From 330d207e239004340465ecfb34c606a658616c26 Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Mon, 3 Jul 2023 12:58:35 +0530 Subject: [PATCH 001/116] feat: swagger doc updated as per new role in api and Retrieve wallet by identifier test cases updated --- .../IssuersCredentialController.java | 10 +++--- .../controller/WalletController.java | 2 +- .../wallet/WalletTest.java | 32 ++++++++++++++++--- 3 files changed, 34 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java index 5294a104d..5d19e4135 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java @@ -71,7 +71,7 @@ public class IssuersCredentialController extends BaseController { * @return the credentials */ @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER) - @Operation(description = "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", summary = "Query Verifiable Credentials") + @Operation(description = "Permission: **view_wallets** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", summary = "Query Verifiable Credentials") @GetMapping(path = RestURI.ISSUERS_CREDENTIALS, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity> getCredentials(@RequestParam(required = false) String credentialId, @RequestParam(required = false) String holderIdentifier, @@ -98,7 +98,7 @@ public ResponseEntity> getCredentials(@RequestPar """)) }) @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER) - @Operation(summary = "Issue a Membership Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet") + @Operation(summary = "Issue a Membership Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet") @PostMapping(path = RestURI.CREDENTIALS_ISSUER_MEMBERSHIP, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity issueMembershipCredential(@Valid @RequestBody IssueMembershipCredentialRequest issueMembershipCredentialRequest, Principal principal) { return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueMembershipCredential(issueMembershipCredentialRequest, getBPNFromToken(principal))); @@ -123,7 +123,7 @@ public ResponseEntity issueMembershipCredential(@Valid @Re """)) }) @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER) - @Operation(summary = "Issue a Dismantler Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet") + @Operation(summary = "Issue a Dismantler Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet") @PostMapping(path = RestURI.CREDENTIALS_ISSUER_DISMANTLER, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity issueDismantlerCredential(@Valid @RequestBody IssueDismantlerCredentialRequest request, Principal principal) { return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueDismantlerCredential(request, getBPNFromToken(principal))); @@ -147,7 +147,7 @@ public ResponseEntity issueDismantlerCredential(@Valid @Re """)) }) @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER) - @Operation(summary = "Issue a Use Case Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet") + @Operation(summary = "Issue a Use Case Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet") @PostMapping(path = RestURI.API_CREDENTIALS_ISSUER_FRAMEWORK, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity issueFrameworkCredential(@Valid @RequestBody IssueFrameworkCredentialRequest request, Principal principal) { return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueFrameworkCredential(request, getBPNFromToken(principal))); @@ -202,7 +202,7 @@ public ResponseEntity> credentialsValidation(@RequestBody Ma * @return the response entity */ @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER) - @Operation(summary = "Issue Verifiable Credential", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID") + @Operation(summary = "Issue Verifiable Credential", description = "Permission: **update_wallets** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID") @PostMapping(path = RestURI.ISSUERS_CREDENTIALS, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) @io.swagger.v3.oas.annotations.parameters.RequestBody(content = { diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java index af72b133a..5e354d450 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java @@ -123,7 +123,7 @@ public ResponseEntity> storeCredential(@RequestBody Map getWalletByIdentifier(@Parameter(description = "Did or BPN") @PathVariable(name = "identifier") String identifier, @RequestParam(name = "withCredentials", defaultValue = "false") boolean withCredentials, diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java index 83b98c1e9..83806e8ec 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java @@ -311,10 +311,9 @@ void getWalletByIdentifierBPNTest200() throws JsonProcessingException { String name = "Sample Name"; //Create entry - Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); + TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); - //get Wallet - ///get wallet with credentials + //get wallet without credentials HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); HttpEntity entity = new HttpEntity<>(headers); @@ -325,6 +324,18 @@ void getWalletByIdentifierBPNTest200() throws JsonProcessingException { Assertions.assertEquals(HttpStatus.OK.value(), getWalletResponse.getStatusCode().value()); Assertions.assertNotNull(getWalletResponse.getBody()); Assertions.assertEquals(body.getBpn(), bpn); + + //get wallet without credentials with authority wallet + headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); + + entity = new HttpEntity<>(headers); + + getWalletResponse = restTemplate.exchange(RestURI.API_WALLETS_IDENTIFIER + "?withCredentials={withCredentials}", HttpMethod.GET, entity, String.class, bpn, "false"); + + body = TestUtils.getWalletFromString(getWalletResponse.getBody()); + Assertions.assertEquals(HttpStatus.OK.value(), getWalletResponse.getStatusCode().value()); + Assertions.assertNotNull(getWalletResponse.getBody()); + Assertions.assertEquals(body.getBpn(), bpn); } @@ -334,7 +345,7 @@ void getWalletByIdentifierBPNWithCredentialsTest200() throws JsonProcessingExcep String name = "Sample Name"; String did = "did:web:localhost:" + bpn; //Create entry - Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); + TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); //store credentials ResponseEntity response = storeCredential(bpn, did); @@ -352,6 +363,19 @@ void getWalletByIdentifierBPNWithCredentialsTest200() throws JsonProcessingExcep Assertions.assertNotNull(getWalletResponse.getBody()); Assertions.assertEquals(3, body.getVerifiableCredentials().size()); //BPN VC + Summery VC + Stored VC Assertions.assertEquals(body.getBpn(), bpn); + + ///get wallet with credentials with authority wallet + headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); + + entity = new HttpEntity<>(headers); + + getWalletResponse = restTemplate.exchange(RestURI.API_WALLETS_IDENTIFIER + "?withCredentials={withCredentials}", HttpMethod.GET, entity, String.class, bpn, "true"); + + body = TestUtils.getWalletFromString(getWalletResponse.getBody()); + Assertions.assertEquals(HttpStatus.OK.value(), getWalletResponse.getStatusCode().value()); + Assertions.assertNotNull(getWalletResponse.getBody()); + Assertions.assertEquals(3, body.getVerifiableCredentials().size()); //BPN VC + Summery VC + Stored VC + Assertions.assertEquals(body.getBpn(), bpn); } @Test From d6b22648febcbee74b5b2513243dc187ce18b62c Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 3 Jul 2023 13:09:25 +0530 Subject: [PATCH 002/116] docs: authority wallet can see all wallets --- .../managedidentitywallets/controller/WalletController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java index 5e354d450..d72ba2820 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java @@ -123,7 +123,7 @@ public ResponseEntity> storeCredential(@RequestBody Map getWalletByIdentifier(@Parameter(description = "Did or BPN") @PathVariable(name = "identifier") String identifier, @RequestParam(name = "withCredentials", defaultValue = "false") boolean withCredentials, From 81e58dfcbcdee82b1554c770d98f107875d3cf04 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 12:12:11 +0200 Subject: [PATCH 003/116] feat(helm): Update readme --- charts/managed-identity-wallet/README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 165ca36cd..593a404ef 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -1,6 +1,6 @@ # managed-identity-wallet -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0.0](https://img.shields.io/badge/AppVersion-4.0.0-informational?style=flat-square) +![Version: 1.0.1-rc1](https://img.shields.io/badge/Version-1.0.1--rc1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-SNAPSHOT.b75ebaf](https://img.shields.io/badge/AppVersion-0.0.1--SNAPSHOT.b75ebaf-informational?style=flat-square) Managed Identity Wallets Service @@ -19,7 +19,7 @@ Managed Identity Wallets Service | fullnameOverride | string | `""` | | | image.pullPolicy | string | `"Always"` | | | image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | | -| image.tag | string | `"latest"` | | +| image.tag | string | `""` | | | imagePullSecrets[0].name | string | `"acr-credential"` | | | ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | | ingress.enabled | bool | `false` | | @@ -38,10 +38,16 @@ Managed Identity Wallets Service | postgresql.primary.initdb.scripts."init_db_script.sh" | string | `"#!/bin/sh\ncreatedb -O postgres miw\n"` | | | postgresql.primary.initdb.user | string | `"postgres"` | | | replicaCount | int | `1` | | -| resources.cpu | int | `250` | | -| resources.memory | int | `256` | | +| resources.limits.cpu | int | `4` | | +| resources.limits.memory | string | `"1Gi"` | | +| resources.requests.cpu | string | `"250m"` | | +| resources.requests.memory | string | `"500Mi"` | | | secrets | string | `nil` | | -| securityContext | object | `{}` | | +| securityContext.allowPrivilegeEscalation | bool | `false` | | +| securityContext.privileged | bool | `false` | | +| securityContext.runAsGroup | int | `11111` | | +| securityContext.runAsNonRoot | bool | `true` | | +| securityContext.runAsUser | int | `11111` | | | service.port | int | `8080` | | | service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | | @@ -50,4 +56,4 @@ Managed Identity Wallets Service | tolerations | list | `[]` | | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) From 881e131008cd358a376df62a72107711620c2845 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 12:12:55 +0200 Subject: [PATCH 004/116] feat(devel): add task to rebuild Helm chart readme --- dev-assets/tasks/helm.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dev-assets/tasks/helm.yaml b/dev-assets/tasks/helm.yaml index 3e08efacb..340ef2f70 100644 --- a/dev-assets/tasks/helm.yaml +++ b/dev-assets/tasks/helm.yaml @@ -24,4 +24,10 @@ tasks: desc: Executes helm unittests dir: charts/managed-identity-wallet cmds: - - helm unittest . \ No newline at end of file + - helm unittest . + + readme: + desc: Rebuilds the readme of the Helm chart + dir: charts/managed-identity-wallet + cmds: + - helm-docs . \ No newline at end of file From d559cdcb87edc427bbb46a80769dfed3137216d4 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 12:13:29 +0200 Subject: [PATCH 005/116] feat(devel): add task to check, if helm-docs is installed --- dev-assets/tasks/darwin/check-tools.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index d8b6e9725..5667ba5b6 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -35,6 +35,11 @@ tasks: cmds: - ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm + check-helm-docs: + dir: dev-assets/tasks/{{OS}} + cmds: + - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs + check-helm-plugins: dir: dev-assets/tasks/darwin cmds: From b1e9c0e80cf9a480b2b6b4b4cdec55146e72e65e Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 12:34:55 +0200 Subject: [PATCH 006/116] refactor(devel): add missing task to linux tasks --- dev-assets/tasks/darwin/check-tools.yaml | 5 +++-- dev-assets/tasks/linux/check-tools.yaml | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index 5667ba5b6..ea63c889e 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -24,6 +24,7 @@ tasks: cmds: - task: check-helm - task: check-helm-plugins + - task: check-helm-docs - task: check-docker - task: check-docker-compose - task: check-java @@ -31,12 +32,12 @@ tasks: ignore_error: true check-helm: - dir: dev-assets/tasks/{{OS}} + dir: dev-assets/tasks/darwin cmds: - ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm check-helm-docs: - dir: dev-assets/tasks/{{OS}} + dir: dev-assets/tasks/darwin cmds: - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs diff --git a/dev-assets/tasks/linux/check-tools.yaml b/dev-assets/tasks/linux/check-tools.yaml index 828403e58..715fe527b 100644 --- a/dev-assets/tasks/linux/check-tools.yaml +++ b/dev-assets/tasks/linux/check-tools.yaml @@ -24,9 +24,11 @@ tasks: cmds: - task: check-helm - task: check-helm-plugins + - task: check-helm-docs - task: check-docker - task: check-docker-compose - task: check-java + - task: check-jq ignore_error: true check-helm: @@ -34,6 +36,11 @@ tasks: cmds: - ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm + check-helm-docs: + dir: dev-assets/tasks/linux + cmds: + - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs + check-helm-plugins: dir: dev-assets/tasks/linux cmds: From f037c168a5a16aa3ff2009e7c086d82a8030bf44 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 3 Jul 2023 16:19:28 +0530 Subject: [PATCH 007/116] fix: CGD-288 and code refactor --- .../config/openapi/OpenApiConfig.java | 2 -- .../CustomAuthenticationConverter.java | 23 +++++++++---------- .../service/HoldersCredentialService.java | 4 ++-- .../service/WalletService.java | 22 ++---------------- .../utils/StringToDidDocumentConverter.java | 3 --- 5 files changed, 15 insertions(+), 39 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java index 1b8e032ba..435ae8585 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java @@ -25,8 +25,6 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; -import io.swagger.v3.oas.models.security.OAuthFlow; -import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import lombok.AllArgsConstructor; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java index d02c5ad2e..2630d4282 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java @@ -20,6 +20,7 @@ */ package org.eclipse.tractusx.managedidentitywallets.config.security; + import org.springframework.core.convert.converter.Converter; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.GrantedAuthority; @@ -27,9 +28,11 @@ import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; -import org.springframework.util.CollectionUtils; -import java.util.*; +import java.util.Collection; +import java.util.Map; +import java.util.Objects; +import java.util.Set; import java.util.stream.Collectors; /** @@ -49,18 +52,14 @@ public CustomAuthenticationConverter(String resourceId) { this.resourceId = resourceId; grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter(); } - @Override public AbstractAuthenticationToken convert(Jwt source) { - Collection convert = grantedAuthoritiesConverter.convert(source); - if (!CollectionUtils.isEmpty(convert)) { - Collection authorities = new HashSet<>(convert); - authorities.addAll(extractResourceRoles(source, resourceId)); - extractResourceRoles(source, resourceId); - return new JwtAuthenticationToken(source, authorities); - } else { - return new JwtAuthenticationToken(source, Collections.emptyList()); - } + Collection authorities = (grantedAuthoritiesConverter.convert(source)) + .stream() + .collect(Collectors.toSet()); + authorities.addAll(extractResourceRoles(source, resourceId)); + extractResourceRoles(source, resourceId); + return new JwtAuthenticationToken(source, authorities); } private Collection extractResourceRoles(Jwt jwt, String resourceId) { diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java index 78b04f8aa..664cff8dc 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java @@ -104,11 +104,11 @@ public PageImpl getCredentials(String credentialId, String //Holder must be caller of API Wallet holderWallet = commonService.getWalletByIdentifier(callerBPN); - filterRequest.appendCriteria(StringPool.HOLDER_DID, Operator.EQUALS, holderWallet.getDid().toString()); + filterRequest.appendCriteria(StringPool.HOLDER_DID, Operator.EQUALS, holderWallet.getDid()); if (StringUtils.hasText(issuerIdentifier)) { Wallet issuerWallet = commonService.getWalletByIdentifier(issuerIdentifier); - filterRequest.appendCriteria(StringPool.ISSUER_DID, Operator.EQUALS, issuerWallet.getDid().toString()); + filterRequest.appendCriteria(StringPool.ISSUER_DID, Operator.EQUALS, issuerWallet.getDid()); } if (StringUtils.hasText(credentialId)) { diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java index 9b546abe6..0de7d4a83 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java @@ -237,8 +237,8 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority) { //Save key walletKeyService.getRepository().save(WalletKey.builder() .walletId(wallet.getId()) - .referenceKey("dummy ref key") //TODO removed once vault setup is ready - .vaultAccessToken("dummy vault access token") ////TODO removed once vault setup is ready + .referenceKey("dummy ref key, removed once vault setup is ready") + .vaultAccessToken("dummy vault access token, removed once vault setup is ready") .privateKey(encryptionUtils.encrypt(getPrivateKeyString(keyPair.getPrivateKey().asByte()))) .publicKey(encryptionUtils.encrypt(getPublicKeyString(keyPair.getPublicKey().asByte()))) .build()); @@ -277,24 +277,6 @@ private void validateCreateWallet(CreateWalletRequest request) { } } -/* - @SneakyThrows - private Ed25519KeySet createKeyPair() { - KeyPairGeneratorSpi.Ed25519 ed25519 = new KeyPairGeneratorSpi.Ed25519(); - ed25519.initialize(256, new SecureRandom()); - KeyPair keyPair = ed25519.generateKeyPair(); - PublicKey PubKey = keyPair.getPublic(); - PrivateKey PivKey = keyPair.getPrivate(); - Ed25519PrivateKeyParameters ed25519PrivateKeyParameters = - (Ed25519PrivateKeyParameters) PrivateKeyFactory.createKey(PivKey.getEncoded()); - Ed25519PublicKeyParameters publicKeyParameters = - (Ed25519PublicKeyParameters) PublicKeyFactory.createKey(PubKey.getEncoded()); - - byte[] privateKeyBytes = ed25519PrivateKeyParameters.getEncoded(); - byte[] publicKeyBytes = publicKeyParameters.getEncoded(); - return new Ed25519KeySet(privateKeyBytes, publicKeyBytes); - }*/ - @SneakyThrows private String getPrivateKeyString(byte[] privateKeyBytes) { StringWriter stringWriter = new StringWriter(); diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java index 87ac6f807..5dd273291 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java @@ -25,9 +25,6 @@ import lombok.SneakyThrows; import org.eclipse.tractusx.ssi.lib.model.did.DidDocument; -import java.net.URLDecoder; -import java.nio.charset.StandardCharsets; - /** * The type String to did document converter. */ From 7149df4791460d95c5638b946b4fd6db2e782221 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 12:56:36 +0200 Subject: [PATCH 008/116] refactor(devel): reorder variables --- dev-assets/env-files/env.docker.dist | 6 +++--- dev-assets/env-files/env.local.dist | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index 1b21dafe0..657a22795 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -4,7 +4,6 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" -DEV_ENVIRONMENT=docker # Docker: Postgres config POSTGRES_DB=keycloak @@ -19,7 +18,7 @@ KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public DB_DATABASE=keycloak KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD= -KC_HOSTNAME: keycloak +#KC_HOSTNAME=keycloak # Docker: App config KEYCLOAK_CLIENT_ID=miw_private_client @@ -32,9 +31,10 @@ VC_SCHEMA_LINK="https://www.w3.org/2018/credentials/v1, https://catenax-ng.githu VC_EXPIRY_DATE=01-01-2025 SUPPORTED_FRAMEWORK_VC_TYPES="cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace" MIW_HOST_NAME=miw -AUTH_SERVER_URL=http://keycloak:8080 ######### DON'T MODIFY ANYTHING BELOW THIS LINE !!! ######### +AUTH_SERVER_URL=http://keycloak:8080 +DEV_ENVIRONMENT=docker APPLICATION_PORT=8000 MANAGEMENT_PORT=8090 APPLICATION_ENVIRONMENT=dev diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index 19f430e00..154e7ee83 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -4,7 +4,6 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" -DEV_ENVIRONMENT=local # Docker: Postgres config POSTGRES_DB=keycloak @@ -19,7 +18,7 @@ KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public DB_DATABASE=keycloak KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD= -KC_HOSTNAME: localhost +#KC_HOSTNAME=localhost # Docker: App config KEYCLOAK_CLIENT_ID=miw_private_client @@ -32,9 +31,10 @@ VC_SCHEMA_LINK="https://www.w3.org/2018/credentials/v1, https://catenax-ng.githu VC_EXPIRY_DATE=01-01-2025 SUPPORTED_FRAMEWORK_VC_TYPES="cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace" MIW_HOST_NAME=miw -AUTH_SERVER_URL=http://localhost:8080 ######### DON'T MODIFY ANYTHING BELOW THIS LINE !!! ######### +AUTH_SERVER_URL=http://localhost:8080 +DEV_ENVIRONMENT=local APPLICATION_PORT=8000 MANAGEMENT_PORT=8090 APPLICATION_ENVIRONMENT=dev From 11ad959c37f1a9d23f0b3d8fe119a7d85a73ccd8 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 15:01:31 +0200 Subject: [PATCH 009/116] refactor(devel): remove env.environment due to set env order of Taskfile --- Taskfile.yaml | 4 +++- dev-assets/env-files/env.environment.dist | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) delete mode 100644 dev-assets/env-files/env.environment.dist diff --git a/Taskfile.yaml b/Taskfile.yaml index 644cfca46..ee94b7299 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -19,8 +19,10 @@ version: 3 +vars: + ENV: docker # local or docker + dotenv: - - 'dev-assets/env-files/env.environment' - 'dev-assets/env-files/env.{{.ENV}}' includes: diff --git a/dev-assets/env-files/env.environment.dist b/dev-assets/env-files/env.environment.dist deleted file mode 100644 index 9b19e9582..000000000 --- a/dev-assets/env-files/env.environment.dist +++ /dev/null @@ -1 +0,0 @@ -ENV=local # local or docker \ No newline at end of file From b4ceeb5b8325a1b573ec7d6f9fd671e1e9cc41f1 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 15:04:25 +0200 Subject: [PATCH 010/116] feat(devel): add tasks for test-report and coverage --- dev-assets/tasks/darwin/app.yaml | 10 ++++++++++ dev-assets/tasks/linux/app.yaml | 10 ++++++++++ dev-assets/tasks/windows/app.yaml | 12 +++++++++++- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/dev-assets/tasks/darwin/app.yaml b/dev-assets/tasks/darwin/app.yaml index 917125d52..38d7ff285 100644 --- a/dev-assets/tasks/darwin/app.yaml +++ b/dev-assets/tasks/darwin/app.yaml @@ -36,6 +36,16 @@ tasks: - echo "BEARER {{.TOKEN}}" - echo "BEARER {{.TOKEN}}" | pbcopy + test-report: + desc: Generates the test report for MIW + cmds: + - ./gradlew jacocoTestReport + + coverage: + desc: Runs the coverage check + cmds: + - ./gradlew jacocoTestCoverageVerification + clean: desc: Cleans the build directory cmds: diff --git a/dev-assets/tasks/linux/app.yaml b/dev-assets/tasks/linux/app.yaml index 7ae5657fe..45eef3029 100644 --- a/dev-assets/tasks/linux/app.yaml +++ b/dev-assets/tasks/linux/app.yaml @@ -31,6 +31,16 @@ tasks: cmds: - echo "BAERER $(./get_Token.sh)" + test-report: + desc: Generates the test report for MIW + cmds: + - ./gradlew jacocoTestReport + + coverage: + desc: Runs the coverage check + cmds: + - ./gradlew jacocoTestCoverageVerification + clean: desc: Cleans the build directory cmds: diff --git a/dev-assets/tasks/windows/app.yaml b/dev-assets/tasks/windows/app.yaml index d379f7979..0b48893c8 100644 --- a/dev-assets/tasks/windows/app.yaml +++ b/dev-assets/tasks/windows/app.yaml @@ -31,7 +31,17 @@ tasks: cmds: - echo "Not implemented for windows!" + test-report: + desc: Generates the test report for MIW + cmds: + - .\gradlew.bat jacocoTestReport + + coverage: + desc: Runs the coverage check + cmds: + - .\gradlew.bat jacocoTestCoverageVerification + clean: desc: Cleans the build directory cmds: - - gradlew.bat clean \ No newline at end of file + - .\gradlew.bat clean \ No newline at end of file From 74fdb21dc549ed80bc1cbf8f71b40e0a9410a834 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 3 Jul 2023 15:05:30 +0200 Subject: [PATCH 011/116] feat(devel): update readme --- README.md | 80 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 55 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 2c059c397..25f3ea1d0 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,12 @@ The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identit # Developer Documentation -To run MIW locally, this section describes the tooling as well as -the local development setup. +To run MIW locally, this section describes the tooling as well as the local development setup. + +There are two possible flows, which can be used for development: + +1. **local**: Run the postgresql and keycloak server inside docker. Start MIW from within your IDE (recommended for actual development) +2. **docker**: Run everything inside docker (use to test or check behavior inside a docker environment) ## Tooling @@ -13,37 +17,61 @@ Following tools the MIW development team used successfully: | Area | Tool | Download Link | Comment | |----------|----------|-------------------------------------------------|---------------------------------------------------------------------------------------------------| -| IDE | IntelliJ | https://www.jetbrains.com/idea/download/ | Additionally the [envfile plugin](https://plugins.jetbrains.com/plugin/7861-envfile) is suggested | +| IDE | IntelliJ | https://www.jetbrains.com/idea/download/ | Use [envfile plugin](https://plugins.jetbrains.com/plugin/7861-envfile) to use the **local** flow | | Build | Gradle | https://gradle.org/install/ | | Runtime | Docker | https://www.docker.com/products/docker-desktop/ | | | Database | DBeaver | https://dbeaver.io/ | | IAM | Keycloak | https://www.keycloak.org/ | | -## Local Development Setup +## Development Setup -1. Run keycloak and database server using [docker-compose.yaml](dev-assets%2Fdid-web%2Fdocker-compose.yaml) -2. Create personal access token(classic) with `read:packages` access (ref: https://github.com/settings/tokens/new) -3. set ORG_GRADLE_PROJECT_githubUserName and ORG_GRADLE_PROJECT_githubToken values - in [dev.env](dev-assets%2Fdid-web%2Fdev.env) -4. Setup [dev.env](dev-assets%2Fdid-web%2Fdev.env) values either in application.yaml or in IDE -5. Run [ManagedIdentityWalletsApplication.java](src%2Fmain%2Fjava%2Forg%2Feclipse%2Ftractusx%2Fmanagedidentitywallets%2FManagedIdentityWalletsApplication.java) in IDE -6. Open API doc on http://localhost:8080 -7. Click on Authorize on swagger UI and on the dialog click again on Authorize. -8. Login with username=catena-x and password=password +### Prerequisites -## Build application locally +To simplify the dev environment, [Taskfile](https://taskfile.dev) is used as a task executor. You have to install it first. -Build with test cases +Before executing any of th tasks, you have to choose your flow (_local_ or _docker_). _local_ is default. +To change that, you need to edit the variable **ENV** in the _Taskfile.yaml_. -``` -./gradlew build -``` +After that, run `task check-prereqs` to see, if any other required tool is installed or missing. If something is missing, a link to the install docs is provided. -Build without test cases +Now, you have to adjust the _env_ files (located in _dev-assets/env-files_). To do that, copy every file to the same directory, but without ".dist" at the end. + +Description of the env files: + +- **env.local**: Setup everything to get ready for flow "local". You need to fill in the passwords. Everything else can remain as it is. +- **env.docker**: Setup everything to get ready for flow "docker". You need to fill in the passwords. Everything else can remain as it is. + +In both env files (env.local and env.docker) you need to set _GITHUB_USERNAME_ and _GITHUB_TOKEN_ in order to be able to build the add, +because the SSI lib is stored in a private repo (you also need the proper rights to access the repo). +The access token need to have `read:packages` access. (ref: https://github.com/settings/tokens/new) + +Note: _SKIP_GRADLE_TASKS_PARAM_ is used to pass parameters to the build process of the MIW jar. Currently, it skips the tests and code coverage, but speeds up the build time. +If you want to activate it, just comment it out like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"` + +After every execution (either _local_ or _docker_ flow), run the matching "stop" task (e.g.: `task docker:start-app` -> `task docker:stop-app`) + +When you just run `task` without parameters, you will see all tasks available. + +### local + +1. Run `task docker:start-middleware` and wait until it shows "(main) Running the server in development mode. DO NOT use this configuration in production." in the terminal +2. Run `task app:build` to build the MIW application +3. Run [ManagedIdentityWalletsApplication.java](src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java) via IDE and use the local.env file to populate environment vars (e.g. EnvFile plugin for IntelliJ) +4. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) +5. Open API doc on http://localhost:8000 (or what port you configured in the _env.local_ file) +6. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input +7. Click on "Authorize" and "close" +8. MIW is up and running + +### docker + +1. Run `task docker:start-app` and wait until it shows " Started ManagedIdentityWalletsApplication in ... seconds" +2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) +3. Open API doc on http://localhost:8000 (or what port you configured in the _env.local_ file) +4. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input +5. Click on "Authorize" and "close" +6. MIW is up and running -``` -./gradlew build -i -x test -``` ## Test Coverage @@ -55,16 +83,16 @@ The generated HTML report can be found under `jacoco-report/html/` To generate the report run the command ``` -./gradlew jacocoTestReport +task app:test-report ``` To check the coverage run the command ``` -./gradlew jacocoTestCoverageVerification +task app:coverage ``` -Currently the minimum is 80% +Currently, the minimum is 80% coverage. ## Common issues and solutions during local setup @@ -129,6 +157,8 @@ This process ensures that any issues with the database schema are resolved by re 2. Policies can be validated dynamically as per request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) +3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings + (under "features in development") ## Reference of external lib From 3e17880beb79fc50f094a79cd49f47c06dbdc4b2 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 13:03:48 +0200 Subject: [PATCH 012/116] feat(devel): put Helm chart unittests in subfolder for each stage --- dev-assets/tasks/helm.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-assets/tasks/helm.yaml b/dev-assets/tasks/helm.yaml index 340ef2f70..0a2d89445 100644 --- a/dev-assets/tasks/helm.yaml +++ b/dev-assets/tasks/helm.yaml @@ -24,7 +24,7 @@ tasks: desc: Executes helm unittests dir: charts/managed-identity-wallet cmds: - - helm unittest . + - helm unittest -f 'tests/**/*.yaml' . readme: desc: Rebuilds the readme of the Helm chart From ecbe7e5d9765c7336914801001444905d8f84529 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 13:04:49 +0200 Subject: [PATCH 013/116] feat(helm): add tests for dev stage and put tests in subfolder for each stage --- .../deployment_test.yaml} | 11 ++- .../service_account_test.yaml} | 0 .../service_test.yaml} | 0 .../tests/dev/deployment_test.yaml | 34 +++++++++ .../tests/dev/ingress_test.yaml | 73 +++++++++++++++++++ .../tests/dev/secret_test.yaml | 56 ++++++++++++++ 6 files changed, 173 insertions(+), 1 deletion(-) rename charts/managed-identity-wallet/tests/{default_deployment_test.yaml => default/deployment_test.yaml} (92%) rename charts/managed-identity-wallet/tests/{default_service_account_test.yaml => default/service_account_test.yaml} (100%) rename charts/managed-identity-wallet/tests/{default_service_test.yaml => default/service_test.yaml} (100%) create mode 100644 charts/managed-identity-wallet/tests/dev/deployment_test.yaml create mode 100644 charts/managed-identity-wallet/tests/dev/ingress_test.yaml create mode 100644 charts/managed-identity-wallet/tests/dev/secret_test.yaml diff --git a/charts/managed-identity-wallet/tests/default_deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml similarity index 92% rename from charts/managed-identity-wallet/tests/default_deployment_test.yaml rename to charts/managed-identity-wallet/tests/default/deployment_test.yaml index b6b8a2efe..3ce741602 100644 --- a/charts/managed-identity-wallet/tests/default_deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -94,4 +94,13 @@ tests: privileged: false runAsGroup: 11111 runAsNonRoot: true - runAsUser: 11111 \ No newline at end of file + runAsUser: 11111 + + - it: should have environment variables set + template: templates/deployment.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[0].env + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 1 \ No newline at end of file diff --git a/charts/managed-identity-wallet/tests/default_service_account_test.yaml b/charts/managed-identity-wallet/tests/default/service_account_test.yaml similarity index 100% rename from charts/managed-identity-wallet/tests/default_service_account_test.yaml rename to charts/managed-identity-wallet/tests/default/service_account_test.yaml diff --git a/charts/managed-identity-wallet/tests/default_service_test.yaml b/charts/managed-identity-wallet/tests/default/service_test.yaml similarity index 100% rename from charts/managed-identity-wallet/tests/default_service_test.yaml rename to charts/managed-identity-wallet/tests/default/service_test.yaml diff --git a/charts/managed-identity-wallet/tests/dev/deployment_test.yaml b/charts/managed-identity-wallet/tests/dev/deployment_test.yaml new file mode 100644 index 000000000..1a6626461 --- /dev/null +++ b/charts/managed-identity-wallet/tests/dev/deployment_test.yaml @@ -0,0 +1,34 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test dev deployment +chart: + version: 9.9.9+test + appVersion: 9.9.9 +values: + - ../../values-dev.yaml +tests: + - it: should have environment variables set + template: templates/deployment.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[0].env + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 11 \ No newline at end of file diff --git a/charts/managed-identity-wallet/tests/dev/ingress_test.yaml b/charts/managed-identity-wallet/tests/dev/ingress_test.yaml new file mode 100644 index 000000000..4e8013f8e --- /dev/null +++ b/charts/managed-identity-wallet/tests/dev/ingress_test.yaml @@ -0,0 +1,73 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test dev ingress +chart: + version: 9.9.9+test + appVersion: 9.9.9 +values: + - ../../values-dev.yaml +tests: + - it: should have correct metadata + template: templates/ingress.yaml + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Ingress + apiVersion: networking.k8s.io/v1 + name: RELEASE-NAME-managed-identity-wallet + - isSubset: + path: metadata.labels + content: + helm.sh/chart: managed-identity-wallet-9.9.9_test + app.kubernetes.io/name: managed-identity-wallet + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/version: "9.9.9" + app.kubernetes.io/managed-by: Helm + + - it: must have rules set + template: templates/ingress.yaml + asserts: + - isNotEmpty: + path: spec.rules + - lengthEqual: + path: spec.rules + count: 1 + - isNotEmpty: + path: spec.rules[0].host + - lengthEqual: + path: spec.rules[0].http.paths + count: 1 + - isNotEmpty: + path: spec.rules[0].http.paths[0].path + + - it: must have tls set + template: templates/ingress.yaml + asserts: + - isNotEmpty: + path: spec.tls + - lengthEqual: + path: spec.tls + count: 1 + - isNotEmpty: + path: spec.tls[0].hosts + - lengthEqual: + path: spec.tls[0].hosts[0] + count: 1 \ No newline at end of file diff --git a/charts/managed-identity-wallet/tests/dev/secret_test.yaml b/charts/managed-identity-wallet/tests/dev/secret_test.yaml new file mode 100644 index 000000000..63e4aefac --- /dev/null +++ b/charts/managed-identity-wallet/tests/dev/secret_test.yaml @@ -0,0 +1,56 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test dev secret +chart: + version: 9.9.9+test + appVersion: 9.9.9 +values: + - ../../values-dev.yaml +tests: + - it: should have correct metadata + template: templates/secret.yaml + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: Secret + apiVersion: v1 + name: RELEASE-NAME-managed-identity-wallet + - isSubset: + path: metadata.labels + content: + helm.sh/chart: managed-identity-wallet-9.9.9_test + app.kubernetes.io/name: managed-identity-wallet + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/version: "9.9.9" + app.kubernetes.io/managed-by: Helm + + - it: must have type set to Opaque + template: templates/secret.yaml + asserts: + - equal: + path: type + value: Opaque + + - it: must have data set + template: templates/secret.yaml + asserts: + - isNotEmpty: + path: data \ No newline at end of file From dfe107dcd54fd44ad87e56ab799ee78a7f39a0ec Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 13:05:16 +0200 Subject: [PATCH 014/116] feat(helm): add default labels to secret --- charts/managed-identity-wallet/templates/secret.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/managed-identity-wallet/templates/secret.yaml b/charts/managed-identity-wallet/templates/secret.yaml index e8dadce33..2f7268f10 100644 --- a/charts/managed-identity-wallet/templates/secret.yaml +++ b/charts/managed-identity-wallet/templates/secret.yaml @@ -22,6 +22,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "managed-identity-wallet.fullname" . }} + labels: + {{- include "managed-identity-wallet.labels" . | nindent 4 }} type: Opaque data: {{- range $key, $val := .Values.secrets }} From 299b669b4b71315cd9c7c19672d510ddb5727c65 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 13:06:49 +0200 Subject: [PATCH 015/116] fix(helm): move APPLICATION_PORT env var outside if condition APPLICATION_PORT would be ignored, when no env vars were set... --- charts/managed-identity-wallet/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml index de0f715a3..a6e0d38d0 100644 --- a/charts/managed-identity-wallet/templates/deployment.yaml +++ b/charts/managed-identity-wallet/templates/deployment.yaml @@ -50,10 +50,10 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if or .Values.envs .Values.secrets }} env: - name: APPLICATION_PORT value: "8080" + {{- if or .Values.envs .Values.secrets }} {{- range $key, $val := .Values.envs }} - name: {{ $key }} value: {{ $val }} From 7c94f8954fd2fb2020b444ea9466d8eef8325353 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 13:59:44 +0200 Subject: [PATCH 016/116] fix(devel): add install links to check-tools.yaml --- dev-assets/tasks/darwin/check-tools.yaml | 2 +- dev-assets/tasks/linux/check-tools.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index ea63c889e..b42ec3521 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -44,7 +44,7 @@ tasks: check-helm-plugins: dir: dev-assets/tasks/darwin cmds: - - ./check_helm_plugin.sh unittest + - ./check_helm_plugin.sh unittest https://github.com/helm-unittest/helm-unittest#install check-docker: dir: dev-assets/tasks/darwin diff --git a/dev-assets/tasks/linux/check-tools.yaml b/dev-assets/tasks/linux/check-tools.yaml index 715fe527b..5a4851889 100644 --- a/dev-assets/tasks/linux/check-tools.yaml +++ b/dev-assets/tasks/linux/check-tools.yaml @@ -44,7 +44,7 @@ tasks: check-helm-plugins: dir: dev-assets/tasks/linux cmds: - - ./check_helm_plugin.sh unittest + - ./check_helm_plugin.sh unittest https://github.com/helm-unittest/helm-unittest#install check-docker: dir: dev-assets/tasks/linux From cb7ae41b21e6a3acbafcf98dcc09000514b298d1 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 14:00:20 +0200 Subject: [PATCH 017/116] feat(devel): show install link provided as parameter --- dev-assets/tasks/darwin/check_helm_plugin.sh | 2 +- dev-assets/tasks/linux/check_helm_plugin.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-assets/tasks/darwin/check_helm_plugin.sh b/dev-assets/tasks/darwin/check_helm_plugin.sh index 403de3a3f..dc5895fe2 100755 --- a/dev-assets/tasks/darwin/check_helm_plugin.sh +++ b/dev-assets/tasks/darwin/check_helm_plugin.sh @@ -25,6 +25,6 @@ if [[ $RESULT =~ $1 ]]; then echo "Plugin found! Info: $RESULT" else - echo "Plugin not found" + echo "Plugin not found. Install it from here: $2" exit 1 fi \ No newline at end of file diff --git a/dev-assets/tasks/linux/check_helm_plugin.sh b/dev-assets/tasks/linux/check_helm_plugin.sh index 403de3a3f..dc5895fe2 100755 --- a/dev-assets/tasks/linux/check_helm_plugin.sh +++ b/dev-assets/tasks/linux/check_helm_plugin.sh @@ -25,6 +25,6 @@ if [[ $RESULT =~ $1 ]]; then echo "Plugin found! Info: $RESULT" else - echo "Plugin not found" + echo "Plugin not found. Install it from here: $2" exit 1 fi \ No newline at end of file From 27c2b03325004932c317c96989733c0a88ef4785 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 14:06:59 +0200 Subject: [PATCH 018/116] feat(devel): add missing tasks and rename working dir --- dev-assets/tasks/windows/check-tools.yaml | 39 +++++++++++++++++------ 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/dev-assets/tasks/windows/check-tools.yaml b/dev-assets/tasks/windows/check-tools.yaml index cb1378865..14b79386a 100644 --- a/dev-assets/tasks/windows/check-tools.yaml +++ b/dev-assets/tasks/windows/check-tools.yaml @@ -24,32 +24,51 @@ tasks: cmds: - task: check-helm - task: check-helm-plugins + - task: check-helm-docs - task: check-docker - task: check-docker-compose - task: check-java + - task: check-jq ignore_error: true check-helm: - dir: .tasks + dir: dev-assets/tasks/windows + silent: true cmds: - - echo "Not implemented for windows!" + - echo "task 'check-prereq' not implemented for windows!" + + check-helm-docs: + dir: dev-assets/tasks/windows + silent: true + cmds: + - echo "task 'check-prereq' not implemented for windows!" check-helm-plugins: - dir: .tasks + dir: dev-assets/tasks/windows + silent: true cmds: - - echo "Not implemented for windows!" + - echo "task 'check-prereq' not implemented for windows!" check-docker: - dir: .tasks + dir: dev-assets/tasks/windows + silent: true cmds: - - echo "Not implemented for windows!" + - echo "task 'check-prereq' not implemented for windows!" check-docker-compose: - dir: .tasks + dir: dev-assets/tasks/windows + silent: true + cmds: + - echo "task 'check-prereq' not implemented for windows!" + + check-jq: + dir: dev-assets/tasks/windows + silent: true cmds: - - echo "Not implemented for windows!" + - echo "task 'check-prereq' not implemented for windows!" check-java: - dir: .tasks + dir: dev-assets/tasks/windows + silent: true cmds: - - echo "Not implemented for windows!" + - echo "task 'check-prereq' not implemented for windows!" From 87aff685c7b6db40cd701d3b7f51101e4b02e0c4 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 14:07:29 +0200 Subject: [PATCH 019/116] feat(devel): suppress task header in output --- dev-assets/tasks/darwin/check-tools.yaml | 7 +++++++ dev-assets/tasks/linux/check-tools.yaml | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index b42ec3521..eded7be83 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -33,35 +33,42 @@ tasks: check-helm: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm check-helm-docs: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs check-helm-plugins: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_helm_plugin.sh unittest https://github.com/helm-unittest/helm-unittest#install check-docker: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_bin.sh docker https://www.docker.com check-docker-compose: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_bin.sh docker-compose https://www.docker.com check-jq: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_bin.sh jq https://jqlang.github.io/jq/ check-java: dir: dev-assets/tasks/darwin + silent: true cmds: - ./check_bin.sh java https://www.codejava.net/java-core/install-openjdk-17-on-macos diff --git a/dev-assets/tasks/linux/check-tools.yaml b/dev-assets/tasks/linux/check-tools.yaml index 5a4851889..87eca519d 100644 --- a/dev-assets/tasks/linux/check-tools.yaml +++ b/dev-assets/tasks/linux/check-tools.yaml @@ -33,35 +33,42 @@ tasks: check-helm: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm check-helm-docs: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs check-helm-plugins: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_helm_plugin.sh unittest https://github.com/helm-unittest/helm-unittest#install check-docker: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_bin.sh docker https://www.docker.com check-docker-compose: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_bin.sh docker-compose https://www.docker.com check-jq: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_bin.sh jq https://jqlang.github.io/jq/ check-java: dir: dev-assets/tasks/linux + silent: true cmds: - ./check_bin.sh java https://www.codejava.net/java-core/install-openjdk-17-on-macos From e2ef3fe536b8168a3806508c8c2da8f15cc5d247 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 4 Jul 2023 15:01:10 +0200 Subject: [PATCH 020/116] fix(docker): use jdk 17 instead of jdk 18 and remove the EXPOSE statement --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ecdf6123c..9ccf12ba9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,9 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -FROM eclipse-temurin:19-jre-alpine - -EXPOSE 8080:8080 +FROM eclipse-temurin:17-jre-alpine # run as non-root user RUN addgroup -g 11111 -S miw && adduser -u 11111 -S -s /bin/false -G miw miw From 37c9289a054cc2e70a9169119e951986abd0b074 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 5 Jul 2023 10:30:46 +0200 Subject: [PATCH 021/116] refactor(helm): use custom values.yaml (instead of values-dev.yaml) for testing and add more tests --- .../tests/custom-values/deployment_test.yaml | 72 +++++++++++++++++++ .../{dev => custom-values}/ingress_test.yaml | 2 +- .../{dev => custom-values}/secret_test.yaml | 16 ++++- .../values.yml} | 37 ++++++---- 4 files changed, 109 insertions(+), 18 deletions(-) create mode 100644 charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml rename charts/managed-identity-wallet/tests/{dev => custom-values}/ingress_test.yaml (98%) rename charts/managed-identity-wallet/tests/{dev => custom-values}/secret_test.yaml (85%) rename charts/managed-identity-wallet/tests/{dev/deployment_test.yaml => custom-values/values.yml} (70%) diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml new file mode 100644 index 000000000..b7a553bf3 --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -0,0 +1,72 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test dev deployment +chart: + version: 9.9.9+test + appVersion: 9.9.9 +values: + - values.yml +tests: + - it: should have latest image tag + template: templates/deployment.yaml + asserts: + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: .:latest + + - it: should have environment variables set + template: templates/deployment.yaml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[0].env + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 5 + - contains: + path: spec.template.spec.containers[0].env + content: + name: APPLICATION_PORT + value: "8080" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: postgres-host + - contains: + path: spec.template.spec.containers[0].env + content: + name: MIW_HOST_NAME + value: miw + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: DB_PASSWORD + name: RELEASE-NAME-managed-identity-wallet + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_USER_NAME + valueFrom: + secretKeyRef: + key: DB_USER_NAME + name: RELEASE-NAME-managed-identity-wallet diff --git a/charts/managed-identity-wallet/tests/dev/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml similarity index 98% rename from charts/managed-identity-wallet/tests/dev/ingress_test.yaml rename to charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml index 4e8013f8e..41db3ee51 100644 --- a/charts/managed-identity-wallet/tests/dev/ingress_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml @@ -22,7 +22,7 @@ chart: version: 9.9.9+test appVersion: 9.9.9 values: - - ../../values-dev.yaml + - values.yml tests: - it: should have correct metadata template: templates/ingress.yaml diff --git a/charts/managed-identity-wallet/tests/dev/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml similarity index 85% rename from charts/managed-identity-wallet/tests/dev/secret_test.yaml rename to charts/managed-identity-wallet/tests/custom-values/secret_test.yaml index 63e4aefac..0f3ecacca 100644 --- a/charts/managed-identity-wallet/tests/dev/secret_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml @@ -22,7 +22,7 @@ chart: version: 9.9.9+test appVersion: 9.9.9 values: - - ../../values-dev.yaml + - values.yml tests: - it: should have correct metadata template: templates/secret.yaml @@ -53,4 +53,16 @@ tests: template: templates/secret.yaml asserts: - isNotEmpty: - path: data \ No newline at end of file + path: data + + - it: must have values in data + template: templates/secret.yaml + asserts: + - equal: + path: data.DB_USER_NAME + value: dbuser + decodeBase64: true + - equal: + path: data.DB_PASSWORD + value: password + decodeBase64: true diff --git a/charts/managed-identity-wallet/tests/dev/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/values.yml similarity index 70% rename from charts/managed-identity-wallet/tests/dev/deployment_test.yaml rename to charts/managed-identity-wallet/tests/custom-values/values.yml index 1a6626461..5ef65d61b 100644 --- a/charts/managed-identity-wallet/tests/dev/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/values.yml @@ -17,18 +17,25 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -suite: test dev deployment -chart: - version: 9.9.9+test - appVersion: 9.9.9 -values: - - ../../values-dev.yaml -tests: - - it: should have environment variables set - template: templates/deployment.yaml - asserts: - - isNotEmpty: - path: spec.template.spec.containers[0].env - - lengthEqual: - path: spec.template.spec.containers[0].env - count: 11 \ No newline at end of file +image: + tag: "latest" + +secrets: + DB_USER_NAME: dbuser + DB_PASSWORD: password + +envs: + DB_HOST: postgres-host + MIW_HOST_NAME: miw + +ingress: + enabled: true + hosts: + - host: localhost.local + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: miw-secret + hosts: + - localhost.local From 6cd5d6c6fd9e088f0f9b81a09cf1559477b1143b Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 5 Jul 2023 12:22:06 +0200 Subject: [PATCH 022/116] refactor(helm): remove old MIW Helm chart --- charts/managed-identity-wallets/.gitignore | 2 - charts/managed-identity-wallets/.helmignore | 23 - charts/managed-identity-wallets/Chart.yaml | 31 -- charts/managed-identity-wallets/README.md | 135 ------ .../argocd/appsetup-dev.yaml | 22 - .../argocd/appsetup-int.yaml | 22 - .../templates/_helpers.tpl | 89 ---- .../templates/deployment.yaml | 410 ------------------ .../templates/ingress.yaml | 65 --- .../templates/secrets.yaml | 66 --- .../templates/service.yaml | 33 -- .../managed-identity-wallets/values-beta.yaml | 98 ----- .../managed-identity-wallets/values-dev.yaml | 96 ---- .../managed-identity-wallets/values-int.yaml | 98 ----- .../values-local.yaml | 34 -- .../managed-identity-wallets/values-pen.yaml | 50 --- charts/managed-identity-wallets/values.yaml | 268 ------------ 17 files changed, 1542 deletions(-) delete mode 100644 charts/managed-identity-wallets/.gitignore delete mode 100644 charts/managed-identity-wallets/.helmignore delete mode 100644 charts/managed-identity-wallets/Chart.yaml delete mode 100644 charts/managed-identity-wallets/README.md delete mode 100644 charts/managed-identity-wallets/argocd/appsetup-dev.yaml delete mode 100644 charts/managed-identity-wallets/argocd/appsetup-int.yaml delete mode 100644 charts/managed-identity-wallets/templates/_helpers.tpl delete mode 100644 charts/managed-identity-wallets/templates/deployment.yaml delete mode 100644 charts/managed-identity-wallets/templates/ingress.yaml delete mode 100644 charts/managed-identity-wallets/templates/secrets.yaml delete mode 100644 charts/managed-identity-wallets/templates/service.yaml delete mode 100644 charts/managed-identity-wallets/values-beta.yaml delete mode 100644 charts/managed-identity-wallets/values-dev.yaml delete mode 100644 charts/managed-identity-wallets/values-int.yaml delete mode 100644 charts/managed-identity-wallets/values-local.yaml delete mode 100644 charts/managed-identity-wallets/values-pen.yaml delete mode 100644 charts/managed-identity-wallets/values.yaml diff --git a/charts/managed-identity-wallets/.gitignore b/charts/managed-identity-wallets/.gitignore deleted file mode 100644 index 2946e34f0..000000000 --- a/charts/managed-identity-wallets/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -Chart.lock -charts/ diff --git a/charts/managed-identity-wallets/.helmignore b/charts/managed-identity-wallets/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/managed-identity-wallets/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/managed-identity-wallets/Chart.yaml b/charts/managed-identity-wallets/Chart.yaml deleted file mode 100644 index 1516f25dd..000000000 --- a/charts/managed-identity-wallets/Chart.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: v2 -name: managed-identity-wallets -description: Managed Identity Wallets Service - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.7.5 -appVersion: 3.3.2 - -dependencies: - - name: postgresql - version: 11.x.x - repository: https://charts.bitnami.com/bitnami - condition: acapypostgresql.enabled - alias: acapypostgresql - - name: postgresql - version: 11.x.x - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled - alias: postgresql diff --git a/charts/managed-identity-wallets/README.md b/charts/managed-identity-wallets/README.md deleted file mode 100644 index 632c02399..000000000 --- a/charts/managed-identity-wallets/README.md +++ /dev/null @@ -1,135 +0,0 @@ -# managed-identity-wallets - -![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.3.2](https://img.shields.io/badge/AppVersion-3.3.2-informational?style=flat-square) - -Managed Identity Wallets Service - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | acapypostgresql(postgresql) | 11.x.x | -| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 11.x.x | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| acapy.endorser.adminPort | string | `"11000"` | The port at which the admin API is reachable | -| acapy.endorser.adminUrl | string | `"http://localhost:11000"` | The url of the admin API | -| acapy.endorser.databaseHost | string | `"acapypostgresql"` | The host of the used database | -| acapy.endorser.endpointPort | string | `"8000"` | The port at which the wallet is reachable | -| acapy.endorser.endpointUrl | string | `"https://localhost:8000"` | The endpoint url in the DID document | -| acapy.endorser.genesisUrl | string | `"http://dev.greenlight.bcovrin.vonx.io/genesis"` | The url of the used Indy ledger | -| acapy.endorser.label | string | `"BaseWalletIssuer"` | The label of the instance | -| acapy.endorser.logLevel | string | `"INFO"` | | -| acapy.endorser.networkIdentifier | string | `"greenlight:dev"` | The network identifier of the used Indy ledger | -| acapy.endorser.secret.apikey | string | `"0"` | The API key of the admin endpoints. It must be a random and secure string | -| acapy.endorser.secret.dbaccount | string | `"postgres"` | | -| acapy.endorser.secret.dbadminpassword | string | `"postgres"` | | -| acapy.endorser.secret.dbadminuser | string | `"postgres"` | | -| acapy.endorser.secret.dbpassword | string | `"postgres"` | | -| acapy.endorser.secret.jwtsecret | string | `"0"` | | -| acapy.endorser.secret.walletkey | string | `"0"` | | -| acapy.endorser.secret.walletseed | string | `"RandomSeedPlaceHolder0x135791113"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. | -| acapy.imageName | string | `"bcgovimages/aries-cloudagent"` | | -| acapy.mt.adminPort | string | `"11003"` | The port at which the admin API is reachable | -| acapy.mt.adminUrl | string | `"http://localhost:11003"` | The url of the admin API | -| acapy.mt.databaseHost | string | `"acapypostgresql"` | The host of the used database | -| acapy.mt.endorserPublicDid | string | `"ShortDIDPlaceholderX"` | The short DID of the base wallet | -| acapy.mt.endpointPort | string | `"8003"` | The port at which the sub-wallets are reachable | -| acapy.mt.endpointUrl | string | `"https://localhost:8003"` | The endpoint url in the DID document | -| acapy.mt.genesisUrl | string | `"http://dev.greenlight.bcovrin.vonx.io/genesis"` | The url of the used Indy ledger | -| acapy.mt.label | string | `"ManagedWallet"` | The label of the instance | -| acapy.mt.logLevel | string | `"INFO"` | | -| acapy.mt.networkIdentifier | string | `"greenlight:dev"` | The network identifier of the used Indy ledger | -| acapy.mt.secret.apikey | string | `"0"` | The API-Key of the admin endpoints. It must be a random and secure string | -| acapy.mt.secret.dbaccount | string | `"postgres"` | | -| acapy.mt.secret.dbadminpassword | string | `"postgres"` | | -| acapy.mt.secret.dbadminuser | string | `"postgres"` | | -| acapy.mt.secret.dbpassword | string | `"postgres"` | | -| acapy.mt.secret.jwtsecret | string | `"0"` | | -| acapy.mt.secret.walletkey | string | `"0"` | | -| acapy.mt.secret.walletseed | string | `"RandomSeedPlaceHolder0x246810120"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. | -| acapy.mt.webhookUrl | string | `"http://localhost:8080/webhook"` | The url at which events are sent. It should be the webhook endpoint in MIW | -| acapy.tag | string | `"py36-1.16-1_0.7.5"` | | -| acapypostgresql.auth.existingSecret | string | `"product-managed-identity-wallets-acapypostgresql"` | | -| acapypostgresql.enabled | bool | `true` | | -| acapypostgresql.secret.password | string | `"postgres"` | | -| acapypostgresql.secret.postgrespassword | string | `"postgres"` | | -| acapypostgresql.secret.user | string | `"postgres"` | | -| allowEmptyPassword | string | `"\"yes\""` | | -| auth.issuerUrl | string | `"https://localhost:8081"` | IAM token issuer url | -| auth.jwksUrl | string | `"https://localhost:8081"` | IAM certs url | -| auth.realm | string | `"CX-Central"` | The realm name in Keycloak | -| auth.redirectUrl | string | `"https:/localhost:8080/callback"` | IAM redirect url to the MIW | -| auth.resourceId | string | `"Cl5-CX-Custodian"` | The resource Id in Keycloak | -| auth.role | string | `"add_wallets"` | The main role in MIW | -| auth.roleMappings | string | `"create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet"` | The role mapping in MIW | -| certificate.host | string | `"localhost"` | | -| datapool.authUrl | string | `""` | IAM url to get the access token for BPDM data pool endpoint | -| datapool.grantType | string | `"client_credentials"` | | -| datapool.refreshHour | string | `"23"` | At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool | -| datapool.scope | string | `"openid"` | | -| datapool.url | string | `""` | Url at which the API of BPDM is reachable | -| db.jdbcDriver | string | `"org.postgresql.Driver"` | Database driver to use | -| httpClientTimeout | object | `{"bpdServiceConnect":"25000","bpdServiceRequest":"25000","bpdServiceSocket":"25000","revocationServiceConnect":"25000","revocationServiceRequest":"25000","revocationServiceSocket":"25000","walletServiceConnect":"25000","walletServiceRequest":"25000","walletServiceSocket":"25000","webhookServiceConnect":"25000","webhookServiceRequest":"25000","webhookServiceSocket":"25000"}` | The timeout (milliseconds) configuration of http client in each service. | -| image.name | string | `"catenax-ng/tx-managed-identity-wallets_service"` | | -| image.registry | string | `"ghcr.io"` | | -| image.secret | string | `"acr-credentials"` | | -| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| ingress.enabled | bool | `false` | | -| isLocal | bool | `false` | Deployment on Kubernetes on local device | -| logging | object | `{"exposed":"INFO","jetty":"INFO","ktorRoot":"INFO","netty":"INFO","servicesCalls":"INFO"}` | The logging configurations | -| logging.servicesCalls | string | `"INFO"` | Options: ALL, HEADERS, BODY, INFO, NONE | -| managedIdentityWallets.secret.authclientid | string | `"clientid"` | It can be extracted from Keycloak | -| managedIdentityWallets.secret.authclientsecret | string | `"client"` | It can be extracted from Keycloak | -| managedIdentityWallets.secret.bpdmauthclientid | string | `"clientid"` | client id for accessing the BPDM data pool endpoint | -| managedIdentityWallets.secret.bpdmauthclientsecret | string | `"client"` | client secret for accessing the BPDM data pool endpoint | -| managedIdentityWallets.secret.jdbcurl | string | `"jdbc:postgresql://:/?user=&password="` | Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false | -| namespace | string | `"managed-identity-wallets"` | | -| openapi.contactEmail | string | `"tractusx-dev@eclipse.org"` | | -| openapi.contactName | string | `"Eclipse Tractus-X"` | | -| openapi.contactUrl | string | `"https://projects.eclipse.org/projects/automotive.tractusx"` | | -| openapi.description | string | `"Managed Identity Wallets API"` | | -| openapi.licenseName | string | `"Apache 2.0"` | | -| openapi.licenseUrl | string | `"https://github.com/eclipse-tractusx/managed-identity-wallets/blob/main/LICENSE"` | | -| openapi.termsOfServiceUrl | string | `"https://www.eclipse.org/legal/termsofuse.php"` | | -| openapi.title | string | `"Managed Identity Wallets API"` | | -| postgresql.auth.existingSecret | string | `"product-managed-identity-wallets-postgresql"` | | -| postgresql.enabled | bool | `true` | | -| postgresql.primary.extraVolumeMounts[0].mountPath | string | `"/docker-entrypoint-initdb.d"` | | -| postgresql.primary.extraVolumeMounts[0].name | string | `"initdb"` | | -| postgresql.primary.extraVolumes[0].emptyDir | object | `{}` | | -| postgresql.primary.extraVolumes[0].name | string | `"initdb"` | | -| postgresql.primary.initContainers[0].args[0] | string | `"-c"` | | -| postgresql.primary.initContainers[0].args[1] | string | `"echo \"Copying initdb sqls...\"\ncp -R /initdb/* /docker-entrypoint-initdb.d\n"` | | -| postgresql.primary.initContainers[0].command[0] | string | `"sh"` | | -| postgresql.primary.initContainers[0].image | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_initdb:3.3.2"` | The image is built and used to initialize the database of MIW. The tag must equal the appVersion in Chart.yaml | -| postgresql.primary.initContainers[0].imagePullPolicy | string | `"Always"` | | -| postgresql.primary.initContainers[0].name | string | `"initdb"` | | -| postgresql.primary.initContainers[0].volumeMounts[0].mountPath | string | `"/docker-entrypoint-initdb.d"` | | -| postgresql.primary.initContainers[0].volumeMounts[0].name | string | `"initdb"` | | -| postgresql.secret.password | string | `"postgres"` | | -| postgresql.secret.postgrespassword | string | `"postgres"` | | -| postgresql.secret.user | string | `"postgres"` | | -| postgresql.useDefaultJdbcUrl | bool | `true` | use the default jdbc url `jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s` instead of the value in managedIdentityWallets.secrets.jdbcUrl | -| resources | object | `{"endorserAcapy":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"managedIdentityWallets":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"mtAcapy":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"revocationService":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}}` | used resources for each componenet | -| revocation.refreshHour | string | `"3"` | At which hour (24-hour clock) the cron job should issue/update status-list credentials | -| revocation.revocationServiceUrl | string | `"http://localhost:8086"` | The url of the revocation service | -| revocationService.baseUrlForCredentialList | string | `"https//localhost:8080/api/credentials/"` | The the endpoint in MIW at which status credentials can be issued | -| revocationService.clientIssuanceApiUrl | string | `"http://localhost:8080"` | The url at which the MIW is reachable | -| revocationService.httpAccessLog | bool | `true` | | -| revocationService.imageName | string | `"registry.gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/revocation"` | | -| revocationService.minIssueInterval | string | `"2"` | Issuance cache interval | -| revocationService.port | string | `"8086"` | | -| revocationService.tag | string | `"1.0.0-SNAPSHOT-quarkus-2.10.2.Final-java17"` | | -| wallet.allowlistDids | string | `""` | A list of full DIDs seperated by comma ",". Those DIDs are allowed to send a connection request to managed wallets. Empty for public invitation allowance | -| wallet.baseWalletBpn | string | `""` | The BPN of the base wallet | -| wallet.baseWalletName | string | `""` | The name of the base wallet | -| wallet.baseWalletShortDid | string | `""` | The short DID of the base wallet. It can be created with its verkey as described in https://github.com/eclipse-tractusx/managed-identity-wallets#Integrate-with-Indy-Ledger. It should be registered on the Indy ledger with role endorser. | -| wallet.baseWalletVerkey | string | `""` | The verkey (public key) of the base wallet | -| wallet.membershipOrganisation | string | `"Platform-A"` | The name used in the Membership credential | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/charts/managed-identity-wallets/argocd/appsetup-dev.yaml b/charts/managed-identity-wallets/argocd/appsetup-dev.yaml deleted file mode 100644 index ddb155c6a..000000000 --- a/charts/managed-identity-wallets/argocd/appsetup-dev.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: managed-identity-wallets -spec: - destination: - namespace: product-managed-identity-wallets - server: 'https://kubernetes.default.svc' - source: - repoURL: 'https://github.com/catenax-ng/product-core-managed-identity-wallets.git' - path: helm/managed-identity-wallets - targetRevision: develop - helm: - valueFiles: - - values.yaml - - values-dev.yaml - plugin: - name: argocd-vault-plugin-helm - env: - - name: AVP_SECRET - value: vault-secret - project: project-managed-identity-wallets diff --git a/charts/managed-identity-wallets/argocd/appsetup-int.yaml b/charts/managed-identity-wallets/argocd/appsetup-int.yaml deleted file mode 100644 index 605867d20..000000000 --- a/charts/managed-identity-wallets/argocd/appsetup-int.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: managed-identity-wallets -spec: - destination: - namespace: product-managed-identity-wallets - server: 'https://kubernetes.default.svc' - source: - repoURL: 'https://github.com/catenax-ng/product-core-managed-identity-wallets.git' - path: helm/managed-identity-wallets - targetRevision: main - helm: - valueFiles: - - values.yaml - - values-int.yaml - plugin: - name: argocd-vault-plugin-helm - env: - - name: AVP_SECRET - value: vault-secret - project: project-managed-identity-wallets diff --git a/charts/managed-identity-wallets/templates/_helpers.tpl b/charts/managed-identity-wallets/templates/_helpers.tpl deleted file mode 100644 index 1e91d554f..000000000 --- a/charts/managed-identity-wallets/templates/_helpers.tpl +++ /dev/null @@ -1,89 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "managed-identity-wallets.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "managed-identity-wallets.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "managed-identity-wallets.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "managed-identity-wallets.labels" -}} -helm.sh/chart: {{ include "managed-identity-wallets.chart" . }} -{{ include "managed-identity-wallets.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "managed-identity-wallets.selectorLabels" -}} -app.kubernetes.io/name: {{ include "managed-identity-wallets.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Invoke include on given definition with postgresql dependency context -Usage: include "acapyPostgresContext" (list $ "your_include_function_here") -*/}} -{{- define "acapyPostgresContext" -}} -{{- $ := index . 0 }} -{{- $function := index . 1 }} -{{- include $function (dict "Values" $.Values.acapypostgresql "Chart" (dict "Name" "acapypostgresql") "Release" $.Release) }} -{{- end }} - -{{/* -Invoke include on given definition with postgresql dependency context -Usage: include "postgresContext" (list $ "your_include_function_here") -*/}} -{{- define "postgresContext" -}} -{{- $ := index . 0 }} -{{- $function := index . 1 }} -{{- include $function (dict "Values" $.Values.postgresql "Chart" (dict "Name" "postgresql") "Release" $.Release) }} -{{- end }} - -{{/* -Create the default JDBC url -*/}} -{{- define "managed-identity-wallets.jdbcUrl" -}} -{{- printf "jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s" .Release.Name .Values.postgresql.secret.user .Values.postgresql.secret.postgrespassword }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "managed-identity-wallets.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "managed-identity-wallets.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/managed-identity-wallets/templates/deployment.yaml b/charts/managed-identity-wallets/templates/deployment.yaml deleted file mode 100644 index 250a81612..000000000 --- a/charts/managed-identity-wallets/templates/deployment.yaml +++ /dev/null @@ -1,410 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "managed-identity-wallets.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "managed-identity-wallets.selectorLabels" . | nindent 8 }} - spec: - nodeSelector: - "kubernetes.io/os": linux - imagePullSecrets: - - name: {{ .Values.image.secret }} - containers: - - name: managed-identity-wallets - {{- if .Values.image.registry }} - image: {{ .Values.image.registry }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }} - {{- else }} - image: {{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }} - {{- end }} - imagePullPolicy: Always - env: - - name: APP_VERSION - value: {{ .Chart.AppVersion }} - - name: ALLOW_EMPTY_PASSWORD - value: {{ .Values.allowEmptyPassword | default "no" }} - - name: MIW_DB_JDBC_URL - {{- if .Values.postgresql.useDefaultJdbcUrl }} - value: {{ include "managed-identity-wallets.jdbcUrl" . }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - key: miw-db-jdbc-url - {{- end }} - - name: MIW_DB_JDBC_DRIVER - value: {{ .Values.db.jdbcDriver }} - - name: MIW_AUTH_JWKS_URL - value: {{ .Values.auth.jwksUrl }} - - name: MIW_AUTH_ISSUER_URL - value: {{ .Values.auth.issuerUrl }} - - name: MIW_AUTH_REALM - value: {{ .Values.auth.realm }} - - name: MIW_AUTH_ROLE - value: {{ .Values.auth.role }} - - name: MIW_AUTH_ROLE_MAPPINGS - value: {{ .Values.auth.roleMappings }} - - name: MIW_AUTH_RESOURCE_ID - value: {{ .Values.auth.resourceId }} - - name: MIW_AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - key: miw-auth-client-id - - name: MIW_AUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - key: miw-auth-client-secret - - name: MIW_AUTH_REDIRECT_URL - value: {{ .Values.auth.redirectUrl }} - - name: BPDM_DATAPOOL_URL - value: {{ .Values.datapool.url }} - - name: BPDM_AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - key: bpdm-auth-client-id - - name: BPDM_AUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - key: bpdm-auth-client-secret - - name: BPDM_AUTH_GRANT_TYPE - value: {{ .Values.datapool.grantType }} - - name: BPDM_AUTH_SCOPE - value: {{ .Values.datapool.scope }} - - name: BPDM_AUTH_URL - value: {{ .Values.datapool.authUrl }} - - name: BPDM_PULL_DATA_AT_HOUR - value: {{ .Values.datapool.refreshHour | quote }} - - name: ACAPY_NETWORK_IDENTIFIER - value: {{ .Values.acapy.networkIdentifier }} - - name: ACAPY_API_ADMIN_URL - value: {{ .Values.acapy.mt.adminUrl }} - - name: ACAPY_ADMIN_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-admin-api-key - - name: ACAPY_BASE_WALLET_API_ADMIN_URL - value: {{ .Values.acapy.endorser.adminUrl }} - - name: ACAPY_BASE_WALLET_ADMIN_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-admin-api-key - - name: MIW_BPN - value: {{ .Values.wallet.baseWalletBpn }} - - name: MIW_SHORT_DID - value: {{ .Values.wallet.baseWalletShortDid }} - - name: MIW_VERKEY - value: {{ .Values.wallet.baseWalletVerkey }} - - name: MIW_NAME - value: {{ .Values.wallet.baseWalletName }} - - name: MIW_ALLOWLIST_DIDS - value: {{ .Values.wallet.allowlistDids }} - - name: MIW_MEMBERSHIP_ORG - value: {{ .Values.wallet.membershipOrganisation }} - - name: MIW_OPENAPI_TITLE - value: {{ .Values.openapi.title }} - - name: MIW_OPENAPI_DESCRIPTION - value: {{ .Values.openapi.description }} - - name: MIW_OPENAPI_TERM_OF_SERVICES_URL - value: {{ .Values.openapi.termsOfServiceUrl }} - - name: MIW_OPENAPI_CONTACT_NAME - value: {{ .Values.openapi.contactName }} - - name: MIW_OPENAPI_CONTACT_EMAIL - value: {{ .Values.openapi.contactEmail }} - - name: MIW_OPENAPI_CONTACT_URL - value: {{ .Values.openapi.contactUrl }} - - name: MIW_OPENAPI_LICENSE_NAME - value: {{ .Values.openapi.licenseName }} - - name: MIW_OPENAPI_LICENSE_URL - value: {{ .Values.openapi.licenseUrl }} - - name: REVOCATION_URL - value: {{ .Values.revocation.revocationServiceUrl }} - - name: REVOCATION_CREATE_STATUS_LIST_CREDENTIAL_AT_HOUR - value: {{ .Values.revocation.refreshHour | quote }} - - name: LOG_LEVEL_KTOR_ROOT - value: {{ .Values.logging.ktorRoot }} - - name: LOG_LEVEL_EXPOSED - value: {{ .Values.logging.exposed }} - - name: LOG_LEVEL_ECLIPSE_JETTY - value: {{ .Values.logging.jetty }} - - name: LOG_LEVEL_NETTY - value: {{ .Values.logging.netty }} - - name: LOG_LEVEL_SERVICES_CALLS - value: {{ .Values.logging.servicesCalls }} - - name: WALLET_SERVICE_REQUEST_TIMEOUT - value: {{ .Values.httpClientTimeout.walletServiceRequest | quote }} - - name: WALLET_SERVICE_CONNECT_TIMEOUT - value: {{ .Values.httpClientTimeout.walletServiceConnect | quote }} - - name: WALLET_SERVICE_SOCKET_TIMEOUT - value: {{ .Values.httpClientTimeout.walletServiceSocket | quote }} - - name: BPD_SERVICE_REQUEST_TIMEOUT - value: {{ .Values.httpClientTimeout.bpdServiceRequest | quote }} - - name: BPD_SERVICE_CONNECT_TIMEOUT - value: {{ .Values.httpClientTimeout.bpdServiceConnect | quote }} - - name: BPD_SERVICE_SOCKET_TIMEOUT - value: {{ .Values.httpClientTimeout.bpdServiceSocket | quote }} - - name: REVOCATION_SERVICE_REQUEST_TIMEOUT - value: {{ .Values.httpClientTimeout.revocationServiceRequest | quote }} - - name: REVOCATION_SERVICE_CONNECT_TIMEOUT - value: {{ .Values.httpClientTimeout.revocationServiceConnect | quote }} - - name: REVOCATION_SERVICE_SOCKET_TIMEOUT - value: {{ .Values.httpClientTimeout.revocationServiceSocket | quote }} - - name: WEBHOOK_SERVICE_REQUEST_TIMEOUT - value: {{ .Values.httpClientTimeout.webhookServiceRequest | quote }} - - name: WEBHOOK_SERVICE_CONNECT_TIMEOUT - value: {{ .Values.httpClientTimeout.webhookServiceConnect | quote }} - - name: WEBHOOK_SERVICE_SOCKET_TIMEOUT - value: {{ .Values.httpClientTimeout.webhookServiceSocket | quote }} - resources: - requests: - cpu: {{ .Values.resources.managedIdentityWallets.requests.cpu }} - memory: {{ .Values.resources.managedIdentityWallets.requests.memory }} - limits: - cpu: {{ .Values.resources.managedIdentityWallets.limits.cpu }} - memory: {{ .Values.resources.managedIdentityWallets.limits.memory }} - ports: - - containerPort: 8080 - - name: revocation-service - image: {{ .Values.revocationService.imageName }}:{{ .Values.revocationService.tag }} - imagePullPolicy: Always - env: - - name: QUARKUS_HTTP_PORT - value: {{ .Values.revocationService.port | quote }} - - name: QUARKUS_HTTP_ACCESS_LOG_ENABLED - value: {{ .Values.revocationService.httpAccessLog | quote | default "false" }} - - name: QUARKUS_DATASOURCE_JDBC_URL - {{- if .Values.postgresql.useDefaultJdbcUrl }} - value: {{ include "managed-identity-wallets.jdbcUrl" . }} - {{- else }} - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - key: miw-db-jdbc-url - {{- end }} - - name: REVOCATION_BASE_URL - value: {{ .Values.revocationService.baseUrlForCredentialList }} - - name: REVOCATION_MIN_ISSUE_INTERVAL - value: {{ .Values.revocationService.minIssueInterval | quote}} - - name: QUARKUS_REST_CLIENT_SSI_ISSUANCE_API_URL - value: {{ .Values.revocationService.clientIssuanceApiUrl }} - resources: - requests: - cpu: {{ .Values.resources.revocationService.requests.cpu }} - memory: {{ .Values.resources.revocationService.requests.memory }} - limits: - cpu: {{ .Values.resources.revocationService.limits.cpu }} - memory: {{ .Values.resources.revocationService.limits.memory }} - ports: - - containerPort: 8086 - - name: endorser-acapy - image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }} - env: - - name: WALLET_KEY - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-wallet-key - - name: AGENT_WALLET_SEED - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-agent-wallet-seed - - name: LEDGER_URL - value: {{ .Values.acapy.endorser.genesisUrl }} - - name: LABEL - value: {{ .Values.acapy.endorser.label }} - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-jwt-secret - - name: ACAPY_ADMIN_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-admin-api-key - - name: LOG_LEVEL - value: {{ .Values.acapy.endorser.logLevel }} - - name: ACAPY_ENDPOINT_PORT - value: {{ .Values.acapy.endorser.endpointPort | quote }} - - name: ACAPY_ENDPOINT_URL - value: {{ .Values.acapy.endorser.endpointUrl }} - - name: ACAPY_ADMIN_PORT - value: {{ .Values.acapy.endorser.adminPort | quote }} - - name: DB_HOST - {{- if .Values.acapypostgresql.enabled }} - value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }} - {{- else }} - value: {{ .Values.acapy.endorser.databaseHost }} - {{- end }} - - name: DB_ACCOUNT - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-db-account - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-db-password - - name: DB_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-db-admin - - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-endorser-db-admin-password - resources: - requests: - cpu: {{ .Values.resources.endorserAcapy.requests.cpu }} - memory: {{ .Values.resources.endorserAcapy.requests.memory }} - limits: - cpu: {{ .Values.resources.endorserAcapy.limits.cpu }} - memory: {{ .Values.resources.endorserAcapy.limits.memory }} - ports: - - containerPort: 8000 - command: ["/bin/bash"] - args: ["-c", "aca-py start \ - -e $(ACAPY_ENDPOINT_URL) \ - --auto-provision \ - --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \ - --outbound-transport http \ - --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \ - --wallet-name AcapyBaseEndorserWallet \ - --wallet-type askar \ - --wallet-key $(WALLET_KEY) \ - --wallet-storage-type postgres_storage - --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}' - --wallet-storage-creds '{\"account\":\"$(DB_ACCOUNT)\",\"password\":\"$(DB_PASSWORD)\",\"admin_account\":\"$(DB_ADMIN_USER)\",\"admin_password\":\"$(DB_ADMIN_PASSWORD)\"}' - --seed $(AGENT_WALLET_SEED) \ - --genesis-url $(LEDGER_URL) \ - --label $(LABEL) \ - --admin-api-key $(ACAPY_ADMIN_API_KEY) \ - --auto-ping-connection \ - --jwt-secret $(JWT_SECRET) \ - --public-invites \ - --endorser-protocol-role endorser \ - --auto-endorse-transactions \ - --log-level $(LOG_LEVEL)" - ] - - name: mt-acapy - image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }} - env: - - name: WALLET_KEY - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-wallet-key - - name: AGENT_WALLET_SEED - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-agent-wallet-seed - - name: LEDGER_URL - value: {{ .Values.acapy.mt.genesisUrl }} - - name: LABEL - value: {{ .Values.acapy.mt.label }} - - name: JWT_SECRET - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-jwt-secret - - name: ACAPY_ADMIN_API_KEY - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-admin-api-key - - name: LOG_LEVEL - value: {{ .Values.acapy.mt.logLevel }} - - name: ACAPY_ENDPOINT_PORT - value: {{ .Values.acapy.mt.endpointPort | quote }} - - name: ACAPY_ENDPOINT_URL - value: {{ .Values.acapy.mt.endpointUrl }} - - name: ACAPY_ADMIN_PORT - value: {{ .Values.acapy.mt.adminPort | quote }} - - name: DB_HOST - {{- if .Values.acapypostgresql.enabled }} - value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }} - {{- else }} - value: {{ .Values.acapy.mt.databaseHost }} - {{- end }} - - name: DB_ACCOUNT - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-db-account - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-db-password - - name: DB_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-db-admin - - name: DB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - key: acapy-mt-db-admin-password - - name: ACAPY_ENDORSER_PUBLIC_DID - value: {{ .Values.acapy.mt.endorserPublicDid }} - - name: ACAPY_WEBHOOK_URL - value: {{ .Values.acapy.mt.webhookUrl }} - resources: - requests: - cpu: {{ .Values.resources.mtAcapy.requests.cpu }} - memory: {{ .Values.resources.mtAcapy.requests.memory }} - limits: - cpu: {{ .Values.resources.mtAcapy.limits.cpu }} - memory: {{ .Values.resources.mtAcapy.limits.memory }} - ports: - - containerPort: 8003 - command: ["/bin/bash"] - args: ["-c", "aca-py start \ - -e $(ACAPY_ENDPOINT_URL) \ - --auto-provision \ - --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \ - --outbound-transport http \ - --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \ - --wallet-name AcapyManagedWallet \ - --wallet-type askar \ - --wallet-key $(WALLET_KEY) \ - --wallet-storage-type postgres_storage - --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}' - --wallet-storage-creds '{\"account\":\"$(DB_ACCOUNT)\",\"password\":\"$(DB_PASSWORD)\",\"admin_account\":\"$(DB_ADMIN_USER)\",\"admin_password\":\"$(DB_ADMIN_PASSWORD)\"}' - --seed $(AGENT_WALLET_SEED) \ - --genesis-url $(LEDGER_URL) \ - --label $(LABEL) \ - --admin-api-key $(ACAPY_ADMIN_API_KEY) \ - --auto-ping-connection \ - --jwt-secret $(JWT_SECRET) \ - --multitenant \ - --multitenant-admin \ - --public-invites \ - --webhook-url $(ACAPY_WEBHOOK_URL) \ - --endorser-protocol-role author \ - --endorser-alias endorser \ - --endorser-public-did $(ACAPY_ENDORSER_PUBLIC_DID) \ - --auto-request-endorsement \ - --auto-write-transactions \ - --auto-promote-author-did \ - --log-level $(LOG_LEVEL)" - ] diff --git a/charts/managed-identity-wallets/templates/ingress.yaml b/charts/managed-identity-wallets/templates/ingress.yaml deleted file mode 100644 index 9089cf82d..000000000 --- a/charts/managed-identity-wallets/templates/ingress.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- if .Values.ingress.enabled }} ---- -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: managed-identity-wallets-ingress - namespace: {{ .Values.Namespace }} - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/use-regex: "true" - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/server-snippet: | - location ~* /list-credential/ { - deny all; - return 403; - } - - location ~* /webhook/topic/ { - deny all; - return 403; - } - - # If you encounter a redirect loop or are getting a 307 response code - # then you need to force the nginx ingress to connect to the backend using HTTPS. - # - # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" -spec: - rules: - - host: {{ .Values.certificate.host }} - http: - paths: - - path: /didcomm-base - pathType: Exact - backend: - service: - name: managed-identity-wallets-acapy-base - port: - number: 8000 - - host: {{ .Values.certificate.host }} - http: - paths: - - path: /didcomm-managed-wallets - pathType: Exact - backend: - service: - name: managed-identity-wallets-acapy-mt - port: - number: 8003 - - host: {{ .Values.certificate.host }} - http: - paths: - - path: /(.*) - pathType: Prefix - backend: - service: - name: managed-identity-wallets - port: - number: 8080 - tls: - - hosts: - - {{ .Values.certificate.host }} - secretName: tls-secret -{{- end}} diff --git a/charts/managed-identity-wallets/templates/secrets.yaml b/charts/managed-identity-wallets/templates/secrets.yaml deleted file mode 100644 index 676bc3f37..000000000 --- a/charts/managed-identity-wallets/templates/secrets.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if not .Values.isLocal }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "managed-identity-wallets.fullname" . }}-acapy - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - acapy-endorser-admin-api-key: {{ .Values.acapy.endorser.secret.apikey | quote }} - acapy-endorser-agent-wallet-seed: {{ .Values.acapy.endorser.secret.walletseed | quote }} - acapy-endorser-db-account: {{ .Values.acapy.endorser.secret.dbaccount | quote }} - acapy-endorser-db-admin: {{ .Values.acapy.endorser.secret.dbadminuser | quote }} - acapy-endorser-db-admin-password: {{ .Values.acapy.endorser.secret.dbadminpassword | quote }} - acapy-endorser-db-password: {{ .Values.acapy.endorser.secret.dbpassword | quote }} - acapy-endorser-jwt-secret: {{ .Values.acapy.endorser.secret.jwtsecret | quote }} - acapy-endorser-wallet-key: {{ .Values.acapy.endorser.secret.walletkey | quote }} - acapy-mt-admin-api-key: {{ .Values.acapy.mt.secret.apikey | quote }} - acapy-mt-agent-wallet-seed: {{ .Values.acapy.mt.secret.walletseed | quote }} - acapy-mt-db-account: {{ .Values.acapy.mt.secret.dbaccount | quote }} - acapy-mt-db-admin: {{ .Values.acapy.mt.secret.dbadminuser | quote }} - acapy-mt-db-admin-password: {{ .Values.acapy.mt.secret.dbadminpassword | quote }} - acapy-mt-db-password: {{ .Values.acapy.mt.secret.dbpassword | quote }} - acapy-mt-jwt-secret: {{ .Values.acapy.mt.secret.jwtsecret | quote }} - acapy-mt-wallet-key: {{ .Values.acapy.mt.secret.walletkey | quote }} -{{- end}} -{{- if not .Values.isLocal }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: product-managed-identity-wallets-acapypostgresql - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - password: {{ .Values.acapypostgresql.secret.password | quote }} - postgres-password: {{ .Values.acapypostgresql.secret.postgrespassword | quote }} - user: {{ .Values.acapypostgresql.secret.user | quote }} -{{- end}} -{{- if not .Values.isLocal }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: product-managed-identity-wallets-postgresql - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - password: {{ .Values.postgresql.secret.password | quote }} - postgres-password: {{ .Values.postgresql.secret.postgrespassword | quote }} - user: {{ .Values.postgresql.secret.user | quote }} -{{- end}} -{{- if not .Values.isLocal }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "managed-identity-wallets.fullname" . }}-secret - namespace: {{ .Release.Namespace }} -type: Opaque -stringData: - miw-db-jdbc-url: {{ .Values.managedIdentityWallets.secret.jdbcurl | quote }} - miw-auth-client-id: {{ .Values.managedIdentityWallets.secret.authclientid | quote }} - miw-auth-client-secret: {{ .Values.managedIdentityWallets.secret.authclientsecret | quote }} - bpdm-auth-client-id: {{ .Values.managedIdentityWallets.secret.bpdmauthclientid | quote }} - bpdm-auth-client-secret: {{ .Values.managedIdentityWallets.secret.bpdmauthclientsecret | quote }} -{{- end}} diff --git a/charts/managed-identity-wallets/templates/service.yaml b/charts/managed-identity-wallets/templates/service.yaml deleted file mode 100644 index 59bcb3283..000000000 --- a/charts/managed-identity-wallets/templates/service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: managed-identity-wallets - namespace: {{ .Release.Namespace }} -spec: - type: ClusterIP - ports: - - port: 8080 - selector: - {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: managed-identity-wallets-acapy-base -spec: - type: ClusterIP - ports: - - port: 8000 - selector: - {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} ---- -apiVersion: v1 -kind: Service -metadata: - name: managed-identity-wallets-acapy-mt -spec: - type: ClusterIP - ports: - - port: 8003 - selector: - {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }} diff --git a/charts/managed-identity-wallets/values-beta.yaml b/charts/managed-identity-wallets/values-beta.yaml deleted file mode 100644 index 7214165c0..000000000 --- a/charts/managed-identity-wallets/values-beta.yaml +++ /dev/null @@ -1,98 +0,0 @@ -### -### DEPRECATED -### -auth: - jwksUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" - issuerUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central" - redirectUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/callback" -wallet: - baseWalletBpn: "BPNL00000003CRHK" - baseWalletShortDid: "YPp94k3hzcedGE6JBBzd7k" - baseWalletVerkey: "J7QUrkAtsWDGSsNeHKwQxr8aipWCBNvxxGZQ8SjVc5u5" - baseWalletName: "Catena-X-BETA" - membershipOrganisation: "Catena-X" -datapool: - url: "https://partners-pool.beta.demo.catena-x.net" - authUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" -revocationService: - baseUrlForCredentialList: "https://managed-identity-wallets.beta.demo.catena-x.net/api/credentials/" - clientIssuanceApiUrl: "http://localhost:8080" -ingress: - enabled: true -certificate: - host: "managed-identity-wallets.beta.demo.catena-x.net" -acapy: - endorser: - genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" - networkIdentifier: "idunion:test" - endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-base" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: - mt: - genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" - networkIdentifier: "idunion:test" - endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-managed-wallets" - endorserPublicDid: "YPp94k3hzcedGE6JBBzd7k" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: -managedIdentityWallets: - secret: - jdbcurl: - authclientid: - authclientsecret: - bpdmauthclientid: - bpdmauthclientsecret: -postgresql: - useDefaultJdbcUrl: false - secret: - password: - postgrespassword: - user: -acapypostgresql: - secret: - password: - postgrespassword: - user: -resources: - managedIdentityWallets: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - revocationService: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - endorserAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" - mtAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" diff --git a/charts/managed-identity-wallets/values-dev.yaml b/charts/managed-identity-wallets/values-dev.yaml deleted file mode 100644 index 64f632d79..000000000 --- a/charts/managed-identity-wallets/values-dev.yaml +++ /dev/null @@ -1,96 +0,0 @@ -### -### DEPRECATED -### -auth: - jwksUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" - issuerUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central" - redirectUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/callback" -wallet: - baseWalletBpn: "BPNL000000000000" - baseWalletShortDid: "MhLrwtKpZhNCzazMeofPQH" - baseWalletVerkey: "CHEC4PRQmP73A9UD7vQ6tnLAm9aoXLPhEtnGSMiAyVZj" - baseWalletName: "Catena-X-Dev" - membershipOrganisation: "Catena-X" -datapool: - url: "https://partners-pool.dev.demo.catena-x.net" - authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" -revocationService: - baseUrlForCredentialList: "https://managed-identity-wallets.dev.demo.catena-x.net/api/credentials/" - clientIssuanceApiUrl: "http://localhost:8080" -ingress: - enabled: true -certificate: - host: "managed-identity-wallets.dev.demo.catena-x.net" -acapy: - endorser: - logLevel: "DEBUG" - endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-base" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: - mt: - logLevel: "DEBUG" - endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-managed-wallets" - endorserPublicDid: "MhLrwtKpZhNCzazMeofPQH" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: -managedIdentityWallets: - secret: - jdbcurl: - authclientid: - authclientsecret: - bpdmauthclientid: - bpdmauthclientsecret: -postgresql: - useDefaultJdbcUrl: false - secret: - password: - postgrespassword: - user: -acapypostgresql: - secret: - password: - postgrespassword: - user: -resources: - managedIdentityWallets: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - revocationService: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - endorserAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" - mtAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" diff --git a/charts/managed-identity-wallets/values-int.yaml b/charts/managed-identity-wallets/values-int.yaml deleted file mode 100644 index 75b8661ac..000000000 --- a/charts/managed-identity-wallets/values-int.yaml +++ /dev/null @@ -1,98 +0,0 @@ -### -### DEPRECATED -### -auth: - jwksUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" - issuerUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central" - redirectUrl: "https://managed-identity-wallets.int.demo.catena-x.net/callback" -wallet: - baseWalletBpn: "BPNL000000000000" - baseWalletShortDid: "2xcjN7LjnHGaPdZbbGqju5" - baseWalletVerkey: "24vdNRCEY5Pswwv3XhbVSccbZA5r4ybxnYVGw3Q6WZjL" - baseWalletName: "Catena-X-Int" - membershipOrganisation: "Catena-X" -datapool: - url: "https://partners-pool.int.demo.catena-x.net" - authUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" -revocationService: - baseUrlForCredentialList: "https://managed-identity-wallets.int.demo.catena-x.net/api/credentials/" - clientIssuanceApiUrl: "http://localhost:8080" -ingress: - enabled: true -certificate: - host: "managed-identity-wallets.int.demo.catena-x.net" -acapy: - endorser: - genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" - endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-base" - networkIdentifier: "idunion:test" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: - mt: - genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" - endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-managed-wallets" - endorserPublicDid: "2xcjN7LjnHGaPdZbbGqju5" - networkIdentifier: "idunion:test" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: -managedIdentityWallets: - secret: - jdbcurl: - authclientid: - authclientsecret: - bpdmauthclientid: - bpdmauthclientsecret: -postgresql: - useDefaultJdbcUrl: false - secret: - password: - postgrespassword: - user: -acapypostgresql: - secret: - password: - postgrespassword: - user: -resources: - managedIdentityWallets: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - revocationService: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - endorserAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" - mtAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" diff --git a/charts/managed-identity-wallets/values-local.yaml b/charts/managed-identity-wallets/values-local.yaml deleted file mode 100644 index c29bbbfe9..000000000 --- a/charts/managed-identity-wallets/values-local.yaml +++ /dev/null @@ -1,34 +0,0 @@ -### -### DEPRECATED -### -auth: - jwksUrl: "http://192.168.205.1:8081/auth/realms/catenax/protocol/openid-connect/certs" - issuerUrl: "http://192.168.205.1:8081/auth/realms/catenax" - redirectUrl: "http://localhost:8080/callback" - realm: "catenax" - roleMappings: "create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet" - resourceId: "ManagedIdentityWallets" -datapool: - url: "https://catenax-bpdm-dev.demo.catena-x.net" - authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" -revocationService: - baseUrlForCredentialList: "https://managed-identity-wallets.dev.demo.catena-x.net/api/credentials/" - clientIssuanceApiUrl: "${SSI_SERVICE_URL:-http://localhost:8080}" -acapy: - logLevel: "DEBUG" - ledgerUrl: "https://indy-test.idu.network" - endpointPort: "8000" - endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net:8000/" - adminPort: "11000" - adminUrl: "http://localhost:11000" - imageName: "bcgovimages/aries-cloudagent" - tag: "py36-1.16-1_0.7.4" -ingress: - enabled: true -certificate: - host: "managed-identity-wallets.local.demo.catena-x.net" -image: - name: "catena-x/managed-identity-wallets" -postgresql: - enabled: false -isLocal: true diff --git a/charts/managed-identity-wallets/values-pen.yaml b/charts/managed-identity-wallets/values-pen.yaml deleted file mode 100644 index 7ab3c9943..000000000 --- a/charts/managed-identity-wallets/values-pen.yaml +++ /dev/null @@ -1,50 +0,0 @@ -### -### DEPRECATED -### -auth: - jwksUrl: "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" - issuerUrl: "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central" - redirectUrl: "https://managed-identity-wallets-pen.dev.demo.catena-x.net/callback" -datapool: - url: "https://catenax-bpdm-dev.demo.catena-x.net" - authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" -image: - tag: "latest-develop" -revocationService: - baseUrlForCredentialList: "https://managed-identity-wallets.pen.demo.catena-x.net/api/credentials/" - clientIssuanceApiUrl: "http://localhost:8080" -ingress: - enabled: true -certificate: - host: "managed-identity-wallets-pen.dev.demo.catena-x.net" -acapy: - logLevel: "DEBUG" - ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io" - endpointUrl: "https://managed-identity-wallets-pen.dev.demo.catena-x.net:8000/" - databaseHost: "product-managed-identity-wallets-pen-acapypostgresql" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: -managedIdentityWallets: - secret: - jdbcurl: - authclientid: - authclientsecret: - bpdmauthclientid: - bpdmauthclientsecret: -postgresql: - secret: - password: - postgrespassword: - user: -acapypostgresql: - secret: - password: - postgrespassword: - user: diff --git a/charts/managed-identity-wallets/values.yaml b/charts/managed-identity-wallets/values.yaml deleted file mode 100644 index 514cc83be..000000000 --- a/charts/managed-identity-wallets/values.yaml +++ /dev/null @@ -1,268 +0,0 @@ -### -### DEPRECATED -### -# The IAM configuration -auth: - # -- The realm name in Keycloak - realm: "CX-Central" - # -- The main role in MIW - role: "add_wallets" - # -- The role mapping in MIW - roleMappings: "create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet" - # -- (string) The resource Id in Keycloak - resourceId: "Cl5-CX-Custodian" - # -- IAM certs url - jwksUrl: "https://localhost:8081" - # -- IAM token issuer url - issuerUrl: "https://localhost:8081" - # -- IAM redirect url to the MIW - redirectUrl: "https:/localhost:8080/callback" -# The image of the Managed Identity Wallets -image: - name: "catenax-ng/tx-managed-identity-wallets_service" - registry: "ghcr.io" - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - secret: "acr-credentials" -allowEmptyPassword: "\"yes\"" -db: - # -- Database driver to use - jdbcDriver: "org.postgresql.Driver" -namespace: "managed-identity-wallets" -# -- The logging configurations -logging: - exposed: "INFO" - ktorRoot: "INFO" - jetty: "INFO" - netty: "INFO" - # -- Options: ALL, HEADERS, BODY, INFO, NONE - servicesCalls: "INFO" -# -- The timeout (milliseconds) configuration of http client in each service. -httpClientTimeout: - walletServiceRequest: "25000" - walletServiceConnect: "25000" - walletServiceSocket: "25000" - bpdServiceRequest: "25000" - bpdServiceConnect: "25000" - bpdServiceSocket: "25000" - revocationServiceRequest: "25000" - revocationServiceConnect: "25000" - revocationServiceSocket: "25000" - webhookServiceRequest: "25000" - webhookServiceConnect: "25000" - webhookServiceSocket: "25000" -# The OpenAPI configuration in MIW -openapi: - title: "Managed Identity Wallets API" - description: "Managed Identity Wallets API" - termsOfServiceUrl: "https://www.eclipse.org/legal/termsofuse.php" - contactName: "Eclipse Tractus-X" - contactEmail: "tractusx-dev@eclipse.org" - contactUrl: "https://projects.eclipse.org/projects/automotive.tractusx" - licenseName: "Apache 2.0" - licenseUrl: "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/main/LICENSE" -# The base wallet configuration in MIW -wallet: - # -- The BPN of the base wallet - baseWalletBpn: "" - # -- The short DID of the base wallet. - # It can be created with its verkey as described in https://github.com/eclipse-tractusx/managed-identity-wallets#Integrate-with-Indy-Ledger. - # It should be registered on the Indy ledger with role endorser. - baseWalletShortDid: "" - # -- The verkey (public key) of the base wallet - baseWalletVerkey: "" - # -- The name of the base wallet - baseWalletName: "" - # -- A list of full DIDs seperated by comma ",". Those DIDs are allowed to send a connection request to managed wallets. Empty for public invitation allowance - allowlistDids: "" - # -- The name used in the Membership credential - membershipOrganisation: "Platform-A" -# The configuration of revocation service in MIW -revocation: - # -- At which hour (24-hour clock) the cron job should issue/update status-list credentials - refreshHour: "3" - # -- The url of the revocation service - revocationServiceUrl: http://localhost:8086 -# The main configuration of the revocation service -revocationService: - imageName: "registry.gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/revocation" - tag: "1.0.0-SNAPSHOT-quarkus-2.10.2.Final-java17" - port: "8086" - httpAccessLog: true - # -- Issuance cache interval - minIssueInterval: "2" - # -- The the endpoint in MIW at which status credentials can be issued - baseUrlForCredentialList: "https//localhost:8080/api/credentials/" - # -- The url at which the MIW is reachable - clientIssuanceApiUrl: "http://localhost:8080" -acapy: - imageName: "bcgovimages/aries-cloudagent" - tag: "py36-1.16-1_0.7.5" - # The configuration of the AcaPy endorser instance - endorser: - # -- The url of the used Indy ledger - genesisUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" - # -- The label of the instance - label: "BaseWalletIssuer" - logLevel: "INFO" - # -- The network identifier of the used Indy ledger - networkIdentifier: "greenlight:dev" - # -- The endpoint url in the DID document - endpointUrl: "https://localhost:8000" - # -- The host of the used database - databaseHost: "acapypostgresql" - # -- The port at which the wallet is reachable - endpointPort: "8000" - # -- The port at which the admin API is reachable - adminPort: "11000" - # -- The url of the admin API - adminUrl: "http://localhost:11000" - secret: - # -- The API key of the admin endpoints. It must be a random and secure string - apikey: "0" - # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. - walletseed: "RandomSeedPlaceHolder0x135791113" - dbaccount: "postgres" - dbadminuser: "postgres" - dbadminpassword: "postgres" - dbpassword: "postgres" - ## -- It must be a random and secure string - jwtsecret: "0" - ## -- It must be a random and secure string - walletkey: "0" - # AcaPy multi-tenancy instance - mt: - # -- The url of the used Indy ledger - genesisUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" - # -- The label of the instance - label: "ManagedWallet" - logLevel: "INFO" - # -- The network identifier of the used Indy ledger - networkIdentifier: "greenlight:dev" - # -- The endpoint url in the DID document - endpointUrl: "https://localhost:8003" - # -- The host of the used database - databaseHost: "acapypostgresql" - # -- The port at which the sub-wallets are reachable - endpointPort: "8003" - # -- The port at which the admin API is reachable - adminPort: "11003" - # -- The url of the admin API - adminUrl: "http://localhost:11003" - # -- The short DID of the base wallet - endorserPublicDid: "ShortDIDPlaceholderX" - # -- The url at which events are sent. It should be the webhook endpoint in MIW - webhookUrl: "http://localhost:8080/webhook" - secret: - # -- The API-Key of the admin endpoints. It must be a random and secure string - apikey: "0" - # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. - walletseed: "RandomSeedPlaceHolder0x246810120" - dbaccount: "postgres" - dbadminuser: "postgres" - dbadminpassword: "postgres" - dbpassword: "postgres" - ## -- It must be a random and secure string - jwtsecret: "0" - ## -- It must be a random and secure string - walletkey: "0" -ingress: - enabled: false -# The configuration and secrets of the database that is used by AcaPy -acapypostgresql: - enabled: true - auth: - existingSecret: product-managed-identity-wallets-acapypostgresql - secret: - password: "postgres" - postgrespassword: "postgres" - user: "postgres" -# The configuration and secrets of the database that is used by the MIW -postgresql: - # -- use the default jdbc url `jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s` instead of the value in managedIdentityWallets.secrets.jdbcUrl - useDefaultJdbcUrl: true - enabled: true - auth: - existingSecret: product-managed-identity-wallets-postgresql - primary: - extraVolumeMounts: - - name: initdb - mountPath: "/docker-entrypoint-initdb.d" - extraVolumes: - - name: initdb - emptyDir: {} - initContainers: - - name: initdb - # -- The image is built and used to initialize the database of MIW. The tag must equal the appVersion in Chart.yaml - image: ghcr.io/catenax-ng/tx-managed-identity-wallets_initdb:3.3.2 - imagePullPolicy: Always - command: - - sh - args: - - -c - - | - echo "Copying initdb sqls..." - cp -R /initdb/* /docker-entrypoint-initdb.d - volumeMounts: - - name: initdb - mountPath: "/docker-entrypoint-initdb.d" - secret: - password: "postgres" - postgrespassword: "postgres" - user: "postgres" -# The configuration to access the BPDM data pool (https://github.com/eclipse-tractusx/bpdm) from MIW -datapool: - grantType: "client_credentials" - scope: "openid" - # -- At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool - refreshHour: "23" - # -- Url at which the API of BPDM is reachable - url: "" - # -- IAM url to get the access token for BPDM data pool endpoint - authUrl: "" -managedIdentityWallets: - secret: - # -- Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false - jdbcurl: "jdbc:postgresql://:/?user=&password=" - # -- It can be extracted from Keycloak - authclientid: "clientid" - # -- It can be extracted from Keycloak - authclientsecret: "client" - # -- client id for accessing the BPDM data pool endpoint - bpdmauthclientid: "clientid" - # -- client secret for accessing the BPDM data pool endpoint - bpdmauthclientsecret: "client" -certificate: - host: "localhost" -# -- Deployment on Kubernetes on local device -isLocal: false -# -- used resources for each componenet -resources: - managedIdentityWallets: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "250m" - memory: "256Mi" - revocationService: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "250m" - memory: "256Mi" - endorserAcapy: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "250m" - memory: "256Mi" - mtAcapy: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "250m" - memory: "256Mi" From f11f8246da65fa17b0a4f4fac59ae67e42b709de Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 5 Jul 2023 14:30:56 +0200 Subject: [PATCH 023/116] feat(ci): run Helm unittests --- .github/workflows/chart-lint.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index c79eb4d4b..1c492e45d 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -16,16 +16,19 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v3 with: - version: v3.9.3 + version: v3.11.3 - - name: Add Helm repos + - name: Update Helm dependencies run: | cd charts/managed-identity-wallet - helm repo add bitnami https://charts.bitnami.com/bitnami helm dependency update + - name: Install Helm unittest plugin + run: | + helm plugin install https://github.com/helm-unittest/helm-unittest.git + # Setup python as a prerequisite for chart linting - uses: actions/setup-python@v2 with: @@ -34,6 +37,9 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@v2.3.1 + - name: Install Task + uses: arduino/setup-task@v1 + - name: Run chart-testing (list-changed) id: list-changed run: | @@ -41,10 +47,14 @@ jobs: if [[ -n "$changed" ]]; then echo "::set-output name=changed::true" fi + # run chart linting - name: Run chart-testing (lint) run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/chart-testing-config.yaml + - name: Run Helm unittests + run: task helm:unittest + # Preparing a kind cluster to install and test charts on - name: Create kind cluster uses: helm/kind-action@v1.4.0 From 55f63f4664844a6689f799b16c6485c486904986 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 5 Jul 2023 14:32:02 +0200 Subject: [PATCH 024/116] test(ci): enable manual trigger --- .github/workflows/chart-lint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 1c492e45d..0754cdfd3 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -5,6 +5,7 @@ on: pull_request: paths: - 'charts/**' + workflow_dispatch: jobs: lint-test: From fb9f53fee25afc8ddd1cd31278b427187551e12a Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 5 Jul 2023 14:33:19 +0200 Subject: [PATCH 025/116] test(ci): add branch name --- .github/workflows/chart-lint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 0754cdfd3..8619a7fb1 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -6,6 +6,7 @@ on: paths: - 'charts/**' workflow_dispatch: + branches: [ 'features/java-did-web' ] jobs: lint-test: From 50d6370628c4d22f9f42af7545fbf1a98f205ea7 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 6 Jul 2023 12:31:43 +0200 Subject: [PATCH 026/116] refactor(ci): remove manual trigger --- .github/workflows/chart-lint.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 8619a7fb1..1c492e45d 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -5,8 +5,6 @@ on: pull_request: paths: - 'charts/**' - workflow_dispatch: - branches: [ 'features/java-did-web' ] jobs: lint-test: From 57a37f467d60cef5eb595911f101bc36050d924b Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 6 Jul 2023 12:32:18 +0200 Subject: [PATCH 027/116] fix(helm): add empty line at the bottom for Helm lint testing --- charts/managed-identity-wallet/Chart.yaml | 2 +- charts/managed-identity-wallet/templates/secret.yaml | 2 +- charts/managed-identity-wallet/values-dev.yaml | 2 +- charts/managed-identity-wallet/values-int.yaml | 2 +- charts/managed-identity-wallet/values.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index d8bb30b1a..5c5c878de 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -30,4 +30,4 @@ dependencies: - name: postgresql version: 11.9.13 repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled \ No newline at end of file + condition: postgresql.enabled diff --git a/charts/managed-identity-wallet/templates/secret.yaml b/charts/managed-identity-wallet/templates/secret.yaml index 2f7268f10..9760d9d30 100644 --- a/charts/managed-identity-wallet/templates/secret.yaml +++ b/charts/managed-identity-wallet/templates/secret.yaml @@ -29,4 +29,4 @@ data: {{- range $key, $val := .Values.secrets }} {{ $key }}: {{ $val | b64enc }} {{- end}} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml index ac0381ce8..30adb63bb 100644 --- a/charts/managed-identity-wallet/values-dev.yaml +++ b/charts/managed-identity-wallet/values-dev.yaml @@ -53,4 +53,4 @@ postgresql: auth: password: postgresPassword: - username: \ No newline at end of file + username: diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml index 550695550..e49730c61 100644 --- a/charts/managed-identity-wallet/values-int.yaml +++ b/charts/managed-identity-wallet/values-int.yaml @@ -53,4 +53,4 @@ postgresql: auth: password: postgresPassword: - username: \ No newline at end of file + username: diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 7787192eb..ed359fbad 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -132,4 +132,4 @@ postgresql: auth: password: postgres username: postgres - postgresPassword: postgres \ No newline at end of file + postgresPassword: postgres From ff414f8e3cb764ad1602f2b2367e2756d123cdd8 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 7 Jul 2023 12:07:40 +0200 Subject: [PATCH 028/116] fix(doc): move information about docker for macos upwards --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 25f3ea1d0..bfa9832fa 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,9 @@ Description of the env files: - **env.local**: Setup everything to get ready for flow "local". You need to fill in the passwords. Everything else can remain as it is. - **env.docker**: Setup everything to get ready for flow "docker". You need to fill in the passwords. Everything else can remain as it is. +> IMPORTANT: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings +(under "features in development") + In both env files (env.local and env.docker) you need to set _GITHUB_USERNAME_ and _GITHUB_TOKEN_ in order to be able to build the add, because the SSI lib is stored in a private repo (you also need the proper rights to access the repo). The access token need to have `read:packages` access. (ref: https://github.com/settings/tokens/new) @@ -157,12 +160,10 @@ This process ensures that any issues with the database schema are resolved by re 2. Policies can be validated dynamically as per request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) -3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings - (under "features in development") ## Reference of external lib 1. https://www.testcontainers.org/modules/databases/postgres/ 2. https://github.com/dasniko/testcontainers-keycloak 3. https://github.com/smartSenseSolutions/smartsense-java-commons -4. https://github.com/catenax-ng/product-lab-ssi \ No newline at end of file +4. https://github.com/catenax-ng/product-lab-ssi From 1893a6484bd0150d7d2ac3e5cb2e45e221403b2f Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 7 Jul 2023 14:19:56 +0200 Subject: [PATCH 029/116] feat(devel): add COMPOSE_COMMAND to env.*.dist to configure the available docker compose binary --- dev-assets/env-files/env.docker.dist | 5 ++++- dev-assets/env-files/env.local.dist | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index 657a22795..e0fe37578 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -5,6 +5,9 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" +# Docker +COMPOSE_COMMAND=docker-compose + # Docker: Postgres config POSTGRES_DB=keycloak POSTGRES_USER=keycloak @@ -46,4 +49,4 @@ DB_NAME=${POSTGRES_DB_NAME_MIW} DB_USER_NAME=${POSTGRES_USERNAME_MIW} DB_PASSWORD=${POSTGRES_PASSWORD_MIW} ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME} -ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} \ No newline at end of file +ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index 154e7ee83..20fab978f 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -5,6 +5,9 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" +# Docker +COMPOSE_COMMAND=docker-compose + # Docker: Postgres config POSTGRES_DB=keycloak POSTGRES_USER=keycloak @@ -46,4 +49,4 @@ DB_NAME=${POSTGRES_DB_NAME_MIW} DB_USER_NAME=${POSTGRES_USERNAME_MIW} DB_PASSWORD=${POSTGRES_PASSWORD_MIW} ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME} -ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} \ No newline at end of file +ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} From 931e69fd02a0ada7c5b0827eaaf5aa140b5f07af Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 7 Jul 2023 14:20:45 +0200 Subject: [PATCH 030/116] feat(devel): use COMPOSE_COMMAND env from env.* to execute the available docker compose binary --- dev-assets/tasks/darwin/docker.yaml | 6 +++--- dev-assets/tasks/linux/docker.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dev-assets/tasks/darwin/docker.yaml b/dev-assets/tasks/darwin/docker.yaml index 6a40c1a3a..40281a440 100644 --- a/dev-assets/tasks/darwin/docker.yaml +++ b/dev-assets/tasks/darwin/docker.yaml @@ -36,13 +36,13 @@ tasks: cmds: - cat postgres/db.sh.tpl | envsubst > postgres/db.sh - chmod +x postgres/db.sh - - "docker-compose up {{.OPTIONS}} {{.CONTAINERS}}" + - "$COMPOSE_COMMAND up {{.OPTIONS}} {{.CONTAINERS}}" stop-middleware: desc: Stop local Docker environment dir: dev-assets/docker-environment cmds: - - docker-compose down + - $COMPOSE_COMMAND down - cmd: docker volume remove docker-environment_postgres_data ignore_error: true - rm -f postgres/db.sh @@ -71,4 +71,4 @@ tasks: desc: Cleans everything about docker... cmds: - cmd: docker rmi local-miw - ignore_error: true \ No newline at end of file + ignore_error: true diff --git a/dev-assets/tasks/linux/docker.yaml b/dev-assets/tasks/linux/docker.yaml index 6a40c1a3a..40281a440 100644 --- a/dev-assets/tasks/linux/docker.yaml +++ b/dev-assets/tasks/linux/docker.yaml @@ -36,13 +36,13 @@ tasks: cmds: - cat postgres/db.sh.tpl | envsubst > postgres/db.sh - chmod +x postgres/db.sh - - "docker-compose up {{.OPTIONS}} {{.CONTAINERS}}" + - "$COMPOSE_COMMAND up {{.OPTIONS}} {{.CONTAINERS}}" stop-middleware: desc: Stop local Docker environment dir: dev-assets/docker-environment cmds: - - docker-compose down + - $COMPOSE_COMMAND down - cmd: docker volume remove docker-environment_postgres_data ignore_error: true - rm -f postgres/db.sh @@ -71,4 +71,4 @@ tasks: desc: Cleans everything about docker... cmds: - cmd: docker rmi local-miw - ignore_error: true \ No newline at end of file + ignore_error: true From a6fc91812ad9065c1f5011597deb1bc6fd9b545a Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 7 Jul 2023 14:21:15 +0200 Subject: [PATCH 031/116] feat(doc): document COMPOSE_COMMAND env --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index bfa9832fa..7c0d0fd7d 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,8 @@ In both env files (env.local and env.docker) you need to set _GITHUB_USERNAME_ a because the SSI lib is stored in a private repo (you also need the proper rights to access the repo). The access token need to have `read:packages` access. (ref: https://github.com/settings/tokens/new) +And change the _COMPOSE_COMMAND_ variable to either _docker-compose_ or _docker compose_. It depends on docker compose version you are using: V1 or V2 + Note: _SKIP_GRADLE_TASKS_PARAM_ is used to pass parameters to the build process of the MIW jar. Currently, it skips the tests and code coverage, but speeds up the build time. If you want to activate it, just comment it out like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"` From a7d3496224be0ca6ec5fc6c947c15fd277199d9a Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Mon, 10 Jul 2023 01:34:07 +0200 Subject: [PATCH 032/116] add check for verifiable credentials during VP/JWT validation Signed-off-by: Dominik Pinsel --- build.gradle | 4 +- .../constant/StringPool.java | 1 - .../service/IssuersCredentialService.java | 2 +- .../service/PresentationService.java | 60 ++++++++++++++++++- .../utils/CommonUtils.java | 8 ++- 5 files changed, 68 insertions(+), 7 deletions(-) diff --git a/build.gradle b/build.gradle index 627a6f92a..d04d456e1 100644 --- a/build.gradle +++ b/build.gradle @@ -48,11 +48,13 @@ dependencies { implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${openApiVersion}" implementation group: 'com.smartsensesolutions', name: 'commons-dao', version: '0.0.5' implementation 'org.liquibase:liquibase-core' - implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.8' + implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.13' + testImplementation 'org.projectlombok:lombok:1.18.26' runtimeOnly 'org.postgresql:postgresql' compileOnly 'org.projectlombok:lombok' developmentOnly 'org.springframework.boot:spring-boot-devtools' annotationProcessor 'org.projectlombok:lombok' + testAnnotationProcessor 'org.projectlombok:lombok' testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation "org.testcontainers:testcontainers" testImplementation "org.testcontainers:postgresql" diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java index dcdde15e6..37a4add04 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java @@ -48,7 +48,6 @@ private StringPool() { public static final String HOLDER_DID = "holderDid"; public static final String HOLDER_IDENTIFIER = "holderIdentifier"; public static final String NAME = "name"; - public static final String CONTRACT_TEMPLATES = "contractTemplates"; public static final String CONTRACT_TEMPLATE = "contractTemplate"; public static final String TYPE = "type"; public static final String MEMBER_OF = "memberOf"; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index 8618b00c8..f6ead5642 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -522,7 +522,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu StringPool.HOLDER_IDENTIFIER, holderBpn, StringPool.ITEMS, items, StringPool.TYPE, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, - StringPool.CONTRACT_TEMPLATES, miwSettings.contractTemplatesUrl())); + StringPool.CONTRACT_TEMPLATE, miwSettings.contractTemplatesUrl())); List types = List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL); HoldersCredential holdersCredential = CommonUtils.getHoldersCredential(subject, types, diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java index abac08086..bd2baff4e 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java @@ -21,6 +21,7 @@ package org.eclipse.tractusx.managedidentitywallets.service; +import com.fasterxml.jackson.databind.ObjectMapper; import com.nimbusds.jwt.SignedJWT; import com.smartsensesolutions.java.commons.base.repository.BaseRepository; import com.smartsensesolutions.java.commons.base.service.BaseService; @@ -42,7 +43,9 @@ import org.eclipse.tractusx.ssi.lib.did.resolver.DidDocumentResolverRegistryImpl; import org.eclipse.tractusx.ssi.lib.did.web.DidWebDocumentResolver; import org.eclipse.tractusx.ssi.lib.did.web.util.DidWebParser; +import org.eclipse.tractusx.ssi.lib.exception.InvalidJsonLdException; import org.eclipse.tractusx.ssi.lib.exception.InvalidePrivateKeyFormat; +import org.eclipse.tractusx.ssi.lib.exception.UnsupportedSignatureTypeException; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtFactory; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtValidator; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtVerifier; @@ -52,9 +55,12 @@ import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation; import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationBuilder; import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationType; +import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation; +import org.eclipse.tractusx.ssi.lib.proof.SignatureType; import org.eclipse.tractusx.ssi.lib.serialization.jsonLd.JsonLdSerializerImpl; import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedJwtPresentationFactory; import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedJwtPresentationFactoryImpl; +import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedVerifiablePresentation; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; @@ -181,7 +187,25 @@ public Map validatePresentation(Map vp, boolean //validate date boolean validateExpiryDate = validateExpiryDate(withCredentialExpiryDate, signedJWT); - response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate)); + boolean validCredential = true; + try { + final ObjectMapper mapper = new ObjectMapper(); + Map claims = mapper.readValue(signedJWT.getPayload().toBytes(), Map.class); + String vpClaim = mapper.writeValueAsString(claims.get("vp")); + + JsonLdSerializerImpl jsonLdSerializer = new JsonLdSerializerImpl(); + VerifiablePresentation presentation = jsonLdSerializer.deserializePresentation(new SerializedVerifiablePresentation(vpClaim)); + + for (VerifiableCredential credential : presentation.getVerifiableCredentials()) { + if (!validateCredential(credential)) { + validCredential = false; + } + } + } catch (InvalidJsonLdException e) { + throw new BadDataException(String.format("Validation of VP in form of JSON-LD is not supported. Invalid Json-LD: %s", e.getMessage())); + } + + response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential)); if (StringUtils.hasText(audience)) { response.put(StringPool.VALIDATE_AUDIENCE, validateAudience); @@ -206,8 +230,7 @@ private boolean validateSignature(SignedJWT signedJWT) { new DidWebDocumentResolver(HttpClient.newHttpClient(), new DidWebParser(), miwSettings.enforceHttps())); SignedJwtVerifier jwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry); - jwtVerifier.verify(signedJWT); - return true; + return jwtVerifier.verify(signedJWT); } catch (Exception e) { log.error("Can not verify signature of jwt", e); return false; @@ -244,4 +267,35 @@ private boolean validateAudience(String audience, SignedJWT signedJWT) { return true; } } + + private boolean validateCredential(VerifiableCredential credential) + throws UnsupportedSignatureTypeException { + final DidDocumentResolverRegistry didDocumentResolverRegistry = new DidDocumentResolverRegistryImpl(); + didDocumentResolverRegistry.register( + new DidWebDocumentResolver(HttpClient.newHttpClient(), new DidWebParser(), miwSettings.enforceHttps())); + + final String proofType = credential.getProof().getType(); + final LinkedDataProofValidation linkedDataProofValidation; + if (SignatureType.ED21559.toString().equals(proofType)) { + linkedDataProofValidation = LinkedDataProofValidation.newInstance( + SignatureType.ED21559, + didDocumentResolverRegistry + ); + } else if (SignatureType.JWS.toString().equals(proofType)) { + linkedDataProofValidation = LinkedDataProofValidation.newInstance( + SignatureType.JWS, + didDocumentResolverRegistry + ); + } else { + throw new UnsupportedSignatureTypeException(proofType); + } + + final boolean isValid = linkedDataProofValidation.verifiyProof(credential); + if (isValid) { + log.debug("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId()); + } else { + log.info("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId()); + } + return isValid; + } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java index 8a723a491..13e47aa2d 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java @@ -103,11 +103,17 @@ private static VerifiableCredential createVerifiableCredential(DidDocument issue VerifiableCredentialSubject verifiableCredentialSubject, byte[] privateKey, List contexts, Date expiryDate) { //VC Builder + + // if the credential does not contain the JWS proof-context add it + URI jwsUri = URI.create("https://w3id.org/security/suites/jws-2020/v1"); + if (!contexts.contains(jwsUri)) + contexts.add(jwsUri); + URI id = URI.create(UUID.randomUUID().toString()); VerifiableCredentialBuilder builder = new VerifiableCredentialBuilder() .context(contexts) - .id(id) + .id(URI.create(issuerDoc.getId() + "#" + id)) .type(verifiableCredentialType) .issuer(issuerDoc.getId()) .expirationDate(expiryDate.toInstant()) From 965220988fa1215d97c7bae46294167463084ce5 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Mon, 10 Jul 2023 01:34:07 +0200 Subject: [PATCH 033/116] add check for verifiable credentials during VP/JWT validation Signed-off-by: Dominik Pinsel --- build.gradle | 4 +- .../constant/StringPool.java | 1 - .../service/IssuersCredentialService.java | 2 +- .../service/PresentationService.java | 62 +++++++++++++++++-- .../utils/CommonUtils.java | 8 ++- .../vc/HoldersCredentialTest.java | 2 +- .../vc/IssuersCredentialTest.java | 4 +- .../vp/PresentationTest.java | 8 ++- 8 files changed, 78 insertions(+), 13 deletions(-) diff --git a/build.gradle b/build.gradle index 627a6f92a..d04d456e1 100644 --- a/build.gradle +++ b/build.gradle @@ -48,11 +48,13 @@ dependencies { implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${openApiVersion}" implementation group: 'com.smartsensesolutions', name: 'commons-dao', version: '0.0.5' implementation 'org.liquibase:liquibase-core' - implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.8' + implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.13' + testImplementation 'org.projectlombok:lombok:1.18.26' runtimeOnly 'org.postgresql:postgresql' compileOnly 'org.projectlombok:lombok' developmentOnly 'org.springframework.boot:spring-boot-devtools' annotationProcessor 'org.projectlombok:lombok' + testAnnotationProcessor 'org.projectlombok:lombok' testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation "org.testcontainers:testcontainers" testImplementation "org.testcontainers:postgresql" diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java index dcdde15e6..37a4add04 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java @@ -48,7 +48,6 @@ private StringPool() { public static final String HOLDER_DID = "holderDid"; public static final String HOLDER_IDENTIFIER = "holderIdentifier"; public static final String NAME = "name"; - public static final String CONTRACT_TEMPLATES = "contractTemplates"; public static final String CONTRACT_TEMPLATE = "contractTemplate"; public static final String TYPE = "type"; public static final String MEMBER_OF = "memberOf"; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index 8618b00c8..f6ead5642 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -522,7 +522,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu StringPool.HOLDER_IDENTIFIER, holderBpn, StringPool.ITEMS, items, StringPool.TYPE, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, - StringPool.CONTRACT_TEMPLATES, miwSettings.contractTemplatesUrl())); + StringPool.CONTRACT_TEMPLATE, miwSettings.contractTemplatesUrl())); List types = List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL); HoldersCredential holdersCredential = CommonUtils.getHoldersCredential(subject, types, diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java index abac08086..8643828bf 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java @@ -21,6 +21,7 @@ package org.eclipse.tractusx.managedidentitywallets.service; +import com.fasterxml.jackson.databind.ObjectMapper; import com.nimbusds.jwt.SignedJWT; import com.smartsensesolutions.java.commons.base.repository.BaseRepository; import com.smartsensesolutions.java.commons.base.service.BaseService; @@ -42,7 +43,9 @@ import org.eclipse.tractusx.ssi.lib.did.resolver.DidDocumentResolverRegistryImpl; import org.eclipse.tractusx.ssi.lib.did.web.DidWebDocumentResolver; import org.eclipse.tractusx.ssi.lib.did.web.util.DidWebParser; +import org.eclipse.tractusx.ssi.lib.exception.InvalidJsonLdException; import org.eclipse.tractusx.ssi.lib.exception.InvalidePrivateKeyFormat; +import org.eclipse.tractusx.ssi.lib.exception.UnsupportedSignatureTypeException; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtFactory; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtValidator; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtVerifier; @@ -52,9 +55,12 @@ import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation; import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationBuilder; import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationType; +import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation; +import org.eclipse.tractusx.ssi.lib.proof.SignatureType; import org.eclipse.tractusx.ssi.lib.serialization.jsonLd.JsonLdSerializerImpl; import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedJwtPresentationFactory; import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedJwtPresentationFactoryImpl; +import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedVerifiablePresentation; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; @@ -142,7 +148,7 @@ public Map createPresentation(Map data, boolean // Build VP VerifiablePresentation verifiablePresentation = verifiablePresentationBuilder - .id(URI.create(UUID.randomUUID().toString())) + .id(URI.create(miwSettings.authorityWalletDid() + "#" + UUID.randomUUID().toString())) .type(List.of(VerifiablePresentationType.VERIFIABLE_PRESENTATION)) .verifiableCredentials(verifiableCredentials) .build(); @@ -181,7 +187,25 @@ public Map validatePresentation(Map vp, boolean //validate date boolean validateExpiryDate = validateExpiryDate(withCredentialExpiryDate, signedJWT); - response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate)); + boolean validCredential = true; + try { + final ObjectMapper mapper = new ObjectMapper(); + Map claims = mapper.readValue(signedJWT.getPayload().toBytes(), Map.class); + String vpClaim = mapper.writeValueAsString(claims.get("vp")); + + JsonLdSerializerImpl jsonLdSerializer = new JsonLdSerializerImpl(); + VerifiablePresentation presentation = jsonLdSerializer.deserializePresentation(new SerializedVerifiablePresentation(vpClaim)); + + for (VerifiableCredential credential : presentation.getVerifiableCredentials()) { + if (!validateCredential(credential)) { + validCredential = false; + } + } + } catch (InvalidJsonLdException e) { + throw new BadDataException(String.format("Validation of VP in form of JSON-LD is not supported. Invalid Json-LD: %s", e.getMessage())); + } + + response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential)); if (StringUtils.hasText(audience)) { response.put(StringPool.VALIDATE_AUDIENCE, validateAudience); @@ -206,8 +230,7 @@ private boolean validateSignature(SignedJWT signedJWT) { new DidWebDocumentResolver(HttpClient.newHttpClient(), new DidWebParser(), miwSettings.enforceHttps())); SignedJwtVerifier jwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry); - jwtVerifier.verify(signedJWT); - return true; + return jwtVerifier.verify(signedJWT); } catch (Exception e) { log.error("Can not verify signature of jwt", e); return false; @@ -244,4 +267,35 @@ private boolean validateAudience(String audience, SignedJWT signedJWT) { return true; } } + + private boolean validateCredential(VerifiableCredential credential) + throws UnsupportedSignatureTypeException { + final DidDocumentResolverRegistry didDocumentResolverRegistry = new DidDocumentResolverRegistryImpl(); + didDocumentResolverRegistry.register( + new DidWebDocumentResolver(HttpClient.newHttpClient(), new DidWebParser(), miwSettings.enforceHttps())); + + final String proofType = credential.getProof().getType(); + final LinkedDataProofValidation linkedDataProofValidation; + if (SignatureType.ED21559.toString().equals(proofType)) { + linkedDataProofValidation = LinkedDataProofValidation.newInstance( + SignatureType.ED21559, + didDocumentResolverRegistry + ); + } else if (SignatureType.JWS.toString().equals(proofType)) { + linkedDataProofValidation = LinkedDataProofValidation.newInstance( + SignatureType.JWS, + didDocumentResolverRegistry + ); + } else { + throw new UnsupportedSignatureTypeException(proofType); + } + + final boolean isValid = linkedDataProofValidation.verifiyProof(credential); + if (isValid) { + log.debug("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId()); + } else { + log.info("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId()); + } + return isValid; + } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java index 8a723a491..13e47aa2d 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java @@ -103,11 +103,17 @@ private static VerifiableCredential createVerifiableCredential(DidDocument issue VerifiableCredentialSubject verifiableCredentialSubject, byte[] privateKey, List contexts, Date expiryDate) { //VC Builder + + // if the credential does not contain the JWS proof-context add it + URI jwsUri = URI.create("https://w3id.org/security/suites/jws-2020/v1"); + if (!contexts.contains(jwsUri)) + contexts.add(jwsUri); + URI id = URI.create(UUID.randomUUID().toString()); VerifiableCredentialBuilder builder = new VerifiableCredentialBuilder() .context(contexts) - .id(id) + .id(URI.create(issuerDoc.getId() + "#" + id)) .type(verifiableCredentialType) .issuer(issuerDoc.getId()) .expirationDate(expiryDate.toInstant()) diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java index 51e3e6bbd..81c61bd0a 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java @@ -273,7 +273,7 @@ private ResponseEntity issueVC(String bpn, String did, String type, Http //Using Builder VerifiableCredential credentialWithoutProof = verifiableCredentialBuilder - .id(URI.create(UUID.randomUUID().toString())) + .id(URI.create(did + "#" + UUID.randomUUID().toString())) .context(miwSettings.vcContexts()) .type(List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, type)) .issuer(URI.create(did)) //issuer must be base wallet diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java index 5c871c109..9cb108dad 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java @@ -142,7 +142,7 @@ void getCredentials200() throws com.fasterxml.jackson.core.JsonProcessingExcepti Assertions.assertEquals(6, Objects.requireNonNull(credentialList).size()); //5 framework CV + 1 membership for (VerifiableCredential vc : credentialList) { - Assertions.assertEquals(2, vc.getContext().size(), "Each credential requires 2 contexts"); + Assertions.assertEquals(3, vc.getContext().size(), "Each credential requires 3 contexts"); } } @@ -245,7 +245,7 @@ private ResponseEntity issueVC(String bpn, String holderDid, String issu //Using Builder VerifiableCredential credentialWithoutProof = verifiableCredentialBuilder - .id(URI.create(UUID.randomUUID().toString())) + .id(URI.create(miwSettings.authorityWalletDid() + "#" + UUID.randomUUID().toString())) .context(miwSettings.vcContexts()) .type(List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, type)) .issuer(URI.create(issuerDid)) //issuer must be base wallet diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java index 2a8d63edb..0190cfbae 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java @@ -44,6 +44,7 @@ import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtVerifier; import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.mockito.MockedConstruction; import org.mockito.Mockito; @@ -100,6 +101,7 @@ void validateVPAssJsonLd400() throws JsonProcessingException, DidDocumentResolve @Test + @Disabled("Temporarily disabled, as presentation validation requires real did resolving, which does not work yet for integration tests") void validateVPAsJwt() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException, InterruptedException { String bpn = UUID.randomUUID().toString(); String audience = "companyA"; @@ -110,7 +112,7 @@ void validateVPAsJwt() throws JsonProcessingException, DidDocumentResolverNotReg DidDocumentResolverRegistry didDocumentResolverRegistry = Mockito.mock(DidDocumentResolverRegistry.class); SignedJwtVerifier signedJwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry); - Mockito.doNothing().when(signedJwtVerifier).verify(Mockito.any(SignedJWT.class)); + Mockito.doReturn(true).when(signedJwtVerifier).verify(Mockito.any(SignedJWT.class)); ResponseEntity> mapResponseEntity = presentationController.validatePresentation(body, null, true, false); @@ -123,6 +125,7 @@ void validateVPAsJwt() throws JsonProcessingException, DidDocumentResolverNotReg } @Test + @Disabled("Temporarily disabled, as presentation validation requires real did resolving, which does not work yet for integration tests") void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidation() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException, InterruptedException { //create VP String bpn = UUID.randomUUID().toString(); @@ -151,6 +154,7 @@ void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidatio } @Test + @Disabled("Temporarily disabled, as presentation validation requires real did resolving, which does not work yet for integration tests") void validateVPAsJwtWithValidAudienceAndDateValidation() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException { //create VP String bpn = UUID.randomUUID().toString(); @@ -162,7 +166,7 @@ void validateVPAsJwtWithValidAudienceAndDateValidation() throws JsonProcessingEx DidDocumentResolverRegistry didDocumentResolverRegistry = Mockito.mock(DidDocumentResolverRegistry.class); SignedJwtVerifier signedJwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry); - Mockito.doNothing().when(signedJwtVerifier).verify(Mockito.any(SignedJWT.class)); + Mockito.doReturn(true).when(signedJwtVerifier).verify(Mockito.any(SignedJWT.class)); ResponseEntity> mapResponseEntity = presentationController.validatePresentation(body, audience, true, true); From 43dec2d1918296a17117070bb4e4c6d279bcc71f Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 10:11:50 +0200 Subject: [PATCH 034/116] feat(doc): mark important content in README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7c0d0fd7d..35d2f33b9 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,8 @@ Following tools the MIW development team used successfully: To simplify the dev environment, [Taskfile](https://taskfile.dev) is used as a task executor. You have to install it first. -Before executing any of th tasks, you have to choose your flow (_local_ or _docker_). _local_ is default. -To change that, you need to edit the variable **ENV** in the _Taskfile.yaml_. +> **IMPORTANT**: Before executing any of th tasks, you have to choose your flow (_local_ or _docker_). _local_ is default. +To change that, you need to edit the variable **ENV** in the _Taskfile.yaml_. (see below) After that, run `task check-prereqs` to see, if any other required tool is installed or missing. If something is missing, a link to the install docs is provided. @@ -41,7 +41,7 @@ Description of the env files: - **env.local**: Setup everything to get ready for flow "local". You need to fill in the passwords. Everything else can remain as it is. - **env.docker**: Setup everything to get ready for flow "docker". You need to fill in the passwords. Everything else can remain as it is. -> IMPORTANT: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings +> **IMPORTANT**: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings (under "features in development") In both env files (env.local and env.docker) you need to set _GITHUB_USERNAME_ and _GITHUB_TOKEN_ in order to be able to build the add, From aab42bc1590e62f0410c789da435614c127921a2 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 10:40:56 +0200 Subject: [PATCH 035/116] feat(devel): remove docker compose selection -> fixed to new V2 version --- dev-assets/env-files/env.docker.dist | 3 --- dev-assets/env-files/env.local.dist | 3 --- 2 files changed, 6 deletions(-) diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index e0fe37578..7e198f4b2 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -5,9 +5,6 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" -# Docker -COMPOSE_COMMAND=docker-compose - # Docker: Postgres config POSTGRES_DB=keycloak POSTGRES_USER=keycloak diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index 20fab978f..e74f01149 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -5,9 +5,6 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" -# Docker -COMPOSE_COMMAND=docker-compose - # Docker: Postgres config POSTGRES_DB=keycloak POSTGRES_USER=keycloak From d75c71903f69f9f62dad4ae2aa97e7be2fc525d4 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 10:42:10 +0200 Subject: [PATCH 036/116] feat(devel): replace check for "docker compose" plugin --- dev-assets/tasks/darwin/check-tools.yaml | 4 +++- dev-assets/tasks/linux/check-tools.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index eded7be83..d4c440b8e 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -59,7 +59,9 @@ tasks: dir: dev-assets/tasks/darwin silent: true cmds: - - ./check_bin.sh docker-compose https://www.docker.com + - echo "If following command fails execute this, if you have Docker-Desktop installed (probably will fix it) ->" + - echo "mkdir -p /usr/local/lib/docker && ln -s /Applications/Docker.app/Contents/Resources/cli-plugins /usr/local/lib/docker/cli-plugins" + - docker compose version check-jq: dir: dev-assets/tasks/darwin diff --git a/dev-assets/tasks/linux/check-tools.yaml b/dev-assets/tasks/linux/check-tools.yaml index 87eca519d..decd5f077 100644 --- a/dev-assets/tasks/linux/check-tools.yaml +++ b/dev-assets/tasks/linux/check-tools.yaml @@ -59,7 +59,7 @@ tasks: dir: dev-assets/tasks/linux silent: true cmds: - - ./check_bin.sh docker-compose https://www.docker.com + - docker compose version check-jq: dir: dev-assets/tasks/linux From 37bee283777f081b82120cf6437da19260f901b3 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 10 Jul 2023 15:57:52 +0530 Subject: [PATCH 037/116] feat: CGD-368: Check expiry date of VC during validation --- .../IssuersCredentialController.java | 19 ++++-- .../service/IssuersCredentialService.java | 32 ++++++++-- .../vc/HoldersCredentialTest.java | 62 ++++++++++++++++++- 3 files changed, 102 insertions(+), 11 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java index 5d19e4135..1e533b4b4 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java @@ -53,9 +53,15 @@ @RequiredArgsConstructor public class IssuersCredentialController extends BaseController { + /** + * The constant API_TAG_VERIFIABLE_CREDENTIAL_ISSUER. + */ public static final String API_TAG_VERIFIABLE_CREDENTIAL_ISSUER = "Verifiable Credential - Issuer"; + /** + * The constant API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION. + */ public static final String API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION = "Verifiable Credential - Validation"; - + private final IssuersCredentialService issuersCredentialService; @@ -65,6 +71,8 @@ public class IssuersCredentialController extends BaseController { * @param credentialId the credential id * @param holderIdentifier the holder identifier * @param type the type + * @param pageNumber the page number + * @param size the size * @param sortColumn the sort column * @param sortTpe the sort tpe * @param principal the principal @@ -156,7 +164,8 @@ public ResponseEntity issueFrameworkCredential(@Valid @Req /** * Credentials validation response entity. * - * @param data the data + * @param data the data + * @param withCredentialExpiryDate the with credential expiry date * @return the response entity */ @Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION) @@ -190,13 +199,15 @@ public ResponseEntity issueFrameworkCredential(@Valid @Req } """)) }) - public ResponseEntity> credentialsValidation(@RequestBody Map data) { - return ResponseEntity.status(HttpStatus.OK).body(issuersCredentialService.credentialsValidation(data)); + public ResponseEntity> credentialsValidation(@RequestBody Map data, + @Parameter(description = "Check expiry of VC") @RequestParam(name = "withCredentialExpiryDate", defaultValue = "false", required = false) boolean withCredentialExpiryDate) { + return ResponseEntity.status(HttpStatus.OK).body(issuersCredentialService.credentialsValidation(data, withCredentialExpiryDate)); } /** * Issue credential response entity. * + * @param holderDid the holder did * @param data the data * @param principal the principal * @return the response entity diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index 8618b00c8..26ebec9b5 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -133,6 +133,8 @@ protected SpecificationUtil getSpecificationUtil() { * @param type the type * @param sortColumn the sort column * @param sortType the sort type + * @param pageNumber the page number + * @param size the size * @param callerBPN the caller bpn * @return the credentials */ @@ -182,6 +184,7 @@ public PageImpl getCredentials(String credentialId, String * * @param baseWallet the base wallet * @param holderWallet the holder wallet + * @param authority the authority * @return the verifiable credential */ @Transactional(isolation = Isolation.READ_UNCOMMITTED, propagation = Propagation.REQUIRED) @@ -416,10 +419,11 @@ public VerifiableCredential issueCredentialUsingBaseWallet(String holderDid, Map /** * Credentials validation map. * - * @param data the data + * @param data the data + * @param withCredentialExpiryDate the with credential expiry date * @return the map */ - public Map credentialsValidation(Map data) { + public Map credentialsValidation(Map data, boolean withCredentialExpiryDate) { VerifiableCredential verifiableCredential = new VerifiableCredential(data); // DID Resolver Constracture params @@ -441,14 +445,34 @@ public Map credentialsValidation(Map data) { throw new BadDataException(String.format("Invalid proof type: %s", proofTye)); } - Boolean valid = proofValidation.verifiyProof(verifiableCredential); + boolean valid = proofValidation.verifiyProof(verifiableCredential); + Map response = new HashMap<>(); - response.put(StringPool.VALID, valid); + + //check expiry + boolean dateValidation = validateExpiry(withCredentialExpiryDate, verifiableCredential, response); + + response.put(StringPool.VALID, valid && dateValidation); response.put("vc", verifiableCredential); return response; } + private static boolean validateExpiry(boolean withCredentialExpiryDate, VerifiableCredential verifiableCredential, Map response) { + //validate expiry date + boolean dateValidation = true; + if (withCredentialExpiryDate) { + Instant expirationDate = verifiableCredential.getExpirationDate(); + if (expirationDate.isBefore(Instant.now())) { + dateValidation = false; + response.put(StringPool.VALIDATE_EXPIRY_DATE, false); + } else { + response.put(StringPool.VALIDATE_EXPIRY_DATE, true); + } + } + return dateValidation; + } + private void validateAccess(String callerBpn, Wallet issuerWallet) { //validate BPN access, VC must be issued by base wallet diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java index 51e3e6bbd..6934d09a2 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java @@ -47,6 +47,7 @@ import org.json.JSONArray; import org.json.JSONObject; import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.MockedStatic; @@ -217,18 +218,45 @@ void validateCredentialsWithInvalidVC() throws com.fasterxml.jackson.core.JsonPr }).thenReturn(mock); Mockito.when(mock.verifiyProof(Mockito.any(VerifiableCredential.class))).thenReturn(false); - Map stringObjectMap = credentialController.credentialsValidation(map).getBody(); + Map stringObjectMap = credentialController.credentialsValidation(map, false).getBody(); Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); } } @Test - void validateCredentials() throws com.fasterxml.jackson.core.JsonProcessingException { + @DisplayName("validate VC with date check true, it should return true") + void validateCredentialsWithExpiryCheckTrue() throws com.fasterxml.jackson.core.JsonProcessingException { //data setup Map map = issueVC(); + //service call + try (MockedStatic utils = Mockito.mockStatic(LinkedDataProofValidation.class)) { + + //mock setup + LinkedDataProofValidation mock = Mockito.mock(LinkedDataProofValidation.class); + utils.when(() -> { + LinkedDataProofValidation.newInstance(Mockito.any(SignatureType.class), Mockito.any(DidDocumentResolverRegistryImpl.class)); + }).thenReturn(mock); + Mockito.when(mock.verifiyProof(Mockito.any(VerifiableCredential.class))).thenReturn(true); + + Map stringObjectMap = credentialController.credentialsValidation(map, true).getBody(); + Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); + Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + } + } + + @Test + @DisplayName("validate expired VC with date check false, it should return true") + void validateCredentialsWithExpiryCheckFalse() throws com.fasterxml.jackson.core.JsonProcessingException { + + //data setup + Map map = issueVC(); + //modify expiry date + Instant instant = Instant.now().minusSeconds(60); + map.put("expirationDate", instant.toString()); + //service call try (MockedStatic utils = Mockito.mockStatic(LinkedDataProofValidation.class)) { @@ -240,12 +268,40 @@ void validateCredentials() throws com.fasterxml.jackson.core.JsonProcessingExcep }).thenReturn(mock); Mockito.when(mock.verifiyProof(Mockito.any(VerifiableCredential.class))).thenReturn(true); - Map stringObjectMap = credentialController.credentialsValidation(map).getBody(); + Map stringObjectMap = credentialController.credentialsValidation(map, false).getBody(); Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); } } + @Test + @DisplayName("validate expired VC with date check true, it should return false") + void validateExpiredCredentialsWithExpiryCheckTrue() throws com.fasterxml.jackson.core.JsonProcessingException { + + //data setup + Map map = issueVC(); + //modify expiry date + Instant instant = Instant.now().minusSeconds(60); + map.put("expirationDate", instant.toString()); + + //service call + try (MockedStatic utils = Mockito.mockStatic(LinkedDataProofValidation.class)) { + + //mock setup + LinkedDataProofValidation mock = Mockito.mock(LinkedDataProofValidation.class); + utils.when(() -> { + LinkedDataProofValidation.newInstance(Mockito.any(SignatureType.class), Mockito.any(DidDocumentResolverRegistryImpl.class)); + }).thenReturn(mock); + Mockito.when(mock.verifiyProof(Mockito.any(VerifiableCredential.class))).thenReturn(true); + + Map stringObjectMap = credentialController.credentialsValidation(map, true).getBody(); + Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); + Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + + } + } + + private Map issueVC() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); From e912482c8c87fa9d1f904ef26ed52d65810bf271 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 13:23:07 +0200 Subject: [PATCH 038/116] fix(devel): add missing "sudo" --- dev-assets/tasks/darwin/check-tools.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index d4c440b8e..ffa67d12e 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -60,7 +60,7 @@ tasks: silent: true cmds: - echo "If following command fails execute this, if you have Docker-Desktop installed (probably will fix it) ->" - - echo "mkdir -p /usr/local/lib/docker && ln -s /Applications/Docker.app/Contents/Resources/cli-plugins /usr/local/lib/docker/cli-plugins" + - echo "sudo mkdir -p /usr/local/lib/docker && sudo ln -s /Applications/Docker.app/Contents/Resources/cli-plugins /usr/local/lib/docker/cli-plugins" - docker compose version check-jq: From 0b2e11fb4a3d6f7b862f688da5c7f85b1ea9fe1e Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 13:24:14 +0200 Subject: [PATCH 039/116] fix(devel): split into two lines --- dev-assets/tasks/darwin/check-tools.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml index ffa67d12e..600e174ad 100644 --- a/dev-assets/tasks/darwin/check-tools.yaml +++ b/dev-assets/tasks/darwin/check-tools.yaml @@ -60,7 +60,8 @@ tasks: silent: true cmds: - echo "If following command fails execute this, if you have Docker-Desktop installed (probably will fix it) ->" - - echo "sudo mkdir -p /usr/local/lib/docker && sudo ln -s /Applications/Docker.app/Contents/Resources/cli-plugins /usr/local/lib/docker/cli-plugins" + - echo "sudo mkdir -p /usr/local/lib/docker" + - echo "sudo ln -s /Applications/Docker.app/Contents/Resources/cli-plugins /usr/local/lib/docker/cli-plugins" - docker compose version check-jq: From 187435be54f66d88dda11c152c38205223791f38 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 13:30:41 +0200 Subject: [PATCH 040/116] fix(devel): replace docker_compose env var with real command --- .github/workflows/service-build.yaml | 4 ++-- .github/workflows/veracode.yaml | 6 +++--- dev-assets/tasks/darwin/docker.yaml | 4 ++-- dev-assets/tasks/linux/docker.yaml | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/service-build.yaml b/.github/workflows/service-build.yaml index dbc30cda4..bc9d619ff 100644 --- a/.github/workflows/service-build.yaml +++ b/.github/workflows/service-build.yaml @@ -80,7 +80,7 @@ jobs: uses: veracode/veracode-uploadandscan-action@0.2.1 continue-on-error: true with: - appname: 'project-managed-identity-wallets' + appname: 'project-managed-identity-wallet' createprofile: false filepath: 'build/libs/*' # add filepath for upload vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret @@ -93,4 +93,4 @@ jobs: context: . push: true tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest${{ env.TAG_SUFFIX }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}.${{ env.SHORT_SHA }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}${{ env.TAG_SUFFIX }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index 80b22d649..2f07c5426 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -73,9 +73,9 @@ jobs: uses: veracode/veracode-uploadandscan-action@0.2.1 continue-on-error: true with: - appname: 'project-managed-identity-wallets' + appname: 'project-managed-identity-wallet' createprofile: false - filepath: 'build/install/org.eclipse.tractusx.managedidentitywallets/lib/*' # add filepath for upload + filepath: 'build/libs/*' # add filepath for upload vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret vkey: '${{ secrets.ORG_VERACODE_API_KEY }}' #reference to API Key in github, which is set as github or. secret - include: 'build/install/org.eclipse.tractusx.managedidentitywallets/lib/org.eclipse.tractusx.managedidentitywallets-*jar' + include: 'build/libs/miw-latest.jar' diff --git a/dev-assets/tasks/darwin/docker.yaml b/dev-assets/tasks/darwin/docker.yaml index 40281a440..cd3fa1fd5 100644 --- a/dev-assets/tasks/darwin/docker.yaml +++ b/dev-assets/tasks/darwin/docker.yaml @@ -36,13 +36,13 @@ tasks: cmds: - cat postgres/db.sh.tpl | envsubst > postgres/db.sh - chmod +x postgres/db.sh - - "$COMPOSE_COMMAND up {{.OPTIONS}} {{.CONTAINERS}}" + - "docker compose up {{.OPTIONS}} {{.CONTAINERS}}" stop-middleware: desc: Stop local Docker environment dir: dev-assets/docker-environment cmds: - - $COMPOSE_COMMAND down + - docker compose down - cmd: docker volume remove docker-environment_postgres_data ignore_error: true - rm -f postgres/db.sh diff --git a/dev-assets/tasks/linux/docker.yaml b/dev-assets/tasks/linux/docker.yaml index 40281a440..cd3fa1fd5 100644 --- a/dev-assets/tasks/linux/docker.yaml +++ b/dev-assets/tasks/linux/docker.yaml @@ -36,13 +36,13 @@ tasks: cmds: - cat postgres/db.sh.tpl | envsubst > postgres/db.sh - chmod +x postgres/db.sh - - "$COMPOSE_COMMAND up {{.OPTIONS}} {{.CONTAINERS}}" + - "docker compose up {{.OPTIONS}} {{.CONTAINERS}}" stop-middleware: desc: Stop local Docker environment dir: dev-assets/docker-environment cmds: - - $COMPOSE_COMMAND down + - docker compose down - cmd: docker volume remove docker-environment_postgres_data ignore_error: true - rm -f postgres/db.sh From a0ed2a4d7a51b14e3c22d1b6740c9dbebe648a49 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 14:23:32 +0200 Subject: [PATCH 041/116] feat(devel): Add DEV_ENVIRONMENT variable to env.docker.dist and env.local.dist --- dev-assets/env-files/env.docker.dist | 1 + dev-assets/env-files/env.local.dist | 1 + 2 files changed, 2 insertions(+) diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index 7e198f4b2..45e762924 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -4,6 +4,7 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" +DEV_ENVIRONMENT=docker # Docker: Postgres config POSTGRES_DB=keycloak diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index e74f01149..bd2e1cdee 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -4,6 +4,7 @@ GITHUB_TOKEN= # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" +DEV_ENVIRONMENT=local # Docker: Postgres config POSTGRES_DB=keycloak From aaeefc61546d4ed3fa6fe0c91527e73d17068f45 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 10 Jul 2023 14:33:08 +0200 Subject: [PATCH 042/116] feat: Uncomment KC_HOSTNAME in env.docker.dist and env.local.dist (is required, not optional) --- dev-assets/env-files/env.docker.dist | 2 +- dev-assets/env-files/env.local.dist | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index 45e762924..c1779fe6b 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -19,7 +19,7 @@ KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public DB_DATABASE=keycloak KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD= -#KC_HOSTNAME=keycloak +KC_HOSTNAME=keycloak # Docker: App config KEYCLOAK_CLIENT_ID=miw_private_client diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index bd2e1cdee..714576baa 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -19,7 +19,7 @@ KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public DB_DATABASE=keycloak KEYCLOAK_ADMIN=admin KEYCLOAK_ADMIN_PASSWORD= -#KC_HOSTNAME=localhost +KC_HOSTNAME=localhost # Docker: App config KEYCLOAK_CLIENT_ID=miw_private_client From 1676bc311f005f5207241d3138d690f05fb19131 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 10 Jul 2023 18:41:53 +0530 Subject: [PATCH 043/116] feat: CGD-347: manage log level at runtime --- README.md | 40 +++++++++++++++++- docs/manage_app.png | Bin 0 -> 10881 bytes .../config/security/SecurityConfig.java | 3 +- .../constant/ApplicationRole.java | 2 + src/main/resources/application.yaml | 12 +++++- 5 files changed, 54 insertions(+), 3 deletions(-) create mode 100644 docs/manage_app.png diff --git a/README.md b/README.md index 25f3ea1d0..13b8b567b 100644 --- a/README.md +++ b/README.md @@ -149,6 +149,7 @@ This process ensures that any issues with the database schema are resolved by re | SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace | | ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution | true | | CONTRACT_TEMPLATES_URL | Contract templates URL used in summary VC | https://public.catena-x.org/contracts/ | +| APP_LOG_LEVEL | Log level of application | INFO | | | | | ## Technical Debts and Known issue @@ -157,9 +158,46 @@ This process ensures that any issues with the database schema are resolved by re 2. Policies can be validated dynamically as per request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) -3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings +3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use + Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings (under "features in development") +## Logging in application + +Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values +are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO`` + +### Change log level at runtime using Spring actuator + +We can use ``/actuator/loggers`` API endpoint of actuator for log related things. This end point can be accessible with +role ``manage_app``. We can add this role to authority wallet client using keycloak as below: + +![manage_app.png](docs%2Fmanage_app.png) + +1. API to get current log settings + +```agsl +curl --location 'http://localhost:8090/actuator/loggers' \ +--header 'Authorization: Bearer access_token' +``` + +2. Change log level at runtime + +```agsl + +curl --location 'http://localhost:8090/actuator/loggers/{java package name}' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: Bearer access_token' \ +--data '{"configuredLevel":"INFO"}' + +i.e. + +curl --location 'http://localhost:8090/actuator/loggers/org.eclipse.tractusx.managedidentitywallets' \ +--header 'Content-Type: application/json' \ +--header 'Authorization: Bearer access_token' \ +--data '{"configuredLevel":"INFO"}' +``` + ## Reference of external lib 1. https://www.testcontainers.org/modules/databases/postgres/ diff --git a/docs/manage_app.png b/docs/manage_app.png new file mode 100644 index 0000000000000000000000000000000000000000..2a60b601492f01d05f1e94c76bd091b7a835ed53 GIT binary patch literal 10881 zcmb`NbyOT(m#@1UYrF|A0U8SsoS;FP27)^Y!GjYdK!6}Y8fYZJH6(a|5D2b~yAvS6 zCAfwljXTrt`_0_@&D=ZderwJBr&iUeI#Opz z#+;vlaWTi{k$1TO0JpM=f}Fm$*=|OxBfVkD{?)z%hX<7yxmn69kcF@{zSAe3oKEXL zh+S*0l@WKh| zJrcNbiqFWeIK|pBu4E>5m_$AmGc5nZ-|hV^03TIn6GYp*r`Pd8rhK+7vp)SEBc?}x z6JWPB_#9>;8o8Ir*jSfr!U;phjb{VM;JP9Iw?@`E&~b>any~6q2i09!9qvHlz+Wcu&EKC< z3W$4rSARE#vI@<@U%oLjz8={9p_Q`n@+?J{&?`wc^~BwNv0j=(0qf|Eap8(h{%^z7 z2r~6hz|*rRz%TJNdP1!QALMHExvAl^moj<|JDdRtpbGQ&agLE+_qUfyR%g+^B7`(! zg=mn6{?T~5#NmS{cK{>ouioaKIQFcYr>R7q5oU}lV_)mvRw~uvfcf|CNu_)$!1;P0 z5$G!ECd2_VJz#tu$qZ9c)CV5+I%3;@TRTk!ye<_M-)Hqw678=Av?mt_G0 zFx%W#EjIP9<*u_sF zFIKKDSG(~}1mCuXO`!xWV~VPL)#t(~xrX%c%g{fq{;>nm?P4-r*NxusV(6ZMjL9cY zL$cQnY=6y+-SpI>?>8+IY^paoRX)V+dAR4qGcrhXD7B#NiHytOUNAAY51KdI-{%Ig zt)^28B1U(m!sU!`IY&- zaby@bD>mnVlp<{%KOgE8C+ge#Gad5P=_FEqbO#pt;5glzzZ&Mun4v{nobgVzF& zcVs+||LQSQC|R})Ye(8=Y&Ra6>RK*V*g3LBqZJ!k<5!Tx4aIzuUB)K|fJe`#wN-N-8 zJ;kyAVm=h&ma=FxmlUvvg8b=g?-p4qp<3(QE6*G!lLHFP4Q{?50w)%EAC5b(??HI+fsUzA%Wj-Fc--JOy6cdefw$FnDcMXnf20LyBqFSivNf+d3KUX7m68^;h zWb>d=wtB3Ju)bACCCSb#UPHPBf9gbRa^$>N%8#*`cHD$WYLWHs5{_~;Z%o@5zU|uc zv(-cl?eKw&Nbt|92yptC%{qUw-Y@D)b0EZRCSf&^yx*yeq`+2=vL>5q)EQ??FE$i$ z#%z}RQz-$%qpzp67mV8KKyHiM_h2{U{PvCR)Ph{9Y|hn82O!AVyWY6!@+5ZUsU46Y zE+^C(N2)c#N)(NPM)tYRZI=C3Jm|ybYvhHAG@nvX1+%ljRKsZqA*sYsi>3&oD4Ri1 zDw+k$Q~*@nxP87v%Dt9eA+>QKCA2uC%Tn3CDv~rv!%Mv*VrtlS8uO`m@c@0Jr!+UJ z$6KX6hwuig^&=#xKx~BHD*I-*>7Z@ypANle0?i#;LZ;J4z4EaodZc0mxoHD9d&;fd znmBgX62Z+b|Kk&NuHj8C*@m4+tGU#PX$(JfX7nZfxq40d!Ft&NP+Pc z0vZaG%x9ua{yWu;uH0q=QR`%>y%n-5QGgOlsoN4yvfN0AE$4F`&?DEkGY(j*hsTnW z*WV9TYuM6>da!aI%7zkK+&+U-`AO4^{Z`x+d8fm(up?`0yvJ<%!=1;GM3F}8ggFe$ z?Q36MsEt2vZ+sc9Q_J@Lz4e+%Nv+kM`)UXnxy9NFtv_RZXbWSL7YXcV-7>Yj*%Xh^ z1ju9joW)BhZyCp&aF2r)_<9NvLmt2JPCd%arnnLthZFbEpWF*5Y=71MnF)t;Rx17- zbm!wm6*y)U4tykmc2QI#2&27Ool_W~R&2Y29`N2A5%8}r z*0Rs6KgS={Nmh>6Cr!vgp-l?TQ`hSKq5$mAS~x*(I6!ccfr@+Cto-q>^;-$&w3W7UlLD{{vmC^zzJi+kBJ5- zwo_-*^5WV=v=0;Jb8D3(6@yFie4oTUExX9j{GHtTh>d;;40PzAe+Zi&7&(w_s<_nS zCG!9HXYB&gkQ^>9bNQ$>RM}KJr%*BX=Y=Md-n|c@#1h;T%n8^O%!K9$O%kn0E{pV} zAKT>gWci8E`s7dx5O!=gZ~m%_C}Zkc9#xaw>`?`ImReBzt_uktOa-&^DllN>0nXC= z0Rwjc!BesI!UDaVFuGL%jLlN~b18)TN#I-BJqmaYyH8@b@TYFKrR0f>rk^kWy(i5B zSXw9c)-}Y6fdl4pa#}+jLW^a*6GGT`b>Pblo|!D&sVV5b3Mb4;Kwvf*0kRgu}J>s~0@I)RtU?t5%SkawmQ=svDGx5H}BC>X_djV9X9XQ`eoFyB5 zr#P+7l>?}M+WNY^nDpKG{c7x(pt@z1lx#pe)<52y1rLs`9I(mZb$D*2|5}?9wgx+A zPyC+o_?9M_f#P2wv;Tx^ZYnw0F&alfy7j`UyNro0Oa`TAciB_?JWHd#Ti07>Jufu# zABk7$YU>f)>8qZI|EOpgqZ#5iBsyrk z5pRi8O-|z>MK&r=8`Qgj!q=uY*`I{~D+~Qnc!83Km=SR?BSs6dyQZKE@mS68CTBOc z8RXPr-^Th|HOxG$Pn3;xUL^9>OCYsJ7vD}?TvO%`xQBqo1J;xFK8C`KSjKJ#@O6U2 zZf!R8BvcEtbvy)^LSubbzghBhGS@_f=#UMt@fMm({`Os-1fqc0$Kqo0ozY<7S*<;rr@lE>!Pgk z<#lz?NGg;v>4wR0J)!9$DM_3CQ zcdWPg+>@h-9pX9`7s5{52@(Ik_**tS!gB)6(f`-n?qJ~Il-DpFsoZ6oYb2@sr8qQI zUyE0+cmvApldkkyL(P7Pqm+pY){{tQ%*_d^8S$K+xK!QDTxj~d57-?#F|WcaDn_%O^xU)zsCu~u65aR zfUYR^|H_VzoGh{TzW)sp`nk9hdo}4mLn<2|tc^dyyFgqo`e+2dq6a^YRH{z0)cL5^ zEO(H#x;SZG)0%-II}cy@a~NNzuqI+Y&hhG#S#J4m8)deD6*`jyjWFA(c|Y1HNT!CP z2yZGpniXJgia#1&on70rm_V8Y(Y%_meExGK0|f};^|r8JFR_X4W#`m{aKliUyhA@? zq{AWQCsiAdW!b1GvhkTO5(ouQMnD(u>Jr2IMko;5!Z4Los;E>{#+4C+)9R7g%YED3 zkGDw+;TB~B_XX7u*ZVB}M{9h9r~6C$pYg>mqm0{pQe2x>G@1|QkW*vjmkL~z6z`;W z-8`mZ94;SARSGOn0?-uSpT7~@Gxa9VC-lvHmUTw5UJ#(T_)LdM9=nn&_QPAN-{b08 zHb>Igj=njDjQjLKXfsFBvU8l_8Yik|%pVuyedYh1Znh{%9^Q)EH1lkUeRmt4ba=V< zV*Uz}hug!q{%QWC>T6#{$MYSheaL=2ecy8Y+@Ry@2LvuFQeBoOP{u5JitH7JsNvt# zZ|GZS=fh-krWgjY&IseAa^8&0-wTuDZxg8fUUE!q=PZ8^>-B`bVg9{Y;7qG5#uji! z^a=(xo;`1RY>29P*>BqHemT4L>UTwsrLAXu@vJuNA<*?;CScy zBb!&9u{>@_iC^v0)CvkVPN}g24K+-kQ4--h_@}FMs^<5v>Cv~lcWNOEGj0e_67Ca3 zPbj&e!hl{QVST`35t_qzu=hsk>~4EGS{w#c4dJ31s`CvpT3w7H8|g-jbgulLoT8LlvS>5*9u@PYIx;&YIs*gl zi6-vJ3-LF6WK$8%0d#kRN6Q;tlm?Y+)Z(0jJf0dnbkl21_yY&Nk7Uzi(xDy_fz)DT zt}NM|-DM{X+kX9}7j?e?#-=}dGKDjE!#Z2woP0$SD0`hY@XP7qBdL4flurHP_}iW% z+`GGP1+QhhTe7kBCM{DG6z~ch|sdGF@b-! zR{bJcTkQ+4v(jY(FUeLryk%fncOk8|a6X8|=B;)v_K` z6yTlfcTqQ~`@$bt%N~>m0W!K# zcM&pyg(n-^IhhZHe*Lvtv19X(T3hv+BU>$Df`I@*U)CO+)eF|k>pGk2#VIJnd(Y%x z`xW*UxtdenP0twowAqIz>}rTC0?#t9y?!(x*8L8<=LYZFh&kOXJwey{98-IL&2U)%%Z6ZHR{8aComOz+sJ4Zq&P}neR{neTx%sK}Xt6(HMGA?4rz;O)cMEE+uLG!(ovm9p=V6kV?V|YyARf zeu&vIjs(C>eW7$DUeI|&#l*>_rU@{?{W?Un=T+9CL=PkKg;t5oq9k-WE1DU{YCmSD z4Bec?X+=PuEk?{Mz6uv0;|hDRkB#~J-m$@grmx2`&9ZOl!p_{QIIsCP#$<~C{#;?v zo3~UWZ{J(p)H?4K`!qLdwzE|8_}-aK+Krxl*zo&>v(f4>0^h5~iR=w*L-BbP3o1J4 z^iUxEZiA(VPkNb7I{ct+{MD6TQ3V3*WQgRE0O9CTwtHI*`YZqpJ-Wfp!N9H{s)H^$cPA+F*3nUg33M z*zx0{lrTX2kQ`8zW(qdVG1upT@!9|T^k0%`D?(p*w491mO9Jx72gtp8DUO~M`dsAu zk819)-TE)Nz3lnz4lj&OAA3NY5a8dh%n5U&)k}FG>U}uO%22komue{>#%rQQUh>8+ z0uXdsxi{ub(yj_ai1KqiMfvnGed4&eOo-P;{522hcEO1~3g8)Zz+ z)zyN~a+RK?i`j0HN3yKCVp55=Me*j%{#Xk!)(4S~C;P`TXr5qrAa9g#EIP$v$T`9o zYtyjZhk6hBmLQxmn`79Z?Pw4q9!slY+$h{`^Id%XB_XYvo!&5rT3HU$;3?m0k|w@~ zq=L2#1@ETpc0r}<1c{0H_&D~U2rt$ihG`S}o&?!QtvLaHIiyttpuU&P&w^~^iA;Tk z71k5|V48EYLB;CW>dl|QIh3}Yicq3`i5@W4E1#akj=RVe4T~XmaN8Hd+)sso}P7 z!9PYi(;TR4zIx(xjX_h{P7@r5MpENA6d*`>{J5D+_flDK&b(F3J!Z11lAYPN#=&i` z+6KRsHD>hb$OAuN3q&1C+~??%3`XkAbuRp2#r}%iRrH&!Qw{kpypZH=5K1q8OMHLj zoforZom&MpToJTs9RA^1z-Q^gFMiShxV~JU9%`YH@>g5M5sNn1LW&j8SjWNk@0xgO z(TIuSQ#{CeIz0QCz?9>PDSU`(|Lkq*ntcvH1B@TUmRHy}JMbq$>_PwtGCr{FnB=tf z&yA$n_mR3QCKgy&!}S2ujSx`%{1wTXX7 zzVoLwL{hOj4y>+c#(S65SWsE$Hx6FD6;6H(NhO>#6*bJ2u)&9EF!9S;YuHkJ50`9u z*gP8R@1n%m`uhakjk{9&&Y9SoGr181t_j5pjERBH_KlThA!z;gwrQSIFaH+mB(I4U z$KqvDy!1W@!q}cctu>rnmec8{JW<;Yar^K3eJ33K(=WZ6Wt`D#uIU)r{;qzp_tx1@ zU~O2@{Oi8F)ExPZ7?rXgCycyH?Ae?E@BG}ssaWt0j;*}$p5Mp00|_+lQojC&w^umm zq`aTVeuvOq|J&#|E)(N>^{~#dw_G<;iSc3GPJq-zmTk zc`pn>DalzZZ#Gk#7%}0u_i6(+#u(3>Fg&55_Q{iFeYo_KjD4B`DL*X0A_!_o1X4gu zvhCM_<1z#jx`IIzACd-Z8N`6USBSOdZCO<&IQU?hRN0km+T=jVz_xTa5=4>KlUm7p z7$&u>-+kb*mzLk#+}k4f>re8#_`DOxzk>yxPb%-L2Bcj)^d1`_CeXf0)_Y}31$y~T z{p#TZ1^iijD+MZ6wIu~+%|d1s0`ssJLnB)|#%(9g#A>W*2tYKq8=Jlhawxu9FNATJ zZ=;a!Blak_R*Wc7;D>Agy9N<3;nG5v?CC(S@=xA=0vc;pivJu2P|! z-(|m*8Uwx%6LE%vyjhxWiI|qPkTxQLBMeaA!`72ncdt#&R{pADv}utac8EXEdHj|u zW7EjqI%nS28jLF+sRy#-H0#opd+Tdj;OxU3;Qf%rDIc*bWIb#WhCe!ePl?J(ULb)6 z<0&MNfQy~ScG2O?{x4A7;ZXl{h&p#b3LEi5>@NO9tlWfy0gYN2T}0Fa${OrpPRxQ2 zmnM>-%7jcG-PAZwZ{r>n$Zrg>>m%0c$y6C|v=K2R1lm7g2r5!eSOWF}Wp=mHjlT)- zaAB+IJ3CU%nVj20{VSy!Mt!%@D(30R9Y{Wd5-1vmLHX^rHV-x7WW+%)V!zZW~{a3MF- z>ikV!fIX~yTHX7@^l?#W62U#KA5k{cs|%q8`VHBeFHd~-wRHxlJsrM`R9-N~>30gm zo<+AQaJyL_kPqkX7bP9Y{UwW2R@oKdW}C4j&vMpK2bqmQ42<>7O&ngI4>(e|KYt@d zpU-ClC^uhtJZmkVJNUjNDs?#|KRuxPyVne>W05ZEwVVPTZZiODUbOC~Sb7a{yX*q3 z^VaK!zBe{^w|(rcJ&=5TZMD7M8Dmq=5Rjzh`jS;TgJ2(BU$pm9EvlNlxqCIp1#bMk zbdEB=E1q=21JBAFLY7=%A;Z1%ssP-#6D5(}y1K^pPSO>*lcvjjUF}g<=bvl6zuv zd~P_1f|?cfS2uGr*`M_}i?pX6mqc8NdWn9D7N9&2Rif=N@6sa+re}!jN1S4K?!dow zFExd0m2iSbHlSPakSZ|A%rNt1?%&WSxc%Y*9}LoPZFh+!kI}z{b0G{Of9u~5>u6z$ zOeXc$HNtaO$CUF@Vx2P4O34ZDFn=F|@rM$@rH1zfo-95&r=gmvR5Yi23O4BUep)uG z24N`+gL|MymHKhlGpDg7JFm;n;NSTg+6@pxcn`x)*AscK3Q z-jdkH^01Xh$lZ$i`a_bD`j<35G5}`_%REe%oyy}ty z@INSsiz~T`09wSn#$~eaKLJz4Q@Q=ki%iWVL;Nx(zn7hwAIu3G!^5$MD}&jf8j6$8 zY_B@M%7o#^y??IyB*RXzJzd4k)-rItl?62#{2H3n_D)%^NNvea&fj-&F21+S*Wa%q2<2>PjK!$B zUV2NSW$s)l?fy@2QfLkR6Zs&-S>x!hEW%%OLSCT%Pc#zZ{~5y5(a4^ra;S~qh;S*c zwJ<`}E$_Nu&$(Q4=39TpObOqNu4&_qC9_pAt(1{R8dT!PmI~yC+K^2>_W|S}0h6HE z!5d6;t6}vp-330!3(=Eb)0LC8cRSo9aF+WW5;}AvK5M=`74%ewgA`|rX4Iz;r_*#O zrPg(7SL3?THwK*04+Bb)C@Zh=t$do?DDacbY;mk-#6*$S{s$n@HE{UcY4!QV%#Urh zPozl$8QbeYG7fCtl^02sT#!*yH-f)W9t=v@gNN3n1llHlCD2lOE$J{RhNqGrL}oW8 zpdhwZX<`2-$?NZkx&qdby5BG*ALti`nSbPf?*}pc)I$I>%9ykYureYk&WS+1SCcj^3F2t@V_J1aN!e$fi8&p6{GKkg$lX8X73QGvTbAlMwnl|}*#mc=Tp4W1Y1%(d7j{O+Pmn5q%y{}ycAMYl{f2CPY#0yv-OBD&q<6PKc0a0D{t} z-)5caqT$0kQ`bcfZnHew{*)0ajQ-yQu1_V0(a&T1ha>FWp96~qF8E-_3tQvNkIy`W zDl}MAf|DlW|HQ8V`$f*z-{j5olIL_BJ!Aa+{{D9tG~E))V%tfj76UuPL{A+2YcS^g zUhPcSyg*G`x}tW!wLM|n-Lxv0|IvOgHM2^&2&v29h%B*-13E$Fd90|*eKqbEkDSZe z$7}-gHVkOO?=h>0^INWZLldTEhWECFIk1m1Uyk(hb#R((onnHV#TX3)$V9$?B;X*a z0%qv&yBEYx8nMCp=&lzN?^{He$s%KM_s1EmiS3y(Lt4*2jZyNml~pGlz8qv}FqNiY z{2>~(Smx^x{T2ox3MXTh-7Q4wL7OeP|I^s_wF!n~hBm z15>z+UED;aoa{*-mh?$&rKqc;#k!$AFC<6N`Gn z{Xtc{+$Iz&;D@X+g03MU)YR;`>wa+mYKKWH*?nciX;iA|WKHMw0Ihh>fXz3{@M66B zCwtq9zg56-=2MKD#_rVUGk8q+g;7v;v6Q=)eO^&dSk?1AgIwwUu0z9cP|~Aw1@kWY zR&R2apg22fT=RzPPU1P#j#skzk_)}Rb@dbI^&;Kk_Jcggvdm@a!2Jpo zD6cwI1x2opic_U~eOBU_{ltl2x+P?^9B45cr)U{9SBf*FP*}9bMha&K@8tpu`KV9sg)99lJpgT`=`|O%3@tHH1p4?-$&~%lQ3+m049t z21iU)?2(fdqdO|ocgTlDi4Y^XtJhvpE?nQ1IMHa*;#LOWXD!8+XlB+E2dWZ=B+VH% z{^WCE@F0 zl@Kz Date: Tue, 11 Jul 2023 09:58:01 +0200 Subject: [PATCH 044/116] feat(doc): Extend Mac user information --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index 0a5c8d64a..c5b8b96a9 100644 --- a/README.md +++ b/README.md @@ -48,8 +48,7 @@ Description of the env files: > **IMPORTANT**: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start > at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker -> settings -(under "features in development") +> settings (under "features in development"). This should fix the issue. In both env files (env.local and env.docker) you need to set _GITHUB_USERNAME_ and _GITHUB_TOKEN_ in order to be able to build the add, @@ -176,10 +175,6 @@ This process ensures that any issues with the database schema are resolved by re request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) -3. When you are using MacOS and the MIW docker container won't start up, you can enable the docker-desktop feature "Use - Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker settings - (under "features in development") - ## Logging in application Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values From ce72062e62ab49547dd14cd7a43c487567bec3e6 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 11 Jul 2023 11:07:12 +0200 Subject: [PATCH 045/116] test(helm): add more tests for default ingress and deployment Add a new test file "ingress_test.yaml". The test checks that the ingress resource is not available rendered. In the test file "deployment_test.yaml", check that the deployment has empty values for affinity and tolerations, and that it has a nodeSelector value set. --- .../tests/default/deployment_test.yaml | 20 ++++++++++++- .../tests/default/ingress_test.yaml | 29 +++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 charts/managed-identity-wallet/tests/default/ingress_test.yaml diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml index 3ce741602..564e46fdb 100644 --- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -103,4 +103,22 @@ tests: path: spec.template.spec.containers[0].env - lengthEqual: path: spec.template.spec.containers[0].env - count: 1 \ No newline at end of file + count: 1 + + - it: should have empty values + template: templates/deployment.yaml + asserts: + - notExists: + path: spec.template.spec.affinity + - notExists: + path: spec.template.spec.tolerations + + - it: should have nodeSelector value set + template: templates/deployment.yaml + asserts: + - exists: + path: spec.template.spec.nodeSelector + - isSubset: + path: spec.template.spec.nodeSelector + content: + "kubernetes.io/os": linux diff --git a/charts/managed-identity-wallet/tests/default/ingress_test.yaml b/charts/managed-identity-wallet/tests/default/ingress_test.yaml new file mode 100644 index 000000000..19322f853 --- /dev/null +++ b/charts/managed-identity-wallet/tests/default/ingress_test.yaml @@ -0,0 +1,29 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test default ingress +chart: + version: 9.9.9+test + appVersion: 9.9.9 +tests: + - it: should not be available + template: templates/ingress.yaml + asserts: + - hasDocuments: + count: 0 From 0201b6a093ae7a8a6c5cb8751b7e090a73e9a10d Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Tue, 11 Jul 2023 12:38:39 +0200 Subject: [PATCH 046/116] add tests for presentation validation and disabled them temporarily Signed-off-by: Dominik Pinsel --- build.gradle | 2 +- .../dao/entity/HoldersCredential.java | 4 +- .../dao/entity/IssuersCredential.java | 4 +- .../service/HoldersCredentialService.java | 4 +- .../resources/db/changelog/changes/init.sql | 121 +++++----- .../config/TestContextInitializer.java | 29 ++- .../did/DidDocumentsTest.java | 64 +----- .../utils/EncryptionTest.java | 2 +- .../vc/DeleteHoldersCredentialTest.java | 61 +++-- .../vc/DismantlerHoldersCredentialTest.java | 15 +- .../vc/FrameworkHoldersCredentialTest.java | 18 +- .../vc/HoldersCredentialTest.java | 12 +- .../vc/IssuersCredentialTest.java | 12 +- .../vc/MembershipHoldersCredentialTest.java | 26 +-- .../vc/PresentationValidationTest.java | 212 ++++++++++++++++++ .../vp/PresentationTest.java | 69 ++---- .../wallet/WalletTest.java | 43 +--- 17 files changed, 430 insertions(+), 268 deletions(-) create mode 100644 src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java diff --git a/build.gradle b/build.gradle index d04d456e1..88fcd5fee 100644 --- a/build.gradle +++ b/build.gradle @@ -57,7 +57,7 @@ dependencies { testAnnotationProcessor 'org.projectlombok:lombok' testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation "org.testcontainers:testcontainers" - testImplementation "org.testcontainers:postgresql" + testImplementation 'com.h2database:h2:2.2.220' testImplementation "org.testcontainers:junit-jupiter" testImplementation group: 'com.github.dasniko', name: 'testcontainers-keycloak', version: '2.5.0' testImplementation group: 'org.mockito', name: 'mockito-inline', version: '5.2.0' diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java index b5750e14f..5b64098e0 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java @@ -52,10 +52,10 @@ public class HoldersCredential extends MIWBaseEntity { @Column(nullable = false) private String issuerDid; - @Column(nullable = false) + @Column(nullable = false, name = "credential_type") private String type; - @Column(nullable = false) + @Column(nullable = false, name="credential_data") @Convert(converter = StringToCredentialConverter.class) private VerifiableCredential data; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java index da3b2efdf..6e3ca0c99 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java @@ -52,10 +52,10 @@ public class IssuersCredential extends MIWBaseEntity { @Column(nullable = false) private String issuerDid; - @Column(nullable = false) + @Column(nullable = false, name="credential_type") private String type; - @Column(nullable = false) + @Column(nullable = false, name="credential_data") @Convert(converter = StringToCredentialConverter.class) private VerifiableCredential data; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java index 664cff8dc..78b04f8aa 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java @@ -104,11 +104,11 @@ public PageImpl getCredentials(String credentialId, String //Holder must be caller of API Wallet holderWallet = commonService.getWalletByIdentifier(callerBPN); - filterRequest.appendCriteria(StringPool.HOLDER_DID, Operator.EQUALS, holderWallet.getDid()); + filterRequest.appendCriteria(StringPool.HOLDER_DID, Operator.EQUALS, holderWallet.getDid().toString()); if (StringUtils.hasText(issuerIdentifier)) { Wallet issuerWallet = commonService.getWalletByIdentifier(issuerIdentifier); - filterRequest.appendCriteria(StringPool.ISSUER_DID, Operator.EQUALS, issuerWallet.getDid()); + filterRequest.appendCriteria(StringPool.ISSUER_DID, Operator.EQUALS, issuerWallet.getDid().toString()); } if (StringUtils.hasText(credentialId)) { diff --git a/src/main/resources/db/changelog/changes/init.sql b/src/main/resources/db/changelog/changes/init.sql index 5e2083406..ad7219d5b 100644 --- a/src/main/resources/db/changelog/changes/init.sql +++ b/src/main/resources/db/changelog/changes/init.sql @@ -1,74 +1,77 @@ --liquibase formatted sql --changeset nitin:1 -CREATE TABLE public.wallet ( - id bigserial NOT NULL, - name varchar(255) NOT NULL, - did varchar(255) NOT NULL, - bpn varchar(255) NOT NULL, - algorithm varchar(255) NOT NULL DEFAULT 'ED25519'::character varying, - did_document text NOT NULL, - created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, - modified_at timestamp(6) NULL, - modified_from varchar(255) NULL, - CONSTRAINT uk_bpn UNIQUE (bpn), - CONSTRAINT uk_did UNIQUE (did), - CONSTRAINT wallet_pkey PRIMARY KEY (id), - CONSTRAINT wallet_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn) +CREATE TABLE IF NOT EXISTS public.wallet +( + id bigserial NOT NULL, + name varchar(255) NOT NULL, + did varchar(255) NOT NULL, + bpn varchar(255) NOT NULL, + algorithm varchar(255) NOT NULL DEFAULT 'ED25519'::character varying, + did_document text NOT NULL, + created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, + modified_at timestamp(6) NULL, + modified_from varchar(255) NULL, + CONSTRAINT uk_bpn UNIQUE (bpn), + CONSTRAINT uk_did UNIQUE (did), + CONSTRAINT wallet_pkey PRIMARY KEY (id), + CONSTRAINT wallet_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE SET NULL ); COMMENT ON TABLE public.wallet IS 'This table will store wallets'; - -CREATE TABLE public.wallet_key ( - id bigserial NOT NULL, - wallet_id bigserial NOT NULL, - vault_access_token varchar(1000) NOT NULL, - reference_key varchar(255) NOT NULL, - private_key text NOT NULL, - public_key text NOT NULL, - created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, - modified_at timestamp(6) NULL, - modified_from varchar(255) NULL, - CONSTRAINT wallet_key_pkey PRIMARY KEY (id), - CONSTRAINT wallet_fk FOREIGN KEY (wallet_id) REFERENCES public.wallet(id), - CONSTRAINT wallet_key_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn) +CREATE TABLE IF NOT EXISTS public.wallet_key +( + id bigserial NOT NULL, + wallet_id bigserial NOT NULL, + vault_access_token varchar(1000) NOT NULL, + reference_key varchar(255) NOT NULL, + private_key text NOT NULL, + public_key text NOT NULL, + created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, + modified_at timestamp(6) NULL, + modified_from varchar(255) NULL, + CONSTRAINT wallet_key_pkey PRIMARY KEY (id), + CONSTRAINT wallet_fk_2 FOREIGN KEY (wallet_id) REFERENCES public.wallet (id) ON DELETE CASCADE, + CONSTRAINT wallet_key_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE CASCADE ); COMMENT ON TABLE public.wallet_key IS 'This table will store key pair of wallets'; -CREATE TABLE public.issuers_credential ( - id bigserial NOT NULL, - holder_did varchar(255) NOT NULL, - issuer_did varchar(255) NOT NULL, - credential_id varchar(255) NOT NULL, - "data" text NOT NULL, - "type" varchar(255) NULL, - created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, - modified_at timestamp(6) NULL, - modified_from varchar(255) NULL, - CONSTRAINT issuers_credential_pkey PRIMARY KEY (id), - CONSTRAINT issuers_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn), - CONSTRAINT issuers_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet(did) +CREATE TABLE IF NOT EXISTS public.issuers_credential +( + id bigserial NOT NULL, + holder_did varchar(255) NOT NULL, + issuer_did varchar(255) NOT NULL, + credential_id varchar(255) NOT NULL, + credential_data text NOT NULL, + credential_type varchar(255) NULL, + created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, + modified_at timestamp(6) NULL, + modified_from varchar(255) NULL, + CONSTRAINT issuers_credential_pkey PRIMARY KEY (id), + CONSTRAINT issuers_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE SET NULL, + CONSTRAINT issuers_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet (did) ON DELETE CASCADE ); -COMMENT ON TABLE public.issuers_credential IS 'This table will store issuers credentials'; +COMMENT ON TABLE public.issuers_credential IS 'This table will store issuers credentials'; -CREATE TABLE public.holders_credential ( - id bigserial NOT NULL, - holder_did varchar(255) NOT NULL, - issuer_did varchar(255) NOT NULL, - credential_id varchar(255) NOT NULL, - "data" text NOT NULL, - "type" varchar(255) NULL, - is_self_issued bool NOT null default false, - is_stored bool NOT null default false, - created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, - modified_at timestamp(6) NULL, - modified_from varchar(255) NULL, - CONSTRAINT holders_credential_pkey PRIMARY KEY (id), - CONSTRAINT holders_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn), - CONSTRAINT holders_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet(did) +CREATE TABLE IF NOT EXISTS public.holders_credential +( + id bigserial NOT NULL, + holder_did varchar(255) NOT NULL, + issuer_did varchar(255) NOT NULL, + credential_id varchar(255) NOT NULL, + credential_data text NOT NULL, + credential_type varchar(255) NULL, + is_self_issued bool NOT null default false, + is_stored bool NOT null default false, + created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP, + modified_at timestamp(6) NULL, + modified_from varchar(255) NULL, + CONSTRAINT holders_credential_pkey PRIMARY KEY (id), + CONSTRAINT holders_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE SET NULL, + CONSTRAINT holders_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet (did) ON DELETE CASCADE ); -COMMENT ON TABLE public.holders_credential IS 'This table will store holders credentials'; +COMMENT ON TABLE public.holders_credential IS 'This table will store holders credentials'; -COMMENT ON COLUMN public.holders_credential.is_stored IS 'true is VC is stored using store VC api(Not issued by MIW)'; \ No newline at end of file +COMMENT ON COLUMN public.holders_credential.is_stored IS 'true is VC is stored using store VC api(Not issued by MIW)'; \ No newline at end of file diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java index 640bccbd8..f4e72bfec 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java @@ -22,27 +22,35 @@ package org.eclipse.tractusx.managedidentitywallets.config; import dasniko.testcontainers.keycloak.KeycloakContainer; +import lombok.SneakyThrows; import org.springframework.boot.test.util.TestPropertyValues; import org.springframework.context.ApplicationContextInitializer; import org.springframework.context.ConfigurableApplicationContext; -import org.testcontainers.containers.PostgreSQLContainer; -public class TestContextInitializer implements ApplicationContextInitializer { +import java.net.ServerSocket; - private static final PostgreSQLContainer postgreSQLContainer = new PostgreSQLContainer("postgres:15.2"); +public class TestContextInitializer implements ApplicationContextInitializer { + private static final int port = findFreePort(); private static final KeycloakContainer KEYCLOAK_CONTAINER = new KeycloakContainer().withRealmImportFile("miw-test-realm.json"); @Override public void initialize(ConfigurableApplicationContext applicationContext) { - postgreSQLContainer.start(); KEYCLOAK_CONTAINER.start(); String authServerUrl = KEYCLOAK_CONTAINER.getAuthServerUrl(); TestPropertyValues.of( - "spring.datasource.url=" + postgreSQLContainer.getJdbcUrl(), - "spring.datasource.username=" + postgreSQLContainer.getUsername(), - "spring.datasource.password=" + postgreSQLContainer.getPassword(), + "server.port=" + port, + "miw.host: localhost:${server.port}", + "miw.enforceHttps=false", + "miw.authorityWalletBpn: BPNL000000000000", + "miw.authorityWalletName: Test-X", + "miw.authorityWalletDid: did:web:localhost%3A${server.port}:BPNL000000000000", + "spring.datasource.url=jdbc:h2:mem:testdb", + "spring.datasource.driverClassName=org.h2.Driver", + "spring.jpa.database-platform=org.hibernate.dialect.H2Dialect", + "spring.datasource.username=sa", + "spring.datasource.password=password", "miw.security.auth-server-url=" + authServerUrl, "miw.security.auth-url=${miw.security.auth-server-url}realms/${miw.security.realm}/protocol/openid-connect/auth", "miw.security.token-url=${miw.security.auth-server-url}realms/${miw.security.realm}/protocol/openid-connect/token", @@ -55,4 +63,11 @@ public void initialize(ConfigurableApplicationContext applicationContext) { public static String getAuthServerUrl() { return KEYCLOAK_CONTAINER.getAuthServerUrl(); } + + @SneakyThrows + public static int findFreePort() { + try (ServerSocket socket = new ServerSocket(0)) { + return socket.getLocalPort(); + } + } } diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java index d01ee985f..538e0c6b3 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java @@ -24,12 +24,9 @@ import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication; import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer; import org.eclipse.tractusx.managedidentitywallets.constant.RestURI; -import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; -import org.eclipse.tractusx.ssi.lib.model.did.DidDocument; +import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest; +import org.eclipse.tractusx.managedidentitywallets.service.WalletService; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -41,22 +38,15 @@ import java.util.UUID; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class DidDocumentsTest { - @Autowired - private WalletRepository walletRepository; - - @Autowired - private WalletKeyRepository walletKeyRepository; @Autowired - private HoldersCredentialRepository holdersCredentialRepository; - + private WalletService walletService; @Autowired private TestRestTemplate restTemplate; - @Test void getDidDocumentInvalidBpn404() { ResponseEntity response = restTemplate.getForEntity(RestURI.DID_DOCUMENTS, String.class, UUID.randomUUID().toString()); @@ -67,25 +57,13 @@ void getDidDocumentInvalidBpn404() { void getDidDocumentWithBpn200() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + createWallet(bpn); - createWallet(bpn, did); ResponseEntity response = restTemplate.getForEntity(RestURI.DID_DOCUMENTS, String.class, bpn); Assertions.assertEquals(HttpStatus.OK.value(), response.getStatusCode().value()); Assertions.assertNotNull(response.getBody()); } - @Test - void getDidDocumentWithDid200() { - String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; - - createWallet(bpn, did); - ResponseEntity response = restTemplate.getForEntity(RestURI.DID_DOCUMENTS, String.class, did); - Assertions.assertEquals(HttpStatus.OK.value(), response.getStatusCode().value()); - Assertions.assertNotNull(response.getBody()); - } - @Test void getDidResolveInvalidBpn404() { ResponseEntity response = restTemplate.getForEntity(RestURI.DID_RESOLVE, String.class, UUID.randomUUID().toString()); @@ -96,37 +74,17 @@ void getDidResolveInvalidBpn404() { void getDidResolveWithBpn200() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; - createWallet(bpn, did); + createWallet(bpn); ResponseEntity response = restTemplate.getForEntity(RestURI.DID_RESOLVE, String.class, bpn); Assertions.assertEquals(HttpStatus.OK.value(), response.getStatusCode().value()); Assertions.assertNotNull(response.getBody()); } - private Wallet createWallet(String bpn, String did) { - String didDocument = """ - { - "id": "did:web:localhost%3Abpn123124", - "verificationMethod": [ - { - "publicKeyMultibase": "z9mo3TUPvEntiBQtHYVXXy5DfxLGgaHa84ZT6Er2qWs4y", - "controller": "did:web:localhost%3Abpn123124", - "id": "did:web:localhost%3Abpn123124#key-1", - "type": "Ed25519VerificationKey2020" - } - ], - "@context": "https://www.w3.org/ns/did/v1" - } - """; - - Wallet wallet = Wallet.builder() - .bpn(bpn) - .did(did) - .didDocument(DidDocument.fromJson(didDocument)) - .algorithm(StringPool.ED_25519) - .name(bpn) - .build(); - return walletRepository.save(wallet); + private Wallet createWallet(String bpn) { + CreateWalletRequest createWalletRequest = new CreateWalletRequest(); + createWalletRequest.setBpn(bpn); + createWalletRequest.setName("wallet_" + bpn); + return walletService.createWallet(createWalletRequest); } } diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java index bc70ab372..4aa44d39a 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java @@ -29,7 +29,7 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.test.context.ContextConfiguration; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class EncryptionTest { diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java index b24b5d3d3..3d5e7fc5b 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java @@ -21,17 +21,24 @@ package org.eclipse.tractusx.managedidentitywallets.vc; +import lombok.SneakyThrows; import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication; import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings; import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer; import org.eclipse.tractusx.managedidentitywallets.constant.RestURI; import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential; import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential; +import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository; import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository; +import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest; +import org.eclipse.tractusx.managedidentitywallets.service.WalletService; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; -import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; +import org.eclipse.tractusx.ssi.lib.model.did.Did; +import org.eclipse.tractusx.ssi.lib.model.did.DidParser; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -43,7 +50,7 @@ import java.util.Map; import java.util.UUID; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class DeleteHoldersCredentialTest { @Autowired @@ -57,6 +64,33 @@ class DeleteHoldersCredentialTest { @Autowired private MIWSettings miwSettings; + @Autowired + private WalletService walletService; + + private String tenantBpn; + private Did tenantDid; + private String bpnOperator; + private Did operatorDid; + + @BeforeEach + @SneakyThrows + public void setup() { + tenantBpn = UUID.randomUUID().toString(); + bpnOperator = miwSettings.authorityWalletBpn(); + operatorDid = DidParser.parse(miwSettings.authorityWalletDid()); + + final CreateWalletRequest createWalletRequest = new CreateWalletRequest(); + createWalletRequest.setBpn(tenantBpn); + createWalletRequest.setName("My Test Tenant Wallet"); + final Wallet tenantWallet = walletService.createWallet(createWalletRequest); + tenantDid = DidParser.parse(tenantWallet.getDid()); + } + + @AfterEach + public void tearDown() { + Wallet tenantWallet = walletService.getWalletByIdentifier(tenantBpn, false, bpnOperator); + walletService.delete(tenantWallet.getId()); + } @Test void deleteCredentialTestWithInvalidRole403() { @@ -68,18 +102,13 @@ void deleteCredentialTestWithInvalidRole403() { @Test void deleteCredentialTest204() { - String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; - //create new wallet - TestUtils.createWallet(bpn, did, restTemplate); - //Fetch bpn credential which is auto generated while create wallet - List credentials = holdersCredentialRepository.getByHolderDid(did); + List credentials = holdersCredentialRepository.getByHolderDid(tenantDid.toString()); String type = credentials.get(0).getType(); String idToDeleted = credentials.get(0).getCredentialId(); Assertions.assertFalse(credentials.isEmpty()); - HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); + HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(tenantBpn); HttpEntity entity = new HttpEntity<>(headers); @@ -87,17 +116,18 @@ void deleteCredentialTest204() { Assertions.assertEquals(HttpStatus.NO_CONTENT.value(), response.getStatusCode().value()); - credentials = holdersCredentialRepository.getByHolderDid(did); + credentials = holdersCredentialRepository.getByHolderDid(tenantBpn); credentials.forEach(vc -> { Assertions.assertNotEquals(vc.getCredentialId(), idToDeleted); }); //check, VC should not be deleted from issuer table - List vcs = issuersCredentialRepository.getByIssuerDidAndHolderDidAndType(miwSettings.authorityWalletDid(), did, type); - IssuersCredential issuersCredential = vcs.stream() - .filter(vc -> vc.getCredentialId().equalsIgnoreCase(idToDeleted)).findFirst() - .orElse(null); - Assertions.assertNotNull(issuersCredential); + List vcs = issuersCredentialRepository.getByIssuerDidAndHolderDidAndType(miwSettings.authorityWalletDid(), tenantDid.toString(), type); + + boolean isNotDeleted = vcs.stream() + .anyMatch(vc -> vc.getCredentialId().equals(idToDeleted)); + + Assertions.assertTrue(isNotDeleted); } @Test @@ -107,5 +137,4 @@ void deleteCredentialTest404() { ResponseEntity response = restTemplate.exchange(RestURI.CREDENTIALS + "?id={id}", HttpMethod.DELETE, entity, String.class, ""); Assertions.assertEquals(HttpStatus.NOT_FOUND.value(), response.getStatusCode().value()); } - } diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DismantlerHoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DismantlerHoldersCredentialTest.java index 19f828de6..42bc558c0 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DismantlerHoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DismantlerHoldersCredentialTest.java @@ -40,6 +40,7 @@ import org.eclipse.tractusx.managedidentitywallets.dto.IssueMembershipCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.json.JSONException; import org.junit.jupiter.api.Assertions; @@ -55,7 +56,7 @@ import java.util.Set; import java.util.UUID; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class DismantlerHoldersCredentialTest { @Autowired @@ -80,7 +81,6 @@ class DismantlerHoldersCredentialTest { void issueDismantlerCredentialTest403() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; HttpHeaders headers = AuthenticationUtils.getInvalidUserHttpHeaders(); IssueMembershipCredentialRequest request = IssueMembershipCredentialRequest.builder().bpn(bpn).build(); @@ -93,7 +93,7 @@ void issueDismantlerCredentialTest403() { @Test - void issueDismantlerCredentialToBaseWalletTest201() throws JsonProcessingException, JSONException { + void issueDismantlerCredentialToBaseWalletTest201() throws JSONException { Wallet wallet = walletRepository.getByBpn(miwSettings.authorityWalletBpn()); String oldSummaryCredentialId = TestUtils.getSummaryCredentialId(wallet.getDid(), holdersCredentialRepository); ResponseEntity response = issueDismantlerCredential(miwSettings.authorityWalletBpn(), miwSettings.authorityWalletBpn()); @@ -111,7 +111,7 @@ void issueDismantlerCredentialToBaseWalletTest201() throws JsonProcessingExcepti void issueDismantlerCredentialTest201() throws JsonProcessingException, JSONException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //create wallet Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, bpn, restTemplate).getBody()); @@ -154,7 +154,7 @@ void issueDismantlerCredentialTest201() throws JsonProcessingException, JSONExce void issueDismantlerCredentialWithInvalidBpnAccess409() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //create entry Wallet wallet = TestUtils.createWallet(bpn, did, walletRepository); @@ -178,7 +178,7 @@ void issueDismantlerCredentialWithInvalidBpnAccess409() { @Test void issueDismantlerCredentialWithoutAllowedVehicleBrands() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost%3A8080:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); Wallet wallet = TestUtils.createWallet(bpn, did, walletRepository); HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); //token must contain base wallet BPN @@ -200,8 +200,7 @@ void issueDismantlerCredentialWithoutAllowedVehicleBrands() { void issueDismantlerCredentialWithDuplicateBpn409() { String bpn = UUID.randomUUID().toString(); - - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //create entry Wallet wallet = TestUtils.createWallet(bpn, did, walletRepository); diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/FrameworkHoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/FrameworkHoldersCredentialTest.java index 713b14ea7..611b72424 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/FrameworkHoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/FrameworkHoldersCredentialTest.java @@ -34,12 +34,12 @@ import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository; import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository; import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; import org.eclipse.tractusx.managedidentitywallets.dto.IssueFrameworkCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.dto.IssueMembershipCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.json.JSONException; import org.junit.jupiter.api.Assertions; @@ -58,7 +58,7 @@ import java.util.UUID; import java.util.stream.Stream; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class FrameworkHoldersCredentialTest { @Autowired @@ -66,9 +66,6 @@ class FrameworkHoldersCredentialTest { @Autowired private WalletRepository walletRepository; - @Autowired - private WalletKeyRepository walletKeyRepository; - @Autowired private TestRestTemplate restTemplate; @@ -78,13 +75,11 @@ class FrameworkHoldersCredentialTest { @Autowired private IssuersCredentialRepository issuersCredentialRepository; - private static int count = 0; - @Test void issueFrameworkCredentialTest403() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); HttpHeaders headers = AuthenticationUtils.getInvalidUserHttpHeaders(); IssueMembershipCredentialRequest request = IssueMembershipCredentialRequest.builder().bpn(bpn).build(); @@ -95,11 +90,10 @@ void issueFrameworkCredentialTest403() { Assertions.assertEquals(HttpStatus.FORBIDDEN.value(), response.getStatusCode().value()); } - @Test void issueFrameworkCredentialWithInvalidBpnAccessTest403() throws JsonProcessingException, JSONException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); TestUtils.createWallet(bpn, did, walletRepository); String type = "BehaviorTwinCredential"; @@ -148,7 +142,7 @@ void issueFrameWorkVCToBaseWalletTest201() throws JSONException, JsonProcessingE @MethodSource("getTypes") void issueFrameWorkVCTest201(IssueFrameworkCredentialRequest request) throws JsonProcessingException, JSONException { String bpn = request.getHolderIdentifier(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); String type = request.getType(); @@ -174,7 +168,7 @@ static Stream getTypes() { @DisplayName("Issue framework with invalid type") void issueFrameworkCredentialTest400() throws JsonProcessingException, JSONException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); Wallet wallet = TestUtils.createWallet(bpn, did, walletRepository); diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java index 81c61bd0a..6b532350e 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java @@ -38,6 +38,7 @@ import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; import org.eclipse.tractusx.ssi.lib.did.resolver.DidDocumentResolverRegistryImpl; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject; @@ -62,7 +63,7 @@ import java.time.Instant; import java.util.*; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) @ExtendWith(MockitoExtension.class) class HoldersCredentialTest { @@ -85,7 +86,7 @@ class HoldersCredentialTest { @Test void issueCredentialTestWithInvalidBPNAccess403() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); String type = "TestCredential"; HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders("not valid BPN"); @@ -99,7 +100,7 @@ void issueCredentialTestWithInvalidBPNAccess403() throws JsonProcessingException @Test void issueCredentialTest200() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); String type = "TestCredential"; HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); @@ -115,7 +116,6 @@ void issueCredentialTest200() throws JsonProcessingException { TestUtils.checkVC(credentials.get(0).getData(), miwSettings); Assertions.assertTrue(credentials.get(0).isSelfIssued()); Assertions.assertFalse(credentials.get(0).isStored()); - } @@ -137,7 +137,7 @@ void getCredentials200() throws com.fasterxml.jackson.core.JsonProcessingExcepti String baseDID = miwSettings.authorityWalletDid(); String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); //save wallet TestUtils.createWallet(bpn, did, walletRepository); @@ -273,7 +273,7 @@ private ResponseEntity issueVC(String bpn, String did, String type, Http //Using Builder VerifiableCredential credentialWithoutProof = verifiableCredentialBuilder - .id(URI.create(did + "#" + UUID.randomUUID().toString())) + .id(URI.create(did + "#" + UUID.randomUUID())) .context(miwSettings.vcContexts()) .type(List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, type)) .issuer(URI.create(did)) //issuer must be base wallet diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java index 9cb108dad..76b913289 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/IssuersCredentialTest.java @@ -38,6 +38,7 @@ import org.eclipse.tractusx.managedidentitywallets.dto.IssueFrameworkCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialBuilder; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject; @@ -56,7 +57,7 @@ import java.time.Instant; import java.util.*; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class IssuersCredentialTest { @@ -103,7 +104,6 @@ void getCredentials200() throws com.fasterxml.jackson.core.JsonProcessingExcepti Assertions.assertEquals(exchange.getStatusCode().value(), HttpStatus.CREATED.value()); } - HttpEntity entity = new HttpEntity<>(headers); ResponseEntity response = restTemplate.exchange(RestURI.ISSUERS_CREDENTIALS + "?holderIdentifier={did}" @@ -162,7 +162,7 @@ void issueCredentialsTestWithInvalidRole403() { @Test void issueCredentialsWithoutBaseWalletBPN403() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String holderDid = "did:web:localhost:" + bpn; + String holderDid = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); String type = "TestCredential"; HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); @@ -193,7 +193,7 @@ void issueCredentialsToBaseWallet200() throws JsonProcessingException { void issueSummaryCredentials400() throws com.fasterxml.jackson.core.JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); ResponseEntity response = issueVC(bpn, did, miwSettings.authorityWalletDid(), MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, headers); @@ -205,7 +205,7 @@ void issueSummaryCredentials400() throws com.fasterxml.jackson.core.JsonProcessi void issueCredentials200() throws com.fasterxml.jackson.core.JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); String type = "TestCredential"; HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); @@ -245,7 +245,7 @@ private ResponseEntity issueVC(String bpn, String holderDid, String issu //Using Builder VerifiableCredential credentialWithoutProof = verifiableCredentialBuilder - .id(URI.create(miwSettings.authorityWalletDid() + "#" + UUID.randomUUID().toString())) + .id(URI.create(issuerDid + "#" + UUID.randomUUID())) .context(miwSettings.vcContexts()) .type(List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, type)) .issuer(URI.create(issuerDid)) //issuer must be base wallet diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/MembershipHoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/MembershipHoldersCredentialTest.java index 5cd868af4..4669fadbc 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/MembershipHoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/MembershipHoldersCredentialTest.java @@ -34,11 +34,11 @@ import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository; import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository; import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; import org.eclipse.tractusx.managedidentitywallets.dto.IssueMembershipCredentialRequest; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.jetbrains.annotations.NotNull; import org.json.JSONException; @@ -55,7 +55,7 @@ import java.util.Objects; import java.util.UUID; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class MembershipHoldersCredentialTest { @Autowired @@ -63,8 +63,6 @@ class MembershipHoldersCredentialTest { @Autowired private WalletRepository walletRepository; - @Autowired - private WalletKeyRepository walletKeyRepository; @Autowired private TestRestTemplate restTemplate; @@ -82,7 +80,7 @@ class MembershipHoldersCredentialTest { void issueMembershipCredentialTest403() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); HttpHeaders headers = AuthenticationUtils.getInvalidUserHttpHeaders(); @@ -97,7 +95,7 @@ void issueMembershipCredentialTest403() { @Test void testIssueSummeryVCAfterDeleteSummaryVCFromHolderWallet() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); // create wallet, in background bpn and summary credential generated Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, bpn, restTemplate).getBody()); @@ -125,7 +123,7 @@ void testIssueSummeryVCAfterDeleteSummaryVCFromHolderWallet() throws JsonProcess @Test void testStoredSummaryVCTest() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); // create wallet, in background bpn and summary credential generated Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, bpn, restTemplate).getBody()); @@ -187,7 +185,7 @@ void testStoredSummaryVCTest() throws JsonProcessingException { @Test void issueMembershipCredentialToBaseWalletTest400() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); // create wallet, in background bpn and summary credential generated Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, bpn, restTemplate).getBody()); @@ -258,7 +256,7 @@ void issueMembershipCredentialToBaseWalletTest201() throws JsonProcessingExcepti TestUtils.checkVC(verifiableCredential, miwSettings); - validateTypes(verifiableCredential, miwSettings.authorityWalletBpn()); + validateTypes(verifiableCredential); List holderVCs = holdersCredentialRepository.getByHolderDidAndType(wallet.getDid(), MIWVerifiableCredentialType.MEMBERSHIP_CREDENTIAL); Assertions.assertFalse(holderVCs.isEmpty()); @@ -292,7 +290,7 @@ void issueMembershipCredentialTest201() throws JsonProcessingException, JSONExce TestUtils.checkVC(verifiableCredential, miwSettings); - validateTypes(verifiableCredential, bpn); + validateTypes(verifiableCredential); List holderVCs = holdersCredentialRepository.getByHolderDidAndType(wallet.getDid(), MIWVerifiableCredentialType.MEMBERSHIP_CREDENTIAL); Assertions.assertFalse(holderVCs.isEmpty()); @@ -316,7 +314,7 @@ void issueMembershipCredentialTest201() throws JsonProcessingException, JSONExce void issueMembershipCredentialWithInvalidBpnAccess409() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //save wallet TestUtils.createWallet(bpn, did, walletRepository); @@ -334,7 +332,7 @@ void issueMembershipCredentialWithDuplicateBpn409() { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //save wallet TestUtils.createWallet(bpn, did, walletRepository); @@ -354,8 +352,8 @@ private VerifiableCredential getVerifiableCredential(ResponseEntity resp return new VerifiableCredential(map); } - private void validateTypes(VerifiableCredential verifiableCredential, String holderBpn) { + private void validateTypes(VerifiableCredential verifiableCredential) { Assertions.assertTrue(verifiableCredential.getTypes().contains(MIWVerifiableCredentialType.MEMBERSHIP_CREDENTIAL)); - Assertions.assertEquals(verifiableCredential.getCredentialSubject().get(0).get(StringPool.HOLDER_IDENTIFIER), holderBpn); + Assertions.assertEquals(verifiableCredential.getCredentialSubject().get(0).get(StringPool.MEMBER_OF), "Test-X"); } } diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java new file mode 100644 index 000000000..f9b10a9b8 --- /dev/null +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/PresentationValidationTest.java @@ -0,0 +1,212 @@ +/* + * ******************************************************************************* + * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ****************************************************************************** + */ + +package org.eclipse.tractusx.managedidentitywallets.vc; + +import lombok.*; +import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication; +import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings; +import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer; +import org.eclipse.tractusx.managedidentitywallets.constant.RestURI; +import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; +import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; +import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest; +import org.eclipse.tractusx.managedidentitywallets.dto.IssueMembershipCredentialRequest; +import org.eclipse.tractusx.managedidentitywallets.exception.WalletNotFoundProblem; +import org.eclipse.tractusx.managedidentitywallets.service.IssuersCredentialService; +import org.eclipse.tractusx.managedidentitywallets.service.PresentationService; +import org.eclipse.tractusx.managedidentitywallets.service.WalletService; +import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; +import org.eclipse.tractusx.ssi.lib.model.did.Did; +import org.eclipse.tractusx.ssi.lib.model.did.DidParser; +import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; +import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation; +import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationBuilder; +import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationType; +import org.eclipse.tractusx.ssi.lib.serialization.SerializeUtil; +import org.junit.jupiter.api.*; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.client.TestRestTemplate; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.test.context.ContextConfiguration; +import org.testcontainers.shaded.com.fasterxml.jackson.databind.ObjectMapper; + +import java.net.URI; +import java.util.Base64; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@ContextConfiguration(initializers = {TestContextInitializer.class}) +@Disabled("Disabled until Membership Credentials are Json-LD compliant") +public class PresentationValidationTest { + + private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); + + @Autowired + private WalletService walletService; + @Autowired + private IssuersCredentialService issuersCredentialService; + @Autowired + private PresentationService presentationService; + @Autowired + private TestRestTemplate restTemplate; + @Autowired + private MIWSettings miwSettings; + + private final String bpnTenant_1 = UUID.randomUUID().toString(); + private final String bpnTenant_2 = UUID.randomUUID().toString(); + private String bpnOperator; + private Did tenant_1; + private Did tenant_2; + private VerifiableCredential membershipCredential_1; + private VerifiableCredential membershipCredential_2; + + @BeforeEach + public void setup() { + bpnOperator = miwSettings.authorityWalletBpn(); + + final CreateWalletRequest createWalletRequest = new CreateWalletRequest(); + createWalletRequest.setBpn(bpnTenant_1); + createWalletRequest.setName("My Test Tenant Wallet"); + final Wallet tenantWallet = walletService.createWallet(createWalletRequest); + tenant_1 = DidParser.parse(tenantWallet.getDid()); + + final CreateWalletRequest createWalletRequest2 = new CreateWalletRequest(); + createWalletRequest2.setBpn(bpnTenant_2); + createWalletRequest2.setName("My Test Tenant Wallet"); + final Wallet tenantWallet2 = walletService.createWallet(createWalletRequest2); + tenant_2 = DidParser.parse(tenantWallet2.getDid()); + + final IssueMembershipCredentialRequest issueMembershipCredentialRequest = new IssueMembershipCredentialRequest(); + issueMembershipCredentialRequest.setBpn(bpnTenant_1); + membershipCredential_1 = issuersCredentialService.issueMembershipCredential(issueMembershipCredentialRequest, bpnOperator); + + final IssueMembershipCredentialRequest issueMembershipCredentialRequest2 = new IssueMembershipCredentialRequest(); + issueMembershipCredentialRequest2.setBpn(bpnTenant_2); + membershipCredential_2 = issuersCredentialService.issueMembershipCredential(issueMembershipCredentialRequest2, bpnOperator); + } + + @AfterEach + public void cleanUp(){ + try { + Wallet tenantWallet = walletService.getWalletByIdentifier(bpnTenant_1, false, bpnOperator); + walletService.delete(tenantWallet.getId()); + } catch (WalletNotFoundProblem e) { + // ignore + } + try { + Wallet tenantWallet = walletService.getWalletByIdentifier(bpnTenant_2, false, bpnOperator); + walletService.delete(tenantWallet.getId()); + } catch (WalletNotFoundProblem e) { + // ignore + } + } + + @Test + public void testSuccessfulValidation() { + final Map presentation = createPresentationJwt(membershipCredential_1, tenant_1); + VerifiablePresentationValidationResponse response = validateJwtOfCredential(presentation); + Assertions.assertTrue(response.valid); + } + + @Test + public void testValidationFailureOfCredentialWitInvalidExpirationDate() { + // test is related to this old issue where the signature check still succeeded + // https://github.com/eclipse-tractusx/SSI-agent-lib/issues/4 + final VerifiableCredential copyCredential = new VerifiableCredential(membershipCredential_1); + // e.g. an attacker tries to extend the validity of a verifiable credential + copyCredential.put(VerifiableCredential.EXPIRATION_DATE, "2500-09-30T22:00:00Z"); + final Map presentation = createPresentationJwt(copyCredential, tenant_1); + VerifiablePresentationValidationResponse response = validateJwtOfCredential(presentation); + Assertions.assertFalse(response.valid); + } + + @Test + @SneakyThrows + public void testValidationFailureOfPresentationPayloadManipulation() { + final Map presentation = createPresentationJwt(membershipCredential_1, tenant_1); + + final String jwt = (String) presentation.get(StringPool.VP); + final String payload = jwt.split("\\.")[1]; + Base64.Decoder decoder = Base64.getUrlDecoder(); + Base64.Encoder encoder = Base64.getUrlEncoder(); + + final byte[] payloadDecoded = decoder.decode(payload); + final Map payloadMap = OBJECT_MAPPER.readValue(payloadDecoded, Map.class); + + // replace with credential of another tenant + final VerifiablePresentation newPresentation = new VerifiablePresentationBuilder() + .context(List.of(VerifiablePresentation.DEFAULT_CONTEXT)) + .id(URI.create(UUID.randomUUID().toString())) + .type(List.of(VerifiablePresentationType.VERIFIABLE_PRESENTATION)) + .verifiableCredentials(List.of(membershipCredential_2)) + .build(); + payloadMap.put("vp", newPresentation); + final String newPayloadJson = OBJECT_MAPPER.writeValueAsString(payloadMap); + final String newPayloadEncoded = encoder.encodeToString(newPayloadJson.getBytes()); + + final String newJwt = jwt.split("\\.")[0] + "." + newPayloadEncoded + "." + jwt.split("\\.")[2]; + + VerifiablePresentationValidationResponse response = validateJwtOfCredential(Map.of( + StringPool.VP, newJwt + )); + Assertions.assertNotEquals(jwt, newJwt); + Assertions.assertFalse(response.valid, String.format("The validation should fail because the vp is manipulated.\nOriginal JWT: %s\nNew JWT: %s", jwt, newJwt)); + } + + @SneakyThrows + private VerifiablePresentationValidationResponse validateJwtOfCredential(Map presentationJwt) { + final HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); + headers.set("Content-Type", "application/json"); + final HttpEntity entity = new HttpEntity<>(presentationJwt, headers); + + final ResponseEntity response = restTemplate.exchange(RestURI.API_PRESENTATIONS_VALIDATION + "?asJwt=true", HttpMethod.POST, entity, String.class); + + if (response.getStatusCode().is2xxSuccessful()) { + return OBJECT_MAPPER.readValue(response.getBody(), VerifiablePresentationValidationResponse.class); + } + + throw new RuntimeException(String.format("JWT:\n%s\nResponse: %s", + SerializeUtil.toPrettyJson(presentationJwt), + OBJECT_MAPPER.writeValueAsString(response))); + } + + private Map createPresentationJwt(VerifiableCredential verifiableCredential, Did issuer) { + return presentationService.createPresentation(Map.of(StringPool.VERIFIABLE_CREDENTIALS, List.of(verifiableCredential)), + true, issuer.toString(), issuer.toString()); + } + + @Getter + @Setter + @Builder + @AllArgsConstructor + @NoArgsConstructor + private static class VerifiablePresentationValidationResponse { + boolean valid; + String vp; + } +} diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java index 0190cfbae..7960135c4 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java @@ -26,6 +26,7 @@ import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.SignedJWT; import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication; +import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings; import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer; import org.eclipse.tractusx.managedidentitywallets.constant.MIWVerifiableCredentialType; import org.eclipse.tractusx.managedidentitywallets.constant.RestURI; @@ -34,17 +35,15 @@ import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential; import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository; -import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; -import org.eclipse.tractusx.managedidentitywallets.service.PresentationService; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; import org.eclipse.tractusx.ssi.lib.did.resolver.DidDocumentResolverRegistry; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.exception.DidDocumentResolverNotRegisteredException; import org.eclipse.tractusx.ssi.lib.exception.JwtException; import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtVerifier; import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.mockito.MockedConstruction; import org.mockito.Mockito; @@ -60,13 +59,10 @@ import java.util.Map; import java.util.UUID; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class PresentationTest { - @Autowired - private WalletRepository walletRepository; - @Autowired private TestRestTemplate restTemplate; @@ -77,14 +73,14 @@ class PresentationTest { private ObjectMapper objectMapper; @Autowired - private PresentationService presentationService; + private PresentationController presentationController; @Autowired - private PresentationController presentationController; + private MIWSettings miwSettings; @Test - void validateVPAssJsonLd400() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException, InterruptedException { + void validateVPAssJsonLd400() throws JsonProcessingException { //create VP String bpn = UUID.randomUUID().toString(); String audience = "companyA"; @@ -101,31 +97,22 @@ void validateVPAssJsonLd400() throws JsonProcessingException, DidDocumentResolve @Test - @Disabled("Temporarily disabled, as presentation validation requires real did resolving, which does not work yet for integration tests") - void validateVPAsJwt() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException, InterruptedException { + void validateVPAsJwt() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); String audience = "companyA"; ResponseEntity vpResponse = createBpnVCAsJwt(bpn, audience); Map body = vpResponse.getBody(); - try (MockedConstruction SignedJwtVerifierMock = Mockito.mockConstruction(SignedJwtVerifier.class)) { - DidDocumentResolverRegistry didDocumentResolverRegistry = Mockito.mock(DidDocumentResolverRegistry.class); - SignedJwtVerifier signedJwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry); - - Mockito.doReturn(true).when(signedJwtVerifier).verify(Mockito.any(SignedJWT.class)); + ResponseEntity> mapResponseEntity = presentationController.validatePresentation(body, null, true, false); - ResponseEntity> mapResponseEntity = presentationController.validatePresentation(body, null, true, false); + Map map = mapResponseEntity.getBody(); - Map map = mapResponseEntity.getBody(); - - Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); - Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_AUDIENCE)); - Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_EXPIRY_DATE)); - } + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); + Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_AUDIENCE)); + Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_EXPIRY_DATE)); } @Test - @Disabled("Temporarily disabled, as presentation validation requires real did resolving, which does not work yet for integration tests") void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidation() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException, InterruptedException { //create VP String bpn = UUID.randomUUID().toString(); @@ -154,36 +141,26 @@ void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidatio } @Test - @Disabled("Temporarily disabled, as presentation validation requires real did resolving, which does not work yet for integration tests") - void validateVPAsJwtWithValidAudienceAndDateValidation() throws JsonProcessingException, DidDocumentResolverNotRegisteredException, JwtException { + void validateVPAsJwtWithValidAudienceAndDateValidation() throws JsonProcessingException{ //create VP String bpn = UUID.randomUUID().toString(); String audience = "companyA"; ResponseEntity vpResponse = createBpnVCAsJwt(bpn, audience); Map body = vpResponse.getBody(); - try (MockedConstruction mocked = Mockito.mockConstruction(SignedJwtVerifier.class)) { - - DidDocumentResolverRegistry didDocumentResolverRegistry = Mockito.mock(DidDocumentResolverRegistry.class); - SignedJwtVerifier signedJwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry); - Mockito.doReturn(true).when(signedJwtVerifier).verify(Mockito.any(SignedJWT.class)); - + ResponseEntity> mapResponseEntity = presentationController.validatePresentation(body, audience, true, true); - ResponseEntity> mapResponseEntity = presentationController.validatePresentation(body, audience, true, true); + Map map = mapResponseEntity.getBody(); - Map map = mapResponseEntity.getBody(); - - Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); - Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); - Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); - - } + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); } @Test void createPresentationAsJWT201() throws JsonProcessingException, ParseException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); String audience = "companyA"; ResponseEntity vpResponse = createBpnVCAsJwt(bpn, audience); Assertions.assertEquals(vpResponse.getStatusCode().value(), HttpStatus.CREATED.value()); @@ -197,7 +174,7 @@ void createPresentationAsJWT201() throws JsonProcessingException, ParseException } private ResponseEntity createBpnVCAsJwt(String bpn, String audience) throws JsonProcessingException { - String didWeb = "did:web:localhost:" + bpn; + String didWeb = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); Map request = getIssueVPRequest(bpn); @@ -215,7 +192,7 @@ private ResponseEntity createBpnVCAsJwt(String bpn, String audience) throws void createPresentationAsJsonLD201() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String didWeb = "did:web:localhost:" + bpn; + String didWeb = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); Map request = getIssueVPRequest(bpn); @@ -232,7 +209,7 @@ void createPresentationAsJsonLD201() throws JsonProcessingException { @Test void createPresentationWithInvalidBPNAccess403() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String didWeb = "did:web:localhost:" + bpn; + String didWeb = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); Map request = getIssueVPRequest(bpn); @@ -248,7 +225,7 @@ void createPresentationWithInvalidBPNAccess403() throws JsonProcessingException @Test void createPresentationWithMoreThenOneVC400() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String didWeb = "did:web:localhost:" + bpn; + String didWeb = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); ResponseEntity response = TestUtils.createWallet(bpn, bpn, restTemplate); Assertions.assertEquals(response.getStatusCode().value(), HttpStatus.CREATED.value()); diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java index 83806e8ec..e74954030 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java @@ -39,12 +39,14 @@ import org.eclipse.tractusx.managedidentitywallets.service.WalletService; import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils; import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils; +import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredentialSubject; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; @@ -56,7 +58,7 @@ import java.util.*; -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class}) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class}) @ContextConfiguration(initializers = {TestContextInitializer.class}) class WalletTest { @@ -175,7 +177,7 @@ void createWalletTest201() throws JsonProcessingException, JSONException { void storeCredentialsTest201() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); TestUtils.createWallet(bpn, "name", restTemplate); ResponseEntity response = storeCredential(bpn, did); @@ -251,7 +253,7 @@ void storeCredentialsWithDifferentBPNAccess403() throws JsonProcessingException void storeCredentialsWithDifferentHolder403() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); TestUtils.createWallet(bpn, "name", restTemplate); HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders("Some random pbn"); @@ -311,7 +313,7 @@ void getWalletByIdentifierBPNTest200() throws JsonProcessingException { String name = "Sample Name"; //Create entry - TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); + Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); //get wallet without credentials HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn); @@ -324,18 +326,6 @@ void getWalletByIdentifierBPNTest200() throws JsonProcessingException { Assertions.assertEquals(HttpStatus.OK.value(), getWalletResponse.getStatusCode().value()); Assertions.assertNotNull(getWalletResponse.getBody()); Assertions.assertEquals(body.getBpn(), bpn); - - //get wallet without credentials with authority wallet - headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); - - entity = new HttpEntity<>(headers); - - getWalletResponse = restTemplate.exchange(RestURI.API_WALLETS_IDENTIFIER + "?withCredentials={withCredentials}", HttpMethod.GET, entity, String.class, bpn, "false"); - - body = TestUtils.getWalletFromString(getWalletResponse.getBody()); - Assertions.assertEquals(HttpStatus.OK.value(), getWalletResponse.getStatusCode().value()); - Assertions.assertNotNull(getWalletResponse.getBody()); - Assertions.assertEquals(body.getBpn(), bpn); } @@ -343,9 +333,9 @@ void getWalletByIdentifierBPNTest200() throws JsonProcessingException { void getWalletByIdentifierBPNWithCredentialsTest200() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); String name = "Sample Name"; - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //Create entry - TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); + Wallet wallet = TestUtils.getWalletFromString(TestUtils.createWallet(bpn, name, restTemplate).getBody()); //store credentials ResponseEntity response = storeCredential(bpn, did); @@ -363,22 +353,10 @@ void getWalletByIdentifierBPNWithCredentialsTest200() throws JsonProcessingExcep Assertions.assertNotNull(getWalletResponse.getBody()); Assertions.assertEquals(3, body.getVerifiableCredentials().size()); //BPN VC + Summery VC + Stored VC Assertions.assertEquals(body.getBpn(), bpn); - - ///get wallet with credentials with authority wallet - headers = AuthenticationUtils.getValidUserHttpHeaders(miwSettings.authorityWalletBpn()); - - entity = new HttpEntity<>(headers); - - getWalletResponse = restTemplate.exchange(RestURI.API_WALLETS_IDENTIFIER + "?withCredentials={withCredentials}", HttpMethod.GET, entity, String.class, bpn, "true"); - - body = TestUtils.getWalletFromString(getWalletResponse.getBody()); - Assertions.assertEquals(HttpStatus.OK.value(), getWalletResponse.getStatusCode().value()); - Assertions.assertNotNull(getWalletResponse.getBody()); - Assertions.assertEquals(3, body.getVerifiableCredentials().size()); //BPN VC + Summery VC + Stored VC - Assertions.assertEquals(body.getBpn(), bpn); } @Test + @Disabled("the endpoint has an issue that prevents resolving did with a port number") void getWalletByIdentifierDidTest200() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); @@ -400,7 +378,6 @@ void getWalletByIdentifierDidTest200() throws JsonProcessingException { Assertions.assertEquals(body.getBpn(), bpn); } - @Test void getWalletInvalidBpn404() { HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(); @@ -429,7 +406,7 @@ void getWallets200() throws JsonProcessingException { String bpn = UUID.randomUUID().toString(); String name = "Sample Name"; - String did = "did:web:localhost:" + bpn; + String did = DidWebFactory.fromHostnameAndPath(miwSettings.host(), bpn).toString(); //Create entry TestUtils.createWallet(bpn, name, restTemplate); From 0b05e15bfd9e366d80c9004f0b3e9b5aea255438 Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Tue, 11 Jul 2023 17:07:08 +0530 Subject: [PATCH 047/116] feat: updated context url of did document and test case --- .../managedidentitywallets/config/MIWSettings.java | 3 ++- .../managedidentitywallets/service/WalletService.java | 11 +++++++++++ src/main/resources/application.yaml | 1 + .../managedidentitywallets/wallet/WalletTest.java | 6 +++++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java index 32ee74979..95c3bb747 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java @@ -38,5 +38,6 @@ public record MIWSettings(String host, String encryptionKey, String authorityWal List vcContexts, List summaryVcContexts, @DateTimeFormat(pattern = "dd-MM-yyyy") Date vcExpiryDate, Set supportedFrameworkVCTypes, - boolean enforceHttps, String contractTemplatesUrl) { + boolean enforceHttps, String contractTemplatesUrl, + List didDocumentContextUrls) { } \ No newline at end of file diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java index 0de7d4a83..8a59b231b 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java @@ -61,6 +61,7 @@ import org.springframework.transaction.annotation.Transactional; import java.io.StringWriter; +import java.net.URI; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -221,6 +222,16 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority) { didDocumentBuilder.id(did.toUri()); didDocumentBuilder.verificationMethods(List.of(jwkVerificationMethod)); DidDocument didDocument = didDocumentBuilder.build(); + //modify context URLs + List context = didDocument.getContext(); + List mutableContext = new ArrayList<>(); + mutableContext.addAll(context); + miwSettings.didDocumentContextUrls().forEach(uri -> { + if (!mutableContext.contains(uri)) { + mutableContext.add(uri); + } + }); + didDocument.put("@context", mutableContext); didDocument = DidDocument.fromJson(didDocument.toJson()); log.debug("did document created for bpn ->{}", request.getBpn()); diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 830837092..15bd84c9b 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -81,6 +81,7 @@ miw: supportedFrameworkVCTypes: ${SUPPORTED_FRAMEWORK_VC_TYPES:PcfCredential, SustainabilityCredential, QualityCredential, TraceabilityCredential, BehaviorTwinCredential, ResiliencyCredential} enforceHttps: ${ENFORCE_HTTPS_IN_DID_RESOLUTION:true} contractTemplatesUrl: ${CONTRACT_TEMPLATES_URL:https://public.catena-x.org/contracts/} + didDocumentContextUrls: ${DID_DOCUMENT_CONTEXT_URL:https://www.w3.org/ns/did/v1,https://w3c.github.io/vc-jws-2020/contexts/v1} security: enabled: true realm: ${KEYCLOAK_REALM:miw_test} diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java index 83806e8ec..1b69f336f 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/wallet/WalletTest.java @@ -53,6 +53,7 @@ import org.springframework.http.*; import org.springframework.test.context.ContextConfiguration; +import java.net.URI; import java.util.*; @@ -131,6 +132,10 @@ void createWalletTest201() throws JsonProcessingException, JSONException { Assertions.assertNotNull(response.getBody()); Assertions.assertNotNull(wallet.getDidDocument()); + List context = wallet.getDidDocument().getContext(); + miwSettings.didDocumentContextUrls().forEach(uri -> { + Assertions.assertTrue(context.contains(uri)); + }); Assertions.assertEquals(wallet.getBpn(), bpn); Assertions.assertEquals(wallet.getName(), name); @@ -139,7 +144,6 @@ void createWalletTest201() throws JsonProcessingException, JSONException { Assertions.assertEquals(walletFromDB.getName(), name); Assertions.assertNotNull(walletFromDB); WalletKey walletKey = walletKeyRepository.getByWalletId(walletFromDB.getId()); - Assertions.assertNotNull(wallet.getDidDocument()); Assertions.assertNotNull(walletKey); Assertions.assertEquals(walletFromDB.getBpn(), bpn); From 3c0878f3942c682fc3042f4c8e2b95bfee2acdcf Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 11 Jul 2023 14:05:27 +0200 Subject: [PATCH 048/116] test(ci): add comment --- .github/workflows/chart-lint.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 1c492e45d..d815070ef 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -52,6 +52,7 @@ jobs: - name: Run chart-testing (lint) run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/chart-testing-config.yaml + # run chart unittest - name: Run Helm unittests run: task helm:unittest From 13d7b1e18ea6f768c09bbc41413d7dcf3a254542 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 11 Jul 2023 14:06:41 +0200 Subject: [PATCH 049/116] test(ci): add test values for chart test action "Lint and Test Charts" in CI --- .../ci/all-values.yaml | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 charts/managed-identity-wallet/ci/all-values.yaml diff --git a/charts/managed-identity-wallet/ci/all-values.yaml b/charts/managed-identity-wallet/ci/all-values.yaml new file mode 100644 index 000000000..9bd555e24 --- /dev/null +++ b/charts/managed-identity-wallet/ci/all-values.yaml @@ -0,0 +1,56 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +image: + tag: "latest-java-did-web" + +secrets: + DB_USER_NAME: postgres + DB_PASSWORD: ci_test + ENCRYPTION_KEY: d6aab34fb68e090c2789a9b1a67648d3 + KEYCLOAK_CLIENT_ID: mit_ci_test + +envs: + DB_HOST: managed-identity-wallet-postgresql + MIW_HOST_NAME: miw.local + KEYCLOAK_REALM: MIW + AUTH_SERVER_URL: https://localhost/auth + AUTHORITY_WALLET_DID: "did:web:miw.local:BPNL000000000000" + AUTHORITY_WALLET_BPN: "BPNL000000000000" + +ingress: + enabled: true + hosts: + - host: miw.local + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: miw-secret + hosts: + - miw.local + +postgresql: + primary: + initdb: + password: pg_test_ci + auth: + password: ci_test + postgresPassword: pg_test_ci + username: postgres From 7d3892cc0f1728a993e26264ce4c2977e5a1e059 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 12 Jul 2023 11:42:19 +0200 Subject: [PATCH 050/116] chore(ci): update filepath for veracode upload in workflows Updates the filepath for the Veracode upload in the workflows to 'build/libs/miw-latest.jar'. --- .github/workflows/veracode.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index 2f07c5426..83e0e6593 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -75,7 +75,7 @@ jobs: with: appname: 'project-managed-identity-wallet' createprofile: false - filepath: 'build/libs/*' # add filepath for upload + filepath: 'build/libs/miw-latest.jar' # add filepath for upload vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret vkey: '${{ secrets.ORG_VERACODE_API_KEY }}' #reference to API Key in github, which is set as github or. secret - include: 'build/libs/miw-latest.jar' + #include: 'build/libs/miw-latest.jar' From a5d2a2e448de43384b49c897490bedb7f7d1c3ba Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 12 Jul 2023 15:20:23 +0200 Subject: [PATCH 051/116] add development documentation Signed-off-by: Dominik Pinsel --- docs/Development.md | 108 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 docs/Development.md diff --git a/docs/Development.md b/docs/Development.md new file mode 100644 index 000000000..d47ebd71e --- /dev/null +++ b/docs/Development.md @@ -0,0 +1,108 @@ +# Development Process + +## Branching + +The **Managed Identity Wallets** project adheres to +the [Gitflow Workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow). + +Gitflow is a branching model and workflow for managing version control in software development projects using Git. It +provides a structured approach to organizing branches, releases, and collaboration among team members. + +The Gitflow workflow consists of two main branches: "master" and "develop." The "master" branch represents the stable +and production-ready state of the project, while the "develop" branch serves as the main integration branch for ongoing +development. + +In addition to these two main branches, Gitflow introduces several supporting branches. Feature branches are created off +the "develop" branch and used for implementing new features or changes. Once a feature is complete, it is merged back +into the "develop" branch. Release branches are created from the "develop" branch to prepare for a new release. Bug +fixes and hotfixes are typically made in separate branches derived from the "master" branch and merged back into both " +master" and "develop" branches. + +The Gitflow model promotes a structured and controlled release process. When a stable and tested state is reached in +the "develop" branch, a release branch is created. This branch allows for final testing, bug fixes, and the preparation +of release-related documentation. Once the release is ready, it is merged into both the "master" and "develop" branches, +with the "master" branch receiving a version tag. + +## Commits + +The **Managed Identity Wallets** project adheres to +the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). + +Conventional commits are a standardized way of formatting commit messages in software development projects. The +Conventional Commits specification provides guidelines for writing commit messages that are human-readable, informative, +and can be easily parsed by automated tools. + +The format of a conventional commit message typically consists of a type, an optional scope, and a subject. The type +indicates the purpose or nature of the commit, such as "feat" for a new feature, "fix" for a bug fix, "docs" for +documentation changes, and so on. The scope is optional and represents the module or component of the project being +modified. The subject is a brief and descriptive summary of the changes made in the commit. + +The conventional commit structure is as follows: +> `([optional scope]): ` +> +> `[optional body]` +> +> `[optional footer(s)]` + +Commonly used types include: + +- `feat` +- `fix` +- `ci` +- `chore` +- `docs` +- `refactor` +- `test` + +For BREAKING CHANGES use the following _footer_: + +- `BREAKING CHANGE: ` + +--- + +Example of a commit that introduces breaking changes. To draw additional attention to the breaking changes, the commit +scope is prefixed with an exclamation mark: +> chore(ci)!: drop support for Java 11 +> +> BREAKING CHANGE: Java 11 features not available in the new version. + +_Please note_: Putting a `!` next to the scope, without the breaking change footer, will not trigger a major release! + +--- + +## Versioning + +The **Managed Identity Wallets** project adheres to [semantic versioning](https://semver.org/). + +Semantic versioning is a versioning scheme commonly used in software development to convey information about changes and +compatibility between different versions of a software package. It consists of three numbers separated by periods, +following the format MAJOR.MINOR.PATCH. + +The MAJOR version indicates significant changes that could potentially break backward compatibility. This means that +when the MAJOR version is incremented, it implies that there are incompatible changes, and developers need to make +updates to their code to ensure compatibility. + +The MINOR version represents added functionality or features in a backwards-compatible manner. It indicates that the +software has been enhanced with new features, but existing functionality remains intact, allowing developers to update +their code without any major modifications. + +The PATCH version signifies backward-compatible bug fixes or small updates, such as addressing security vulnerabilities +or resolving minor issues. It indicates that changes have been made to improve the software's stability or security +without introducing new features or breaking existing functionality. + +By adhering to semantic versioning, developers can communicate the nature of changes in their software releases +effectively. This scheme helps users and developers understand the impact of an update on compatibility and +functionality, making it easier to manage dependencies and ensure smooth integration within software ecosystems. + +This project uses the [Semantic Release GitHub Action](https://semantic-release.gitbook.io/semantic-release/) to +automate the release process. This action analyzes commit messages to determine the type of changes and automatically +sets the version number accordingly. It also generates a changelog based on commit messages and publishes the release to +a repository. + +These are some commits with their corresponding semantic release types: + +| Commit Message | Release Type | +|:----------------------------------------------------------------------------------------------------|:-------------| +| fix(typo): correct minor typos in code | Patch | +| feat: add new feature | Minor | +| feat: add new feature that breaks backward compatibility

BREAKING CHANGE: \ | Major | \ No newline at end of file From 2cd53948ceb7c15a2683594deeff17102914ac05 Mon Sep 17 00:00:00 2001 From: Dominik-Pinsel Date: Wed, 12 Jul 2023 16:17:30 +0200 Subject: [PATCH 052/116] Update Development.md --- docs/Development.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Development.md b/docs/Development.md index d47ebd71e..a5fda98e1 100644 --- a/docs/Development.md +++ b/docs/Development.md @@ -105,4 +105,4 @@ These are some commits with their corresponding semantic release types: |:----------------------------------------------------------------------------------------------------|:-------------| | fix(typo): correct minor typos in code | Patch | | feat: add new feature | Minor | -| feat: add new feature that breaks backward compatibility

BREAKING CHANGE: \ | Major | \ No newline at end of file +| feat: add new feature that breaks backward compatibility

BREAKING CHANGE: \ | Major | From 590d56a7d990799fa985f81447f3b4be6b35d653 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 12 Jul 2023 22:58:09 +0200 Subject: [PATCH 053/116] fix(ci): adjust gradle build command and remove unused code --- .github/workflows/veracode.yaml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index 83e0e6593..d3fae3698 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -62,12 +62,7 @@ jobs: - name: Build with Gradle uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 with: - arguments: build - - - name: Create dist - uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 - with: - arguments: installDist + arguments: build -PgithubToken=${{ secrets.GITHUB_TOKEN }} - name: Veracode Upload And Scan uses: veracode/veracode-uploadandscan-action@0.2.1 From 4532aa7611c54270e20e2adec8be24cad21eed20 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 13 Jul 2023 00:12:57 +0200 Subject: [PATCH 054/116] fix(ci): fix test values for helm test in GH Actions --- charts/managed-identity-wallet/ci/all-values.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/managed-identity-wallet/ci/all-values.yaml b/charts/managed-identity-wallet/ci/all-values.yaml index 9bd555e24..30d859f43 100644 --- a/charts/managed-identity-wallet/ci/all-values.yaml +++ b/charts/managed-identity-wallet/ci/all-values.yaml @@ -22,12 +22,12 @@ image: secrets: DB_USER_NAME: postgres - DB_PASSWORD: ci_test + DB_PASSWORD: pg_test_ci ENCRYPTION_KEY: d6aab34fb68e090c2789a9b1a67648d3 KEYCLOAK_CLIENT_ID: mit_ci_test envs: - DB_HOST: managed-identity-wallet-postgresql + DB_HOST: test-postgres MIW_HOST_NAME: miw.local KEYCLOAK_REALM: MIW AUTH_SERVER_URL: https://localhost/auth @@ -47,10 +47,11 @@ ingress: - miw.local postgresql: + fullnameOverride: test-postgres primary: initdb: password: pg_test_ci auth: - password: ci_test + password: pg_test_ci postgresPassword: pg_test_ci username: postgres From 11b84616bd6194ba2e96300be6f62fc43c6ce189 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 13 Jul 2023 00:14:21 +0200 Subject: [PATCH 055/116] chore(ci): update kind action version --- .github/workflows/chart-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index d815070ef..a7227c740 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -58,7 +58,7 @@ jobs: # Preparing a kind cluster to install and test charts on - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.7.0 if: steps.list-changed.outputs.changed == 'true' # install the chart to the kind cluster and run helm test From 8e57ed1073f36fa21c2acf7a6ce4e3b6e30602e9 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Thu, 13 Jul 2023 17:33:00 +0530 Subject: [PATCH 056/116] build.gradle --- gradle.properties | 8 +- .../config/security/SecurityConfig.java | 76 +++++++++---------- 2 files changed, 42 insertions(+), 42 deletions(-) diff --git a/gradle.properties b/gradle.properties index bf847a0a1..c6c447ec3 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,7 +1,7 @@ -springCloudVersion=2022.0.2 -testContainerVersion=1.18.0 -jacocoVersion=0.8.8 -springBootVersion=3.0.6 +springCloudVersion=2022.0.3 +testContainerVersion=1.18.3 +jacocoVersion=0.8.9 +springBootVersion=3.1.1 springDependencyVersion=1.1.0 groupName=org.eclipse.tractusx applicationVersion=0.0.1-SNAPSHOT diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java index a572b373c..d8db323a2 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java @@ -28,10 +28,12 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @@ -60,52 +62,50 @@ public class SecurityConfig { @Bean @ConditionalOnProperty(value = "miw.security.enabled", havingValue = "true", matchIfMissing = true) public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.cors().and() - .csrf().disable() - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - .authorizeHttpRequests() - .requestMatchers(new AntPathRequestMatcher("/")).permitAll() // forwards to swagger - .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll() - .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll() - .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll() - .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**")).hasRole(ApplicationRole.ROLE_MANAGE_APP) + http.cors(Customizer.withDefaults()) + .csrf(AbstractHttpConfigurer::disable) + .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests.requestMatchers(new AntPathRequestMatcher("/")).permitAll() // forwards to swagger + .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**")).hasRole(ApplicationRole.ROLE_MANAGE_APP) - //did document resolve APIs - .requestMatchers(new AntPathRequestMatcher(RestURI.DID_RESOLVE, GET.name())).permitAll() //Get did document - .requestMatchers(new AntPathRequestMatcher(RestURI.DID_DOCUMENTS, GET.name())).permitAll() //Get did document + //did document resolve APIs + .requestMatchers(new AntPathRequestMatcher(RestURI.DID_RESOLVE, GET.name())).permitAll() //Get did document + .requestMatchers(new AntPathRequestMatcher(RestURI.DID_DOCUMENTS, GET.name())).permitAll() //Get did document - //wallet APIS - .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, POST.name())).hasRole(ApplicationRole.ROLE_ADD_WALLETS) //Create wallet - .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS) //Get all wallet - .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get wallet by identifier - .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET) //Store credential + //wallet APIS + .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, POST.name())).hasRole(ApplicationRole.ROLE_ADD_WALLETS) //Create wallet + .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS) //Get all wallet + .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get wallet by identifier + .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET) //Store credential - //VP-Generation - .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //Create VP + //VP-Generation + .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //Create VP - //VP - Validation - .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //validate VP + //VP - Validation + .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //validate VP - //VC - Holder - .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get credentials - .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_UPDATE_WALLETS) //issue credentials - .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, DELETE.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET) //delete credentials + //VC - Holder + .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get credentials + .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_UPDATE_WALLETS) //issue credentials + .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, DELETE.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET) //delete credentials - //VC - validation - .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //validate credentials + //VC - validation + .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //validate credentials - //VC - Issuer - .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Lis of issuer VC - .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Issue VC - .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_MEMBERSHIP, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue Membership Credential - .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_DISMANTLER, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential - .requestMatchers(new AntPathRequestMatcher(RestURI.API_CREDENTIALS_ISSUER_FRAMEWORK, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential + //VC - Issuer + .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Lis of issuer VC + .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Issue VC + .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_MEMBERSHIP, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue Membership Credential + .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_DISMANTLER, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential + .requestMatchers(new AntPathRequestMatcher(RestURI.API_CREDENTIALS_ISSUER_FRAMEWORK, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential - //error - .requestMatchers(new AntPathRequestMatcher("/error")).permitAll() - .and().oauth2ResourceServer() - .jwt() - .jwtAuthenticationConverter(new CustomAuthenticationConverter(securityConfigProperties.clientId())); + //error + .requestMatchers(new AntPathRequestMatcher("/error")).permitAll() + ).oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwt -> + jwt.jwtAuthenticationConverter(new CustomAuthenticationConverter(securityConfigProperties.clientId())))); return http.build(); } From f30c4d80ec70db4387dbb41e06d867579a4bdde6 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Thu, 13 Jul 2023 17:34:00 +0530 Subject: [PATCH 057/116] fix: veracode issues: Spring boot and other lib version update --- build.gradle | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index d04d456e1..13d14fcfa 100644 --- a/build.gradle +++ b/build.gradle @@ -49,7 +49,11 @@ dependencies { implementation group: 'com.smartsensesolutions', name: 'commons-dao', version: '0.0.5' implementation 'org.liquibase:liquibase-core' implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.13' - testImplementation 'org.projectlombok:lombok:1.18.26' + + //Added explicitly to mitigate CVE 2022-1471 + implementation group: 'org.yaml', name: 'snakeyaml', version: '2.0' + + testImplementation 'org.projectlombok:lombok:1.18.28' runtimeOnly 'org.postgresql:postgresql' compileOnly 'org.projectlombok:lombok' developmentOnly 'org.springframework.boot:spring-boot-devtools' From 3c1d965f913b1da7f0f5d58c99e89ea36c58fffc Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Thu, 13 Jul 2023 18:29:36 +0530 Subject: [PATCH 058/116] feat: check expiry of VC while VP validate support added and test cases updated --- .../constant/StringPool.java | 1 + .../service/CommonService.java | 19 ++++++++++++ .../service/IssuersCredentialService.java | 17 +--------- .../service/PresentationService.java | 31 ++++++++----------- .../vp/PresentationTest.java | 3 ++ 5 files changed, 37 insertions(+), 34 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java index 37a4add04..d30d67700 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java @@ -36,6 +36,7 @@ public class StringPool { public static final String VALID = "valid"; public static final String VALIDATE_AUDIENCE = "validateAudience"; public static final String VALIDATE_EXPIRY_DATE = "validateExpiryDate"; + public static final String VALIDATE_JWT_EXPIRY_DATE = "validateJWTExpiryDate"; public static final String DID_DOCUMENT = "didDocument"; public static final String VEHICLE_DISMANTLE = "vehicleDismantle"; public static final String CREATED_AT = "createdAt"; diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java index e11928839..0a86cca0f 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java @@ -30,8 +30,12 @@ import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils; import org.eclipse.tractusx.managedidentitywallets.utils.Validate; import org.eclipse.tractusx.ssi.lib.exception.DidParseException; +import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential; import org.springframework.stereotype.Service; +import java.time.Instant; +import java.util.Map; + @Service @Slf4j @RequiredArgsConstructor @@ -61,4 +65,19 @@ public Wallet getWalletByIdentifier(String identifier) { return wallet; } + public static boolean validateExpiry(boolean withCredentialExpiryDate, VerifiableCredential verifiableCredential, Map response) { + //validate expiry date + boolean dateValidation = true; + if (withCredentialExpiryDate) { + Instant expirationDate = verifiableCredential.getExpirationDate(); + if (expirationDate.isBefore(Instant.now())) { + dateValidation = false; + response.put(StringPool.VALIDATE_EXPIRY_DATE, false); + } else { + response.put(StringPool.VALIDATE_EXPIRY_DATE, true); + } + } + return dateValidation; + } + } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index d7d4f45e6..a7ad80948 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -450,7 +450,7 @@ public Map credentialsValidation(Map data, boole Map response = new HashMap<>(); //check expiry - boolean dateValidation = validateExpiry(withCredentialExpiryDate, verifiableCredential, response); + boolean dateValidation = commonService.validateExpiry(withCredentialExpiryDate, verifiableCredential, response); response.put(StringPool.VALID, valid && dateValidation); response.put("vc", verifiableCredential); @@ -458,21 +458,6 @@ public Map credentialsValidation(Map data, boole return response; } - private static boolean validateExpiry(boolean withCredentialExpiryDate, VerifiableCredential verifiableCredential, Map response) { - //validate expiry date - boolean dateValidation = true; - if (withCredentialExpiryDate) { - Instant expirationDate = verifiableCredential.getExpirationDate(); - if (expirationDate.isBefore(Instant.now())) { - dateValidation = false; - response.put(StringPool.VALIDATE_EXPIRY_DATE, false); - } else { - response.put(StringPool.VALIDATE_EXPIRY_DATE, true); - } - } - return dateValidation; - } - private void validateAccess(String callerBpn, Wallet issuerWallet) { //validate BPN access, VC must be issued by base wallet diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java index 8643828bf..296b64fd0 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java @@ -184,10 +184,12 @@ public Map validatePresentation(Map vp, boolean //validate audience boolean validateAudience = validateAudience(audience, signedJWT); - //validate date - boolean validateExpiryDate = validateExpiryDate(withCredentialExpiryDate, signedJWT); + //validate jwt date + boolean validateJWTExpiryDate = validateJWTExpiryDate(signedJWT); + response.put(StringPool.VALIDATE_JWT_EXPIRY_DATE, validateJWTExpiryDate); boolean validCredential = true; + boolean validateExpiryDate = true; try { final ObjectMapper mapper = new ObjectMapper(); Map claims = mapper.readValue(signedJWT.getPayload().toBytes(), Map.class); @@ -197,6 +199,7 @@ public Map validatePresentation(Map vp, boolean VerifiablePresentation presentation = jsonLdSerializer.deserializePresentation(new SerializedVerifiablePresentation(vpClaim)); for (VerifiableCredential credential : presentation.getVerifiableCredentials()) { + validateExpiryDate = commonService.validateExpiry(withCredentialExpiryDate, credential, response); if (!validateCredential(credential)) { validCredential = false; } @@ -205,15 +208,12 @@ public Map validatePresentation(Map vp, boolean throw new BadDataException(String.format("Validation of VP in form of JSON-LD is not supported. Invalid Json-LD: %s", e.getMessage())); } - response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential)); + response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential && validateJWTExpiryDate)); if (StringUtils.hasText(audience)) { response.put(StringPool.VALIDATE_AUDIENCE, validateAudience); } - if (withCredentialExpiryDate) { - response.put(StringPool.VALIDATE_EXPIRY_DATE, validateExpiryDate); - } } else { throw new BadDataException("Validation of VP in form of JSON-LD is not supported"); @@ -237,19 +237,14 @@ private boolean validateSignature(SignedJWT signedJWT) { } } - private boolean validateExpiryDate(boolean withCredentialExpiryDate, SignedJWT signedJWT) { - if (withCredentialExpiryDate) { - try { - SignedJwtValidator jwtValidator = new SignedJwtValidator(); - jwtValidator.validateDate(signedJWT); - return true; - } catch (Exception e) { - log.error("Can not expiry date ", e); - return false; - } - - } else { + private boolean validateJWTExpiryDate(SignedJWT signedJWT) { + try { + SignedJwtValidator jwtValidator = new SignedJwtValidator(); + jwtValidator.validateDate(signedJWT); return true; + } catch (Exception e) { + log.error("Can not expiry date ", e); + return false; } } diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java index 0190cfbae..22b35b533 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java @@ -121,6 +121,7 @@ void validateVPAsJwt() throws JsonProcessingException, DidDocumentResolverNotReg Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_AUDIENCE)); Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_EXPIRY_DATE)); + Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_JWT_EXPIRY_DATE)); } } @@ -149,6 +150,7 @@ void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidatio Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_JWT_EXPIRY_DATE).toString())); } } @@ -176,6 +178,7 @@ void validateVPAsJwtWithValidAudienceAndDateValidation() throws JsonProcessingEx Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_JWT_EXPIRY_DATE).toString())); } } From 1431d8bc1b45d3d228d38168987001f6ec34411d Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Thu, 13 Jul 2023 16:39:34 +0200 Subject: [PATCH 059/116] updated dependencies and add dependabot config Signed-off-by: Dominik Pinsel --- .github/dependabot.yml | 21 +++++++++++++++ DEPENDENCIES | 58 ++++++++++++++++++++++++++++++++++++++++++ update_dependcies.sh | 31 ++++++++++++++++++++++ 3 files changed, 110 insertions(+) create mode 100644 .github/dependabot.yml create mode 100755 update_dependcies.sh diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..62eb40843 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,21 @@ +version: 2 +updates: + # maintain dependencies for GitHub actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monday" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "github_actions" + + # maintain dependencies for Gradle + - package-ecosystem: "gradle" # checks build.gradle(.kts) and settings.gradle(.kts) + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "java" \ No newline at end of file diff --git a/DEPENDENCIES b/DEPENDENCIES index dd313e40b..ab042bcdf 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -1,11 +1,16 @@ maven/mavencentral/ch.qos.logback/logback-classic/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3435 maven/mavencentral/ch.qos.logback/logback-core/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3373 +maven/mavencentral/com.apicatalog/titanium-json-ld/1.0.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.apicatalog/titanium-json-ld/1.1.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.danubetech/key-formats-java/1.2.0, Apache-2.0, approved, #3467 +maven/mavencentral/com.danubetech/verifiable-credentials-java/1.0.0, Apache-2.0, approved, #3465 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.10.3, Apache-2.0, approved, CQ21280 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.12.6, Apache-2.0, approved, CQ23844 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.2, Apache-2.0, approved, #5303 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.12.6, Apache-2.0, approved, CQ23845 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.2, Apache-2.0 AND MIT, approved, #4303 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.0, Apache-2.0, approved, CQ23093 +maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.1, Apache-2.0, approved, CQ23093 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.12.6.1, Apache-2.0, approved, CQ23725 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.2, Apache-2.0, approved, #4105 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.14.2, Apache-2.0, approved, #5933 @@ -13,8 +18,10 @@ maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.14.2, maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.2, Apache-2.0, approved, #4699 maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/2.14.2, Apache-2.0, approved, clearlydefined maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.12.6, Apache-2.0, approved, CQ23848 +maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.14.2, Apache-2.0, approved, #8371 maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/2.14.2, Apache-2.0, approved, #8162 maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.14.2, Apache-2.0, approved, #5938 +maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.14.2, Apache-2.0, approved, #7931 maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlydefined maven/mavencentral/com.github.dasniko/testcontainers-keycloak/2.5.0, Apache-2.0, approved, #9175 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.0, Apache-2.0, approved, clearlydefined @@ -24,30 +31,59 @@ maven/mavencentral/com.github.java-json-tools/btf/1.3, Apache-2.0 OR LGPL-3.0-or maven/mavencentral/com.github.java-json-tools/jackson-coreutils/2.0, , approved, #2719 maven/mavencentral/com.github.java-json-tools/json-patch/1.13, Apache-2.0 OR LGPL-3.0-or-later, approved, CQ23929 maven/mavencentral/com.github.java-json-tools/msg-simple/1.2, , approved, #2720 +maven/mavencentral/com.github.jnr/jffi/1.2.9, Apache-2.0, approved, CQ9095 +maven/mavencentral/com.github.jnr/jnr-ffi/2.0.5, Apache-2.0, approved, CQ12035 +maven/mavencentral/com.github.jnr/jnr-x86asm/1.0.2, MIT, approved, CQ9094 +maven/mavencentral/com.github.multiformats/java-multibase/v1.1.0, MIT AND BSD-3-Clause AND EPL-1.0 AND Apache-2.0, approved, #4095 maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949 +maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, Apache-2.0, approved, #20 +maven/mavencentral/com.google.code.gson/gson/2.10.1, Apache-2.0, approved, #6159 +maven/mavencentral/com.google.crypto.tink/tink/1.9.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.google.errorprone/error_prone_annotations/2.18.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.google.errorprone/error_prone_annotations/2.5.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.google.guava/failureaccess/1.0.1, Apache-2.0, approved, CQ22654 +maven/mavencentral/com.google.guava/guava/28.2-android, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ22437 +maven/mavencentral/com.google.guava/guava/29.0-android, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.google.guava/guava/30.1.1-android, Apache-2.0 AND CC0-1.0 AND LicenseRef-Public-Domain, approved, CQ23244 +maven/mavencentral/com.google.guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava, Apache-2.0, approved, CQ22657 +maven/mavencentral/com.google.http-client/google-http-client/1.43.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.google.j2objc/j2objc-annotations/1.3, Apache-2.0, approved, CQ21195 +maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/com.google.protobuf/protobuf-java/3.6.1, BSD-3-Clause, approved, clearlydefined maven/mavencentral/com.ibm.async/asyncutil/0.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.jayway.jsonpath/json-path/2.7.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.24.4, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.9, Apache-2.0, approved, clearlydefined maven/mavencentral/com.opencsv/opencsv/5.7.1, Apache-2.0, approved, clearlydefined maven/mavencentral/com.smartsensesolutions/commons-dao/0.0.5, Apache-2.0, approved, #9176 +maven/mavencentral/com.squareup.okhttp3/okhttp/3.12.8, Apache-2.0, approved, CQ19549 +maven/mavencentral/com.squareup.okio/okio-jvm/3.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.sun.activation/jakarta.activation/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.1, BSD-3-Clause, approved, #2590 maven/mavencentral/com.sun.mail/jakarta.mail/1.6.5, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, ee4j.mail maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310 maven/mavencentral/com.zaxxer/HikariCP/5.0.1, Apache-2.0, approved, clearlydefined maven/mavencentral/commons-codec/commons-codec/1.11, Apache-2.0 AND BSD-3-Clause, approved, CQ15971 +maven/mavencentral/commons-codec/commons-codec/1.14, Apache-2.0, approved, clearlydefined maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641 maven/mavencentral/commons-fileupload/commons-fileupload/1.4, Apache-2.0, approved, clearlydefined maven/mavencentral/commons-io/commons-io/2.4, Apache-1.1, approved, CQ9218 maven/mavencentral/commons-io/commons-io/2.9.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/decentralized-identity/jsonld-common-java/1.0.0, Apache-2.0, approved, #3108 +maven/mavencentral/info.weboftrust/ld-signatures-java/1.0.0, Apache-2.0, approved, #3463 +maven/mavencentral/io.github.erdtman/java-json-canonicalization/1.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.github.openfeign.form/feign-form-spring/3.8.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.github.openfeign.form/feign-form/3.8.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.github.openfeign/feign-core/12.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.github.openfeign/feign-slf4j/12.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.grpc/grpc-context/1.27.2, Apache-2.0, approved, clearlydefined maven/mavencentral/io.micrometer/micrometer-commons/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #7333 maven/mavencentral/io.micrometer/micrometer-core/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #6977 maven/mavencentral/io.micrometer/micrometer-observation/1.10.6, Apache-2.0, approved, #7331 +maven/mavencentral/io.opencensus/opencensus-api/0.31.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.opencensus/opencensus-contrib-http-util/0.31.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.quarkus/quarkus-junit4-mock/2.13.7.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.setl/rdf-urdna/1.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.smallrye.common/smallrye-common-annotation/1.6.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.smallrye.common/smallrye-common-classloader/1.6.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.smallrye.common/smallrye-common-constraint/1.6.0, Apache-2.0, approved, clearlydefined @@ -75,20 +111,25 @@ maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, ap maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/javax.activation/javax.activation-api/1.2.0, (CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ18740 maven/mavencentral/javax.xml.bind/jaxb-api/2.3.1, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16911 +maven/mavencentral/joda-time/joda-time/2.12.5, Apache-2.0, approved, clearlydefined maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.12.16, Apache-2.0, approved, #1810 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.10, Apache-2.0 AND BSD-3-Clause, approved, #1811 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.16, Apache-2.0 AND BSD-3-Clause, approved, #1811 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.18, Apache-2.0 AND BSD-3-Clause, approved, #1811 +maven/mavencentral/net.i2p.crypto/eddsa/0.3.0, CC0-1.0, approved, CQ22537 maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217 +maven/mavencentral/net.jcip/jcip-annotations/1.0, CC-BY-2.5, approved, clearlydefined maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515 maven/mavencentral/net.minidev/json-smart/2.4.7, Apache-2.0, approved, #3288 +maven/mavencentral/org.abstractj.kalium/kalium/0.8.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.antlr/antlr4-runtime/4.10.1, BSD-3-Clause AND LicenseRef-Public-domain AND MIT AND LicenseRef-Unicode-TOU, approved, #7065 maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-compress/1.22, Apache-2.0 AND BSD-3-Clause, approved, #4299 maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-text/1.10.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 +maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528 maven/mavencentral/org.apache.james/apache-mime4j-core/0.8.3, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.james/apache-mime4j-dom/0.8.3, Apache-2.0, approved, #2340 @@ -101,14 +142,19 @@ maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.8, Apache maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, EPL-1.0, approved, tools.aspectj maven/mavencentral/org.assertj/assertj-core/3.23.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.bitcoinj/bitcoinj-core/0.15.10, Apache-2.0, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.69, MIT, approved, clearlydefined +maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 +maven/mavencentral/org.bouncycastle/bcprov-jdk15to18/1.68, MIT, approved, #3464 maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.69, MIT, approved, clearlydefined +maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.5.0, MIT, approved, clearlydefined maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.2, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/2.3.3-b02, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/3.0.2, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/org.glassfish.jaxb/txw2/4.0.2, BSD-3-Clause, approved, ee4j.jaxb +maven/mavencentral/org.glassfish/jakarta.json/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429 maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192 @@ -136,6 +182,13 @@ maven/mavencentral/org.jboss.spec.javax.annotation/jboss-annotations-api_1.3_spe maven/mavencentral/org.jboss.spec.javax.ws.rs/jboss-jaxrs-api_2.1_spec/2.0.1.Final, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0), approved, #2124 maven/mavencentral/org.jboss.spec.javax.xml.bind/jboss-jaxb-api_2.3_spec/2.0.0.Final, BSD-3-Clause, approved, #2122 maven/mavencentral/org.jboss/jandex/2.4.2.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.5.31, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.7.22, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.7.22, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.5.31, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.6.20, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.7.22, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.json/json/20230227, LicenseRef-Public-domain, approved, #9174 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.1, EPL-2.0, approved, #3133 @@ -155,9 +208,14 @@ maven/mavencentral/org.mockito/mockito-inline/5.2.0, MIT, approved, clearlydefin maven/mavencentral/org.mockito/mockito-junit-jupiter/4.8.1, MIT, approved, clearlydefined maven/mavencentral/org.objenesis/objenesis/3.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm-analysis/5.0.3, BSD-2-Clause, approved, CQ9714 maven/mavencentral/org.ow2.asm/asm-analysis/9.2, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm-commons/5.0.3, BSD-2-Clause, approved, CQ9714 maven/mavencentral/org.ow2.asm/asm-commons/9.2, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm-tree/5.0.3, BSD-2-Clause, approved, CQ9714 maven/mavencentral/org.ow2.asm/asm-tree/9.2, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm-util/5.0.3, BSD-2-Clause, approved, CQ9714 +maven/mavencentral/org.ow2.asm/asm/5.0.3, BSD-2-Clause, approved, CQ9714 maven/mavencentral/org.ow2.asm/asm/9.1, BSD-3-Clause, approved, CQ23029 maven/mavencentral/org.ow2.asm/asm/9.2, BSD-3-Clause, approved, CQ23635 maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, clearlydefined diff --git a/update_dependcies.sh b/update_dependcies.sh new file mode 100755 index 000000000..0a307d1ed --- /dev/null +++ b/update_dependcies.sh @@ -0,0 +1,31 @@ +# +# /******************************************************************************** +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ +# + +#!/bin/bash + +# download the latest version of the Eclipse Dash License tool +curl --output org.eclipse.dash.licenses.jar \ + https://repo.eclipse.org/service/local/repositories/dash-licenses-snapshots/content/org/eclipse/dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/org.eclipse.dash.licenses-1.0.3-20230713.055020-51.jar + +# update DEPENDENCIES file +./gradlew dependencies | grep -Poh "(?<=\s)[\w\.-]+:[\w\.-]+:[^:\s]+" | grep -v "^org\.eclipse" | sort | uniq \ + | java -jar org.eclipse.dash.licenses.jar -summary DEPENDENCIES - \ + | grep restricted From 5b7b6b484f83462469b71dc931ff9291492b7f7b Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 13 Jul 2023 22:21:47 +0200 Subject: [PATCH 060/116] feat(helm): update chart description and add homepage link and keywords --- charts/managed-identity-wallet/Chart.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 5c5c878de..45253f4c0 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -19,13 +19,19 @@ apiVersion: v2 name: managed-identity-wallet -description: Managed Identity Wallets Service +description: | + The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using did:web. type: application version: 1.0.1-rc1 appVersion: 0.0.1-SNAPSHOT.b75ebaf +home: https://eclipse-tractusx.github.io +keywords: + - Managed Identity Wallet + - eclipse-tractusx + dependencies: - name: postgresql version: 11.9.13 From a96ca4c6ace3c47f051007b8ae7b04c2b670adf1 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 13 Jul 2023 22:22:21 +0200 Subject: [PATCH 061/116] feat(helm): add Helm chart Readme template for helm-docs --- .../managed-identity-wallet/README.md.gotmpl | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 charts/managed-identity-wallet/README.md.gotmpl diff --git a/charts/managed-identity-wallet/README.md.gotmpl b/charts/managed-identity-wallet/README.md.gotmpl new file mode 100644 index 000000000..4840b363a --- /dev/null +++ b/charts/managed-identity-wallet/README.md.gotmpl @@ -0,0 +1,48 @@ +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +## Get Repo Info + + helm repo add my-miw https://pmoscode-helm.github.io/miw/ + helm repo update + +## Install chart + + helm install [RELEASE_NAME] my-miw/miw + +The command deploys miw on the Kubernetes cluster in the default configuration. + +See configuration below. + +See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation. + +## Uninstall Chart + + helm uninstall [RELEASE_NAME] + +This removes all the Kubernetes components associated with the chart and deletes the release. + +See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation. + +## Upgrading Chart + + helm upgrade [RELEASE_NAME] [CHART] + +See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation. + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesHeader" . }} + +{{ template "chart.valuesTable" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "helm-docs.versionFooter" . }} From 74e8bf9cfa60d035f2baf4fafe3e3b972e2e485f Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 13 Jul 2023 22:22:54 +0200 Subject: [PATCH 062/116] feat(helm): update README.md by using current helm-docs template --- charts/managed-identity-wallet/README.md | 33 +++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 593a404ef..f26e33d40 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -2,7 +2,38 @@ ![Version: 1.0.1-rc1](https://img.shields.io/badge/Version-1.0.1--rc1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-SNAPSHOT.b75ebaf](https://img.shields.io/badge/AppVersion-0.0.1--SNAPSHOT.b75ebaf-informational?style=flat-square) -Managed Identity Wallets Service +The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using did:web. + +**Homepage:** + +## Get Repo Info + + helm repo add my-miw https://pmoscode-helm.github.io/miw/ + helm repo update + +## Install chart + + helm install [RELEASE_NAME] my-miw/miw + +The command deploys miw on the Kubernetes cluster in the default configuration. + +See configuration below. + +See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation. + +## Uninstall Chart + + helm uninstall [RELEASE_NAME] + +This removes all the Kubernetes components associated with the chart and deletes the release. + +See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation. + +## Upgrading Chart + + helm upgrade [RELEASE_NAME] [CHART] + +See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation. ## Requirements From 7908741e3a765bc68e9c955dfccc58e4b3f72da2 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 12:00:52 +0530 Subject: [PATCH 063/116] fix: veracode log realted issue fix --- .../config/ApplicationConfig.java | 3 ++- .../service/CommonService.java | 3 ++- .../service/HoldersCredentialService.java | 5 +++-- .../service/IssuersCredentialService.java | 17 +++++++++-------- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java index 6f53eb811..3cc57dcda 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java @@ -28,6 +28,7 @@ import com.smartsensesolutions.java.commons.specification.SpecificationUtil; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.springdoc.core.properties.SwaggerUiConfigProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -67,7 +68,7 @@ public SpecificationUtil specificationUtil() { @Override public void addViewControllers(ViewControllerRegistry registry) { String redirectUri = properties.getPath(); - log.info("Set landing page to path {}", redirectUri); + log.info("Set landing page to path {}", StringEscapeUtils.escapeJava(redirectUri)); registry.addRedirectViewController("/", redirectUri); } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java index e11928839..0d643468c 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java @@ -23,6 +23,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository; @@ -53,7 +54,7 @@ public Wallet getWalletByIdentifier(String identifier) { try { wallet = walletRepository.getByDid(identifier); } catch (DidParseException e) { - log.error("Error while parsing did {}", identifier, e); + log.error("Error while parsing did {}", StringEscapeUtils.escapeJava(identifier), e); throw new WalletNotFoundProblem("Error while parsing did " + identifier); } } diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java index 664cff8dc..3944bd6e9 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java @@ -31,6 +31,7 @@ import com.smartsensesolutions.java.commons.specification.SpecificationUtil; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential; import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet; @@ -164,7 +165,7 @@ public VerifiableCredential issueCredential(Map data, String cal //Store Credential in holder table credential = create(credential); - log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), callerBpn); + log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(callerBpn)); // Return VC return credential.getData(); } @@ -185,7 +186,7 @@ public void deleteCredential(String credentialId, String bpnFromToken) { //remove credential holdersCredentialRepository.deleteByCredentialId(credentialId); - log.debug("VC deleted with id ->{} of bpn ->{}", credentialId, holderWallet.getBpn()); + log.debug("VC deleted with id ->{} of bpn ->{}", StringEscapeUtils.escapeJava(credentialId), StringEscapeUtils.escapeJava(holderWallet.getBpn())); } private void isCredentialExistWithId(String holderDid, String credentialId) { diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index d7d4f45e6..234ade832 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -30,6 +30,7 @@ import com.smartsensesolutions.java.commons.sort.SortType; import com.smartsensesolutions.java.commons.specification.SpecificationUtil; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings; import org.eclipse.tractusx.managedidentitywallets.constant.MIWVerifiableCredentialType; import org.eclipse.tractusx.managedidentitywallets.constant.StringPool; @@ -207,7 +208,7 @@ public VerifiableCredential issueBpnCredential(Wallet baseWallet, Wallet holderW //update summery VC updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.BPN_CREDENTIAL); - log.debug("BPN credential issued for bpn -{}", holderWallet.getBpn()); + log.debug("BPN credential issued for bpn -{}", StringEscapeUtils.escapeJava(holderWallet.getBpn())); return issuersCredential.getData(); } @@ -256,7 +257,7 @@ public VerifiableCredential issueFrameworkCredential(IssueFrameworkCredentialReq //update summery cred updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), request.getType()); - log.debug("Framework VC of type ->{} issued to bpn ->{}", request.getType(), holderWallet.getBpn()); + log.debug("Framework VC of type ->{} issued to bpn ->{}", StringEscapeUtils.escapeJava(request.getType()), StringEscapeUtils.escapeJava(holderWallet.getBpn())); // Return VC return issuersCredential.getData(); @@ -307,7 +308,7 @@ public VerifiableCredential issueDismantlerCredential(IssueDismantlerCredentialR //update summery VC updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.DISMANTLER_CREDENTIAL); - log.debug("Dismantler VC issued to bpn -> {}", request.getBpn()); + log.debug("Dismantler VC issued to bpn -> {}", StringEscapeUtils.escapeJava(request.getBpn())); // Return VC return issuersCredential.getData(); @@ -361,7 +362,7 @@ public VerifiableCredential issueMembershipCredential(IssueMembershipCredentialR //update summery VC updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), VerifiableCredentialType.MEMBERSHIP_CREDENTIAL); - log.debug("Membership VC issued to bpn ->{}", issueMembershipCredentialRequest.getBpn()); + log.debug("Membership VC issued to bpn ->{}", StringEscapeUtils.escapeJava(issueMembershipCredentialRequest.getBpn())); // Return VC return issuersCredential.getData(); @@ -410,7 +411,7 @@ public VerifiableCredential issueCredentialUsingBaseWallet(String holderDid, Map IssuersCredential issuersCredential = IssuersCredential.of(holdersCredential); issuersCredential = create(issuersCredential); - log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), holderWallet.getBpn()); + log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(holderWallet.getBpn())); // Return VC return issuersCredential.getData(); @@ -528,12 +529,12 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu } else { items = List.of(type); } - log.debug("Issuing summary VC with items ->{}", items); + log.debug("Issuing summary VC with items ->{}", StringEscapeUtils.escapeJava(items.toString())); //get summery VC of holder List vcs = holdersCredentialRepository.getByHolderDidAndIssuerDidAndTypeAndStored(holderDid, issuerDid, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, false); //deleted only not stored VC if (CollectionUtils.isEmpty(vcs)) { - log.debug("No summery VC found for did ->{}, checking in issuer", holderDid); + log.debug("No summery VC found for did ->{}, checking in issuer", StringEscapeUtils.escapeJava(holderDid)); } else { //delete old summery VC from holder table, delete only not stored VC holdersCredentialRepository.deleteAll(vcs); @@ -561,7 +562,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu //Store Credential in issuers table issuersCredentialRepository.save(IssuersCredential.of(holdersCredential)); - log.info("Summery VC updated for holder did -> {}", holderDid); + log.info("Summery VC updated for holder did -> {}", StringEscapeUtils.escapeJava(holderDid)); } private Page getLastIssuedSummaryCredential(String issuerDid, String holderDid) { From 69cd4d83470faa2615b6128f416ea4f3a601f21e Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 12:45:13 +0530 Subject: [PATCH 064/116] fix: veracode log issue --- .../managedidentitywallets/service/WalletService.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java index 8a59b231b..d073c781e 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java @@ -31,6 +31,7 @@ import lombok.RequiredArgsConstructor; import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.text.StringEscapeUtils; import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemWriter; import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings; @@ -233,7 +234,7 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority) { }); didDocument.put("@context", mutableContext); didDocument = DidDocument.fromJson(didDocument.toJson()); - log.debug("did document created for bpn ->{}", request.getBpn()); + log.debug("did document created for bpn ->{}", StringEscapeUtils.escapeJava(request.getBpn())); //Save wallet Wallet wallet = create(Wallet.builder() @@ -253,7 +254,7 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority) { .privateKey(encryptionUtils.encrypt(getPrivateKeyString(keyPair.getPrivateKey().asByte()))) .publicKey(encryptionUtils.encrypt(getPublicKeyString(keyPair.getPublicKey().asByte()))) .build()); - log.debug("Wallet created for bpn ->{}", request.getBpn()); + log.debug("Wallet created for bpn ->{}", StringEscapeUtils.escapeJava(request.getBpn())); Wallet issuerWallet = walletRepository.getByBpn(miwSettings.authorityWalletBpn()); @@ -275,9 +276,9 @@ public void createAuthorityWallet() { .bpn(miwSettings.authorityWalletBpn()) .build(); createWallet(request, true); - log.info("Authority wallet created with bpn {}", miwSettings.authorityWalletBpn()); + log.info("Authority wallet created with bpn {}", StringEscapeUtils.escapeJava(miwSettings.authorityWalletBpn())); } else { - log.info("Authority wallet exists with bpn {}", miwSettings.authorityWalletBpn()); + log.info("Authority wallet exists with bpn {}", StringEscapeUtils.escapeJava(miwSettings.authorityWalletBpn())); } } From 1a9b51ea8ef256b2b8275e7361fd54a0c2d09d90 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 13:15:46 +0530 Subject: [PATCH 065/116] fix: test cases --- .../managedidentitywallets/utils/AuthenticationUtils.java | 1 - .../managedidentitywallets/vp/PresentationTest.java | 7 ++++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java index 2d0a98200..dd99e720d 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java @@ -85,7 +85,6 @@ private static String getJwtToken(String username, String bpn) { List list = List.of("BPN", "bpn", "bPn"); //Do not add more field here, if you do make sure you change in keycloak realm file Random randomizer = new Random(); String attributeName = list.get(randomizer.nextInt(list.size())); - System.out.println("attributeName---------------------->" + attributeName); Keycloak keycloak = KeycloakBuilder.builder() .serverUrl(TestContextInitializer.getAuthServerUrl()) diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java index c013bbe66..4d5df7ca9 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationTest.java @@ -109,7 +109,8 @@ void validateVPAsJwt() throws JsonProcessingException { Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_AUDIENCE)); Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_EXPIRY_DATE)); - Assertions.assertFalse(map.containsKey(StringPool.VALIDATE_JWT_EXPIRY_DATE)); + Assertions.assertTrue(map.containsKey(StringPool.VALIDATE_JWT_EXPIRY_DATE)); + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_JWT_EXPIRY_DATE).toString())); } @Test @@ -135,9 +136,9 @@ void validateVPAsJwtWithInvalidSignatureAndInValidAudienceAndExpiryDateValidatio Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALID).toString())); Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_AUDIENCE).toString())); - Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + Assertions.assertTrue(Boolean.parseBoolean(map.get(StringPool.VALIDATE_EXPIRY_DATE).toString())); + Assertions.assertTrue(map.containsKey(StringPool.VALIDATE_JWT_EXPIRY_DATE)); Assertions.assertFalse(Boolean.parseBoolean(map.get(StringPool.VALIDATE_JWT_EXPIRY_DATE).toString())); - } } From 6e130f64f6bd9f4829d1bb531aeca7e025db936b Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 14 Jul 2023 10:25:07 +0200 Subject: [PATCH 066/116] chore(ci): delete unneeded GH Action Delete a GH Action, which was part of the old MIW implementation. Now, it is not needed anymore. --- .github/workflows/initdb.yml | 62 ------------------------------------ 1 file changed, 62 deletions(-) delete mode 100644 .github/workflows/initdb.yml diff --git a/.github/workflows/initdb.yml b/.github/workflows/initdb.yml deleted file mode 100644 index e12cc9334..000000000 --- a/.github/workflows/initdb.yml +++ /dev/null @@ -1,62 +0,0 @@ -name: MIW Init DB - -on: - push: - paths: - # this workflow file - - '.github/workflows/initdb.yml' - # Docker files - - 'docker/Dockerfile.import' - # sqls - - 'initdb/**' - branches: - - main - workflow_dispatch: - -jobs: - build: - # name of the job starts with a "run-level" subordinate to the workflow such that we can - # depend on them in order to implement workflow dependencies - name: miw-initdb image built - runs-on: ubuntu-latest - # rely on the first job - env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}_initdb - - steps: - # Get the latest sources - - name: Checkout - uses: actions/checkout@v3 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: madhead/read-java-properties@latest - id: version - with: - file: gradle.properties - property: version - default: 0.0.1 - - - name: Set App Version - run: echo "APP_VERSION=${{ steps.version.outputs.value }}" >> $GITHUB_ENV - - - name: Extract Metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v3 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: 'Build and push initdb Docker image' - uses: docker/build-push-action@v2 - with: - context: . - file: docker/Dockerfile.import - push: true - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file From af214cd80cc30f9cd0e0d0b40748ca0fdaf5b1df Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 14 Jul 2023 10:50:19 +0200 Subject: [PATCH 067/116] feat(ci): update KICS.yaml to fit current application --- .github/workflows/kics.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index 43a397671..666784aa9 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -20,13 +20,14 @@ name: "KICS" on: push: - branches: [main, master, develop] - # pull_request: + branches: [main, development] + pull_request: # The branches below must be a subset of the branches above - # branches: [main, master] - # paths-ignore: - # - "**/*.md" - # - "**/*.txt" + branches: [main, development] + paths: + - "charts/managed-identity-wallet/**" + - "dev-assets/docker-environment/**" + - "docs/**" schedule: - cron: "0 0 * * *" @@ -43,10 +44,10 @@ jobs: - uses: actions/checkout@v3 - name: KICS scan - uses: checkmarx/kics-github-action@master + uses: checkmarx/kics-github-action@v1.7.0 with: # Scanning directory . - path: "." + path: "charts/managed-identity-wallet,dev-assets/docker-environment,docs" # Fail on HIGH severity results fail_on: high # Disable secrets detection - we use GitGuardian @@ -63,7 +64,6 @@ jobs: # GITHUB_TOKEN enables this github action to access github API and post comments in a pull request # token: ${{ secrets.GITHUB_TOKEN }} # enable_comments: true - exclude_paths: "docs/openapi_v330.json" # Upload findings to GitHub Advanced Security Dashboard - name: Upload SARIF file for GitHub Advanced Security Dashboard From fab2f1075b339933152c78ac09ec43bc2a284c71 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 14 Jul 2023 10:52:31 +0200 Subject: [PATCH 068/116] feat(ci): remove manual trigger from veracode.yaml --- .github/workflows/veracode.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index d3fae3698..206318ddd 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -22,7 +22,7 @@ on: schedule: # Once a day - cron: "0 0 * * *" - workflow_dispatch: + # workflow_dispatch: # Trigger manually jobs: @@ -73,4 +73,3 @@ jobs: filepath: 'build/libs/miw-latest.jar' # add filepath for upload vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret vkey: '${{ secrets.ORG_VERACODE_API_KEY }}' #reference to API Key in github, which is set as github or. secret - #include: 'build/libs/miw-latest.jar' From ee2f54884289ad308c87b7e93b5be0c739ed55bd Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 14 Jul 2023 11:04:14 +0200 Subject: [PATCH 069/116] feat(ci): adjust trivy GH Action - Adjust trigger branches - Use fixed version of Trivy action - Comment out broken config for now. Will be reactivated when moved to new repo. --- .github/workflows/trivy.yml | 140 ++++++++++++++++++------------------ 1 file changed, 70 insertions(+), 70 deletions(-) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index f4c19c311..620009aee 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -23,7 +23,7 @@ name: "Trivy" on: push: - branches: [main, develop] + branches: [main, development] # pull_request: # The branches below must be a subset of the branches above # branches: [ main, develop ] @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.11.2 with: scan-type: "config" # ignore-unfixed: true @@ -64,71 +64,71 @@ jobs: if: always() with: sarif_file: "trivy-results1.sarif" - - analyze-managed-identity-wallets-service: - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' - permissions: - actions: read - contents: read - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # It's also possible to scan your private registry with Trivy's built-in image scan. - # All you have to do is set ENV vars. - # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. - # You don't need to set ENV vars when downloading from a public repository. - # For public images, no ENV vars must be set. - - name: Run Trivy vulnerability scanner - if: always() - uses: aquasecurity/trivy-action@master - with: - # Path to Docker image - image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest" - format: "sarif" - output: "trivy-results3.sarif" - exit-code: "1" - severity: "CRITICAL,HIGH" - - - name: Upload Trivy scan results to GitHub Security tab - if: always() - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results3.sarif" - - analyze-managed-identity-wallets-service-develop: - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/develop' - permissions: - actions: read - contents: read - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # It's also possible to scan your private registry with Trivy's built-in image scan. - # All you have to do is set ENV vars. - # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. - # You don't need to set ENV vars when downloading from a public repository. - # For public images, no ENV vars must be set. - - name: Run Trivy vulnerability scanner - if: always() - uses: aquasecurity/trivy-action@master - with: - # Path to Docker image - image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest-develop" - format: "sarif" - output: "trivy-results3.sarif" - exit-code: "1" - severity: "CRITICAL,HIGH" - - - name: Upload Trivy scan results to GitHub Security tab - if: always() - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: "trivy-results3.sarif" +# +# analyze-managed-identity-wallet-service: +# runs-on: ubuntu-latest +# if: github.ref == 'refs/heads/main' +# permissions: +# actions: read +# contents: read +# security-events: write +# +# steps: +# - name: Checkout repository +# uses: actions/checkout@v3 +# +# # It's also possible to scan your private registry with Trivy's built-in image scan. +# # All you have to do is set ENV vars. +# # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. +# # You don't need to set ENV vars when downloading from a public repository. +# # For public images, no ENV vars must be set. +# - name: Run Trivy vulnerability scanner +# if: always() +# uses: aquasecurity/trivy-action@0.11.2 +# with: +# # Path to Docker image +# image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest" +# format: "sarif" +# output: "trivy-results3.sarif" +# exit-code: "1" +# severity: "CRITICAL,HIGH" +# +# - name: Upload Trivy scan results to GitHub Security tab +# if: always() +# uses: github/codeql-action/upload-sarif@v2 +# with: +# sarif_file: "trivy-results3.sarif" +# +# analyze-managed-identity-wallet-service-development: +# runs-on: ubuntu-latest +# if: github.ref == 'refs/heads/development' +# permissions: +# actions: read +# contents: read +# security-events: write +# +# steps: +# - name: Checkout repository +# uses: actions/checkout@v3 +# +# # It's also possible to scan your private registry with Trivy's built-in image scan. +# # All you have to do is set ENV vars. +# # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. +# # You don't need to set ENV vars when downloading from a public repository. +# # For public images, no ENV vars must be set. +# - name: Run Trivy vulnerability scanner +# if: always() +# uses: aquasecurity/trivy-action@0.11.2 +# with: +# # Path to Docker image +# image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest-develop" +# format: "sarif" +# output: "trivy-results3.sarif" +# exit-code: "1" +# severity: "CRITICAL,HIGH" +# +# - name: Upload Trivy scan results to GitHub Security tab +# if: always() +# uses: github/codeql-action/upload-sarif@v2 +# with: +# sarif_file: "trivy-results3.sarif" From dd85726078ba5c811ab35b2bcf0993bd63671790 Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Fri, 14 Jul 2023 15:40:18 +0530 Subject: [PATCH 070/116] feat: added administrator documentation --- README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/README.md b/README.md index c5b8b96a9..71d5d0d5a 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,72 @@ Following tools the MIW development team used successfully: | Database | DBeaver | https://dbeaver.io/ | | IAM | Keycloak | https://www.keycloak.org/ | | +# Administrator Documentation + +## Manual Keycloak Configuration + +Within the development setup the Keycloak is initially prepared with the +values in `./dev-assets/docker-environment/keycloak`. The realm could also be +manually added and configured at http://localhost:8080 via the "Add realm" +button. It can be for example named `localkeycloak`. Also add an additional client, +e.g. named `ManagedIdentityWallets` with *valid redirect url* set to +`http://localhost:8080/*`. The roles +* add_wallets +* view_wallets +* update_wallets +* delete_wallets +* view_wallet +* update_wallet + can be added under *Clients > ManagedIdentityWallets > Roles* and then + assigned to the client using *Clients > ManagedIdentityWallets > Client Scopes* + *> Service Account Roles > Client Roles > ManagedIdentityWallets*. The + available scopes/roles are: + +1. Role `add_wallets` to create a new wallet + +2. Role `view_wallets`: + * to get a list of all wallets + * to retrieve one wallet by its identifier + * to validate a Verifiable Credential + * to validate a Verifiable Presentation + * to get all stored Verifiable Credentials + +3. Role `update_wallets` for the following actions: + * to store Verifiable Credential + * to issue a Verifiable Credential + * to issue a Verifiable Presentation + +4. Role `update_wallet`: + * to remove a Verifiable Credential + * to store a Verifiable Credential + * to issue a Verifiable Credential + * to issue a Verifiable Presentation + +5. Role `view_wallet` requires the BPN of Caller and it can be used: + * to get the Wallet of the related BPN + * to get stored Verifiable Credentials of the related BPN + * to validate any Verifiable Credential + * to validate any Verifiable Presentation + +Additionally a Token mapper can to be created under *Clients* > +*ManagedIdentityWallets* > *Mappers* > *create* with the following +configuration (using as example `BPNL000000001`): + +| Key | Value | +|---------------------|---------------------------| +| Name | StaticBPN | +| Mapper Type | Hardcoded claim | +| Token Claim Name | BPN | +| Claim value | BPNL000000001 | +| Claim JSON Type | String | +| Add to ID token | OFF | +| Add to access token | ON | +| Add to userinfo | OFF | +| includeInAccessTokenResponse.label | ON | + +If you receive an error message, that the client secret is not valid, please go into +keycloak admin and within *Clients > Credentials* recreate the secret. + ## Development Setup ### Prerequisites From 6b46ab23e7f39fdd28a652a4e449b81390523f61 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 15:52:30 +0530 Subject: [PATCH 071/116] docs: manage_app role added in keycloak doc --- README.md | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 71d5d0d5a..81ba1801b 100644 --- a/README.md +++ b/README.md @@ -31,18 +31,22 @@ Within the development setup the Keycloak is initially prepared with the values in `./dev-assets/docker-environment/keycloak`. The realm could also be manually added and configured at http://localhost:8080 via the "Add realm" button. It can be for example named `localkeycloak`. Also add an additional client, -e.g. named `ManagedIdentityWallets` with *valid redirect url* set to +e.g. named `miw_private_client` with *valid redirect url* set to `http://localhost:8080/*`. The roles + * add_wallets * view_wallets * update_wallets * delete_wallets * view_wallet * update_wallet - can be added under *Clients > ManagedIdentityWallets > Roles* and then - assigned to the client using *Clients > ManagedIdentityWallets > Client Scopes* - *> Service Account Roles > Client Roles > ManagedIdentityWallets*. The - available scopes/roles are: +* manage_app + +Roles can be added under *Clients > miw_private_client > Roles* and then +assigned to the client using *Clients > miw_private_client > Client Scopes* +*> Service Account Roles > Client Roles > miw_private_client*. + +The available scopes/roles are: 1. Role `add_wallets` to create a new wallet @@ -59,32 +63,34 @@ e.g. named `ManagedIdentityWallets` with *valid redirect url* set to * to issue a Verifiable Presentation 4. Role `update_wallet`: - * to remove a Verifiable Credential - * to store a Verifiable Credential - * to issue a Verifiable Credential - * to issue a Verifiable Presentation - + * to remove a Verifiable Credential + * to store a Verifiable Credential + * to issue a Verifiable Credential + * to issue a Verifiable Presentation + 5. Role `view_wallet` requires the BPN of Caller and it can be used: * to get the Wallet of the related BPN * to get stored Verifiable Credentials of the related BPN * to validate any Verifiable Credential * to validate any Verifiable Presentation +6. Role `manage_app` used to change log level of application at runtime. Check Logging in application section for more + details Additionally a Token mapper can to be created under *Clients* > *ManagedIdentityWallets* > *Mappers* > *create* with the following configuration (using as example `BPNL000000001`): -| Key | Value | -|---------------------|---------------------------| -| Name | StaticBPN | -| Mapper Type | Hardcoded claim | -| Token Claim Name | BPN | -| Claim value | BPNL000000001 | -| Claim JSON Type | String | -| Add to ID token | OFF | -| Add to access token | ON | -| Add to userinfo | OFF | -| includeInAccessTokenResponse.label | ON | +| Key | Value | +|------------------------------------|-----------------| +| Name | StaticBPN | +| Mapper Type | Hardcoded claim | +| Token Claim Name | BPN | +| Claim value | BPNL000000001 | +| Claim JSON Type | String | +| Add to ID token | OFF | +| Add to access token | ON | +| Add to userinfo | OFF | +| includeInAccessTokenResponse.label | ON | If you receive an error message, that the client secret is not valid, please go into keycloak admin and within *Clients > Credentials* recreate the secret. From 670facae38caddb404a63831c470d61d9858898f Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Fri, 14 Jul 2023 16:31:34 +0530 Subject: [PATCH 072/116] feat: added end user documentation --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 81ba1801b..4aa66ab68 100644 --- a/README.md +++ b/README.md @@ -160,6 +160,11 @@ When you just run `task` without parameters, you will see all tasks available. 5. Click on "Authorize" and "close" 6. MIW is up and running +# End Users +See OpenAPI documentation, which is automatically created from +the source and available on each deployment at the `/docs` endpoint +(e.g. locally at http://localhost:8000/docs). An export of the JSON +document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json). ## Test Coverage From b12df99183ef6594db86dfab0364d6280a5eddb8 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 16:41:41 +0530 Subject: [PATCH 073/116] docs: User guide adn API spec added --- README.md | 16 +- docs/openapi_v002.json | 1854 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1862 insertions(+), 8 deletions(-) create mode 100644 docs/openapi_v002.json diff --git a/README.md b/README.md index 4aa66ab68..24d7cc145 100644 --- a/README.md +++ b/README.md @@ -162,11 +162,11 @@ When you just run `task` without parameters, you will see all tasks available. # End Users See OpenAPI documentation, which is automatically created from -the source and available on each deployment at the `/docs` endpoint -(e.g. locally at http://localhost:8000/docs). An export of the JSON -document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json). +the source and available on each deployment at the `/docs/api-docs/docs` endpoint +(e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON +document can be also found in [docs/openapi_v002.json](docs/openapi_v002.json). -## Test Coverage +# Test Coverage Jacoco is used to generate the coverage report. The report generation and the coverage verification are automatically executed after tests. @@ -187,7 +187,7 @@ task app:coverage Currently, the minimum is 80% coverage. -## Common issues and solutions during local setup +# Common issues and solutions during local setup #### 1. Can not build with test cases @@ -214,7 +214,7 @@ In case you encounter any database-related issues, you can resolve them by follo This process ensures that any issues with the database schema are resolved by recreating it in a fresh state. -## Environment Variables +# Environment Variables | name | description | default value | |---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------| @@ -245,14 +245,14 @@ This process ensures that any issues with the database schema are resolved by re | APP_LOG_LEVEL | Log level of application | INFO | | | | | -## Technical Debts and Known issue +# Technical Debts and Known issue 1. Keys are stored in database in encrypted format, need to store keys in more secure place ie. Vault 2. Policies can be validated dynamically as per request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) -## Logging in application +# Logging in application Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO`` diff --git a/docs/openapi_v002.json b/docs/openapi_v002.json new file mode 100644 index 000000000..138dc89c8 --- /dev/null +++ b/docs/openapi_v002.json @@ -0,0 +1,1854 @@ +{ + "openapi": "3.0.1", + "info": + { + "title": "Managed Identity Wallets API", + "description": "Managed Identity Wallets API", + "contact": + { + "name": "Eclipse Tractus-X", + "url": "https://projects.eclipse.org/projects/automotive.tractusx", + "email": "tractusx-dev@eclipse.org" + }, + "license": + { + "name": "Apache 2.0", + "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" + }, + "version": "0.0.1" + }, + "servers": + [ + { + "url": "http://localhost:8087", + "description": "Generated server url" + } + ], + "security": + [ + { + "Authenticate using access_token": + [] + } + ], + "paths": + { + "/api/wallets": + { + "get": + { + "tags": + [ + "Wallets" + ], + "summary": "List of wallets", + "description": "Permission: **view_wallets** \n\n Retrieve list of registered wallets", + "operationId": "getWallets", + "parameters": + [ + { + "name": "pageNumber", + "in": "query", + "required": false, + "schema": + { + "type": "integer", + "format": "int32", + "default": 0 + } + }, + { + "name": "size", + "in": "query", + "required": false, + "schema": + { + "type": "integer", + "format": "int32", + "default": 2147483647 + } + }, + { + "name": "sortColumn", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "createdAt" + } + }, + { + "name": "sortTpe", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "desc" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/PageWallet" + } + } + } + } + } + }, + "post": + { + "tags": + [ + "Wallets" + ], + "summary": "Create Wallet", + "description": "Permission: **add_wallets** \n\n Create a wallet and store it", + "operationId": "createWallet", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/CreateWalletRequest" + }, + "examples": + { + "Create wallet with BPN": + { + "description": "Create wallet with BPN", + "value": + { + "bpn": "BPNL000000000001", + "name": "companyA" + } + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/Wallet" + } + } + } + } + } + } + }, + "/api/wallets/{identifier}/credentials": + { + "post": + { + "tags": + [ + "Wallets" + ], + "summary": "Store Verifiable Credential", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of wallet to extract credentials from must equal BPN of caller) \n\n Store a verifiable credential in the wallet of the given identifier", + "operationId": "storeCredential", + "parameters": + [ + { + "name": "identifier", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/3732", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ], + "proof": + { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "string" + } + } + } + } + } + } + } + }, + "/api/presentations": + { + "post": + { + "tags": + [ + "Verifiable Presentations - Generation" + ], + "summary": "Create Verifiable Presentation", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Presentation must equal to BPN of caller) \n\n Create a verifiable presentation from a list of verifiable credentials, signed by the holder", + "operationId": "createPresentation", + "parameters": + [ + { + "name": "audience", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "asJwt", + "in": "query", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "verifiableCredentials": + [ + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ], + "proof": + { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + } + } + } + } + } + } + }, + "/api/presentations/validation": + { + "post": + { + "tags": + [ + "Verifiable Presentations - Validation" + ], + "summary": "Validate Verifiable Presentation", + "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Presentation with all included credentials", + "operationId": "validatePresentation", + "parameters": + [ + { + "name": "audience", + "in": "query", + "description": "Audience to validate in VP (Only supported in case of JWT formatted VP)", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "asJwt", + "in": "query", + "description": "Pass true in case of VP is in JWT format", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + }, + { + "name": "withCredentialExpiryDate", + "in": "query", + "description": "Check expiry of VC(Only supported in case of JWT formatted VP)", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "examples": + { + "VP as JWT": + { + "description": "VP as JWT", + "value": + { + "vp": "eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiYXVkIjoic21hcnRTZW5zZSIsImlzcyI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ2cCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAjMWQ2ODg4N2EtMzY4NC00ZDU0LWFkYjAtMmM4MWJiNjc4NTJiIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJCcG5DcmVkZW50aWFsQ1giXSwiaWQiOiJhY2I5NTIyZi1kYjIyLTRmOTAtOTQ3NS1jM2YzNTExZjljZGUiLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoiLCJleHBpcmF0aW9uRGF0ZSI6IjIwMjQtMTItMzFUMTg6MzA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYnBuIjoiQlBOTDAwMDAwMDAwMDAwMCIsImlkIjoiZGlkOndlYjpsb2NhbGhvc3Q6QlBOTDAwMDAwMDAwMDAwMCIsInR5cGUiOiJCcG5DcmVkZW50aWFsIn0sInByb29mIjp7InByb29mUHVycG9zZSI6InByb29mUHVycG9zZSIsInZlcmlmaWNhdGlvbk1ldGhvZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ0eXBlIjoiRWQyNTUxOVNpZ25hdHVyZTIwMjAiLCJwcm9vZlZhbHVlIjoiejRkdUJmY0NzYVN6aU5lVXc4WUJ5eUZkdlpYVzhlQUs5MjhkeDNQeExqV0N2S3p0Slo5bWh4aEh3ZTVCdVRRUW5KRmtvb01nUUdLREU0OGNpTHJHaHBzUEEiLCJjcmVhdGVkIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoifX19LCJleHAiOjE2ODU2ODEwNTIsImp0aSI6IjFhYmQxYjAxLTBkZTUtNGY1Ny04ZjBlLWRmNzBhNzNkMjE2NyJ9.Hfm-ANjoeZ8fO-32LPOsQ3-xXSclPUd28p9hvlWyVVB0Mz7n0k-KAHra5kpT0oGrGtdhC1lZ0AitdB_td6VrAQ" + } + }, + "VP as json-ld": + { + "description": "VP as json-ld", + "value": + { + "vp": + { + "id": "b9d97cef-758d-4a7c-843d-86f17632b08a", + "type": + [ + "VerifiablePresentation" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1" + ], + "verifiableCredential": + [ + { + "issuanceDate": "2023-06-01T08:57:50Z", + "credentialSubject": + [ + { + "bpn": "BPNL000000000000", + "id": "did:web:localhost:BPNL000000000000", + "type": "BpnCredential" + } + ], + "id": "acb9522f-db22-4f90-9475-c3f3511f9cde", + "proof": + { + "proofPurpose": "proofPurpose", + "verificationMethod": "did:web:localhost:BPNL000000000000", + "type": "Ed25519Signature2020", + "proofValue": "z4duBfcCsaSziNeUw8YByyFdvZXW8eAK928dx3PxLjWCvKztJZ9mhxhHwe5BuTQQnJFkooMgQGKDE48ciLrGhpsPA", + "created": "2023-06-01T08:57:50Z" + }, + "type": + [ + "VerifiableCredential", + "BpnCredentialCX" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json" + ], + "issuer": "did:web:localhost:BPNL000000000000", + "expirationDate": "2024-12-31T18:30:00Z" + } + ] + } + } + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + } + } + } + } + } + } + }, + "/api/credentials": + { + "get": + { + "tags": + [ + "Verifiable Credential - Holder" + ], + "summary": "Query Verifiable Credentials", + "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", + "operationId": "getCredentials", + "parameters": + [ + { + "name": "credentialId", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "issuerIdentifier", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "type", + "in": "query", + "required": false, + "schema": + { + "type": "array", + "items": + { + "type": "string" + } + } + }, + { + "name": "sortColumn", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "createdAt" + } + }, + { + "name": "sortTpe", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "desc" + } + }, + { + "name": "pageNumber", + "in": "query", + "description": "Page number, Page number start with zero", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 0 + } + }, + { + "name": "size", + "in": "query", + "description": "Number of records per page", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 2147483647 + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/PageImplVerifiableCredential" + } + } + } + } + } + }, + "post": + { + "tags": + [ + "Verifiable Credential - Holder" + ], + "summary": "Issue Verifiable Credential", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", + "operationId": "issueCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + }, + "delete": + { + "tags": + [ + "Verifiable Credential - Holder" + ], + "summary": "Delete a verifiable credential by its ID", + "description": "Permission: **update_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Delete a verifiable credential by its ID", + "operationId": "deleteCredential", + "parameters": + [ + { + "name": "id", + "in": "query", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object" + } + } + } + } + } + } + }, + "/api/credentials/validation": + { + "post": + { + "tags": + [ + "Verifiable Credential - Validation" + ], + "summary": "Validate Verifiable Credentials", + "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Credentials", + "operationId": "credentialsValidation", + "parameters": + [ + { + "name": "withCredentialExpiryDate", + "in": "query", + "description": "Check expiry of VC", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ], + "proof": + { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + } + } + } + } + } + } + }, + "/api/credentials/issuer": + { + "get": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Query Verifiable Credentials", + "description": "Permission: **view_wallets** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", + "operationId": "getCredentials_1", + "parameters": + [ + { + "name": "credentialId", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "holderIdentifier", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "type", + "in": "query", + "required": false, + "schema": + { + "type": "array", + "items": + { + "type": "string" + } + } + }, + { + "name": "pageNumber", + "in": "query", + "description": "Page number, Page number start with zero", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 0 + } + }, + { + "name": "size", + "in": "query", + "description": "Number of records per page", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 2147483647 + } + }, + { + "name": "sortColumn", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "createdAt" + } + }, + { + "name": "sortTpe", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "desc" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/PageImplVerifiableCredential" + } + } + } + } + } + }, + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue Verifiable Credential", + "description": "Permission: **update_wallets** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", + "operationId": "issueCredentialUsingBaseWallet", + "parameters": + [ + { + "name": "holderDid", + "in": "query", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/api/credentials/issuer/membership": + { + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue a Membership Verifiable Credential with base wallet issuer", + "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", + "operationId": "issueMembershipCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/IssueMembershipCredentialRequest" + }, + "example": + { + "bpn": "BPNL000000000000" + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/api/credentials/issuer/framework": + { + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue a Use Case Verifiable Credential with base wallet issuer", + "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", + "operationId": "issueFrameworkCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/IssueFrameworkCredentialRequest" + }, + "example": + { + "holderIdentifier": "BPNL000000000000", + "type": "BehaviorTwinCredential", + "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", + "contract-version": "1.0.0" + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/api/credentials/issuer/dismantler": + { + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue a Dismantler Verifiable Credential with base wallet issuer", + "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", + "operationId": "issueDismantlerCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/IssueDismantlerCredentialRequest" + }, + "example": + { + "bpn": "BPNL000000000000", + "activityType": "vehicleDismantle", + "allowedVehicleBrands": + [ + "Audi", + "Abarth", + "Alfa Romeo", + "Chrysler" + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/{bpn}/did.json": + { + "get": + { + "tags": + [ + "DIDDocument" + ], + "summary": "Resolve DID Document", + "description": "Resolve the DID document for a given BPN", + "operationId": "getDidResolve", + "parameters": + [ + { + "name": "bpn", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/DidDocument" + } + } + } + } + } + } + }, + "/api/wallets/{identifier}": + { + "get": + { + "tags": + [ + "Wallets" + ], + "summary": "Retrieve wallet by identifier", + "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of Wallet to retrieve must equal the BPN of caller or Base wallet, authority wallet can see all wallets) \n\n Retrieve single wallet by identifier, with or without its credentials", + "operationId": "getWalletByIdentifier", + "parameters": + [ + { + "name": "identifier", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + }, + { + "name": "withCredentials", + "in": "query", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/Wallet" + } + } + } + } + } + } + }, + "/api/didDocuments/{identifier}": + { + "get": + { + "tags": + [ + "DIDDocument" + ], + "summary": "Resolve DID Document", + "description": "Resolve the DID document for a given DID or BPN", + "operationId": "getDidDocument", + "parameters": + [ + { + "name": "identifier", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/DidDocument" + } + } + } + } + } + } + } + }, + "components": + { + "schemas": + { + "CreateWalletRequest": + { + "required": + [ + "bpn", + "name" + ], + "type": "object", + "properties": + { + "bpn": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + }, + "name": + { + "maxLength": 255, + "minLength": 1, + "type": "string" + } + } + }, + "DidDocument": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "verificationMethods": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerificationMethod" + } + }, + "context": + { + "type": "array", + "items": + { + "type": "string", + "format": "uri" + } + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "VerifiableCredential": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "types": + { + "type": "array", + "items": + { + "type": "string" + } + }, + "issuer": + { + "type": "string", + "format": "uri" + }, + "expirationDate": + { + "type": "string", + "format": "date-time" + }, + "credentialSubject": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerifiableCredentialSubject" + } + }, + "proof": + { + "type": "object", + "properties": + { + "type": + { + "type": "string" + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "issuanceDate": + { + "type": "string", + "format": "date-time" + }, + "context": + { + "type": "array", + "items": + { + "type": "string", + "format": "uri" + } + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "VerifiableCredentialSubject": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "VerificationMethod": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "type": + { + "type": "string" + }, + "controller": + { + "type": "string", + "format": "uri" + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "Wallet": + { + "type": "object", + "properties": + { + "name": + { + "type": "string" + }, + "did": + { + "type": "string" + }, + "bpn": + { + "type": "string" + }, + "algorithm": + { + "type": "string" + }, + "didDocument": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "verificationMethods": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerificationMethod" + } + }, + "context": + { + "type": "array", + "items": + { + "type": "string", + "format": "uri" + } + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "verifiableCredentials": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + }, + "IssueMembershipCredentialRequest": + { + "required": + [ + "bpn" + ], + "type": "object", + "properties": + { + "bpn": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + } + } + }, + "IssueFrameworkCredentialRequest": + { + "required": + [ + "contract-template", + "contract-version", + "holderIdentifier", + "type" + ], + "type": "object", + "properties": + { + "holderIdentifier": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + }, + "type": + { + "type": "string" + }, + "contract-template": + { + "type": "string" + }, + "contract-version": + { + "type": "string" + } + } + }, + "IssueDismantlerCredentialRequest": + { + "required": + [ + "activityType", + "bpn" + ], + "type": "object", + "properties": + { + "bpn": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + }, + "activityType": + { + "maxLength": 2147483647, + "minLength": 1, + "type": "string" + }, + "allowedVehicleBrands": + { + "uniqueItems": true, + "type": "array", + "items": + { + "type": "string" + } + } + } + }, + "PageWallet": + { + "type": "object", + "properties": + { + "totalElements": + { + "type": "integer", + "format": "int64" + }, + "totalPages": + { + "type": "integer", + "format": "int32" + }, + "size": + { + "type": "integer", + "format": "int32" + }, + "content": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/Wallet" + } + }, + "number": + { + "type": "integer", + "format": "int32" + }, + "sort": + { + "$ref": "#/components/schemas/SortObject" + }, + "pageable": + { + "$ref": "#/components/schemas/PageableObject" + }, + "numberOfElements": + { + "type": "integer", + "format": "int32" + }, + "first": + { + "type": "boolean" + }, + "last": + { + "type": "boolean" + }, + "empty": + { + "type": "boolean" + } + } + }, + "PageableObject": + { + "type": "object", + "properties": + { + "offset": + { + "type": "integer", + "format": "int64" + }, + "sort": + { + "$ref": "#/components/schemas/SortObject" + }, + "pageNumber": + { + "type": "integer", + "format": "int32" + }, + "pageSize": + { + "type": "integer", + "format": "int32" + }, + "paged": + { + "type": "boolean" + }, + "unpaged": + { + "type": "boolean" + } + } + }, + "SortObject": + { + "type": "object", + "properties": + { + "empty": + { + "type": "boolean" + }, + "sorted": + { + "type": "boolean" + }, + "unsorted": + { + "type": "boolean" + } + } + }, + "PageImplVerifiableCredential": + { + "type": "object", + "properties": + { + "content": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + }, + "pageable": + { + "$ref": "#/components/schemas/PageableObject" + }, + "totalElements": + { + "type": "integer", + "format": "int64" + }, + "totalPages": + { + "type": "integer", + "format": "int32" + }, + "last": + { + "type": "boolean" + }, + "size": + { + "type": "integer", + "format": "int32" + }, + "number": + { + "type": "integer", + "format": "int32" + }, + "sort": + { + "$ref": "#/components/schemas/SortObject" + }, + "numberOfElements": + { + "type": "integer", + "format": "int32" + }, + "first": + { + "type": "boolean" + }, + "empty": + { + "type": "boolean" + } + } + } + }, + "securitySchemes": + { + "Authenticate using access_token": + { + "type": "apiKey", + "description": "**Bearer (apiKey)** \nJWT Authorization header using the Bearer scheme.\n\nEnter **Bearer** [space] and then your token in the text input below.\n\nExample: Bearer 12345abcdef", + "name": "Authorization", + "in": "header" + } + } + } +} \ No newline at end of file From 15485f623374a1c2bd2f9b7da2b053a206135398 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 14 Jul 2023 14:22:17 +0200 Subject: [PATCH 074/116] chore(helm): update Chart.yaml with home URL, sources and maintainers information --- charts/managed-identity-wallet/Chart.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 45253f4c0..9c67fe7b8 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -27,11 +27,19 @@ type: application version: 1.0.1-rc1 appVersion: 0.0.1-SNAPSHOT.b75ebaf -home: https://eclipse-tractusx.github.io +home: https://github.com/eclipse-tractusx/managed-identity-wallet keywords: - Managed Identity Wallet - eclipse-tractusx +sources: + - https://github.com/eclipse-tractusx/managed-identity-wallet + +maintainers: + - name: Peter Motzko + email: peter.motzko@volkswagen.de + url: https://github.com/pmoscode + dependencies: - name: postgresql version: 11.9.13 From 4e8d45800ea22f22e3ed59b688d8f4f1b21eebc4 Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:19 +0530 Subject: [PATCH 075/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 24d7cc145..4a6d2077a 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ The available scopes/roles are: 6. Role `manage_app` used to change log level of application at runtime. Check Logging in application section for more details -Additionally a Token mapper can to be created under *Clients* > +Additionally a Token mapper can be created under *Clients* > *ManagedIdentityWallets* > *Mappers* > *create* with the following configuration (using as example `BPNL000000001`): From c086da7aae3a3ce23fdaedd3734356512c02feda Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:29 +0530 Subject: [PATCH 076/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a6d2077a..9e42b7292 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ The available scopes/roles are: Additionally a Token mapper can be created under *Clients* > *ManagedIdentityWallets* > *Mappers* > *create* with the following -configuration (using as example `BPNL000000001`): +configuration (using as an example `BPNL000000001`): | Key | Value | |------------------------------------|-----------------| From d743c95cf3abd322b3881f88dc9c1c8d459a92a7 Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:42 +0530 Subject: [PATCH 077/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9e42b7292..bb8fab5f9 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Following tools the MIW development team used successfully: ## Manual Keycloak Configuration -Within the development setup the Keycloak is initially prepared with the +Within the development setup the Keycloak instance is initially prepared with the values in `./dev-assets/docker-environment/keycloak`. The realm could also be manually added and configured at http://localhost:8080 via the "Add realm" button. It can be for example named `localkeycloak`. Also add an additional client, From 6479ba0c2e0cd10fc29613f39810ebbe695538d7 Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:54 +0530 Subject: [PATCH 078/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bb8fab5f9..74a002ee4 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ The available scopes/roles are: * to get stored Verifiable Credentials of the related BPN * to validate any Verifiable Credential * to validate any Verifiable Presentation -6. Role `manage_app` used to change log level of application at runtime. Check Logging in application section for more +6. Role `manage_app` used to change the log level of the application at runtime. Check Logging in the application section for more details Additionally a Token mapper can be created under *Clients* > From c7cc567615faa8842c3649a6790790a121169ab3 Mon Sep 17 00:00:00 2001 From: Peter Motzko <56410761+pmoscode@users.noreply.github.com> Date: Mon, 17 Jul 2023 13:06:17 +0200 Subject: [PATCH 079/116] chore: enable manual verbose scan trigger --- .github/workflows/veracode.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index 206318ddd..431bccda2 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -22,7 +22,7 @@ on: schedule: # Once a day - cron: "0 0 * * *" - # workflow_dispatch: + workflow_dispatch: # Trigger manually jobs: From a888bad72f92da24515cf79b2b8cddef2006914e Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 17 Jul 2023 16:37:43 +0530 Subject: [PATCH 080/116] docs: API doc fix --- docs/openapi_v002.json | 25 +++++++++---------- .../config/openapi/OpenApiConfig.java | 19 ++++++++++++-- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/docs/openapi_v002.json b/docs/openapi_v002.json index 138dc89c8..a8c2f69f8 100644 --- a/docs/openapi_v002.json +++ b/docs/openapi_v002.json @@ -2,19 +2,18 @@ "openapi": "3.0.1", "info": { - "title": "Managed Identity Wallets API", - "description": "Managed Identity Wallets API", - "contact": - { - "name": "Eclipse Tractus-X", - "url": "https://projects.eclipse.org/projects/automotive.tractusx", - "email": "tractusx-dev@eclipse.org" - }, - "license": - { - "name": "Apache 2.0", - "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" - }, + "title": "Managed Identity Wallets API", + "description": "Managed Identity Wallets API", + "termsOfService": "https://www.eclipse.org/legal/termsofuse.php", + "contact": { + "name": "Eclipse Tractus-X", + "url": "https://projects.eclipse.org/projects/automotive.tractusx", + "email": "tractusx-dev@eclipse.org" + }, + "license": { + "name": "Apache 2.0", + "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" + }, "version": "0.0.1" }, "servers": diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java index 435ae8585..76dd3f645 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java @@ -24,7 +24,9 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Contact; import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.info.License; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import lombok.AllArgsConstructor; @@ -53,9 +55,22 @@ public class OpenApiConfig { @Bean public OpenAPI openAPI() { Info info = new Info(); - info.setTitle("MIW API"); - info.setDescription("MIW API"); + info.setTitle("Managed Identity Wallets API"); + info.setDescription("Managed Identity Wallets API"); + info.termsOfService("https://www.eclipse.org/legal/termsofuse.php"); info.setVersion("0.0.1"); + + Contact contact = new Contact(); + contact.name("Eclipse Tractus-X"); + contact.email("tractusx-dev@eclipse.org"); + contact.url("https://projects.eclipse.org/projects/automotive.tractusx"); + info.contact(contact); + + License license = new License(); + license.name("Apache 2.0"); + license.url("https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE"); + info.license(license); + OpenAPI openAPI = new OpenAPI(); if (Boolean.TRUE.equals(properties.enabled())) { openAPI = enableSecurity(openAPI); From 955b9b43a26ed607023df63f96348c4cd5586b9c Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 17 Jul 2023 17:35:47 +0530 Subject: [PATCH 081/116] docs: openAPI v2 doc deleted, new example added for VC and VP --- README.md | 2 +- docs/openapi_v002.json | 1853 ----------------- .../HoldersCredentialController.java | 4 +- .../IssuersCredentialController.java | 56 +- .../controller/PresentationController.java | 148 +- 5 files changed, 120 insertions(+), 1943 deletions(-) delete mode 100644 docs/openapi_v002.json diff --git a/README.md b/README.md index 74a002ee4..0eb4b85af 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,7 @@ When you just run `task` without parameters, you will see all tasks available. See OpenAPI documentation, which is automatically created from the source and available on each deployment at the `/docs/api-docs/docs` endpoint (e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON -document can be also found in [docs/openapi_v002.json](docs/openapi_v002.json). +document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json). # Test Coverage diff --git a/docs/openapi_v002.json b/docs/openapi_v002.json deleted file mode 100644 index a8c2f69f8..000000000 --- a/docs/openapi_v002.json +++ /dev/null @@ -1,1853 +0,0 @@ -{ - "openapi": "3.0.1", - "info": - { - "title": "Managed Identity Wallets API", - "description": "Managed Identity Wallets API", - "termsOfService": "https://www.eclipse.org/legal/termsofuse.php", - "contact": { - "name": "Eclipse Tractus-X", - "url": "https://projects.eclipse.org/projects/automotive.tractusx", - "email": "tractusx-dev@eclipse.org" - }, - "license": { - "name": "Apache 2.0", - "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" - }, - "version": "0.0.1" - }, - "servers": - [ - { - "url": "http://localhost:8087", - "description": "Generated server url" - } - ], - "security": - [ - { - "Authenticate using access_token": - [] - } - ], - "paths": - { - "/api/wallets": - { - "get": - { - "tags": - [ - "Wallets" - ], - "summary": "List of wallets", - "description": "Permission: **view_wallets** \n\n Retrieve list of registered wallets", - "operationId": "getWallets", - "parameters": - [ - { - "name": "pageNumber", - "in": "query", - "required": false, - "schema": - { - "type": "integer", - "format": "int32", - "default": 0 - } - }, - { - "name": "size", - "in": "query", - "required": false, - "schema": - { - "type": "integer", - "format": "int32", - "default": 2147483647 - } - }, - { - "name": "sortColumn", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "createdAt" - } - }, - { - "name": "sortTpe", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "desc" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/PageWallet" - } - } - } - } - } - }, - "post": - { - "tags": - [ - "Wallets" - ], - "summary": "Create Wallet", - "description": "Permission: **add_wallets** \n\n Create a wallet and store it", - "operationId": "createWallet", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/CreateWalletRequest" - }, - "examples": - { - "Create wallet with BPN": - { - "description": "Create wallet with BPN", - "value": - { - "bpn": "BPNL000000000001", - "name": "companyA" - } - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/Wallet" - } - } - } - } - } - } - }, - "/api/wallets/{identifier}/credentials": - { - "post": - { - "tags": - [ - "Wallets" - ], - "summary": "Store Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of wallet to extract credentials from must equal BPN of caller) \n\n Store a verifiable credential in the wallet of the given identifier", - "operationId": "storeCredential", - "parameters": - [ - { - "name": "identifier", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/3732", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ], - "proof": - { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "string" - } - } - } - } - } - } - } - }, - "/api/presentations": - { - "post": - { - "tags": - [ - "Verifiable Presentations - Generation" - ], - "summary": "Create Verifiable Presentation", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Presentation must equal to BPN of caller) \n\n Create a verifiable presentation from a list of verifiable credentials, signed by the holder", - "operationId": "createPresentation", - "parameters": - [ - { - "name": "audience", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "asJwt", - "in": "query", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredentials": - [ - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ], - "proof": - { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - } - } - } - } - } - } - }, - "/api/presentations/validation": - { - "post": - { - "tags": - [ - "Verifiable Presentations - Validation" - ], - "summary": "Validate Verifiable Presentation", - "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Presentation with all included credentials", - "operationId": "validatePresentation", - "parameters": - [ - { - "name": "audience", - "in": "query", - "description": "Audience to validate in VP (Only supported in case of JWT formatted VP)", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "asJwt", - "in": "query", - "description": "Pass true in case of VP is in JWT format", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - }, - { - "name": "withCredentialExpiryDate", - "in": "query", - "description": "Check expiry of VC(Only supported in case of JWT formatted VP)", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "examples": - { - "VP as JWT": - { - "description": "VP as JWT", - "value": - { - "vp": "eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiYXVkIjoic21hcnRTZW5zZSIsImlzcyI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ2cCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAjMWQ2ODg4N2EtMzY4NC00ZDU0LWFkYjAtMmM4MWJiNjc4NTJiIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJCcG5DcmVkZW50aWFsQ1giXSwiaWQiOiJhY2I5NTIyZi1kYjIyLTRmOTAtOTQ3NS1jM2YzNTExZjljZGUiLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoiLCJleHBpcmF0aW9uRGF0ZSI6IjIwMjQtMTItMzFUMTg6MzA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYnBuIjoiQlBOTDAwMDAwMDAwMDAwMCIsImlkIjoiZGlkOndlYjpsb2NhbGhvc3Q6QlBOTDAwMDAwMDAwMDAwMCIsInR5cGUiOiJCcG5DcmVkZW50aWFsIn0sInByb29mIjp7InByb29mUHVycG9zZSI6InByb29mUHVycG9zZSIsInZlcmlmaWNhdGlvbk1ldGhvZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ0eXBlIjoiRWQyNTUxOVNpZ25hdHVyZTIwMjAiLCJwcm9vZlZhbHVlIjoiejRkdUJmY0NzYVN6aU5lVXc4WUJ5eUZkdlpYVzhlQUs5MjhkeDNQeExqV0N2S3p0Slo5bWh4aEh3ZTVCdVRRUW5KRmtvb01nUUdLREU0OGNpTHJHaHBzUEEiLCJjcmVhdGVkIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoifX19LCJleHAiOjE2ODU2ODEwNTIsImp0aSI6IjFhYmQxYjAxLTBkZTUtNGY1Ny04ZjBlLWRmNzBhNzNkMjE2NyJ9.Hfm-ANjoeZ8fO-32LPOsQ3-xXSclPUd28p9hvlWyVVB0Mz7n0k-KAHra5kpT0oGrGtdhC1lZ0AitdB_td6VrAQ" - } - }, - "VP as json-ld": - { - "description": "VP as json-ld", - "value": - { - "vp": - { - "id": "b9d97cef-758d-4a7c-843d-86f17632b08a", - "type": - [ - "VerifiablePresentation" - ], - "@context": - [ - "https://www.w3.org/2018/credentials/v1" - ], - "verifiableCredential": - [ - { - "issuanceDate": "2023-06-01T08:57:50Z", - "credentialSubject": - [ - { - "bpn": "BPNL000000000000", - "id": "did:web:localhost:BPNL000000000000", - "type": "BpnCredential" - } - ], - "id": "acb9522f-db22-4f90-9475-c3f3511f9cde", - "proof": - { - "proofPurpose": "proofPurpose", - "verificationMethod": "did:web:localhost:BPNL000000000000", - "type": "Ed25519Signature2020", - "proofValue": "z4duBfcCsaSziNeUw8YByyFdvZXW8eAK928dx3PxLjWCvKztJZ9mhxhHwe5BuTQQnJFkooMgQGKDE48ciLrGhpsPA", - "created": "2023-06-01T08:57:50Z" - }, - "type": - [ - "VerifiableCredential", - "BpnCredentialCX" - ], - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json" - ], - "issuer": "did:web:localhost:BPNL000000000000", - "expirationDate": "2024-12-31T18:30:00Z" - } - ] - } - } - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - } - } - } - } - } - } - }, - "/api/credentials": - { - "get": - { - "tags": - [ - "Verifiable Credential - Holder" - ], - "summary": "Query Verifiable Credentials", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", - "operationId": "getCredentials", - "parameters": - [ - { - "name": "credentialId", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "issuerIdentifier", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "type", - "in": "query", - "required": false, - "schema": - { - "type": "array", - "items": - { - "type": "string" - } - } - }, - { - "name": "sortColumn", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "createdAt" - } - }, - { - "name": "sortTpe", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "desc" - } - }, - { - "name": "pageNumber", - "in": "query", - "description": "Page number, Page number start with zero", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 0 - } - }, - { - "name": "size", - "in": "query", - "description": "Number of records per page", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 2147483647 - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/PageImplVerifiableCredential" - } - } - } - } - } - }, - "post": - { - "tags": - [ - "Verifiable Credential - Holder" - ], - "summary": "Issue Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", - "operationId": "issueCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - }, - "delete": - { - "tags": - [ - "Verifiable Credential - Holder" - ], - "summary": "Delete a verifiable credential by its ID", - "description": "Permission: **update_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Delete a verifiable credential by its ID", - "operationId": "deleteCredential", - "parameters": - [ - { - "name": "id", - "in": "query", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object" - } - } - } - } - } - } - }, - "/api/credentials/validation": - { - "post": - { - "tags": - [ - "Verifiable Credential - Validation" - ], - "summary": "Validate Verifiable Credentials", - "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Credentials", - "operationId": "credentialsValidation", - "parameters": - [ - { - "name": "withCredentialExpiryDate", - "in": "query", - "description": "Check expiry of VC", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ], - "proof": - { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - } - } - } - } - } - } - }, - "/api/credentials/issuer": - { - "get": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Query Verifiable Credentials", - "description": "Permission: **view_wallets** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", - "operationId": "getCredentials_1", - "parameters": - [ - { - "name": "credentialId", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "holderIdentifier", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "type", - "in": "query", - "required": false, - "schema": - { - "type": "array", - "items": - { - "type": "string" - } - } - }, - { - "name": "pageNumber", - "in": "query", - "description": "Page number, Page number start with zero", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 0 - } - }, - { - "name": "size", - "in": "query", - "description": "Number of records per page", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 2147483647 - } - }, - { - "name": "sortColumn", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "createdAt" - } - }, - { - "name": "sortTpe", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "desc" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/PageImplVerifiableCredential" - } - } - } - } - } - }, - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue Verifiable Credential", - "description": "Permission: **update_wallets** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", - "operationId": "issueCredentialUsingBaseWallet", - "parameters": - [ - { - "name": "holderDid", - "in": "query", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/api/credentials/issuer/membership": - { - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Membership Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", - "operationId": "issueMembershipCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/IssueMembershipCredentialRequest" - }, - "example": - { - "bpn": "BPNL000000000000" - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/api/credentials/issuer/framework": - { - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Use Case Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", - "operationId": "issueFrameworkCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/IssueFrameworkCredentialRequest" - }, - "example": - { - "holderIdentifier": "BPNL000000000000", - "type": "BehaviorTwinCredential", - "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", - "contract-version": "1.0.0" - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/api/credentials/issuer/dismantler": - { - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Dismantler Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", - "operationId": "issueDismantlerCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/IssueDismantlerCredentialRequest" - }, - "example": - { - "bpn": "BPNL000000000000", - "activityType": "vehicleDismantle", - "allowedVehicleBrands": - [ - "Audi", - "Abarth", - "Alfa Romeo", - "Chrysler" - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/{bpn}/did.json": - { - "get": - { - "tags": - [ - "DIDDocument" - ], - "summary": "Resolve DID Document", - "description": "Resolve the DID document for a given BPN", - "operationId": "getDidResolve", - "parameters": - [ - { - "name": "bpn", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/DidDocument" - } - } - } - } - } - } - }, - "/api/wallets/{identifier}": - { - "get": - { - "tags": - [ - "Wallets" - ], - "summary": "Retrieve wallet by identifier", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of Wallet to retrieve must equal the BPN of caller or Base wallet, authority wallet can see all wallets) \n\n Retrieve single wallet by identifier, with or without its credentials", - "operationId": "getWalletByIdentifier", - "parameters": - [ - { - "name": "identifier", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - }, - { - "name": "withCredentials", - "in": "query", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/Wallet" - } - } - } - } - } - } - }, - "/api/didDocuments/{identifier}": - { - "get": - { - "tags": - [ - "DIDDocument" - ], - "summary": "Resolve DID Document", - "description": "Resolve the DID document for a given DID or BPN", - "operationId": "getDidDocument", - "parameters": - [ - { - "name": "identifier", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/DidDocument" - } - } - } - } - } - } - } - }, - "components": - { - "schemas": - { - "CreateWalletRequest": - { - "required": - [ - "bpn", - "name" - ], - "type": "object", - "properties": - { - "bpn": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - }, - "name": - { - "maxLength": 255, - "minLength": 1, - "type": "string" - } - } - }, - "DidDocument": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "verificationMethods": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerificationMethod" - } - }, - "context": - { - "type": "array", - "items": - { - "type": "string", - "format": "uri" - } - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "VerifiableCredential": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "types": - { - "type": "array", - "items": - { - "type": "string" - } - }, - "issuer": - { - "type": "string", - "format": "uri" - }, - "expirationDate": - { - "type": "string", - "format": "date-time" - }, - "credentialSubject": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerifiableCredentialSubject" - } - }, - "proof": - { - "type": "object", - "properties": - { - "type": - { - "type": "string" - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "issuanceDate": - { - "type": "string", - "format": "date-time" - }, - "context": - { - "type": "array", - "items": - { - "type": "string", - "format": "uri" - } - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "VerifiableCredentialSubject": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "VerificationMethod": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "type": - { - "type": "string" - }, - "controller": - { - "type": "string", - "format": "uri" - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "Wallet": - { - "type": "object", - "properties": - { - "name": - { - "type": "string" - }, - "did": - { - "type": "string" - }, - "bpn": - { - "type": "string" - }, - "algorithm": - { - "type": "string" - }, - "didDocument": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "verificationMethods": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerificationMethod" - } - }, - "context": - { - "type": "array", - "items": - { - "type": "string", - "format": "uri" - } - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "verifiableCredentials": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - }, - "IssueMembershipCredentialRequest": - { - "required": - [ - "bpn" - ], - "type": "object", - "properties": - { - "bpn": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - } - } - }, - "IssueFrameworkCredentialRequest": - { - "required": - [ - "contract-template", - "contract-version", - "holderIdentifier", - "type" - ], - "type": "object", - "properties": - { - "holderIdentifier": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - }, - "type": - { - "type": "string" - }, - "contract-template": - { - "type": "string" - }, - "contract-version": - { - "type": "string" - } - } - }, - "IssueDismantlerCredentialRequest": - { - "required": - [ - "activityType", - "bpn" - ], - "type": "object", - "properties": - { - "bpn": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - }, - "activityType": - { - "maxLength": 2147483647, - "minLength": 1, - "type": "string" - }, - "allowedVehicleBrands": - { - "uniqueItems": true, - "type": "array", - "items": - { - "type": "string" - } - } - } - }, - "PageWallet": - { - "type": "object", - "properties": - { - "totalElements": - { - "type": "integer", - "format": "int64" - }, - "totalPages": - { - "type": "integer", - "format": "int32" - }, - "size": - { - "type": "integer", - "format": "int32" - }, - "content": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/Wallet" - } - }, - "number": - { - "type": "integer", - "format": "int32" - }, - "sort": - { - "$ref": "#/components/schemas/SortObject" - }, - "pageable": - { - "$ref": "#/components/schemas/PageableObject" - }, - "numberOfElements": - { - "type": "integer", - "format": "int32" - }, - "first": - { - "type": "boolean" - }, - "last": - { - "type": "boolean" - }, - "empty": - { - "type": "boolean" - } - } - }, - "PageableObject": - { - "type": "object", - "properties": - { - "offset": - { - "type": "integer", - "format": "int64" - }, - "sort": - { - "$ref": "#/components/schemas/SortObject" - }, - "pageNumber": - { - "type": "integer", - "format": "int32" - }, - "pageSize": - { - "type": "integer", - "format": "int32" - }, - "paged": - { - "type": "boolean" - }, - "unpaged": - { - "type": "boolean" - } - } - }, - "SortObject": - { - "type": "object", - "properties": - { - "empty": - { - "type": "boolean" - }, - "sorted": - { - "type": "boolean" - }, - "unsorted": - { - "type": "boolean" - } - } - }, - "PageImplVerifiableCredential": - { - "type": "object", - "properties": - { - "content": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - }, - "pageable": - { - "$ref": "#/components/schemas/PageableObject" - }, - "totalElements": - { - "type": "integer", - "format": "int64" - }, - "totalPages": - { - "type": "integer", - "format": "int32" - }, - "last": - { - "type": "boolean" - }, - "size": - { - "type": "integer", - "format": "int32" - }, - "number": - { - "type": "integer", - "format": "int32" - }, - "sort": - { - "$ref": "#/components/schemas/SortObject" - }, - "numberOfElements": - { - "type": "integer", - "format": "int32" - }, - "first": - { - "type": "boolean" - }, - "empty": - { - "type": "boolean" - } - } - } - }, - "securitySchemes": - { - "Authenticate using access_token": - { - "type": "apiKey", - "description": "**Bearer (apiKey)** \nJWT Authorization header using the Bearer scheme.\n\nEnter **Bearer** [space] and then your token in the text input below.\n\nExample: Bearer 12345abcdef", - "name": "Authorization", - "in": "header" - } - } - } -} \ No newline at end of file diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java index 8b16fdaff..ace19aacd 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java @@ -97,9 +97,9 @@ public ResponseEntity> getCredentials(@RequestPar "https://www.w3.org/2018/credentials/examples/v1" ], "type": [ - "University-Degree-Credential","VerifiableCredential" + "VerifiableCredential", "University-Degree-Credential" ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuer": "did:web:localhost:BPNL000000000000", "issuanceDate": "2019-06-16T18:56:59Z", "expirationDate": "2019-06-17T18:56:59Z", "credentialSubject": [{ diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java index 1e533b4b4..29c6f3012 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java @@ -175,28 +175,38 @@ public ResponseEntity issueFrameworkCredential(@Valid @Req @io.swagger.v3.oas.annotations.parameters.RequestBody(content = { @Content(examples = @ExampleObject(""" { - "id": "http://example.edu/credentials/333", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential", "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": [{ - "college": "Test-University" - }], - "proof": { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } + "credentialSubject": + [ + { + "bpn": "BPNL000000000000", + "id": "did:web:localhost:BPNL000000000000", + "type": "BpnCredential" + } + ], + "issuanceDate": "2023-07-14T11:05:44Z", + "id": "did:web:localhost:BPNL000000000000#f177b3e9-bbf9-45db-bc3d-80152abcb419", + "proof": + { + "created": "2023-07-14T11:05:48Z", + "jws": "eyJhbGciOiJFZERTQSJ9..C4oYBfTh11OKG0yV0qoCQxF6zZWZLb9dPXJCP6oCtpyB_sSc8o6cPhByKwf-0o7ElsUr0mh6AGPwGxdoOijfDw", + "proofPurpose": "proofPurpose", + "type": "JsonWebSignature2020", + "verificationMethod": "did:web:localhost:BPNL000000000000#" + }, + "type": + [ + "VerifiableCredential", + "BpnCredential" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json", + "https://w3id.org/security/suites/jws-2020/v1" + ], + "issuer": "did:web:localhost:BPNL000000000000", + "expirationDate": "2023-09-30T18:30:00Z" + } """)) }) public ResponseEntity> credentialsValidation(@RequestBody Map data, @@ -225,7 +235,7 @@ public ResponseEntity> credentialsValidation(@RequestBody Ma "https://www.w3.org/2018/credentials/examples/v1" ], "type": [ - "University-Degree-Credential","VerifiableCredential" + "VerifiableCredential", "University-Degree-Credential" ], "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", "issuanceDate": "2019-06-16T18:56:59Z", diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java index 92a725242..81ec135dc 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java @@ -67,33 +67,44 @@ public class PresentationController extends BaseController { @io.swagger.v3.oas.annotations.parameters.RequestBody(content = { @Content(examples = @ExampleObject(""" { - "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredentials": [ - { - "id": "http://example.edu/credentials/333", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential", "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": [{ - "college": "Test-University" - }], - "proof": { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ] - } + "holderIdentifier": "did:web:localhost:BPNL000000000000", + "verifiableCredentials": + [ + { + "credentialSubject": + [ + { + "bpn": "BPNL000000000000", + "id": "did:web:localhost:BPNL000000000000", + "type": "BpnCredential" + } + ], + "issuanceDate": "2023-07-14T11:05:44Z", + "id": "did:web:localhost:BPNL000000000000#f177b3e9-bbf9-45db-bc3d-80152abcb419", + "proof": + { + "created": "2023-07-14T11:05:48Z", + "jws": "eyJhbGciOiJFZERTQSJ9..C4oYBfTh11OKG0yV0qoCQxF6zZWZLb9dPXJCP6oCtpyB_sSc8o6cPhByKwf-0o7ElsUr0mh6AGPwGxdoOijfDw", + "proofPurpose": "proofPurpose", + "type": "JsonWebSignature2020", + "verificationMethod": "did:web:localhost:BPNL000000000000#" + }, + "type": + [ + "VerifiableCredential", + "BpnCredential" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json", + "https://w3id.org/security/suites/jws-2020/v1" + ], + "issuer": "did:web:localhost:BPNL000000000000", + "expirationDate": "2023-09-30T18:30:00Z" + } + ] + } """)) }) public ResponseEntity> createPresentation(@RequestBody Map data, @@ -127,45 +138,54 @@ public ResponseEntity> createPresentation(@RequestBody Map Date: Fri, 14 Jul 2023 15:40:18 +0530 Subject: [PATCH 082/116] feat: added administrator documentation --- README.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/README.md b/README.md index c5b8b96a9..71d5d0d5a 100644 --- a/README.md +++ b/README.md @@ -23,6 +23,72 @@ Following tools the MIW development team used successfully: | Database | DBeaver | https://dbeaver.io/ | | IAM | Keycloak | https://www.keycloak.org/ | | +# Administrator Documentation + +## Manual Keycloak Configuration + +Within the development setup the Keycloak is initially prepared with the +values in `./dev-assets/docker-environment/keycloak`. The realm could also be +manually added and configured at http://localhost:8080 via the "Add realm" +button. It can be for example named `localkeycloak`. Also add an additional client, +e.g. named `ManagedIdentityWallets` with *valid redirect url* set to +`http://localhost:8080/*`. The roles +* add_wallets +* view_wallets +* update_wallets +* delete_wallets +* view_wallet +* update_wallet + can be added under *Clients > ManagedIdentityWallets > Roles* and then + assigned to the client using *Clients > ManagedIdentityWallets > Client Scopes* + *> Service Account Roles > Client Roles > ManagedIdentityWallets*. The + available scopes/roles are: + +1. Role `add_wallets` to create a new wallet + +2. Role `view_wallets`: + * to get a list of all wallets + * to retrieve one wallet by its identifier + * to validate a Verifiable Credential + * to validate a Verifiable Presentation + * to get all stored Verifiable Credentials + +3. Role `update_wallets` for the following actions: + * to store Verifiable Credential + * to issue a Verifiable Credential + * to issue a Verifiable Presentation + +4. Role `update_wallet`: + * to remove a Verifiable Credential + * to store a Verifiable Credential + * to issue a Verifiable Credential + * to issue a Verifiable Presentation + +5. Role `view_wallet` requires the BPN of Caller and it can be used: + * to get the Wallet of the related BPN + * to get stored Verifiable Credentials of the related BPN + * to validate any Verifiable Credential + * to validate any Verifiable Presentation + +Additionally a Token mapper can to be created under *Clients* > +*ManagedIdentityWallets* > *Mappers* > *create* with the following +configuration (using as example `BPNL000000001`): + +| Key | Value | +|---------------------|---------------------------| +| Name | StaticBPN | +| Mapper Type | Hardcoded claim | +| Token Claim Name | BPN | +| Claim value | BPNL000000001 | +| Claim JSON Type | String | +| Add to ID token | OFF | +| Add to access token | ON | +| Add to userinfo | OFF | +| includeInAccessTokenResponse.label | ON | + +If you receive an error message, that the client secret is not valid, please go into +keycloak admin and within *Clients > Credentials* recreate the secret. + ## Development Setup ### Prerequisites From 5210e5c4b14352656fa32f4763f2bfca70c87b87 Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 15:52:30 +0530 Subject: [PATCH 083/116] docs: manage_app role added in keycloak doc --- README.md | 48 +++++++++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 71d5d0d5a..81ba1801b 100644 --- a/README.md +++ b/README.md @@ -31,18 +31,22 @@ Within the development setup the Keycloak is initially prepared with the values in `./dev-assets/docker-environment/keycloak`. The realm could also be manually added and configured at http://localhost:8080 via the "Add realm" button. It can be for example named `localkeycloak`. Also add an additional client, -e.g. named `ManagedIdentityWallets` with *valid redirect url* set to +e.g. named `miw_private_client` with *valid redirect url* set to `http://localhost:8080/*`. The roles + * add_wallets * view_wallets * update_wallets * delete_wallets * view_wallet * update_wallet - can be added under *Clients > ManagedIdentityWallets > Roles* and then - assigned to the client using *Clients > ManagedIdentityWallets > Client Scopes* - *> Service Account Roles > Client Roles > ManagedIdentityWallets*. The - available scopes/roles are: +* manage_app + +Roles can be added under *Clients > miw_private_client > Roles* and then +assigned to the client using *Clients > miw_private_client > Client Scopes* +*> Service Account Roles > Client Roles > miw_private_client*. + +The available scopes/roles are: 1. Role `add_wallets` to create a new wallet @@ -59,32 +63,34 @@ e.g. named `ManagedIdentityWallets` with *valid redirect url* set to * to issue a Verifiable Presentation 4. Role `update_wallet`: - * to remove a Verifiable Credential - * to store a Verifiable Credential - * to issue a Verifiable Credential - * to issue a Verifiable Presentation - + * to remove a Verifiable Credential + * to store a Verifiable Credential + * to issue a Verifiable Credential + * to issue a Verifiable Presentation + 5. Role `view_wallet` requires the BPN of Caller and it can be used: * to get the Wallet of the related BPN * to get stored Verifiable Credentials of the related BPN * to validate any Verifiable Credential * to validate any Verifiable Presentation +6. Role `manage_app` used to change log level of application at runtime. Check Logging in application section for more + details Additionally a Token mapper can to be created under *Clients* > *ManagedIdentityWallets* > *Mappers* > *create* with the following configuration (using as example `BPNL000000001`): -| Key | Value | -|---------------------|---------------------------| -| Name | StaticBPN | -| Mapper Type | Hardcoded claim | -| Token Claim Name | BPN | -| Claim value | BPNL000000001 | -| Claim JSON Type | String | -| Add to ID token | OFF | -| Add to access token | ON | -| Add to userinfo | OFF | -| includeInAccessTokenResponse.label | ON | +| Key | Value | +|------------------------------------|-----------------| +| Name | StaticBPN | +| Mapper Type | Hardcoded claim | +| Token Claim Name | BPN | +| Claim value | BPNL000000001 | +| Claim JSON Type | String | +| Add to ID token | OFF | +| Add to access token | ON | +| Add to userinfo | OFF | +| includeInAccessTokenResponse.label | ON | If you receive an error message, that the client secret is not valid, please go into keycloak admin and within *Clients > Credentials* recreate the secret. From 83ae88672a1dd28c31ca987e73ef84fd85fa366f Mon Sep 17 00:00:00 2001 From: Ronak Thacker Date: Fri, 14 Jul 2023 16:31:34 +0530 Subject: [PATCH 084/116] feat: added end user documentation --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 81ba1801b..4aa66ab68 100644 --- a/README.md +++ b/README.md @@ -160,6 +160,11 @@ When you just run `task` without parameters, you will see all tasks available. 5. Click on "Authorize" and "close" 6. MIW is up and running +# End Users +See OpenAPI documentation, which is automatically created from +the source and available on each deployment at the `/docs` endpoint +(e.g. locally at http://localhost:8000/docs). An export of the JSON +document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json). ## Test Coverage From 0d653ba5c6c9e0fa5cdfcd2b596daa316aa58f3e Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Fri, 14 Jul 2023 16:41:41 +0530 Subject: [PATCH 085/116] docs: User guide adn API spec added --- README.md | 16 +- docs/openapi_v002.json | 1854 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1862 insertions(+), 8 deletions(-) create mode 100644 docs/openapi_v002.json diff --git a/README.md b/README.md index 4aa66ab68..24d7cc145 100644 --- a/README.md +++ b/README.md @@ -162,11 +162,11 @@ When you just run `task` without parameters, you will see all tasks available. # End Users See OpenAPI documentation, which is automatically created from -the source and available on each deployment at the `/docs` endpoint -(e.g. locally at http://localhost:8000/docs). An export of the JSON -document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json). +the source and available on each deployment at the `/docs/api-docs/docs` endpoint +(e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON +document can be also found in [docs/openapi_v002.json](docs/openapi_v002.json). -## Test Coverage +# Test Coverage Jacoco is used to generate the coverage report. The report generation and the coverage verification are automatically executed after tests. @@ -187,7 +187,7 @@ task app:coverage Currently, the minimum is 80% coverage. -## Common issues and solutions during local setup +# Common issues and solutions during local setup #### 1. Can not build with test cases @@ -214,7 +214,7 @@ In case you encounter any database-related issues, you can resolve them by follo This process ensures that any issues with the database schema are resolved by recreating it in a fresh state. -## Environment Variables +# Environment Variables | name | description | default value | |---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------| @@ -245,14 +245,14 @@ This process ensures that any issues with the database schema are resolved by re | APP_LOG_LEVEL | Log level of application | INFO | | | | | -## Technical Debts and Known issue +# Technical Debts and Known issue 1. Keys are stored in database in encrypted format, need to store keys in more secure place ie. Vault 2. Policies can be validated dynamically as per request while validating VP and VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies) -## Logging in application +# Logging in application Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO`` diff --git a/docs/openapi_v002.json b/docs/openapi_v002.json new file mode 100644 index 000000000..138dc89c8 --- /dev/null +++ b/docs/openapi_v002.json @@ -0,0 +1,1854 @@ +{ + "openapi": "3.0.1", + "info": + { + "title": "Managed Identity Wallets API", + "description": "Managed Identity Wallets API", + "contact": + { + "name": "Eclipse Tractus-X", + "url": "https://projects.eclipse.org/projects/automotive.tractusx", + "email": "tractusx-dev@eclipse.org" + }, + "license": + { + "name": "Apache 2.0", + "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" + }, + "version": "0.0.1" + }, + "servers": + [ + { + "url": "http://localhost:8087", + "description": "Generated server url" + } + ], + "security": + [ + { + "Authenticate using access_token": + [] + } + ], + "paths": + { + "/api/wallets": + { + "get": + { + "tags": + [ + "Wallets" + ], + "summary": "List of wallets", + "description": "Permission: **view_wallets** \n\n Retrieve list of registered wallets", + "operationId": "getWallets", + "parameters": + [ + { + "name": "pageNumber", + "in": "query", + "required": false, + "schema": + { + "type": "integer", + "format": "int32", + "default": 0 + } + }, + { + "name": "size", + "in": "query", + "required": false, + "schema": + { + "type": "integer", + "format": "int32", + "default": 2147483647 + } + }, + { + "name": "sortColumn", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "createdAt" + } + }, + { + "name": "sortTpe", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "desc" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/PageWallet" + } + } + } + } + } + }, + "post": + { + "tags": + [ + "Wallets" + ], + "summary": "Create Wallet", + "description": "Permission: **add_wallets** \n\n Create a wallet and store it", + "operationId": "createWallet", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/CreateWalletRequest" + }, + "examples": + { + "Create wallet with BPN": + { + "description": "Create wallet with BPN", + "value": + { + "bpn": "BPNL000000000001", + "name": "companyA" + } + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/Wallet" + } + } + } + } + } + } + }, + "/api/wallets/{identifier}/credentials": + { + "post": + { + "tags": + [ + "Wallets" + ], + "summary": "Store Verifiable Credential", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of wallet to extract credentials from must equal BPN of caller) \n\n Store a verifiable credential in the wallet of the given identifier", + "operationId": "storeCredential", + "parameters": + [ + { + "name": "identifier", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/3732", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ], + "proof": + { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "string" + } + } + } + } + } + } + } + }, + "/api/presentations": + { + "post": + { + "tags": + [ + "Verifiable Presentations - Generation" + ], + "summary": "Create Verifiable Presentation", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Presentation must equal to BPN of caller) \n\n Create a verifiable presentation from a list of verifiable credentials, signed by the holder", + "operationId": "createPresentation", + "parameters": + [ + { + "name": "audience", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "asJwt", + "in": "query", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "verifiableCredentials": + [ + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ], + "proof": + { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + } + } + } + } + } + } + }, + "/api/presentations/validation": + { + "post": + { + "tags": + [ + "Verifiable Presentations - Validation" + ], + "summary": "Validate Verifiable Presentation", + "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Presentation with all included credentials", + "operationId": "validatePresentation", + "parameters": + [ + { + "name": "audience", + "in": "query", + "description": "Audience to validate in VP (Only supported in case of JWT formatted VP)", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "asJwt", + "in": "query", + "description": "Pass true in case of VP is in JWT format", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + }, + { + "name": "withCredentialExpiryDate", + "in": "query", + "description": "Check expiry of VC(Only supported in case of JWT formatted VP)", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "examples": + { + "VP as JWT": + { + "description": "VP as JWT", + "value": + { + "vp": "eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiYXVkIjoic21hcnRTZW5zZSIsImlzcyI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ2cCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAjMWQ2ODg4N2EtMzY4NC00ZDU0LWFkYjAtMmM4MWJiNjc4NTJiIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJCcG5DcmVkZW50aWFsQ1giXSwiaWQiOiJhY2I5NTIyZi1kYjIyLTRmOTAtOTQ3NS1jM2YzNTExZjljZGUiLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoiLCJleHBpcmF0aW9uRGF0ZSI6IjIwMjQtMTItMzFUMTg6MzA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYnBuIjoiQlBOTDAwMDAwMDAwMDAwMCIsImlkIjoiZGlkOndlYjpsb2NhbGhvc3Q6QlBOTDAwMDAwMDAwMDAwMCIsInR5cGUiOiJCcG5DcmVkZW50aWFsIn0sInByb29mIjp7InByb29mUHVycG9zZSI6InByb29mUHVycG9zZSIsInZlcmlmaWNhdGlvbk1ldGhvZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ0eXBlIjoiRWQyNTUxOVNpZ25hdHVyZTIwMjAiLCJwcm9vZlZhbHVlIjoiejRkdUJmY0NzYVN6aU5lVXc4WUJ5eUZkdlpYVzhlQUs5MjhkeDNQeExqV0N2S3p0Slo5bWh4aEh3ZTVCdVRRUW5KRmtvb01nUUdLREU0OGNpTHJHaHBzUEEiLCJjcmVhdGVkIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoifX19LCJleHAiOjE2ODU2ODEwNTIsImp0aSI6IjFhYmQxYjAxLTBkZTUtNGY1Ny04ZjBlLWRmNzBhNzNkMjE2NyJ9.Hfm-ANjoeZ8fO-32LPOsQ3-xXSclPUd28p9hvlWyVVB0Mz7n0k-KAHra5kpT0oGrGtdhC1lZ0AitdB_td6VrAQ" + } + }, + "VP as json-ld": + { + "description": "VP as json-ld", + "value": + { + "vp": + { + "id": "b9d97cef-758d-4a7c-843d-86f17632b08a", + "type": + [ + "VerifiablePresentation" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1" + ], + "verifiableCredential": + [ + { + "issuanceDate": "2023-06-01T08:57:50Z", + "credentialSubject": + [ + { + "bpn": "BPNL000000000000", + "id": "did:web:localhost:BPNL000000000000", + "type": "BpnCredential" + } + ], + "id": "acb9522f-db22-4f90-9475-c3f3511f9cde", + "proof": + { + "proofPurpose": "proofPurpose", + "verificationMethod": "did:web:localhost:BPNL000000000000", + "type": "Ed25519Signature2020", + "proofValue": "z4duBfcCsaSziNeUw8YByyFdvZXW8eAK928dx3PxLjWCvKztJZ9mhxhHwe5BuTQQnJFkooMgQGKDE48ciLrGhpsPA", + "created": "2023-06-01T08:57:50Z" + }, + "type": + [ + "VerifiableCredential", + "BpnCredentialCX" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json" + ], + "issuer": "did:web:localhost:BPNL000000000000", + "expirationDate": "2024-12-31T18:30:00Z" + } + ] + } + } + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + } + } + } + } + } + } + }, + "/api/credentials": + { + "get": + { + "tags": + [ + "Verifiable Credential - Holder" + ], + "summary": "Query Verifiable Credentials", + "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", + "operationId": "getCredentials", + "parameters": + [ + { + "name": "credentialId", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "issuerIdentifier", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "type", + "in": "query", + "required": false, + "schema": + { + "type": "array", + "items": + { + "type": "string" + } + } + }, + { + "name": "sortColumn", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "createdAt" + } + }, + { + "name": "sortTpe", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "desc" + } + }, + { + "name": "pageNumber", + "in": "query", + "description": "Page number, Page number start with zero", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 0 + } + }, + { + "name": "size", + "in": "query", + "description": "Number of records per page", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 2147483647 + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/PageImplVerifiableCredential" + } + } + } + } + } + }, + "post": + { + "tags": + [ + "Verifiable Credential - Holder" + ], + "summary": "Issue Verifiable Credential", + "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", + "operationId": "issueCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + }, + "delete": + { + "tags": + [ + "Verifiable Credential - Holder" + ], + "summary": "Delete a verifiable credential by its ID", + "description": "Permission: **update_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Delete a verifiable credential by its ID", + "operationId": "deleteCredential", + "parameters": + [ + { + "name": "id", + "in": "query", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object" + } + } + } + } + } + } + }, + "/api/credentials/validation": + { + "post": + { + "tags": + [ + "Verifiable Credential - Validation" + ], + "summary": "Validate Verifiable Credentials", + "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Credentials", + "operationId": "credentialsValidation", + "parameters": + [ + { + "name": "withCredentialExpiryDate", + "in": "query", + "description": "Check expiry of VC", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ], + "proof": + { + "type": "Ed25519Signature2018", + "created": "2021-11-17T22:20:27Z", + "proofPurpose": "assertionMethod", + "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", + "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" + } + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + } + } + } + } + } + } + }, + "/api/credentials/issuer": + { + "get": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Query Verifiable Credentials", + "description": "Permission: **view_wallets** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", + "operationId": "getCredentials_1", + "parameters": + [ + { + "name": "credentialId", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "holderIdentifier", + "in": "query", + "required": false, + "schema": + { + "type": "string" + } + }, + { + "name": "type", + "in": "query", + "required": false, + "schema": + { + "type": "array", + "items": + { + "type": "string" + } + } + }, + { + "name": "pageNumber", + "in": "query", + "description": "Page number, Page number start with zero", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 0 + } + }, + { + "name": "size", + "in": "query", + "description": "Number of records per page", + "required": false, + "schema": + { + "maximum": 2147483647, + "minimum": 0, + "type": "integer", + "format": "int32", + "default": 2147483647 + } + }, + { + "name": "sortColumn", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "createdAt" + } + }, + { + "name": "sortTpe", + "in": "query", + "required": false, + "schema": + { + "type": "string", + "default": "desc" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/PageImplVerifiableCredential" + } + } + } + } + } + }, + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue Verifiable Credential", + "description": "Permission: **update_wallets** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", + "operationId": "issueCredentialUsingBaseWallet", + "parameters": + [ + { + "name": "holderDid", + "in": "query", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "type": "object", + "additionalProperties": + { + "type": "object" + } + }, + "example": + { + "id": "http://example.edu/credentials/333", + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://www.w3.org/2018/credentials/examples/v1" + ], + "type": + [ + "University-Degree-Credential", + "VerifiableCredential" + ], + "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuanceDate": "2019-06-16T18:56:59Z", + "expirationDate": "2019-06-17T18:56:59Z", + "credentialSubject": + [ + { + "college": "Test-University" + } + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/api/credentials/issuer/membership": + { + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue a Membership Verifiable Credential with base wallet issuer", + "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", + "operationId": "issueMembershipCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/IssueMembershipCredentialRequest" + }, + "example": + { + "bpn": "BPNL000000000000" + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/api/credentials/issuer/framework": + { + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue a Use Case Verifiable Credential with base wallet issuer", + "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", + "operationId": "issueFrameworkCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/IssueFrameworkCredentialRequest" + }, + "example": + { + "holderIdentifier": "BPNL000000000000", + "type": "BehaviorTwinCredential", + "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", + "contract-version": "1.0.0" + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/api/credentials/issuer/dismantler": + { + "post": + { + "tags": + [ + "Verifiable Credential - Issuer" + ], + "summary": "Issue a Dismantler Verifiable Credential with base wallet issuer", + "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", + "operationId": "issueDismantlerCredential", + "requestBody": + { + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/IssueDismantlerCredentialRequest" + }, + "example": + { + "bpn": "BPNL000000000000", + "activityType": "vehicleDismantle", + "allowedVehicleBrands": + [ + "Audi", + "Abarth", + "Alfa Romeo", + "Chrysler" + ] + } + } + }, + "required": true + }, + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + } + } + } + }, + "/{bpn}/did.json": + { + "get": + { + "tags": + [ + "DIDDocument" + ], + "summary": "Resolve DID Document", + "description": "Resolve the DID document for a given BPN", + "operationId": "getDidResolve", + "parameters": + [ + { + "name": "bpn", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/DidDocument" + } + } + } + } + } + } + }, + "/api/wallets/{identifier}": + { + "get": + { + "tags": + [ + "Wallets" + ], + "summary": "Retrieve wallet by identifier", + "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of Wallet to retrieve must equal the BPN of caller or Base wallet, authority wallet can see all wallets) \n\n Retrieve single wallet by identifier, with or without its credentials", + "operationId": "getWalletByIdentifier", + "parameters": + [ + { + "name": "identifier", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + }, + { + "name": "withCredentials", + "in": "query", + "required": false, + "schema": + { + "type": "boolean", + "default": false + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/Wallet" + } + } + } + } + } + } + }, + "/api/didDocuments/{identifier}": + { + "get": + { + "tags": + [ + "DIDDocument" + ], + "summary": "Resolve DID Document", + "description": "Resolve the DID document for a given DID or BPN", + "operationId": "getDidDocument", + "parameters": + [ + { + "name": "identifier", + "in": "path", + "description": "Did or BPN", + "required": true, + "schema": + { + "type": "string" + } + } + ], + "responses": + { + "200": + { + "description": "OK", + "content": + { + "application/json": + { + "schema": + { + "$ref": "#/components/schemas/DidDocument" + } + } + } + } + } + } + } + }, + "components": + { + "schemas": + { + "CreateWalletRequest": + { + "required": + [ + "bpn", + "name" + ], + "type": "object", + "properties": + { + "bpn": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + }, + "name": + { + "maxLength": 255, + "minLength": 1, + "type": "string" + } + } + }, + "DidDocument": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "verificationMethods": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerificationMethod" + } + }, + "context": + { + "type": "array", + "items": + { + "type": "string", + "format": "uri" + } + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "VerifiableCredential": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "types": + { + "type": "array", + "items": + { + "type": "string" + } + }, + "issuer": + { + "type": "string", + "format": "uri" + }, + "expirationDate": + { + "type": "string", + "format": "date-time" + }, + "credentialSubject": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerifiableCredentialSubject" + } + }, + "proof": + { + "type": "object", + "properties": + { + "type": + { + "type": "string" + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "issuanceDate": + { + "type": "string", + "format": "date-time" + }, + "context": + { + "type": "array", + "items": + { + "type": "string", + "format": "uri" + } + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "VerifiableCredentialSubject": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "VerificationMethod": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "type": + { + "type": "string" + }, + "controller": + { + "type": "string", + "format": "uri" + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "Wallet": + { + "type": "object", + "properties": + { + "name": + { + "type": "string" + }, + "did": + { + "type": "string" + }, + "bpn": + { + "type": "string" + }, + "algorithm": + { + "type": "string" + }, + "didDocument": + { + "type": "object", + "properties": + { + "id": + { + "type": "string", + "format": "uri" + }, + "verificationMethods": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerificationMethod" + } + }, + "context": + { + "type": "array", + "items": + { + "type": "string", + "format": "uri" + } + }, + "empty": + { + "type": "boolean" + } + }, + "additionalProperties": + { + "type": "object" + } + }, + "verifiableCredentials": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + } + } + }, + "IssueMembershipCredentialRequest": + { + "required": + [ + "bpn" + ], + "type": "object", + "properties": + { + "bpn": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + } + } + }, + "IssueFrameworkCredentialRequest": + { + "required": + [ + "contract-template", + "contract-version", + "holderIdentifier", + "type" + ], + "type": "object", + "properties": + { + "holderIdentifier": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + }, + "type": + { + "type": "string" + }, + "contract-template": + { + "type": "string" + }, + "contract-version": + { + "type": "string" + } + } + }, + "IssueDismantlerCredentialRequest": + { + "required": + [ + "activityType", + "bpn" + ], + "type": "object", + "properties": + { + "bpn": + { + "maxLength": 255, + "minLength": 5, + "type": "string" + }, + "activityType": + { + "maxLength": 2147483647, + "minLength": 1, + "type": "string" + }, + "allowedVehicleBrands": + { + "uniqueItems": true, + "type": "array", + "items": + { + "type": "string" + } + } + } + }, + "PageWallet": + { + "type": "object", + "properties": + { + "totalElements": + { + "type": "integer", + "format": "int64" + }, + "totalPages": + { + "type": "integer", + "format": "int32" + }, + "size": + { + "type": "integer", + "format": "int32" + }, + "content": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/Wallet" + } + }, + "number": + { + "type": "integer", + "format": "int32" + }, + "sort": + { + "$ref": "#/components/schemas/SortObject" + }, + "pageable": + { + "$ref": "#/components/schemas/PageableObject" + }, + "numberOfElements": + { + "type": "integer", + "format": "int32" + }, + "first": + { + "type": "boolean" + }, + "last": + { + "type": "boolean" + }, + "empty": + { + "type": "boolean" + } + } + }, + "PageableObject": + { + "type": "object", + "properties": + { + "offset": + { + "type": "integer", + "format": "int64" + }, + "sort": + { + "$ref": "#/components/schemas/SortObject" + }, + "pageNumber": + { + "type": "integer", + "format": "int32" + }, + "pageSize": + { + "type": "integer", + "format": "int32" + }, + "paged": + { + "type": "boolean" + }, + "unpaged": + { + "type": "boolean" + } + } + }, + "SortObject": + { + "type": "object", + "properties": + { + "empty": + { + "type": "boolean" + }, + "sorted": + { + "type": "boolean" + }, + "unsorted": + { + "type": "boolean" + } + } + }, + "PageImplVerifiableCredential": + { + "type": "object", + "properties": + { + "content": + { + "type": "array", + "items": + { + "$ref": "#/components/schemas/VerifiableCredential" + } + }, + "pageable": + { + "$ref": "#/components/schemas/PageableObject" + }, + "totalElements": + { + "type": "integer", + "format": "int64" + }, + "totalPages": + { + "type": "integer", + "format": "int32" + }, + "last": + { + "type": "boolean" + }, + "size": + { + "type": "integer", + "format": "int32" + }, + "number": + { + "type": "integer", + "format": "int32" + }, + "sort": + { + "$ref": "#/components/schemas/SortObject" + }, + "numberOfElements": + { + "type": "integer", + "format": "int32" + }, + "first": + { + "type": "boolean" + }, + "empty": + { + "type": "boolean" + } + } + } + }, + "securitySchemes": + { + "Authenticate using access_token": + { + "type": "apiKey", + "description": "**Bearer (apiKey)** \nJWT Authorization header using the Bearer scheme.\n\nEnter **Bearer** [space] and then your token in the text input below.\n\nExample: Bearer 12345abcdef", + "name": "Authorization", + "in": "header" + } + } + } +} \ No newline at end of file From d5f6394ac9da061f58c121bf0e0a95a0e9efe7a1 Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:19 +0530 Subject: [PATCH 086/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 24d7cc145..4a6d2077a 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ The available scopes/roles are: 6. Role `manage_app` used to change log level of application at runtime. Check Logging in application section for more details -Additionally a Token mapper can to be created under *Clients* > +Additionally a Token mapper can be created under *Clients* > *ManagedIdentityWallets* > *Mappers* > *create* with the following configuration (using as example `BPNL000000001`): From 1f5e6372054346a7f19a960aa53db43a1881733d Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:29 +0530 Subject: [PATCH 087/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a6d2077a..9e42b7292 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ The available scopes/roles are: Additionally a Token mapper can be created under *Clients* > *ManagedIdentityWallets* > *Mappers* > *create* with the following -configuration (using as example `BPNL000000001`): +configuration (using as an example `BPNL000000001`): | Key | Value | |------------------------------------|-----------------| From aa3fc9ecca88ef229b05eea55bcbcebe8659e63e Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:42 +0530 Subject: [PATCH 088/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9e42b7292..bb8fab5f9 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Following tools the MIW development team used successfully: ## Manual Keycloak Configuration -Within the development setup the Keycloak is initially prepared with the +Within the development setup the Keycloak instance is initially prepared with the values in `./dev-assets/docker-environment/keycloak`. The realm could also be manually added and configured at http://localhost:8080 via the "Add realm" button. It can be for example named `localkeycloak`. Also add an additional client, From bdaec00b5fa73c72c452a4eb2d3085fc0af57003 Mon Sep 17 00:00:00 2001 From: Nitin <45592624+nitin-vavdiya@users.noreply.github.com> Date: Fri, 14 Jul 2023 18:03:54 +0530 Subject: [PATCH 089/116] Update README.md Co-authored-by: Boris Rizov <138589018+borisrizov-zf@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bb8fab5f9..74a002ee4 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ The available scopes/roles are: * to get stored Verifiable Credentials of the related BPN * to validate any Verifiable Credential * to validate any Verifiable Presentation -6. Role `manage_app` used to change log level of application at runtime. Check Logging in application section for more +6. Role `manage_app` used to change the log level of the application at runtime. Check Logging in the application section for more details Additionally a Token mapper can be created under *Clients* > From ccfb8f6e1019aa153de8b8624105bf738a49422a Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 17 Jul 2023 16:37:43 +0530 Subject: [PATCH 090/116] docs: API doc fix --- docs/openapi_v002.json | 25 +++++++++---------- .../config/openapi/OpenApiConfig.java | 19 ++++++++++++-- 2 files changed, 29 insertions(+), 15 deletions(-) diff --git a/docs/openapi_v002.json b/docs/openapi_v002.json index 138dc89c8..a8c2f69f8 100644 --- a/docs/openapi_v002.json +++ b/docs/openapi_v002.json @@ -2,19 +2,18 @@ "openapi": "3.0.1", "info": { - "title": "Managed Identity Wallets API", - "description": "Managed Identity Wallets API", - "contact": - { - "name": "Eclipse Tractus-X", - "url": "https://projects.eclipse.org/projects/automotive.tractusx", - "email": "tractusx-dev@eclipse.org" - }, - "license": - { - "name": "Apache 2.0", - "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" - }, + "title": "Managed Identity Wallets API", + "description": "Managed Identity Wallets API", + "termsOfService": "https://www.eclipse.org/legal/termsofuse.php", + "contact": { + "name": "Eclipse Tractus-X", + "url": "https://projects.eclipse.org/projects/automotive.tractusx", + "email": "tractusx-dev@eclipse.org" + }, + "license": { + "name": "Apache 2.0", + "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" + }, "version": "0.0.1" }, "servers": diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java index 435ae8585..76dd3f645 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java @@ -24,7 +24,9 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Contact; import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.info.License; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import lombok.AllArgsConstructor; @@ -53,9 +55,22 @@ public class OpenApiConfig { @Bean public OpenAPI openAPI() { Info info = new Info(); - info.setTitle("MIW API"); - info.setDescription("MIW API"); + info.setTitle("Managed Identity Wallets API"); + info.setDescription("Managed Identity Wallets API"); + info.termsOfService("https://www.eclipse.org/legal/termsofuse.php"); info.setVersion("0.0.1"); + + Contact contact = new Contact(); + contact.name("Eclipse Tractus-X"); + contact.email("tractusx-dev@eclipse.org"); + contact.url("https://projects.eclipse.org/projects/automotive.tractusx"); + info.contact(contact); + + License license = new License(); + license.name("Apache 2.0"); + license.url("https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE"); + info.license(license); + OpenAPI openAPI = new OpenAPI(); if (Boolean.TRUE.equals(properties.enabled())) { openAPI = enableSecurity(openAPI); From c2540deedc626e97834d4b84023ae410366e38ff Mon Sep 17 00:00:00 2001 From: Nitin Vavdiya Date: Mon, 17 Jul 2023 17:35:47 +0530 Subject: [PATCH 091/116] docs: openAPI v2 doc deleted, new example added for VC and VP --- README.md | 2 +- docs/openapi_v002.json | 1853 ----------------- .../HoldersCredentialController.java | 4 +- .../IssuersCredentialController.java | 56 +- .../controller/PresentationController.java | 148 +- 5 files changed, 120 insertions(+), 1943 deletions(-) delete mode 100644 docs/openapi_v002.json diff --git a/README.md b/README.md index 74a002ee4..0eb4b85af 100644 --- a/README.md +++ b/README.md @@ -164,7 +164,7 @@ When you just run `task` without parameters, you will see all tasks available. See OpenAPI documentation, which is automatically created from the source and available on each deployment at the `/docs/api-docs/docs` endpoint (e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON -document can be also found in [docs/openapi_v002.json](docs/openapi_v002.json). +document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json). # Test Coverage diff --git a/docs/openapi_v002.json b/docs/openapi_v002.json deleted file mode 100644 index a8c2f69f8..000000000 --- a/docs/openapi_v002.json +++ /dev/null @@ -1,1853 +0,0 @@ -{ - "openapi": "3.0.1", - "info": - { - "title": "Managed Identity Wallets API", - "description": "Managed Identity Wallets API", - "termsOfService": "https://www.eclipse.org/legal/termsofuse.php", - "contact": { - "name": "Eclipse Tractus-X", - "url": "https://projects.eclipse.org/projects/automotive.tractusx", - "email": "tractusx-dev@eclipse.org" - }, - "license": { - "name": "Apache 2.0", - "url": "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE" - }, - "version": "0.0.1" - }, - "servers": - [ - { - "url": "http://localhost:8087", - "description": "Generated server url" - } - ], - "security": - [ - { - "Authenticate using access_token": - [] - } - ], - "paths": - { - "/api/wallets": - { - "get": - { - "tags": - [ - "Wallets" - ], - "summary": "List of wallets", - "description": "Permission: **view_wallets** \n\n Retrieve list of registered wallets", - "operationId": "getWallets", - "parameters": - [ - { - "name": "pageNumber", - "in": "query", - "required": false, - "schema": - { - "type": "integer", - "format": "int32", - "default": 0 - } - }, - { - "name": "size", - "in": "query", - "required": false, - "schema": - { - "type": "integer", - "format": "int32", - "default": 2147483647 - } - }, - { - "name": "sortColumn", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "createdAt" - } - }, - { - "name": "sortTpe", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "desc" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/PageWallet" - } - } - } - } - } - }, - "post": - { - "tags": - [ - "Wallets" - ], - "summary": "Create Wallet", - "description": "Permission: **add_wallets** \n\n Create a wallet and store it", - "operationId": "createWallet", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/CreateWalletRequest" - }, - "examples": - { - "Create wallet with BPN": - { - "description": "Create wallet with BPN", - "value": - { - "bpn": "BPNL000000000001", - "name": "companyA" - } - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/Wallet" - } - } - } - } - } - } - }, - "/api/wallets/{identifier}/credentials": - { - "post": - { - "tags": - [ - "Wallets" - ], - "summary": "Store Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of wallet to extract credentials from must equal BPN of caller) \n\n Store a verifiable credential in the wallet of the given identifier", - "operationId": "storeCredential", - "parameters": - [ - { - "name": "identifier", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/3732", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ], - "proof": - { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#key-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "string" - } - } - } - } - } - } - } - }, - "/api/presentations": - { - "post": - { - "tags": - [ - "Verifiable Presentations - Generation" - ], - "summary": "Create Verifiable Presentation", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Presentation must equal to BPN of caller) \n\n Create a verifiable presentation from a list of verifiable credentials, signed by the holder", - "operationId": "createPresentation", - "parameters": - [ - { - "name": "audience", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "asJwt", - "in": "query", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredentials": - [ - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ], - "proof": - { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - } - } - } - } - } - } - }, - "/api/presentations/validation": - { - "post": - { - "tags": - [ - "Verifiable Presentations - Validation" - ], - "summary": "Validate Verifiable Presentation", - "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Presentation with all included credentials", - "operationId": "validatePresentation", - "parameters": - [ - { - "name": "audience", - "in": "query", - "description": "Audience to validate in VP (Only supported in case of JWT formatted VP)", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "asJwt", - "in": "query", - "description": "Pass true in case of VP is in JWT format", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - }, - { - "name": "withCredentialExpiryDate", - "in": "query", - "description": "Check expiry of VC(Only supported in case of JWT formatted VP)", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "examples": - { - "VP as JWT": - { - "description": "VP as JWT", - "value": - { - "vp": "eyJhbGciOiJFZERTQSJ9.eyJzdWIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiYXVkIjoic21hcnRTZW5zZSIsImlzcyI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ2cCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAjMWQ2ODg4N2EtMzY4NC00ZDU0LWFkYjAtMmM4MWJiNjc4NTJiIiwidHlwZSI6WyJWZXJpZmlhYmxlUHJlc2VudGF0aW9uIl0sIkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInZlcmlmaWFibGVDcmVkZW50aWFsIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJCcG5DcmVkZW50aWFsQ1giXSwiaWQiOiJhY2I5NTIyZi1kYjIyLTRmOTAtOTQ3NS1jM2YzNTExZjljZGUiLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdDpCUE5MMDAwMDAwMDAwMDAwIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoiLCJleHBpcmF0aW9uRGF0ZSI6IjIwMjQtMTItMzFUMTg6MzA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiYnBuIjoiQlBOTDAwMDAwMDAwMDAwMCIsImlkIjoiZGlkOndlYjpsb2NhbGhvc3Q6QlBOTDAwMDAwMDAwMDAwMCIsInR5cGUiOiJCcG5DcmVkZW50aWFsIn0sInByb29mIjp7InByb29mUHVycG9zZSI6InByb29mUHVycG9zZSIsInZlcmlmaWNhdGlvbk1ldGhvZCI6ImRpZDp3ZWI6bG9jYWxob3N0OkJQTkwwMDAwMDAwMDAwMDAiLCJ0eXBlIjoiRWQyNTUxOVNpZ25hdHVyZTIwMjAiLCJwcm9vZlZhbHVlIjoiejRkdUJmY0NzYVN6aU5lVXc4WUJ5eUZkdlpYVzhlQUs5MjhkeDNQeExqV0N2S3p0Slo5bWh4aEh3ZTVCdVRRUW5KRmtvb01nUUdLREU0OGNpTHJHaHBzUEEiLCJjcmVhdGVkIjoiMjAyMy0wNi0wMVQwODo1Nzo1MFoifX19LCJleHAiOjE2ODU2ODEwNTIsImp0aSI6IjFhYmQxYjAxLTBkZTUtNGY1Ny04ZjBlLWRmNzBhNzNkMjE2NyJ9.Hfm-ANjoeZ8fO-32LPOsQ3-xXSclPUd28p9hvlWyVVB0Mz7n0k-KAHra5kpT0oGrGtdhC1lZ0AitdB_td6VrAQ" - } - }, - "VP as json-ld": - { - "description": "VP as json-ld", - "value": - { - "vp": - { - "id": "b9d97cef-758d-4a7c-843d-86f17632b08a", - "type": - [ - "VerifiablePresentation" - ], - "@context": - [ - "https://www.w3.org/2018/credentials/v1" - ], - "verifiableCredential": - [ - { - "issuanceDate": "2023-06-01T08:57:50Z", - "credentialSubject": - [ - { - "bpn": "BPNL000000000000", - "id": "did:web:localhost:BPNL000000000000", - "type": "BpnCredential" - } - ], - "id": "acb9522f-db22-4f90-9475-c3f3511f9cde", - "proof": - { - "proofPurpose": "proofPurpose", - "verificationMethod": "did:web:localhost:BPNL000000000000", - "type": "Ed25519Signature2020", - "proofValue": "z4duBfcCsaSziNeUw8YByyFdvZXW8eAK928dx3PxLjWCvKztJZ9mhxhHwe5BuTQQnJFkooMgQGKDE48ciLrGhpsPA", - "created": "2023-06-01T08:57:50Z" - }, - "type": - [ - "VerifiableCredential", - "BpnCredentialCX" - ], - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json" - ], - "issuer": "did:web:localhost:BPNL000000000000", - "expirationDate": "2024-12-31T18:30:00Z" - } - ] - } - } - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - } - } - } - } - } - } - }, - "/api/credentials": - { - "get": - { - "tags": - [ - "Verifiable Credential - Holder" - ], - "summary": "Query Verifiable Credentials", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", - "operationId": "getCredentials", - "parameters": - [ - { - "name": "credentialId", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "issuerIdentifier", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "type", - "in": "query", - "required": false, - "schema": - { - "type": "array", - "items": - { - "type": "string" - } - } - }, - { - "name": "sortColumn", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "createdAt" - } - }, - { - "name": "sortTpe", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "desc" - } - }, - { - "name": "pageNumber", - "in": "query", - "description": "Page number, Page number start with zero", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 0 - } - }, - { - "name": "size", - "in": "query", - "description": "Number of records per page", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 2147483647 - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/PageImplVerifiableCredential" - } - } - } - } - } - }, - "post": - { - "tags": - [ - "Verifiable Credential - Holder" - ], - "summary": "Issue Verifiable Credential", - "description": "Permission: **update_wallets** OR **update_wallet** (The BPN of the issuer of the Verifiable Credential must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", - "operationId": "issueCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - }, - "delete": - { - "tags": - [ - "Verifiable Credential - Holder" - ], - "summary": "Delete a verifiable credential by its ID", - "description": "Permission: **update_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Delete a verifiable credential by its ID", - "operationId": "deleteCredential", - "parameters": - [ - { - "name": "id", - "in": "query", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object" - } - } - } - } - } - } - }, - "/api/credentials/validation": - { - "post": - { - "tags": - [ - "Verifiable Credential - Validation" - ], - "summary": "Validate Verifiable Credentials", - "description": "Permission: **view_wallets** OR **view_wallet** \n\n Validate Verifiable Credentials", - "operationId": "credentialsValidation", - "parameters": - [ - { - "name": "withCredentialExpiryDate", - "in": "query", - "description": "Check expiry of VC", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ], - "proof": - { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - } - } - } - } - } - } - }, - "/api/credentials/issuer": - { - "get": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Query Verifiable Credentials", - "description": "Permission: **view_wallets** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", - "operationId": "getCredentials_1", - "parameters": - [ - { - "name": "credentialId", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "holderIdentifier", - "in": "query", - "required": false, - "schema": - { - "type": "string" - } - }, - { - "name": "type", - "in": "query", - "required": false, - "schema": - { - "type": "array", - "items": - { - "type": "string" - } - } - }, - { - "name": "pageNumber", - "in": "query", - "description": "Page number, Page number start with zero", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 0 - } - }, - { - "name": "size", - "in": "query", - "description": "Number of records per page", - "required": false, - "schema": - { - "maximum": 2147483647, - "minimum": 0, - "type": "integer", - "format": "int32", - "default": 2147483647 - } - }, - { - "name": "sortColumn", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "createdAt" - } - }, - { - "name": "sortTpe", - "in": "query", - "required": false, - "schema": - { - "type": "string", - "default": "desc" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/PageImplVerifiableCredential" - } - } - } - } - } - }, - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue Verifiable Credential", - "description": "Permission: **update_wallets** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID", - "operationId": "issueCredentialUsingBaseWallet", - "parameters": - [ - { - "name": "holderDid", - "in": "query", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "type": "object", - "additionalProperties": - { - "type": "object" - } - }, - "example": - { - "id": "http://example.edu/credentials/333", - "@context": - [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": - [ - "University-Degree-Credential", - "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": - [ - { - "college": "Test-University" - } - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/api/credentials/issuer/membership": - { - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Membership Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", - "operationId": "issueMembershipCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/IssueMembershipCredentialRequest" - }, - "example": - { - "bpn": "BPNL000000000000" - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/api/credentials/issuer/framework": - { - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Use Case Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", - "operationId": "issueFrameworkCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/IssueFrameworkCredentialRequest" - }, - "example": - { - "holderIdentifier": "BPNL000000000000", - "type": "BehaviorTwinCredential", - "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", - "contract-version": "1.0.0" - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/api/credentials/issuer/dismantler": - { - "post": - { - "tags": - [ - "Verifiable Credential - Issuer" - ], - "summary": "Issue a Dismantler Verifiable Credential with base wallet issuer", - "description": "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet", - "operationId": "issueDismantlerCredential", - "requestBody": - { - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/IssueDismantlerCredentialRequest" - }, - "example": - { - "bpn": "BPNL000000000000", - "activityType": "vehicleDismantle", - "allowedVehicleBrands": - [ - "Audi", - "Abarth", - "Alfa Romeo", - "Chrysler" - ] - } - } - }, - "required": true - }, - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - } - } - } - }, - "/{bpn}/did.json": - { - "get": - { - "tags": - [ - "DIDDocument" - ], - "summary": "Resolve DID Document", - "description": "Resolve the DID document for a given BPN", - "operationId": "getDidResolve", - "parameters": - [ - { - "name": "bpn", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/DidDocument" - } - } - } - } - } - } - }, - "/api/wallets/{identifier}": - { - "get": - { - "tags": - [ - "Wallets" - ], - "summary": "Retrieve wallet by identifier", - "description": "Permission: **view_wallets** OR **view_wallet** (The BPN of Wallet to retrieve must equal the BPN of caller or Base wallet, authority wallet can see all wallets) \n\n Retrieve single wallet by identifier, with or without its credentials", - "operationId": "getWalletByIdentifier", - "parameters": - [ - { - "name": "identifier", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - }, - { - "name": "withCredentials", - "in": "query", - "required": false, - "schema": - { - "type": "boolean", - "default": false - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/Wallet" - } - } - } - } - } - } - }, - "/api/didDocuments/{identifier}": - { - "get": - { - "tags": - [ - "DIDDocument" - ], - "summary": "Resolve DID Document", - "description": "Resolve the DID document for a given DID or BPN", - "operationId": "getDidDocument", - "parameters": - [ - { - "name": "identifier", - "in": "path", - "description": "Did or BPN", - "required": true, - "schema": - { - "type": "string" - } - } - ], - "responses": - { - "200": - { - "description": "OK", - "content": - { - "application/json": - { - "schema": - { - "$ref": "#/components/schemas/DidDocument" - } - } - } - } - } - } - } - }, - "components": - { - "schemas": - { - "CreateWalletRequest": - { - "required": - [ - "bpn", - "name" - ], - "type": "object", - "properties": - { - "bpn": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - }, - "name": - { - "maxLength": 255, - "minLength": 1, - "type": "string" - } - } - }, - "DidDocument": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "verificationMethods": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerificationMethod" - } - }, - "context": - { - "type": "array", - "items": - { - "type": "string", - "format": "uri" - } - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "VerifiableCredential": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "types": - { - "type": "array", - "items": - { - "type": "string" - } - }, - "issuer": - { - "type": "string", - "format": "uri" - }, - "expirationDate": - { - "type": "string", - "format": "date-time" - }, - "credentialSubject": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerifiableCredentialSubject" - } - }, - "proof": - { - "type": "object", - "properties": - { - "type": - { - "type": "string" - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "issuanceDate": - { - "type": "string", - "format": "date-time" - }, - "context": - { - "type": "array", - "items": - { - "type": "string", - "format": "uri" - } - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "VerifiableCredentialSubject": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "VerificationMethod": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "type": - { - "type": "string" - }, - "controller": - { - "type": "string", - "format": "uri" - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "Wallet": - { - "type": "object", - "properties": - { - "name": - { - "type": "string" - }, - "did": - { - "type": "string" - }, - "bpn": - { - "type": "string" - }, - "algorithm": - { - "type": "string" - }, - "didDocument": - { - "type": "object", - "properties": - { - "id": - { - "type": "string", - "format": "uri" - }, - "verificationMethods": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerificationMethod" - } - }, - "context": - { - "type": "array", - "items": - { - "type": "string", - "format": "uri" - } - }, - "empty": - { - "type": "boolean" - } - }, - "additionalProperties": - { - "type": "object" - } - }, - "verifiableCredentials": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - } - } - }, - "IssueMembershipCredentialRequest": - { - "required": - [ - "bpn" - ], - "type": "object", - "properties": - { - "bpn": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - } - } - }, - "IssueFrameworkCredentialRequest": - { - "required": - [ - "contract-template", - "contract-version", - "holderIdentifier", - "type" - ], - "type": "object", - "properties": - { - "holderIdentifier": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - }, - "type": - { - "type": "string" - }, - "contract-template": - { - "type": "string" - }, - "contract-version": - { - "type": "string" - } - } - }, - "IssueDismantlerCredentialRequest": - { - "required": - [ - "activityType", - "bpn" - ], - "type": "object", - "properties": - { - "bpn": - { - "maxLength": 255, - "minLength": 5, - "type": "string" - }, - "activityType": - { - "maxLength": 2147483647, - "minLength": 1, - "type": "string" - }, - "allowedVehicleBrands": - { - "uniqueItems": true, - "type": "array", - "items": - { - "type": "string" - } - } - } - }, - "PageWallet": - { - "type": "object", - "properties": - { - "totalElements": - { - "type": "integer", - "format": "int64" - }, - "totalPages": - { - "type": "integer", - "format": "int32" - }, - "size": - { - "type": "integer", - "format": "int32" - }, - "content": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/Wallet" - } - }, - "number": - { - "type": "integer", - "format": "int32" - }, - "sort": - { - "$ref": "#/components/schemas/SortObject" - }, - "pageable": - { - "$ref": "#/components/schemas/PageableObject" - }, - "numberOfElements": - { - "type": "integer", - "format": "int32" - }, - "first": - { - "type": "boolean" - }, - "last": - { - "type": "boolean" - }, - "empty": - { - "type": "boolean" - } - } - }, - "PageableObject": - { - "type": "object", - "properties": - { - "offset": - { - "type": "integer", - "format": "int64" - }, - "sort": - { - "$ref": "#/components/schemas/SortObject" - }, - "pageNumber": - { - "type": "integer", - "format": "int32" - }, - "pageSize": - { - "type": "integer", - "format": "int32" - }, - "paged": - { - "type": "boolean" - }, - "unpaged": - { - "type": "boolean" - } - } - }, - "SortObject": - { - "type": "object", - "properties": - { - "empty": - { - "type": "boolean" - }, - "sorted": - { - "type": "boolean" - }, - "unsorted": - { - "type": "boolean" - } - } - }, - "PageImplVerifiableCredential": - { - "type": "object", - "properties": - { - "content": - { - "type": "array", - "items": - { - "$ref": "#/components/schemas/VerifiableCredential" - } - }, - "pageable": - { - "$ref": "#/components/schemas/PageableObject" - }, - "totalElements": - { - "type": "integer", - "format": "int64" - }, - "totalPages": - { - "type": "integer", - "format": "int32" - }, - "last": - { - "type": "boolean" - }, - "size": - { - "type": "integer", - "format": "int32" - }, - "number": - { - "type": "integer", - "format": "int32" - }, - "sort": - { - "$ref": "#/components/schemas/SortObject" - }, - "numberOfElements": - { - "type": "integer", - "format": "int32" - }, - "first": - { - "type": "boolean" - }, - "empty": - { - "type": "boolean" - } - } - } - }, - "securitySchemes": - { - "Authenticate using access_token": - { - "type": "apiKey", - "description": "**Bearer (apiKey)** \nJWT Authorization header using the Bearer scheme.\n\nEnter **Bearer** [space] and then your token in the text input below.\n\nExample: Bearer 12345abcdef", - "name": "Authorization", - "in": "header" - } - } - } -} \ No newline at end of file diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java index 8b16fdaff..ace19aacd 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java @@ -97,9 +97,9 @@ public ResponseEntity> getCredentials(@RequestPar "https://www.w3.org/2018/credentials/examples/v1" ], "type": [ - "University-Degree-Credential","VerifiableCredential" + "VerifiableCredential", "University-Degree-Credential" ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", + "issuer": "did:web:localhost:BPNL000000000000", "issuanceDate": "2019-06-16T18:56:59Z", "expirationDate": "2019-06-17T18:56:59Z", "credentialSubject": [{ diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java index 1e533b4b4..29c6f3012 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java @@ -175,28 +175,38 @@ public ResponseEntity issueFrameworkCredential(@Valid @Req @io.swagger.v3.oas.annotations.parameters.RequestBody(content = { @Content(examples = @ExampleObject(""" { - "id": "http://example.edu/credentials/333", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential", "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": [{ - "college": "Test-University" - }], - "proof": { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } + "credentialSubject": + [ + { + "bpn": "BPNL000000000000", + "id": "did:web:localhost:BPNL000000000000", + "type": "BpnCredential" + } + ], + "issuanceDate": "2023-07-14T11:05:44Z", + "id": "did:web:localhost:BPNL000000000000#f177b3e9-bbf9-45db-bc3d-80152abcb419", + "proof": + { + "created": "2023-07-14T11:05:48Z", + "jws": "eyJhbGciOiJFZERTQSJ9..C4oYBfTh11OKG0yV0qoCQxF6zZWZLb9dPXJCP6oCtpyB_sSc8o6cPhByKwf-0o7ElsUr0mh6AGPwGxdoOijfDw", + "proofPurpose": "proofPurpose", + "type": "JsonWebSignature2020", + "verificationMethod": "did:web:localhost:BPNL000000000000#" + }, + "type": + [ + "VerifiableCredential", + "BpnCredential" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json", + "https://w3id.org/security/suites/jws-2020/v1" + ], + "issuer": "did:web:localhost:BPNL000000000000", + "expirationDate": "2023-09-30T18:30:00Z" + } """)) }) public ResponseEntity> credentialsValidation(@RequestBody Map data, @@ -225,7 +235,7 @@ public ResponseEntity> credentialsValidation(@RequestBody Ma "https://www.w3.org/2018/credentials/examples/v1" ], "type": [ - "University-Degree-Credential","VerifiableCredential" + "VerifiableCredential", "University-Degree-Credential" ], "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", "issuanceDate": "2019-06-16T18:56:59Z", diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java index 92a725242..81ec135dc 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java @@ -67,33 +67,44 @@ public class PresentationController extends BaseController { @io.swagger.v3.oas.annotations.parameters.RequestBody(content = { @Content(examples = @ExampleObject(""" { - "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "verifiableCredentials": [ - { - "id": "http://example.edu/credentials/333", - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://www.w3.org/2018/credentials/examples/v1" - ], - "type": [ - "University-Degree-Credential", "VerifiableCredential" - ], - "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f", - "issuanceDate": "2019-06-16T18:56:59Z", - "expirationDate": "2019-06-17T18:56:59Z", - "credentialSubject": [{ - "college": "Test-University" - }], - "proof": { - "type": "Ed25519Signature2018", - "created": "2021-11-17T22:20:27Z", - "proofPurpose": "assertionMethod", - "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1", - "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg" - } - } - ] - } + "holderIdentifier": "did:web:localhost:BPNL000000000000", + "verifiableCredentials": + [ + { + "credentialSubject": + [ + { + "bpn": "BPNL000000000000", + "id": "did:web:localhost:BPNL000000000000", + "type": "BpnCredential" + } + ], + "issuanceDate": "2023-07-14T11:05:44Z", + "id": "did:web:localhost:BPNL000000000000#f177b3e9-bbf9-45db-bc3d-80152abcb419", + "proof": + { + "created": "2023-07-14T11:05:48Z", + "jws": "eyJhbGciOiJFZERTQSJ9..C4oYBfTh11OKG0yV0qoCQxF6zZWZLb9dPXJCP6oCtpyB_sSc8o6cPhByKwf-0o7ElsUr0mh6AGPwGxdoOijfDw", + "proofPurpose": "proofPurpose", + "type": "JsonWebSignature2020", + "verificationMethod": "did:web:localhost:BPNL000000000000#" + }, + "type": + [ + "VerifiableCredential", + "BpnCredential" + ], + "@context": + [ + "https://www.w3.org/2018/credentials/v1", + "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json", + "https://w3id.org/security/suites/jws-2020/v1" + ], + "issuer": "did:web:localhost:BPNL000000000000", + "expirationDate": "2023-09-30T18:30:00Z" + } + ] + } """)) }) public ResponseEntity> createPresentation(@RequestBody Map data, @@ -127,45 +138,54 @@ public ResponseEntity> createPresentation(@RequestBody Map Date: Tue, 18 Jul 2023 14:44:51 +0530 Subject: [PATCH 092/116] fix: Veracode finding for CVE-2023-24998 --- build.gradle | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/build.gradle b/build.gradle index 56badd693..bd114e96d 100644 --- a/build.gradle +++ b/build.gradle @@ -3,6 +3,8 @@ plugins { id 'org.springframework.boot' version "${springBootVersion}" id 'io.spring.dependency-management' version "${springDependencyVersion}" id "jacoco" + id 'project-report' + } group = "${groupName}" @@ -53,6 +55,10 @@ dependencies { //Added explicitly to mitigate CVE 2022-1471 implementation group: 'org.yaml', name: 'snakeyaml', version: '2.0' + //Added explicitly to mitigate CVE 2023-24998 + implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5' + + testImplementation 'org.projectlombok:lombok:1.18.28' runtimeOnly 'org.postgresql:postgresql' compileOnly 'org.projectlombok:lombok' @@ -88,6 +94,10 @@ test { finalizedBy jacocoTestReport } +htmlDependencyReport { + projects = project.allprojects +} + jacocoTestReport { dependsOn test From 00a9b08c1a9bd319e0ebe05734d26fae2209b8fe Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 19 Jul 2023 13:55:05 +0200 Subject: [PATCH 093/116] fix(helm): add empty object --- charts/managed-identity-wallet/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index ed359fbad..1e7428d8a 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -30,14 +30,14 @@ imagePullSecrets: nameOverride: "" fullnameOverride: "" -secrets: +secrets: {} # DB_USER_NAME: xxx # Has to be the same as below in "postgresql" section # DB_PASSWORD: xxx # Has to be the same as below in "postgresql" section # KEYCLOAK_CLIENT_ID: xxx # ENCRYPTION_KEY: xxx # 64 chars # APPLICATION_PORT is bound to 8080!! -envs: +envs: {} # APPLICATION_ENVIRONMENT: xxx # DB_HOST: auto # DB_PORT: xxx From e7a17b4b4014cd0e518b78dc88358b62b0caabbc Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 19 Jul 2023 13:56:36 +0200 Subject: [PATCH 094/116] feat(helm): add tests for env and secrets in values Tests when either envs or secrets are set --- .../tests/custom-values/deployment_test.yaml | 66 ++++++++++++++++++- .../tests/custom-values/ingress_test.yaml | 2 +- .../tests/custom-values/values-envs.yml | 22 +++++++ .../tests/custom-values/values-secrets.yml | 22 +++++++ 4 files changed, 108 insertions(+), 4 deletions(-) create mode 100644 charts/managed-identity-wallet/tests/custom-values/values-envs.yml create mode 100644 charts/managed-identity-wallet/tests/custom-values/values-secrets.yml diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index b7a553bf3..ecb828658 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -21,18 +21,20 @@ suite: test dev deployment chart: version: 9.9.9+test appVersion: 9.9.9 -values: - - values.yml tests: - it: should have latest image tag template: templates/deployment.yaml + values: + - values.yml asserts: - matchRegex: path: spec.template.spec.containers[0].image pattern: .:latest - - it: should have environment variables set + - it: should have environment variables set (envs and secrets set) template: templates/deployment.yaml + values: + - values.yml asserts: - isNotEmpty: path: spec.template.spec.containers[0].env @@ -70,3 +72,61 @@ tests: secretKeyRef: key: DB_USER_NAME name: RELEASE-NAME-managed-identity-wallet + + - it: should have environment variables set (only envs set) + template: templates/deployment.yaml + values: + - values-envs.yml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[0].env + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - contains: + path: spec.template.spec.containers[0].env + content: + name: APPLICATION_PORT + value: "8080" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_HOST + value: postgres-host + - contains: + path: spec.template.spec.containers[0].env + content: + name: MIW_HOST_NAME + value: miw + + - it: should have environment variables set (envs and secrets set) + template: templates/deployment.yaml + values: + - values-secrets.yml + asserts: + - isNotEmpty: + path: spec.template.spec.containers[0].env + - lengthEqual: + path: spec.template.spec.containers[0].env + count: 3 + - contains: + path: spec.template.spec.containers[0].env + content: + name: APPLICATION_PORT + value: "8080" + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_PASSWORD + valueFrom: + secretKeyRef: + key: DB_PASSWORD + name: RELEASE-NAME-managed-identity-wallet + - contains: + path: spec.template.spec.containers[0].env + content: + name: DB_USER_NAME + valueFrom: + secretKeyRef: + key: DB_USER_NAME + name: RELEASE-NAME-managed-identity-wallet diff --git a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml index 41db3ee51..1b22dd1aa 100644 --- a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml @@ -70,4 +70,4 @@ tests: path: spec.tls[0].hosts - lengthEqual: path: spec.tls[0].hosts[0] - count: 1 \ No newline at end of file + count: 1 diff --git a/charts/managed-identity-wallet/tests/custom-values/values-envs.yml b/charts/managed-identity-wallet/tests/custom-values/values-envs.yml new file mode 100644 index 000000000..782fcacb6 --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/values-envs.yml @@ -0,0 +1,22 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +envs: + DB_HOST: postgres-host + MIW_HOST_NAME: miw diff --git a/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml b/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml new file mode 100644 index 000000000..ca85427c3 --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml @@ -0,0 +1,22 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +secrets: + DB_USER_NAME: dbuser + DB_PASSWORD: password From 680e09fd18bf95518244f0a92c181d0264837aa6 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:15:57 +0200 Subject: [PATCH 095/116] feat(helm): add simple backup of database to a PV This is disabled by default --- .../templates/backup/cronjob.yaml | 56 +++++++++++++++++++ .../backup/persistentvolumeclaim.yaml | 38 +++++++++++++ charts/managed-identity-wallet/values.yaml | 9 +++ 3 files changed, 103 insertions(+) create mode 100644 charts/managed-identity-wallet/templates/backup/cronjob.yaml create mode 100644 charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml diff --git a/charts/managed-identity-wallet/templates/backup/cronjob.yaml b/charts/managed-identity-wallet/templates/backup/cronjob.yaml new file mode 100644 index 000000000..9c6108fc5 --- /dev/null +++ b/charts/managed-identity-wallet/templates/backup/cronjob.yaml @@ -0,0 +1,56 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +{{ if .Values.backup.database.enabled -}} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ include "managed-identity-wallet.fullname" . }}-backup + labels: + {{- include "managed-identity-wallet.labels" . | nindent 4 }} +spec: + schedule: {{ .Values.backup.database.cron | quote }} + jobTemplate: + spec: + backoffLimit: 0 + template: + spec: + containers: + - name: dump + image: postgres:14.5-alpine + volumeMounts: + - name: data + mountPath: /backup + command: + - "/bin/sh" + args: + - "-c" + - 'pg_dump -v -Fc -U {{ .Values.secrets.DB_USER_NAME }} -h {{ .Values.envs.DB_HOST }} miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump' + env: + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ include "managed-identity-wallet.fullname" . }} + key: DB_PASSWORD + restartPolicy: Never + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ include "managed-identity-wallet.fullname" . }}-backup +{{- end }} diff --git a/charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml b/charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml new file mode 100644 index 000000000..a436d4e1f --- /dev/null +++ b/charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml @@ -0,0 +1,38 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +{{ if .Values.backup.database.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "managed-identity-wallet.fullname" . }}-backup + labels: + {{- include "managed-identity-wallet.labels" . | nindent 4 }} + {{ if .Values.backup.database.storage.keepStorage -}} + annotations: + helm.sh/resource-policy: keep + {{- end }} +spec: + accessModes: + - ReadWriteOnce + storageClassName: {{ .Values.backup.database.storage.storageClassName | quote }} + resources: + requests: + storage: {{ .Values.backup.database.storage.diskSize }} +{{- end }} diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 1e7428d8a..885af8d9c 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -120,6 +120,15 @@ affinity: {} podAnnotations: {} +backup: + database: + enabled: false + cron: "* */6 * * *" + storage: + keepStorage: true + diskSize: 10G + storageClassName: "-" + postgresql: primary: initdb: From 7138dcbbaeb2548519d436d6156cb777a970327f Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:17:51 +0200 Subject: [PATCH 096/116] refactor(helm): move test template definition out to root --- .../tests/custom-values/deployment_test.yaml | 6 ++---- .../tests/custom-values/ingress_test.yaml | 5 ++--- .../tests/custom-values/secret_test.yaml | 6 ++---- .../tests/default/deployment_test.yaml | 10 ++-------- .../tests/default/ingress_test.yaml | 3 ++- .../tests/default/service_account_test.yaml | 5 +++-- 6 files changed, 13 insertions(+), 22 deletions(-) diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index ecb828658..4454c0154 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -21,9 +21,10 @@ suite: test dev deployment chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/deployment.yaml tests: - it: should have latest image tag - template: templates/deployment.yaml values: - values.yml asserts: @@ -32,7 +33,6 @@ tests: pattern: .:latest - it: should have environment variables set (envs and secrets set) - template: templates/deployment.yaml values: - values.yml asserts: @@ -74,7 +74,6 @@ tests: name: RELEASE-NAME-managed-identity-wallet - it: should have environment variables set (only envs set) - template: templates/deployment.yaml values: - values-envs.yml asserts: @@ -100,7 +99,6 @@ tests: value: miw - it: should have environment variables set (envs and secrets set) - template: templates/deployment.yaml values: - values-secrets.yml asserts: diff --git a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml index 1b22dd1aa..5c3cb5adf 100644 --- a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml @@ -21,11 +21,12 @@ suite: test dev ingress chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/ingress.yaml values: - values.yml tests: - it: should have correct metadata - template: templates/ingress.yaml asserts: - hasDocuments: count: 1 @@ -43,7 +44,6 @@ tests: app.kubernetes.io/managed-by: Helm - it: must have rules set - template: templates/ingress.yaml asserts: - isNotEmpty: path: spec.rules @@ -59,7 +59,6 @@ tests: path: spec.rules[0].http.paths[0].path - it: must have tls set - template: templates/ingress.yaml asserts: - isNotEmpty: path: spec.tls diff --git a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml index 0f3ecacca..4ec4f5bde 100644 --- a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml @@ -21,11 +21,12 @@ suite: test dev secret chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/secret.yaml values: - values.yml tests: - it: should have correct metadata - template: templates/secret.yaml asserts: - hasDocuments: count: 1 @@ -43,20 +44,17 @@ tests: app.kubernetes.io/managed-by: Helm - it: must have type set to Opaque - template: templates/secret.yaml asserts: - equal: path: type value: Opaque - it: must have data set - template: templates/secret.yaml asserts: - isNotEmpty: path: data - it: must have values in data - template: templates/secret.yaml asserts: - equal: path: data.DB_USER_NAME diff --git a/charts/managed-identity-wallet/tests/default/deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml index 564e46fdb..4a42a9fdd 100644 --- a/charts/managed-identity-wallet/tests/default/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml @@ -21,9 +21,10 @@ suite: test default deployment chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/deployment.yaml tests: - it: should have correct metadata - template: templates/deployment.yaml asserts: - hasDocuments: count: 1 @@ -41,7 +42,6 @@ tests: app.kubernetes.io/managed-by: Helm - it: must have important values set - template: templates/deployment.yaml asserts: - equal: path: spec.replicas @@ -59,7 +59,6 @@ tests: protocol: TCP - it: must have probes set - template: templates/deployment.yaml asserts: - isNotEmpty: path: spec.template.spec.containers[0].livenessProbe @@ -67,7 +66,6 @@ tests: path: spec.template.spec.containers[0].readinessProbe - it: must have resource limits set - template: templates/deployment.yaml asserts: - isNotEmpty: path: spec.template.spec.containers[0].resources @@ -85,7 +83,6 @@ tests: path: spec.template.spec.containers[0].resources.requests.memory - it: must have a security context - template: templates/deployment.yaml asserts: - isSubset: path: spec.template.spec.containers[0].securityContext @@ -97,7 +94,6 @@ tests: runAsUser: 11111 - it: should have environment variables set - template: templates/deployment.yaml asserts: - isNotEmpty: path: spec.template.spec.containers[0].env @@ -106,7 +102,6 @@ tests: count: 1 - it: should have empty values - template: templates/deployment.yaml asserts: - notExists: path: spec.template.spec.affinity @@ -114,7 +109,6 @@ tests: path: spec.template.spec.tolerations - it: should have nodeSelector value set - template: templates/deployment.yaml asserts: - exists: path: spec.template.spec.nodeSelector diff --git a/charts/managed-identity-wallet/tests/default/ingress_test.yaml b/charts/managed-identity-wallet/tests/default/ingress_test.yaml index 19322f853..8217e084c 100644 --- a/charts/managed-identity-wallet/tests/default/ingress_test.yaml +++ b/charts/managed-identity-wallet/tests/default/ingress_test.yaml @@ -21,9 +21,10 @@ suite: test default ingress chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/ingress.yaml tests: - it: should not be available - template: templates/ingress.yaml asserts: - hasDocuments: count: 0 diff --git a/charts/managed-identity-wallet/tests/default/service_account_test.yaml b/charts/managed-identity-wallet/tests/default/service_account_test.yaml index 01f127da5..bd5b95108 100644 --- a/charts/managed-identity-wallet/tests/default/service_account_test.yaml +++ b/charts/managed-identity-wallet/tests/default/service_account_test.yaml @@ -21,9 +21,10 @@ suite: test default serviceaccount chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/serviceaccount.yaml tests: - it: should have correct metadata - template: templates/serviceaccount.yaml asserts: - hasDocuments: count: 1 @@ -38,4 +39,4 @@ tests: app.kubernetes.io/name: managed-identity-wallet app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/version: "9.9.9" - app.kubernetes.io/managed-by: Helm \ No newline at end of file + app.kubernetes.io/managed-by: Helm From 2163f283dc0f868a2ecf99557a545097569c178a Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:18:20 +0200 Subject: [PATCH 097/116] refactor(helm): move test template definition out to root --- .../tests/default/service_test.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/managed-identity-wallet/tests/default/service_test.yaml b/charts/managed-identity-wallet/tests/default/service_test.yaml index 0681b52e4..89509c916 100644 --- a/charts/managed-identity-wallet/tests/default/service_test.yaml +++ b/charts/managed-identity-wallet/tests/default/service_test.yaml @@ -21,9 +21,10 @@ suite: test default service chart: version: 9.9.9+test appVersion: 9.9.9 +templates: + - templates/service.yaml tests: - it: should have correct metadata - template: templates/service.yaml asserts: - hasDocuments: count: 1 @@ -41,14 +42,12 @@ tests: app.kubernetes.io/managed-by: Helm - it: must have type set to ClusterIP - template: templates/service.yaml asserts: - equal: path: spec.type value: ClusterIP - it: must have ports set - template: templates/service.yaml asserts: - contains: path: spec.ports @@ -56,4 +55,4 @@ tests: name: http targetPort: http port: 8080 - protocol: TCP \ No newline at end of file + protocol: TCP From 3304d0d91a339f47d9ed8e38e3e7b7c7413daf89 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:18:40 +0200 Subject: [PATCH 098/116] refactor(helm): rename tests suites --- .../tests/custom-values/deployment_test.yaml | 2 +- .../tests/custom-values/ingress_test.yaml | 2 +- .../tests/custom-values/secret_test.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml index 4454c0154..7433cdf54 100644 --- a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml @@ -17,7 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -suite: test dev deployment +suite: test custom-values deployment chart: version: 9.9.9+test appVersion: 9.9.9 diff --git a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml index 5c3cb5adf..ba240c6f4 100644 --- a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml @@ -17,7 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -suite: test dev ingress +suite: test custom-values ingress chart: version: 9.9.9+test appVersion: 9.9.9 diff --git a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml index 4ec4f5bde..3bc1560ca 100644 --- a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml +++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml @@ -17,7 +17,7 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ -suite: test dev secret +suite: test custom-values secret chart: version: 9.9.9+test appVersion: 9.9.9 From 6bd600e89a569bd369a8299881432709710c6c0a Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:19:45 +0200 Subject: [PATCH 099/116] test(helm): add tests for new backup resources --- .../custom-values/backup/cronjob_test.yaml | 93 +++++++++++++++++++ .../backup/persistentvolumeclaim_test.yaml | 70 ++++++++++++++ .../custom-values/backup/values-backup.yml | 37 ++++++++ .../tests/default/backup/cronjob_test.yaml | 30 ++++++ .../backup/persistentvolumeclaim_test.yaml | 30 ++++++ 5 files changed, 260 insertions(+) create mode 100644 charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml create mode 100644 charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml create mode 100644 charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml create mode 100644 charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml create mode 100644 charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml b/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml new file mode 100644 index 000000000..5d23ee352 --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml @@ -0,0 +1,93 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test custom-values cronjob for backup DB +chart: + version: 9.9.9+test + appVersion: 9.9.9 +templates: + - templates/backup/cronjob.yaml +values: + - values-backup.yml +tests: + - it: should have backup functionality enabled and valid metadata + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: CronJob + apiVersion: batch/v1 + name: RELEASE-NAME-managed-identity-wallet-backup + - isSubset: + path: metadata.labels + content: + helm.sh/chart: managed-identity-wallet-9.9.9_test + app.kubernetes.io/name: managed-identity-wallet + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/version: "9.9.9" + app.kubernetes.io/managed-by: Helm + + - it: should have schedule set + asserts: + - equal: + path: spec.schedule + value: "* */6 * * *" + + - it: should have set "RestartPolicy" to "never" + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.restartPolicy + value: Never + + - it: should have a "volume" and a "volumeMount" + asserts: + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts + content: + name: data + mountPath: /backup + - contains: + path: spec.jobTemplate.spec.template.spec.volumes + content: + name: data + persistentVolumeClaim: + claimName: RELEASE-NAME-managed-identity-wallet-backup + + - it: should have "PGPASSWORD" set via Envs + asserts: + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].env + content: + name: PGPASSWORD + valueFrom: + secretKeyRef: + name: RELEASE-NAME-managed-identity-wallet + key: DB_PASSWORD + + - it: should have default command and args + asserts: + - contains: + path: spec.jobTemplate.spec.template.spec.containers[0].command + content: + "/bin/sh" + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].args + value: + - "-c" + - 'pg_dump -v -Fc -U dbuser -h postgres-host miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump' diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml b/charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml new file mode 100644 index 000000000..ba91667f0 --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml @@ -0,0 +1,70 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test custom-values PVC for backup DB +chart: + version: 9.9.9+test + appVersion: 9.9.9 +templates: + - templates/backup/persistentvolumeclaim.yaml +values: + - values-backup.yml +tests: + - it: should have storage functionality enabled and valid metadata + asserts: + - hasDocuments: + count: 1 + - containsDocument: + kind: PersistentVolumeClaim + apiVersion: v1 + name: RELEASE-NAME-managed-identity-wallet-backup + - isSubset: + path: metadata.labels + content: + helm.sh/chart: managed-identity-wallet-9.9.9_test + app.kubernetes.io/name: managed-identity-wallet + app.kubernetes.io/instance: RELEASE-NAME + app.kubernetes.io/version: "9.9.9" + app.kubernetes.io/managed-by: Helm + + - it: should not set Helm keep annotation when "keepStorage" is set to "false" + asserts: + - notExists: + path: metadata.annotations + + - it: should set Helm keep annotation when "keepStorage" is set to "true" + set: + backup.database.storage.keepStorage: true + asserts: + - isSubset: + path: metadata.annotations + content: + helm.sh/resource-policy: keep + + - it: should proper config storage + asserts: + - equal: + path: spec.storageClassName + value: storageClass + - equal: + path: spec.resources.requests.storage + value: 22G + - equal: + path: spec.accessModes + value: ["ReadWriteOnce"] diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml b/charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml new file mode 100644 index 000000000..341dd85f2 --- /dev/null +++ b/charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml @@ -0,0 +1,37 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +image: + tag: "latest" + +secrets: + DB_USER_NAME: dbuser + DB_PASSWORD: password + +envs: + DB_HOST: postgres-host + +backup: + database: + enabled: true + cron: "* */6 * * *" + storage: + keepStorage: false + diskSize: 22G + storageClassName: "storageClass" diff --git a/charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml b/charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml new file mode 100644 index 000000000..34de9772e --- /dev/null +++ b/charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml @@ -0,0 +1,30 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test default cronjob for backup DB +chart: + version: 9.9.9+test + appVersion: 9.9.9 +templates: + - templates/backup/cronjob.yaml +tests: + - it: should have backup functionality disabled + asserts: + - hasDocuments: + count: 0 diff --git a/charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml b/charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml new file mode 100644 index 000000000..06f469fb7 --- /dev/null +++ b/charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml @@ -0,0 +1,30 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +suite: test default PVC for backup DB +chart: + version: 9.9.9+test + appVersion: 9.9.9 +templates: + - templates/backup/persistentvolumeclaim.yaml +tests: + - it: should have backup functionality disabled + asserts: + - hasDocuments: + count: 0 From 6accd5b85d63971a9d5a649e165a72634b837e08 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:20:49 +0200 Subject: [PATCH 100/116] chore(helm): add more files and folders to .helmignore - README.md.gotmpl - ci/ - argocd/ --- charts/managed-identity-wallet/.helmignore | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/.helmignore b/charts/managed-identity-wallet/.helmignore index 5642e80be..0886f15ef 100644 --- a/charts/managed-identity-wallet/.helmignore +++ b/charts/managed-identity-wallet/.helmignore @@ -22,4 +22,7 @@ *.tmproj .vscode/ tests/ -values-*.yaml \ No newline at end of file +values-*.yaml +README.md.gotmpl +ci/ +argocd/ From 895c506f941a4d658c6fcb092fa04494f042d0a5 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:22:04 +0200 Subject: [PATCH 101/116] feat(devel): add helm values for local deployment On the devs machine... --- .../managed-identity-wallet/values-local.yaml | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 charts/managed-identity-wallet/values-local.yaml diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml new file mode 100644 index 000000000..b12e84830 --- /dev/null +++ b/charts/managed-identity-wallet/values-local.yaml @@ -0,0 +1,64 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + +image: + tag: "latest-java-did-web" + +secrets: + DB_USER_NAME: postgres + DB_PASSWORD: xxx + ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3 + KEYCLOAK_CLIENT_ID: z445srtzr5g + +envs: + DB_HOST: miw-postgresql + MIW_HOST_NAME: localhost + KEYCLOAK_REALM: miw_test + AUTH_SERVER_URL: http:///auth + AUTHORITY_WALLET_DID: "did:web:managed-identity-wallets-new.dev.demo.catena-x.net:BPNL000000000000" + AUTHORITY_WALLET_BPN: "BPNL000000000000" + +ingress: + enabled: false + hosts: + - host: localhost + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: miw-secret + hosts: + - localhost + +backup: + database: + enabled: true + cron: "*/2 * * * *" + storage: + diskSize: 10G + storageClassName: hostpath + +postgresql: + primary: + initdb: + password: xxx + auth: + password: xxx + postgresPassword: xxx + username: postgres From 967afc1c0216951a9635185dca1f8c38c4e66100 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 24 Jul 2023 22:22:48 +0200 Subject: [PATCH 102/116] feat(devel): add one more folder depth to helm unittest in Taskfile --- dev-assets/tasks/helm.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev-assets/tasks/helm.yaml b/dev-assets/tasks/helm.yaml index 0a2d89445..dce88ee83 100644 --- a/dev-assets/tasks/helm.yaml +++ b/dev-assets/tasks/helm.yaml @@ -24,10 +24,10 @@ tasks: desc: Executes helm unittests dir: charts/managed-identity-wallet cmds: - - helm unittest -f 'tests/**/*.yaml' . + - helm unittest -f 'tests/**/*.yaml' -f 'tests/**/**/*.yaml' . readme: desc: Rebuilds the readme of the Helm chart dir: charts/managed-identity-wallet cmds: - - helm-docs . \ No newline at end of file + - helm-docs . From 2d8d81bc025d3f4921e333cf229502046945ea94 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 26 Jul 2023 11:27:46 +0200 Subject: [PATCH 103/116] feat(helm): remove predefined annotation for ingress --- charts/managed-identity-wallet/tests/custom-values/values.yml | 2 ++ charts/managed-identity-wallet/values-dev.yaml | 2 ++ charts/managed-identity-wallet/values-int.yaml | 2 ++ charts/managed-identity-wallet/values-local.yaml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/charts/managed-identity-wallet/tests/custom-values/values.yml b/charts/managed-identity-wallet/tests/custom-values/values.yml index 5ef65d61b..cf3cdb466 100644 --- a/charts/managed-identity-wallet/tests/custom-values/values.yml +++ b/charts/managed-identity-wallet/tests/custom-values/values.yml @@ -30,6 +30,8 @@ envs: ingress: enabled: true + annotations: + kubernetes.io/ingress.class: nginx hosts: - host: localhost.local paths: diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml index 30adb63bb..f0eb88beb 100644 --- a/charts/managed-identity-wallet/values-dev.yaml +++ b/charts/managed-identity-wallet/values-dev.yaml @@ -36,6 +36,8 @@ envs: ingress: enabled: true + annotations: + kubernetes.io/ingress.class: nginx hosts: - host: managed-identity-wallets-new.dev.demo.catena-x.net paths: diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml index e49730c61..b8897a267 100644 --- a/charts/managed-identity-wallet/values-int.yaml +++ b/charts/managed-identity-wallet/values-int.yaml @@ -36,6 +36,8 @@ envs: ingress: enabled: true + annotations: + kubernetes.io/ingress.class: nginx hosts: - host: managed-identity-wallets-new.int.demo.catena-x.net paths: diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml index b12e84830..2499f4efb 100644 --- a/charts/managed-identity-wallet/values-local.yaml +++ b/charts/managed-identity-wallet/values-local.yaml @@ -36,6 +36,8 @@ envs: ingress: enabled: false + annotations: + kubernetes.io/ingress.class: nginx hosts: - host: localhost paths: From 24c0fcd63cc33b6255c51abcab3fc157f814bb1f Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 26 Jul 2023 11:28:56 +0200 Subject: [PATCH 104/116] feat(helm): add helm-docs documentation --- charts/managed-identity-wallet/values.yaml | 28 +++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 885af8d9c..4a08ac0d5 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -17,26 +17,33 @@ # * SPDX-License-Identifier: Apache-2.0 # ********************************************************************************/ +# -- The amount of replicas to run replicaCount: 1 +# -- Image of the main container image: + # -- Image repository repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service + # -- PullPolicy pullPolicy: Always + # -- Image tag (empty one will use "appVersion" value from chart definition) tag: "" +# -- Credentials for a private repo imagePullSecrets: - name: acr-credential nameOverride: "" fullnameOverride: "" +# -- Parameters for the application (will be stored as secrets - so, for passwords, ...) secrets: {} # DB_USER_NAME: xxx # Has to be the same as below in "postgresql" section # DB_PASSWORD: xxx # Has to be the same as below in "postgresql" section # KEYCLOAK_CLIENT_ID: xxx # ENCRYPTION_KEY: xxx # 64 chars -# APPLICATION_PORT is bound to 8080!! +# -- Parameters for the application (will be provided as plain environment variables) envs: {} # APPLICATION_ENVIRONMENT: xxx # DB_HOST: auto @@ -55,15 +62,18 @@ envs: {} # KEYCLOAK_REALM: xxx # AUTH_SERVER_URL: xxx +# -- ServiceAccount configuration serviceAccount: create: true annotations: {} name: "" +# -- Service configuration service: type: ClusterIP port: 8080 +# -- Ingress configuration ingress: enabled: false # className: nginx @@ -93,9 +103,11 @@ ingress: # hosts: # - chart-example.local +# -- PodSecurityContext podSecurityContext: {} # fsGroup: 2000 +# -- Preconfigured SecurityContext securityContext: privileged: false allowPrivilegeEscalation: false @@ -103,6 +115,7 @@ securityContext: runAsGroup: 11111 runAsUser: 11111 +# -- Resource boundaries resources: requests: cpu: 250m @@ -111,24 +124,37 @@ resources: cpu: 4 memory: 1Gi +# -- NodeSelector configuration nodeSelector: "kubernetes.io/os": linux +# -- Tolerations configuration tolerations: [] +# -- Affinity configuration affinity: {} +# -- PodAnnotation configuration podAnnotations: {} +# -- Simple Postgresql backup solution (Dump data to second PV) backup: + # -- Backup database database: + # -- Enable / Disable the backup enabled: false + # -- Backup schedule (help: https://crontab.guru) cron: "* */6 * * *" + # -- Storage configuration storage: + # -- Set to true, if the PV should stay even when the chart release is uninstalled keepStorage: true + # -- Disk size for backup content diskSize: 10G + # -- storageClassName storageClassName: "-" +# @ignored postgresql: primary: initdb: From 3fb989eb960c7c778ca731cf14684d46aec98625 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 26 Jul 2023 11:29:19 +0200 Subject: [PATCH 105/116] chore(helm): remove unused stuff --- charts/managed-identity-wallet/values.yaml | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 4a08ac0d5..708d2fd09 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -76,23 +76,7 @@ service: # -- Ingress configuration ingress: enabled: false -# className: nginx - annotations: - kubernetes.io/ingress.class: nginx -# nginx.ingress.kubernetes.io/rewrite-target: /$1 -# nginx.ingress.kubernetes.io/use-regex: "true" -# nginx.ingress.kubernetes.io/force-ssl-redirect: "true" -# nginx.ingress.kubernetes.io/ssl-passthrough: "true" -# nginx.ingress.kubernetes.io/server-snippet: | -# location ~* /list-credential/ { -# deny all; -# return 403; -# } -# -# location ~* /webhook/topic/ { -# deny all; -# return 403; -# } + annotations: {} hosts: - host: chart-example.local paths: @@ -105,7 +89,6 @@ ingress: # -- PodSecurityContext podSecurityContext: {} -# fsGroup: 2000 # -- Preconfigured SecurityContext securityContext: From 73235a88b1ba48a1880dc74554b3cfe71b614650 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 26 Jul 2023 11:29:46 +0200 Subject: [PATCH 106/116] feat(helm): update Helm chart description --- charts/managed-identity-wallet/Chart.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 9c67fe7b8..8f8eb20ca 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -20,12 +20,13 @@ apiVersion: v2 name: managed-identity-wallet description: | - The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using did:web. + Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. + And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. type: application -version: 1.0.1-rc1 -appVersion: 0.0.1-SNAPSHOT.b75ebaf +version: 1.0.1 +appVersion: 0.0.1 home: https://github.com/eclipse-tractusx/managed-identity-wallet keywords: From ada59c2ee2fa6744afe1a2b759644589b1c700bd Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 26 Jul 2023 11:30:21 +0200 Subject: [PATCH 107/116] feat(helm): update Helm chart Readme and corresponding Readme-template --- charts/managed-identity-wallet/README.md | 81 +++++++++---------- .../managed-identity-wallet/README.md.gotmpl | 4 +- 2 files changed, 40 insertions(+), 45 deletions(-) diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index f26e33d40..c1dde17a2 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -1,19 +1,20 @@ # managed-identity-wallet -![Version: 1.0.1-rc1](https://img.shields.io/badge/Version-1.0.1--rc1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1-SNAPSHOT.b75ebaf](https://img.shields.io/badge/AppVersion-0.0.1--SNAPSHOT.b75ebaf-informational?style=flat-square) +![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square) -The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using did:web. +Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. +And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. -**Homepage:** +**Homepage:** ## Get Repo Info - helm repo add my-miw https://pmoscode-helm.github.io/miw/ + helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev helm repo update ## Install chart - helm install [RELEASE_NAME] my-miw/miw + helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet The command deploys miw on the Kubernetes cluster in the default configuration. @@ -45,46 +46,40 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | -| envs | string | `nil` | | +| affinity | object | `{}` | Affinity configuration | +| backup | object | `{"database":{"cron":"* */6 * * *","enabled":false,"storage":{"diskSize":"10G","keepStorage":true,"storageClassName":"-"}}}` | Simple Postgresql backup solution (Dump data to second PV) | +| backup.database | object | `{"cron":"* */6 * * *","enabled":false,"storage":{"diskSize":"10G","keepStorage":true,"storageClassName":"-"}}` | Backup database | +| backup.database.cron | string | `"* */6 * * *"` | Backup schedule (help: https://crontab.guru) | +| backup.database.enabled | bool | `false` | Enable / Disable the backup | +| backup.database.storage | object | `{"diskSize":"10G","keepStorage":true,"storageClassName":"-"}` | Storage configuration | +| backup.database.storage.diskSize | string | `"10G"` | Disk size for backup content | +| backup.database.storage.keepStorage | bool | `true` | Set to true, if the PV should stay even when the chart release is uninstalled | +| backup.database.storage.storageClassName | string | `"-"` | storageClassName | +| envs | object | `{}` | Parameters for the application (will be provided as plain environment variables) | | fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"Always"` | | -| image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | | -| image.tag | string | `""` | | -| imagePullSecrets[0].name | string | `"acr-credential"` | | -| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | +| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service","tag":""}` | Image of the main container | +| image.pullPolicy | string | `"Always"` | PullPolicy | +| image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | Image repository | +| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) | +| imagePullSecrets | list | `[{"name":"acr-credential"}]` | Credentials for a private repo | +| ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration | | nameOverride | string | `""` | | -| nodeSelector."kubernetes.io/os" | string | `"linux"` | | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | | -| postgresql.auth.password | string | `"postgres"` | | -| postgresql.auth.postgresPassword | string | `"postgres"` | | -| postgresql.auth.username | string | `"postgres"` | | -| postgresql.primary.initdb.password | string | `"postgres"` | | -| postgresql.primary.initdb.scripts."init_db_script.sh" | string | `"#!/bin/sh\ncreatedb -O postgres miw\n"` | | -| postgresql.primary.initdb.user | string | `"postgres"` | | -| replicaCount | int | `1` | | -| resources.limits.cpu | int | `4` | | -| resources.limits.memory | string | `"1Gi"` | | -| resources.requests.cpu | string | `"250m"` | | -| resources.requests.memory | string | `"500Mi"` | | -| secrets | string | `nil` | | -| securityContext.allowPrivilegeEscalation | bool | `false` | | -| securityContext.privileged | bool | `false` | | -| securityContext.runAsGroup | int | `11111` | | -| securityContext.runAsNonRoot | bool | `true` | | -| securityContext.runAsUser | int | `11111` | | -| service.port | int | `8080` | | -| service.type | string | `"ClusterIP"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | +| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | +| podAnnotations | object | `{}` | PodAnnotation configuration | +| podSecurityContext | object | `{}` | PodSecurityContext | +| replicaCount | int | `1` | The amount of replicas to run | +| resources | object | `{"limits":{"cpu":4,"memory":"1Gi"},"requests":{"cpu":"250m","memory":"500Mi"}}` | Resource boundaries | +| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) | +| securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Preconfigured SecurityContext | +| service | object | `{"port":8080,"type":"ClusterIP"}` | Service configuration | +| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | ServiceAccount configuration | +| tolerations | list | `[]` | Tolerations configuration | + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Peter Motzko | | | ---------------------------------------------- Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/managed-identity-wallet/README.md.gotmpl b/charts/managed-identity-wallet/README.md.gotmpl index 4840b363a..f91aed974 100644 --- a/charts/managed-identity-wallet/README.md.gotmpl +++ b/charts/managed-identity-wallet/README.md.gotmpl @@ -10,12 +10,12 @@ ## Get Repo Info - helm repo add my-miw https://pmoscode-helm.github.io/miw/ + helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev helm repo update ## Install chart - helm install [RELEASE_NAME] my-miw/miw + helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet The command deploys miw on the Kubernetes cluster in the default configuration. From 8ff4e1abf37334ead3e4fd14a3df7aead1f43ec4 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Wed, 26 Jul 2023 11:58:19 +0200 Subject: [PATCH 108/116] feat(ci): add GH Action for DAST scanning --- .github/workflows/DAST.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/DAST.yaml diff --git a/.github/workflows/DAST.yaml b/.github/workflows/DAST.yaml new file mode 100644 index 000000000..86dadeb6a --- /dev/null +++ b/.github/workflows/DAST.yaml @@ -0,0 +1,35 @@ +name: DAST +on: + push: + branches: [ "main" ] + paths-ignore: + - '**/*.md' + - '**/*.txt' + workflow_dispatch: + inputs: + target_url: + description: URL to test + required: true + type: choice + options: + - "https://managed-identity-wallet.dev.demo.catena-x.net/" + - "https://managed-identity-wallet.int.demo.catena-x.net/" + - "https://managed-identity-wallet.beta.demo.catena-x.net/" + - "https://managed-identity-wallet.stable.demo.catena-x.net/" + default: "https://managed-identity-wallet.dev.demo.catena-x.net/" + +jobs: + zap_scan: + runs-on: ubuntu-latest + name: OWASP ZAP + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + ref: main + - name: ZAP Scan + uses: zaproxy/action-full-scan@v0.5.1 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: 'owasp/zap2docker-stable' + target: '${{ github.event.inputs.target_url }}' From 2c0887b5e575171e7712bb374555920db51a9202 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 12:14:23 +0200 Subject: [PATCH 109/116] ct lint runs now against current branch (instead of main branch) Signed-off-by: Dominik Pinsel --- .github/workflows/chart-lint.yml | 2 +- charts/managed-identity-wallet/Chart.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index a7227c740..246747410 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -50,7 +50,7 @@ jobs: # run chart linting - name: Run chart-testing (lint) - run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/chart-testing-config.yaml + run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet # run chart unittest - name: Run Helm unittests diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 8f8eb20ca..e726f719e 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 name: managed-identity-wallet description: | - Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. + Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains. type: application From d8acbb50a2ba90a3b081190f98e546f33330f85b Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 13:02:07 +0200 Subject: [PATCH 110/116] resolve kics findings Signed-off-by: Dominik Pinsel --- docs/openapi_v001.json | 95 +++++++++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 34 deletions(-) diff --git a/docs/openapi_v001.json b/docs/openapi_v001.json index 00ddf1075..857db03b7 100644 --- a/docs/openapi_v001.json +++ b/docs/openapi_v001.json @@ -34,7 +34,8 @@ "items": { "$ref": "#/components/schemas/WalletDto" }, - "type": "array" + "type": "array", + "maxItems": 100 } } } @@ -676,7 +677,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "required": false, "deprecated": false, @@ -696,7 +698,8 @@ "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "type": "array" + "type": "array", + "maxItems": 100 } } } @@ -1109,10 +1112,10 @@ "issuer": "did:web:miw.de/bpn0000000000", "issuanceDate": "2021-06-16T18:56:59Z", "credentialSubject": { - "type":"MembershipCredential", + "type": "MembershipCredential", "memberOf": "Catena-X", - "status":"Active", - "startTime":"2021-06-16T18:56:59Z" + "status": "Active", + "startTime": "2021-06-16T18:56:59Z" }, "holderIdentifier": "bpn", "proof": { @@ -1894,7 +1897,8 @@ "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -1964,10 +1968,10 @@ "items": { "type": "string" }, - "type": "array" - }, - "credentialStatus": { + "type": "array", + "maxItems": 100 }, + "credentialStatus": {}, "credentialSubject": { "additionalProperties": { "$ref": "#/components/schemas/Any" @@ -1995,13 +1999,15 @@ "items": { "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "type": { "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2121,10 +2127,10 @@ "items": { "type": "string" }, - "type": "array" - }, - "CredentialStatus": { + "type": "array", + "maxItems": 100 }, + "CredentialStatus": {}, "credentialSubject": { "additionalProperties": { "$ref": "#/components/schemas/Any" @@ -2152,7 +2158,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2175,31 +2182,36 @@ "items": { "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "authenticationVerificationMethods": { "items": { "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "capabilityDelegationVerificationMethods": { "items": { "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "capabilityInvocationVerificationMethods": { "items": { "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "context": { "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "controller": { "$ref": "#/components/schemas/Short" @@ -2211,18 +2223,22 @@ "items": { "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "services": { "items": { + "$ref": "#/components/schemas/Any" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "verificationMethods": { "items": { "$ref": "#/components/schemas/DidVerificationMethodDto" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2294,7 +2310,8 @@ "type": "string", "nullable": true }, - "type": "array" + "type": "array", + "maxItems": 100 }, "kid": { "type": "string", @@ -2327,7 +2344,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "credentialSubject": { "additionalProperties": { @@ -2361,7 +2379,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2379,7 +2398,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "credentialSubject": { "additionalProperties": { @@ -2409,7 +2429,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2430,7 +2451,8 @@ "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2445,7 +2467,8 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "holder": { "type": "string", @@ -2462,13 +2485,15 @@ "items": { "type": "string" }, - "type": "array" + "type": "array", + "maxItems": 100 }, "verifiableCredential": { "items": { "$ref": "#/components/schemas/VerifiableCredentialDto" }, - "type": "array" + "type": "array", + "maxItems": 100 } }, "required": [ @@ -2504,6 +2529,8 @@ } } }, - "security": [], + "security": { + "auth-token": {} + }, "tags": [] } \ No newline at end of file From cf76f1db4cdaa10428b8b7b4204d3d8ea46b8855 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 13:26:55 +0200 Subject: [PATCH 111/116] update DEPENDENCIES Signed-off-by: Dominik Pinsel --- DEPENDENCIES | 209 ++++++++++++++++++++++--------------------- update_dependcies.sh | 8 +- 2 files changed, 112 insertions(+), 105 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index ab042bcdf..4f1080cc3 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -1,5 +1,5 @@ -maven/mavencentral/ch.qos.logback/logback-classic/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3435 -maven/mavencentral/ch.qos.logback/logback-core/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3373 +maven/mavencentral/ch.qos.logback/logback-classic/1.4.8, EPL-1.0 OR LGPL-2.1-only, approved, #3435 +maven/mavencentral/ch.qos.logback/logback-core/1.4.8, EPL-1.0 OR LGPL-2.1-only, approved, #3373 maven/mavencentral/com.apicatalog/titanium-json-ld/1.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.apicatalog/titanium-json-ld/1.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.danubetech/key-formats-java/1.2.0, Apache-2.0, approved, #3467 @@ -7,21 +7,25 @@ maven/mavencentral/com.danubetech/verifiable-credentials-java/1.0.0, Apache-2.0, maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.10.3, Apache-2.0, approved, CQ21280 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.12.6, Apache-2.0, approved, CQ23844 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.2, Apache-2.0, approved, #5303 +maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.2, Apache-2.0, approved, #7947 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.12.6, Apache-2.0, approved, CQ23845 -maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.2, Apache-2.0 AND MIT, approved, #4303 +maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.2, MIT AND Apache-2.0, approved, #7932 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.0, Apache-2.0, approved, CQ23093 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.1, Apache-2.0, approved, CQ23093 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.12.6.1, Apache-2.0, approved, CQ23725 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.2, Apache-2.0, approved, #4105 +maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.2, Apache-2.0, approved, #7934 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.14.2, Apache-2.0, approved, #5933 -maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.14.2, Apache-2.0, approved, #8597 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.2, Apache-2.0, approved, #8802 +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.15.2, Apache-2.0, approved, #8808 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.2, Apache-2.0, approved, #4699 -maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/2.14.2, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.15.2, Apache-2.0, approved, #7930 +maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/2.15.2, Apache-2.0, approved, clearlydefined maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.12.6, Apache-2.0, approved, CQ23848 -maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.14.2, Apache-2.0, approved, #8371 -maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/2.14.2, Apache-2.0, approved, #8162 -maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.14.2, Apache-2.0, approved, #5938 -maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.14.2, Apache-2.0, approved, #7931 +maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.15.2, Apache-2.0, approved, #9101 +maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/2.15.2, Apache-2.0, approved, #9100 +maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.15.2, Apache-2.0, approved, #8803 +maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.15.2, Apache-2.0, approved, #7929 maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlydefined maven/mavencentral/com.github.dasniko/testcontainers-keycloak/2.5.0, Apache-2.0, approved, #9175 maven/mavencentral/com.github.docker-java/docker-java-api/3.3.0, Apache-2.0, approved, clearlydefined @@ -50,16 +54,17 @@ maven/mavencentral/com.google.http-client/google-http-client/1.43.1, Apache-2.0, maven/mavencentral/com.google.j2objc/j2objc-annotations/1.3, Apache-2.0, approved, CQ21195 maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined maven/mavencentral/com.google.protobuf/protobuf-java/3.6.1, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/com.h2database/h2/2.2.220, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322 maven/mavencentral/com.ibm.async/asyncutil/0.1.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.jayway.jsonpath/json-path/2.7.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.24.4, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.jayway.jsonpath/json-path/2.8.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.31, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.9, Apache-2.0, approved, clearlydefined maven/mavencentral/com.opencsv/opencsv/5.7.1, Apache-2.0, approved, clearlydefined maven/mavencentral/com.smartsensesolutions/commons-dao/0.0.5, Apache-2.0, approved, #9176 maven/mavencentral/com.squareup.okhttp3/okhttp/3.12.8, Apache-2.0, approved, CQ19549 maven/mavencentral/com.squareup.okio/okio-jvm/3.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.sun.activation/jakarta.activation/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf -maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.1, BSD-3-Clause, approved, #2590 +maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.2, BSD-3-Clause, approved, #2590 maven/mavencentral/com.sun.mail/jakarta.mail/1.6.5, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, ee4j.mail maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310 maven/mavencentral/com.zaxxer/HikariCP/5.0.1, Apache-2.0, approved, clearlydefined @@ -67,19 +72,23 @@ maven/mavencentral/commons-codec/commons-codec/1.11, Apache-2.0 AND BSD-3-Clause maven/mavencentral/commons-codec/commons-codec/1.14, Apache-2.0, approved, clearlydefined maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641 maven/mavencentral/commons-fileupload/commons-fileupload/1.4, Apache-2.0, approved, clearlydefined +maven/mavencentral/commons-fileupload/commons-fileupload/1.5, Apache-2.0, approved, #7109 +maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745 maven/mavencentral/commons-io/commons-io/2.4, Apache-1.1, approved, CQ9218 maven/mavencentral/commons-io/commons-io/2.9.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162 maven/mavencentral/decentralized-identity/jsonld-common-java/1.0.0, Apache-2.0, approved, #3108 maven/mavencentral/info.weboftrust/ld-signatures-java/1.0.0, Apache-2.0, approved, #3463 maven/mavencentral/io.github.erdtman/java-json-canonicalization/1.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.github.openfeign.form/feign-form-spring/3.8.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.github.openfeign.form/feign-form/3.8.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/io.github.openfeign/feign-core/12.1, Apache-2.0, approved, clearlydefined -maven/mavencentral/io.github.openfeign/feign-slf4j/12.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.github.openfeign/feign-core/12.3, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.github.openfeign/feign-slf4j/12.3, Apache-2.0, approved, clearlydefined maven/mavencentral/io.grpc/grpc-context/1.27.2, Apache-2.0, approved, clearlydefined -maven/mavencentral/io.micrometer/micrometer-commons/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #7333 -maven/mavencentral/io.micrometer/micrometer-core/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #6977 -maven/mavencentral/io.micrometer/micrometer-observation/1.10.6, Apache-2.0, approved, #7331 +maven/mavencentral/io.micrometer/micrometer-commons/1.11.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243 +maven/mavencentral/io.micrometer/micrometer-core/1.11.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238 +maven/mavencentral/io.micrometer/micrometer-observation/1.10.8, Apache-2.0, approved, #7331 +maven/mavencentral/io.micrometer/micrometer-observation/1.11.1, Apache-2.0, approved, #9242 maven/mavencentral/io.opencensus/opencensus-api/0.31.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.opencensus/opencensus-contrib-http-util/0.31.1, Apache-2.0, approved, clearlydefined maven/mavencentral/io.quarkus/quarkus-junit4-mock/2.13.7.Final, Apache-2.0, approved, clearlydefined @@ -92,40 +101,41 @@ maven/mavencentral/io.smallrye.common/smallrye-common-function/1.6.0, Apache-2.0 maven/mavencentral/io.smallrye.config/smallrye-config-common/2.3.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.smallrye.config/smallrye-config-core/2.3.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.smallrye.config/smallrye-config/2.3.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.smallrye/jandex/3.0.5, Apache-2.0, approved, clearlydefined maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.9, Apache-2.0, approved, #5947 maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.9, Apache-2.0, approved, #5929 maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.9, Apache-2.0, approved, #5919 maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.2, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf -maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf +maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.2, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca -maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/jakarta.persistence/jakarta.persistence-api/3.0.0, EPL-2.0 OR BSD-3-Clause AND (EPL-2.0 OR BSD-3-Clause AND BSD-3-Clause), approved, #9177 -maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7697 +maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/jakarta.persistence/jakarta.persistence-api/3.1.0, EPL-2.0 OR BSD-3-Clause AND (EPL-2.0 OR BSD-3-Clause AND BSD-3-Clause), approved, #7696 +maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.1, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7697 maven/mavencentral/jakarta.validation/jakarta.validation-api/2.0.2, Apache-2.0, approved, clearlydefined maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, clearlydefined maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.0, BSD-3-Clause, approved, ee4j.jaxb -maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/javax.activation/javax.activation-api/1.2.0, (CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ18740 maven/mavencentral/javax.xml.bind/jaxb-api/2.3.1, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16911 maven/mavencentral/joda-time/joda-time/2.12.5, Apache-2.0, approved, clearlydefined maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.12.16, Apache-2.0, approved, #1810 -maven/mavencentral/net.bytebuddy/byte-buddy/1.12.10, Apache-2.0 AND BSD-3-Clause, approved, #1811 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.16, Apache-2.0 AND BSD-3-Clause, approved, #1811 maven/mavencentral/net.bytebuddy/byte-buddy/1.12.18, Apache-2.0 AND BSD-3-Clause, approved, #1811 +maven/mavencentral/net.bytebuddy/byte-buddy/1.12.21, Apache-2.0 AND BSD-3-Clause, approved, #1811 maven/mavencentral/net.i2p.crypto/eddsa/0.3.0, CC0-1.0, approved, CQ22537 maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217 maven/mavencentral/net.jcip/jcip-annotations/1.0, CC-BY-2.5, approved, clearlydefined -maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515 -maven/mavencentral/net.minidev/json-smart/2.4.7, Apache-2.0, approved, #3288 +maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515 +maven/mavencentral/net.minidev/json-smart/2.4.10, Apache-2.0, approved, #3288 +maven/mavencentral/net.minidev/json-smart/2.4.11, Apache-2.0, approved, #3288 maven/mavencentral/org.abstractj.kalium/kalium/0.8.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.antlr/antlr4-runtime/4.10.1, BSD-3-Clause AND LicenseRef-Public-domain AND MIT AND LicenseRef-Unicode-TOU, approved, #7065 maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.apache.commons/commons-compress/1.22, Apache-2.0 AND BSD-3-Clause, approved, #4299 +maven/mavencentral/org.apache.commons/commons-compress/1.23.0, Apache-2.0 AND BSD-3-Clause, approved, #7506 maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-text/1.10.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 @@ -134,14 +144,14 @@ maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approv maven/mavencentral/org.apache.james/apache-mime4j-core/0.8.3, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.james/apache-mime4j-dom/0.8.3, Apache-2.0, approved, #2340 maven/mavencentral/org.apache.james/apache-mime4j-storage/0.8.3, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.apache.logging.log4j/log4j-api/2.19.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.19.0, Apache-2.0, approved, #5941 -maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.8, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949 -maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.8, Apache-2.0, approved, #6997 -maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.8, Apache-2.0, approved, #7920 +maven/mavencentral/org.apache.logging.log4j/log4j-api/2.20.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.20.0, Apache-2.0, approved, #8799 +maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.10, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949 +maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.10, Apache-2.0, approved, #6997 +maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.10, Apache-2.0, approved, #7920 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, EPL-1.0, approved, tools.aspectj -maven/mavencentral/org.assertj/assertj-core/3.23.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161 maven/mavencentral/org.bitcoinj/bitcoinj-core/0.15.10, Apache-2.0, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.69, MIT, approved, clearlydefined @@ -149,25 +159,25 @@ maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 maven/mavencentral/org.bouncycastle/bcprov-jdk15to18/1.68, MIT, approved, #3464 maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.69, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, MIT, approved, clearlydefined -maven/mavencentral/org.checkerframework/checker-qual/3.5.0, MIT, approved, clearlydefined -maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.2, BSD-3-Clause, approved, ee4j.jaxb +maven/mavencentral/org.checkerframework/checker-qual/3.31.0, MIT, approved, clearlydefined +maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.3, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/2.3.3-b02, BSD-3-Clause, approved, ee4j.jaxb -maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/3.0.2, BSD-3-Clause, approved, ee4j.jaxb -maven/mavencentral/org.glassfish.jaxb/txw2/4.0.2, BSD-3-Clause, approved, ee4j.jaxb +maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/4.0.2, BSD-3-Clause, approved, ee4j.jaxb +maven/mavencentral/org.glassfish.jaxb/txw2/4.0.3, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/org.glassfish/jakarta.json/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429 maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192 maven/mavencentral/org.hibernate.common/hibernate-commons-annotations/6.0.6.Final, LGPL-2.1-only, approved, #6962 -maven/mavencentral/org.hibernate.orm/hibernate-core/6.1.7.Final, LGPL-2.1-or-later AND (Apache-2.0 AND LGPL-2.1-only) AND (CC-PDDC AND LGPL-2.1-only) AND (EPL-2.0 OR BSD-3-Clause), approved, #5939 +maven/mavencentral/org.hibernate.orm/hibernate-core/6.2.5.Final, LGPL-2.1-only AND Apache-2.0 AND MIT AND CC-PDDC AND (EPL-2.0 OR BSD-3-Clause), approved, #9121 maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.0.Final, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.8, EPL-2.0, approved, CQ23285 -maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.8, EPL-2.0, approved, #1068 -maven/mavencentral/org.jacoco/org.jacoco.core/0.8.8, EPL-2.0, approved, CQ23283 -maven/mavencentral/org.jacoco/org.jacoco.report/0.8.8, EPL-2.0 AND Apache-2.0, approved, CQ23284 +maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.9, EPL-2.0, approved, CQ23285 +maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.9, EPL-2.0, approved, #1068 +maven/mavencentral/org.jacoco/org.jacoco.core/0.8.9, EPL-2.0, approved, CQ23283 +maven/mavencentral/org.jacoco/org.jacoco.report/0.8.9, EPL-2.0 AND Apache-2.0, approved, CQ23284 maven/mavencentral/org.jboss.logging/jboss-logging/3.4.1.Final, Apache-2.0, approved, CQ21255 maven/mavencentral/org.jboss.logging/jboss-logging/3.4.2.Final, Apache-2.0, approved, CQ21255 -maven/mavencentral/org.jboss.logging/jboss-logging/3.4.3.Final, Apache-2.0, approved, CQ21255 +maven/mavencentral/org.jboss.logging/jboss-logging/3.5.0.Final, Apache-2.0, approved, #9471 maven/mavencentral/org.jboss.resteasy/resteasy-client-api/4.7.7.Final, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jboss.resteasy/resteasy-client/4.7.7.Final, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jboss.resteasy/resteasy-core-spi/4.7.7.Final, Apache-2.0, approved, clearlydefined @@ -181,44 +191,44 @@ maven/mavencentral/org.jboss.shrinkwrap/shrinkwrap-spi/1.2.6, Apache-2.0, approv maven/mavencentral/org.jboss.spec.javax.annotation/jboss-annotations-api_1.3_spec/2.0.1.Final, EPL-2.0 or GPL-2.0-only WITH Classpath-exception-2.0, approved, #1805 maven/mavencentral/org.jboss.spec.javax.ws.rs/jboss-jaxrs-api_2.1_spec/2.0.1.Final, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0), approved, #2124 maven/mavencentral/org.jboss.spec.javax.xml.bind/jboss-jaxb-api_2.3_spec/2.0.0.Final, BSD-3-Clause, approved, #2122 -maven/mavencentral/org.jboss/jandex/2.4.2.Final, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.5.31, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.7.22, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.7.22, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.22, Apache-2.0, approved, #8910 +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.22, Apache-2.0, approved, #8807 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.5.31, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.6.20, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.7.22, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.22, Apache-2.0, approved, #8865 maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.json/json/20230227, LicenseRef-Public-domain, approved, #9174 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.1, EPL-2.0, approved, #3133 -maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.2, EPL-2.0, approved, #3133 -maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.2, EPL-2.0, approved, #3125 -maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.2, EPL-2.0, approved, #3134 -maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.2, EPL-2.0, approved, #6972 -maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.2, EPL-2.0, approved, #3130 -maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.2, EPL-2.0, approved, #3128 +maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.3, EPL-2.0, approved, #3133 +maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.3, EPL-2.0, approved, #3125 +maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approved, #3134 +maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.3, EPL-2.0, approved, #6972 +maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130 +maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.3, EPL-2.0, approved, #3128 maven/mavencentral/org.keycloak/keycloak-admin-client/21.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.keycloak/keycloak-common/21.0.0, Apache-2.0 AND LicenseRef-scancode-public-domain-disclaimer, approved, #7287 maven/mavencentral/org.keycloak/keycloak-core/21.0.0, Apache-2.0, approved, #7293 maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, BSD-2-Clause, approved, CQ17408 maven/mavencentral/org.mockito/mockito-core/4.8.1, MIT, approved, clearlydefined maven/mavencentral/org.mockito/mockito-core/5.2.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7401 +maven/mavencentral/org.mockito/mockito-core/5.3.1, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7925 maven/mavencentral/org.mockito/mockito-inline/5.2.0, MIT, approved, clearlydefined -maven/mavencentral/org.mockito/mockito-junit-jupiter/4.8.1, MIT, approved, clearlydefined +maven/mavencentral/org.mockito/mockito-junit-jupiter/5.3.1, MIT, approved, clearlydefined maven/mavencentral/org.objenesis/objenesis/3.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.ow2.asm/asm-analysis/5.0.3, BSD-2-Clause, approved, CQ9714 -maven/mavencentral/org.ow2.asm/asm-analysis/9.2, BSD-3-Clause, approved, clearlydefined maven/mavencentral/org.ow2.asm/asm-commons/5.0.3, BSD-2-Clause, approved, CQ9714 -maven/mavencentral/org.ow2.asm/asm-commons/9.2, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553 maven/mavencentral/org.ow2.asm/asm-tree/5.0.3, BSD-2-Clause, approved, CQ9714 -maven/mavencentral/org.ow2.asm/asm-tree/9.2, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555 maven/mavencentral/org.ow2.asm/asm-util/5.0.3, BSD-2-Clause, approved, CQ9714 maven/mavencentral/org.ow2.asm/asm/5.0.3, BSD-2-Clause, approved, CQ9714 maven/mavencentral/org.ow2.asm/asm/9.1, BSD-3-Clause, approved, CQ23029 -maven/mavencentral/org.ow2.asm/asm/9.2, BSD-3-Clause, approved, CQ23635 maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554 +maven/mavencentral/org.projectlombok/lombok/1.18.28, MIT AND LicenseRef-Public-Domain, approved, CQ23907 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.3, CC0-1.0, approved, CQ16332 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined @@ -226,64 +236,61 @@ maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.7, MIT, approved, #7698 maven/mavencentral/org.slf4j/slf4j-api/1.7.25, MIT, approved, CQ13368 maven/mavencentral/org.slf4j/slf4j-api/1.7.26, MIT, approved, CQ13368 maven/mavencentral/org.slf4j/slf4j-api/1.7.30, MIT, approved, CQ13368 -maven/mavencentral/org.slf4j/slf4j-api/1.7.33, MIT, approved, CQ13368 maven/mavencentral/org.slf4j/slf4j-api/1.7.35, MIT, approved, CQ13368 maven/mavencentral/org.slf4j/slf4j-api/1.7.36, MIT, approved, CQ13368 maven/mavencentral/org.slf4j/slf4j-api/2.0.1, MIT, approved, #5915 maven/mavencentral/org.slf4j/slf4j-api/2.0.2, MIT, approved, #5915 -maven/mavencentral/org.slf4j/slf4j-api/2.0.4, MIT, approved, #5915 maven/mavencentral/org.slf4j/slf4j-api/2.0.7, MIT, approved, #5915 maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.1.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.0.6, Apache-2.0, approved, #7336 -maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.0.6, Apache-2.0, approved, #7334 +maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.1, Apache-2.0, approved, #9348 +maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.1, Apache-2.0, approved, #9342 maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.5, Apache-2.0, approved, #6981 -maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.6, Apache-2.0, approved, #6981 -maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.5, Apache-2.0, approved, #6965 -maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.6, Apache-2.0, approved, #6965 -maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.0.6, Apache-2.0, approved, #6974 -maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.0.6, Apache-2.0, approved, #7006 -maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.0.6, Apache-2.0, approved, #6982 -maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.0.6, Apache-2.0, approved, #6987 -maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.5, Apache-2.0, approved, #7330 -maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.6, Apache-2.0, approved, #7330 -maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.0.6, Apache-2.0, approved, #6966 -maven/mavencentral/org.springframework.boot/spring-boot-test/3.0.6, Apache-2.0, approved, #6976 -maven/mavencentral/org.springframework.boot/spring-boot/3.0.6, Apache-2.0, approved, #7327 -maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.0.2, Apache-2.0, approved, #7292 -maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.0.2, Apache-2.0, approved, #7306 -maven/mavencentral/org.springframework.cloud/spring-cloud-openfeign-core/4.0.2, Apache-2.0, approved, #7305 -maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.2, Apache-2.0, approved, #7299 -maven/mavencentral/org.springframework.data/spring-data-commons/3.0.5, Apache-2.0, approved, #5943 -maven/mavencentral/org.springframework.data/spring-data-jpa/3.0.5, Apache-2.0, approved, #5935 -maven/mavencentral/org.springframework.security/spring-security-config/6.0.3, Apache-2.0, approved, #7338 -maven/mavencentral/org.springframework.security/spring-security-core/6.0.3, Apache-2.0, approved, #7325 -maven/mavencentral/org.springframework.security/spring-security-crypto/6.0.2, Apache-2.0 AND ISC, approved, #7326 +maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.7, Apache-2.0, approved, #6981 +maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.1, Apache-2.0, approved, #9341 +maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.7, Apache-2.0, approved, #6965 +maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.1, Apache-2.0, approved, #9338 +maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.1.1, Apache-2.0, approved, #9737 +maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.1.1, Apache-2.0, approved, #9336 +maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.1.1, Apache-2.0, approved, #9343 +maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.1.1, Apache-2.0, approved, #9351 +maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.7, Apache-2.0, approved, #7330 +maven/mavencentral/org.springframework.boot/spring-boot-starter/3.1.1, Apache-2.0, approved, #9349 +maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.1.1, Apache-2.0, approved, #9339 +maven/mavencentral/org.springframework.boot/spring-boot-test/3.1.1, Apache-2.0, approved, #9346 +maven/mavencentral/org.springframework.boot/spring-boot/3.1.1, Apache-2.0, approved, #9352 +maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.0.3, Apache-2.0, approved, #7292 +maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.0.3, Apache-2.0, approved, #7306 +maven/mavencentral/org.springframework.cloud/spring-cloud-openfeign-core/4.0.3, Apache-2.0, approved, #7305 +maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.3, Apache-2.0, approved, #7299 +maven/mavencentral/org.springframework.data/spring-data-commons/3.1.1, Apache-2.0, approved, #8805 +maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.1, Apache-2.0, approved, #9120 +maven/mavencentral/org.springframework.security/spring-security-config/6.1.1, Apache-2.0, approved, #9736 +maven/mavencentral/org.springframework.security/spring-security-core/6.1.1, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springframework.security/spring-security-crypto/6.0.3, Apache-2.0 AND ISC, approved, #7326 -maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.0.3, Apache-2.0, approved, #7324 +maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.1, Apache-2.0 AND ISC, approved, #9735 +maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.1, Apache-2.0, approved, #9741 maven/mavencentral/org.springframework.security/spring-security-rsa/1.0.11.RELEASE, Apache-2.0, approved, CQ20647 -maven/mavencentral/org.springframework.security/spring-security-web/6.0.3, Apache-2.0, approved, #7328 -maven/mavencentral/org.springframework/spring-aop/6.0.8, Apache-2.0, approved, #5940 -maven/mavencentral/org.springframework/spring-aspects/6.0.8, Apache-2.0, approved, #5930 -maven/mavencentral/org.springframework/spring-beans/6.0.8, Apache-2.0, approved, #5937 -maven/mavencentral/org.springframework/spring-context/6.0.8, Apache-2.0, approved, #5936 -maven/mavencentral/org.springframework/spring-core/6.0.8, Apache-2.0 AND BSD-3-Clause, approved, #5948 -maven/mavencentral/org.springframework/spring-expression/6.0.8, Apache-2.0, approved, #3284 -maven/mavencentral/org.springframework/spring-jcl/6.0.8, Apache-2.0, approved, #3283 -maven/mavencentral/org.springframework/spring-jdbc/6.0.8, Apache-2.0, approved, #5924 -maven/mavencentral/org.springframework/spring-orm/6.0.8, Apache-2.0, approved, #5925 -maven/mavencentral/org.springframework/spring-test/6.0.8, Apache-2.0, approved, #7003 -maven/mavencentral/org.springframework/spring-tx/6.0.8, Apache-2.0, approved, #5926 +maven/mavencentral/org.springframework.security/spring-security-web/6.1.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.springframework/spring-aop/6.0.10, Apache-2.0, approved, #5940 +maven/mavencentral/org.springframework/spring-aspects/6.0.10, Apache-2.0, approved, #5930 +maven/mavencentral/org.springframework/spring-beans/6.0.10, Apache-2.0, approved, #5937 +maven/mavencentral/org.springframework/spring-context/6.0.10, Apache-2.0, approved, #5936 +maven/mavencentral/org.springframework/spring-core/6.0.10, Apache-2.0 AND BSD-3-Clause, approved, #5948 +maven/mavencentral/org.springframework/spring-expression/6.0.10, Apache-2.0, approved, #3284 +maven/mavencentral/org.springframework/spring-jcl/6.0.10, Apache-2.0, approved, #3283 +maven/mavencentral/org.springframework/spring-jdbc/6.0.10, Apache-2.0, approved, #5924 +maven/mavencentral/org.springframework/spring-orm/6.0.10, Apache-2.0, approved, #5925 +maven/mavencentral/org.springframework/spring-test/6.0.10, Apache-2.0, approved, #7003 +maven/mavencentral/org.springframework/spring-tx/6.0.10, Apache-2.0, approved, #5926 maven/mavencentral/org.springframework/spring-web/5.1.5.RELEASE, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ18367 -maven/mavencentral/org.springframework/spring-web/6.0.7, Apache-2.0, approved, #5942 -maven/mavencentral/org.springframework/spring-web/6.0.8, Apache-2.0, approved, #5942 +maven/mavencentral/org.springframework/spring-web/6.0.10, Apache-2.0, approved, #5942 +maven/mavencentral/org.springframework/spring-web/6.0.9, Apache-2.0, approved, #5942 +maven/mavencentral/org.springframework/spring-webmvc/6.0.10, Apache-2.0, approved, #5944 maven/mavencentral/org.springframework/spring-webmvc/6.0.7, Apache-2.0, approved, #5944 -maven/mavencentral/org.springframework/spring-webmvc/6.0.8, Apache-2.0, approved, #5944 -maven/mavencentral/org.testcontainers/database-commons/1.18.0, MIT, approved, clearlydefined -maven/mavencentral/org.testcontainers/jdbc/1.18.0, MIT, approved, clearlydefined maven/mavencentral/org.testcontainers/testcontainers/1.17.6, MIT, approved, #3074 -maven/mavencentral/org.testcontainers/testcontainers/1.18.0, MIT, approved, #7938 +maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #7938 maven/mavencentral/org.webjars/swagger-ui/4.18.2, Apache-2.0, approved, #7850 maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272 maven/mavencentral/org.yaml/snakeyaml/1.33, Apache-2.0, approved, clearlydefined diff --git a/update_dependcies.sh b/update_dependcies.sh index 0a307d1ed..a74ad6d49 100755 --- a/update_dependcies.sh +++ b/update_dependcies.sh @@ -23,9 +23,9 @@ # download the latest version of the Eclipse Dash License tool curl --output org.eclipse.dash.licenses.jar \ - https://repo.eclipse.org/service/local/repositories/dash-licenses-snapshots/content/org/eclipse/dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/org.eclipse.dash.licenses-1.0.3-20230713.055020-51.jar + https://repo.eclipse.org/service/local/repositories/dash-licenses-snapshots/content/org/eclipse/dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/org.eclipse.dash.licenses-1.0.3-20230725.055026-63.jar # update DEPENDENCIES file -./gradlew dependencies | grep -Poh "(?<=\s)[\w\.-]+:[\w\.-]+:[^:\s]+" | grep -v "^org\.eclipse" | sort | uniq \ - | java -jar org.eclipse.dash.licenses.jar -summary DEPENDENCIES - \ - | grep restricted +./gradlew dependencies | grep -Poh "(?<=\s)[\w\.-]+:[\w\.-]+:[^:\s]+" | grep -v "^org\.eclipse" | sort | uniq | + java -jar org.eclipse.dash.licenses.jar -summary DEPENDENCIES - | + grep restricted From cad3563005decb3568cdb86d31340284508ebf0f Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 14:46:02 +0200 Subject: [PATCH 112/116] remove old image publish workflow Signed-off-by: Dominik Pinsel --- .github/workflows/service-build.yaml | 96 ---------------------------- 1 file changed, 96 deletions(-) delete mode 100644 .github/workflows/service-build.yaml diff --git a/.github/workflows/service-build.yaml b/.github/workflows/service-build.yaml deleted file mode 100644 index bc9d619ff..000000000 --- a/.github/workflows/service-build.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Build images and push as GitHub Package - -on: - push: - branches: [ develop, main ] - workflow_dispatch: - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}_miw_service - -jobs: - build-and-push-image: - runs-on: ubuntu-22.04 - permissions: - contents: read - packages: write - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - uses: madhead/read-java-properties@latest - id: version - with: - file: gradle.properties - property: applicationVersion - default: 0.0.1 - - - name: Set App Version - run: echo "APP_VERSION=${{ steps.version.outputs.value }}" >> $GITHUB_ENV - - - name: Set outputs - id: vars - run: | - echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" - echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Show version - run: echo ${APP_VERSION}.${SHORT_SHA} - - - name: Set optional tag suffix - if: github.ref != 'refs/heads/main' - run: echo "TAG_SUFFIX=-${GITHUB_REF##*/}" >> $GITHUB_ENV - - - name: Show tag - run: echo tag=latest${{ env.TAG_SUFFIX }} - - - name: Login to GitHub Container Registry - if: ${{ !env.ACT }} - uses: docker/login-action@v1 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Metadata (tags, labels) for Docker - if: ${{ !env.ACT }} - id: meta - uses: docker/metadata-action@v3 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Set up JDK 17 - uses: actions/setup-java@v1 - with: - java-version: 17 - - - name: Build with Gradle - uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 - with: - arguments: build -PgithubToken=${{ secrets.GITHUB_TOKEN }} - -# - name: Create dist -# uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021 -# with: -# arguments: installDist - - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@0.2.1 - continue-on-error: true - with: - appname: 'project-managed-identity-wallet' - createprofile: false - filepath: 'build/libs/*' # add filepath for upload - vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret - vkey: '${{ secrets.ORG_VERACODE_API_KEY }}' #reference to API Key in github, which is set as github or. secret - include: 'build/libs/miw-latest.jar' - - - name: Build and push Docker image - uses: docker/build-push-action@v2 - with: - context: . - push: true - tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest${{ env.TAG_SUFFIX }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}.${{ env.SHORT_SHA }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}${{ env.TAG_SUFFIX }} - labels: ${{ steps.meta.outputs.labels }} From 7d329e82a7f6ad2105af046c5718fe92a38df987 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 14:49:23 +0200 Subject: [PATCH 113/116] remove DAST workflow Signed-off-by: Dominik Pinsel --- .github/workflows/DAST.yaml | 35 ----------------------------------- 1 file changed, 35 deletions(-) delete mode 100644 .github/workflows/DAST.yaml diff --git a/.github/workflows/DAST.yaml b/.github/workflows/DAST.yaml deleted file mode 100644 index 86dadeb6a..000000000 --- a/.github/workflows/DAST.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: DAST -on: - push: - branches: [ "main" ] - paths-ignore: - - '**/*.md' - - '**/*.txt' - workflow_dispatch: - inputs: - target_url: - description: URL to test - required: true - type: choice - options: - - "https://managed-identity-wallet.dev.demo.catena-x.net/" - - "https://managed-identity-wallet.int.demo.catena-x.net/" - - "https://managed-identity-wallet.beta.demo.catena-x.net/" - - "https://managed-identity-wallet.stable.demo.catena-x.net/" - default: "https://managed-identity-wallet.dev.demo.catena-x.net/" - -jobs: - zap_scan: - runs-on: ubuntu-latest - name: OWASP ZAP - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - ref: main - - name: ZAP Scan - uses: zaproxy/action-full-scan@v0.5.1 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: 'owasp/zap2docker-stable' - target: '${{ github.event.inputs.target_url }}' From 578d8693ed7b441d3af93bcaef75866572cfdf84 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 16:02:16 +0200 Subject: [PATCH 114/116] remove image pull secret from values.yaml Signed-off-by: Dominik Pinsel --- .github/workflows/chart-lint.yml | 2 +- charts/managed-identity-wallet/values.yaml | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index 246747410..f55e60954 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -7,7 +7,7 @@ on: - 'charts/**' jobs: - lint-test: + chart-lint: runs-on: ubuntu-latest steps: - name: Checkout diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index 708d2fd09..dfb30ceda 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -27,11 +27,7 @@ image: # -- PullPolicy pullPolicy: Always # -- Image tag (empty one will use "appVersion" value from chart definition) - tag: "" - -# -- Credentials for a private repo -imagePullSecrets: - - name: acr-credential + tag: "" nameOverride: "" fullnameOverride: "" From afd859078d403a79ea4958135d6b75e9457851c2 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 16:03:39 +0200 Subject: [PATCH 115/116] set chart repository to 'tractusx/managed-identity-wallet' Signed-off-by: Dominik Pinsel --- charts/managed-identity-wallet/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index dfb30ceda..34d8f9061 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -23,7 +23,7 @@ replicaCount: 1 # -- Image of the main container image: # -- Image repository - repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service + repository: tractusx/managed-identity-wallet # -- PullPolicy pullPolicy: Always # -- Image tag (empty one will use "appVersion" value from chart definition) From 64afc1b7c233ec975e7cea8ee85ee66cce14a065 Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Wed, 26 Jul 2023 16:03:56 +0200 Subject: [PATCH 116/116] disabled chart-lint temporary Signed-off-by: Dominik Pinsel --- .github/workflows/chart-lint.yml | 110 +++++++++++++++---------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml index f55e60954..231819947 100644 --- a/.github/workflows/chart-lint.yml +++ b/.github/workflows/chart-lint.yml @@ -1,68 +1,68 @@ -name: Lint and Test Charts +# name: Lint and Test Charts -# Run chart linting and tests on each pull request -on: - pull_request: - paths: - - 'charts/**' +# # Run chart linting and tests on each pull request +# on: +# pull_request: +# paths: +# - 'charts/**' -jobs: - chart-lint: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 +# jobs: +# chart-lint: +# runs-on: ubuntu-latest +# steps: +# - name: Checkout +# uses: actions/checkout@v2 +# with: +# fetch-depth: 0 - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: v3.11.3 +# - name: Set up Helm +# uses: azure/setup-helm@v3 +# with: +# version: v3.11.3 - - name: Update Helm dependencies - run: | - cd charts/managed-identity-wallet - helm dependency update +# - name: Update Helm dependencies +# run: | +# cd charts/managed-identity-wallet +# helm dependency update - - name: Install Helm unittest plugin - run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git +# - name: Install Helm unittest plugin +# run: | +# helm plugin install https://github.com/helm-unittest/helm-unittest.git - # Setup python as a prerequisite for chart linting - - uses: actions/setup-python@v2 - with: - python-version: 3.7 +# # Setup python as a prerequisite for chart linting +# - uses: actions/setup-python@v2 +# with: +# python-version: 3.7 - - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 +# - name: Set up chart-testing +# uses: helm/chart-testing-action@v2.3.1 - - name: Install Task - uses: arduino/setup-task@v1 +# - name: Install Task +# uses: arduino/setup-task@v1 - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) - if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" - fi +# - name: Run chart-testing (list-changed) +# id: list-changed +# run: | +# changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) +# if [[ -n "$changed" ]]; then +# echo "::set-output name=changed::true" +# fi - # run chart linting - - name: Run chart-testing (lint) - run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet +# # run chart linting +# - name: Run chart-testing (lint) +# run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet - # run chart unittest - - name: Run Helm unittests - run: task helm:unittest +# # run chart unittest +# - name: Run Helm unittests +# run: task helm:unittest - # Preparing a kind cluster to install and test charts on - - name: Create kind cluster - uses: helm/kind-action@v1.7.0 - if: steps.list-changed.outputs.changed == 'true' +# # Preparing a kind cluster to install and test charts on +# - name: Create kind cluster +# uses: helm/kind-action@v1.7.0 +# if: steps.list-changed.outputs.changed == 'true' - # install the chart to the kind cluster and run helm test - # define charts to test with the --charts parameter - - name: Run chart-testing (install) - run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml - if: steps.list-changed.outputs.changed == 'true' +# # install the chart to the kind cluster and run helm test +# # define charts to test with the --charts parameter +# - name: Run chart-testing (install) +# run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml +# if: steps.list-changed.outputs.changed == 'true'