Release/2.x (#121)

* fix(backend): adapt endpoints to oidc4vci (#111)

* transaction code

* update credential response

* refactor(project): fix sonar issues

(cherry picked from commit 1d20432)

* build(gradle): update version

* fix(workflow): remove unused if

* feat(workflow): lear credential machine

* fix(service): check optionally exp in jwt proof payload

* fix(service): change learcredentialmachine verifications

* Feature/add sign access request (#128)

* fix(shared): add new sad call in remote signature service

* fix(service): change remote signature

* fix(service): change media type on credentials authorize call

* test(controller): global exception handler

* fix(domain): change credential status enum name

* feat(domain): add credential status

* feat(domain): build credential with status

* feat(controller): add credential status controller

* feat(workflow): add credential status workflow

* feat(service): add credential status service

* feat(service): add credential revocation

* feat(controller): add list id

* refactor(project): naming

* ci(github): add trigger

* refactor(domain): fix name

* fix(service): allow save entity, adding other id

* test(service): fix entity construction

* fix(flyway): fix sql

* fix(domain): fix repo jpa sentence

* fix(flyway): make nonce unique

* fix(domain): create credential status list index as nonce

* feat(service): add authorization

* test(service): add more tests

* test(service): add more tests

* fix(domain): fix getClaimFromPayload returning raw string claims without quotes

* credential_status update

* fix auth and nonce

* fix status

* validated status

* changed credential_status for lifeCycleStatus

* No security for revocation GET endpoint

* fix(chore): fix merge conflicts

* fix(domain): fix credential status url

* Feature/label credential (#129)

* add updated api contract

* add updated api contract

* update credential offer types

* label credential

* fix(chore): fix errors

* fix(flyway): change version number

* refactor(domain): remove comments

---------

Co-authored-by: Albert Rodríguez <[email protected]>

* set organizationId in label credential credential procedure (#137)

* fix(service): add organization identifier

* refactor(service): replace lambda

* fix(service): notification label credential

* fix(domain): json property typo

* credentialStatus

* modified revoke credential method

* credentialStatus in LabelCredential

* fix in bindIssuer for status

* changes read token mandator

* Revert "lear"

This reverts commit 3028a42.

* Revert "changes read token mandator"

This reverts commit c12286b.

* fix type

* Label credential Factory tests

* Sonar fixes

* fix mail

* credentialStatus for LearCredentialMachine

* revoked credential notification

* version

* wallet url fix

* notification for expired credentials

* type fix

* error control

* Feature/2.x lear credential machine back back (#139)

* feat(workflow): lear credential machine

* fix(service): change learcredentialmachine verifications

* build(gradle): update version

* fix(chore): fix merge conflicts

* changes read token mandator

* lear

* Revert "lear"

This reverts commit 3028a42.

* Revert "changes read token mandator"

This reverts commit c12286b.

* fix mail

* fix credential service

* fix machine signature

* changed template

* fixed template

* updates in send mail

* changed title

* changed title 2

* chron fix

* Expired fix

* isExpiredAndNotAlreadyMarked method

* deleted test chron

* test cron 2 min

* fixed tests

* test logs

* fix isLearCredentialEmployeeMandatorOrganizationIdentifierAllowedSignerLEARCredentialMachine

* fix(VerifiableCredentialPolicyAuthorizationServiceImpl): remove mock and test logs

* fix changelog

* fix(CredentialIssuanceWorkflowImpl): use mandator name instead of default in email text

* changed template text

* Updates in EmailService

* fix tests and update las update

* fix sonar issues

* Hotifx/machine notification (#146)

* feat(CredentialProcedureServiceImpl): Add LEARCredentialMachine notification

* refactor(GlobalExceptionHandler) (#148)

* refactor(GlobalExceptionHandler): use GlobalErrorMessage following RFC 7807 criteria

* refactor: split global exception handler in an exception handler for each directory.

* remove unused exception handlers and the correponding exceptions

* remove unused exceptions

* refactor: convert error types to enum to avoid arch unit error

* enhance error types naming

* Hotfix/credential serialization exception (#151)

* handle credential serialization exception

* handle send PIN error

* change handleSadError for handleSadException

* refactor pipelines and naming (#159)

Co-authored-by: Oriol Canadés <[email protected]>

* refactor pipelines

* refactor pipelines 2

* Update pipelines

* update build.yml to push snapshot image when a PR to release/** is opened

* feature/refactor_securityFilters_2.x (#155)

* (issuer) [2.x] refactor securityConfig - update version

# Conflicts:
#	CHANGELOG.md
#	build.gradle

* (issuer) [2.x] refactor securityConfig

# Conflicts:
#	src/main/java/es/in2/issuer/backend/backoffice/infrastructure/config/security/CustomAuthenticationManager.java
#	src/main/java/es/in2/issuer/backend/backoffice/infrastructure/config/security/PublicCORSConfig.java
#	src/main/java/es/in2/issuer/backend/backoffice/infrastructure/config/security/SecurityConfig.java

* (issuer) [2.x] refactor securityConfig - la clase verifier en shelve a revisar -> configuración pasa a Custom (pendiente)

* (issuer) [2.x] refactor securityConfig - fixing cherrypick

* (issuer) [2.x] refactor securityConfig - update paths - CredentialProcedureController

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - NotificationController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - DeferredCredentialMetadataController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - DeferredCredentialMetadataController
+ fix security config

* (issuer) [2.x] refactor securityConfig - update paths - SignUnsignedCredentialController + CredentialSignerController
+ TODO para las /ops

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig retry signed test

* (issuer) [2.x] refactor securityConfig - update paths - securityConfig improved RemoteSignatureServiceImpl error handler

* (issuer) [2.x] refactor securityConfig - improved logs

* (issuer) [2.x] refactor securityConfig - restore release.yml

* (issuer) [2.x] refactor securityConfig - restore release.yml

* (issuer) [2.x] refactor securityConfig - review github fixes

* (issuer) [2.x] refactor securityConfig - review github fixes

* fix: remove CustomAuthenticationFilter from backofficeFilterChain

* test log

* remove test logs

* remove OID4VCI_CREDENTIAL_OFFER_PATH from custom authentication web filter

---------

Co-authored-by: Roger Miret <[email protected]>

* refactor: auth error handling (#168)

* fix build pipeline

* refactor CustomAuthenticationManager.authenticate to reduce cognitive complexity

* make credential status path public

* changed activate credential mail

* changed release.yml

* activation link added

* href fix

* changed template

* changed padding in template

* deleted release/** deploy

* Hotfix/restore machine organization identifier (#173)

* restore LEARCredentialMachine organizationIdentifier in mandator

* fix(CredentialSignerWorkflow): fix getting email and product id in retrySignUnsignedCredential

* refactor: sonar issues (remove unused imports, add todos, use primitive boolean expression in IssuerFactory, remove redundant eq in test, create CREDENTIALS_CONTEXT_V2 constant )

---------

Co-authored-by: roger <[email protected]>
Co-authored-by: albalh <[email protected]>
Co-authored-by: rubenmodamioin2 <[email protected]>
Co-authored-by: Oriol Canadés <[email protected]>
Co-authored-by: Oriol Canadés <[email protected]>
Co-authored-by: mmirrab <[email protected]>

Author: 6 people

.github/workflows/release.yml

@@ -1,4 +1,5 @@
 name: Release
+
 on:
   push:
     branches:
@@ -10,13 +11,18 @@ on:
 
 permissions:
   contents: write
+  packages: write
 
 jobs:
   release-snapshot:
     if: github.event_name == 'pull_request'
     name: Release Snapshot
+    concurrency:
+      group: docker-${{ github.head_ref || github.ref_name }}
+      cancel-in-progress: true
     runs-on: ubuntu-latest
     steps:
+
       - name: Checkout Repository
         uses: actions/checkout@v4
 
@@ -29,9 +35,17 @@ jobs:
       - name: Make Gradlew Executable
         run: chmod +x ./gradlew
 
+      - name: Get Project Name
+        id: project_name
+        run: echo "PROJECT_NAME=$(./gradlew -q properties | grep '^name:' | awk '{print $2}')" >> $GITHUB_ENV
+
       - name: Get Project Version
-        id: get_version
-        run: echo "VERSION=$(./gradlew -q printVersion)" >> $GITHUB_ENV
+        id: project_version
+        run: echo "VERSION=$(./gradlew -q properties | grep '^version:' | awk '{print $2}')" >> $GITHUB_ENV
+
+      - name: Compute PR-based snapshot suffix
+        if: github.event_name == 'pull_request'
+        run: echo "SNAPSHOT_SUFFIX=-pr-${{ github.event.number }}" >> $GITHUB_ENV
 
       - name: Check for existing release tag (only on PR)
         if: github.event_name == 'pull_request'
@@ -47,19 +61,45 @@ jobs:
             echo "No existing release with tag v$VERSION found. Proceeding with build."
           fi
 
-      - name: Build and Push docker image
-        run: |
-          PROJECT_NAME=$(./gradlew -q printProjectName)
-          IMAGE_TAG="$PROJECT_NAME:v$VERSION$SUFFIX"
-          docker build --file Dockerfile --build-arg SKIP_TESTS=true --tag $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG .
-          echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
-          docker push $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG
+      # Logins
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PAT }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build and Push docker image (DockerHub + ECR)
         env:
+          PROJECT_NAME: ${{ env.PROJECT_NAME }}
           VERSION: ${{ env.VERSION }}
-          SUFFIX: -snapshot
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
-          DOCKER_HUB_CLIENT_NAME: in2workspace
+          SNAPSHOT_SUFFIX: ${{ env.SNAPSHOT_SUFFIX }}
+          DOCKERHUB_ORG: ${{ secrets.DOCKERHUB_ORG }}
+          ECR_REGISTRY: ${{ steps.ecr.outputs.registry }}
+          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
+        run: |
+          set -euo pipefail
+          TAG="v${VERSION}${SNAPSHOT_SUFFIX}"
+          
+          DH_IMAGE="docker.io/${DOCKERHUB_ORG}/${PROJECT_NAME}:${TAG}"
+          ECR_IMAGE="${ECR_REGISTRY}/${ECR_REPOSITORY}:${TAG}"
+          
+          docker build -f Dockerfile --build-arg SKIP_TESTS=true -t "${DH_IMAGE}" .
+          docker tag "${DH_IMAGE}" "${ECR_IMAGE}"
+          
+          docker push "${DH_IMAGE}"
+          
+          docker push "${ECR_IMAGE}"
 
   release:
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -78,9 +118,13 @@ jobs:
       - name: Make Gradlew Executable
         run: chmod +x ./gradlew
 
+      - name: Get Project Name
+        id: project_name
+        run: echo "PROJECT_NAME=$(./gradlew -q properties | grep '^name:' | awk '{print $2}')" >> $GITHUB_ENV
+
       - name: Get Project Version
-        id: get_version
-        run: echo "VERSION=$(./gradlew -q printVersion)" >> $GITHUB_ENV
+        id: project_version
+        run: echo "VERSION=$(./gradlew -q properties | grep '^version:' | awk '{print $2}')" >> $GITHUB_ENV
 
       - name: Check for existing release tag (only on PR)
         if: github.event_name == 'pull_request'
@@ -96,18 +140,51 @@ jobs:
             echo "No existing release with tag v$VERSION found. Proceeding with build."
           fi
 
-      - name: Build and Push docker image
-        run: |
-          PROJECT_NAME=$(./gradlew -q printProjectName)
-          IMAGE_TAG="$PROJECT_NAME:v$VERSION"
-          docker build --file Dockerfile --build-arg SKIP_TESTS=true --tag $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG .
-          echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
-          docker push $DOCKER_HUB_CLIENT_NAME/$IMAGE_TAG
+      # Logins
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PAT }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Build and Push docker image (DockerHub + ECR)
         env:
+          PROJECT_NAME: ${{ env.PROJECT_NAME }}
           VERSION: ${{ env.VERSION }}
-          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-          DOCKER_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
-          DOCKER_HUB_CLIENT_NAME: in2workspace
+          DOCKERHUB_ORG: ${{ secrets.DOCKERHUB_ORG }}
+          ECR_REGISTRY: ${{ steps.ecr.outputs.registry }}
+          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
+        run: |
+          set -euo pipefail
+          TAG="v${VERSION}"
+
+          DH_IMAGE="docker.io/${DOCKERHUB_ORG}/${PROJECT_NAME}:${TAG}"
+          DH_LATEST="docker.io/${DOCKERHUB_ORG}/${PROJECT_NAME}:latest"
+
+          ECR_IMAGE="${ECR_REGISTRY}/${ECR_REPOSITORY}:${TAG}"
+          ECR_LATEST="${ECR_REGISTRY}/${ECR_REPOSITORY}:latest"
+
+          docker build -f Dockerfile --build-arg SKIP_TESTS=true -t "${DH_IMAGE}" .
+          docker tag "${DH_IMAGE}" "${DH_LATEST}"
+          docker tag "${DH_IMAGE}" "${ECR_IMAGE}"
+          docker tag "${DH_IMAGE}" "${ECR_LATEST}"
+
+          docker push "${DH_IMAGE}"
+          docker push "${DH_LATEST}"
+
+          docker push "${ECR_IMAGE}"
+          docker push "${ECR_LATEST}"
 
       - name: Create GitHub Release
         uses: actions/create-release@v1

CHANGELOG.md

@@ -4,9 +4,24 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [v1.7.1](https://github.com/in2workspace/in2-issuer-api/releases/tag/v1.7.1)Add commentMore actions
-### Fixed
-- Assign always default config. email to Issuer.
+## [v2.0.0](https://github.com/in2workspace/in2-issuer-api/releases/tag/v2.0.0)
+### Added
+- Label credential issuance.
+- LEARCredentialMachine issuance.
+- Sign access request.
+- Revocation endpoint.
+- Revoke and expired credential notification.
+- Handle error when sending PIN and when serializing credential.
+- Handle errors in security chains flow.
+
+### Changed
+- Adapt endpoints to oid4vci.
+- Refactor SecurityConfig credential issuer filters.
+- Standardize error handling to RFC 7807 across all endpoints.
+- Move GlobalExceptionHandler to shared module and add specific ControllerAdvice for each domain.
+- Remove unused exceptions.
+
+
 
 ## [v1.7.0](https://github.com/in2workspace/in2-issuer-api/releases/tag/v1.7.0)
 ### Added

build.gradle

@@ -11,7 +11,8 @@ plugins {
 }
 
 group = 'es.in2'
-version = '1.7.1'
+
+version = '2.0.0'
 
 java {
     sourceCompatibility = '17'
@@ -197,18 +198,6 @@ tasks.jacocoTestReport {
     }))
 }
 
-tasks.register('printVersion') {
-    doLast {
-        println version
-    }
-}
-
-tasks.register('printProjectName') {
-    doLast {
-        println rootProject.name
-    }
-}
-
 def isNonStable = { String version ->
     def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { it -> version.toUpperCase().contains(it) }
     def regex = /^[0-9,.v-]+(-r)?$/
@@ -219,4 +208,4 @@ tasks.named("dependencyUpdates").configure {
     rejectVersionIf {
         isNonStable(it.candidate.version)
     }
-}
+}

settings.gradle

@@ -1 +1 @@
-rootProject.name = 'in2-issuer-backend'
+rootProject.name = 'eudistack-issuer-api'

src/main/java/es/in2/issuer/backend/backoffice/application/workflow/CredentialStatusWorkflow.java

@@ -0,0 +1,10 @@
+package es.in2.issuer.backend.backoffice.application.workflow;
+
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+public interface CredentialStatusWorkflow {
+    Flux<String> getCredentialsByListId(String processId, int listId);
+
+    Mono<Void> revokeCredential(String processId, String bearerToken, String credentialId, int listId);
+}

src/main/java/es/in2/issuer/backend/backoffice/application/workflow/impl/ActivationCodeWorkflowImpl.java

@@ -48,19 +48,14 @@ private Mono<CredentialOfferUriResponse> buildCredentialOfferUriInternal(String
                                                                         transactionCode,
                                                                         preAuthorizedCodeResponse.grants().preAuthorizedCode()
                                                                 )
-                                                                .then(
-                                                                        credentialProcedureService.getMandateeEmailFromDecodedCredentialByProcedureId(procedureId)
-                                                                )
-                                                                .flatMap(email ->
-                                                                        credentialOfferService.buildCustomCredentialOffer(
-                                                                                        credentialProcedure.getCredentialType(),
-                                                                                        preAuthorizedCodeResponse.grants(),
-                                                                                        email,
-                                                                                        preAuthorizedCodeResponse.pin()
-                                                                                )
-                                                                                .flatMap(credentialOfferCacheRepository::saveCustomCredentialOffer)
-                                                                                .flatMap(credentialOfferService::createCredentialOfferUriResponse)
-                                                                )
+                                                                .then(Mono.defer(() -> credentialOfferService.buildCustomCredentialOffer(
+                                                                                credentialProcedure.getCredentialType(),
+                                                                                preAuthorizedCodeResponse.grants(),
+                                                                                credentialProcedure.getOwnerEmail(),
+                                                                                preAuthorizedCodeResponse.pin()
+                                                                        )
+                                                                        .flatMap(credentialOfferCacheRepository::saveCustomCredentialOffer)
+                                                                        .flatMap(credentialOfferService::createCredentialOfferUriResponse)))
                                                 )
                                                 .flatMap(credentialOfferUri ->
                                                         deferredCredentialMetadataService.updateCacheStoreForCTransactionCode(transactionCode)

src/main/java/es/in2/issuer/backend/backoffice/application/workflow/impl/CredentialStatusWorkflowImpl.java

@@ -0,0 +1,102 @@
+package es.in2.issuer.backend.backoffice.application.workflow.impl;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import es.in2.issuer.backend.backoffice.application.workflow.CredentialStatusWorkflow;
+import es.in2.issuer.backend.backoffice.domain.service.CredentialStatusAuthorizationService;
+import es.in2.issuer.backend.backoffice.domain.service.CredentialStatusService;
+import es.in2.issuer.backend.backoffice.domain.exception.InvalidStatusException;
+import es.in2.issuer.backend.shared.domain.model.dto.credential.CredentialStatus;
+import es.in2.issuer.backend.shared.domain.model.entities.CredentialProcedure;
+import es.in2.issuer.backend.shared.domain.model.enums.CredentialStatusEnum;
+import es.in2.issuer.backend.shared.domain.service.AccessTokenService;
+import es.in2.issuer.backend.shared.domain.service.CredentialProcedureService;
+import es.in2.issuer.backend.shared.domain.service.EmailService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import reactor.core.publisher.Flux;
+import reactor.core.publisher.Mono;
+
+import static es.in2.issuer.backend.shared.domain.model.enums.CredentialStatusEnum.*;
+
+
+@Slf4j
+@Service
+@RequiredArgsConstructor
+public class CredentialStatusWorkflowImpl implements CredentialStatusWorkflow {
+
+    private final CredentialStatusService credentialStatusService;
+    private final AccessTokenService accessTokenService;
+    private final CredentialStatusAuthorizationService credentialStatusAuthorizationService;
+    private final CredentialProcedureService credentialProcedureService;
+    private final ObjectMapper objectMapper;
+    private final EmailService emailService;
+
+    @Override
+    public Flux<String> getCredentialsByListId(String processId, int listId) {
+        return credentialStatusService.getCredentialsByListId(listId)
+                .doFirst(() -> log.debug("Process ID: {} - Getting Credentials Status...", processId))
+                .doOnComplete(() -> log.debug(
+                        "Process ID: {} - All Credential Status retrieved successfully.",
+                        processId));
+    }
+
+    @Override
+    public Mono<Void> revokeCredential(String processId, String bearerToken, String credentialId, int listId) {
+        return accessTokenService.getCleanBearerToken(bearerToken)
+                .flatMap(token -> credentialStatusAuthorizationService.authorize(processId, token, credentialId)
+                        .then(credentialProcedureService.getCredentialByCredentialId(credentialId))
+                )
+                .flatMap(credential -> validateStatus(credential.getCredentialStatus())
+                        .thenReturn(credential)
+                )
+                .flatMap(credential -> Mono.just(credential.getCredentialDecoded())
+                .flatMap(decodedCredential -> {
+                    JsonNode credentialStatusNode;
+                    try {
+                        credentialStatusNode = objectMapper.readTree(decodedCredential).get("credentialStatus");
+                    } catch (JsonProcessingException e) {
+                        return Mono.error(new JsonParseException("Error processing credential status json"));
+                    }
+                    CredentialStatus credentialStatus = mapToCredentialStatus(credentialStatusNode);
+                    return revokeAndUpdateCredentialStatus(credential, processId, credentialId, listId, credentialStatus);
+                }));
+
+    }
+    private CredentialStatus mapToCredentialStatus(JsonNode credentialStatusNode) {
+        return CredentialStatus.builder()
+                .id(credentialStatusNode.get("id").asText())
+                .type(credentialStatusNode.get("type").asText())
+                .statusPurpose(credentialStatusNode.get("statusPurpose").asText())
+                .statusListIndex(credentialStatusNode.get("statusListIndex").asText())
+                .statusListCredential(credentialStatusNode.get("statusListCredential").asText())
+                .build();
+    }
+
+    private Mono<Void> revokeAndUpdateCredentialStatus(CredentialProcedure credentialProcedure, String processId, String credentialId, int listId, CredentialStatus credentialStatus) {
+        return credentialStatusService.revokeCredential(listId, credentialStatus)
+                .then(credentialProcedureService.updateCredentialProcedureCredentialStatusToRevoke(credentialProcedure))
+                .doFirst(() -> log.debug(
+                        "Process ID: {} - Revoking Credential with ID: {}",
+                        processId,
+                        credentialId))
+                .then(emailService.notifyIfCredentialStatusChanges(credentialProcedure, REVOKED.toString()))
+                .doOnSuccess(
+                        aVoid -> log.debug(
+                        "Process ID: {} - Credential with ID: {} revoked successfully.",
+                        processId,
+                        credentialId));
+    }
+
+    private Mono<Void> validateStatus(CredentialStatusEnum credentialStatus) {
+        if (credentialStatus.equals(CredentialStatusEnum.VALID)) {
+            return Mono.empty();
+        } else {
+            return Mono.error(new InvalidStatusException(
+                    "Invalid status: " + credentialStatus));
+        }
+    }
+}