Skip to content

Commit

Permalink
refactor: move duplicated code to ids-core (eclipse-edc#2016)
Browse files Browse the repository at this point in the history 
* refactor: move resolveConnectorId to ids-core

* refactor: move handling of DATs to ids-core

* test: add test for DynamicAttributeTokenServiceImpl

* chore: fix checkstyle error

* chore: PR remarks
  • Loading branch information
@ronjaquensel
ronjaquensel authored Sep 27, 2022
1 parent ecb62c0 commit b03d34b
Show file tree
Hide file tree
Showing 10 changed files with 338 additions and 121 deletions.
38 changes: 5 additions & 33 deletions ...taspaceconnector/ids/api/multipart/dispatcher/IdsMultipartDispatcherServiceExtension.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,28 +26,20 @@
import org.eclipse.dataspaceconnector.ids.api.multipart.dispatcher.sender.type.MultipartContractRejectionSender;
import org.eclipse.dataspaceconnector.ids.api.multipart.dispatcher.sender.type.MultipartDescriptionRequestSender;
import org.eclipse.dataspaceconnector.ids.api.multipart.dispatcher.sender.type.MultipartEndpointDataReferenceRequestSender;
import org.eclipse.dataspaceconnector.ids.spi.service.DynamicAttributeTokenService;
import org.eclipse.dataspaceconnector.ids.spi.transform.IdsTransformerRegistry;
import org.eclipse.dataspaceconnector.ids.spi.types.IdsId;
import org.eclipse.dataspaceconnector.ids.spi.types.IdsType;
import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject;
import org.eclipse.dataspaceconnector.spi.EdcException;
import org.eclipse.dataspaceconnector.spi.iam.IdentityService;
import org.eclipse.dataspaceconnector.spi.message.RemoteMessageDispatcherRegistry;
import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
import org.eclipse.dataspaceconnector.spi.security.Vault;
import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
import org.jetbrains.annotations.NotNull;

import java.net.URI;
import java.util.Objects;

public class IdsMultipartDispatcherServiceExtension implements ServiceExtension {
import static org.eclipse.dataspaceconnector.ids.core.util.ConnectorIdUtil.resolveConnectorId;

@EdcSetting
public static final String EDC_IDS_ID = "edc.ids.id";
public static final String DEFAULT_EDC_IDS_ID = "urn:connector:edc";
public class IdsMultipartDispatcherServiceExtension implements ServiceExtension {

@Inject
private Monitor monitor;
Expand All @@ -56,7 +48,7 @@ public class IdsMultipartDispatcherServiceExtension implements ServiceExtension
private OkHttpClient httpClient;

@Inject
private IdentityService identityService;
private DynamicAttributeTokenService dynamicAttributeTokenService;

@Inject
private IdsTransformerRegistry transformerRegistry;
Expand Down Expand Up @@ -85,7 +77,7 @@ public void initialize(ServiceExtensionContext context) {

var senderContext = new SenderDelegateContext(URI.create(connectorId), objectMapper, transformerRegistry, idsWebhookAddress);

var sender = new IdsMultipartSender(monitor, httpClient, identityService, objectMapper);
var sender = new IdsMultipartSender(monitor, httpClient, dynamicAttributeTokenService, objectMapper);
var dispatcher = new IdsMultipartRemoteMessageDispatcher(sender);
dispatcher.register(new MultipartArtifactRequestSender(senderContext, vault));
dispatcher.register(new MultipartDescriptionRequestSender(senderContext));
Expand All @@ -98,24 +90,4 @@ public void initialize(ServiceExtensionContext context) {
dispatcherRegistry.register(dispatcher);
}

private String resolveConnectorId(@NotNull ServiceExtensionContext context) {
Objects.requireNonNull(context);

var value = context.getSetting(EDC_IDS_ID, DEFAULT_EDC_IDS_ID);

// Hint: use stringified uri to keep uri path and query
var result = IdsId.from(value);
if (result.succeeded()) {
var idsId = result.getContent();
if (idsId.getType() == IdsType.CONNECTOR) {
return idsId.getValue();
}
} else {
var message = "IDS Settings: Expected valid URN for setting '%s', but was %s'. Expected format: 'urn:connector:[id]'";
throw new EdcException(String.format(message, EDC_IDS_ID, DEFAULT_EDC_IDS_ID));
}

return value;
}

}
26 changes: 7 additions & 19 deletions ...rg/eclipse/dataspaceconnector/ids/api/multipart/dispatcher/sender/IdsMultipartSender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,7 @@
package org.eclipse.dataspaceconnector.ids.api.multipart.dispatcher.sender;

import com.fasterxml.jackson.databind.ObjectMapper;
import de.fraunhofer.iais.eis.DynamicAttributeTokenBuilder;
import de.fraunhofer.iais.eis.Message;
import de.fraunhofer.iais.eis.TokenFormat;
import jakarta.ws.rs.core.MediaType;
import okhttp3.Headers;
import okhttp3.HttpUrl;
Expand All @@ -32,9 +30,8 @@
import org.eclipse.dataspaceconnector.ids.api.multipart.dispatcher.sender.response.IdsMultipartParts;
import org.eclipse.dataspaceconnector.ids.api.multipart.dispatcher.sender.response.MultipartResponse;
import org.eclipse.dataspaceconnector.ids.core.message.FutureCallback;
import org.eclipse.dataspaceconnector.ids.spi.service.DynamicAttributeTokenService;
import org.eclipse.dataspaceconnector.spi.EdcException;
import org.eclipse.dataspaceconnector.spi.iam.IdentityService;
import org.eclipse.dataspaceconnector.spi.iam.TokenParameters;
import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
import org.eclipse.dataspaceconnector.spi.types.domain.message.RemoteMessage;
import org.glassfish.jersey.media.multipart.ContentDisposition;
Expand All @@ -53,19 +50,18 @@
* Sends IDS multipart messages.
*/
public class IdsMultipartSender {
private static final String TOKEN_SCOPE = "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL";

private Monitor monitor;
private OkHttpClient httpClient;
private IdentityService identityService;
private DynamicAttributeTokenService tokenService;
private ObjectMapper objectMapper;

public IdsMultipartSender(Monitor monitor, OkHttpClient httpClient,
IdentityService identityService,
DynamicAttributeTokenService tokenService,
ObjectMapper objectMapper) {
this.monitor = monitor;
this.httpClient = httpClient;
this.identityService = identityService;
this.tokenService = tokenService;
this.objectMapper = objectMapper;
}

Expand All @@ -80,22 +76,14 @@ public <M extends RemoteMessage, R> CompletableFuture<R> send(M request, Multipa
var remoteConnectorAddress = request.getConnectorAddress();

// Get Dynamic Attribute Token
var tokenParameters = TokenParameters.Builder.newInstance()
.scope(TOKEN_SCOPE)
.audience(remoteConnectorAddress)
.build();
var tokenResult = identityService.obtainClientCredentials(tokenParameters);
var tokenResult = tokenService.obtainDynamicAttributeToken(remoteConnectorAddress);
if (tokenResult.failed()) {
String message = "Failed to obtain token: " + String.join(",", tokenResult.getFailureMessages());
monitor.severe(message);
return failedFuture(new EdcException(message));
}

var token = new DynamicAttributeTokenBuilder()
._tokenFormat_(TokenFormat.JWT)
._tokenValue_(tokenResult.getContent().getToken())
.build();


var token = tokenResult.getContent();

// Get recipient address
var requestUrl = HttpUrl.parse(remoteConnectorAddress);
Expand Down
8 changes: 4 additions & 4 deletions ...clipse/dataspaceconnector/ids/api/multipart/dispatcher/sender/IdsMultipartSenderTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

import okhttp3.OkHttpClient;
import org.eclipse.dataspaceconnector.ids.core.serialization.IdsTypeManagerUtil;
import org.eclipse.dataspaceconnector.spi.iam.IdentityService;
import org.eclipse.dataspaceconnector.ids.spi.service.DynamicAttributeTokenService;
import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
import org.eclipse.dataspaceconnector.spi.result.Result;
import org.eclipse.dataspaceconnector.spi.types.TypeManager;
Expand All @@ -32,15 +32,15 @@
import static org.mockito.Mockito.when;

class IdsMultipartSenderTest {
private final IdentityService identityService = mock(IdentityService.class);
private final DynamicAttributeTokenService tokenService = mock(DynamicAttributeTokenService.class);

@Test
void should_fail_if_token_retrieval_fails() {
when(identityService.obtainClientCredentials(any())).thenReturn(Result.failure("error"));
when(tokenService.obtainDynamicAttributeToken(any())).thenReturn(Result.failure("error"));

var objectMapper = IdsTypeManagerUtil.getIdsObjectMapper(new TypeManager());

var sender = new IdsMultipartSender(mock(Monitor.class), mock(OkHttpClient.class), identityService, objectMapper);
var sender = new IdsMultipartSender(mock(Monitor.class), mock(OkHttpClient.class), tokenService, objectMapper);
var senderDelegate = mock(MultipartSenderDelegate.class);

var result = sender.send(new TestRemoteMessage(), senderDelegate);
Expand Down
35 changes: 5 additions & 30 deletions ...ava/org/eclipse/dataspaceconnector/ids/api/multipart/IdsMultipartApiServiceExtension.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,48 +29,41 @@
import org.eclipse.dataspaceconnector.ids.api.multipart.handler.Handler;
import org.eclipse.dataspaceconnector.ids.spi.service.CatalogService;
import org.eclipse.dataspaceconnector.ids.spi.service.ConnectorService;
import org.eclipse.dataspaceconnector.ids.spi.service.DynamicAttributeTokenService;
import org.eclipse.dataspaceconnector.ids.spi.transform.IdsTransformerRegistry;
import org.eclipse.dataspaceconnector.ids.spi.types.IdsId;
import org.eclipse.dataspaceconnector.ids.spi.types.IdsType;
import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject;
import org.eclipse.dataspaceconnector.spi.EdcException;
import org.eclipse.dataspaceconnector.spi.WebService;
import org.eclipse.dataspaceconnector.spi.asset.AssetIndex;
import org.eclipse.dataspaceconnector.spi.contract.negotiation.ConsumerContractNegotiationManager;
import org.eclipse.dataspaceconnector.spi.contract.negotiation.ProviderContractNegotiationManager;
import org.eclipse.dataspaceconnector.spi.contract.negotiation.store.ContractNegotiationStore;
import org.eclipse.dataspaceconnector.spi.contract.offer.ContractOfferService;
import org.eclipse.dataspaceconnector.spi.contract.validation.ContractValidationService;
import org.eclipse.dataspaceconnector.spi.iam.IdentityService;
import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
import org.eclipse.dataspaceconnector.spi.security.Vault;
import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
import org.eclipse.dataspaceconnector.spi.transfer.TransferProcessManager;
import org.eclipse.dataspaceconnector.spi.transfer.edr.EndpointDataReferenceReceiverRegistry;
import org.eclipse.dataspaceconnector.spi.transfer.edr.EndpointDataReferenceTransformerRegistry;
import org.jetbrains.annotations.NotNull;

import java.util.LinkedList;

import static org.eclipse.dataspaceconnector.ids.core.util.ConnectorIdUtil.resolveConnectorId;

/**
* ServiceExtension providing IDS multipart related API controllers
*/
public final class IdsMultipartApiServiceExtension implements ServiceExtension {

@EdcSetting
public static final String EDC_IDS_ID = "edc.ids.id";
public static final String DEFAULT_EDC_IDS_ID = "urn:connector:edc";

@Inject
private Monitor monitor;

@Inject
private WebService webService;

@Inject
private IdentityService identityService;
private DynamicAttributeTokenService dynamicAttributeTokenService;

@Inject
private CatalogService dataCatalogService;
Expand Down Expand Up @@ -139,26 +132,8 @@ private void registerControllers(ServiceExtensionContext context) {
handlers.add(new ContractRejectionHandler(monitor, connectorId, providerNegotiationManager, consumerNegotiationManager));

// create & register controller
var multipartController = new MultipartController(monitor, connectorId, objectMapper, identityService, handlers, idsApiConfiguration.getIdsWebhookAddress());
var multipartController = new MultipartController(monitor, connectorId, objectMapper, dynamicAttributeTokenService, handlers, idsApiConfiguration.getIdsWebhookAddress());
webService.registerResource(idsApiConfiguration.getContextAlias(), multipartController);
}

private String resolveConnectorId(@NotNull ServiceExtensionContext context) {
var value = context.getSetting(EDC_IDS_ID, DEFAULT_EDC_IDS_ID);

// Hint: use stringified uri to keep uri path and query
var result = IdsId.from(value);
if (result.succeeded()) {
var idsId = result.getContent();
if (idsId.getType() == IdsType.CONNECTOR) {
return idsId.getValue();
}
} else {
var message = "IDS Settings: Expected valid URN for setting '%s', but was %s'. Expected format: 'urn:connector:[id]'";
throw new EdcException(String.format(message, EDC_IDS_ID, DEFAULT_EDC_IDS_ID));
}

return value;
}

}
49 changes: 16 additions & 33 deletions ...java/org/eclipse/dataspaceconnector/ids/api/multipart/controller/MultipartController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,8 @@
import org.eclipse.dataspaceconnector.ids.api.multipart.handler.Handler;
import org.eclipse.dataspaceconnector.ids.api.multipart.message.MultipartRequest;
import org.eclipse.dataspaceconnector.ids.api.multipart.message.MultipartResponse;
import org.eclipse.dataspaceconnector.ids.spi.service.DynamicAttributeTokenService;
import org.eclipse.dataspaceconnector.spi.EdcException;
import org.eclipse.dataspaceconnector.spi.iam.IdentityService;
import org.eclipse.dataspaceconnector.spi.iam.TokenParameters;
import org.eclipse.dataspaceconnector.spi.iam.TokenRepresentation;
import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
import org.glassfish.jersey.media.multipart.FormDataBodyPart;
import org.glassfish.jersey.media.multipart.FormDataMultiPart;
Expand All @@ -42,7 +40,6 @@

import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.List;

import static java.lang.String.format;
Expand All @@ -58,26 +55,25 @@ public class MultipartController {
public static final String PATH = "/data";
private static final String HEADER = "header";
private static final String PAYLOAD = "payload";
private static final String TOKEN_SCOPE = "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL";

private final Monitor monitor;
private final String connectorId;
private final List<Handler> multipartHandlers;
private final ObjectMapper objectMapper;
private final IdentityService identityService;
private final DynamicAttributeTokenService tokenService;
private final String idsWebhookAddress;

public MultipartController(@NotNull Monitor monitor,
@NotNull String connectorId,
@NotNull ObjectMapper objectMapper,
@NotNull IdentityService identityService,
@NotNull DynamicAttributeTokenService tokenService,
@NotNull List<Handler> multipartHandlers,
@NotNull String idsWebhookAddress) {
this.monitor = monitor;
this.connectorId = connectorId;
this.objectMapper = objectMapper;
this.multipartHandlers = multipartHandlers;
this.identityService = identityService;
this.tokenService = tokenService;
this.idsWebhookAddress = idsWebhookAddress;
}

Expand Down Expand Up @@ -120,17 +116,9 @@ public FormDataMultiPart request(@FormDataParam(HEADER) InputStream headerInputS
return buildMultipart(notAuthenticated(header, connectorId));
}

// Prepare DAT validation: IDS token validation requires issuerConnector
var additional = new HashMap<String, Object>();
additional.put("issuerConnector", header.getIssuerConnector());

var tokenRepresentation = TokenRepresentation.Builder.newInstance()
.token(dynamicAttributeToken.getTokenValue())
.additional(additional)
.build();

// Validate DAT
var verificationResult = identityService.verifyJwtToken(tokenRepresentation, idsWebhookAddress);
var verificationResult = tokenService
.verifyDynamicAttributeToken(dynamicAttributeToken, header.getIssuerConnector(), idsWebhookAddress);
if (verificationResult.failed()) {
monitor.warning(format("MultipartController: Token validation failed %s", verificationResult.getFailure().getMessages()));
return buildMultipart(notAuthenticated(header, connectorId));
Expand Down Expand Up @@ -202,27 +190,22 @@ private FormDataMultiPart createFormDataMultiPart(Message header, Object payload
}

/**
* Retrieves an identity token for the given message.
* Retrieves an identity token for the given message. Returns a token with value "invalid" if
* obtaining an identity token fails.
*
* @param header the message.
* @return the token.
*/
private DynamicAttributeToken getToken(Message header) {
var tokenBuilder = new DynamicAttributeTokenBuilder()
._tokenFormat_(TokenFormat.JWT);

var tokenParameters = TokenParameters.Builder.newInstance()
.scope(TOKEN_SCOPE)
.audience(header.getIssuerConnector().toString())
.build();
var tokenResult = identityService.obtainClientCredentials(tokenParameters);

var tokenResult = tokenService.obtainDynamicAttributeToken(header.getIssuerConnector().toString());
if (tokenResult.succeeded()) {
tokenBuilder._tokenValue_(tokenResult.getContent().getToken());
} else {
tokenBuilder._tokenValue_("invalid");
return tokenResult.getContent();
}

return tokenBuilder.build();

return new DynamicAttributeTokenBuilder()
._tokenFormat_(TokenFormat.JWT)
._tokenValue_("invalid")
.build();
}

private byte[] toJson(Object object) {
Expand Down
8 changes: 6 additions & 2 deletions ...s-core/src/main/java/org/eclipse/dataspaceconnector/ids/core/IdsCoreServiceExtension.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,12 @@
import org.eclipse.dataspaceconnector.ids.core.service.CatalogServiceImpl;
import org.eclipse.dataspaceconnector.ids.core.service.ConnectorServiceImpl;
import org.eclipse.dataspaceconnector.ids.core.service.ConnectorServiceSettings;
import org.eclipse.dataspaceconnector.ids.core.service.DynamicAttributeTokenServiceImpl;
import org.eclipse.dataspaceconnector.ids.core.transform.IdsTransformerRegistryImpl;
import org.eclipse.dataspaceconnector.ids.spi.descriptor.IdsDescriptorService;
import org.eclipse.dataspaceconnector.ids.spi.service.CatalogService;
import org.eclipse.dataspaceconnector.ids.spi.service.ConnectorService;
import org.eclipse.dataspaceconnector.ids.spi.service.DynamicAttributeTokenService;
import org.eclipse.dataspaceconnector.ids.spi.transform.IdsTransformerRegistry;
import org.eclipse.dataspaceconnector.ids.spi.types.IdsId;
import org.eclipse.dataspaceconnector.ids.spi.types.IdsType;
Expand All @@ -44,8 +46,8 @@
/**
* Implements the IDS Controller REST API.
*/
@Provides({ CatalogService.class, ConnectorService.class, IdsDescriptorService.class,
CatalogService.class, ConnectorService.class, IdsTransformerRegistry.class })
@Provides({ IdsDescriptorService.class, CatalogService.class, ConnectorService.class,
IdsTransformerRegistry.class, DynamicAttributeTokenService.class})
public class IdsCoreServiceExtension implements ServiceExtension {

@EdcSetting
Expand Down Expand Up @@ -107,6 +109,8 @@ public void initialize(ServiceExtensionContext context) {
context.registerService(ConnectorService.class, connectorService);

context.registerService(IdsDescriptorService.class, new IdsDescriptorServiceImpl());

context.registerService(DynamicAttributeTokenService.class, new DynamicAttributeTokenServiceImpl(identityService));
}

private String resolveCatalogId(ServiceExtensionContext context) {
Expand Down
Loading

0 comments on commit b03d34b

Please sign in to comment.