RFC: CORD Blockchain Integration for Identity, Schema, and Credential Anchoring in Sunbird RC

.env

@@ -29,3 +29,25 @@ SCHEMA_BASE_URL=http://credential-schema:3333
 CREDENTIAL_SERVICE_BASE_URL=https://example.com/credentials
 JWKS_URI=
 ENABLE_AUTH=false
+
+
+
+# Flag to enable/disable anchoring to blockchain
+ANCHOR_TO_BLOCKCHAIN = false
+BLOCKCHAIN_TYPE = CORD
+
+
+# Anchor to cord block chain
+# Base URL for Issuer Agent
+# This is the service responsible for issuing credentials on Cord BlockChain
+# Example: https://<ISSUER_AGENT_IP>/api/v1
+ISSUER_AGENT_BASE_URL=https://<ISSUER_AGENT_IP>/api/v1
+
+# Base URL for Verification Middleware
+# This service is responsible for verifying credentials on Cord BlockChain
+# Example: https://<VERIFICATION_MIDDLEWARE_IP>/api/v1/verify
+VERIFICATION_MIDDLEWARE_BASE_URL=https://<VERIFICATION_MIDDLEWARE_IP>/api/v1/verify
+
+# Additional Resources:
+# - For more details on Issuer Agent, visit: https://github.com/dhiway/issuer-agent
+# - For more details on Verification Middleware, visit: https://github.com/dhiway/verification-middleware

docker-compose.yml

@@ -243,6 +243,9 @@ services:
       - JWKS_URI=${JWKS_URI}
       - ENABLE_AUTH=${ENABLE_AUTH}
       - WEB_DID_BASE_URL=${WEB_DID_BASE_URL}
+      - ANCHOR_TO_BLOCKCHAIN=${ANCHOR_TO_BLOCKCHAIN}
+      - BLOCKCHAIN_TYPE=${BLOCKCHAIN_TYPE}
+      - ISSUER_AGENT_BASE_URL=${ISSUER_AGENT_BASE_URL}
     healthcheck:
       test:
         [ "CMD-SHELL", "curl -f http://localhost:3332/health || exit 1" ]
@@ -263,6 +266,9 @@ services:
       - IDENTITY_BASE_URL=${IDENTITY_BASE_URL}
       - JWKS_URI=${JWKS_URI}
       - ENABLE_AUTH=${ENABLE_AUTH}
+      - ANCHOR_TO_BLOCKCHAIN=${ANCHOR_TO_BLOCKCHAIN}
+      - BLOCKCHAIN_TYPE=${BLOCKCHAIN_TYPE}
+      - ISSUER_AGENT_BASE_URL=${ISSUER_AGENT_BASE_URL}
     healthcheck:
       test:
         [ "CMD-SHELL", "curl -f http://localhost:3333/health || exit 1" ]
@@ -288,6 +294,10 @@ services:
       - JWKS_URI=${JWKS_URI}
       - ENABLE_AUTH=${ENABLE_AUTH}
       - QR_TYPE=${QR_TYPE}
+      - ANCHOR_TO_BLOCKCHAIN=${ANCHOR_TO_BLOCKCHAIN}
+      - BLOCKCHAIN_TYPE=${BLOCKCHAIN_TYPE}
+      - ISSUER_AGENT_BASE_URL=${ISSUER_AGENT_BASE_URL}
+      - VERIFICATION_MIDDLEWARE_BASE_URL=${VERIFICATION_MIDDLEWARE_BASE_URL}
     healthcheck:
       test:
         [ "CMD-SHELL", "curl -f http://localhost:3000/health || exit 1" ]

services/credential-schema/.env.sample

@@ -11,3 +11,16 @@ IDENTITY_BASE_URL= # URL of the identity service to facilitate DID creation
 # Service VARS
 PORT=3000
 SCHEMA_BASE_URL=
+
+
+# Flag to enable/disable anchoring to  blockchain
+ANCHOR_TO_BLOCKCHAIN = false
+BLOCKCHAIN_TYPE = CORD
+
+# Base URL for Issuer Agent
+# This is the service responsible for issuing credentials on CORD BLOCKCHAIN
+# Example: https://<ISSUER_AGENT_IP>/api/v1
+ISSUER_AGENT_BASE_URL=https://<ISSUER_AGENT_IP>/api/v1
+
+# Additional Resources:
+# - For more details on Issuer Agent, visit: https://github.com/dhiway/issuer-agent

services/credential-schema/docker-compose-test.yml

@@ -25,6 +25,9 @@ services:
       DATABASE_URL: postgres://postgres:postgres@db-test:5432/postgres
       IDENTITY_BASE_URL: "http://identity-service:3332"
       ENABLE_AUTH: "false"
+      ANCHOR_TO_BLOCKCHAIN: "${ANCHOR_TO_BLOCKCHAIN}"
+      BLOCKCHAIN_TYPE: "${BLOCKCHAIN_TYPE}"
+      ISSUER_AGENT_BASE_URL: "${ISSUER_AGENT_BASE_URL}"
     networks:
       test: 
       rcw-test:

services/credential-schema/docker-compose.yml

@@ -26,6 +26,9 @@ services:
       DATABASE_URL: postgres://postgres:postgres@db:5432/postgres
       IDENTITY_BASE_URL: "http://identity-service:3332"
       ENABLE_AUTH: "false" 
+      ANCHOR_TO_BLOCKCHAIN: "${ANCHOR_TO_BLOCKCHAIN}"
+      BLOCKCHAIN_TYPE: "${BLOCKCHAIN_TYPE}"
+      ISSUER_AGENT_BASE_URL: "${ISSUER_AGENT_BASE_URL}"
     networks:
       rcw-test:
       default:

services/credential-schema/package.json

@@ -34,7 +34,7 @@
     "@nestjs/platform-fastify": "^9.2.1",
     "@nestjs/swagger": "^6.1.4",
     "@nestjs/terminus": "^10.0.1",
-    "@prisma/client": "4.8.1",
+    "@prisma/client": "6.2.1",
     "ajv": "^8.11.2",
     "axios": "^1.4.0",
     "cache-manager": "^5.1.4",
@@ -46,7 +46,7 @@
     "passport": "^0.6.0",
     "passport-http": "^0.3.0",
     "passport-jwt": "^4.0.1",
-    "prisma": "4.8.1",
+    "prisma": "6.2.1",
     "reflect-metadata": "^0.1.13",
     "rimraf": "^3.0.2",
     "rxjs": "^7.2.0"

services/credential-schema/prisma/migrations/20250123071501_add_blockchain_status_field/migration.sql

@@ -0,0 +1,5 @@
+-- CreateEnum
+CREATE TYPE "BlockchainStatus" AS ENUM ('PENDING', 'ANCHORED', 'FAILED');
+
+-- AlterTable
+ALTER TABLE "VerifiableCredentialSchema" ADD COLUMN     "blockchainStatus" "BlockchainStatus";

services/credential-schema/prisma/migrations/migration_lock.toml

@@ -1,3 +1,3 @@
 # Please do not edit this file manually
-# It should be added in your version-control system (i.e. Git)
+# It should be added in your version-control system (e.g., Git)
 provider = "postgresql"

services/credential-schema/prisma/schema.prisma

@@ -18,6 +18,12 @@ enum SchemaStatus {
   REVOKED
 }
 
+enum BlockchainStatus {
+  PENDING
+  ANCHORED
+  FAILED
+}
+
 model VerifiableCredentialSchema {
   id           String
   type         String
@@ -35,6 +41,7 @@ model VerifiableCredentialSchema {
   tags         String[]
   status       SchemaStatus @default(DRAFT)
   deprecatedId String?
+  blockchainStatus BlockchainStatus?
 
   @@id([id, version])
   @@index([type], type: Hash)

services/credential-schema/src/app.module.ts

@@ -11,6 +11,8 @@ import { PrismaHealthIndicator } from './utils/prisma.health';
 import { PrismaClient } from '@prisma/client';
 import { APP_GUARD } from '@nestjs/core';
 import { AuthGuard } from './auth/auth.guard';
+import { AnchorCordService } from './schema/implementations/anchor-cord.service';
+import { BlockchainAnchorFactory } from './schema/factories/blockchain-anchor.factory';
 
 @Module({
   imports: [
@@ -32,6 +34,8 @@ import { AuthGuard } from './auth/auth.guard';
     UtilsService,
     PrismaHealthIndicator,
     PrismaClient,
+    AnchorCordService,
+    BlockchainAnchorFactory,
     {
       provide: APP_GUARD,
       useClass: AuthGuard,

services/credential-schema/src/rendering-templates/rendering-templates.controller.spec.ts

@@ -6,7 +6,8 @@ import { ValidateTemplateService } from './validate-template.service';
 import { SchemaService } from '../schema/schema.service';
 import { UtilsService } from '../utils/utils.service';
 import { PrismaClient } from '@prisma/client';
-
+import { BlockchainAnchorFactory } from '../schema/factories/blockchain-anchor.factory';
+import { AnchorCordService } from '../schema/implementations/anchor-cord.service';
 describe('RenderingTemplatesController', () => {
   let controller: RenderingTemplatesController;
 
@@ -20,6 +21,8 @@ describe('RenderingTemplatesController', () => {
         ValidateTemplateService,
         SchemaService,
         UtilsService,
+        BlockchainAnchorFactory,
+        AnchorCordService
       ],
     }).compile();
 

services/credential-schema/src/rendering-templates/rendering-templates.module.ts

@@ -6,6 +6,8 @@ import { SchemaService } from '../schema/schema.service';
 import { HttpModule } from '@nestjs/axios';
 import { UtilsService } from '../utils/utils.service';
 import { PrismaClient } from '@prisma/client';
+import { BlockchainAnchorFactory } from 'src/schema/factories/blockchain-anchor.factory';
+import { AnchorCordService } from 'src/schema/implementations/anchor-cord.service';
 
 @Module({
   imports: [HttpModule],
@@ -15,6 +17,8 @@ import { PrismaClient } from '@prisma/client';
     ValidateTemplateService,
     SchemaService,
     UtilsService,
+    BlockchainAnchorFactory,
+    AnchorCordService,
   ],
   controllers: [RenderingTemplatesController],
 })

services/credential-schema/src/rendering-templates/rendering-templates.service.spec.ts

@@ -11,11 +11,13 @@ import {
   generateTestDIDBody,
 } from '../schema/schema.fixtures';
 
+import { BlockchainAnchorFactory } from '../schema/factories/blockchain-anchor.factory';
+import { AnchorCordService } from '../schema/implementations/anchor-cord.service';
 describe('RenderingTemplatesService', () => {
   let service: RenderingTemplatesService;
   let schemaService: SchemaService;
   let utilsService: UtilsService;
-
+ 
   beforeEach(async () => {
     const module: TestingModule = await Test.createTestingModule({
       imports: [HttpModule],
@@ -25,6 +27,8 @@ describe('RenderingTemplatesService', () => {
         ValidateTemplateService,
         SchemaService,
         UtilsService,
+        BlockchainAnchorFactory,
+        AnchorCordService
       ],
     }).compile();
 

services/credential-schema/src/schema/anchor-cord-service.spec.ts

@@ -0,0 +1,114 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { SchemaService } from './schema.service';
+import { BlockchainAnchorFactory } from './factories/blockchain-anchor.factory';
+import { PrismaClient } from '@prisma/client';
+import { CreateCredentialDTO } from './dto/create-credentials.dto';
+import { UtilsService } from '../utils/utils.service';
+import { generateCredentialSchemaTestBody } from './schema.fixtures';
+import { BadRequestException, InternalServerErrorException } from '@nestjs/common';
+
+describe('SchemaService - createCredentialSchema', () => {
+  let service: SchemaService;
+  let blockchainFactory: BlockchainAnchorFactory;
+  let utilsService: UtilsService;
+
+  const mockBlockchainService = {
+    anchorSchema: jest.fn(),
+  };
+
+  const mockPrismaService = {
+    verifiableCredentialSchema: {
+      create: jest.fn(),
+      findMany: jest.fn(),
+    },
+  };
+
+  const mockUtilsService = {
+    generateDID: jest.fn(),
+  };
+
+  beforeEach(async () => {
+    const module: TestingModule = await Test.createTestingModule({
+      providers: [
+        SchemaService,
+        {
+          provide: BlockchainAnchorFactory,
+          useValue: {
+            getAnchorService: jest.fn(() => mockBlockchainService),
+          },
+        },
+        {
+          provide: PrismaClient,
+          useValue: mockPrismaService,
+        },
+        {
+          provide: UtilsService,
+          useValue: mockUtilsService,
+        },
+      ],
+    }).compile();
+
+    service = module.get<SchemaService>(SchemaService);
+    blockchainFactory = module.get<BlockchainAnchorFactory>(BlockchainAnchorFactory);
+    utilsService = module.get<UtilsService>(UtilsService);
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks(); // Clear mocks after each test
+  });
+
+  afterAll(async () => {
+    await mockPrismaService.verifiableCredentialSchema.create.mockClear();
+  });
+
+  it('should verify ANCHOR_TO_CORD is true', () => {
+    const anchorToCord = process.env.ANCHOR_TO_CORD;
+    const isTrue = anchorToCord?.toLowerCase().trim() === 'true';
+    expect(isTrue).toBe(true);
+  });
+
+  it('should verify ISSUER_AGENT_BASE_URL is a valid URL', () => {
+    const isValidUrl = (url: string) => {
+      try {
+        new URL(url);
+        return true;
+      } catch {
+        return false;
+      }
+    };
+    expect(isValidUrl(process.env.ISSUER_AGENT_BASE_URL)).toBe(true);
+  });
+
+  it('should successfully anchor a credential schema to the blockchain', async () => {
+    const mockRequestBody = generateCredentialSchemaTestBody();
+    const mockResponse = { schemaId: 'schema-id-blockchain' };
+
+    mockBlockchainService.anchorSchema.mockResolvedValueOnce(mockResponse);
+    mockPrismaService.verifiableCredentialSchema.create.mockResolvedValueOnce({
+      ...mockRequestBody.schema,
+      blockchainStatus: 'ANCHORED',
+    });
+
+    const result = await service.createCredentialSchema(mockRequestBody);
+
+    expect(blockchainFactory.getAnchorService).toHaveBeenCalledWith('cord');
+    expect(mockBlockchainService.anchorSchema).toHaveBeenCalledWith(mockRequestBody.schema);
+    expect(result).toBeDefined();
+    expect(result.schema.id).toEqual(mockResponse.schemaId);
+    expect(result.blockchainStatus).toEqual('ANCHORED');
+  });
+
+  it('should throw an error if blockchain anchoring fails', async () => {
+    const mockRequestBody = generateCredentialSchemaTestBody();
+
+    mockBlockchainService.anchorSchema.mockRejectedValueOnce(
+      new InternalServerErrorException('Blockchain anchoring failed')
+    );
+    await expect(service.createCredentialSchema(mockRequestBody)).rejects.toThrow(
+      InternalServerErrorException
+    );
+  });
+
+
+
+});

services/credential-schema/src/schema/entities/VCItem.entity.ts

@@ -1,5 +1,5 @@
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { Prisma, VerifiableCredentialSchema } from '@prisma/client';
+import { Prisma, VerifiableCredentialSchema ,BlockchainStatus} from '@prisma/client';
 
 // represents the schema stored in Prisma
 export class VCItem implements VerifiableCredentialSchema {
@@ -34,4 +34,6 @@ export class VCItem implements VerifiableCredentialSchema {
   createdBy: string;
   updatedBy: string;
   deprecatedId: string;
+  @ApiProperty({ enum: BlockchainStatus, description: 'Blockchain status' })
+  blockchainStatus: BlockchainStatus | null; 
 }

services/credential-schema/src/schema/factories/blockchain-anchor.factory.ts

@@ -0,0 +1,38 @@
+import { Injectable, BadRequestException } from '@nestjs/common';
+import { AnchorCordService } from '../implementations/anchor-cord.service';
+import { BlockchainAnchor } from '../interfaces/blockchain_anchor.interface';
+
+/**
+ * Factory class to dynamically resolve the appropriate BlockchainAnchor service.
+ * It uses the specified method to determine which implementation to return.
+ */
+@Injectable()
+export class BlockchainAnchorFactory {
+  /**
+   * Constructor for the BlockchainAnchorFactory.
+   * @param cordService - An instance of AnchorCordService, which handles CORD-specific anchoring logic.
+   */
+  constructor(private readonly cordService: AnchorCordService) {}
+
+  /**
+   * Resolves the appropriate BlockchainAnchor service based on the provided method.
+   * @param method - The blockchain method (e.g., 'cord').
+   * @returns The service instance corresponding to the specified method or null if no method is provided.
+   * @throws 
+   */
+  getAnchorService(method?: string): BlockchainAnchor | null {
+    // If no method is specified, return null to indicate no anchoring is required
+    if (!method) {
+      return null; 
+    }
+
+    // Determine the appropriate service implementation based on the method
+    switch (method) {
+      case 'cord':
+        // Return the CORD-specific implementation
+        return this.cordService;
+      default:
+        throw new BadRequestException(`Unsupported blockchain method: ${method}`);
+    }
+  }
+}