Skip to content

Commit

Permalink
feat: validate VP as jwt API, enforce https while did resolve in conf…
Browse files Browse the repository at this point in the history 
…ig, changes according to new lib
  • Loading branch information
@nitin-vavdiya
nitin-vavdiya committed Jun 5, 2023
1 parent 1556d7c commit 0339069
Show file tree
Hide file tree
Showing 15 changed files with 191 additions and 200 deletions.
52 changes: 27 additions & 25 deletions README_did_web.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,34 +56,36 @@ Currently the minimum is 80%

## Environment Variables <a id= "environmentVariables"></a>

| name | description | default value |
|------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
| APPLICATION_PORT | port number of application | 8080 |
| APPLICATION_ENVIRONMENT | Environment of the application ie. local, dev, int and prod | local |
| DB_HOST | Database host | localhost |
| DB_PORT | Port of database | 5432 |
| DB_NAME | Database name | miw |
| USE_SSL | Whether SSL is enabled in database server | false |
| DB_USER_NAME | Database username | |
| DB_PASSWORD | Database password | |
| DB_POOL_SIZE | Max number of database connection acquired by application | 10 |
| KEYCLOAK_MIW_PUBLIC_CLIENT | Only needed if we want enable login with keyalock in swagger | miw_public |
| MANAGEMENT_PORT | Spring actuator port | 8090 |
| MIW_HOST_NAME | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN | localhost |
| ENCRYPTION_KEY | encryption key used to encrypt and decrypt private and public key of wallet | |
| AUTHORITY_WALLET_BPN | base wallet BPN number | BPNL000000000000 |
| AUTHORITY_WALLET_NAME | Base wallet name | Catena-X |
| AUTHORITY_WALLET_DID | Base wallet web did | web:did:host:BPNL000000000000 |
| VC_SCHEMA_LINK | Comma separated list of VC schema URL | https://www.w3.org/2018/credentials/v1, https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData |
| VC_EXPIRY_DATE | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025 |
| KEYCLOAK_REALM | Realm name of keycloak | miw_test |
| KEYCLOAK_CLIENT_ID | Keycloak private client id | |
| AUTH_SERVER_URL | Keycloak server url | |
| SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
| | | |
| name | description | default value |
|---------------------------------|-----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
| APPLICATION_PORT | port number of application | 8080 |
| APPLICATION_ENVIRONMENT | Environment of the application ie. local, dev, int and prod | local |
| DB_HOST | Database host | localhost |
| DB_PORT | Port of database | 5432 |
| DB_NAME | Database name | miw |
| USE_SSL | Whether SSL is enabled in database server | false |
| DB_USER_NAME | Database username | |
| DB_PASSWORD | Database password | |
| DB_POOL_SIZE | Max number of database connection acquired by application | 10 |
| KEYCLOAK_MIW_PUBLIC_CLIENT | Only needed if we want enable login with keyalock in swagger | miw_public |
| MANAGEMENT_PORT | Spring actuator port | 8090 |
| MIW_HOST_NAME | Application host name, this will be used in creation of did ie. did:web:MIW_HOST_NAME:BPN | localhost |
| ENCRYPTION_KEY | encryption key used to encrypt and decrypt private and public key of wallet | |
| AUTHORITY_WALLET_BPN | base wallet BPN number | BPNL000000000000 |
| AUTHORITY_WALLET_NAME | Base wallet name | Catena-X |
| AUTHORITY_WALLET_DID | Base wallet web did | web:did:host:BPNL000000000000 |
| VC_SCHEMA_LINK | Comma separated list of VC schema URL | https://www.w3.org/2018/credentials/v1, https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/businessPartnerData |
| VC_EXPIRY_DATE | Expiry date of VC (dd-MM-yyyy ie. 01-01-2025 expiry date will be 2024-12-31T18:30:00Z in VC) | 01-01-2025 |
| KEYCLOAK_REALM | Realm name of keycloak | miw_test |
| KEYCLOAK_CLIENT_ID | Keycloak private client id | |
| AUTH_SERVER_URL | Keycloak server url | |
| SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution | true |
| | | |

## Reference

1. https://www.testcontainers.org/modules/databases/postgres/
2. https://github.com/dasniko/testcontainers-keycloak
3. https://github.com/smartSenseSolutions/smartsense-java-commons
4. https://github.com/catenax-ng/product-lab-ssi
2 changes: 1 addition & 1 deletion src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ExceptionHandling.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public class ExceptionHandling extends ResponseEntityExceptionHandler {
public static final String TIMESTAMP = "timestamp";

/**
* Handle wallet not found problem problem detail.
* Handle wallet not found problem detail.
*
* @param e the e
* @return the problem detail
Expand Down
3 changes: 2 additions & 1 deletion src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,5 +34,6 @@
public record MIWSettings(String host, String encryptionKey, String authorityWalletBpn, String authorityWalletDid,
String authorityWalletName,
List<String> vcContexts, @DateTimeFormat(pattern = "dd-MM-yyyy") Date vcExpiryDate,
String supportedFrameworkVCTypes) {
String supportedFrameworkVCTypes,
boolean enforceHttps) {
}
2 changes: 1 addition & 1 deletion src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public OpenAPI openAPI() {
info.setDescription("MIW API");
info.setVersion("0.0.1");
OpenAPI openAPI = new OpenAPI();
if (properties.enabled()) {
if (Boolean.TRUE.equals(properties.enabled())) {
openAPI = enableSecurity(openAPI);
}
return openAPI.info(info);
Expand Down
21 changes: 11 additions & 10 deletions ...clipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,9 @@
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.util.CollectionUtils;

import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.*;
import java.util.stream.Collectors;

/**
Expand All @@ -54,12 +52,15 @@ public CustomAuthenticationConverter(String resourceId) {

@Override
public AbstractAuthenticationToken convert(Jwt source) {
Collection<GrantedAuthority> authorities = (grantedAuthoritiesConverter.convert(source))
.stream()
.collect(Collectors.toSet());
authorities.addAll(extractResourceRoles(source, resourceId));
extractResourceRoles(source, resourceId);
return new JwtAuthenticationToken(source, authorities);
Collection<GrantedAuthority> convert = grantedAuthoritiesConverter.convert(source);
if (!CollectionUtils.isEmpty(convert)) {
Collection<GrantedAuthority> authorities = new HashSet<>(convert);
authorities.addAll(extractResourceRoles(source, resourceId));
extractResourceRoles(source, resourceId);
return new JwtAuthenticationToken(source, authorities);
} else {
return new JwtAuthenticationToken(source, Collections.emptyList());
}
}

private Collection<? extends GrantedAuthority> extractResourceRoles(Jwt jwt, String resourceId) {
Expand Down
2 changes: 1 addition & 1 deletion ...n/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,6 @@ public ResponseEntity<Map<String, Object>> validatePresentation(@RequestBody Map
@Parameter(description = "Pass true in case of VP is in JWT format") @RequestParam(name = "asJwt", required = false, defaultValue = "false") boolean asJwt,
@Parameter(description = "Check expiry of VC(Only supported in case of JWT formatted VP)") @RequestParam(name = "withCredentialExpiryDate", required = false, defaultValue = "false") boolean withCredentialExpiryDate
) {
return ResponseEntity.status(HttpStatus.CREATED).body(presentationService.validatePresentation(data, asJwt, withCredentialExpiryDate, audience));
return ResponseEntity.status(HttpStatus.OK).body(presentationService.validatePresentation(data, asJwt, withCredentialExpiryDate, audience));
}
}
4 changes: 2 additions & 2 deletions src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/WalletController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,8 +132,8 @@ public ResponseEntity<Map<String, String>> storeCredential(@RequestBody Map<Stri
*/
@Operation(summary = "Retrieve wallet by identifier", description = "Permission: **view_wallets** OR **view_wallet** (The BPN of Wallet to retrieve must equal the BPN of caller) \n\n Retrieve single wallet by identifier, with or without its credentials")
@GetMapping(path = RestURI.API_WALLETS_IDENTIFIER, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<Wallet> getWalletByIdentifier(@PathVariable(name = "identifier") String identifier,
@Parameter(description = "Did or BPN") @RequestParam(name = "withCredentials", defaultValue = "false") boolean withCredentials,
public ResponseEntity<Wallet> getWalletByIdentifier(@Parameter(description = "Did or BPN") @PathVariable(name = "identifier") String identifier,
@RequestParam(name = "withCredentials", defaultValue = "false") boolean withCredentials,
Principal principal) {

return ResponseEntity.status(HttpStatus.OK).body(service.getWalletByIdentifier(identifier, withCredentials, getBPNFromToken(principal)));
Expand Down
Loading

0 comments on commit 0339069

Please sign in to comment.