akramer/digital-credentials-public-validator
akramer/digital-credentials-public-validator
0
0
Fork 0
Code Issues Pull Requests Activity

Replace run(resource) override to inspect standalone endorsement

Browse Source
This commit is contained in:
Andy Miller (IMS) 2022-12-20 12:54:59 -08:00
parent d37aadaf13
commit 043f4b6a25
1 changed files with 103 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
inspector-vc/src/main/java/org/oneedtech/inspect/vc/EndorsementInspector.java
View File

@ -1,6 +1,7 @@
package org.oneedtech.inspect.vc; package org.oneedtech.inspect.vc;
import static java.lang.Boolean.TRUE; import static java.lang.Boolean.TRUE;
import static org.oneedtech.inspect.core.Inspector.Behavior.RESET_CACHES_ON_RUN;
import static org.oneedtech.inspect.core.probe.RunContext.Key.*; import static org.oneedtech.inspect.core.probe.RunContext.Key.*;
import static org.oneedtech.inspect.core.report.ReportUtil.onProbeException; import static org.oneedtech.inspect.core.report.ReportUtil.onProbeException;
import static org.oneedtech.inspect.util.code.Defensives.checkNotNull; import static org.oneedtech.inspect.util.code.Defensives.checkNotNull;
@ -19,14 +20,19 @@ import org.oneedtech.inspect.core.probe.GeneratedObject;
import org.oneedtech.inspect.core.probe.Probe; import org.oneedtech.inspect.core.probe.Probe;
import org.oneedtech.inspect.core.probe.RunContext; import org.oneedtech.inspect.core.probe.RunContext;
import org.oneedtech.inspect.core.probe.json.JsonPathEvaluator; import org.oneedtech.inspect.core.probe.json.JsonPathEvaluator;
import org.oneedtech.inspect.core.probe.json.JsonSchemaProbe;
import org.oneedtech.inspect.core.report.Report; import org.oneedtech.inspect.core.report.Report;
import org.oneedtech.inspect.core.report.ReportItems; import org.oneedtech.inspect.core.report.ReportItems;
import org.oneedtech.inspect.schema.JsonSchemaCache;
import org.oneedtech.inspect.schema.SchemaKey;
import org.oneedtech.inspect.util.json.ObjectMapperCache; import org.oneedtech.inspect.util.json.ObjectMapperCache;
import org.oneedtech.inspect.util.resource.Resource; import org.oneedtech.inspect.util.resource.Resource;
import org.oneedtech.inspect.util.resource.UriResource; import org.oneedtech.inspect.util.resource.UriResource;
import org.oneedtech.inspect.util.resource.context.ResourceContext; import org.oneedtech.inspect.util.resource.context.ResourceContext;
import org.oneedtech.inspect.vc.VerifiableCredential.Type; import org.oneedtech.inspect.vc.VerifiableCredential.Type;
import org.oneedtech.inspect.vc.probe.ContextPropertyProbe; import org.oneedtech.inspect.vc.probe.ContextPropertyProbe;
import org.oneedtech.inspect.vc.probe.CredentialParseProbe;
import org.oneedtech.inspect.vc.probe.CredentialSubjectProbe;
import org.oneedtech.inspect.vc.probe.EmbeddedProofProbe; import org.oneedtech.inspect.vc.probe.EmbeddedProofProbe;
import org.oneedtech.inspect.vc.probe.ExpirationProbe; import org.oneedtech.inspect.vc.probe.ExpirationProbe;
import org.oneedtech.inspect.vc.probe.ExternalProofProbe; import org.oneedtech.inspect.vc.probe.ExternalProofProbe;
@ -34,9 +40,11 @@ import org.oneedtech.inspect.vc.probe.InlineJsonSchemaProbe;
import org.oneedtech.inspect.vc.probe.IssuanceProbe; import org.oneedtech.inspect.vc.probe.IssuanceProbe;
import org.oneedtech.inspect.vc.probe.RevocationListProbe; import org.oneedtech.inspect.vc.probe.RevocationListProbe;
import org.oneedtech.inspect.vc.probe.TypePropertyProbe; import org.oneedtech.inspect.vc.probe.TypePropertyProbe;
import org.oneedtech.inspect.vc.util.CachingDocumentLoader;
import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.ImmutableList;
/** /**
* An inspector for EndorsementCredential objects. * An inspector for EndorsementCredential objects.
@ -44,8 +52,11 @@ import com.fasterxml.jackson.databind.ObjectMapper;
*/ */
public class EndorsementInspector extends VCInspector implements SubInspector { public class EndorsementInspector extends VCInspector implements SubInspector {
protected final List<Probe<VerifiableCredential>> userProbes;
protected <B extends VCInspector.Builder<?>> EndorsementInspector(B builder) { protected <B extends VCInspector.Builder<?>> EndorsementInspector(B builder) {
super(builder); super(builder);
this.userProbes = ImmutableList.copyOf(builder.probes);
} }
@Override @Override
@ -127,8 +138,98 @@ public class EndorsementInspector extends VCInspector implements SubInspector {
} }
@Override @Override
public <R extends Resource> Report run(R resource) { public Report run(Resource resource) {
throw new IllegalStateException("must use #run(resource, map)"); super.check(resource);
if (getBehavior(RESET_CACHES_ON_RUN) == TRUE) {
JsonSchemaCache.reset();
CachingDocumentLoader.reset();
}
ObjectMapper mapper = ObjectMapperCache.get(DEFAULT);
JsonPathEvaluator jsonPath = new JsonPathEvaluator(mapper);
RunContext ctx = new RunContext.Builder()
.put(this)
.put(resource)
.put(JACKSON_OBJECTMAPPER, mapper)
.put(JSONPATH_EVALUATOR, jsonPath)
.put(GENERATED_OBJECT_BUILDER, new VerifiableCredential.Builder())
.build();
List<ReportItems> accumulator = new ArrayList<>();
int probeCount = 0;
try {
// detect type (png, svg, json, jwt) and extract json data
probeCount++;
accumulator.add(new CredentialParseProbe().run(resource, ctx));
if (broken(accumulator, true))
return abort(ctx, accumulator, probeCount);
// we expect the above to place a generated object in the context
VerifiableCredential endorsement = ctx.getGeneratedObject(VerifiableCredential.ID);
//context and type properties
VerifiableCredential.Type type = Type.EndorsementCredential;
for(Probe<JsonNode> probe : List.of(new ContextPropertyProbe(type), new TypePropertyProbe(type))) {
probeCount++;
accumulator.add(probe.run(endorsement.getJson(), ctx));
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
}
//canonical schema and inline schema
SchemaKey schema = endorsement.getSchemaKey().orElseThrow();
for(Probe<JsonNode> probe : List.of(new JsonSchemaProbe(schema), new InlineJsonSchemaProbe(schema))) {
probeCount++;
accumulator.add(probe.run(endorsement.getJson(), ctx));
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
}
//credentialSubject
probeCount++;
accumulator.add(new CredentialSubjectProbe().run(endorsement.getJson(), ctx));
//signatures, proofs
probeCount++;
if(endorsement.getProofType() == EXTERNAL){
//The credential originally contained in a JWT, validate the jwt and external proof.
accumulator.add(new ExternalProofProbe().run(endorsement, ctx));
} else {
accumulator.add(new EmbeddedProofProbe().run(endorsement, ctx));
}
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
//check refresh service if we are not already refreshed
probeCount++;
if(resource.getContext().get(REFRESHED) != TRUE) {
Optional<String> newID = checkRefreshService(endorsement, ctx);
if(newID.isPresent()) {
return this.run(
new UriResource(new URI(newID.get()))
.setContext(new ResourceContext(REFRESHED, TRUE)));
}
}
//revocation, expiration and issuance
for(Probe<Credential> probe : List.of(new RevocationListProbe(),
new ExpirationProbe(), new IssuanceProbe())) {
probeCount++;
accumulator.add(probe.run(endorsement, ctx));
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
}
//finally, run any user-added probes
for(Probe<VerifiableCredential> probe : userProbes) {
probeCount++;
accumulator.add(probe.run(endorsement, ctx));
}
} catch (Exception e) {
accumulator.add(onProbeException(Probe.ID.NO_UNCAUGHT_EXCEPTIONS, resource, e));
}
return new Report(ctx, new ReportItems(accumulator), probeCount);
} }
public static class Builder extends VCInspector.Builder<EndorsementInspector.Builder> { public static class Builder extends VCInspector.Builder<EndorsementInspector.Builder> {