diff --git a/services/core-api/.env-example b/services/core-api/.env-example index 01c26cecd3..0253dc3c51 100644 --- a/services/core-api/.env-example +++ b/services/core-api/.env-example @@ -115,10 +115,10 @@ TRACTION_TENANT_ID=MISSING_TENANT_ID TRACTION_WALLET_API_KEY=MISSING_API_KEY CRED_DEF_ID_MINES_ACT_PERMIT=CRED_DEF_ID_FOR_MINES_ACT_PERMIT TRACTION_WEBHOOK_X_API_KEY=MISSING_TRACTION_WEBHOOK_X_API_KEY -CHIEF_PERMITTING_OFFICER_DID_WEB=MISSING_CHIEF_PERMITTING_OFFICER_DID_WEB +CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD="did:web:registry-dev.apps.silver.devops.gov.bc.ca:mines-act:chief-permitting-officer#key-01-multikey" UNTP_DIGITAL_CONFORMITY_CREDENTIAL_CONTEXT=https://test.uncefact.org/vocabulary/untp/dcc/0.5.0/ UNTP_DIGITAL_CONFORMITY_CREDENTIAL_SCHEMA=https://test.uncefact.org/vocabulary/untp/dcc/untp-dcc-schema-0.5.0.json -UNTP_BC_MINES_ACT_PERMIT_CONTEXT=https://raw.githubusercontent.com/bcgov/digital-trust-toolkit/refs/heads/main/related_resources/contexts/BCMinesActPermit/v1.jsonld +UNTP_BC_MINES_ACT_PERMIT_CONTEXT=https://bcgov.github.io/digital-trust-toolkit/contexts/BCMinesActPermit/v1.jsonld # Permit Search Service PERMITS_ENDPOINT=http://haystack diff --git a/services/core-api/app/api/services/traction_service.py b/services/core-api/app/api/services/traction_service.py index 317b947b1e..f4474328aa 100644 --- a/services/core-api/app/api/services/traction_service.py +++ b/services/core-api/app/api/services/traction_service.py @@ -188,12 +188,14 @@ def fetch_current_public_did(self): def sign_jsonld_credential_deprecated( self, - did: str, + verificationMethod: str, verkey: str, credential: BaseModel, ) -> dict: - # #verkey suffix is indy's default, but could be aparameter later. - options = {"verificationMethod": did + "#verkey", "proofPurpose": "assertionMethod"} + + #TODO update to resolve the verkey from the verification method and use that. Acapy only knows the verkey as a local did/keypair + + options = {"verificationMethod": verificationMethod, "proofPurpose": "assertionMethod"} class Payload(BaseModel): doc: dict diff --git a/services/core-api/app/api/verifiable_credentials/manager.py b/services/core-api/app/api/verifiable_credentials/manager.py index 6b597a6caf..38674b1e71 100644 --- a/services/core-api/app/api/verifiable_credentials/manager.py +++ b/services/core-api/app/api/verifiable_credentials/manager.py @@ -32,7 +32,8 @@ class UNTPCCMinesActPermit(cc.ConformityAttestation): - pass + type: List[str] = ["ConformityAttestation, MinesActPermit"] + permitNumber: str #this should probably be imported from somewhere. @@ -194,7 +195,8 @@ def process_all_untp_map_for_orgbook(): # send to traction to be signed for cred_payload, record in records: signed_cred = traction_service.sign_jsonld_credential_deprecated( - public_did, public_verkey, cred_payload) + Config.CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD, public_verkey, + cred_payload) if signed_cred: record.signed_credential = json.dumps(signed_cred["signed_doc"]) record.sign_date = datetime.now() @@ -424,8 +426,10 @@ def produce_untp_cc_map_payload(cls, did: str, permit_amendment: PermitAmendment tzinfo=ZoneInfo("UTC")).isoformat() cred = UNTPCCMinesActPermit( - id="https://orgbook.gov.bc.ca/entity/FM0362955/credential/PLACEHOLDER", - name="This attests the existence and good standing of a BC Mines Act Permit Credential", + id= + f"https://orgbook.gov.bc.ca/entity/{orgbook_entity.registration_id}/credential/PLACEHOLDER", + name="Credential for permitNumber=" + permit_amendment.permit_no, + permitNumber=permit_amendment.permit_no, assessmentLevel=codes.AssessmentLevelCode.GovtApproval, attestationType=codes.AttestationType.Certification, scope=cc.ConformityAssessmentScheme( diff --git a/services/core-api/app/api/verifiable_credentials/resources/w3c_map_credential_resource.py b/services/core-api/app/api/verifiable_credentials/resources/w3c_map_credential_resource.py index b2472f6a40..f47143d767 100644 --- a/services/core-api/app/api/verifiable_credentials/resources/w3c_map_credential_resource.py +++ b/services/core-api/app/api/verifiable_credentials/resources/w3c_map_credential_resource.py @@ -33,7 +33,6 @@ def get(self, vc_unsigned_hash: str): PermitAmendmentOrgBookPublish.find_by_unsigned_payload_hash( vc_unsigned_hash, unsafe=True).signed_credential) - class W3CCredentialListResource(Resource, UserMixin): parser = reqparse.RequestParser(trim=True) @@ -94,14 +93,15 @@ def post(self): data["permit_amendment_guid"]) traction_service = TractionService() public_did_dict = traction_service.fetch_current_public_did() - public_did = "did:indy:bcovrin:test:" + public_did_dict["did"] + public_did = Config.CHIEF_PERMITTING_OFFICER_DID_WEB public_verkey = public_did_dict["verkey"] credential_dict = VerifiableCredentialManager.produce_map_01_credential_payload( public_did, permit_amendment) signed_credential = traction_service.sign_jsonld_credential_deprecated( - public_did, public_verkey, credential_dict) + Config.CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD, public_verkey, + credential_dict) current_app.logger.warning( "credential signed by did:indy, not by did:web and using deprecated acapy endpoints" + dumps(signed_credential)) @@ -140,5 +140,5 @@ def post(self): credential = VerifiableCredentialManager.produce_untp_cc_map_payload( public_did, permit_amendment) signed_credential = traction_service.sign_jsonld_credential_deprecated( - public_did, public_verkey, credential) + Config.CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD, public_verkey, credential) return signed_credential["signed_doc"] diff --git a/services/core-api/app/config.py b/services/core-api/app/config.py index 1b71e5a6ec..ba6ec11ac4 100644 --- a/services/core-api/app/config.py +++ b/services/core-api/app/config.py @@ -291,9 +291,13 @@ def JWT_ROLE_CALLBACK(jwt_dict): CRED_DEF_ID_MINES_ACT_PERMIT = os.environ.get("CRED_DEF_ID_MINES_ACT_PERMIT", "CRED_DEF_ID_MINES_ACT_PERMIT") - #The key pair in this did web MUST match the keypair of the did:indy:candy in Traction. - CHIEF_PERMITTING_OFFICER_DID_WEB = os.environ.get("CHIEF_PERMITTING_OFFICER_DID_WEB", - "CHIEF_PERMITTING_OFFICER_DID_WEB") + CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD = os.environ.get( + "CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD", + "CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD") + + CHIEF_PERMITTING_OFFICER_DID_WEB = CHIEF_PERMITTING_OFFICER_DID_WEB_VERIFICATION_METHOD.split( + "#")[0] + UNTP_DIGITAL_CONFORMITY_CREDENTIAL_CONTEXT = os.environ.get( "UNTP_DIGITAL_CONFORMITY_CREDENTIAL_CONTEXT", "UNTP_DIGITAL_CONFORMITY_CREDENTIAL_CONTEXT") UNTP_DIGITAL_CONFORMITY_CREDENTIAL_SCHEMA = os.environ.get(