From 89b750c35b248cb05cfa557995265ea33011ee4c Mon Sep 17 00:00:00 2001 From: Rolson Quadras Date: Thu, 17 Feb 2022 09:50:10 -0500 Subject: [PATCH] fix: HTTPS Support for DIDComm Inbound port - Add HTTPS Support for DIDComm Inbound port - Add prc card scope in RP adapter - Add citizenship json-ld context Signed-off-by: Rolson Quadras --- .github/workflows/build.yml | 2 + cmd/adapter-rest/startcmd/start.go | 5 +- docs/build.md | 1 + test/bdd/features/rp_e2e.feature | 2 +- .../fixtures/adapter-rest/docker-compose.yml | 17 +++--- .../fixtures/integration/docker-compose.yml | 12 +++- .../testdata/contexts/test-contexts.json | 60 +++++++++++++++++++ .../testdata/presentationdefinitions.json | 9 +++ test/bdd/pkg/rp/rp_steps.go | 2 +- 9 files changed, 95 insertions(+), 15 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 407243e7..98cbae14 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -61,6 +61,7 @@ jobs: - name: Run Issuer Adapter BDD test run: | echo '127.0.0.1 testnet.orb.local' | sudo tee -a /etc/hosts + echo '127.0.0.1 rp-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts echo '127.0.0.1 issuer-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts echo '127.0.0.1 issuer-hydra.trustbloc.local' | sudo tee -a /etc/hosts echo '127.0.0.1 mock-issuer-login.trustbloc.local' | sudo tee -a /etc/hosts @@ -85,6 +86,7 @@ jobs: - name: Run RP Adapter BDD test run: | echo '127.0.0.1 testnet.orb.local' | sudo tee -a /etc/hosts + echo '127.0.0.1 rp-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts echo '127.0.0.1 issuer-adapter-rest.trustbloc.local' | sudo tee -a /etc/hosts echo '127.0.0.1 issuer-hydra.trustbloc.local' | sudo tee -a /etc/hosts echo '127.0.0.1 mock-issuer-login.trustbloc.local' | sudo tee -a /etc/hosts diff --git a/cmd/adapter-rest/startcmd/start.go b/cmd/adapter-rest/startcmd/start.go index 0c763212..b5641231 100644 --- a/cmd/adapter-rest/startcmd/start.go +++ b/cmd/adapter-rest/startcmd/start.go @@ -1039,12 +1039,11 @@ func createAriesAgent( // nolint:gocyclo,cyclop return nil, errors.New("didcomm inbound host is mandatory") } - // TODO - enable TLS on aries inbound transports: https://github.com/trustbloc/edge-adapter/issues/303 inboundTransportOpt := defaults.WithInboundHTTPAddr( parameters.didCommParameters.inboundHostInternal, parameters.didCommParameters.inboundHostExternal, - "", - "", + parameters.tlsParams.serveCertPath, + parameters.tlsParams.serveKeyPath, ) outbound, err := arieshttp.NewOutbound(arieshttp.WithOutboundTLSConfig(tlsConfig)) diff --git a/docs/build.md b/docs/build.md index 204fc453..7b201294 100644 --- a/docs/build.md +++ b/docs/build.md @@ -16,6 +16,7 @@ Add following entries to the host file. ``` 127.0.0.1 testnet.orb.local +127.0.0.1 rp-adapter-rest.trustbloc.local 127.0.0.1 issuer-adapter-rest.trustbloc.local 127.0.0.1 issuer-hydra.trustbloc.local 127.0.0.1 mock-issuer-login.trustbloc.local diff --git a/test/bdd/features/rp_e2e.feature b/test/bdd/features/rp_e2e.feature index 4c9c71f2..08bfc085 100644 --- a/test/bdd/features/rp_e2e.feature +++ b/test/bdd/features/rp_e2e.feature @@ -14,7 +14,7 @@ Feature: RP Adapter @rp_adapter_healthcheck Scenario: RP adapter healthcheck - When an HTTP GET is sent to "https://localhost:8070/healthcheck" + When an HTTP GET is sent to "https://rp-adapter-rest.trustbloc.local:8070/healthcheck" Then the JSON path "status" of the response equals "success" @rp_register_party diff --git a/test/bdd/fixtures/adapter-rest/docker-compose.yml b/test/bdd/fixtures/adapter-rest/docker-compose.yml index 23191fb7..6e4a56d3 100644 --- a/test/bdd/fixtures/adapter-rest/docker-compose.yml +++ b/test/bdd/fixtures/adapter-rest/docker-compose.yml @@ -17,7 +17,7 @@ services: - ADAPTER_REST_TLS_SERVE_CERT=/etc/tls/ec-pubCert.pem - ADAPTER_REST_TLS_SERVE_KEY=/etc/tls/ec-key.pem - ADAPTER_REST_DIDCOMM_INBOUND_HOST=0.0.0.0:9071 - - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=http://issuer-adapter-rest.trustbloc.local:9071 + - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=https://issuer-adapter-rest.trustbloc.local:9071 - ADAPTER_REST_TRUSTBLOC_DOMAIN=${BLOC_DOMAIN} - ADAPTER_REST_UNIVERSAL_RESOLVER_URL=http://did.rest.example.com:8072/1.0/identifiers - ADAPTER_REST_DSN=mongodb://mongodb.example.com:27017 @@ -45,8 +45,8 @@ services: depends_on: - mongodb.example.com - rp.adapter.rest.example.com: - container_name: rp.adapter.rest.example.com + rp-adapter-rest.trustbloc.local: + container_name: rp-adapter-rest.trustbloc.local image: ${RP_ADAPTER_REST_IMAGE}:latest environment: - ADAPTER_REST_HOST_URL=0.0.0.0:8070 @@ -57,14 +57,14 @@ services: - ADAPTER_REST_DSN=mongodb://mongodb.example.com:27017 - ADAPTER_REST_OP_URL=http://PUT-SOMETHING-HERE.com - ADAPTER_REST_PRESENTATION_DEFINITIONS_FILE=/etc/testdata/presentationdefinitions.json - - ADAPTER_REST_DIDCOMM_INBOUND_HOST=0.0.0.0:8071 - - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=http://rp.adapter.rest.example.com:8071 + - ADAPTER_REST_DIDCOMM_INBOUND_HOST=0.0.0.0:8075 + - ADAPTER_REST_DIDCOMM_INBOUND_HOST_EXTERNAL=https://rp-adapter-rest.trustbloc.local:8075 - ADAPTER_REST_TRUSTBLOC_DOMAIN=${BLOC_DOMAIN} - ADAPTER_REST_HYDRA_URL=https://hydra.trustbloc.local:4445 - ADAPTER_REST_UNIVERSAL_RESOLVER_URL=http://did.rest.example.com:8072/1.0/identifiers - ADAPTER_REST_DSN_TIMEOUT=45 - ADAPTER_REST_WALLET_APP_URL=http://demoapp/load - - ADAPTER_REST_EXTERNAL_URL=https://rp.adapter.rest.example.com:8070 + - ADAPTER_REST_EXTERNAL_URL=https://rp-adapter-rest.trustbloc.local:8070 - ADAPTER_REST_DID_ANCHOR_ORIGIN=https://testnet.orb.local - ADAPTER_REST_CONTEXT_PROVIDER_URL=${CONTEXT_PROVIDER_URL} - ADAPTER_REST_KEY_TYPE=${AGENT_KEY_TYPE} @@ -72,6 +72,7 @@ services: - ADAPTER_REST_MEDIA_TYPE_PROFILES=${AGENT_MEDIA_TYPE_PROFILES} ports: - 8070:8070 + - 8075:8075 entrypoint: "" command: /bin/sh -c "adapter-rest start" volumes: @@ -107,8 +108,8 @@ services: environment: - DSN=mysql://rpadapterhydra:rpadapterhydra-secret-pw@tcp(mysql:3306)/rpadapterhydra?max_conns=20&max_idle_conns=4 - URLS_SELF_ISSUER=https://localhost:4444 - - URLS_CONSENT=https://localhost:8070/consent - - URLS_LOGIN=https://localhost:8070/login + - URLS_CONSENT=https://rp-adapter-rest.trustbloc.local:8070/consent + - URLS_LOGIN=https://rp-adapter-rest.trustbloc.local:8070/login - SECRETS_SYSTEM=testSecretsSystem - OIDC_SUBJECT_TYPES_SUPPORTED=public - OIDC_SUBJECT_TYPE_PAIRWISE_SALT=testSecretsSystem diff --git a/test/bdd/fixtures/integration/docker-compose.yml b/test/bdd/fixtures/integration/docker-compose.yml index 8695280e..147ef13c 100644 --- a/test/bdd/fixtures/integration/docker-compose.yml +++ b/test/bdd/fixtures/integration/docker-compose.yml @@ -12,6 +12,8 @@ services: image: ${HUB_ROUTER_IMAGE}:${HUB_ROUTER_IMAGE_TAG} environment: - HUB_ROUTER_HOST_URL=0.0.0.0:${HUB_ROUTER_PORT} + - HUB_ROUTER_TLS_CACERTS=/etc/tls/ec-cacert.pem + - HUB_ROUTER_TLS_SYSTEMCERTPOOL=true - HUB_ROUTER_DIDCOMM_HTTP_HOST=0.0.0.0:${HUB_ROUTER_DIDCOMM_HTTP_PORT} - HUB_ROUTER_DIDCOMM_HTTP_HOST_EXTERNAL=http://hub-router.com:${HUB_ROUTER_DIDCOMM_HTTP_PORT} - HUB_ROUTER_DIDCOMM_WS_HOST=0.0.0.0:${HUB_ROUTER_DIDCOMM_WS_PORT} @@ -60,7 +62,10 @@ services: ports: - ${WALLET_AGENT_INBOUND_PORT}:${WALLET_AGENT_INBOUND_PORT} - ${WALLET_AGENT_API_PORT}:${WALLET_AGENT_API_PORT} - command: start + entrypoint: "" + command: /bin/sh -c "cp /etc/tls/* /usr/local/share/ca-certificates/;update-ca-certificates; agent-rest start" + volumes: + - ../keys/tls:/etc/tls networks: adapter-rest_bdd_net: aliases: @@ -96,7 +101,10 @@ services: ports: - ${ISSUER_AGENT_INBOUND_PORT}:${ISSUER_AGENT_INBOUND_PORT} - ${ISSUER_AGENT_API_PORT}:${ISSUER_AGENT_API_PORT} - command: start + entrypoint: "" + command: /bin/sh -c "cp /etc/tls/* /usr/local/share/ca-certificates/;update-ca-certificates; agent-rest start" + volumes: + - ../keys/tls:/etc/tls networks: adapter-rest_bdd_net: aliases: diff --git a/test/bdd/fixtures/testdata/contexts/test-contexts.json b/test/bdd/fixtures/testdata/contexts/test-contexts.json index 2080260d..1c06ce10 100644 --- a/test/bdd/fixtures/testdata/contexts/test-contexts.json +++ b/test/bdd/fixtures/testdata/contexts/test-contexts.json @@ -60,6 +60,66 @@ } } }, + { + "url": "https://w3id.org/citizenship/v1", + "content": { + "@context": { + "@version": 1.1, + "@protected": true, + "name": "http://schema.org/name", + "description": "http://schema.org/description", + "identifier": "http://schema.org/identifier", + "image": { + "@id": "http://schema.org/image", + "@type": "@id" + }, + "PermanentResidentCard": { + "@id": "https://w3id.org/citizenship#PermanentResidentCard", + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "description": "http://schema.org/description", + "name": "http://schema.org/name", + "identifier": "http://schema.org/identifier", + "image": { + "@id": "http://schema.org/image", + "@type": "@id" + } + } + }, + "PermanentResident": { + "@id": "https://w3id.org/citizenship#PermanentResident", + "@context": { + "@version": 1.1, + "@protected": true, + "id": "@id", + "type": "@type", + "ctzn": "https://w3id.org/citizenship#", + "schema": "http://schema.org/", + "xsd": "http://www.w3.org/2001/XMLSchema#", + "birthCountry": "ctzn:birthCountry", + "birthDate": { + "@id": "schema:birthDate", + "@type": "xsd:dateTime" + }, + "commuterClassification": "ctzn:commuterClassification", + "familyName": "schema:familyName", + "gender": "schema:gender", + "givenName": "schema:givenName", + "lprCategory": "ctzn:lprCategory", + "lprNumber": "ctzn:lprNumber", + "residentSince": { + "@id": "ctzn:residentSince", + "@type": "xsd:dateTime" + } + } + }, + "Person": "http://schema.org/Person" + } + } + }, { "url": "https://trustbloc.github.io/context/vc/examples/credit-card-v1.jsonld", "content": { diff --git a/test/bdd/fixtures/testdata/presentationdefinitions.json b/test/bdd/fixtures/testdata/presentationdefinitions.json index d0003c75..254b4778 100644 --- a/test/bdd/fixtures/testdata/presentationdefinitions.json +++ b/test/bdd/fixtures/testdata/presentationdefinitions.json @@ -36,6 +36,15 @@ ] } }, + "prc:local": { + "name": "Permanent Resident Card", + "purpose": "Verify your identity.", + "schema": [ + { + "uri": "https://w3id.org/citizenship#PermanentResidentCard" + } + ] + }, "credit_score:remote": { "schema": [{ "uri": "https://example.org/examples#AuthorizationCredential" diff --git a/test/bdd/pkg/rp/rp_steps.go b/test/bdd/pkg/rp/rp_steps.go index 533e4049..02d67c7f 100644 --- a/test/bdd/pkg/rp/rp_steps.go +++ b/test/bdd/pkg/rp/rp_steps.go @@ -56,7 +56,7 @@ import ( const ( // AdapterURL is RP adapter endpoint. - AdapterURL = "https://localhost:8070" + AdapterURL = "https://rp-adapter-rest.trustbloc.local:8070" hydraAdminURL = "https://localhost:4445/" hydraPublicURL = "https://localhost:4444/"