Person"
+        }
+      }
+    },
     {
       "url": "https://trustbloc.github.io/context/vc/examples/credit-card-v1.jsonld",
       "content": {

test/bdd/fixtures/testdata/presentationdefinitions.json

@@ -36,6 +36,15 @@
       ]
     }
   },
+  "prc:local": {
+    "name": "Permanent Resident Card",
+    "purpose": "Verify your identity.",
+    "schema": [
+      {
+        "uri": "https://w3id.org/citizenship#PermanentResidentCard"
+      }
+    ]
+  },
   "credit_score:remote": {
     "schema": [{
       "uri": "https://example.org/examples#AuthorizationCredential"

test/bdd/pkg/rp/rp_steps.go

@@ -56,7 +56,7 @@ import (
 
 const (
 	// AdapterURL is RP adapter endpoint.
-	AdapterURL = "https://localhost:8070"
+	AdapterURL = "https://rp-adapter-rest.trustbloc.local:8070"
 
 	hydraAdminURL  = "https://localhost:4445/"
 	hydraPublicURL = "https://localhost:4444/"