[INJIVER-1369] - Add verification and validation for cwt formet VC

README.md

@@ -38,16 +38,17 @@ import io.mosip.vercred.vcverifier.keyResolver.types.http.HttpsPublicKeyResolver
 
 -   **VC Validation**: The library validates the structure, signatures, and expiration of Verifiable Credentials to ensure they conform to the W3C VC standards.
 -   **Cryptographic Signature Verification**: Supports the verification of cryptographic signatures using public keys, including EdDSA, RSA, and other supported algorithms, ensuring the integrity of the credential.
+-   **Status Check**: It includes mechanisms to check the current status of credentials, allowing applications to determine if a credential is still valid or has been invalidated.
 -   **Compatibility with Various Data Models**: It supports multiple VC data models (e.g., VC 1.1, VC 2.0), ensuring compatibility across various decentralized identity systems.
 
 #### Supported VC Formats and Their Signature Mechanisms
 
-| VC format   | Issuer Signature Mechanism                                             | Verification Algorithms       | Signature Suites / Proof Types                               |
-|-------------|------------------------------------------------------------------------|-------------------------------|--------------------------------------------------------------|
-| `ldp_vc`    | Linked Data Proof                                                      | PS256, RS256, EdDSA (Ed25519) | RsaSignature2018, Ed25519Signature2018, Ed25519Signature2020 |
-| `mso_mdoc`  | COSE (CBOR Object Signing and Encryption)                              | ES256                         | Uses COSE_Sign1                                              |
-| `vc+sd-jwt` | X.509 Certificate (Currently, JWT VC Issuer Metadata is not supported) | PS256, RS256,ES256, EdDSA (Ed25519) | check JWT signatures using X.509 certificate                 |
-| `dc+sd-jwt` | X.509 Certificate (Currently, JWT VC Issuer Metadata is not supported) | PS256, RS256,ES256, EdDSA (Ed25519) | check JWT signatures using X.509 certificate                 |
+| VC format   | Issuer Signature Mechanism                                             | Verification Algorithms             | Signature Suites / Proof Types                                                            |
+|-------------|------------------------------------------------------------------------|-------------------------------------|-------------------------------------------------------------------------------------------|
+| `ldp_vc`    | Linked Data Proof                                                      | PS256, RS256, EdDSA (Ed25519)       | RsaSignature2018, Ed25519Signature2018, Ed25519Signature2020, EcdsaSecp256k1Signature2019 |
+| `mso_mdoc`  | COSE (CBOR Object Signing and Encryption)                              | ES256                               | Uses COSE_Sign1                                                                           |
+| `vc+sd-jwt` | X.509 Certificate (Currently, JWT VC Issuer Metadata is not supported) | PS256, RS256,ES256, EdDSA (Ed25519) | -                                                                                         |
+| `dc+sd-jwt` | X.509 Certificate (Currently, JWT VC Issuer Metadata is not supported) | PS256, RS256,ES256, EdDSA (Ed25519) | -                                                                                         |
 
 #### Project Structure
 
@@ -57,6 +58,7 @@ import io.mosip.vercred.vcverifier.keyResolver.types.http.HttpsPublicKeyResolver
     - `types`
     - `validator`
     - `verifier`
+    - `statusChecker`
 - **data**
 - **exception**
 - **keyResolver**

vc-verifier/kotlin/example/build.gradle.kts

@@ -48,6 +48,7 @@ android {
         resources {
             excludes += "META-INF/*"
             excludes += "/META-INF/{AL2.0,LGPL2.1}"
+            excludes += "META-INF/versions/9/OSGI-INF/MANIFEST.MF"
         }
     }
 }

vc-verifier/kotlin/example/src/main/java/io/mosip/vccred/example/MainActivity.kt

@@ -192,4 +192,8 @@ val mosipVc = """
     "MOSIPVerifiableCredential"
   ]
 }
+""".trimIndent()
+
+val cwtHex = """
+d2844fa2044a746573742d6b65792d310126a05824a2041a695c6e3a01781a68747470733a2f2f6973737565722e6578616d706c652e636f6d58400d29639303b33b73e71fc3a5294a0cb001c8faa1a4863e89a99086e990004c36c59dbc6573045e4ae93f49ce57dc67b6935c0c7a0a8a330ac1998ec3b80b1ba4
 """.trimIndent()

vc-verifier/kotlin/gradle/libs.versions.toml

@@ -20,13 +20,14 @@ activityCompose = "1.9.2"
 composeBom = "2024.04.01"
 orgJson = "20240303"
 sonarqube = "5.1.0.4872"
-jacksonAnnotations = "2.14.0"
-jacksonModuleKotlin = "2.14.0"
+jacksonAnnotations = "2.17.2"
+jacksonModuleKotlin = "2.17.2"
 mockWebServer = "4.12.0"
 annotationJvm = "1.9.1"
 cbor = "0.9"
 identity = "20231002"
 authleteSdJwt = "1.5"
+coseLibrary = "2.0.0"
 
 [libraries]
 junitJupiter = { group = "org.junit.jupiter", name = "junit-jupiter", version.ref = "junit" }
@@ -62,6 +63,7 @@ mockWebServer = { group = "com.squareup.okhttp3", name = "mockwebserver", versio
 annotation-jvm = { group = "androidx.annotation", name = "annotation-jvm", version.ref = "annotationJvm" }
 cbor = { group = "co.nstant.in", name = "cbor", version.ref = "cbor" }
 identity = { group = "com.android.identity", name = "identity-credential", version.ref = "identity" }
+cose-lib = { group = "se.digg.cose", name = "cose-lib", version.ref = "coseLibrary" }
 
 [plugins]
 androidApplication = { id = "com.android.application", version.ref = "agp" }

vc-verifier/kotlin/vcverifier/build.gradle.kts

@@ -65,13 +65,23 @@ dependencies {
     implementation(libs.annotation.jvm)
     implementation(libs.authelete.sd.jwt)
     implementation(libs.threetenbp)
+    implementation(libs.cose.lib)
 
     testImplementation(libs.mockk)
     testImplementation(libs.junitJupiter)
     testImplementation(libs.mockWebServer)
 
 }
 
+configurations.all {
+    exclude(group = "org.bouncycastle", module = "bcprov-jdk15on")
+    exclude(group = "org.bouncycastle", module = "bcpkix-jdk15on")
+    exclude(group = "org.bouncycastle", module = "bcutil-jdk15on")
+    exclude(group = "org.bouncycastle", module = "bcprov-jdk15to18")
+}
+
+
+
 tasks.withType<Test> {
     useJUnitPlatform()
     jacoco {

vc-verifier/kotlin/vcverifier/publish-artifact.gradle

@@ -96,7 +96,7 @@ publishing {
             }
             groupId = "io.mosip"
             artifactId = "vcverifier-aar"
-            version = "1.6.0-SNAPSHOT"
+            version = "1.7.0-SNAPSHOT"
             if (project.gradle.startParameter.taskNames.any { it.contains('assembleRelease') }) {
                 artifacts {
                     aar {
@@ -110,7 +110,7 @@ publishing {
             artifact(tasks.named("jarRelease").get())
             groupId = "io.mosip"
             artifactId = "vcverifier-jar"
-            version = "1.6.0-SNAPSHOT"
+            version = "1.7.0-SNAPSHOT"
             artifact(tasks.named("javadocJar").get())
             artifact(tasks.named("sourcesJar").get())
             pom {

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/CredentialsVerifier.kt

@@ -6,15 +6,16 @@ import io.mosip.vercred.vcverifier.constants.CredentialValidatorConstants.ERROR_
 import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.ERROR_CODE_VERIFICATION_FAILED
 import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.ERROR_MESSAGE_VERIFICATION_FAILED
 import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.EXCEPTION_DURING_VERIFICATION
-import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.ERROR_VC_REVOKED
-import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.ERROR_CODE_VC_REVOKED
 import io.mosip.vercred.vcverifier.credentialverifier.CredentialVerifierFactory
+import io.mosip.vercred.vcverifier.data.CredentialStatusResult
+import io.mosip.vercred.vcverifier.data.CredentialVerificationSummary
 import io.mosip.vercred.vcverifier.data.VerificationResult
 import java.util.logging.Logger
 
 
 class CredentialsVerifier {
     private val logger = Logger.getLogger(CredentialsVerifier::class.java.name)
+    private val credentialVerifierFactory = CredentialVerifierFactory()
 
     /**
      * @deprecated This method has been deprecated because it is not extensible for future use cases of supporting different VC format's verification
@@ -23,48 +24,82 @@ class CredentialsVerifier {
      */
     @Deprecated("This method has been deprecated because it is not extensible for future use cases of supporting different VC format's verification")
     fun verifyCredentials(credentials: String?): Boolean {
-        if(credentials==null){
+        if (credentials == null) {
             logger.severe("Error - Input credential is null")
             throw RuntimeException("Input credential is null")
         }
-        val credentialVerifier = CredentialVerifierFactory().get(LDP_VC)
+        val credentialVerifier = credentialVerifierFactory.get(LDP_VC)
         val isVerified = credentialVerifier.verify(credentials)
 
         if (!isVerified) {
             logger.warning("Credential verification failed")
             return false
         }
-
-        val isRevoked = credentialVerifier.isRevoked(credentials)
-
-        if (isRevoked) {
-            logger.warning("Credential has been revoked")
-            return false
-        }
-
         return true
     }
 
     fun verify(credential: String, credentialFormat: CredentialFormat): VerificationResult {
-        val credentialVerifier = CredentialVerifierFactory().get(credentialFormat)
+        val credentialVerifier = credentialVerifierFactory.get(credentialFormat)
         val validationStatus = credentialVerifier.validate(credential)
-        if (validationStatus.validationMessage.isNotEmpty() && !validationStatus.validationErrorCode.contentEquals(ERROR_CODE_VC_EXPIRED)) {
-            return VerificationResult(false, validationStatus.validationMessage, validationStatus.validationErrorCode)
+        if (validationStatus.validationMessage.isNotEmpty() && !validationStatus.validationErrorCode.contentEquals(
+                ERROR_CODE_VC_EXPIRED
+            )
+        ) {
+            return VerificationResult(
+                false,
+                validationStatus.validationMessage,
+                validationStatus.validationErrorCode
+            )
         }
         return try {
             val verifySignatureStatus = credentialVerifier.verify(credential)
-            if (!verifySignatureStatus) {
-                return  VerificationResult(false, ERROR_MESSAGE_VERIFICATION_FAILED, ERROR_CODE_VERIFICATION_FAILED)
+            if (verifySignatureStatus) {
+                return VerificationResult(
+                    true,
+                    validationStatus.validationMessage,
+                    validationStatus.validationErrorCode
+                )
             }
+            return VerificationResult(
+                false,
+                ERROR_MESSAGE_VERIFICATION_FAILED,
+                ERROR_CODE_VERIFICATION_FAILED
+            )
 
-            val isRevoked = credentialVerifier.isRevoked(credential)
-            if (isRevoked){
-                return VerificationResult(true, ERROR_VC_REVOKED, ERROR_CODE_VC_REVOKED)
-            }
-            VerificationResult(true, validationStatus.validationMessage, validationStatus.validationErrorCode)
         } catch (e: Exception) {
-            val errorCode = validationStatus.validationErrorCode.takeIf { !it.isNullOrEmpty() } ?: ERROR_CODE_VERIFICATION_FAILED
+            val errorCode = validationStatus.validationErrorCode.takeIf { !it.isNullOrEmpty() }
+                ?: ERROR_CODE_VERIFICATION_FAILED
             VerificationResult(false, "$EXCEPTION_DURING_VERIFICATION${e.message}", errorCode)
         }
     }
+
+    fun getCredentialStatus(
+        credential: String,
+        credentialFormat: CredentialFormat,
+        statusPurposeList: List<String> = emptyList()
+    ): Map<String, CredentialStatusResult> {
+        try {
+            return credentialVerifierFactory.get(credentialFormat)
+                .checkStatus(credential, statusPurposeList)
+        } catch (unsupportedException: UnsupportedOperationException) {
+            logger.warning("Error occurred while checking credential status of format ${credentialFormat}: ${unsupportedException.message}. Returning empty status list.")
+            return emptyMap()
+        } catch (e: Exception) {
+            logger.severe("Error occurred while checking credential status: ${e.message}")
+            throw e
+        }
+    }
+
+    fun verifyAndGetCredentialStatus(
+        credential: String,
+        credentialFormat: CredentialFormat,
+        statusPurposeList: List<String> = emptyList()
+    ): CredentialVerificationSummary {
+        val verificationResult = verify(credential, credentialFormat)
+        if (verificationResult.verificationStatus) {
+            val statusResults = getCredentialStatus(credential, credentialFormat, statusPurposeList)
+            return CredentialVerificationSummary(verificationResult, statusResults)
+        }
+        return CredentialVerificationSummary(verificationResult, emptyMap())
+    }
 }

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/PresentationVerifier.kt

@@ -13,7 +13,9 @@ import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.ED25519
 import io.mosip.vercred.vcverifier.constants.CredentialVerifierConstants.JSON_WEB_PROOF_TYPE_2020
 import io.mosip.vercred.vcverifier.constants.Shared
 import io.mosip.vercred.vcverifier.data.PresentationVerificationResult
+import io.mosip.vercred.vcverifier.data.PresentationResultWithCredentialStatus
 import io.mosip.vercred.vcverifier.data.VCResult
+import io.mosip.vercred.vcverifier.data.VCResultWithCredentialStatus
 import io.mosip.vercred.vcverifier.data.VPVerificationStatus
 import io.mosip.vercred.vcverifier.data.VerificationResult
 import io.mosip.vercred.vcverifier.data.VerificationStatus
@@ -40,6 +42,15 @@ class PresentationVerifier {
 
     fun verify(presentation: String): PresentationVerificationResult {
 
+        val presentationVerificationStatus: VPVerificationStatus = getPresentationVerificationStatus(presentation)
+
+        val verifiableCredentials = JSONObject(presentation).getJSONArray(Shared.KEY_VERIFIABLE_CREDENTIAL)
+        val vcVerificationResults: List<VCResult> = getVCVerificationResults(verifiableCredentials)
+
+        return PresentationVerificationResult(presentationVerificationStatus, vcVerificationResults)
+    }
+
+    private fun getPresentationVerificationStatus(presentation: String): VPVerificationStatus {
         logger.info("Received Presentation For Verification - Start")
         val proofVerificationStatus: VPVerificationStatus
         val vcJsonLdObject: JsonLDObject
@@ -124,11 +135,7 @@ class PresentationVerifier {
                 }
             }
         }
-
-        val vcVerificationResults: List<VCResult> =
-            getVCVerificationResults(JSONObject(presentation).getJSONArray(Shared.KEY_VERIFIABLE_CREDENTIAL))
-
-        return PresentationVerificationResult(proofVerificationStatus, vcVerificationResults)
+        return proofVerificationStatus
     }
 
     private fun getVCVerificationResults(verifiableCredentials: JSONArray): List<VCResult> {
@@ -152,5 +159,27 @@ class PresentationVerifier {
         }
     }
 
+    private fun getVCVerificationResultsWithCredentialStatus(verifiableCredentials: JSONArray, statusPurposeList: List<String>): List<VCResultWithCredentialStatus> {
+        return verifiableCredentials.asIterable().map { item ->
+            val credentialVerificationSummary = credentialsVerifier.verifyAndGetCredentialStatus((item as JSONObject).toString(), CredentialFormat.LDP_VC, statusPurposeList)
+            val verificationResult: VerificationResult = credentialVerificationSummary.verificationResult
+            val singleVCVerification: VerificationStatus = Util.getVerificationStatus(verificationResult)
+            val credentialStatus = credentialVerificationSummary.credentialStatus
+
+            VCResultWithCredentialStatus(item.toString(), singleVCVerification, credentialStatus)
+        }
+    }
+
+    fun verifyAndGetCredentialStatus(
+        presentation: String,
+        statusPurposeList: List<String> = emptyList()
+    ): PresentationResultWithCredentialStatus {
+        val presentationVerificationStatus = getPresentationVerificationStatus(presentation)
+
+        val verifiableCredentials = JSONObject(presentation).getJSONArray(Shared.KEY_VERIFIABLE_CREDENTIAL)
+        val vcVerificationResults: List<VCResultWithCredentialStatus> = getVCVerificationResultsWithCredentialStatus(verifiableCredentials, statusPurposeList)
+
+        return PresentationResultWithCredentialStatus(presentationVerificationStatus, vcVerificationResults)
+    }
 }
 

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/constants/CredentialFormat.kt

@@ -1,6 +1,7 @@
 package io.mosip.vercred.vcverifier.constants
 
 enum class CredentialFormat(val value: String) {
+    CWT_VC("cwt_vc"),
     LDP_VC("ldp_vc"),
     VC_SD_JWT("vc+sd-jwt"),
     DC_SD_JWT("dc+sd-jwt"),

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/constants/CredentialValidatorConstants.kt

@@ -52,6 +52,10 @@ object CredentialValidatorConstants {
     const val ERROR_VALID_FROM_INVALID = "${VALIDATION_ERROR}validFrom is not valid."
     const val ERROR_VALID_UNTIL_INVALID = "${VALIDATION_ERROR}validUntil is not valid."
 
+    const val ERROR_MESSAGE_EMPTY_VC_CWT="${VALIDATION_ERROR}Input VC CWT string is null or empty."
+
+    const val ERROR_MESSAGE_INVALID_HEX_VC_CWT="${VALIDATION_ERROR}Invalid hexadecimal format"
+
 
     const val ERROR_CODE_VC_EXPIRED = "ERR_VC_EXPIRED"
     const val ERROR_MESSAGE_VC_EXPIRED = "VC is expired"

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/constants/CredentialVerifierConstants.kt

@@ -44,9 +44,6 @@ object CredentialVerifierConstants {
     const val ERROR_MESSAGE_VERIFICATION_FAILED = "Verification Failed"
     const val ERROR_CODE_VERIFICATION_FAILED = "ERR_SIGNATURE_VERIFICATION_FAILED"
 
-    const val ERROR_VC_REVOKED = "Credential is revoked"
-    const val ERROR_CODE_VC_REVOKED = "REVOKED"
-
     // This is used to turn public key bytes into a buffer in DER format
     const val DER_PUBLIC_KEY_PREFIX = "302a300506032b6570032100"
 

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/constants/StatusCheckerConstants.kt

@@ -0,0 +1,13 @@
+package io.mosip.vercred.vcverifier.constants
+
+
+object StatusCheckerConstants {
+    const val STATUS_LIST_CREDENTIAL = "statusListCredential"
+    const val BITSTRING_STATUS_LIST_ENTRY = "BitstringStatusListEntry"
+    const val BITSTRING_STATUS_LIST = "BitstringStatusList"
+    const val STATUS_PURPOSE = "statusPurpose"
+    const val ENCODED_LIST = "encodedList"
+    const val STATUS_SIZE = "statusSize"
+    const val STATUS_MESSAGE = "statusMessage"
+    const val STATUS_LIST_INDEX = "statusListIndex"
+}

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/credentialverifier/CredentialVerifierFactory.kt

@@ -1,6 +1,7 @@
 package io.mosip.vercred.vcverifier.credentialverifier
 
 import io.mosip.vercred.vcverifier.constants.CredentialFormat
+import io.mosip.vercred.vcverifier.credentialverifier.types.CwtVerifiableCredential
 import io.mosip.vercred.vcverifier.credentialverifier.types.LdpVerifiableCredential
 import io.mosip.vercred.vcverifier.credentialverifier.types.SdJwtVerifiableCredential
 import io.mosip.vercred.vcverifier.credentialverifier.types.msomdoc.MsoMdocVerifiableCredential
@@ -12,6 +13,7 @@ class CredentialVerifierFactory {
             CredentialFormat.MSO_MDOC -> MsoMdocVerifiableCredential()
             CredentialFormat.VC_SD_JWT -> SdJwtVerifiableCredential()
             CredentialFormat.DC_SD_JWT -> SdJwtVerifiableCredential()
+            CredentialFormat.CWT_VC -> CwtVerifiableCredential()
         }
     }
 }

vc-verifier/kotlin/vcverifier/src/main/java/io/mosip/vercred/vcverifier/credentialverifier/VerifiableCredential.kt

@@ -1,9 +1,12 @@
 package io.mosip.vercred.vcverifier.credentialverifier
 
+import io.mosip.vercred.vcverifier.data.CredentialStatusResult
 import io.mosip.vercred.vcverifier.data.ValidationStatus
 
 interface VerifiableCredential {
     fun validate(credential: String): ValidationStatus
     fun verify(credential: String): Boolean
-    fun isRevoked(credential: String): Boolean
+    fun checkStatus(credential: String, statusPurposes: List<String>?): Map<String, CredentialStatusResult> {
+        throw UnsupportedOperationException("Credential status checking not supported for this credential format")
+    }
 }