clean up clr step #2
This commit is contained in:
parent
23a34bd470
commit
9da0e784a6
@ -127,5 +127,6 @@ public class Credential extends GeneratedObject {
|
||||
|
||||
public static final String ID = Credential.class.getCanonicalName();
|
||||
public static final List<ResourceType> RECOGNIZED_PAYLOAD_TYPES = List.of(SVG, PNG, JSON, JWT);
|
||||
public static final String CREDENTIAL_KEY = "CREDENTIAL_KEY";
|
||||
|
||||
}
|
||||
|
@ -5,6 +5,8 @@ import static org.oneedtech.inspect.core.probe.RunContext.Key.*;
|
||||
import static org.oneedtech.inspect.core.report.ReportUtil.onProbeException;
|
||||
import static org.oneedtech.inspect.util.code.Defensives.checkNotNull;
|
||||
import static org.oneedtech.inspect.util.json.ObjectMapperCache.Config.DEFAULT;
|
||||
import static org.oneedtech.inspect.vc.Credential.CREDENTIAL_KEY;
|
||||
import static org.oneedtech.inspect.vc.Credential.ProofType.EXTERNAL;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.ArrayList;
|
||||
@ -25,12 +27,12 @@ import org.oneedtech.inspect.util.resource.UriResource;
|
||||
import org.oneedtech.inspect.util.resource.context.ResourceContext;
|
||||
import org.oneedtech.inspect.vc.Credential.Type;
|
||||
import org.oneedtech.inspect.vc.probe.ContextPropertyProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExpirationVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.EmbeddedProofProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExpirationProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExternalProofProbe;
|
||||
import org.oneedtech.inspect.vc.probe.InlineJsonSchemaProbe;
|
||||
import org.oneedtech.inspect.vc.probe.IssuanceVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ProofVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.IssuanceProbe;
|
||||
import org.oneedtech.inspect.vc.probe.RevocationListProbe;
|
||||
import org.oneedtech.inspect.vc.probe.SignatureVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.TypePropertyProbe;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
@ -58,7 +60,7 @@ public class EndorsementInspector extends VCInspector implements SubInspector {
|
||||
*
|
||||
*/
|
||||
|
||||
Credential endorsement = (Credential) checkNotNull(parentObjects.get(ENDORSEMENT_KEY));
|
||||
Credential endorsement = (Credential) checkNotNull(parentObjects.get(CREDENTIAL_KEY));
|
||||
|
||||
ObjectMapper mapper = ObjectMapperCache.get(DEFAULT);
|
||||
JsonPathEvaluator jsonPath = new JsonPathEvaluator(mapper);
|
||||
@ -86,12 +88,12 @@ public class EndorsementInspector extends VCInspector implements SubInspector {
|
||||
|
||||
//signatures, proofs
|
||||
probeCount++;
|
||||
if(endorsement.getJwt().isPresent()){
|
||||
if(endorsement.getProofType() == EXTERNAL){
|
||||
//The credential originally contained in a JWT, validate the jwt and external proof.
|
||||
accumulator.add(new SignatureVerifierProbe().run(endorsement, ctx));
|
||||
accumulator.add(new ExternalProofProbe().run(endorsement, ctx));
|
||||
} else {
|
||||
//The credential not contained in a jwt, must have an internal proof.
|
||||
accumulator.add(new ProofVerifierProbe().run(endorsement, ctx));
|
||||
accumulator.add(new EmbeddedProofProbe().run(endorsement, ctx));
|
||||
|
||||
}
|
||||
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
|
||||
@ -110,7 +112,7 @@ public class EndorsementInspector extends VCInspector implements SubInspector {
|
||||
|
||||
//revocation, expiration and issuance
|
||||
for(Probe<Credential> probe : List.of(new RevocationListProbe(),
|
||||
new ExpirationVerifierProbe(), new IssuanceVerifierProbe())) {
|
||||
new ExpirationProbe(), new IssuanceProbe())) {
|
||||
probeCount++;
|
||||
accumulator.add(probe.run(endorsement, ctx));
|
||||
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
|
||||
@ -136,6 +138,4 @@ public class EndorsementInspector extends VCInspector implements SubInspector {
|
||||
}
|
||||
}
|
||||
|
||||
public static final String ENDORSEMENT_KEY = "ENDORSEMENT_KEY";
|
||||
|
||||
}
|
||||
|
@ -3,9 +3,10 @@ package org.oneedtech.inspect.vc;
|
||||
import static java.lang.Boolean.TRUE;
|
||||
import static org.oneedtech.inspect.core.Inspector.Behavior.RESET_CACHES_ON_RUN;
|
||||
import static org.oneedtech.inspect.core.report.ReportUtil.onProbeException;
|
||||
import static org.oneedtech.inspect.util.code.Defensives.*;
|
||||
import static org.oneedtech.inspect.util.json.ObjectMapperCache.Config.DEFAULT;
|
||||
import static org.oneedtech.inspect.vc.Credential.CREDENTIAL_KEY;
|
||||
import static org.oneedtech.inspect.vc.Credential.ProofType.EXTERNAL;
|
||||
import static org.oneedtech.inspect.vc.EndorsementInspector.ENDORSEMENT_KEY;
|
||||
import static org.oneedtech.inspect.vc.payload.PayloadParser.fromJwt;
|
||||
import static org.oneedtech.inspect.vc.util.JsonNodeUtil.asNodeList;
|
||||
|
||||
@ -15,7 +16,8 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.oneedtech.inspect.core.Inspector;
|
||||
import org.oneedtech.inspect.core.SubInspector;
|
||||
import org.oneedtech.inspect.core.probe.GeneratedObject;
|
||||
import org.oneedtech.inspect.core.probe.Probe;
|
||||
import org.oneedtech.inspect.core.probe.RunContext;
|
||||
import org.oneedtech.inspect.core.probe.RunContext.Key;
|
||||
@ -25,6 +27,7 @@ import org.oneedtech.inspect.core.report.Report;
|
||||
import org.oneedtech.inspect.core.report.ReportItems;
|
||||
import org.oneedtech.inspect.schema.JsonSchemaCache;
|
||||
import org.oneedtech.inspect.schema.SchemaKey;
|
||||
import org.oneedtech.inspect.util.code.Defensives;
|
||||
import org.oneedtech.inspect.util.json.ObjectMapperCache;
|
||||
import org.oneedtech.inspect.util.resource.Resource;
|
||||
import org.oneedtech.inspect.util.resource.ResourceType;
|
||||
@ -35,12 +38,12 @@ import org.oneedtech.inspect.vc.Credential.Type;
|
||||
import org.oneedtech.inspect.vc.probe.ContextPropertyProbe;
|
||||
import org.oneedtech.inspect.vc.probe.CredentialParseProbe;
|
||||
import org.oneedtech.inspect.vc.probe.CredentialSubjectProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExpirationVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExpirationProbe;
|
||||
import org.oneedtech.inspect.vc.probe.InlineJsonSchemaProbe;
|
||||
import org.oneedtech.inspect.vc.probe.IssuanceVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ProofVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.IssuanceProbe;
|
||||
import org.oneedtech.inspect.vc.probe.EmbeddedProofProbe;
|
||||
import org.oneedtech.inspect.vc.probe.RevocationListProbe;
|
||||
import org.oneedtech.inspect.vc.probe.SignatureVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExternalProofProbe;
|
||||
import org.oneedtech.inspect.vc.probe.TypePropertyProbe;
|
||||
import org.oneedtech.inspect.vc.util.CachingDocumentLoader;
|
||||
|
||||
@ -52,7 +55,7 @@ import com.google.common.collect.ImmutableList;
|
||||
* A verifier for Open Badges 3.0.
|
||||
* @author mgylling
|
||||
*/
|
||||
public class OB30Inspector extends VCInspector {
|
||||
public class OB30Inspector extends VCInspector implements SubInspector {
|
||||
protected final List<Probe<Credential>> userProbes;
|
||||
|
||||
protected OB30Inspector(OB30Inspector.Builder builder) {
|
||||
@ -63,6 +66,14 @@ public class OB30Inspector extends VCInspector {
|
||||
//https://docs.google.com/document/d/1_imUl2K-5tMib0AUxwA9CWb0Ap1b3qif0sXydih68J0/edit#
|
||||
//https://imsglobal.github.io/openbadges-specification/ob_v3p0.html#verificaton-and-validation
|
||||
|
||||
/*
|
||||
* This inspector supports both standalone openbadge verification, as well as verification of
|
||||
* AchievementCredentials embedded in e.g. CLR.
|
||||
*
|
||||
* When verifying a standalone AchievementCredential, call the run(Resource) method. When verifying
|
||||
* an embedded AchievementCredential, call the run(Resource, Map) method.
|
||||
*/
|
||||
|
||||
@Override
|
||||
public Report run(Resource resource) {
|
||||
super.check(resource); //TODO because URIs, this should be a fetch and cache
|
||||
@ -89,11 +100,48 @@ public class OB30Inspector extends VCInspector {
|
||||
//detect type (png, svg, json, jwt) and extract json data
|
||||
probeCount++;
|
||||
accumulator.add(new CredentialParseProbe().run(resource, ctx));
|
||||
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
|
||||
if(broken(accumulator, true)) return abort(ctx, accumulator, probeCount);
|
||||
|
||||
//we expect the above to place a generated object in the context
|
||||
Credential ob = ctx.getGeneratedObject(Credential.ID);
|
||||
|
||||
//call the subinspector method of this
|
||||
Report subReport = this.run(resource, Map.of(Credential.CREDENTIAL_KEY, ob));
|
||||
probeCount += subReport.getSummary().getTotalRun();
|
||||
accumulator.add(subReport);
|
||||
|
||||
//finally, run any user-added probes
|
||||
for(Probe<Credential> probe : userProbes) {
|
||||
probeCount++;
|
||||
accumulator.add(probe.run(ob, ctx));
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
accumulator.add(onProbeException(Probe.ID.NO_UNCAUGHT_EXCEPTIONS, resource, e));
|
||||
}
|
||||
|
||||
return new Report(ctx, new ReportItems(accumulator), probeCount);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Report run(Resource resource, Map<String, GeneratedObject> parentObjects) {
|
||||
|
||||
Credential ob = checkNotNull((Credential)parentObjects.get(CREDENTIAL_KEY));
|
||||
|
||||
ObjectMapper mapper = ObjectMapperCache.get(DEFAULT);
|
||||
JsonPathEvaluator jsonPath = new JsonPathEvaluator(mapper);
|
||||
RunContext ctx = new RunContext.Builder()
|
||||
.put(this)
|
||||
.put(resource)
|
||||
.put(Key.JACKSON_OBJECTMAPPER, mapper)
|
||||
.put(Key.JSONPATH_EVALUATOR, jsonPath)
|
||||
.build();
|
||||
|
||||
List<ReportItems> accumulator = new ArrayList<>();
|
||||
int probeCount = 0;
|
||||
|
||||
try {
|
||||
|
||||
//context and type properties
|
||||
Credential.Type type = Type.OpenBadgeCredential;
|
||||
for(Probe<JsonNode> probe : List.of(new ContextPropertyProbe(type), new TypePropertyProbe(type))) {
|
||||
@ -111,16 +159,17 @@ public class OB30Inspector extends VCInspector {
|
||||
}
|
||||
|
||||
//credentialSubject
|
||||
probeCount++;
|
||||
accumulator.add(new CredentialSubjectProbe().run(ob.getJson(), ctx));
|
||||
|
||||
//signatures, proofs
|
||||
probeCount++;
|
||||
if(ob.getProofType() == EXTERNAL){
|
||||
//The credential originally contained in a JWT, validate the jwt and external proof.
|
||||
accumulator.add(new SignatureVerifierProbe().run(ob, ctx));
|
||||
accumulator.add(new ExternalProofProbe().run(ob, ctx));
|
||||
} else {
|
||||
//The credential not contained in a jwt, must have an internal proof.
|
||||
accumulator.add(new ProofVerifierProbe().run(ob, ctx));
|
||||
accumulator.add(new EmbeddedProofProbe().run(ob, ctx));
|
||||
}
|
||||
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
|
||||
|
||||
@ -137,7 +186,7 @@ public class OB30Inspector extends VCInspector {
|
||||
|
||||
//revocation, expiration and issuance
|
||||
for(Probe<Credential> probe : List.of(new RevocationListProbe(),
|
||||
new ExpirationVerifierProbe(), new IssuanceVerifierProbe())) {
|
||||
new ExpirationProbe(), new IssuanceProbe())) {
|
||||
probeCount++;
|
||||
accumulator.add(probe.run(ob, ctx));
|
||||
if(broken(accumulator)) return abort(ctx, accumulator, probeCount);
|
||||
@ -150,7 +199,7 @@ public class OB30Inspector extends VCInspector {
|
||||
for(JsonNode node : endorsements) {
|
||||
probeCount++;
|
||||
Credential endorsement = new Credential(resource, node);
|
||||
accumulator.add(endorsementInspector.run(resource, Map.of(ENDORSEMENT_KEY, endorsement)));
|
||||
accumulator.add(endorsementInspector.run(resource, Map.of(CREDENTIAL_KEY, endorsement)));
|
||||
}
|
||||
|
||||
//embedded jwt endorsements
|
||||
@ -160,13 +209,7 @@ public class OB30Inspector extends VCInspector {
|
||||
String jwt = node.asText();
|
||||
JsonNode vcNode = fromJwt(jwt, ctx);
|
||||
Credential endorsement = new Credential(resource, vcNode, jwt);
|
||||
accumulator.add(endorsementInspector.run(resource, Map.of(ENDORSEMENT_KEY, endorsement)));
|
||||
}
|
||||
|
||||
//finally, run any user-added probes
|
||||
for(Probe<Credential> probe : userProbes) {
|
||||
probeCount++;
|
||||
accumulator.add(probe.run(ob, ctx));
|
||||
accumulator.add(endorsementInspector.run(resource, Map.of(CREDENTIAL_KEY, endorsement)));
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
@ -174,6 +217,7 @@ public class OB30Inspector extends VCInspector {
|
||||
}
|
||||
|
||||
return new Report(ctx, new ReportItems(accumulator), probeCount);
|
||||
|
||||
}
|
||||
|
||||
public static class Builder extends VCInspector.Builder<OB30Inspector.Builder> {
|
||||
@ -185,5 +229,4 @@ public class OB30Inspector extends VCInspector {
|
||||
return new OB30Inspector(this);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
@ -28,11 +28,15 @@ public abstract class VCInspector extends Inspector {
|
||||
}
|
||||
|
||||
protected boolean broken(List<ReportItems> accumulator) {
|
||||
if(getBehavior(Inspector.Behavior.VALIDATOR_FAIL_FAST) == Boolean.FALSE) {
|
||||
return broken(accumulator, false);
|
||||
}
|
||||
|
||||
protected boolean broken(List<ReportItems> accumulator, boolean force) {
|
||||
if(!force && getBehavior(Inspector.Behavior.VALIDATOR_FAIL_FAST) == Boolean.FALSE) {
|
||||
return false;
|
||||
}
|
||||
for(ReportItems items : accumulator) {
|
||||
if(items.contains(Outcome.FATAL, Outcome.EXCEPTION, Outcome.NOT_RUN)) return true;
|
||||
if(items.contains(Outcome.FATAL, Outcome.EXCEPTION)) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
@ -18,10 +18,10 @@ import com.apicatalog.vc.processor.StatusVerifier;
|
||||
import jakarta.json.JsonObject;
|
||||
|
||||
/**
|
||||
* A Probe that verifies a credential's proof.
|
||||
* A Probe that verifies a credential's embedded proof.
|
||||
* @author mgylling
|
||||
*/
|
||||
public class ProofVerifierProbe extends Probe<Credential> {
|
||||
public class EmbeddedProofProbe extends Probe<Credential> {
|
||||
|
||||
/*
|
||||
* Note: using com.apicatalog Iron, we get a generic VC verifier that
|
||||
@ -32,7 +32,7 @@ public class ProofVerifierProbe extends Probe<Credential> {
|
||||
* (aka is not a jwt).
|
||||
*/
|
||||
|
||||
public ProofVerifierProbe() {
|
||||
public EmbeddedProofProbe() {
|
||||
super(ID);
|
||||
}
|
||||
|
||||
@ -71,5 +71,5 @@ public class ProofVerifierProbe extends Probe<Credential> {
|
||||
}
|
||||
}
|
||||
|
||||
public static final String ID = ProofVerifierProbe.class.getSimpleName();
|
||||
public static final String ID = EmbeddedProofProbe.class.getSimpleName();
|
||||
}
|
@ -13,9 +13,9 @@ import com.fasterxml.jackson.databind.JsonNode;
|
||||
* A Probe that verifies a credential's expiration status
|
||||
* @author mgylling
|
||||
*/
|
||||
public class ExpirationVerifierProbe extends Probe<Credential> {
|
||||
public class ExpirationProbe extends Probe<Credential> {
|
||||
|
||||
public ExpirationVerifierProbe() {
|
||||
public ExpirationProbe() {
|
||||
super(ID);
|
||||
}
|
||||
|
||||
@ -39,5 +39,5 @@ public class ExpirationVerifierProbe extends Probe<Credential> {
|
||||
return success(ctx);
|
||||
}
|
||||
|
||||
public static final String ID = ExpirationVerifierProbe.class.getSimpleName();
|
||||
public static final String ID = ExpirationProbe.class.getSimpleName();
|
||||
}
|
@ -36,12 +36,12 @@ import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.google.common.base.Splitter;
|
||||
|
||||
/**
|
||||
* A Probe that verifies credential signatures
|
||||
* A Probe that verifies credential external proof (jwt)
|
||||
* @author mlyon
|
||||
*/
|
||||
public class SignatureVerifierProbe extends Probe<Credential> {
|
||||
public class ExternalProofProbe extends Probe<Credential> {
|
||||
|
||||
public SignatureVerifierProbe() {
|
||||
public ExternalProofProbe() {
|
||||
super(ID);
|
||||
}
|
||||
|
||||
@ -146,6 +146,6 @@ public class SignatureVerifierProbe extends Probe<Credential> {
|
||||
return responseString;
|
||||
}
|
||||
|
||||
public static final String ID = SignatureVerifierProbe.class.getSimpleName();
|
||||
public static final String ID = ExternalProofProbe.class.getSimpleName();
|
||||
|
||||
}
|
@ -38,10 +38,7 @@ public class InlineJsonSchemaProbe extends Probe<JsonNode> {
|
||||
List<ReportItems> accumulator = new ArrayList<>();
|
||||
Set<String> ioErrors = new HashSet<>();
|
||||
|
||||
// JsonPathEvaluator jsonPath = ctx.get(RunContext.Key.JSONPATH_EVALUATOR);
|
||||
// ArrayNode nodes = jsonPath.eval("$..*[?(@.credentialSchema)]", crd.getJson());
|
||||
// note - we dont get deep nested ones in e.g. EndorsementCredential
|
||||
|
||||
//note - we don't get deep nested ones in e.g. EndorsementCredential
|
||||
JsonNode credentialSchemaNode = root.get("credentialSchema");
|
||||
if(credentialSchemaNode == null) return success(ctx);
|
||||
|
||||
|
@ -13,9 +13,9 @@ import com.fasterxml.jackson.databind.JsonNode;
|
||||
* A Probe that verifies a credential's issuance status
|
||||
* @author mgylling
|
||||
*/
|
||||
public class IssuanceVerifierProbe extends Probe<Credential> {
|
||||
public class IssuanceProbe extends Probe<Credential> {
|
||||
|
||||
public IssuanceVerifierProbe() {
|
||||
public IssuanceProbe() {
|
||||
super(ID);
|
||||
}
|
||||
|
||||
@ -39,5 +39,5 @@ public class IssuanceVerifierProbe extends Probe<Credential> {
|
||||
return success(ctx);
|
||||
}
|
||||
|
||||
public static final String ID = IssuanceVerifierProbe.class.getSimpleName();
|
||||
public static final String ID = IssuanceProbe.class.getSimpleName();
|
||||
}
|
@ -11,10 +11,10 @@ import org.oneedtech.inspect.core.probe.json.JsonSchemaProbe;
|
||||
import org.oneedtech.inspect.core.report.Report;
|
||||
import org.oneedtech.inspect.test.PrintHelper;
|
||||
import org.oneedtech.inspect.vc.probe.ContextPropertyProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExpirationVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ExpirationProbe;
|
||||
import org.oneedtech.inspect.vc.probe.InlineJsonSchemaProbe;
|
||||
import org.oneedtech.inspect.vc.probe.IssuanceVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.ProofVerifierProbe;
|
||||
import org.oneedtech.inspect.vc.probe.IssuanceProbe;
|
||||
import org.oneedtech.inspect.vc.probe.EmbeddedProofProbe;
|
||||
import org.oneedtech.inspect.vc.probe.TypePropertyProbe;
|
||||
|
||||
import com.google.common.collect.Iterables;
|
||||
@ -96,7 +96,7 @@ public class OB30Tests {
|
||||
if(verbose) PrintHelper.print(report, true);
|
||||
assertInvalid(report);
|
||||
assertErrorCount(report, 1);
|
||||
assertHasProbeID(report, ProofVerifierProbe.ID, true);
|
||||
assertHasProbeID(report, EmbeddedProofProbe.ID, true);
|
||||
});
|
||||
}
|
||||
|
||||
@ -107,7 +107,7 @@ public class OB30Tests {
|
||||
Report report = validator.run(Samples.OB30.JSON.SIMPLE_JSON_EXPIRED.asFileResource());
|
||||
if(verbose) PrintHelper.print(report, true);
|
||||
assertInvalid(report);
|
||||
assertHasProbeID(report, ExpirationVerifierProbe.ID, true);
|
||||
assertHasProbeID(report, ExpirationProbe.ID, true);
|
||||
});
|
||||
}
|
||||
|
||||
@ -142,7 +142,7 @@ public class OB30Tests {
|
||||
Report report = validator.run(Samples.OB30.JSON.SIMPLE_JSON_ISSUED.asFileResource());
|
||||
if(verbose) PrintHelper.print(report, true);
|
||||
assertInvalid(report);
|
||||
assertHasProbeID(report, IssuanceVerifierProbe.ID, true);
|
||||
assertHasProbeID(report, IssuanceProbe.ID, true);
|
||||
});
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user