Merge pull request #839 from boschresearch/feature/self-attested-2

Support for self attested attributes in the proof template

Author: Philipp Etschel

backend/business-partner-agent/pom.xml

@@ -149,7 +149,7 @@
         <dependency>
             <groupId>network.idu.acapy</groupId>
             <artifactId>aries-client-python</artifactId>
-            <version>0.7.30</version>
+            <version>0.7.31</version>
         </dependency>
         <dependency>
             <groupId>org.hyperledger.business-partner-agent</groupId>

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/controller/api/prooftemplates/AttributeGroup.java

@@ -18,7 +18,7 @@
 package org.hyperledger.bpa.controller.api.prooftemplates;
 
 import io.micronaut.core.annotation.Introspected;
-import io.micronaut.core.util.CollectionUtils;
+import io.micronaut.core.annotation.Nullable;
 import lombok.*;
 
 import javax.validation.Valid;
@@ -46,15 +46,11 @@ public class AttributeGroup {
     @Builder.Default
     private Boolean nonRevoked = Boolean.FALSE;
 
-    @NotNull
+    @Nullable
     @Builder.Default
+    private Boolean allowSelfAttested = Boolean.FALSE;
+
     @Valid
-    private List<SchemaRestrictions> schemaLevelRestrictions = List.of(SchemaRestrictions.builder().build());
-
-    public List<SchemaRestrictions> getSchemaLevelRestrictions() {
-        if (CollectionUtils.isEmpty(schemaLevelRestrictions)) {
-            return List.of(SchemaRestrictions.builder().build());
-        }
-        return schemaLevelRestrictions;
-    }
+    @Nullable
+    private List<SchemaRestrictions> schemaLevelRestrictions;
 }

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/controller/api/prooftemplates/SchemaRestrictions.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020-2021 - for information on the respective copyright owner
+ * Copyright (c) 2020-2022 - for information on the respective copyright owner
  * see the NOTICE file and/or the repository at
  * https://github.com/hyperledger-labs/business-partner-agent
  *
@@ -15,21 +15,21 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.hyperledger.bpa.controller.api.prooftemplates;
 
+import io.micronaut.core.annotation.Introspected;
 import io.micronaut.core.annotation.Nullable;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import org.hyperledger.aries.api.present_proof.PresentProofRequest;
 import org.hyperledger.bpa.impl.verification.ValidUUID;
 
 @Data
 @NoArgsConstructor
 @AllArgsConstructor
 @Builder
+@Introspected
 public class SchemaRestrictions {
 
     @Nullable
@@ -45,16 +45,4 @@ public class SchemaRestrictions {
     private String credentialDefinitionId;
     @Nullable
     private String issuerDid;
-
-    public static SchemaRestrictions fromProofRestrictions(PresentProofRequest.ProofRequest.ProofRestrictions r) {
-        return SchemaRestrictions
-                .builder()
-                .schemaId(r.getSchemaId())
-                .schemaName(r.getSchemaName())
-                .schemaVersion(r.getSchemaVersion())
-                .schemaIssuerDid(r.getSchemaIssuerDid())
-                .credentialDefinitionId(r.getCredentialDefinitionId())
-                .issuerDid(r.getIssuerDid())
-                .build();
-    }
 }

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/impl/aries/proof/VerifierLDManager.java

@@ -38,6 +38,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.UUID;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -97,7 +98,9 @@ private V2DIFProofRequest.PresentationDefinition.InputDescriptors groupToDescrip
     }
 
     private Map<UUID, DIFField> buildDifFieldsFromGroup(@NonNull BPAAttributeGroup group) {
-        Map<UUID, DIFField> issuerRestrictions = group.getSchemaLevelRestrictions()
+        List<BPASchemaRestrictions> restrictions = Objects.requireNonNullElse(group.getSchemaLevelRestrictions(),
+                List.of());
+        Map<UUID, DIFField> issuerRestrictions = restrictions
                 .stream()
                 .map(BPASchemaRestrictions::getIssuerDid)
                 .filter(StringUtils::isNotEmpty)

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/impl/aries/prooftemplates/Attributes.java

@@ -20,7 +20,8 @@
 import lombok.Builder;
 import lombok.Data;
 import lombok.Singular;
-import org.hyperledger.aries.api.present_proof.PresentProofRequest;
+import org.hyperledger.aries.api.present_proof.PresentProofRequest.ProofRequest.ProofRequestedAttributes;
+import org.hyperledger.aries.api.present_proof.PresentProofRequest.ProofRequest.ProofRestrictions.ProofRestrictionsBuilder;
 import org.hyperledger.bpa.persistence.model.prooftemplate.BPASchemaRestrictions;
 
 import java.util.List;
@@ -39,21 +40,17 @@ public class Attributes {
     @Singular
     private Map<String, String> equals;
 
-    public void addToBuilder(
-            BiConsumer<String, PresentProofRequest.ProofRequest.ProofRequestedAttributes> builderSink) {
-        List<PresentProofRequest.ProofRequest.ProofRestrictions.ProofRestrictionsBuilder> restrictionsBuilder = ProofTemplateElementVisitor
-                .asProofRestrictionsBuilder(
-                        schemaRestrictions);
+    public void addToBuilder(BiConsumer<String, ProofRequestedAttributes> builderSink) {
+        List<ProofRestrictionsBuilder> restrictionsBuilder = ProofTemplateElementVisitor
+                .asProofRestrictionsBuilder(schemaRestrictions);
         restrictionsBuilder.forEach(r -> equals.forEach(r::addAttributeValueRestriction));
 
-        PresentProofRequest.ProofRequest.ProofRequestedAttributes.ProofRequestedAttributesBuilder builder = PresentProofRequest.ProofRequest.ProofRequestedAttributes
-                .builder()
+        ProofRequestedAttributes.ProofRequestedAttributesBuilder builder = ProofRequestedAttributes.builder()
                 .names(names)
-                // TODO only set when set in restriction
-                .restrictions(restrictionsBuilder.stream().map(res -> res.schemaId(schemaId).build().toJsonObject())
+                .restrictions(restrictionsBuilder.stream()
+                        .map(res -> res.schemaId(schemaId).build().toJsonObject())
                         .collect(Collectors.toList()));
 
         builderSink.accept(schemaId, revocationApplicator.applyOn(builder).build());
-
     }
 }

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/impl/aries/prooftemplates/ProofTemplateConversion.java

@@ -22,6 +22,7 @@
 import jakarta.inject.Singleton;
 import lombok.extern.slf4j.Slf4j;
 import org.hyperledger.aries.api.present_proof.PresentProofRequest;
+import org.hyperledger.aries.api.present_proof.PresentProofRequestHelper;
 import org.hyperledger.bpa.api.aries.SchemaAPI;
 import org.hyperledger.bpa.api.exception.PartnerException;
 import org.hyperledger.bpa.config.BPAMessageSource;
@@ -80,6 +81,11 @@ public PresentProofRequest proofRequestViaVisitorFrom(@NonNull UUID partnerId,
     @NonNull
     public PresentProofRequest.PresentProofRequestBuilder templateToProofRequest(
             @NonNull @Valid BPAProofTemplate proofTemplate) {
+
+        if (proofTemplate.allowSelfAttested()) {
+            return buildForSelfAttestation(proofTemplate);
+        }
+
         ProofTemplateElementVisitor proofTemplateElementVisitor = new ProofTemplateElementVisitor(
                 this::resolveLedgerSchemaId,
                 new RevocationTimeStampProvider(clock));
@@ -110,4 +116,10 @@ private Stream<Pair<String, BPAAttribute>> pairSchemaIdWithAttributes(@NonNull B
                 .orElse(Stream.empty());
     }
 
+    PresentProofRequest.PresentProofRequestBuilder buildForSelfAttestation(@NonNull BPAProofTemplate proofTemplate) {
+        return PresentProofRequestHelper.buildForSelfAttestation(
+                proofTemplate.getName(),
+                proofTemplate.collectSelfAttestedAttributes());
+    }
+
 }

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/impl/aries/prooftemplates/ProofTemplateElementVisitor.java

@@ -17,6 +17,7 @@
  */
 package org.hyperledger.bpa.impl.aries.prooftemplates;
 
+import lombok.NonNull;
 import org.hyperledger.aries.api.present_proof.PresentProofRequest;
 import org.hyperledger.bpa.impl.util.Pair;
 import org.hyperledger.bpa.persistence.model.BPAProofTemplate;
@@ -66,14 +67,16 @@ public class ProofTemplateElementVisitor {
     }
 
     static List<PresentProofRequest.ProofRequest.ProofRestrictions.ProofRestrictionsBuilder> asProofRestrictionsBuilder(
-            List<BPASchemaRestrictions> schemaRestrictions) {
-        return schemaRestrictions.stream().map(res -> PresentProofRequest.ProofRequest.ProofRestrictions.builder()
-                .schemaId(res.getSchemaId())
-                .schemaName(res.getSchemaName())
-                .schemaVersion(res.getSchemaVersion())
-                .schemaIssuerDid(res.getSchemaIssuerDid())
-                .credentialDefinitionId(res.getCredentialDefinitionId())
-                .issuerDid(res.getIssuerDid())).collect(Collectors.toList());
+            @NonNull List<BPASchemaRestrictions> schemaRestrictions) {
+        return schemaRestrictions.stream()
+                .map(res -> PresentProofRequest.ProofRequest.ProofRestrictions.builder()
+                        .schemaId(res.getSchemaId())
+                        .schemaName(res.getSchemaName())
+                        .schemaVersion(res.getSchemaVersion())
+                        .schemaIssuerDid(res.getSchemaIssuerDid())
+                        .credentialDefinitionId(res.getCredentialDefinitionId())
+                        .issuerDid(res.getIssuerDid()))
+                .collect(Collectors.toList());
     }
 
     private NonRevocationApplicator getRevocationApplicator(Pair<String, ?> schemaAndAttributesBuilder) {

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/impl/verification/ValidatorFactory.java

@@ -79,6 +79,18 @@ ConstraintValidator<SameSchemaType, BPAProofTemplate> sameSchemaType(SchemaServi
         };
     }
 
+    @Singleton
+    ConstraintValidator<SameGroupType, BPAProofTemplate> sameAttributeGroupType() {
+        return (value, annotationMetadata, context) -> {
+            if (value == null || value.getAttributeGroups() == null) {
+                return true;
+            }
+            int selfAttested = value.streamAttributeGroups()
+                    .filter(BPAAttributeGroup::allowSelfAttested).toList().size();
+            return selfAttested == 0 || selfAttested == value.getAttributeGroups().getAttributeGroups().size();
+        };
+    }
+
     // TODO find a way to validate single list entries in isolation. This shows the
     // whole list as invalid, even if it's only one entry.
     @Singleton

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/impl/verification/prooftemplates/SameGroupType.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2020-2022 - for information on the respective copyright owner
+ * see the NOTICE file and/or the repository at
+ * https://github.com/hyperledger-labs/business-partner-agent
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.hyperledger.bpa.impl.verification.prooftemplates;
+
+import javax.validation.Constraint;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.TYPE_USE;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ TYPE_USE, FIELD, })
+@Constraint(validatedBy = {})
+public @interface SameGroupType {
+
+    String message() default "Either all groups need to allow self-attestation, or none";
+}

backend/business-partner-agent/src/main/java/org/hyperledger/bpa/persistence/model/BPAProofTemplate.java

@@ -29,7 +29,9 @@
 import lombok.NoArgsConstructor;
 import org.hyperledger.bpa.api.CredentialType;
 import org.hyperledger.bpa.controller.api.prooftemplates.ProofTemplate;
+import org.hyperledger.bpa.impl.verification.prooftemplates.SameGroupType;
 import org.hyperledger.bpa.impl.verification.prooftemplates.SameSchemaType;
+import org.hyperledger.bpa.persistence.model.prooftemplate.BPAAttribute;
 import org.hyperledger.bpa.persistence.model.prooftemplate.BPAAttributeGroup;
 import org.hyperledger.bpa.persistence.model.prooftemplate.BPAAttributeGroups;
 
@@ -38,7 +40,10 @@
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import java.time.Instant;
+import java.util.List;
+import java.util.Set;
 import java.util.UUID;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 @Data
@@ -48,6 +53,7 @@
 @Introspected
 @Entity
 @SameSchemaType
+@SameGroupType
 @Table(name = "bpa_proof_template")
 public class BPAProofTemplate {
     @Id
@@ -104,4 +110,21 @@ public boolean typeIsIndy() {
     public boolean typeIsJsonLD() {
         return CredentialType.JSON_LD.equals(type);
     }
+
+    public boolean allowSelfAttested() {
+        return streamAttributeGroups()
+                .map(BPAAttributeGroup::allowSelfAttested)
+                .findFirst()
+                .orElse(Boolean.FALSE);
+    }
+
+    public Set<String> collectSelfAttestedAttributes() {
+        return streamAttributeGroups()
+                .filter(BPAAttributeGroup::allowSelfAttested)
+                .map(BPAAttributeGroup::getAttributes)
+                .flatMap(List::stream)
+                .map(BPAAttribute::getName)
+                .collect(Collectors.toSet());
+
+    }
 }