diff --git a/.github/workflows/initdb.yml b/.github/workflows/initdb.yml index 1116eb4d..e12cc933 100644 --- a/.github/workflows/initdb.yml +++ b/.github/workflows/initdb.yml @@ -36,18 +36,27 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - uses: madhead/read-java-properties@latest + id: version + with: + file: gradle.properties + property: version + default: 0.0.1 + + - name: Set App Version + run: echo "APP_VERSION=${{ steps.version.outputs.value }}" >> $GITHUB_ENV + - name: Extract Metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v3 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # Build and push KeyCloak custom images for central and shared idp instances - - name: 'Build images' + - name: 'Build and push initdb Docker image' uses: docker/build-push-action@v2 with: context: . file: docker/Dockerfile.import push: true - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }} labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file diff --git a/README.md b/README.md index 7f79583f..5923e88f 100644 --- a/README.md +++ b/README.md @@ -297,14 +297,22 @@ docker run --env-file .env.docker -p 8080:8080 catena-x/managed-identity-wallets --from-literal=cx-auth-client-secret='' kubectl -n managed-identity-wallets create secret generic catenax-managed-identity-wallets-acapy-secrets \ - --from-literal=acapy-wallet-key='' \ - --from-literal=acapy-agent-wallet-seed='' \ - --from-literal=acapy-jwt-secret='' \ - --from-literal=acapy-db-account='postgres' \ - --from-literal=acapy-db-password='' \ - --from-literal=acapy-db-admin='postgres' \ - --from-literal=acapy-db-admin-password='' \ - --from-literal=acapy-admin-api-key='' + --from-literal=acapy-endorser-wallet-key='' \ + --from-literal=acapy-endorser-agent-wallet-seed='' \ + --from-literal=acapy-endorser-jwt-secret='' \ + --from-literal=acapy-endorser-db-account='postgres' \ + --from-literal=acapy-endorser-db-password='' \ + --from-literal=acapy-endorser-db-admin='postgres' \ + --from-literal=acapy-endorser-db-admin-password='' \ + --from-literal=acapy-endorser-admin-api-key='' \ + --from-literal=acapy-mt-wallet-key='' \ + --from-literal=acapy-mt-agent-wallet-seed='' \ + --from-literal=acapy-mt-jwt-secret='' \ + --from-literal=acapy-mt-db-account='postgres' \ + --from-literal=acapy-mt-db-password='' \ + --from-literal=acapy-mt-db-admin='postgres' \ + --from-literal=acapy-mt-db-admin-password='' \ + --from-literal=acapy-mt-admin-api-key='' kubectl -n managed-identity-wallets create secret generic postgres-acapy-secret-config \ --from-literal=password='' \ @@ -433,6 +441,16 @@ excluded. Also their interfaces need to be excluded because they have a `Application.kt` which are tested or simulated indirectly for example using `withTestApplication` should also be excluded. + +## Helm Documentation +The `./charts/README.md` is autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) + +To regenerate the README.md after updating `values.yaml` or `Chart.yaml` run + +``` +helm-docs --sort-values-order file +``` + ## Dashboard Within `ui-src` a simple Vue based dashboard application is available diff --git a/build.gradle.kts b/build.gradle.kts index 2a36a673..5aeab9e3 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -60,7 +60,7 @@ dependencies { implementation("io.bkbn:kompendium-core:$kompendium_version") implementation("io.bkbn:kompendium-auth:$kompendium_version") - implementation("org.postgresql:postgresql:42.4.1") + implementation("org.postgresql:postgresql:42.5.1") implementation("org.xerial:sqlite-jdbc:3.36.0.3") // for now: using kotlinx.serialization diff --git a/charts/chart-testing-config.yaml b/charts/chart-testing-config.yaml index 0e182b74..8fefdda2 100644 --- a/charts/chart-testing-config.yaml +++ b/charts/chart-testing-config.yaml @@ -1,3 +1,3 @@ validate-maintainers: false chart-repos: - - bitnami=https://charts.bitnami.com/bitnami \ No newline at end of file + - bitnami=https://charts.bitnami.com/bitnami diff --git a/charts/managed-identity-wallets/Chart.yaml b/charts/managed-identity-wallets/Chart.yaml index 329a67a2..c40eac5d 100644 --- a/charts/managed-identity-wallets/Chart.yaml +++ b/charts/managed-identity-wallets/Chart.yaml @@ -15,8 +15,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.19 -appVersion: 2.1.0 +version: 0.6.3 +appVersion: 3.0.0 dependencies: - name: postgresql diff --git a/charts/managed-identity-wallets/README.md b/charts/managed-identity-wallets/README.md new file mode 100644 index 00000000..d48db650 --- /dev/null +++ b/charts/managed-identity-wallets/README.md @@ -0,0 +1,116 @@ +# managed-identity-wallets + +![Version: 0.6.3](https://img.shields.io/badge/Version-0.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) + +Managed Identity Wallets Service + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | acapypostgresql(postgresql) | 11.x.x | +| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 11.x.x | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| auth.realm | string | `"CX-Central"` | The realm name in Keycloak | +| auth.role | string | `"add_wallets"` | The main role in MIW | +| auth.roleMappings | string | `"create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet"` | The role mapping in MIW | +| auth.resourceId | string | `"Cl5-CX-Custodian"` | The resource Id in Keycloak | +| image.name | string | `"catenax-ng/tx-managed-identity-wallets_service"` | | +| image.registry | string | `"ghcr.io"` | | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| image.secret | string | `"acr-credentials"` | | +| allowEmptyPassword | string | `"\"yes\""` | | +| db.jdbcDriver | string | `"org.postgresql.Driver"` | Database driver to use | +| namespace | string | `"managed-identity-wallets"` | | +| logging.exposed | string | `"INFO"` | | +| wallet.baseWalletBpn | string | `""` | The BPN of the base wallet | +| wallet.baseWalletShortDid | string | `""` | The short DID of the base wallet. It can be created with its verkey as described in https://github.com/eclipse-tractusx/managed-identity-wallets#integrate-with-an-write-restricted-indy-ledger. It should be registered on the Indy ledger with role endorser. | +| wallet.baseWalletVerkey | string | `""` | The verkey (public key) of the base wallet | +| wallet.baseWalletName | string | `""` | The name of the base wallet | +| revocation.refreshHour | string | `"3"` | At which hour (24-hour clock) the cron job should issue/update status-list credentials | +| revocation.revocationServiceUrl | string | `"http://localhost:8086"` | The url of the revocation service | +| revocationService.imageName | string | `"registry.gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/revocation"` | | +| revocationService.tag | string | `"1.0.0-SNAPSHOT-quarkus-2.10.2.Final-java17"` | | +| revocationService.port | string | `"8086"` | | +| revocationService.httpAccessLog | bool | `true` | | +| revocationService.minIssueInterval | string | `"2"` | Issuance cache interval | +| revocationService.baseUrlForCredentialList | string | `"https//localhost:8080/api/credentials/"` | The the endpoint in MIW at which status credentials can be issued | +| revocationService.clientIssuanceApiUrl | string | `"http://localhost:8080"` | The url at which the MIW is reachable | +| acapy.imageName | string | `"bcgovimages/aries-cloudagent"` | | +| acapy.tag | string | `"py36-1.16-1_0.7.5"` | | +| acapy.endorser.ledgerUrl | string | `"https://idu.cloudcompass.ca"` | The url of the used Indy ledger | +| acapy.endorser.label | string | `"CatenaXIssuer"` | The label of the instance | +| acapy.endorser.logLevel | string | `"INFO"` | | +| acapy.endorser.networkIdentifier | string | `"idunion:test"` | The network identifier of the used Indy ledger | +| acapy.endorser.databaseHost | string | `"acapypostgresql"` | The host of the used database | +| acapy.endorser.endpointPort | string | `"8000"` | The port at which the wallet is reachable | +| acapy.endorser.adminPort | string | `"11000"` | The port at which the admin API is reachable | +| acapy.endorser.adminUrl | string | `"http://localhost:11000"` | The url of the admin API | +| acapy.endorser.secret.apikey | string | `"0"` | The API key of the admin endpoints. It must be a random and secure string | +| acapy.endorser.secret.walletseed | string | `"0"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) | +| acapy.endorser.secret.dbaccount | string | `"postgres"` | | +| acapy.endorser.secret.dbadminuser | string | `"postgres"` | | +| acapy.endorser.secret.dbadminpassword | string | `"postgres"` | | +| acapy.endorser.secret.dbpassword | string | `"postgres"` | | +| acapy.endorser.secret.jwtsecret | string | `"0"` | | +| acapy.endorser.secret.walletkey | string | `"0"` | | +| acapy.mt.ledgerUrl | string | `"https://idu.cloudcompass.ca"` | The url of the used Indy ledger | +| acapy.mt.label | string | `"CatenaXIssuer"` | The label of the instance | +| acapy.mt.logLevel | string | `"INFO"` | | +| acapy.mt.networkIdentifier | string | `"idunion:test"` | The network identifier of the used Indy ledger | +| acapy.mt.databaseHost | string | `"acapypostgresql"` | | +| acapy.mt.endpointPort | string | `"8003"` | The port at which the sub-wallets are reachable | +| acapy.mt.adminPort | string | `"11003"` | The port at which the admin API is reachable | +| acapy.mt.adminUrl | string | `"http://localhost:11003"` | The url of the admin API | +| acapy.mt.endorserPublicDid | string | `"ShortDIDPlaceholderX"` | The short DID of the base wallet | +| acapy.mt.webhookUrl | string | `"http://localhost:8080/webhook"` | The url at which events are sent. It should be the webhook endpoint in MIW | +| acapy.mt.secret.apikey | string | `"0"` | The API-Key of the admin endpoints. It must be a random and secure string | +| acapy.mt.secret.walletseed | string | `"0"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) | +| acapy.mt.secret.dbaccount | string | `"postgres"` | | +| acapy.mt.secret.dbadminuser | string | `"postgres"` | | +| acapy.mt.secret.dbadminpassword | string | `"postgres"` | | +| acapy.mt.secret.dbpassword | string | `"postgres"` | | +| acapy.mt.secret.jwtsecret | string | `"0"` | | +| acapy.mt.secret.walletkey | string | `"0"` | | +| ingress.enabled | bool | `false` | | +| acapypostgresql.enabled | bool | `true` | | +| acapypostgresql.auth.existingSecret | string | `"product-managed-identity-wallets-acapypostgresql"` | | +| acapypostgresql.secret.password | string | `"postgres"` | | +| acapypostgresql.secret.postgrespassword | string | `"postgres"` | | +| acapypostgresql.secret.user | string | `"postgres"` | | +| postgresql.enabled | bool | `true` | | +| postgresql.auth.existingSecret | string | `"product-managed-identity-wallets-postgresql"` | | +| postgresql.primary.extraVolumeMounts[0].name | string | `"initdb"` | | +| postgresql.primary.extraVolumeMounts[0].mountPath | string | `"/docker-entrypoint-initdb.d"` | | +| postgresql.primary.extraVolumes[0].name | string | `"initdb"` | | +| postgresql.primary.extraVolumes[0].emptyDir | object | `{}` | | +| postgresql.primary.initContainers[0].name | string | `"initdb"` | | +| postgresql.primary.initContainers[0].image | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_initdb:3.0.0"` | The image is built and used to initialize the database of MIW. The tag must equal the appVersion in Chart.yaml | +| postgresql.primary.initContainers[0].imagePullPolicy | string | `"Always"` | | +| postgresql.primary.initContainers[0].command[0] | string | `"sh"` | | +| postgresql.primary.initContainers[0].args[0] | string | `"-c"` | | +| postgresql.primary.initContainers[0].args[1] | string | `"echo \"Copying initdb sqls...\"\ncp -R /initdb/* /docker-entrypoint-initdb.d\n"` | | +| postgresql.primary.initContainers[0].volumeMounts[0].name | string | `"initdb"` | | +| postgresql.primary.initContainers[0].volumeMounts[0].mountPath | string | `"/docker-entrypoint-initdb.d"` | | +| postgresql.secret.password | string | `"postgres"` | | +| postgresql.secret.postgrespassword | string | `"postgres"` | | +| postgresql.secret.user | string | `"postgres"` | | +| datapool.grantType | string | `"client_credentials"` | | +| datapool.scope | string | `"openid"` | | +| datapool.refreshHour | string | `"23"` | At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool | +| datapool.url | string | `""` | Url at which the API of BPDM is reachable | +| datapool.authUrl | string | `""` | IAM url to get the access token for BPDM data pool endpoint | +| managedIdentityWallets.secret.jdbcurl | string | `"jdbc:postgresql://postgresql:5432/postgres?user=postgres&password=postgres"` | Database connection string to the Postgres database of MIW | +| managedIdentityWallets.secret.authclientid | string | `"clientid"` | It can be extracted from Keycloak | +| managedIdentityWallets.secret.authclientsecret | string | `"client"` | It can be extracted from Keycloak | +| managedIdentityWallets.secret.bpdmauthclientid | string | `"clientid"` | client id for accessing the BPDM data pool endpoint | +| managedIdentityWallets.secret.bpdmauthclientsecret | string | `"client"` | client secret for accessing the BPDM data pool endpoint | +| certificate.host | string | `"localhost"` | | +| isLocal | bool | `false` | Deployment on Kubernetes on local device | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/managed-identity-wallets/templates/deployment.yaml b/charts/managed-identity-wallets/templates/deployment.yaml index d0733558..86a47f6c 100644 --- a/charts/managed-identity-wallets/templates/deployment.yaml +++ b/charts/managed-identity-wallets/templates/deployment.yaml @@ -82,17 +82,30 @@ spec: value: {{ .Values.datapool.authUrl }} - name: BPDM_PULL_DATA_AT_HOUR value: {{ .Values.datapool.refreshHour | quote }} - - name: ACAPY_API_ADMIN_URL - value: {{ .Values.acapy.adminUrl }} - name: ACAPY_NETWORK_IDENTIFIER - value: {{ .Values.acapy.networkIdentifier }} + value: {{ .Values.acapy.networkIdentifier }} + - name: ACAPY_API_ADMIN_URL + value: {{ .Values.acapy.mt.adminUrl }} - name: ACAPY_ADMIN_API_KEY valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-admin-api-key + key: acapy-mt-admin-api-key + - name: ACAPY_BASE_WALLET_API_ADMIN_URL + value: {{ .Values.acapy.endorser.adminUrl }} + - name: ACAPY_BASE_WALLET_ADMIN_API_KEY + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-admin-api-key - name: CX_BPN value: {{ .Values.wallet.baseWalletBpn }} + - name: CX_SHORT_DID + value: {{ .Values.wallet.baseWalletShortDid }} + - name: CX_VERKEY + value: {{ .Values.wallet.baseWalletVerkey }} + - name: CX_NAME + value: {{ .Values.wallet.baseWalletName }} - name: REVOCATION_URL value: {{ .Values.revocation.revocationServiceUrl }} - name: REVOCATION_CREATE_STATUS_LIST_CREDENTIAL_AT_HOUR @@ -134,67 +147,165 @@ spec: memory: 256Mi ports: - containerPort: 8086 - - name: catenax-acapy + - name: catenax-endorser-acapy + image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }} + env: + - name: WALLET_KEY + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-wallet-key + - name: AGENT_WALLET_SEED + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-agent-wallet-seed + - name: LEDGER_URL + value: {{ .Values.acapy.endorser.ledgerUrl }} + - name: LABEL + value: {{ .Values.acapy.endorser.label }} + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-jwt-secret + - name: ACAPY_ADMIN_API_KEY + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-admin-api-key + - name: LOG_LEVEL + value: {{ .Values.acapy.endorser.logLevel }} + - name: ACAPY_ENDPOINT_PORT + value: {{ .Values.acapy.endorser.endpointPort | quote }} + - name: ACAPY_ENDPOINT_URL + value: {{ .Values.acapy.endorser.endpointUrl }} + - name: ACAPY_ADMIN_PORT + value: {{ .Values.acapy.endorser.adminPort | quote }} + - name: DB_HOST + {{- if .Values.acapypostgresql.enabled }} + value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }} + {{- else }} + value: {{ .Values.acapy.endorser.databaseHost }} + {{- end }} + - name: DB_ACCOUNT + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-db-account + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-db-password + - name: DB_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-db-admin + - name: DB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallets.fullname" . }}-acapy + key: acapy-endorser-db-admin-password + resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 250m + memory: 256Mi + ports: + - containerPort: 8000 + command: ["/bin/bash"] + args: ["-c", "aca-py start \ + -e $(ACAPY_ENDPOINT_URL) \ + --auto-provision \ + --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \ + --outbound-transport http \ + --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \ + --wallet-name AcapyCatenaXEndorserWallet \ + --wallet-type askar \ + --wallet-key $(WALLET_KEY) \ + --wallet-storage-type postgres_storage + --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}' + --wallet-storage-creds '{\"account\":\"$(DB_ACCOUNT)\",\"password\":\"$(DB_PASSWORD)\",\"admin_account\":\"$(DB_ADMIN_USER)\",\"admin_password\":\"$(DB_ADMIN_PASSWORD)\"}' + --seed $(AGENT_WALLET_SEED) \ + --genesis-url $(LEDGER_URL)/genesis \ + --label $(LABEL) \ + --admin-api-key $(ACAPY_ADMIN_API_KEY) \ + --auto-ping-connection \ + --jwt-secret $(JWT_SECRET) \ + --public-invites \ + --endorser-protocol-role endorser \ + --auto-endorse-transactions \ + --log-level $(LOG_LEVEL)" + ] + - name: catenax-mt-acapy image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }} env: - name: WALLET_KEY valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-wallet-key + key: acapy-mt-wallet-key - name: AGENT_WALLET_SEED valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-agent-wallet-seed + key: acapy-mt-agent-wallet-seed - name: LEDGER_URL - value: {{ .Values.acapy.ledgerUrl }} + value: {{ .Values.acapy.mt.ledgerUrl }} - name: LABEL - value: {{ .Values.acapy.label }} + value: {{ .Values.acapy.mt.label }} - name: JWT_SECRET valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-jwt-secret + key: acapy-mt-jwt-secret - name: ACAPY_ADMIN_API_KEY valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-admin-api-key + key: acapy-mt-admin-api-key - name: LOG_LEVEL - value: {{ .Values.acapy.logLevel }} + value: {{ .Values.acapy.mt.logLevel }} - name: ACAPY_ENDPOINT_PORT - value: {{ .Values.acapy.endpointPort | quote }} + value: {{ .Values.acapy.mt.endpointPort | quote }} - name: ACAPY_ENDPOINT_URL - value: {{ .Values.acapy.endpointUrl }} + value: {{ .Values.acapy.mt.endpointUrl }} - name: ACAPY_ADMIN_PORT - value: {{ .Values.acapy.adminPort | quote }} + value: {{ .Values.acapy.mt.adminPort | quote }} - name: DB_HOST {{- if .Values.acapypostgresql.enabled }} value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }} {{- else }} - value: {{ .Values.acapy.databaseHost }} + value: {{ .Values.acapy.mt.databaseHost }} {{- end }} - name: DB_ACCOUNT valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-db-account + key: acapy-mt-db-account - name: DB_PASSWORD valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-db-password + key: acapy-mt-db-password - name: DB_ADMIN_USER valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-db-admin + key: acapy-mt-db-admin - name: DB_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-db-admin-password + key: acapy-mt-db-admin-password + - name: ACAPY_ENDORSER_PUBLIC_DID + value: {{ .Values.acapy.mt.endorserPublicDid }} + - name: ACAPY_WEBHOOK_URL + value: {{ .Values.acapy.mt.webhookUrl }} resources: requests: cpu: 100m @@ -202,6 +313,8 @@ spec: limits: cpu: 250m memory: 256Mi + ports: + - containerPort: 8003 command: ["/bin/bash"] args: ["-c", "aca-py start \ -e $(ACAPY_ENDPOINT_URL) \ @@ -209,8 +322,8 @@ spec: --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \ --outbound-transport http \ --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \ - --wallet-name AcapyCatenaX \ - --wallet-type indy \ + --wallet-name AcapyCatenaXManagedWallet \ + --wallet-type askar \ --wallet-key $(WALLET_KEY) \ --wallet-storage-type postgres_storage --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}' @@ -223,5 +336,13 @@ spec: --jwt-secret $(JWT_SECRET) \ --multitenant \ --multitenant-admin \ + --public-invites \ + --webhook-url $(ACAPY_WEBHOOK_URL) \ + --endorser-protocol-role author \ + --endorser-alias endorser \ + --endorser-public-did $(ACAPY_ENDORSER_PUBLIC_DID) \ + --auto-request-endorsement \ + --auto-write-transactions \ + --auto-promote-author-did \ --log-level $(LOG_LEVEL)" ] diff --git a/charts/managed-identity-wallets/templates/ingress.yaml b/charts/managed-identity-wallets/templates/ingress.yaml index f6c4cff6..2b98fc91 100644 --- a/charts/managed-identity-wallets/templates/ingress.yaml +++ b/charts/managed-identity-wallets/templates/ingress.yaml @@ -15,7 +15,12 @@ metadata: location ~* /list-credential/ { deny all; return 403; - } + } + + location ~* /webhook/topic/ { + deny all; + return 403; + } # If you encounter a redirect loop or are getting a 307 response code # then you need to force the nginx ingress to connect to the backend using HTTPS. @@ -23,6 +28,26 @@ metadata: # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: rules: + - host: {{ .Values.certificate.host }} + http: + paths: + - path: /didcomm-base + pathType: Exact + backend: + service: + name: catenax-managed-identity-wallets-acapy-base + port: + number: 8000 + - host: {{ .Values.certificate.host }} + http: + paths: + - path: /didcomm-managed-wallets + pathType: Exact + backend: + service: + name: catenax-managed-identity-wallets-acapy-mt + port: + number: 8003 - host: {{ .Values.certificate.host }} http: paths: @@ -37,4 +62,4 @@ spec: - hosts: - {{ .Values.certificate.host }} secretName: tls-secret -{{- end}} \ No newline at end of file +{{- end}} diff --git a/charts/managed-identity-wallets/templates/secrets.yaml b/charts/managed-identity-wallets/templates/secrets.yaml index 07afd2a4..8e15b828 100644 --- a/charts/managed-identity-wallets/templates/secrets.yaml +++ b/charts/managed-identity-wallets/templates/secrets.yaml @@ -6,14 +6,22 @@ metadata: namespace: {{ .Release.Namespace }} type: Opaque stringData: - acapy-admin-api-key: {{ .Values.acapy.secret.apikey | quote }} - acapy-agent-wallet-seed: {{ .Values.acapy.secret.walletseed | quote }} - acapy-db-account: {{ .Values.acapy.secret.dbaccount | quote }} - acapy-db-admin: {{ .Values.acapy.secret.dbadminuser | quote }} - acapy-db-admin-password: {{ .Values.acapy.secret.dbadminpassword | quote }} - acapy-db-password: {{ .Values.acapy.secret.dbpassword | quote }} - acapy-jwt-secret: {{ .Values.acapy.secret.jwtsecret | quote }} - acapy-wallet-key: {{ .Values.acapy.secret.walletkey | quote }} + acapy-endorser-admin-api-key: {{ .Values.acapy.endorser.secret.apikey | quote }} + acapy-endorser-agent-wallet-seed: {{ .Values.acapy.endorser.secret.walletseed | quote }} + acapy-endorser-db-account: {{ .Values.acapy.endorser.secret.dbaccount | quote }} + acapy-endorser-db-admin: {{ .Values.acapy.endorser.secret.dbadminuser | quote }} + acapy-endorser-db-admin-password: {{ .Values.acapy.endorser.secret.dbadminpassword | quote }} + acapy-endorser-db-password: {{ .Values.acapy.endorser.secret.dbpassword | quote }} + acapy-endorser-jwt-secret: {{ .Values.acapy.endorser.secret.jwtsecret | quote }} + acapy-endorser-wallet-key: {{ .Values.acapy.endorser.secret.walletkey | quote }} + acapy-mt-admin-api-key: {{ .Values.acapy.mt.secret.apikey | quote }} + acapy-mt-agent-wallet-seed: {{ .Values.acapy.mt.secret.walletseed | quote }} + acapy-mt-db-account: {{ .Values.acapy.mt.secret.dbaccount | quote }} + acapy-mt-db-admin: {{ .Values.acapy.mt.secret.dbadminuser | quote }} + acapy-mt-db-admin-password: {{ .Values.acapy.mt.secret.dbadminpassword | quote }} + acapy-mt-db-password: {{ .Values.acapy.mt.secret.dbpassword | quote }} + acapy-mt-jwt-secret: {{ .Values.acapy.mt.secret.jwtsecret | quote }} + acapy-mt-wallet-key: {{ .Values.acapy.mt.secret.walletkey | quote }} {{- end}} {{- if not .Values.isLocal }} --- diff --git a/charts/managed-identity-wallets/templates/service.yaml b/charts/managed-identity-wallets/templates/service.yaml index 13e1fb36..4ed4373c 100644 --- a/charts/managed-identity-wallets/templates/service.yaml +++ b/charts/managed-identity-wallets/templates/service.yaml @@ -9,3 +9,25 @@ spec: - port: 8080 selector: {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: catenax-managed-identity-wallets-acapy-base +spec: + type: ClusterIP + ports: + - port: 8000 + selector: + {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: catenax-managed-identity-wallets-acapy-mt +spec: + type: ClusterIP + ports: + - port: 8003 + selector: + {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} diff --git a/charts/managed-identity-wallets/values-beta.yaml b/charts/managed-identity-wallets/values-beta.yaml index 254a2288..6012339a 100644 --- a/charts/managed-identity-wallets/values-beta.yaml +++ b/charts/managed-identity-wallets/values-beta.yaml @@ -41,4 +41,4 @@ acapypostgresql: secret: password: postgrespassword: - user: \ No newline at end of file + user: diff --git a/charts/managed-identity-wallets/values-dev.yaml b/charts/managed-identity-wallets/values-dev.yaml index 18b9c99c..5147e4d0 100644 --- a/charts/managed-identity-wallets/values-dev.yaml +++ b/charts/managed-identity-wallets/values-dev.yaml @@ -2,8 +2,11 @@ auth: jwksUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" issuerUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central" redirectUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/callback" -image: - tag: "latest-develop" +wallet: + baseWalletBpn: "BPNL000000000000" + baseWalletShortDid: "MhLrwtKpZhNCzazMeofPQH" + baseWalletVerkey: "CHEC4PRQmP73A9UD7vQ6tnLAm9aoXLPhEtnGSMiAyVZj" + baseWalletName: "Catena-X-Dev" datapool: url: "https://partners-pool.dev.demo.catena-x.net" authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" @@ -15,18 +18,33 @@ ingress: certificate: host: "managed-identity-wallets.dev.demo.catena-x.net" acapy: - logLevel: "DEBUG" - ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io" - endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net:8000/" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: + endorser: + logLevel: "DEBUG" + ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io" + endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-base" + secret: + apikey: + walletseed: + dbaccount: + dbadminuser: + dbadminpassword: + dbpassword: + jwtsecret: + walletkey: + mt: + logLevel: "DEBUG" + ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io" + endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-managed-wallets" + endorserPublicDid: "MhLrwtKpZhNCzazMeofPQH" + secret: + apikey: + walletseed: + dbaccount: + dbadminuser: + dbadminpassword: + dbpassword: + jwtsecret: + walletkey: managedIdentityWallets: secret: jdbcurl: @@ -36,11 +54,11 @@ managedIdentityWallets: bpdmauthclientsecret: postgresql: secret: - password: - postgrespassword: - user: + password: + postgrespassword: + user: acapypostgresql: secret: - password: - postgrespassword: - user: \ No newline at end of file + password: + postgrespassword: + user: diff --git a/charts/managed-identity-wallets/values-int.yaml b/charts/managed-identity-wallets/values-int.yaml index 7cb47520..96b519f2 100644 --- a/charts/managed-identity-wallets/values-int.yaml +++ b/charts/managed-identity-wallets/values-int.yaml @@ -2,6 +2,11 @@ auth: jwksUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" issuerUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central" redirectUrl: "https://managed-identity-wallets.int.demo.catena-x.net/callback" +wallet: + baseWalletBpn: "BPNL000000000000" + baseWalletShortDid: "2xcjN7LjnHGaPdZbbGqju5" + baseWalletVerkey: "24vdNRCEY5Pswwv3XhbVSccbZA5r4ybxnYVGw3Q6WZjL" + baseWalletName: "Catena-X-Int" datapool: url: "https://partners-pool.int.demo.catena-x.net" authUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" @@ -13,17 +18,29 @@ ingress: certificate: host: "managed-identity-wallets.int.demo.catena-x.net" acapy: - endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net:8000/" - adminUrl: "http://localhost:11000" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: + endorser: + endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-base" + secret: + apikey: + walletseed: + dbaccount: + dbadminuser: + dbadminpassword: + dbpassword: + jwtsecret: + walletkey: + mt: + endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-managed-wallets" + endorserPublicDid: "2xcjN7LjnHGaPdZbbGqju5" + secret: + apikey: + walletseed: + dbaccount: + dbadminuser: + dbadminpassword: + dbpassword: + jwtsecret: + walletkey: managedIdentityWallets: secret: jdbcurl: diff --git a/charts/managed-identity-wallets/values-local.yaml b/charts/managed-identity-wallets/values-local.yaml index a1ac2d6a..d6ae8a98 100644 --- a/charts/managed-identity-wallets/values-local.yaml +++ b/charts/managed-identity-wallets/values-local.yaml @@ -28,4 +28,4 @@ image: name: "catena-x/managed-identity-wallets" postgresql: enabled: false -isLocal: true \ No newline at end of file +isLocal: true diff --git a/charts/managed-identity-wallets/values-pre-prod.yaml b/charts/managed-identity-wallets/values-pre-prod.yaml index c679507e..0a398135 100644 --- a/charts/managed-identity-wallets/values-pre-prod.yaml +++ b/charts/managed-identity-wallets/values-pre-prod.yaml @@ -41,4 +41,4 @@ acapypostgresql: secret: password: postgrespassword: - user: \ No newline at end of file + user: diff --git a/charts/managed-identity-wallets/values.yaml b/charts/managed-identity-wallets/values.yaml index 651a57f5..1986b2b2 100644 --- a/charts/managed-identity-wallets/values.yaml +++ b/charts/managed-identity-wallets/values.yaml @@ -1,53 +1,126 @@ +# The IAM configuration auth: + # -- (string) The realm name in Keycloak realm: "CX-Central" + # -- (string) The main role in MIW role: "add_wallets" + # -- (string) The role mapping in MIW roleMappings: "create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet" + # -- (string) The resource Id in Keycloak resourceId: "Cl5-CX-Custodian" +# The image of the Managed Identity Wallets image: - name: "catenax-ng/product-core-managed-identity-wallets_service" + name: "catenax-ng/tx-managed-identity-wallets_service" registry: "ghcr.io" + # -- Overrides the image tag whose default is the chart appVersion + tag: "" secret: "acr-credentials" allowEmptyPassword: "\"yes\"" db: + # -- Database driver to use jdbcDriver: "org.postgresql.Driver" namespace: "managed-identity-wallets" logging: exposed: "INFO" +# The base wallet configuration in MIW wallet: - baseWalletBpn: "BPNL000000000000" + # -- The BPN of the base wallet + baseWalletBpn: "" + # -- The short DID of the base wallet. + # It can be created with its verkey as described in https://github.com/eclipse-tractusx/managed-identity-wallets#integrate-with-an-write-restricted-indy-ledger. + # It should be registered on the Indy ledger with role endorser. + baseWalletShortDid: "" + # -- The verkey (public key) of the base wallet + baseWalletVerkey: "" + # -- The name of the base wallet + baseWalletName: "" +# The configuration of revocation service in MIW revocation: + # -- At which hour (24-hour clock) the cron job should issue/update status-list credentials refreshHour: "3" + # -- The url of the revocation service revocationServiceUrl: http://localhost:8086 +# The main configuration of the revocation service revocationService: imageName: "registry.gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/revocation" tag: "1.0.0-SNAPSHOT-quarkus-2.10.2.Final-java17" port: "8086" httpAccessLog: true + # -- Issuance cache interval minIssueInterval: "2" + # -- The the endpoint in MIW at which status credentials can be issued baseUrlForCredentialList: "https//localhost:8080/api/credentials/" + # -- The url at which the MIW is reachable clientIssuanceApiUrl: "http://localhost:8080" acapy: imageName: "bcgovimages/aries-cloudagent" - tag: "py36-1.16-1_0.7.4" - ledgerUrl: "https://idu.cloudcompass.ca" - label: "CatenaXIssuer" - logLevel: "INFO" - networkIdentifier: "idunion:test" - databaseHost: "acapypostgresql" - endpointPort: "8000" - adminPort: "11000" - adminUrl: "http://localhost:11000" - secret: - apikey: "0" - walletseed: "0" - dbaccount: "postgres" - dbadminuser: "postgres" - dbadminpassword: "postgres" - dbpassword: "postgres" - jwtsecret: "0" - walletkey: "0" + tag: "py36-1.16-1_0.7.5" + # The configuration of the AcaPy endorser instance + endorser: + # -- The url of the used Indy ledger + ledgerUrl: "https://idu.cloudcompass.ca" + # -- The label of the instance + label: "CatenaXIssuer" + logLevel: "INFO" + # -- The network identifier of the used Indy ledger + networkIdentifier: "idunion:test" + # -- The host of the used database + databaseHost: "acapypostgresql" + # -- The port at which the wallet is reachable + endpointPort: "8000" + # -- The port at which the admin API is reachable + adminPort: "11000" + # -- The url of the admin API + adminUrl: "http://localhost:11000" + secret: + # -- The API key of the admin endpoints. It must be a random and secure string + apikey: "0" + # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) + walletseed: "0" + dbaccount: "postgres" + dbadminuser: "postgres" + dbadminpassword: "postgres" + dbpassword: "postgres" + ## -- It must be a random and secure string + jwtsecret: "0" + ## -- It must be a random and secure string + walletkey: "0" + # AcaPy multi-tenancy instance + mt: + # -- The url of the used Indy ledger + ledgerUrl: "https://idu.cloudcompass.ca" + # -- The label of the instance + label: "CatenaXIssuer" + logLevel: "INFO" + # -- The network identifier of the used Indy ledger + networkIdentifier: "idunion:test" + databaseHost: "acapypostgresql" + # -- The port at which the sub-wallets are reachable + endpointPort: "8003" + # -- The port at which the admin API is reachable + adminPort: "11003" + # -- The url of the admin API + adminUrl: "http://localhost:11003" + # -- The short DID of the base wallet + endorserPublicDid: "ShortDIDPlaceholderX" + # -- The url at which events are sent. It should be the webhook endpoint in MIW + webhookUrl: "http://localhost:8080/webhook" + secret: + # -- The API-Key of the admin endpoints. It must be a random and secure string + apikey: "0" + # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) + walletseed: "0" + dbaccount: "postgres" + dbadminuser: "postgres" + dbadminpassword: "postgres" + dbpassword: "postgres" + ## -- It must be a random and secure string + jwtsecret: "0" + ## -- It must be a random and secure string + walletkey: "0" ingress: enabled: false +# The configuration and secrets of the database that is used by AcaPy acapypostgresql: enabled: true auth: @@ -56,6 +129,7 @@ acapypostgresql: password: "postgres" postgrespassword: "postgres" user: "postgres" +# The configuration and secrets of the database that is used by the MIW postgresql: enabled: true auth: @@ -69,7 +143,8 @@ postgresql: emptyDir: {} initContainers: - name: initdb - image: ghcr.io/catenax-ng/product-core-managed-identity-wallets-cd_initdb:latest + # -- The image is built and used to initialize the database of MIW. The tag must equal the appVersion in Chart.yaml + image: ghcr.io/catenax-ng/tx-managed-identity-wallets_initdb:3.0.0 imagePullPolicy: Always command: - sh @@ -85,18 +160,29 @@ postgresql: password: "postgres" postgrespassword: "postgres" user: "postgres" +# The configuration to access the BPDM data pool (https://github.com/eclipse-tractusx/bpdm) from MIW datapool: grantType: "client_credentials" scope: "openid" + # -- At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool refreshHour: "23" + # -- Url at which the API of BPDM is reachable url: "" + # -- IAM url to get the access token for BPDM data pool endpoint authUrl: "" managedIdentityWallets: secret: + # -- Database connection string to the Postgres database of MIW jdbcurl: "jdbc:postgresql://postgresql:5432/postgres?user=postgres&password=postgres" + # -- It can be extracted from Keycloak authclientid: "clientid" + # -- It can be extracted from Keycloak authclientsecret: "client" + # -- client id for accessing the BPDM data pool endpoint bpdmauthclientid: "clientid" + # -- client secret for accessing the BPDM data pool endpoint bpdmauthclientsecret: "client" certificate: host: "localhost" +# -- Deployment on Kubernetes on local device +isLocal: false diff --git a/dev-assets/postman/Cx_Base_Wallet_Acapy.postman_collection.json b/dev-assets/postman/Cx_Base_Wallet_Acapy.postman_collection.json index bf1a7ba5..aa75aa20 100644 --- a/dev-assets/postman/Cx_Base_Wallet_Acapy.postman_collection.json +++ b/dev-assets/postman/Cx_Base_Wallet_Acapy.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "ec3c772a-f865-4c46-a8f5-79a0bfb45a85", + "_postman_id": "02391790-a906-482e-ba77-01aa1da2da5d", "name": "Cx_Base_Wallet_Acapy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -462,7 +462,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"auto_remove\": true,\n \"comment\": \"string\",\n \"connection_id\": \"5d2133ac-b1a0-4fd4-b05d-e69ab8859dcc\",\n \"credential_preview\": {\n \"@type\": \"issue-credential/2.0/credential-preview\",\n \"attributes\": [\n {\n \"mime-type\": \"image/jpeg\",\n \"name\": \"favourite_drink\",\n \"value\": \"martini\"\n }\n ]\n },\n \"filter\": {\n \"ld_proof\": {\n \"credential\": {\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData\"\n ],\n \"credentialSubject\": {\n \"data\": {\n \"value\": \"WTF\",\n \"nameType\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"The business partner name identifies a business partner in a given context, e.g. a country or region.\",\n \"url\": \"http://test.de\"\n },\n \"language\": {\n \"technicalKey\": \"undefined\",\n \"name\": \"Undefined\"\n }\n },\n \"type\": [\n \"NameCredential\"\n ],\n \"id\":\"did:sov:NXpcCePHdiLEJgnnBurCN3\"\n },\n \"id\": \"urn:uuid:93731387-dec1-4bf6-2227-31710f977177\",\n \"issuanceDate\": \"2019-12-03T12:19:52Z\",\n \"issuer\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\",\n \"type\": [\n \"VerifiableCredential\",\n \"NameCredential\"\n ]\n },\n \"options\": {\n \"proofType\": \"Ed25519Signature2018\"\n }\n }\n },\n \"trace\": true\n}", + "raw": "{\n \"auto_remove\": true,\n \"comment\": \"string\",\n \"connection_id\": \"5d2133ac-b1a0-4fd4-b05d-e69ab8859dcc\",\n \"credential_preview\": {\n \"@type\": \"issue-credential/2.0/credential-preview\",\n \"attributes\": [\n {\n \"mime-type\": \"image/jpeg\",\n \"name\": \"favourite_drink\",\n \"value\": \"martini\"\n }\n ]\n },\n \"filter\": {\n \"ld_proof\": {\n \"credential\": {\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity\"\n ],\n \"credentialSubject\": {\n \"data\": {\n \"value\": \"WTF\",\n \"nameType\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"The business partner name identifies a business partner in a given context, e.g. a country or region.\",\n \"url\": \"http://test.de\"\n },\n \"language\": {\n \"technicalKey\": \"undefined\",\n \"name\": \"Undefined\"\n }\n },\n \"type\": [\n \"NameCredential\"\n ],\n \"id\":\"did:sov:NXpcCePHdiLEJgnnBurCN3\"\n },\n \"id\": \"urn:uuid:93731387-dec1-4bf6-2227-31710f977177\",\n \"issuanceDate\": \"2019-12-03T12:19:52Z\",\n \"issuer\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\",\n \"type\": [\n \"VerifiableCredential\",\n \"NameCredential\"\n ]\n },\n \"options\": {\n \"proofType\": \"Ed25519Signature2018\"\n }\n }\n },\n \"trace\": true\n}", "options": { "raw": { "language": "json" @@ -541,7 +541,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"doc\": {\n \"credential\": {\n \"id\": \"urn:uuid:2f11e490-e0ca-472f-850b-20eec33666a9\",\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://api.npoint.io/b0857f96714055ca0ab3\"\n ],\n \"type\": [\n \"LegalFormCredential\",\n \"VerifiableCredential\"\n ],\n \"issuer\": \"did:sov:ArqouCjqi4RwBXQqjAbQrG\",\n \"issuanceDate\": \"2022-12-15T12:01:45Z\",\n \"credentialSubject\": {\n \"data\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"Test\",\n \"url\": \"TUIR\",\n \"mainAbbreviation\": \"m\",\n \"language\": {\n \"technicalKey\": \"M\",\n \"name\": \"M\"\n },\n \"categories\": {\n \"url\": \"MRR\",\n \"name\": \"M\"\n }\n },\n \"type\": \"LegalFormCredential\",\n \"id\": \"did:sov:JQNc8YK2oe6c9xcEeVvUje\"\n }\n },\n \"options\": {\n \"proofPurpose\": \"assertionMethod\",\n \"type\": \"Ed25519Signature2018\",\n \"verificationMethod\": \"did:sov:ArqouCjqi4RwBXQqjAbQrG#key-1\"\n }\n },\n \"verkey\": \"6Ng3Cu39yTViaEUg1BETpze78nXZqHpb6Q783X2rRhe6\"\n}", + "raw": "{\n \"doc\": {\n \"credential\": {\n \"id\": \"urn:uuid:2f11e490-e0ca-472f-850b-20eec33666a9\",\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity\"\n ],\n \"type\": [\n \"LegalFormCredential\",\n \"VerifiableCredential\"\n ],\n \"issuer\": \"did:sov:ArqouCjqi4RwBXQqjAbQrG\",\n \"issuanceDate\": \"2022-12-15T12:01:45Z\",\n \"credentialSubject\": {\n \"data\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"Test\",\n \"url\": \"TUIR\",\n \"mainAbbreviation\": \"m\",\n \"language\": {\n \"technicalKey\": \"M\",\n \"name\": \"M\"\n },\n \"categories\": {\n \"url\": \"MRR\",\n \"name\": \"M\"\n }\n },\n \"type\": \"LegalFormCredential\",\n \"id\": \"did:sov:JQNc8YK2oe6c9xcEeVvUje\"\n }\n },\n \"options\": {\n \"proofPurpose\": \"assertionMethod\",\n \"type\": \"Ed25519Signature2018\",\n \"verificationMethod\": \"did:sov:ArqouCjqi4RwBXQqjAbQrG#key-1\"\n }\n },\n \"verkey\": \"6Ng3Cu39yTViaEUg1BETpze78nXZqHpb6Q783X2rRhe6\"\n}", "options": { "raw": { "language": "json" diff --git a/dev-assets/postman/Managed_Wallets_Acapy.postman_collection.json b/dev-assets/postman/Managed_Wallets_Acapy.postman_collection.json index d2b49478..7f48ffe7 100644 --- a/dev-assets/postman/Managed_Wallets_Acapy.postman_collection.json +++ b/dev-assets/postman/Managed_Wallets_Acapy.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "f9509173-9bfb-4d3b-b900-575d76ab59f4", + "_postman_id": "bad3c89c-922d-46d0-a112-b91b5a32990c", "name": "Managed_Wallets_Acapy", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -913,7 +913,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"auto_remove\": true,\n \"comment\": \"string\",\n \"connection_id\": \"5d2133ac-b1a0-4fd4-b05d-e69ab8859dcc\",\n \"credential_preview\": {\n \"@type\": \"issue-credential/2.0/credential-preview\",\n \"attributes\": [\n {\n \"mime-type\": \"image/jpeg\",\n \"name\": \"favourite_drink\",\n \"value\": \"martini\"\n }\n ]\n },\n \"filter\": {\n \"ld_proof\": {\n \"credential\": {\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData\"\n ],\n \"credentialSubject\": {\n \"data\": {\n \"value\": \"WTF\",\n \"nameType\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"The business partner name identifies a business partner in a given context, e.g. a country or region.\",\n \"url\": \"http://test.de\"\n },\n \"language\": {\n \"technicalKey\": \"undefined\",\n \"name\": \"Undefined\"\n }\n },\n \"type\": [\n \"NameCredential\"\n ],\n \"id\":\"did:sov:NXpcCePHdiLEJgnnBurCN3\"\n },\n \"id\": \"urn:uuid:93731387-dec1-4bf6-2227-31710f977177\",\n \"issuanceDate\": \"2019-12-03T12:19:52Z\",\n \"issuer\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\",\n \"type\": [\n \"VerifiableCredential\",\n \"NameCredential\"\n ]\n },\n \"options\": {\n \"proofType\": \"Ed25519Signature2018\"\n }\n }\n },\n \"trace\": true\n}", + "raw": "{\n \"auto_remove\": true,\n \"comment\": \"string\",\n \"connection_id\": \"5d2133ac-b1a0-4fd4-b05d-e69ab8859dcc\",\n \"credential_preview\": {\n \"@type\": \"issue-credential/2.0/credential-preview\",\n \"attributes\": [\n {\n \"mime-type\": \"image/jpeg\",\n \"name\": \"favourite_drink\",\n \"value\": \"martini\"\n }\n ]\n },\n \"filter\": {\n \"ld_proof\": {\n \"credential\": {\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity\"\n ],\n \"credentialSubject\": {\n \"data\": {\n \"value\": \"WTF\",\n \"nameType\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"The business partner name identifies a business partner in a given context, e.g. a country or region.\",\n \"url\": \"http://test.de\"\n },\n \"language\": {\n \"technicalKey\": \"undefined\",\n \"name\": \"Undefined\"\n }\n },\n \"type\": [\n \"NameCredential\"\n ],\n \"id\":\"did:sov:NXpcCePHdiLEJgnnBurCN3\"\n },\n \"id\": \"urn:uuid:93731387-dec1-4bf6-2227-31710f977177\",\n \"issuanceDate\": \"2019-12-03T12:19:52Z\",\n \"issuer\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\",\n \"type\": [\n \"VerifiableCredential\",\n \"NameCredential\"\n ]\n },\n \"options\": {\n \"proofType\": \"Ed25519Signature2018\"\n }\n }\n },\n \"trace\": true\n}", "options": { "raw": { "language": "json" diff --git a/dev-assets/postman/Test-Acapy-SelfManagedWallet-Or-ExternalWallet.postman_collection.json b/dev-assets/postman/Test-Acapy-SelfManagedWallet-Or-ExternalWallet.postman_collection.json index 24d8e9bc..2c189088 100644 --- a/dev-assets/postman/Test-Acapy-SelfManagedWallet-Or-ExternalWallet.postman_collection.json +++ b/dev-assets/postman/Test-Acapy-SelfManagedWallet-Or-ExternalWallet.postman_collection.json @@ -1,6 +1,6 @@ { "info": { - "_postman_id": "ca9fc822-6f4a-4a2e-a37a-90b186bd714b", + "_postman_id": "1c57bc76-42ee-42ba-8fb8-ba43fd6dfe9a", "name": "Test-Acapy-SelfManagedWallet-Or-ExternalWallet", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, @@ -397,7 +397,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"auto_remove\": true,\n \"comment\": \"string\",\n \"connection_id\": \"b752194b-29d4-4178-b301-3ff8b5434bc3\",\n \"credential_preview\": {\n \"@type\": \"issue-credential/2.0/credential-preview\",\n \"attributes\": [\n {\n \"mime-type\": \"image/jpeg\",\n \"name\": \"favourite_drink\",\n \"value\": \"martini\"\n }\n ]\n },\n \"filter\": {\n \"ld_proof\": {\n \"credential\": {\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData\"\n ],\n \"credentialSubject\": {\n \"data\": {\n \"value\": \"BBBBB\",\n \"nameType\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"The business partner name identifies a business partner in a given context, e.g. a country or region.\",\n \"url\": \"http://test.de\"\n },\n \"language\": {\n \"technicalKey\": \"BBBBB\",\n \"name\": \"BBBB\"\n }\n },\n \"type\": [\n \"NameCredential\"\n ],\n \"id\":\"did:sov:UNgYEVCC7LTgvm3o1AKVot\"\n },\n \"id\": \"urn:uuid:23711187-dec1-4bf6-2227-55710f977171\",\n \"issuanceDate\": \"2019-12-03T12:19:52Z\",\n \"issuer\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\",\n \"type\": [\n \"VerifiableCredential\",\n \"NameCredential\"\n ]\n },\n \"options\": {\n \"proofType\": \"Ed25519Signature2018\"\n }\n }\n },\n \"trace\": true\n}", + "raw": "{\n \"auto_remove\": true,\n \"comment\": \"string\",\n \"connection_id\": \"b752194b-29d4-4178-b301-3ff8b5434bc3\",\n \"credential_preview\": {\n \"@type\": \"issue-credential/2.0/credential-preview\",\n \"attributes\": [\n {\n \"mime-type\": \"image/jpeg\",\n \"name\": \"favourite_drink\",\n \"value\": \"martini\"\n }\n ]\n },\n \"filter\": {\n \"ld_proof\": {\n \"credential\": {\n \"@context\": [\n \"https://www.w3.org/2018/credentials/v1\",\n \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity\"\n ],\n \"credentialSubject\": {\n \"data\": {\n \"value\": \"BBBBB\",\n \"nameType\": {\n \"technicalKey\": \"LOCAL\",\n \"name\": \"The business partner name identifies a business partner in a given context, e.g. a country or region.\",\n \"url\": \"http://test.de\"\n },\n \"language\": {\n \"technicalKey\": \"BBBBB\",\n \"name\": \"BBBB\"\n }\n },\n \"type\": [\n \"NameCredential\"\n ],\n \"id\":\"did:sov:UNgYEVCC7LTgvm3o1AKVot\"\n },\n \"id\": \"urn:uuid:23711187-dec1-4bf6-2227-55710f977171\",\n \"issuanceDate\": \"2019-12-03T12:19:52Z\",\n \"issuer\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\",\n \"type\": [\n \"VerifiableCredential\",\n \"NameCredential\"\n ]\n },\n \"options\": {\n \"proofType\": \"Ed25519Signature2018\"\n }\n }\n },\n \"trace\": true\n}", "options": { "raw": { "language": "json" diff --git a/docs/ExternalAcapySetupOnUbuntuWithStaticIP.md b/docs/ExternalAcapySetupOnUbuntuWithStaticIP.md new file mode 100644 index 00000000..8325b5f5 --- /dev/null +++ b/docs/ExternalAcapySetupOnUbuntuWithStaticIP.md @@ -0,0 +1,186 @@ +# Setup Aca-Py on a Ubuntu Server + +The following steps describe how to set up an Aca-Py agent with nginx on Ubuntu 22.04. + +## The Goal and Usage of the Agent +This separate ACA-Py agent can be used to test the external connections and credential exchanges with the managed wallets in the [Managed-Identity-Wallet](https://github.com/eclipse-tractusx/managed-identity-wallets). +- To interact with the agent you can use + * either the Postman collection `./dev-containers/postman/Test-Acapy-SelfManagedWallet-Or-ExternalWallet.postman_collection` after modifying the URLs and apikey. + * Or using the provided swagger doc `https://mydomain.example.com/api/doc/` after replacing `https://mydomain.example.com/api/doc/` with your subdomain +- The files `./docs/ExternalWalletInteraction.md` and `./docs/SelfManagedWallets.md` describe how the MIW can interact with an external (issuer) wallet and a self-managed (company) wallet + +## Setup Steps + +Requirements: + - 1 CPU & 1 GiB RAM + - 10 GB storage + - Static IP address with a domain that is assigned to it e.g. `mydomain.example.com` + - Docker and Docker-compose + +- Create a folder `mkdir acapy-agent` +- Generate letsencrypt certificates + - download certbot and get certificates. Please replace the domain in the last command + ``` + sudo snap install core; sudo snap refresh core + sudo snap install --classic certbot + sudo ln -s /snap/bin/certbot /usr/bin/certbot + sudo certbot certonly --standalone -d mydomain.example.com + ``` + - Move the generated files private.pem and fullchain.pem to `./acapy-agent` + - Lets Encrypt certificates expire after 90 and must be renewed. This can be done using the command `sudo certbot renew`. To verify that the certificate renewed, run `sudo certbot renew --dry-run` + +- Create `.env` file with `vi .env` and then add the environment variables to it after changing the placeholders. Also replace `mydomain.example.com` with your domain + ``` + POSTGRES_USER=postgres + POSTGRES_PASSWORD=postgres-password-placeholder + PGDATA=/data/postgres-data + POSTGRES_PORT=5432 + + WAIT_HOSTS=acapy_postgres:5432 + WAIT_HOSTS_TIMEOUT=300 + WAIT_SLEEP_INTERVAL=5 + WAIT_HOST_CONNECT_TIMEOUT=3 + + ACAPY_CONNECTION_PORT=8000 + ACAPY_ADMIN_PORT=11000 + ACAPY_ENDPOINT=https://mydomain.example.com/didcomm/ + ACAPY_WALLET_KEY=acapy-wallet-key-placeholder + ACAPY_SEED=acapy-seed-placeholder + LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io/genesis + ACAPY_ADMIN_KEY=acapy-admin-api-key-placeholder + JWT_SECRET=acapy-jwt-secret-placeholder + ``` + +- Create the `nginx.conf` file. If the Ports of AcaPy in `.env` file are changed, then they must be changed in the `nginx.conf` file. Also the paths of the certificates should match the given paths in `docker-compose.yml` file + ``` + events { + worker_connections 1024; + } + + http { + + # enforce redirect to https + server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + listen [::]:443 default_server; + root /usr/share/nginx/html; + index index.html index.htm; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always; + + # RSA certificate + ssl_certificate /etc/certificates/fullchain.pem; + ssl_certificate_key /etc/certificates/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + + + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; + ssl_prefer_server_ciphers on; + + location /didcomm/ { + proxy_pass http://acapy_agent:8000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /api/doc/ { + proxy_pass http://acapy_agent:11000/api/doc#/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + proxy_pass http://acapy_agent:11000/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + # Hide the Nginx version number (in error pages / headers) + server_tokens off; + + } + } + ``` + +- Create the `docker-compose.yml` file. The file is almost generic and you can either change the values in `.env` file or create a new enviroment file e.x. `dev.env` and then change the `env_file` property in the docker-compose.yml file. + ```yml + version: '3' + + services: + acapy_nginx: + image: nginx:1.23.3 + container_name: acapy_nginx + depends_on: + - acapy_postgres + - acapy_agent + ports: + - 443:443 + volumes: + - ./nginx.conf:/etc/nginx/nginx.conf + - ./fullchain.pem:/etc/certificates/fullchain.pem + - ./privkey.pem:/etc/certificates/privkey.pem + + acapy_postgres: + image: postgres:14-alpine3.17 + container_name: acapy_postgres + env_file: + - ./.env + volumes: + - postgres-data:/data/postgres-data + + acapy_agent: + image: bcgovimages/aries-cloudagent:py36-1.16-1_0.7.5 + container_name: acapy_agent + env_file: + - ./.env + depends_on: + - acapy_postgres + entrypoint: /bin/bash + command: [ + "-c", + "aca-py start \ + -e ${ACAPY_ENDPOINT} \ + --auto-provision \ + --inbound-transport http '0.0.0.0' ${ACAPY_CONNECTION_PORT:-8000} \ + --outbound-transport http \ + --admin '0.0.0.0' ${ACAPY_ADMIN_PORT:-11000} \ + --wallet-name External_Wallet \ + --wallet-type askar \ + --wallet-key ${ACAPY_WALLET_KEY} \ + --wallet-storage-type postgres_storage + --wallet-storage-config '{\"url\":\"acapy_postgres:${POSTGRES_PORT:-5432}\",\"max_connections\":5}' + --wallet-storage-creds '{\"account\":\"postgres\",\"password\":\"${POSTGRES_PASSWORD}\",\"admin_account\":\"postgres\",\"admin_password\":\"${POSTGRES_PASSWORD}\"}' + --seed ${ACAPY_SEED} \ + --genesis-url ${LEDGER_URL} \ + --label External_Wallet \ + --admin-api-key ${ACAPY_ADMIN_KEY} \ + --auto-ping-connection \ + --jwt-secret ${JWT_SECRET} \ + --public-invites \ + --log-level DEBUG" + ] + + volumes: + postgres-data: + ``` +- Check the permission of the files `private.pem` and `fullchain.pem` to make sure that they are accessible by nginx +- You can change the used environment file by changing the property `env_file` in `docker-compose.yml` +- Now run the following command `docker-compose up -d` to start the agent. This command will start 3 docker containers: + + * acapy-agent: the acapy instance v0.7.5 + * acapy_postgres: the database where the wallets are stored + * acapy_nginx: nginx instance + +- To remove the containers run `docker-compose down` +- To delete all containers with the database run `docker-compose down -v` + diff --git a/ExternalWalletInteraction.md b/docs/ExternalWalletInteraction.md similarity index 100% rename from ExternalWalletInteraction.md rename to docs/ExternalWalletInteraction.md diff --git a/SelfManagedWallets.md b/docs/SelfManagedWallets.md similarity index 100% rename from SelfManagedWallets.md rename to docs/SelfManagedWallets.md diff --git a/docs/openapi_v200.json b/docs/openapi_v300.json similarity index 91% rename from docs/openapi_v200.json rename to docs/openapi_v300.json index aedcb214..a20ad062 100644 --- a/docs/openapi_v200.json +++ b/docs/openapi_v300.json @@ -2,7 +2,7 @@ "openapi": "3.0.3", "info": { "title": "Catena-X Core Managed Identity Wallets API", - "version": "2.0.0", + "version": "3.0.0", "description": "Catena-X Core Managed Identity Wallets API", "termsOfService": "https://www.catena-x.net/", "contact": { @@ -12,13 +12,21 @@ }, "license": { "name": "Apache 2.0", - "url": "https://github.com/catenax-ng/product-core-managed-identity-wallets/blob/develop/LICENSE" + "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" } }, "servers": [ { "url": "http://localhost:8080", "description": "Local Dev Environment" + }, + { + "url": "https://managed-identity-wallets.dev.demo.catena-x.net", + "description": "Catena-X Dev Environment" + }, + { + "url": "https://managed-identity-wallets.int.demo.catena-x.net", + "description": "Catena-X Int Environment" } ], "paths": { @@ -29,7 +37,8 @@ ], "summary": "List of wallets", "description": "Permission: **view_wallets**\n\nRetrieve list of registered wallets", - "parameters": [], + "parameters": [ + ], "responses": { "200": { "description": "List of wallets", @@ -39,7 +48,6 @@ "items": { "$ref": "#/components/schemas/WalletDto" }, - "maxItems": 999, "type": "array" } } @@ -80,16 +88,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -100,7 +98,8 @@ ], "summary": "Create wallet", "description": "Permission: **add_wallets**\n\nCreate a wallet and store it ", - "parameters": [], + "parameters": [ + ], "requestBody": { "description": "wallet to create", "content": { @@ -135,8 +134,11 @@ "bpn": "bpn", "did": "did", "verKey": "verkey", - "createdAt": "2022-09-17T14:31:47.056108748", - "vcs": [] + "createdAt": "2023-01-23T11:24:25.023037446", + "vcs": [ + ], + "pendingMembershipIssuance": false, + "isSelfManaged": false } } } @@ -214,15 +216,84 @@ } } } + } + }, + "deprecated": false + } + }, + "/api/wallets/self-managed-wallets": { + "post": { + "tags": [ + ], + "summary": "Register and Establish Initial Connection with Partners", + "description": "Permission: **update_wallets**\n\n Register self managed wallet and establish the initial connection with CatenaX. Also issue their membership and BPN credentials", + "parameters": [ + ], + "requestBody": { + "description": "Register self managed wallet, establish a connection and issue membership and BPN credentials", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SelfManagedWalletCreateDto" + }, + "examples": { + "demo": { + "value": { + "bpn": "bpn", + "name": "name", + "did": "did" + } + } + } + } }, - "default": { - "description": "Unexpected error", + "required": true + }, + "responses": { + "201": { + "description": "The request was able send a connection request to the DID", "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" + "application/json": { + "schema": { + "$ref": "#/components/schemas/SelfManagedWalletResultDto" + } + } + } + }, + "404": { + "description": "The required entity does not exists", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponse" + }, + "examples": { + "demo": { + "value": { + "message": "reason", + "error": true + } + } + } + } + } + }, + "400": { + "description": "The input does not comply to the syntax requirements", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponse" + }, + "examples": { + "demo": { + "value": { + "message": "reason", + "error": true + } + } + } } - } } } }, @@ -283,8 +354,11 @@ "name": "name", "bpn": "bpn", "did": "did", - "createdAt": "2022-09-17T14:31:47.056263746", - "vcs": [] + "createdAt": "2023-01-23T11:24:25.023118846", + "vcs": [ + ], + "pendingMembershipIssuance": false, + "isSelfManaged": false } } } @@ -362,16 +436,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -382,7 +446,8 @@ ], "summary": "Remove wallet", "description": "Permission: **delete_wallets**\n\nRemove hosted wallet", - "parameters": [], + "parameters": [ + ], "responses": { "200": { "description": "Wallet successfully removed!", @@ -472,16 +537,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -647,58 +702,32 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false } }, - "/api/wallets/{identifier}/public": { + "/api/wallets/{identifier}/send-invitation": { "post": { "tags": [ - "Wallets" ], - "summary": "Register on Public Chain", - "description": "Permission: **update_wallets**\n\nRegister wallet DID on the public chain, endpoint only available for the base wallet", + "summary": "Send Connection Request", + "description": "Permission: **update_wallets**\n\n Send connection request to internal or external wallets.", "parameters": [ - { - "name": "identifier", - "in": "path", - "schema": { - "type": "string" - }, - "required": true, - "deprecated": false, - "examples": { - "did": { - "value": "did:exp:123" - }, - "bpn": { - "value": "BPN123" - } - } - } ], "requestBody": { - "description": "VerKey", + "description": "The invitation request", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerKeyDto" + "$ref": "#/components/schemas/InvitationRequestDto" }, "examples": { "demo": { "value": { - "verKey": "VERIFICATION_KEY_AFTER_CREATION" + "theirPublicDid": "did:sov:example", + "alias": "alias", + "myLabel": "myLabel" } } } @@ -707,40 +736,8 @@ "required": true }, "responses": { - "201": { - "description": "Success message", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/SuccessResponse" - }, - "examples": { - "demo": { - "value": { - "message": "Wallet has been successfully registered on chain" - } - } - } - } - } - }, - "422": { - "description": "The input can not be processed due to semantic mismatches", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } + "202": { + "description": "The connection request has been sent to the given DID" }, "404": { "description": "The required entity does not exists", @@ -760,26 +757,8 @@ } } }, - "403": { - "description": "The request could not be completed due to a forbidden access.", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - }, - "examples": { - "demo": { - "value": { - "message": "reason", - "error": true - } - } - } - } - } - }, - "401": { - "description": "The request could not be completed due to a failed authorization.", + "400": { + "description": "The input does not comply to the syntax requirements", "content": { "application/json": { "schema": { @@ -795,16 +774,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -989,16 +958,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -1051,44 +1010,8 @@ "required": true }, "responses": { - "200": { - "description": "The resolved DID Document after adding the new Service", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DidDocumentDto" - }, - "examples": { - "demo": { - "value": { - "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "@context": [ - "https://www.w3.org/ns/did/v1" - ], - "controller": [ - "123", - "1231" - ], - "verificationMethod": [ - { - "id": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "type": "Ed25519VerificationKey2018", - "controller": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "publicKeyBase58": "FyfKP2HvTKqDZQzvyL38yXH7bExmwofxHf2NR5BrcGf1" - } - ], - "service": [ - { - "id": "did:example:123#edv", - "type": "ServiceEndpointProxyService", - "serviceEndpoint": "https://myservice.com/myendpoint" - } - ] - } - } - } - } - } + "202": { + "description": "Adding the Service is accepted and processing" }, "404": { "description": "The required entity does not exists", @@ -1125,16 +1048,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -1200,44 +1113,8 @@ "required": true }, "responses": { - "200": { - "description": "The resolved DID Document after the updating the Service", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DidDocumentDto" - }, - "examples": { - "demo": { - "value": { - "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "@context": [ - "https://www.w3.org/ns/did/v1" - ], - "controller": [ - "123", - "1231" - ], - "verificationMethod": [ - { - "id": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "type": "Ed25519VerificationKey2018", - "controller": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "publicKeyBase58": "FyfKP2HvTKqDZQzvyL38yXH7bExmwofxHf2NR5BrcGf1" - } - ], - "service": [ - { - "id": "did:example:123#edv", - "type": "ServiceEndpointProxyService", - "serviceEndpoint": "https://myservice.com/myendpoint" - } - ] - } - } - } - } - } + "202": { + "description": "Updating the Service is accepted and processing" }, "404": { "description": "The required entity does not exists", @@ -1328,16 +1205,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -1382,34 +1249,8 @@ } ], "responses": { - "200": { - "description": "The resolved DID Document after removing the service", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/DidDocumentDto" - }, - "examples": { - "demo": { - "value": { - "id": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "@context": [ - "https://www.w3.org/ns/did/v1" - ], - "controller": "test", - "verificationMethod": [ - { - "id": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "type": "Ed25519VerificationKey2018", - "controller": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "publicKeyBase58": "FyfKP2HvTKqDZQzvyL38yXH7bExmwofxHf2NR5BrcGf1" - } - ] - } - } - } - } - } + "202": { + "description": "Deleting the Service is accepted and processing" }, "404": { "description": "The required entity does not exists", @@ -1500,16 +1341,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -1578,7 +1409,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "required": true, @@ -1599,7 +1429,6 @@ "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "maxItems": 999, "type": "array" } } @@ -1640,33 +1469,187 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false - }, + }, + "post": { + "tags": [ + "VerifiableCredentials" + ], + "summary": "Issue Verifiable Credential", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\n\nIssue a verifiable credential with a given issuer DID", + "parameters": [ + ], + "requestBody": { + "description": "The verifiable credential input data", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifiableCredentialRequestDto" + }, + "examples": { + "demo": { + "value": { + "id": "http://example.edu/credentials/3732", + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": [ + "University-Degree-Credential, VerifiableCredential" + ], + "issuerIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": { + "college": "Test-University" + }, + "holderIdentifier": "did:example:492edf208", + "isRevocable": true + } + } + } + } + }, + "required": true + }, + "responses": { + "201": { + "description": "The created Verifiable Credential", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/VerifiableCredentialDto" + }, + "examples": { + "demo": { + "value": { + "id": "http://example.edu/credentials/3732", + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": [ + "University-Degree-Credential, VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": { + "college": "Test-University" + }, + "credentialStatus": { + "id": "https://example.com/credentials/status/3#94567", + "type": "StatusList2021Entry", + "statusPurpose": "revocation", + "statusListIndex": "94567", + "statusListCredential": "https://example.com/credentials/status/3" + }, + "proof": { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + } + } + } + } + }, + "422": { + "description": "The input can not be processed due to semantic mismatches", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponse" + }, + "examples": { + "demo": { + "value": { + "message": "reason", + "error": true + } + } + } + } + } + }, + "400": { + "description": "The input does not comply to the syntax requirements", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponse" + }, + "examples": { + "demo": { + "value": { + "message": "reason", + "error": true + } + } + } + } + } + }, + "403": { + "description": "The request could not be completed due to a forbidden access.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponse" + }, + "examples": { + "demo": { + "value": { + "message": "reason", + "error": true + } + } + } + } + } + }, + "401": { + "description": "The request could not be completed due to a failed authorization.", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ExceptionResponse" + }, + "examples": { + "demo": { + "value": { + "message": "reason", + "error": true + } + } + } + } + } + } + }, + "deprecated": false + } + }, + "/api/credentials/issuer": { "post": { "tags": [ "VerifiableCredentials" ], - "summary": "Issue Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\n\nIssue a verifiable credential with a given issuer DID", - "parameters": [], + "summary": "Issue a Verifiable Credential with Catena-X platform issuer", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of Catena-X wallet must equal BPN of caller)\n\nIssue a verifiable credential by Catena-X wallet", + "parameters": [ + ], "requestBody": { - "description": "The verifiable credential input data", + "description": "The verifiable credential input", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifiableCredentialRequestDto" + "$ref": "#/components/schemas/VerifiableCredentialRequestWithoutIssuerDto" }, "examples": { "demo": { @@ -1679,7 +1662,6 @@ "type": [ "University-Degree-Credential, VerifiableCredential" ], - "issuerIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", "issuanceDate": "2019-06-16T18:56:59Z", "expirationDate": "2019-06-17T18:56:59Z", "credentialSubject": { @@ -1810,35 +1792,26 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false } }, - "/api/credentials/issuer": { + "/api/credentials/issuance-flow": { "post": { "tags": [ "VerifiableCredentials" ], - "summary": "Issue a Verifiable Credential with Catena-X platform issuer", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of Catena-X wallet must equal BPN of caller)\n\nIssue a verifiable credential by Catena-X wallet", - "parameters": [], + "summary": "Issue credential flow according to Aries RFC 0453", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of Catena-X wallet must equal BPN of caller)\n\nTrigger an issue credential flow according to Aries RFC 0453 from the issuer to the holder. Issuer must be a DID managed by the MIW", + "parameters": [ + ], "requestBody": { "description": "The verifiable credential input", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifiableCredentialRequestWithoutIssuerDto" + "$ref": "#/components/schemas/VerifiableCredentialIssuanceFlowRequestDto" }, "examples": { "demo": { @@ -1851,13 +1824,15 @@ "type": [ "University-Degree-Credential, VerifiableCredential" ], + "issuerIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", "issuanceDate": "2019-06-16T18:56:59Z", "expirationDate": "2019-06-17T18:56:59Z", "credentialSubject": { "college": "Test-University" }, "holderIdentifier": "did:example:492edf208", - "isRevocable": true + "isRevocable": true, + "webhookUrl": "http://example.com/webhooks" } } } @@ -1867,43 +1842,17 @@ }, "responses": { "201": { - "description": "The created Verifiable Credential", + "description": "The credential Offer as String", "content": { "application/json": { "schema": { - "$ref": "#/components/schemas/VerifiableCredentialDto" + "$ref": "#/components/schemas/CredentialOfferResponse" }, "examples": { "demo": { "value": { - "id": "http://example.edu/credentials/3732", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential, VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": { - "college": "Test-University" - }, - "credentialStatus": { - "id": "https://example.com/credentials/status/3#94567", - "type": "StatusList2021Entry", - "statusPurpose": "revocation", - "statusListIndex": "94567", - "statusListCredential": "https://example.com/credentials/status/3" - }, - "proof": { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } + "credential_offer": "{\"credential\": {\"@context\": [\"https://www.w3.org/2018/credentials/v1\", \"https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData\"], \"type\": [\"BpnCredential\", \"VerifiableCredential\"], \"issuer\": \"did:sov:HsfwvUFcZkAcxDa2kASMr7\", \"issuanceDate\": \"2021-06-16T18:56:59Z\", \"credentialSubject\": {\"type\": [\"BpnCredential\"], \"bpn\": \"NEWNEWTestTest\", \"id\": \"did:sov:7rB93fLvW5kgujZ4E57ZxL\"}}, \"options\": {\"proofType\": \"Ed25519Signature2018\"}}", + "threadId": "2ewqe-qwe24-eqweqwrqwr-rwqrqwr" } } } @@ -1981,16 +1930,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -2003,7 +1942,8 @@ ], "summary": "Revoke issued Verifiable Credential", "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\n\nRevoke issued Verifiable Credential by issuer", - "parameters": [], + "parameters": [ + ], "requestBody": { "description": "The signed verifiable credential", "content": { @@ -2131,16 +2071,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -2263,16 +2193,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -2341,16 +2261,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -2562,16 +2472,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -2803,16 +2703,6 @@ } } } - }, - "default": { - "description": "Unexpected error", - "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" - } - } - } } }, "deprecated": false @@ -2825,7 +2715,8 @@ ], "summary": "Issue a List Status credential", "description": "This endpoint is called by the revocation service to issue a list status credential for a given profileName", - "parameters": [], + "parameters": [ + ], "requestBody": { "description": "The subject of the status list credential", "content": { @@ -2836,7 +2727,7 @@ "examples": { "demo": { "value": { - "id": "uuid-of-list", + "id": "urn:uuid:93731387-dec1-4bf6-8087-d5210f661422", "subject": { "id": "https://example.com/status/3#list", "type": "StatusList2021", @@ -2901,15 +2792,40 @@ } } } + } + }, + "deprecated": false + } + }, + "/webhook/topic/{topic}/": { + "post": { + "tags": [ + "Webhook" + ], + "summary": "Webhook to receive messages from Acapy", + "description": "", + "parameters": [ + ], + "requestBody": { + "description": "the object related to the topic", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Any" + } + } }, - "default": { - "description": "Unexpected error", + "required": true + }, + "responses": { + "200": { + "description": "The webhook endpoint is triggered successfully", "content": { - "application/json": { - "schema": { - "$ref": "#/components/schemas/ExceptionResponse" + "application/json": { + "schema": { + "type": "string" + } } - } } } }, @@ -2930,9 +2846,15 @@ "did": { "type": "string" }, + "isSelfManaged": { + "type": "boolean" + }, "name": { "type": "string" }, + "pendingMembershipIssuance": { + "type": "boolean" + }, "revocationListName": { "type": "string", "nullable": true @@ -2941,7 +2863,6 @@ "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "maxItems": 999, "type": "array" }, "verKey": { @@ -2954,7 +2875,8 @@ "bpn", "did", "createdAt", - "vcs" + "vcs", + "pendingMembershipIssuance" ], "type": "object" }, @@ -2985,7 +2907,8 @@ "type": "object" }, "Short": { - "properties": {}, + "properties": { + }, "type": "object" }, "LocalTime": { @@ -3007,7 +2930,8 @@ "type": "object" }, "Byte": { - "properties": {}, + "properties": { + }, "type": "object" }, "VerifiableCredentialDto": { @@ -3016,7 +2940,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "credentialStatus": { @@ -3049,7 +2972,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" } }, @@ -3088,7 +3010,8 @@ "type": "object" }, "Any": { - "properties": {}, + "properties": { + }, "type": "object" }, "LdProofDto": { @@ -3167,6 +3090,52 @@ ], "type": "object" }, + "SelfManagedWalletCreateDto": { + "properties": { + "bpn": { + "type": "string" + }, + "did": { + "type": "string" + }, + "name": { + "type": "string" + }, + "webhookUrl": { + "type": "string", + "nullable": true + } + }, + "required": [ + "bpn", + "name", + "did" + ], + "type": "object" + }, + "SelfManagedWalletResultDto": { + "properties": { + "bpn": { + "type": "string" + }, + "createdAt": { + "$ref": "#/components/schemas/LocalDateTime" + }, + "did": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "required": [ + "name", + "bpn", + "did", + "createdAt" + ], + "type": "object" + }, "SuccessResponse": { "properties": { "message": { @@ -3184,7 +3153,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "CredentialStatus": { @@ -3217,7 +3185,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" } }, @@ -3227,19 +3194,28 @@ "issuer", "issuanceDate", "credentialSubject", - "CredentialStatus", "proof" ], "type": "object" }, - "VerKeyDto": { + "InvitationRequestDto": { "properties": { - "verKey": { + "alias": { + "type": "string", + "nullable": true + }, + "myLabel": { + "type": "string", + "nullable": true + }, + "theirPublicDid": { "type": "string" } }, "required": [ - "verKey" + "theirPublicDid", + "alias", + "myLabel" ], "type": "object" }, @@ -3253,35 +3229,30 @@ "items": { "$ref": "#/components/schemas/Any" }, - "maxItems": 999, "type": "array" }, "authenticationVerificationMethods": { "items": { "$ref": "#/components/schemas/Any" }, - "maxItems": 999, "type": "array" }, "capabilityDelegationVerificationMethods": { "items": { "$ref": "#/components/schemas/Any" }, - "maxItems": 999, "type": "array" }, "capabilityInvocationVerificationMethods": { "items": { "$ref": "#/components/schemas/Any" }, - "maxItems": 999, "type": "array" }, "context": { "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "controller": { @@ -3294,21 +3265,18 @@ "items": { "$ref": "#/components/schemas/Any" }, - "maxItems": 999, "type": "array" }, "services": { "items": { "$ref": "#/components/schemas/DidServiceDto" }, - "maxItems": 999, "type": "array" }, "verificationMethods": { "items": { "$ref": "#/components/schemas/DidVerificationMethodDto" }, - "maxItems": 999, "type": "array" } }, @@ -3320,6 +3288,13 @@ }, "DidServiceDto": { "properties": { + "accept": { + "items": { + "type": "string", + "nullable": true + }, + "type": "array" + }, "id": { "type": "string" }, @@ -3333,7 +3308,6 @@ "type": "string", "nullable": true }, - "maxItems": 999, "type": "array" }, "routingKeys": { @@ -3341,7 +3315,6 @@ "type": "string", "nullable": true }, - "maxItems": 999, "type": "array" }, "serviceEndpoint": { @@ -3421,7 +3394,6 @@ "type": "string", "nullable": true }, - "maxItems": 999, "type": "array" }, "kid": { @@ -3470,7 +3442,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "credentialSubject": { @@ -3505,7 +3476,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" } }, @@ -3524,7 +3494,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "credentialSubject": { @@ -3555,7 +3524,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" } }, @@ -3568,6 +3536,77 @@ ], "type": "object" }, + "VerifiableCredentialIssuanceFlowRequestDto": { + "properties": { + "@context": { + "items": { + "type": "string" + }, + "type": "array" + }, + "credentialSubject": { + "additionalProperties": { + "$ref": "#/components/schemas/Any" + }, + "type": "object" + }, + "expirationDate": { + "type": "string", + "nullable": true + }, + "holderIdentifier": { + "type": "string", + "nullable": true + }, + "id": { + "type": "string", + "nullable": true + }, + "isRevocable": { + "type": "boolean" + }, + "issuanceDate": { + "type": "string", + "nullable": true + }, + "issuerIdentifier": { + "type": "string" + }, + "type": { + "items": { + "type": "string" + }, + "type": "array" + }, + "webhookUrl": { + "type": "string", + "nullable": true + } + }, + "required": [ + "@context", + "type", + "issuerIdentifier", + "issuanceDate", + "credentialSubject" + ], + "type": "object" + }, + "CredentialOfferResponse": { + "properties": { + "credentialOffer": { + "type": "string" + }, + "threadId": { + "type": "string" + } + }, + "required": [ + "credentialOffer", + "threadId" + ], + "type": "object" + }, "VerifiablePresentationRequestDto": { "properties": { "holderIdentifier": { @@ -3577,7 +3616,6 @@ "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "maxItems": 999, "type": "array" } }, @@ -3593,7 +3631,6 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "holder": { @@ -3611,14 +3648,12 @@ "items": { "type": "string" }, - "maxItems": 999, "type": "array" }, "verifiableCredential": { "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "maxItems": 999, "type": "array" } }, @@ -3692,9 +3727,7 @@ } }, "security": [ - { - "Bearer": [ "auth-token" ] - } ], - "tags": [] + "tags": [ + ] } \ No newline at end of file diff --git a/src/test/resources/credentials-test-data/credentialOffer.json b/src/test/resources/credentials-test-data/credentialOffer.json index 0d13d2f1..97da78f8 100644 --- a/src/test/resources/credentials-test-data/credentialOffer.json +++ b/src/test/resources/credentials-test-data/credentialOffer.json @@ -5,7 +5,7 @@ "credential": { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData" + "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity" ], "id": "urn:uuid:93731387-dec1-4bf6-2227-31710f977177", "type": [ diff --git a/src/test/resources/credentials-test-data/credentialReceived.json b/src/test/resources/credentials-test-data/credentialReceived.json index eb4dff7c..9f5bc878 100644 --- a/src/test/resources/credentials-test-data/credentialReceived.json +++ b/src/test/resources/credentials-test-data/credentialReceived.json @@ -5,7 +5,7 @@ "credential": { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData" + "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity" ], "id": "urn:uuid:93731387-dec1-4bf6-2227-31710f977177", "type": [ @@ -43,7 +43,7 @@ "credential": { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData" + "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity" ], "id": "urn:uuid:93731387-dec1-4bf6-2227-31710f977177", "type": [ @@ -80,7 +80,7 @@ "ld_proof": { "@context": [ "https://www.w3.org/2018/credentials/v1", - "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntityData" + "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/legalEntity" ], "id": "urn:uuid:93731387-dec1-4bf6-2227-31710f977177", "type": [