eclipse-edc
diff --git a/‎core/issuerservice/issuerservice-issuance/build.gradle.kts
+9-1 b/‎core/issuerservice/issuerservice-issuance/build.gradle.kts
+9-1
diff --git a/‎core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/IssuanceCoreExtension.java
+21 b/‎core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/IssuanceCoreExtension.java
+21
diff --git a/‎core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/IssuanceServicesExtension.java
+50-2 b/‎core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/IssuanceServicesExtension.java
+50-2
diff --git a/‎core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/generator/CredentialGeneratorRegistryImpl.java
+118 b/‎core/issuerservice/issuerservice-issuance/src/main/java/org/eclipse/edc/issuerservice/issuance/generator/CredentialGeneratorRegistryImpl.java
+118
@@ -5,11 +5,19 @@ plugins {
 dependencies {
     api(project(":spi:issuerservice:issuerservice-issuance-spi"))
     api(project(":spi:issuerservice:issuerservice-participant-spi"))
+    api(project(":spi:verifiable-credential-spi"))
+    api(project(":spi:keypair-spi"))
     implementation(project(":core:lib:common-lib"))
+    implementation(project(":core:lib:issuerservice-common-lib"))
+    implementation(libs.edc.spi.jwt)
     implementation(libs.edc.spi.transaction)
+    implementation(libs.edc.spi.token)
+    implementation(libs.edc.lib.token)
     implementation(libs.edc.lib.store)
     implementation(libs.edc.lib.statemachine)
+    implementation(libs.opentelemetry.instrumentation.annotations)
+
     testImplementation(libs.edc.junit)
     testImplementation(testFixtures(project(":spi:issuerservice:issuerservice-issuance-spi")))
-
+    testImplementation(libs.awaitility)
 }
@@ -14,8 +14,12 @@
 
 package org.eclipse.edc.issuerservice.issuance;
 
+import org.eclipse.edc.identityhub.spi.verifiablecredentials.store.CredentialStore;
 import org.eclipse.edc.issuerservice.issuance.process.IssuanceProcessManagerImpl;
 import org.eclipse.edc.issuerservice.issuance.process.IssuanceProcessServiceImpl;
+import org.eclipse.edc.issuerservice.spi.issuance.credentialdefinition.store.CredentialDefinitionStore;
+import org.eclipse.edc.issuerservice.spi.issuance.delivery.CredentialStorageClient;
+import org.eclipse.edc.issuerservice.spi.issuance.generator.CredentialGeneratorRegistry;
 import org.eclipse.edc.issuerservice.spi.issuance.process.IssuanceProcessManager;
 import org.eclipse.edc.issuerservice.spi.issuance.process.IssuanceProcessService;
 import org.eclipse.edc.issuerservice.spi.issuance.process.retry.IssuanceProcessRetryStrategy;
@@ -60,12 +64,22 @@ public class IssuanceCoreExtension implements ServiceExtension {
 
     @Setting(description = "The base delay for the issuance retry mechanism in millisecond", key = "edc.issuer.issuance.send.retry.base-delay.ms", defaultValue = DEFAULT_SEND_RETRY_BASE_DELAY + "")
     private long sendRetryBaseDelay;
+    
 
     private IssuanceProcessManager issuanceProcessManager;
 
     @Inject
     private IssuanceProcessStore issuanceProcessStore;
 
+    @Inject
+    private CredentialGeneratorRegistry credentialGenerator;
+
+    @Inject
+    private CredentialDefinitionStore credentialDefinitionStore;
+
+    @Inject
+    private CredentialStore credentialStore;
+
     @Inject
     private Monitor monitor;
 
@@ -78,6 +92,9 @@ public class IssuanceCoreExtension implements ServiceExtension {
     @Inject(required = false)
     private IssuanceProcessRetryStrategy retryStrategy;
 
+    @Inject
+    private CredentialStorageClient credentialStorageClient;
+
     @Inject
     private Clock clock;
 
@@ -97,6 +114,10 @@ public IssuanceProcessManager createIssuanceProcessManager() {
                     .telemetry(telemetry)
                     .clock(clock)
                     .executorInstrumentation(executorInstrumentation)
+                    .credentialGeneratorRegistry(credentialGenerator)
+                    .credentialDefinitionStore(credentialDefinitionStore)
+                    .credentialStore(credentialStore)
+                    .credentialStorageClient(credentialStorageClient)
                     .entityRetryProcessConfiguration(getEntityRetryProcessConfiguration())
                     .build();
         }
 
@@ -14,10 +14,16 @@
 
 package org.eclipse.edc.issuerservice.issuance;
 
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat;
+import org.eclipse.edc.identityhub.spi.keypair.KeyPairService;
+import org.eclipse.edc.identityhub.spi.participantcontext.ParticipantContextService;
 import org.eclipse.edc.issuerservice.issuance.attestation.AttestationDefinitionServiceImpl;
 import org.eclipse.edc.issuerservice.issuance.attestation.AttestationDefinitionValidatorRegistryImpl;
 import org.eclipse.edc.issuerservice.issuance.attestation.AttestationPipelineImpl;
 import org.eclipse.edc.issuerservice.issuance.credentialdefinition.CredentialDefinitionServiceImpl;
+import org.eclipse.edc.issuerservice.issuance.generator.CredentialGeneratorRegistryImpl;
+import org.eclipse.edc.issuerservice.issuance.generator.JwtCredentialGenerator;
+import org.eclipse.edc.issuerservice.issuance.mapping.IssuanceClaimsMapperImpl;
 import org.eclipse.edc.issuerservice.issuance.rule.CredentialRuleDefinitionEvaluatorImpl;
 import org.eclipse.edc.issuerservice.issuance.rule.CredentialRuleDefinitionValidatorRegistryImpl;
 import org.eclipse.edc.issuerservice.issuance.rule.CredentialRuleFactoryRegistryImpl;
@@ -28,21 +34,30 @@
 import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationSourceFactoryRegistry;
 import org.eclipse.edc.issuerservice.spi.issuance.credentialdefinition.CredentialDefinitionService;
 import org.eclipse.edc.issuerservice.spi.issuance.credentialdefinition.store.CredentialDefinitionStore;
+import org.eclipse.edc.issuerservice.spi.issuance.generator.CredentialGeneratorRegistry;
+import org.eclipse.edc.issuerservice.spi.issuance.mapping.IssuanceClaimsMapper;
 import org.eclipse.edc.issuerservice.spi.issuance.rule.CredentialRuleDefinitionEvaluator;
 import org.eclipse.edc.issuerservice.spi.issuance.rule.CredentialRuleDefinitionValidatorRegistry;
 import org.eclipse.edc.issuerservice.spi.issuance.rule.CredentialRuleFactoryRegistry;
+import org.eclipse.edc.issuerservice.spi.participant.ParticipantService;
 import org.eclipse.edc.issuerservice.spi.participant.store.ParticipantStore;
+import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Provider;
 import org.eclipse.edc.spi.system.ServiceExtension;
+import org.eclipse.edc.token.JwtGenerationService;
 import org.eclipse.edc.transaction.spi.TransactionContext;
 
+import java.time.Clock;
+
 import static org.eclipse.edc.issuerservice.issuance.IssuanceServicesExtension.NAME;
 
 @Extension(value = NAME)
 public class IssuanceServicesExtension implements ServiceExtension {
+
     public static final String NAME = "IssuerService Issuance Services Extension";
+
     @Inject
     private TransactionContext transactionContext;
     @Inject
@@ -52,6 +67,21 @@ public class IssuanceServicesExtension implements ServiceExtension {
     @Inject
     private ParticipantStore participantStore;
 
+    @Inject
+    private KeyPairService keyPairService;
+
+    @Inject
+    private JwsSignerProvider jwsSignerProvider;
+
+    @Inject
+    private ParticipantService participantService;
+
+    @Inject
+    private Clock clock;
+
+    @Inject
+    private ParticipantContextService participantContextService;
+
     private AttestationPipelineImpl attestationPipeline;
 
     private CredentialRuleFactoryRegistry ruleFactoryRegistry;
@@ -60,6 +90,8 @@ public class IssuanceServicesExtension implements ServiceExtension {
 
     private AttestationDefinitionValidatorRegistry attestationDefinitionValidatorRegistry;
 
+    private IssuanceClaimsMapper issuanceClaimsMapper;
+
     @Provider
     public CredentialDefinitionService createParticipantService() {
         return new CredentialDefinitionServiceImpl(transactionContext, store, attestationDefinitionStore, credentialRuleDefinitionValidatorRegistry());
@@ -85,6 +117,15 @@ public CredentialRuleDefinitionEvaluator credentialRuleDefinitionEvaluator() {
         return new CredentialRuleDefinitionEvaluatorImpl(credentialRuleFactoryRegistry());
     }
 
+
+    @Provider
+    public IssuanceClaimsMapper issuanceClaimsMapper() {
+        if (issuanceClaimsMapper == null) {
+            issuanceClaimsMapper = new IssuanceClaimsMapperImpl();
+        }
+        return issuanceClaimsMapper;
+    }
+
     @Provider
     public CredentialRuleFactoryRegistry credentialRuleFactoryRegistry() {
 
@@ -96,14 +137,21 @@ public CredentialRuleFactoryRegistry credentialRuleFactoryRegistry() {
 
     @Provider
     public CredentialRuleDefinitionValidatorRegistry credentialRuleDefinitionValidatorRegistry() {
-
         if (ruleDefinitionValidatorRegistry == null) {
             ruleDefinitionValidatorRegistry = new CredentialRuleDefinitionValidatorRegistryImpl();
         }
-
         return ruleDefinitionValidatorRegistry;
     }
 
+    @Provider
+    public CredentialGeneratorRegistry createCredentialGeneratorRegistry() {
+        var generator = new CredentialGeneratorRegistryImpl(issuanceClaimsMapper(), participantContextService, participantService, keyPairService);
+
+        var jwtGenerationService = new JwtGenerationService(jwsSignerProvider);
+        generator.addGenerator(CredentialFormat.VC1_0_JWT, new JwtCredentialGenerator(jwtGenerationService, clock));
+        return generator;
+    }
+
     @Provider
     public AttestationDefinitionValidatorRegistry createAttestationDefinitionValidatorRegistry() {
         if (attestationDefinitionValidatorRegistry == null) {
 
@@ -0,0 +1,118 @@
+/*
+ *  Copyright (c) 2025 Cofinity-X
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Cofinity-X - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.issuerservice.issuance.generator;
+
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat;
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredentialContainer;
+import org.eclipse.edc.identityhub.spi.keypair.KeyPairService;
+import org.eclipse.edc.identityhub.spi.keypair.model.KeyPairResource;
+import org.eclipse.edc.identityhub.spi.keypair.model.KeyPairState;
+import org.eclipse.edc.identityhub.spi.participantcontext.ParticipantContextService;
+import org.eclipse.edc.identityhub.spi.participantcontext.model.ParticipantContext;
+import org.eclipse.edc.identityhub.spi.participantcontext.model.ParticipantResource;
+import org.eclipse.edc.issuerservice.spi.issuance.generator.CredentialGenerationRequest;
+import org.eclipse.edc.issuerservice.spi.issuance.generator.CredentialGenerator;
+import org.eclipse.edc.issuerservice.spi.issuance.generator.CredentialGeneratorRegistry;
+import org.eclipse.edc.issuerservice.spi.issuance.mapping.IssuanceClaimsMapper;
+import org.eclipse.edc.issuerservice.spi.issuance.model.CredentialDefinition;
+import org.eclipse.edc.issuerservice.spi.participant.ParticipantService;
+import org.eclipse.edc.issuerservice.spi.participant.model.Participant;
+import org.eclipse.edc.spi.EdcException;
+import org.eclipse.edc.spi.query.Criterion;
+import org.eclipse.edc.spi.result.Result;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+public class CredentialGeneratorRegistryImpl implements CredentialGeneratorRegistry {
+
+
+    private final Map<CredentialFormat, CredentialGenerator> generators = new HashMap<>();
+    private final IssuanceClaimsMapper issuanceClaimsMapper;
+    private final ParticipantContextService participantContextService;
+    private final ParticipantService participantService;
+
+    private final KeyPairService keyPairService;
+
+
+    public CredentialGeneratorRegistryImpl(IssuanceClaimsMapper issuanceClaimsMapper, ParticipantContextService participantContextService, ParticipantService participantService, KeyPairService keyPairService) {
+        this.issuanceClaimsMapper = issuanceClaimsMapper;
+        this.participantContextService = participantContextService;
+        this.participantService = participantService;
+        this.keyPairService = keyPairService;
+    }
+
+    @Override
+    public void addGenerator(CredentialFormat credentialFormat, CredentialGenerator credentialGenerator) {
+        generators.put(credentialFormat, credentialGenerator);
+    }
+
+    @Override
+    public Result<VerifiableCredentialContainer> generateCredential(String issuerContextId, String participantId, CredentialGenerationRequest credentialGenerationRequest, Map<String, Object> claims) {
+
+        return issuanceClaimsMapper.apply(credentialGenerationRequest.definition().getMappings(), claims)
+                .compose(mappedClaims -> generateCredentialInternal(issuerContextId, participantId, credentialGenerationRequest, mappedClaims));
+    }
+
+
+    private Result<KeyPairResource> fetchActiveKeyPair(String issuerContextId) {
+        var query = ParticipantResource.queryByParticipantContextId(issuerContextId)
+                .filter(new Criterion("state", "=", KeyPairState.ACTIVATED.code()))
+                .build();
+
+
+        var keyPairResult = keyPairService.query(query)
+                .orElseThrow(f -> new EdcException("Error obtaining private key for participant '%s': %s".formatted(issuerContextId, f.getFailureDetail())));
+
+        // check if there is a default key pair
+        var keyPair = keyPairResult.stream().filter(KeyPairResource::isDefaultPair).findAny()
+                .orElseGet(() -> keyPairResult.stream().findFirst().orElse(null));
+
+        if (keyPair == null) {
+            return Result.failure("No active key pair found for participant '%s'".formatted(issuerContextId));
+        }
+
+        return Result.success(keyPair);
+
+    }
+    
+    private Result<VerifiableCredentialContainer> generateCredentialInternal(String participantContextId, String participantId, CredentialGenerationRequest credentialGenerationRequest, Map<String, Object> mappedClaims) {
+        return Optional.ofNullable(generators.get(credentialGenerationRequest.format()))
+                .map(generator -> generateCredentialInternal(participantContextId, participantId, generator, credentialGenerationRequest.definition(), mappedClaims))
+                .orElseGet(() -> Result.failure("No generator found for format %s".formatted(credentialGenerationRequest.format())));
+
+    }
+
+    private Result<VerifiableCredentialContainer> generateCredentialInternal(String participantContextId, String participantId, CredentialGenerator generator, CredentialDefinition definition, Map<String, Object> mappedClaims) {
+
+        try {
+            var issuerDid = participantContextService.getParticipantContext(participantContextId)
+                    .map(ParticipantContext::getDid)
+                    .orElseThrow(f -> new EdcException(f.getFailureDetail()));
+
+            var participantDid = participantService.findById(participantId)
+                    .map(Participant::did)
+                    .orElseThrow(f -> new EdcException(f.getFailureDetail()));
+
+            return fetchActiveKeyPair(participantContextId)
+                    .compose(keyPair -> generator.generateCredential(definition, keyPair.getPrivateKeyAlias(), keyPair.getKeyId(), issuerDid, participantDid, mappedClaims));
+        } catch (EdcException e) {
+            return Result.failure(e.getMessage());
+        }
+
+    }
+
+}