diff --git a/DEPENDENCIES b/DEPENDENCIES index 3968ca7b4..6c5335b14 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -508,6 +508,7 @@ maven/mavencentral/org.eclipse.edc/validator-spi/0.6.1-SNAPSHOT, Apache-2.0, app maven/mavencentral/org.eclipse.edc/vault-azure/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/verifiable-credentials/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/web-spi/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index 6720cd354..34ad00c99 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -178,8 +178,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.debug.enabled | bool | `false` | | | dataplane.debug.port | int | `1044` | | | dataplane.debug.suspendOnStart | bool | `false` | | -| dataplane.endpoints.control.path | string | `"/api/dataplane/control"` | | -| dataplane.endpoints.control.port | int | `8083` | | | dataplane.endpoints.default.path | string | `"/api"` | | | dataplane.endpoints.default.port | int | `8080` | | | dataplane.endpoints.metrics.path | string | `"/metrics"` | | @@ -189,6 +187,8 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.endpoints.proxy.port | int | `8186` | | | dataplane.endpoints.public.path | string | `"/api/public"` | | | dataplane.endpoints.public.port | int | `8081` | | +| dataplane.endpoints.signaling.path | string | `"/api/signaling"` | | +| dataplane.endpoints.signaling.port | int | `8083` | | | dataplane.env | object | `{}` | | | dataplane.envConfigMapNames | list | `[]` | | | dataplane.envSecretNames | list | `[]` | | diff --git a/charts/tractusx-connector-azure-vault/templates/_helpers.tpl b/charts/tractusx-connector-azure-vault/templates/_helpers.tpl index b3c570bb1..17bcddc86 100644 --- a/charts/tractusx-connector-azure-vault/templates/_helpers.tpl +++ b/charts/tractusx-connector-azure-vault/templates/_helpers.tpl @@ -8,6 +8,7 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} {{- define "txdc.fullname" -}} @@ -143,10 +144,10 @@ Control Plane URL {{- end }} {{/* -Data Control URL +Data Signaling URL */}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.dataplane.endpoints.control.port .Values.dataplane.endpoints.control.path -}} +{{- define "txdc.dataplane.url.signaling" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.dataplane.endpoints.signaling.port .Values.dataplane.endpoints.signaling.path -}} {{- end }} {{/* diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml index 61510d87d..c0b7c5697 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml @@ -299,18 +299,19 @@ spec: # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_URL" - value: {{ include "txdc.dataplane.url.control" . }}/transfer + value: {{ include "txdc.dataplane.url.signaling" . }}/v1/dataflows + - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_TRANSFERTYPES" + value: "HttpData-PULL,AmazonS3-PUSH,AzureStorage-PUSH" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_SOURCETYPES" - value: "HttpData,AmazonS3" + value: "HttpData,AmazonS3,AzureStorage" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_DESTINATIONTYPES" - value: "HttpProxy,AmazonS3" + value: "HttpProxy,AmazonS3,AzureStorage" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES" value: |- {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }} - ########### ## VAULT ## ########### diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml index 95a332858..564ecdaa6 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml @@ -157,10 +157,10 @@ spec: value: {{ .Values.dataplane.endpoints.default.port | quote }} - name: "WEB_HTTP_DEFAULT_PATH" value: {{ .Values.dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.dataplane.endpoints.control.path | quote }} + - name: "WEB_HTTP_SIGNALING_PORT" + value: {{ .Values.dataplane.endpoints.signaling.port | quote }} + - name: "WEB_HTTP_SIGNALING_PATH" + value: {{ .Values.dataplane.endpoints.signaling.path | quote }} - name: "WEB_HTTP_PUBLIC_PORT" value: {{ .Values.dataplane.endpoints.public.port | quote }} - name: "WEB_HTTP_PUBLIC_PATH" @@ -274,6 +274,9 @@ spec: {{- if .Values.dataplane.token.refresh.refresh_endpoint }} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" value: {{ .Values.dataplane.token.refresh.refresh_endpoint }} + {{- else}} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txdc.dataplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" diff --git a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml index 14230b9de..807eba45f 100644 --- a/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/service-dataplane.yaml @@ -32,10 +32,10 @@ spec: targetPort: default protocol: TCP name: default - - port: {{ .Values.dataplane.endpoints.control.port }} - targetPort: control + - port: {{ .Values.dataplane.endpoints.signaling.port }} + targetPort: signaling protocol: TCP - name: control + name: signaling - port: {{ .Values.dataplane.endpoints.public.port }} targetPort: public protocol: TCP diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index e0bbc34c9..06d109072 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -353,9 +353,9 @@ dataplane: public: port: 8081 path: /api/public - control: + signaling: port: 8083 - path: /api/dataplane/control + path: /api/signaling proxy: port: 8186 path: /proxy diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 76a3c8126..e94606898 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -76,7 +76,7 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.6.0 \ | runtime.debug.enabled | bool | `false` | | | runtime.debug.port | int | `1044` | | | runtime.debug.suspendOnStart | bool | `false` | | -| runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086}}` | endpoints of the control plane | +| runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086},"signaling":{"path":"/api/signaling","port":8087}}` | endpoints of the control plane | | runtime.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | runtime.endpoints.control.path | string | `"/control"` | path for incoming api calls | | runtime.endpoints.control.port | int | `8083` | port for incoming api calls | @@ -90,6 +90,8 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.6.0 \ | runtime.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | | runtime.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | runtime.endpoints.protocol.port | int | `8084` | port for incoming api calls | +| runtime.endpoints.signaling.path | string | `"/api/signaling"` | path for incoming api calls | +| runtime.endpoints.signaling.port | int | `8087` | port for incoming api calls | | runtime.env | object | `{}` | | | runtime.envConfigMapNames | list | `[]` | | | runtime.envSecretNames | list | `[]` | | diff --git a/charts/tractusx-connector-memory/templates/_helpers.tpl b/charts/tractusx-connector-memory/templates/_helpers.tpl index c65ba8c52..84f590f08 100644 --- a/charts/tractusx-connector-memory/templates/_helpers.tpl +++ b/charts/tractusx-connector-memory/templates/_helpers.tpl @@ -118,10 +118,10 @@ Control URL {{- end }} {{/* -Data Control URL +Data Signaling URL */}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.runtime.endpoints.control.port .Values.runtime.endpoints.control.path -}} +{{- define "txdc.dataplane.url.signaling" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.runtime.endpoints.signaling.port .Values.runtime.endpoints.signaling.path -}} {{- end }} {{/* diff --git a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml index a5d4c0e3f..de0168256 100644 --- a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml @@ -177,6 +177,10 @@ spec: value: {{ .Values.runtime.endpoints.control.port | quote }} - name: "WEB_HTTP_CONTROL_PATH" value: {{ .Values.runtime.endpoints.control.path | quote }} + - name: "WEB_HTTP_SIGNALING_PORT" + value: {{ .Values.runtime.endpoints.signaling.port | quote }} + - name: "WEB_HTTP_SIGNALING_PATH" + value: {{ .Values.runtime.endpoints.signaling.path | quote }} - name: "WEB_HTTP_PROTOCOL_PORT" value: {{ .Values.runtime.endpoints.protocol.port | quote }} - name: "WEB_HTTP_PROTOCOL_PATH" @@ -230,7 +234,7 @@ spec: # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/develop/edc-extensions/dataplane-selector-configuration - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_URL" - value: {{ include "txdc.dataplane.url.control" . }}/transfer + value: {{ include "txdc.dataplane.url.signaling" . }}/v1/dataflows - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_SOURCETYPES" value: "HttpData,AmazonS3" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_DESTINATIONTYPES" @@ -260,6 +264,9 @@ spec: {{- if .Values.runtime.token.refresh.refresh_endpoint }} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" value: {{ .Values.runtime.token.refresh.refresh_endpoint }} + {{- else }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txdc.dataplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" diff --git a/charts/tractusx-connector-memory/templates/service-runtime.yaml b/charts/tractusx-connector-memory/templates/service-runtime.yaml index d6c441b85..e7536bbcb 100644 --- a/charts/tractusx-connector-memory/templates/service-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/service-runtime.yaml @@ -51,5 +51,9 @@ spec: targetPort: public protocol: TCP name: public + - port: {{ .Values.runtime.endpoints.signaling.port }} + targetPort: signaling + protocol: TCP + name: signaling selector: {{- include "txdc.runtime.selectorLabels" . | nindent 4 }} diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index 3289edfcf..7f3cbd2af 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -121,6 +121,11 @@ runtime: proxy: port: 8186 path: /proxy + signaling: + # -- port for incoming api calls + port: 8087 + # -- path for incoming api calls + path: /api/signaling businessPartnerValidation: log: diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index a6db95db8..67bfa298f 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -172,8 +172,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.6.0 \ | dataplane.debug.enabled | bool | `false` | | | dataplane.debug.port | int | `1044` | | | dataplane.debug.suspendOnStart | bool | `false` | | -| dataplane.endpoints.control.path | string | `"/api/dataplane/control"` | | -| dataplane.endpoints.control.port | int | `8083` | | | dataplane.endpoints.default.path | string | `"/api"` | | | dataplane.endpoints.default.port | int | `8080` | | | dataplane.endpoints.metrics.path | string | `"/metrics"` | | @@ -183,6 +181,8 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.6.0 \ | dataplane.endpoints.proxy.port | int | `8186` | | | dataplane.endpoints.public.path | string | `"/api/public"` | | | dataplane.endpoints.public.port | int | `8081` | | +| dataplane.endpoints.signaling.path | string | `"/api/signaling"` | | +| dataplane.endpoints.signaling.port | int | `8083` | | | dataplane.env | object | `{}` | | | dataplane.envConfigMapNames | list | `[]` | | | dataplane.envSecretNames | list | `[]` | | diff --git a/charts/tractusx-connector/templates/_helpers.tpl b/charts/tractusx-connector/templates/_helpers.tpl index 46bc283dc..21581f158 100644 --- a/charts/tractusx-connector/templates/_helpers.tpl +++ b/charts/tractusx-connector/templates/_helpers.tpl @@ -143,10 +143,10 @@ Control Plane URL {{- end }} {{/* -Data Control URL +Data Signaling URL */}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.dataplane.endpoints.control.port .Values.dataplane.endpoints.control.path -}} +{{- define "txdc.dataplane.url.signaling" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.dataplane.endpoints.signaling.port .Values.dataplane.endpoints.signaling.path -}} {{- end }} {{/* diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml index f41a2a633..9ab02e54a 100644 --- a/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml @@ -300,11 +300,13 @@ spec: # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_URL" - value: {{ include "txdc.dataplane.url.control" . }}/transfer + value: {{ include "txdc.dataplane.url.signaling" . }}/v1/dataflows + - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_TRANSFERTYPES" + value: "HttpData-PULL,AmazonS3-PUSH,AzureStorage-PUSH" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_SOURCETYPES" - value: "HttpData,AmazonS3" + value: "HttpData,AmazonS3,AzureStorage" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_DESTINATIONTYPES" - value: "HttpProxy,AmazonS3" + value: "HttpProxy,AmazonS3,AzureStorage" - name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES" value: |- {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }} diff --git a/charts/tractusx-connector/templates/deployment-dataplane.yaml b/charts/tractusx-connector/templates/deployment-dataplane.yaml index c22138a97..1b633269b 100644 --- a/charts/tractusx-connector/templates/deployment-dataplane.yaml +++ b/charts/tractusx-connector/templates/deployment-dataplane.yaml @@ -157,10 +157,10 @@ spec: value: {{ .Values.dataplane.endpoints.default.port | quote }} - name: "WEB_HTTP_DEFAULT_PATH" value: {{ .Values.dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.dataplane.endpoints.control.path | quote }} + - name: "WEB_HTTP_SIGNALING_PORT" + value: {{ .Values.dataplane.endpoints.signaling.port | quote }} + - name: "WEB_HTTP_SIGNALING_PATH" + value: {{ .Values.dataplane.endpoints.signaling.path | quote }} - name: "WEB_HTTP_PUBLIC_PORT" value: {{ .Values.dataplane.endpoints.public.port | quote }} - name: "WEB_HTTP_PUBLIC_PATH" @@ -273,6 +273,9 @@ spec: {{- if .Values.dataplane.token.refresh.refresh_endpoint }} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" value: {{ .Values.dataplane.token.refresh.refresh_endpoint }} + {{- else}} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txdc.dataplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" diff --git a/charts/tractusx-connector/templates/service-dataplane.yaml b/charts/tractusx-connector/templates/service-dataplane.yaml index 0f1fc5e8c..97e8c07ea 100644 --- a/charts/tractusx-connector/templates/service-dataplane.yaml +++ b/charts/tractusx-connector/templates/service-dataplane.yaml @@ -36,10 +36,10 @@ spec: targetPort: default protocol: TCP name: default - - port: {{ .Values.dataplane.endpoints.control.port }} - targetPort: control + - port: {{ .Values.dataplane.endpoints.signaling.port }} + targetPort: signaling protocol: TCP - name: control + name: signaling - port: {{ .Values.dataplane.endpoints.public.port }} targetPort: public protocol: TCP diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index 70e046c0b..160445e09 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -351,9 +351,9 @@ dataplane: public: port: 8081 path: /api/public - control: + signaling: port: 8083 - path: /api/dataplane/control + path: /api/signaling proxy: port: 8186 path: /proxy diff --git a/core/json-ld-core/src/main/java/org/eclipse/tractusx/edc/jsonld/JsonLdExtension.java b/core/json-ld-core/src/main/java/org/eclipse/tractusx/edc/jsonld/JsonLdExtension.java index a4b9e4038..43cdefc81 100644 --- a/core/json-ld-core/src/main/java/org/eclipse/tractusx/edc/jsonld/JsonLdExtension.java +++ b/core/json-ld-core/src/main/java/org/eclipse/tractusx/edc/jsonld/JsonLdExtension.java @@ -35,6 +35,8 @@ import static java.lang.String.format; import static java.nio.file.StandardCopyOption.REPLACE_EXISTING; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDC_CONTEXT; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_AUTH_NS; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_AUTH_PREFIX; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_CONTEXT; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_NAMESPACE; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_PREFIX; @@ -66,6 +68,7 @@ public class JsonLdExtension implements ServiceExtension { @Override public void initialize(ServiceExtensionContext context) { jsonLdService.registerNamespace(TX_PREFIX, TX_NAMESPACE); + jsonLdService.registerNamespace(TX_AUTH_PREFIX, TX_AUTH_NS); FILES.entrySet().stream().map(this::mapToFile) .forEach(result -> result.onSuccess(entry -> jsonLdService.registerCachedDocument(entry.getKey(), entry.getValue().toURI())) .onFailure(failure -> monitor.warning("Failed to register cached json-ld document: " + failure.getFailureDetail()))); diff --git a/edc-controlplane/edc-controlplane-base/build.gradle.kts b/edc-controlplane/edc-controlplane-base/build.gradle.kts index dc79e212a..c3ef42249 100644 --- a/edc-controlplane/edc-controlplane-base/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-base/build.gradle.kts @@ -41,7 +41,11 @@ dependencies { // needed for IATP integration runtimeOnly(project(":core:json-ld-core")) runtimeOnly(libs.edc.core.did) + runtimeOnly(libs.edc.identity.did.web) runtimeOnly(libs.edc.core.identitytrust) + runtimeOnly(libs.edc.identity.trust.transform) + runtimeOnly(libs.edc.identity.trust.issuers.configuration) + runtimeOnly(project(":edc-extensions:iatp:tx-iatp")) runtimeOnly(project(":edc-extensions:iatp:tx-iatp-sts-dim")) runtimeOnly(project(":edc-extensions:bdrs-client")) runtimeOnly(project(":edc-extensions:data-flow-properties-provider")) diff --git a/edc-dataplane/edc-dataplane-base/build.gradle.kts b/edc-dataplane/edc-dataplane-base/build.gradle.kts index 41a73a75a..e7285164f 100644 --- a/edc-dataplane/edc-dataplane-base/build.gradle.kts +++ b/edc-dataplane/edc-dataplane-base/build.gradle.kts @@ -32,6 +32,7 @@ dependencies { runtimeOnly(libs.edc.jsonld) // needed by the DataPlaneSignalingApi runtimeOnly(libs.edc.core.did) // for the DID Public Key Resolver + runtimeOnly(libs.edc.identity.did.web) runtimeOnly(libs.edc.config.filesystem) runtimeOnly(libs.edc.auth.tokenbased) runtimeOnly(libs.edc.dpf.awss3) diff --git a/edc-extensions/data-flow-properties-provider/build.gradle.kts b/edc-extensions/data-flow-properties-provider/build.gradle.kts index a1c8e165b..1bb930aa9 100644 --- a/edc-extensions/data-flow-properties-provider/build.gradle.kts +++ b/edc-extensions/data-flow-properties-provider/build.gradle.kts @@ -24,6 +24,7 @@ plugins { dependencies { implementation(libs.edc.spi.transfer) + implementation(project(":spi:core-spi")) implementation(project(":spi:bdrs-client-spi")) testImplementation(libs.edc.junit) diff --git a/edc-extensions/data-flow-properties-provider/src/main/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProvider.java b/edc-extensions/data-flow-properties-provider/src/main/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProvider.java index d1cc7d0b4..d524d3c55 100644 --- a/edc-extensions/data-flow-properties-provider/src/main/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProvider.java +++ b/edc-extensions/data-flow-properties-provider/src/main/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProvider.java @@ -29,13 +29,14 @@ import java.util.Map; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; + /** * Extension of {@link DataFlowPropertiesProvider} which provides additional properties in the {@link DataFlowStartMessage} * like the DID of the counter-party BPN. The resolution is made with the {@link BdrsClient} */ public class TxDataFlowPropertiesProvider implements DataFlowPropertiesProvider { - private static final String AUDIENCE_PROPERTY = "audience"; private final BdrsClient bdrsClient; diff --git a/edc-extensions/data-flow-properties-provider/src/test/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProviderTest.java b/edc-extensions/data-flow-properties-provider/src/test/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProviderTest.java index f757d5df9..0c7efcf05 100644 --- a/edc-extensions/data-flow-properties-provider/src/test/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProviderTest.java +++ b/edc-extensions/data-flow-properties-provider/src/test/java/org/eclipse/tractusx/edc/flow/TxDataFlowPropertiesProviderTest.java @@ -26,6 +26,7 @@ import org.junit.jupiter.api.Test; import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -45,7 +46,7 @@ void propertiesFor() { var result = provider.propertiesFor(TransferProcess.Builder.newInstance().build(), Policy.Builder.newInstance().assignee(bpn).build()); assertThat(result).isSucceeded().satisfies(properties -> { - Assertions.assertThat(properties).containsEntry("audience", did); + Assertions.assertThat(properties).containsEntry(AUDIENCE_PROPERTY, did); }); } diff --git a/edc-extensions/dataplane/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/asset/ConsumerAssetRequestController.java b/edc-extensions/dataplane/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/asset/ConsumerAssetRequestController.java index 7c1e8d44a..b2aa6c08e 100644 --- a/edc-extensions/dataplane/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/asset/ConsumerAssetRequestController.java +++ b/edc-extensions/dataplane/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/asset/ConsumerAssetRequestController.java @@ -149,7 +149,7 @@ private DataAddress dataPlaneAddress(DataAddress edr) { .baseUrl(endpoint) .proxyQueryParams("true") .proxyPath("true") - .property(HEADER_AUTHORIZATION, BEARER_PREFIX + token) + .property(HEADER_AUTHORIZATION, token) .build(); } diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/build.gradle.kts b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/build.gradle.kts index 71d956150..19c54f505 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/build.gradle.kts +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/build.gradle.kts @@ -24,6 +24,7 @@ plugins { dependencies { api(project(":spi:tokenrefresh-spi")) api(project(":spi:core-spi")) + implementation(project(":core:core-utils")) implementation(libs.edc.spi.core) implementation(libs.edc.spi.token) implementation(libs.edc.spi.keys) diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceExtension.java b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceExtension.java index 3dd2b5421..75c5d8b5e 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceExtension.java +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceExtension.java @@ -36,6 +36,7 @@ import org.eclipse.edc.spi.types.TypeManager; import org.eclipse.edc.token.JwtGenerationService; import org.eclipse.edc.token.spi.TokenValidationService; +import org.eclipse.tractusx.edc.core.utils.RequiredConfigWarnings; import org.eclipse.tractusx.edc.spi.tokenrefresh.dataplane.DataPlaneTokenRefreshService; import org.jetbrains.annotations.NotNull; @@ -60,6 +61,10 @@ public class DataPlaneTokenRefreshServiceExtension implements ServiceExtension { public static final String TOKEN_VERIFIER_PUBLIC_KEY_ALIAS = "edc.transfer.proxy.token.verifier.publickey.alias"; @Setting(value = "Expiry time of access token in seconds", defaultValue = DEFAULT_TOKEN_EXPIRY_SECONDS + "") public static final String TOKEN_EXPIRY_SECONDS_PROPERTY = "edc.dataplane.token.expiry"; + + @Setting(value = "DID of this connector", required = true) + private static final String PARTICIPANT_DID_PROPERTY = "edc.iam.issuer.id"; + @Inject private TokenValidationService tokenValidationService; @Inject @@ -112,7 +117,7 @@ private DataPlaneTokenRefreshServiceImpl getTokenRefreshService(ServiceExtension monitor.debug("Token refresh endpoint: %s".formatted(refreshEndpoint)); monitor.debug("Token refresh time tolerance: %d s".formatted(expiryTolerance)); tokenRefreshService = new DataPlaneTokenRefreshServiceImpl(clock, tokenValidationService, didPkResolver, localPublicKeyService, accessTokenDataStore, new JwtGenerationService(), - getPrivateKeySupplier(context), context.getMonitor(), refreshEndpoint, expiryTolerance, tokenExpiry, + getPrivateKeySupplier(context), context.getMonitor(), refreshEndpoint, getOwnDid(context), expiryTolerance, tokenExpiry, () -> context.getConfig().getString(TOKEN_VERIFIER_PUBLIC_KEY_ALIAS), vault, typeManager.getMapper()); } return tokenRefreshService; @@ -133,6 +138,13 @@ private String getRefreshEndpointConfig(ServiceExtensionContext context, Monitor return refreshEndpoint; } + private String getOwnDid(ServiceExtensionContext context) { + var did = context.getConfig().getString(PARTICIPANT_DID_PROPERTY, null); + if (did == null) { + RequiredConfigWarnings.warningNotPresent(context.getMonitor().withPrefix("DataPlane Token Refresh"), PARTICIPANT_DID_PROPERTY); + } + return did; + } @NotNull private Supplier getPrivateKeySupplier(ServiceExtensionContext context) { diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImpl.java b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImpl.java index 64991f0f2..06c7c2000 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImpl.java +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImpl.java @@ -64,7 +64,9 @@ import static org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames.AUDIENCE; import static org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames.EXPIRATION_TIME; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_EXPIRES_IN; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_AUDIENCE; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_ENDPOINT; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_TOKEN; @@ -86,10 +88,12 @@ public class DataPlaneTokenRefreshServiceImpl implements DataPlaneTokenRefreshSe private final Supplier publicKeyIdSupplier; private final Monitor monitor; private final String refreshEndpoint; + private final String ownDid; private final Clock clock; private final Vault vault; private final ObjectMapper objectMapper; + public DataPlaneTokenRefreshServiceImpl(Clock clock, TokenValidationService tokenValidationService, DidPublicKeyResolver publicKeyResolver, @@ -99,6 +103,7 @@ public DataPlaneTokenRefreshServiceImpl(Clock clock, Supplier privateKeySupplier, Monitor monitor, String refreshEndpoint, + String ownDid, int tokenExpiryToleranceSeconds, long tokenExpirySeconds, Supplier publicKeyIdSupplier, @@ -114,6 +119,7 @@ public DataPlaneTokenRefreshServiceImpl(Clock clock, this.refreshEndpoint = refreshEndpoint; this.clock = clock; this.publicKeyIdSupplier = publicKeyIdSupplier; + this.ownDid = ownDid; this.vault = vault; this.objectMapper = objectMapper; this.tokenExpirySeconds = tokenExpirySeconds; @@ -148,7 +154,7 @@ public DataPlaneTokenRefreshServiceImpl(Clock clock, public Result refreshToken(String refreshToken, String authenticationToken) { authenticationToken = authenticationToken.replace("Bearer", "").trim(); - + var authTokenRes = tokenValidationService.validate(authenticationToken, publicKeyResolver, authenticationTokenValidationRules); if (authTokenRes.failed()) { return Result.failure("Authentication token validation failed: %s".formatted(authTokenRes.getFailureDetail())); @@ -221,10 +227,16 @@ public Result obtainToken(TokenParameters tokenParameters, tokenExpirySeconds, refreshEndpoint)); // the refresh token information must be returned in the EDR + var audience = additionalDataForStorage.get(AUDIENCE_PROPERTY); + + if (audience == null) { + return Result.failure("Missing audience in the additional properties"); + } var edrAdditionalData = new HashMap<>(additionalTokenData); edrAdditionalData.put(EDR_PROPERTY_REFRESH_TOKEN, refreshTokenResult.getContent().tokenRepresentation().getToken()); edrAdditionalData.put(EDR_PROPERTY_EXPIRES_IN, String.valueOf(tokenExpirySeconds)); edrAdditionalData.put(EDR_PROPERTY_REFRESH_ENDPOINT, refreshEndpoint); + edrAdditionalData.put(EDR_PROPERTY_REFRESH_AUDIENCE, audience); var edrTokenRepresentation = TokenRepresentation.Builder.newInstance() .token(accessTokenResult.getContent().tokenRepresentation().getToken()) // the access token diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRule.java b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRule.java index 84acf8f7e..49bf722e3 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRule.java +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/main/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRule.java @@ -30,6 +30,7 @@ import java.util.Map; import static org.eclipse.tractusx.edc.dataplane.tokenrefresh.core.TokenFunctions.getTokenId; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; /** @@ -37,7 +38,6 @@ * that is associated with that token (using the {@code jti} claim). */ public class AuthTokenAudienceRule implements TokenValidationRule { - private static final String AUDIENCE_PROPERTY = "audience"; private final AccessTokenDataStore store; public AuthTokenAudienceRule(AccessTokenDataStore store) { diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplComponentTest.java b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplComponentTest.java index 1fff7c112..ee73ecc67 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplComponentTest.java +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplComponentTest.java @@ -54,6 +54,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_EXPIRES_IN; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_ENDPOINT; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_TOKEN; @@ -94,6 +95,7 @@ void setup() throws JOSEException { () -> privateKey, mock(), TEST_REFRESH_ENDPOINT, + PROVIDER_DID, 1, 300L, () -> providerKey.getKeyID(), @@ -111,7 +113,7 @@ void setup() throws JOSEException { @Test void obtainToken() { var tokenId = "test-token-id"; - var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)); + var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)); assertThat(edr).isSucceeded(); // assert access token contents assertThat(asClaims(edr.getContent().getToken())) @@ -131,7 +133,7 @@ void obtainToken() { assertThat(storedData).isNotNull(); assertThat(storedData.additionalProperties()) .hasSize(2) - .containsEntry("audience", CONSUMER_DID) + .containsEntry(AUDIENCE_PROPERTY, CONSUMER_DID) .containsEntry("authType", "bearer"); } @@ -141,7 +143,7 @@ void obtainToken() { void refresh_success() throws JOSEException { var tokenId = "test-token-id"; - var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)) + var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); var accessToken = edr.getToken(); @@ -169,7 +171,7 @@ void refresh_originalTokenWasIssuedToDifferentPrincipal() throws JOSEException { var tokenId = "test-token-id"; - var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", "did:web:trudy")) + var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, "did:web:trudy")) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); // bob attempts to create an auth token with an EDR he stole from trudy @@ -192,7 +194,7 @@ void refresh_issuerNotVerifiable() throws JOSEException { when(didPkResolverMock.resolveKey(eq(trudyKey.getKeyID()))).thenReturn(Result.success(trudyKey.toPublicKey())); var tokenId = "test-token-id"; - var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", "did:web:trudy")) + var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, "did:web:trudy")) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); // bob poses as trudy, using her key-ID and DID, but has to use his own private key @@ -211,7 +213,7 @@ void refresh_issuerNotVerifiable() throws JOSEException { @Test void refresh_whenNoAccessTokenClaim() throws JOSEException { var tokenId = "test-token-id"; - var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)) + var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); var accessToken = edr.getToken(); @@ -231,7 +233,7 @@ void refresh_whenNoAccessTokenClaim() throws JOSEException { @Test void refresh_whenIssNotEqualToSub() throws JOSEException { var tokenId = "test-token-id"; - var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)) + var edr = tokenRefreshService.obtainToken(tokenParams(tokenId), DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); var accessToken = edr.getToken(); @@ -259,7 +261,7 @@ void resolve_whenExpired_shouldFail() { .claims(JwtRegisteredClaimNames.ISSUED_AT, Instant.now().minusSeconds(600).getEpochSecond()) .claims(JwtRegisteredClaimNames.EXPIRATION_TIME, Instant.now().minusSeconds(300).getEpochSecond()) .build(), - DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)) + DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); assertThat(tokenRefreshService.resolve(edr.getToken())).isFailed() @@ -274,7 +276,7 @@ void resolve_success() { var edr = tokenRefreshService.obtainToken(tokenParamsBuilder(tokenId) .claims(JwtRegisteredClaimNames.ISSUED_AT, Instant.now().getEpochSecond()) .build(), - DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)) + DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); assertThat(tokenRefreshService.resolve(edr.getToken())).isSucceeded(); @@ -287,7 +289,7 @@ void resolve_notFound() { var edr = tokenRefreshService.obtainToken(tokenParamsBuilder(tokenId) .claims(JwtRegisteredClaimNames.ISSUED_AT, Instant.now().getEpochSecond()) .build(), - DataAddress.Builder.newInstance().type("test-type").build(), Map.of("audience", CONSUMER_DID)) + DataAddress.Builder.newInstance().type("test-type").build(), Map.of(AUDIENCE_PROPERTY, CONSUMER_DID)) .orElseThrow(f -> new RuntimeException(f.getFailureDetail())); tokenDataStore.deleteById(tokenId).orElseThrow(f -> new AssertionError(f.getFailureDetail())); diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplTest.java b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplTest.java index 173b981ef..a7b82dd86 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplTest.java +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/DataPlaneTokenRefreshServiceImplTest.java @@ -70,7 +70,7 @@ class DataPlaneTokenRefreshServiceImplTest { private final DataPlaneTokenRefreshServiceImpl accessTokenService = new DataPlaneTokenRefreshServiceImpl(Clock.systemUTC(), tokenValidationService, didPublicKeyResolver, localPublicKeyService, accessTokenDataStore, tokenGenService, mock(), mock(), - "https://example.com", 1, 300L, + "https://example.com", "did:web:provider", 1, 300L, () -> "keyid", mock(), new ObjectMapper()); diff --git a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRuleTest.java b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRuleTest.java index da71521bd..bf4637fe7 100644 --- a/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRuleTest.java +++ b/edc-extensions/dataplane/dataplane-token-refresh/token-refresh-core/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/core/rules/AuthTokenAudienceRuleTest.java @@ -29,6 +29,7 @@ import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat; import static org.eclipse.tractusx.edc.dataplane.tokenrefresh.core.TestFunctions.createAuthenticationToken; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -44,7 +45,7 @@ void checkRule_issuerDoesNotMatchAudience() { when(store.getById(TEST_TOKEN_ID)).thenReturn(new AccessTokenData(TEST_TOKEN_ID, ClaimToken.Builder.newInstance().build(), DataAddress.Builder.newInstance().type("test-type").build(), - Map.of("audience", "did:web:alice"))); + Map.of(AUDIENCE_PROPERTY, "did:web:alice"))); assertThat(rule.checkRule(createAuthenticationToken(TEST_TOKEN_ID), Map.of())) .isFailed() @@ -57,12 +58,12 @@ void checkRule_audienceNotString() { when(store.getById(TEST_TOKEN_ID)).thenReturn(new AccessTokenData(TEST_TOKEN_ID, ClaimToken.Builder.newInstance().build(), DataAddress.Builder.newInstance().type("test-type").build(), - Map.of("audience", 42L))); + Map.of(AUDIENCE_PROPERTY, 42L))); assertThat(rule.checkRule(createAuthenticationToken(TEST_TOKEN_ID), Map.of())) .isFailed() .detail() - .isEqualTo("Property 'audience' was expected to be java.lang.String but was class java.lang.Long."); + .isEqualTo("Property '%s' was expected to be java.lang.String but was class java.lang.Long.".formatted(AUDIENCE_PROPERTY)); } @Test @@ -75,6 +76,6 @@ void checkRule_audienceNotPresent() { assertThat(rule.checkRule(createAuthenticationToken(TEST_TOKEN_ID), Map.of())) .isFailed() .detail() - .isEqualTo("Property 'audience' was expected to be java.lang.String but was null."); + .isEqualTo("Property '%s' was expected to be java.lang.String but was null.".formatted(AUDIENCE_PROPERTY)); } } \ No newline at end of file diff --git a/edc-extensions/tokenrefresh-handler/src/main/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImpl.java b/edc-extensions/tokenrefresh-handler/src/main/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImpl.java index 0d07e8ca4..7ede6ca8e 100644 --- a/edc-extensions/tokenrefresh-handler/src/main/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImpl.java +++ b/edc-extensions/tokenrefresh-handler/src/main/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImpl.java @@ -20,7 +20,6 @@ package org.eclipse.tractusx.edc.common.tokenrefresh; import com.fasterxml.jackson.databind.ObjectMapper; -import com.nimbusds.jwt.SignedJWT; import okhttp3.HttpUrl; import okhttp3.Request; import okhttp3.RequestBody; @@ -37,7 +36,6 @@ import org.eclipse.tractusx.edc.spi.tokenrefresh.dataplane.model.TokenResponse; import java.io.IOException; -import java.text.ParseException; import java.util.Map; import static org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames.AUDIENCE; @@ -48,6 +46,7 @@ import static org.eclipse.edc.util.string.StringUtils.isNullOrBlank; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_AUTHORIZATION; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_EXPIRES_IN; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_AUDIENCE; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_ENDPOINT; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_TOKEN; @@ -97,6 +96,7 @@ public ServiceResult refreshToken(String tokenId, DataAddress edr) var accessToken = edr.getStringProperty(EDR_PROPERTY_AUTHORIZATION); var refreshToken = edr.getProperties().get(EDR_PROPERTY_REFRESH_TOKEN); var refreshEndpoint = edr.getProperties().get(EDR_PROPERTY_REFRESH_ENDPOINT); + var refreshAudience = edr.getProperties().get(EDR_PROPERTY_REFRESH_AUDIENCE); if (isNullOrBlank(accessToken)) { return ServiceResult.badRequest("Cannot perform token refresh: required property 'authorization' not found on EDR."); @@ -107,16 +107,19 @@ public ServiceResult refreshToken(String tokenId, DataAddress edr) if (isNullOrBlank(StringUtils.toString(refreshEndpoint))) { return ServiceResult.badRequest("Cannot perform token refresh: required property 'refreshEndpoint' not found on EDR."); } + if (isNullOrBlank(StringUtils.toString(refreshAudience))) { + return ServiceResult.badRequest("Cannot perform token refresh: required property 'refreshAudience' not found on EDR."); + } + + var claims = Map.of( + JWT_ID, tokenId, + ISSUER, ownDid, + SUBJECT, ownDid, + AUDIENCE, refreshAudience.toString(), + "token", accessToken + ); - var result = getStringClaim(accessToken, ISSUER) - .map(audience -> Map.of( - JWT_ID, tokenId, - ISSUER, ownDid, - SUBJECT, ownDid, - AUDIENCE, audience, - "token", accessToken - )) - .compose(claims -> secureTokenService.createToken(claims, null)) + var result = secureTokenService.createToken(claims, null) .compose(authToken -> createTokenRefreshRequest(refreshEndpoint.toString(), refreshToken.toString(), "Bearer %s".formatted(authToken.getToken()))); if (result.failed()) { @@ -180,13 +183,4 @@ private Result createTokenRefreshRequest(String refreshEndpoint, String .build()); } - private Result getStringClaim(String accessToken, String claimName) { - try { - return success(SignedJWT.parse(accessToken).getJWTClaimsSet().getStringClaim(claimName)); - } catch (ParseException e) { - monitor.warning("Failed to get string claim '%s'".formatted(claimName), e); - return Result.failure("Failed to parse string claim '%s': %s".formatted(claimName, e)); - } - } - } diff --git a/edc-extensions/tokenrefresh-handler/src/test/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImplTest.java b/edc-extensions/tokenrefresh-handler/src/test/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImplTest.java index 07a51a0be..e210ecbad 100644 --- a/edc-extensions/tokenrefresh-handler/src/test/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImplTest.java +++ b/edc-extensions/tokenrefresh-handler/src/test/java/org/eclipse/tractusx/edc/common/tokenrefresh/TokenRefreshHandlerImplTest.java @@ -58,6 +58,7 @@ import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_AUTHORIZATION; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_EXPIRES_IN; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_AUDIENCE; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_ENDPOINT; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_TOKEN; import static org.mockito.ArgumentMatchers.any; @@ -178,14 +179,7 @@ void refresh_ioException() throws IOException { assertThat(tokenRefreshHandler.refreshToken("token-id")).isFailed() .detail().isEqualTo("Error executing token refresh request: java.io.IOException: test exception"); } - - @Test - void refresh_accessTokenIsNotJwt() { - when(edrCache.get(anyString())).thenReturn(StoreResult.success(createEdr().property(EDR_PROPERTY_AUTHORIZATION, "not-jwt").build())); - assertThat(tokenRefreshHandler.refreshToken("token-id")).isFailed() - .detail().startsWith("Could not execute token refresh: Failed to parse string claim 'iss'"); - } - + @Test void refresh_tokenGenerationFailed() { when(edrCache.get(anyString())).thenReturn(StoreResult.success(createEdr().build())); @@ -211,7 +205,8 @@ private DataAddress.Builder createEdr() { .type("HttpData") .property(EDR_PROPERTY_AUTHORIZATION, createJwt()) .property(EDR_PROPERTY_REFRESH_TOKEN, "foo-refresh-token") - .property(EDR_PROPERTY_REFRESH_ENDPOINT, REFRESH_ENDPOINT); + .property(EDR_PROPERTY_REFRESH_ENDPOINT, REFRESH_ENDPOINT) + .property(EDR_PROPERTY_REFRESH_AUDIENCE, CONSUMER_DID); } private static class InvalidEdrProvider implements ArgumentsProvider { diff --git a/edc-tests/edc-controlplane/edr-api-tests/src/test/java/org/eclipse/tractusx/edc/tests/edrv2/EdrCacheApiEndToEndTest.java b/edc-tests/edc-controlplane/edr-api-tests/src/test/java/org/eclipse/tractusx/edc/tests/edrv2/EdrCacheApiEndToEndTest.java index 69cbb5075..938a0dea4 100644 --- a/edc-tests/edc-controlplane/edr-api-tests/src/test/java/org/eclipse/tractusx/edc/tests/edrv2/EdrCacheApiEndToEndTest.java +++ b/edc-tests/edc-controlplane/edr-api-tests/src/test/java/org/eclipse/tractusx/edc/tests/edrv2/EdrCacheApiEndToEndTest.java @@ -58,6 +58,7 @@ import static org.eclipse.edc.spi.constants.CoreConstants.EDC_NAMESPACE; import static org.eclipse.edc.util.io.Ports.getFreePort; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_EXPIRES_IN; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_AUDIENCE; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_ENDPOINT; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.EDR_PROPERTY_REFRESH_TOKEN; import static org.mockserver.integration.ClientAndServer.startClientAndServer; @@ -85,6 +86,7 @@ public class EdrCacheApiEndToEndTest { with(SOKRATES.getConfiguration(), Map.of("edc.iam.issuer.id", "did:web:sokrates"))); private final ObjectMapper mapper = new ObjectMapper(); private String refreshEndpoint; + private String refreshAudience; private ClientAndServer mockedRefreshApi; private ECKey providerSigningKey; @@ -99,6 +101,7 @@ void setup() throws JOSEException { providerSigningKey = new ECKeyGenerator(Curve.P_256).keyID("did:web:provider#key-1").generate(); var port = getFreePort(); refreshEndpoint = "http://localhost:%s/refresh".formatted(port); + refreshAudience = "did:web:sokrates"; mockedRefreshApi = startClientAndServer(port); } @@ -305,6 +308,7 @@ private void storeEdr(String transferProcessId, boolean isExpired) { .property(EDR_PROPERTY_REFRESH_TOKEN, createJwt(providerSigningKey, new JWTClaimsSet.Builder().build())) .property(EDR_PROPERTY_EXPIRES_IN, "300") .property(EDR_PROPERTY_REFRESH_ENDPOINT, refreshEndpoint) + .property(EDR_PROPERTY_REFRESH_AUDIENCE, refreshAudience) .build(); var entry = EndpointDataReferenceEntry.Builder.newInstance() .clock(isExpired ? // defaults to an expired token diff --git a/edc-tests/edc-dataplane/edc-dataplane-tokenrefresh-tests/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/e2e/DataPlaneTokenRefreshEndToEndTest.java b/edc-tests/edc-dataplane/edc-dataplane-tokenrefresh-tests/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/e2e/DataPlaneTokenRefreshEndToEndTest.java index 77e5341dd..ff888c8fc 100644 --- a/edc-tests/edc-dataplane/edc-dataplane-tokenrefresh-tests/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/e2e/DataPlaneTokenRefreshEndToEndTest.java +++ b/edc-tests/edc-dataplane/edc-dataplane-tokenrefresh-tests/src/test/java/org/eclipse/tractusx/edc/dataplane/tokenrefresh/e2e/DataPlaneTokenRefreshEndToEndTest.java @@ -53,6 +53,7 @@ import static org.apache.http.HttpHeaders.AUTHORIZATION; import static org.assertj.core.api.Assertions.assertThat; import static org.eclipse.edc.spi.constants.CoreConstants.EDC_NAMESPACE; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.AUDIENCE_PROPERTY; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_AUTH_NS; import static org.hamcrest.Matchers.containsString; @@ -361,7 +362,7 @@ private DataFlowStartMessage createStartMessage(String processId, String audienc .assetId("test-asset") .callbackAddress(URI.create("https://foo.bar/callback")) .agreementId("test-agreement") - .property("audience", audience) + .property(AUDIENCE_PROPERTY, audience) .build(); } } diff --git a/edc-tests/runtime/iatp/runtime-memory-iatp-dim-ih/build.gradle.kts b/edc-tests/runtime/iatp/runtime-memory-iatp-dim-ih/build.gradle.kts index 8393f81f3..792511dd4 100644 --- a/edc-tests/runtime/iatp/runtime-memory-iatp-dim-ih/build.gradle.kts +++ b/edc-tests/runtime/iatp/runtime-memory-iatp-dim-ih/build.gradle.kts @@ -27,6 +27,7 @@ dependencies { // use basic (all in-mem) control plane implementation(project(":edc-controlplane:edc-controlplane-base")) { exclude(module = "bdrs-client") + exclude("org.eclipse.edc", "identity-trust-issuers-configuration") } implementation(project(":core:json-ld-core")) implementation(project(":edc-extensions:cx-policy")) diff --git a/edc-tests/runtime/iatp/runtime-memory-iatp-ih/build.gradle.kts b/edc-tests/runtime/iatp/runtime-memory-iatp-ih/build.gradle.kts index 12b86309c..8b0fe5b63 100644 --- a/edc-tests/runtime/iatp/runtime-memory-iatp-ih/build.gradle.kts +++ b/edc-tests/runtime/iatp/runtime-memory-iatp-ih/build.gradle.kts @@ -28,6 +28,7 @@ dependencies { implementation(project(":edc-controlplane:edc-controlplane-base")) { exclude(module = "bdrs-client") exclude(module = "tx-iatp-sts-dim") + exclude("org.eclipse.edc", "identity-trust-issuers-configuration") } implementation(project(":edc-extensions:cx-policy")) implementation(project(":core:json-ld-core")) diff --git a/edc-tests/runtime/iatp/runtime-memory-sts/build.gradle.kts b/edc-tests/runtime/iatp/runtime-memory-sts/build.gradle.kts index b83afc130..796408b2b 100644 --- a/edc-tests/runtime/iatp/runtime-memory-sts/build.gradle.kts +++ b/edc-tests/runtime/iatp/runtime-memory-sts/build.gradle.kts @@ -30,6 +30,7 @@ dependencies { exclude(module = "ssi-miw-credential-client") exclude(module = "ssi-identity-extractor") exclude(module = "tx-iatp-sts-dim") + exclude("org.eclipse.edc", "identity-trust-issuers-configuration") } implementation(project(":core:json-ld-core")) implementation(project(":edc-tests:runtime:extensions")) diff --git a/edc-tests/runtime/runtime-memory/build.gradle.kts b/edc-tests/runtime/runtime-memory/build.gradle.kts index 448119c86..b2ff89caf 100644 --- a/edc-tests/runtime/runtime-memory/build.gradle.kts +++ b/edc-tests/runtime/runtime-memory/build.gradle.kts @@ -32,6 +32,8 @@ dependencies { exclude(module = "ssi-miw-credential-client") exclude(module = "ssi-identity-extractor") exclude(module = "tx-iatp-sts-dim") + exclude(module = "tx-iatp") + exclude("org.eclipse.edc", "identity-trust-issuers-configuration") } // use an embedded STS diff --git a/edc-tests/runtime/runtime-postgresql/build.gradle.kts b/edc-tests/runtime/runtime-postgresql/build.gradle.kts index 8297ca00a..39f49763d 100644 --- a/edc-tests/runtime/runtime-postgresql/build.gradle.kts +++ b/edc-tests/runtime/runtime-postgresql/build.gradle.kts @@ -33,6 +33,8 @@ dependencies { exclude(module = "ssi-identity-extractor") exclude(module = "tx-iatp-sts-dim") exclude(group = "org.eclipse.edc", "vault-hashicorp") + exclude(module = "tx-iatp") + exclude("org.eclipse.edc", "identity-trust-issuers-configuration") } implementation(project(":edc-tests:runtime:extensions")) diff --git a/samples/multi-tenancy/build.gradle.kts b/samples/multi-tenancy/build.gradle.kts index a270267dd..ad6cd1d8e 100644 --- a/samples/multi-tenancy/build.gradle.kts +++ b/samples/multi-tenancy/build.gradle.kts @@ -37,6 +37,7 @@ dependencies { exclude(module = "edr-core") exclude(module = "edr-api-v2") exclude(module = "edr-callback") + exclude("org.eclipse.edc", "identity-trust-issuers-configuration") } implementation(libs.edc.core.controlplane) implementation(libs.jakarta.rsApi) diff --git a/spi/core-spi/src/main/java/org/eclipse/tractusx/edc/edr/spi/CoreConstants.java b/spi/core-spi/src/main/java/org/eclipse/tractusx/edc/edr/spi/CoreConstants.java index 91b38e24c..f21301a1b 100644 --- a/spi/core-spi/src/main/java/org/eclipse/tractusx/edc/edr/spi/CoreConstants.java +++ b/spi/core-spi/src/main/java/org/eclipse/tractusx/edc/edr/spi/CoreConstants.java @@ -25,6 +25,7 @@ public final class CoreConstants { public static final String TX_PREFIX = "tx"; + public static final String TX_AUTH_PREFIX = "tx-auth"; public static final String TX_NAMESPACE = "https://w3id.org/tractusx/v0.0.1/ns/"; public static final String TX_CONTEXT = "https://w3id.org/tractusx/edc/v0.0.1"; public static final String TX_AUTH_NS = "https://w3id.org/tractusx/auth/"; @@ -37,6 +38,8 @@ public final class CoreConstants { public static final String EDR_PROPERTY_AUTHORIZATION = EDC_NAMESPACE + "authorization"; public static final String EDR_PROPERTY_REFRESH_TOKEN = TX_AUTH_NS + "refreshToken"; public static final String EDR_PROPERTY_REFRESH_ENDPOINT = TX_AUTH_NS + "refreshEndpoint"; + public static final String EDR_PROPERTY_REFRESH_AUDIENCE = TX_AUTH_NS + "refreshAudience"; + public static final String AUDIENCE_PROPERTY = TX_AUTH_NS + "audience"; public static final String EDR_PROPERTY_EXPIRES_IN = TX_AUTH_NS + "expiresIn"; private CoreConstants() {