eclipse-tractusx · ds-jhartmann · Oct 5, 2023 · Sep 24, 2023 · Sep 26, 2023 · Sep 26, 2023
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [3.5.1] - 2023-10-05
+### Fixed
+- Fix json schema validation
+
 ## [3.5.0] - 2023-09-27
 ### Changed
 - IRS now makes use of the value `dspEndpoint` in `subprotocolBody` of the Asset Administration Shell to request submodel data directly.
@@ -350,7 +354,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Unresolved
 - **Select Aspects you need**  You are able to select the needed aspects for which you want to collect the correct endpoint information.
 
-[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...HEAD
+[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...HEAD
+[3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1
 [3.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.1...3.5.0
 [3.4.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.0...3.4.1
 [3.4.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.5...3.4.0

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -198,9 +198,9 @@ maven/mavencentral/net.java.dev.jna/jna/5.8.0, Apache-2.0 OR LGPL-2.1-or-later,
 maven/mavencentral/net.javacrumbs.json-unit/json-unit-assertj/2.36.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.javacrumbs.json-unit/json-unit-core/2.36.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.javacrumbs.json-unit/json-unit-json-path/2.36.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/net.jimblackler.jsonschemafriend/core/0.11.4, Apache-2.0, approved, #3269
-maven/mavencentral/net.jimblackler.jsonschemafriend/extra/0.11.4, Apache-2.0, approved, #3270
-maven/mavencentral/net.jimblackler/jsonschemafriend/0.11.4, Apache-2.0, approved, #3271
+maven/mavencentral/net.jimblackler.jsonschemafriend/core/0.12.0, , restricted, clearlydefined
+maven/mavencentral/net.jimblackler.jsonschemafriend/extra/0.12.0, , restricted, clearlydefined
+maven/mavencentral/net.jimblackler/jsonschemafriend/0.12.0, , restricted, clearlydefined
 maven/mavencentral/net.jodah/typetools/0.6.3, Apache-2.0, approved, clearlydefined
 maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515
 maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515

diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md
@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.7.2] - 2023-10-05
+### Changed
+- Update IRS version to 3.5.1
+
 ## [6.7.1] - 2023-09-29
 ### Changed
 - Added toString template for `edc.controlplane.apikey.secret`

diff --git a/charts/irs-helm/Chart.yaml b/charts/irs-helm/Chart.yaml
@@ -35,12 +35,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 6.7.1
+version: 6.7.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.5.0"
+appVersion: "3.5.1"
 dependencies:
   - name: common
     repository: https://charts.bitnami.com/bitnami

diff --git a/irs-api/pom.xml b/irs-api/pom.xml
@@ -184,7 +184,7 @@
         <dependency>
             <groupId>net.jimblackler</groupId>
             <artifactId>jsonschemafriend</artifactId>
-            <version>0.11.4</version>
+            <version>0.12.0</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.jsoup</groupId>

diff --git a/...nt/src/main/java/org/eclipse/tractusx/irs/edc/client/exceptions/UsagePolicyException.java b/...nt/src/main/java/org/eclipse/tractusx/irs/edc/client/exceptions/UsagePolicyException.java
@@ -28,6 +28,7 @@
  */
 public class UsagePolicyException extends EdcClientException {
     public UsagePolicyException(final String itemId) {
-        super("Consumption of asset '" + itemId + "' is not permitted as the required catalog offer policies do not comply with defined IRS policies.");
+        super("Consumption of asset '" + itemId
+                + "' is not permitted as the required catalog offer policies do not comply with defined IRS policies.");
     }
 }
diff --git a/irs-edc-client/src/main/java/org/eclipse/tractusx/irs/edc/client/policy/AcceptedPolicy.java b/irs-edc-client/src/main/java/org/eclipse/tractusx/irs/edc/client/policy/AcceptedPolicy.java
@@ -28,8 +28,8 @@
 /**
  * A policy accepted for negotiation.
  *
- * @param policyId   the ID of the policy
+ * @param policy     policy with permissions
  * @param validUntil the timestamp after which the policy will no longer be accepted
  */
-public record AcceptedPolicy(String policyId, OffsetDateTime validUntil) {
+public record AcceptedPolicy(Policy policy, OffsetDateTime validUntil) {
 }
diff --git a/...sx/irs/policystore/models/Constraint.java → ...usx/irs/edc/client/policy/Constraint.java b/...sx/irs/policystore/models/Constraint.java → ...usx/irs/edc/client/policy/Constraint.java
@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.irs.policystore.models;
+package org.eclipse.tractusx.irs.edc.client.policy;
 
 import java.util.List;
 

diff --git a/...nt/src/main/java/org/eclipse/tractusx/irs/edc/client/policy/ConstraintCheckerService.java b/...nt/src/main/java/org/eclipse/tractusx/irs/edc/client/policy/ConstraintCheckerService.java
@@ -0,0 +1,99 @@
+/********************************************************************************
+ * Copyright (c) 2021,2022,2023
+ *       2022: ZF Friedrichshafen AG
+ *       2022: ISTOS GmbH
+ *       2022,2023: Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *       2022,2023: BOSCH AG
+ * Copyright (c) 2021,2022,2023 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+package org.eclipse.tractusx.irs.edc.client.policy;
+
+import java.util.Collection;
+import java.util.List;
+
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.edc.policy.model.AndConstraint;
+import org.eclipse.edc.policy.model.AtomicConstraint;
+import org.eclipse.edc.policy.model.Constraint;
+import org.eclipse.edc.policy.model.Operator;
+import org.eclipse.edc.policy.model.OrConstraint;
+import org.springframework.stereotype.Service;
+
+/**
+ * Check and validate Constraint from Policy in Catalog
+ * fetch from EDC providers against accepted Policies.
+ */
+@Slf4j
+@Service
+public class ConstraintCheckerService {
+
+    public boolean hasAllConstraint(final Policy acceptedPolicy, final List<Constraint> constraints) {
+        final List<Constraints> acceptedConstraintsList = acceptedPolicy.getPermissions()
+                                                                        .stream()
+                                                                        .map(Permission::getConstraints)
+                                                                        .flatMap(Collection::stream)
+                                                                        .toList();
+
+        return constraints.stream().allMatch(constraint -> isValidOnList(constraint, acceptedConstraintsList));
+    }
+
+    private boolean isValidOnList(final Constraint constraint, final List<Constraints> acceptedConstraintsList) {
+        return acceptedConstraintsList.stream()
+                                      .anyMatch(acceptedConstraints -> isSameAs(constraint, acceptedConstraints));
+    }
+
+    private boolean isSameAs(final Constraint constraint, final Constraints acceptedConstraints) {
+        if (constraint instanceof AtomicConstraint atomicConstraint) {
+            return acceptedConstraints.getOr().stream().anyMatch(p -> isSameAs(atomicConstraint, p))
+                    || acceptedConstraints.getAnd().stream().anyMatch(p -> isSameAs(atomicConstraint, p));
+        }
+        if (constraint instanceof AndConstraint andConstraint) {
+            return andConstraint.getConstraints()
+                                .stream()
+                                .allMatch(constr -> isInList(constr, acceptedConstraints.getAnd()));
+        }
+        if (constraint instanceof OrConstraint orConstraint) {
+            return orConstraint.getConstraints()
+                               .stream()
+                               .anyMatch(constr -> isInList(constr, acceptedConstraints.getOr()));
+        }
+        return false;
+    }
+
+    private boolean isInList(final Constraint constraint,
+            final List<org.eclipse.tractusx.irs.edc.client.policy.Constraint> acceptedConstraints) {
+        if (constraint instanceof AtomicConstraint atomicConstraint) {
+            return acceptedConstraints.stream().anyMatch(ac -> isSameAs(atomicConstraint, ac));
+        } else {
+            return false;
+        }
+    }
+
+    private boolean isSameAs(final AtomicConstraint atomicConstraint,
+            final org.eclipse.tractusx.irs.edc.client.policy.Constraint acceptedConstraint) {
+        return AtomicConstraintValidator.builder()
+                                        .atomicConstraint(atomicConstraint)
+                                        .leftExpressionValue(acceptedConstraint.getLeftOperand())
+                                        .rightExpressionValue(
+                                                acceptedConstraint.getRightOperand().stream().findFirst().orElse(""))
+                                        .expectedOperator(Operator.valueOf(acceptedConstraint.getOperator().name()))
+                                        .build()
+                                        .isValid();
+    }
+
+}
diff --git a/...x/irs/policystore/models/Constraints.java → ...sx/irs/edc/client/policy/Constraints.java b/...x/irs/policystore/models/Constraints.java → ...sx/irs/edc/client/policy/Constraints.java
@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.irs.policystore.models;
+package org.eclipse.tractusx.irs.edc.client.policy;
 
 import java.util.List;
 

diff --git a/.../irs/policystore/models/OperatorType.java → ...x/irs/edc/client/policy/OperatorType.java b/.../irs/policystore/models/OperatorType.java → ...x/irs/edc/client/policy/OperatorType.java
@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.irs.policystore.models;
+package org.eclipse.tractusx.irs.edc.client.policy;
 
 import java.util.NoSuchElementException;
 import java.util.stream.Stream;

diff --git a/...sx/irs/policystore/models/Permission.java → ...usx/irs/edc/client/policy/Permission.java b/...sx/irs/policystore/models/Permission.java → ...usx/irs/edc/client/policy/Permission.java
@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.irs.policystore.models;
+package org.eclipse.tractusx.irs.edc.client.policy;
 
 import java.util.List;
 

diff --git a/...actusx/irs/policystore/models/Policy.java → ...ractusx/irs/edc/client/policy/Policy.java b/...actusx/irs/policystore/models/Policy.java → ...ractusx/irs/edc/client/policy/Policy.java
@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.irs.policystore.models;
+package org.eclipse.tractusx.irs.edc.client.policy;
 
 import java.time.OffsetDateTime;
 import java.util.List;

diff --git a/...client/src/main/java/org/eclipse/tractusx/irs/edc/client/policy/PolicyCheckerService.java b/...client/src/main/java/org/eclipse/tractusx/irs/edc/client/policy/PolicyCheckerService.java
@@ -24,22 +24,13 @@
 package org.eclipse.tractusx.irs.edc.client.policy;
 
 import java.time.OffsetDateTime;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Stream;
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.edc.policy.model.AndConstraint;
-import org.eclipse.edc.policy.model.AtomicConstraint;
-import org.eclipse.edc.policy.model.Constraint;
-import org.eclipse.edc.policy.model.Operator;
-import org.eclipse.edc.policy.model.OrConstraint;
 import org.eclipse.edc.policy.model.Permission;
 import org.eclipse.edc.policy.model.Policy;
-import org.eclipse.edc.policy.model.XoneConstraint;
-import org.eclipse.tractusx.irs.data.StringMapper;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.web.util.UriUtils;
 
@@ -52,93 +43,35 @@
 public class PolicyCheckerService {
 
     private final AcceptedPoliciesProvider policyStore;
-    @Value("${irs-edc-client.catalog.policies.acceptedRightOperands:active}")
-    private final List<String> acceptedRightOperands;
-    @Value("${irs-edc-client.catalog.policies.acceptedLeftOperands:PURPOSE}")
-    private final List<String> acceptedLeftOperands;
+    private final ConstraintCheckerService constraintCheckerService;
 
     public boolean isValid(final Policy policy) {
-        final List<PolicyDefinition> policyList = getAllowedPolicies();
-        log.info("Checking policy {} against allowed policies: {}", StringMapper.mapToString(policy),
-                String.join(",", policyList.stream().map(PolicyDefinition::getRightExpressionValue).toList()));
         if (getValidStoredPolicyIds().contains("*")) {
             return true;
         }
-        return policy.getPermissions().stream().allMatch(permission -> isValid(permission, policyList));
-    }
 
-    private List<PolicyDefinition> getAllowedPolicies() {
-        final List<String> policyIds = getValidStoredPolicyIds();
-        final List<PolicyDefinition> allowedPolicies = new ArrayList<>();
-        acceptedRightOperands.forEach(rightOperand -> allowedPolicies.addAll(
-                policyIds.stream().map(policy -> createPolicy(policy, rightOperand)).toList()));
-        acceptedLeftOperands.forEach(leftOperand -> allowedPolicies.addAll(
-                policyIds.stream().map(policy -> createPolicy(leftOperand, policy)).toList()));
+        return policy.getPermissions().stream().allMatch(permission -> isValid(permission, getValidStoredPolicies()));
+    }
 
-        return allowedPolicies;
+    private boolean isValid(final Permission permission, final List<AcceptedPolicy> validStoredPolicies) {
+        return validStoredPolicies.stream().anyMatch(acceptedPolicy ->
+                constraintCheckerService.hasAllConstraint(acceptedPolicy.policy(), permission.getConstraints()));
     }
 
     private List<String> getValidStoredPolicyIds() {
         return policyStore.getAcceptedPolicies()
                           .stream()
                           .filter(p -> p.validUntil().isAfter(OffsetDateTime.now()))
-                          .map(AcceptedPolicy::policyId)
+                          .map(acceptedPolicy -> acceptedPolicy.policy().getPolicyId())
                           .flatMap(this::addEncodedVersion)
                           .toList();
     }
 
-    private boolean isValid(final Permission permission, final List<PolicyDefinition> policyDefinitions) {
-        final boolean permissionTypesMatch = policyDefinitions.stream()
-                                                              .allMatch(
-                                                                      policyDefinition -> policyDefinition.getPermissionActionType()
-                                                                                                          .equals(permission.getAction()
-                                                                                                                            .getType()));
-        final boolean constraintsMatch = permission.getConstraints()
-                                                   .stream()
-                                                   .allMatch(constraint -> isValid(constraint, policyDefinitions));
-        return permissionTypesMatch && constraintsMatch;
-    }
-
-    private boolean isValid(final Constraint constraint, final List<PolicyDefinition> policyDefinitions) {
-        if (constraint instanceof AtomicConstraint atomicConstraint) {
-            return validateAtomicConstraint(atomicConstraint, policyDefinitions);
-        } else if (constraint instanceof AndConstraint andConstraint) {
-            return andConstraint.getConstraints().stream().allMatch(constr -> isValid(constr, policyDefinitions));
-        } else if (constraint instanceof OrConstraint orConstraint) {
-            return orConstraint.getConstraints().stream().anyMatch(constr -> isValid(constr, policyDefinitions));
-        } else if (constraint instanceof XoneConstraint xoneConstraint) {
-            return xoneConstraint.getConstraints().stream().filter(constr -> isValid(constr, policyDefinitions)).count()
-                    == 1;
-        }
-        return false;
-    }
-
-    private boolean validateAtomicConstraint(final AtomicConstraint atomicConstraint,
-            final PolicyDefinition policyDefinition) {
-        return AtomicConstraintValidator.builder()
-                                        .atomicConstraint(atomicConstraint)
-                                        .leftExpressionValue(policyDefinition.getLeftExpressionValue())
-                                        .rightExpressionValue(policyDefinition.getRightExpressionValue())
-                                        .expectedOperator(Operator.valueOf(policyDefinition.getConstraintOperator()))
-                                        .build()
-                                        .isValid();
-    }
-
-    private boolean validateAtomicConstraint(final AtomicConstraint atomicConstraint,
-            final List<PolicyDefinition> policyDefinitions) {
-        return policyDefinitions.stream()
-                                .anyMatch(policyDefinition -> validateAtomicConstraint(atomicConstraint,
-                                        policyDefinition));
-    }
-
-    private PolicyDefinition createPolicy(final String leftExpression, final String rightExpression) {
-        return PolicyDefinition.builder()
-                               .permissionActionType("USE")
-                               .constraintType("AtomicConstraint")
-                               .leftExpressionValue(leftExpression)
-                               .rightExpressionValue(rightExpression)
-                               .constraintOperator("EQ")
-                               .build();
+    private List<AcceptedPolicy> getValidStoredPolicies() {
+        return policyStore.getAcceptedPolicies()
+                          .stream()
+                          .filter(p -> p.validUntil().isAfter(OffsetDateTime.now()))
+                          .toList();
     }
 
     private Stream<String> addEncodedVersion(final String original) {

diff --git a/...sx/irs/policystore/models/PolicyType.java → ...usx/irs/edc/client/policy/PolicyType.java b/...sx/irs/policystore/models/PolicyType.java → ...usx/irs/edc/client/policy/PolicyType.java
@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.irs.policystore.models;
+package org.eclipse.tractusx.irs.edc.client.policy;
 
 /**
  * A PolicyType object use in Permission