Merge branch 'main' into feature/add-domain-to-trustlist

README.md

@@ -1,14 +1,14 @@
-<h1 align="center">
+<h1 style="text-align:center">
     TNG Key Distribution Service
 </h1>
 
-<p align="center">
+<div style="text-align:center">
     <a href="/../../commits/" title="Last Commit"><img src="https://img.shields.io/github/last-commit/worldhealthorganization/tng-key-distribution?style=flat"></a>
     <a href="/../../issues" title="Open Issues"><img src="https://img.shields.io/github/issues/worldhealthorganization/tng-key-distribution?style=flat"></a>
     <a href="./LICENSE" title="License"><img src="https://img.shields.io/badge/License-Apache%202.0-green.svg?style=flat"></a>
-</p>
+</div>
 
-<p align="center">
+<p style="text-align:center">
   <a href="#about">About</a> •
   <a href="#development">Development</a> •
   <a href="#documentation">Documentation</a> •
@@ -131,7 +131,9 @@ docker-compose up --build
 
 After all containers have started, you will be able to reach the service on your [local machine](http://localhost:8080/api/docs) under port 8080.
 
-## Documentation  
+## Cloud deployment
+
+## Documentation
 
 [OpenAPI Spec](https://worldhealthorganization.github.io/tng-key-distribution/)
 
@@ -147,11 +149,11 @@ The following channels are available for discussions, feedback, and support requ
 | **Issues**    | <a href="/../../issues" title="Open Issues"><img src="https://img.shields.io/github/issues/worldhealthorganization/tng-key-distribution?style=flat"></a>  |
 | **Other requests**    | <a href="mailto:[email protected]" title="Email DGC Team"><img src="https://img.shields.io/badge/email-DGC%20team-green?logo=mail.ru&style=flat-square&logoColor=white"></a>   |
 
-## How to contribute  
+## How to contribute
 
 Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](./CONTRIBUTING.md). By participating in this project, you agree to abide by its [Code of Conduct](./CODE_OF_CONDUCT.md) at all times.
 
-## Contributors  
+## Contributors
 
 Our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.
 

pom.xml

@@ -226,6 +226,11 @@
                 </exclusion>
             </exclusions>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.jgit</groupId>
+            <artifactId>org.eclipse.jgit</artifactId>
+            <version>6.9.0.202403050737-r</version>
+        </dependency>
     </dependencies>
 
     <build>

src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java

@@ -114,17 +114,26 @@ public static class DidConfig {
         private Map<String, String> virtualCountries = new HashMap<>();
 
         private LocalFileConfig localFile = new LocalFileConfig();
+        private GitConfig git = new GitConfig();
 
         private DgcGatewayConnectorConfigProperties.KeyStoreWithAlias localKeyStore =
             new DgcGatewayConnectorConfigProperties.KeyStoreWithAlias();
-
+        
         @Getter
         @Setter
         public static class LocalFileConfig {
             private String fileName;
             private String directory;
         }
 
+        @Getter
+        @Setter
+        public static class GitConfig {
+            private String prefix;
+            private String workdir;
+            private String pat;
+            private String url;
+        }
     }
 
 }

src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java

@@ -93,6 +93,8 @@ public class DidTrustListService {
     private final CertificateUtils certificateUtils;
 
     private final TrustedIssuerService trustedIssuerService;
+
+    private final GitProvider gitProvider;
 
     /**
      * Create and upload DID Document holding Uploaded DSC and Trusted Issuer.
@@ -102,6 +104,7 @@ public class DidTrustListService {
     public void job() {
 
         String trustList;
+
         try {
             trustList = generateTrustList(null);
         } catch (Exception e) {
@@ -139,6 +142,8 @@ public void job() {
         }
 
         log.info("Finished DID Export Process");
+
+        gitProvider.upload(configProperties.getDid().getLocalFile().getDirectory());
     }
 
     private String getCountryAsLowerCaseAlpha3(String country) {
@@ -300,4 +305,5 @@ private Optional<X509Certificate> searchCsca(X509Certificate dsc, String country
                                                       .equals(dsc.getIssuerX500Principal()))
                                   .findFirst();
     }
+
 }

src/main/java/tng/trustnetwork/keydistribution/service/did/DummyGitUploader.java

@@ -0,0 +1,48 @@
+/*-
+ * ---license-start
+ * WorldHealthOrganization / tng-key-distribution
+ * ---
+ * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package tng.trustnetwork.keydistribution.service.did;
+
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Service;
+import tng.trustnetwork.keydistribution.config.KdsConfigProperties;
+
+@ConditionalOnProperty(name = "dgc.did.didUploadProvider", havingValue = "dummy")
+@Service
+@Slf4j
+@RequiredArgsConstructor
+public class DummyGitUploader implements GitProvider {
+
+    private final KdsConfigProperties configProperties;
+
+    /**
+     * upload dummy method used for unit tests.
+     * @param sourcePath will only be used for log output
+     */
+
+    public void upload(String sourcePath) {
+
+        log.info("Uploaded from {} to {}", sourcePath, configProperties.getDid().getGit().getWorkdir());
+
+    }
+
+}

src/main/java/tng/trustnetwork/keydistribution/service/did/GitProvider.java

@@ -0,0 +1,27 @@
+/*-
+ * ---license-start
+ * WorldHealthOrganization / tng-key-distribution
+ * ---
+ * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package tng.trustnetwork.keydistribution.service.did;
+
+public interface GitProvider {
+
+    void upload(String sourcePath);
+
+}

src/main/java/tng/trustnetwork/keydistribution/service/did/GitUploader.java

@@ -0,0 +1,138 @@
+/*-
+ * ---license-start
+ * WorldHealthOrganization / tng-key-distribution
+ * ---
+ * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package tng.trustnetwork.keydistribution.service.did;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.DirectoryStream;
+import java.nio.file.FileVisitResult;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.SimpleFileVisitor;
+import java.nio.file.StandardCopyOption;
+import java.nio.file.attribute.BasicFileAttributes;
+import java.time.Instant;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.eclipse.jgit.api.Git;
+import org.eclipse.jgit.api.errors.GitAPIException;
+import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.stereotype.Service;
+import tng.trustnetwork.keydistribution.config.KdsConfigProperties;
+
+@ConditionalOnProperty(name = "dgc.did.didUploadProvider", havingValue = "local-file")
+@Service
+@Slf4j
+@RequiredArgsConstructor
+public class GitUploader implements GitProvider {
+
+    private final KdsConfigProperties configProperties;
+
+    /**
+     * upload method clones a git repositor, copies the contents of sourcePath to the cloned git repository 
+     * and commits and pushes the contents, replacing the previous contents of the repository.
+     * @param sourcePath sourcePath from where the files are copied for upload 
+     */
+
+    public void upload(String sourcePath) {
+
+        Path sourceDirectory = Paths.get(sourcePath);
+        Path targetDirectory = Paths.get(configProperties.getDid().getGit().getWorkdir() 
+          + File.separator 
+          + configProperties.getDid().getGit().getPrefix());
+
+        deleteDirectoryAndContents(configProperties.getDid().getGit().getWorkdir());
+
+        try {
+            Git.cloneRepository()
+            .setURI(configProperties.getDid().getGit().getUrl())
+            .setDirectory(new File(configProperties.getDid().getGit().getWorkdir()))
+            .setCredentialsProvider(
+                new UsernamePasswordCredentialsProvider(
+                "anonymous", configProperties.getDid().getGit().getPat()))
+                .call();
+        } catch (Exception e) {
+            log.error("Failed to clone repository {}: {}",
+                      configProperties.getDid().getGit().getUrl(), e.getMessage());
+        }
+
+        try {
+            Files.walkFileTree(sourceDirectory, new SimpleFileVisitor<Path>() {
+                @Override
+                public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException {
+                    Path targetFile = targetDirectory.resolve(sourceDirectory.relativize(file));
+                    Files.createDirectories(targetFile.getParent());
+                    Files.copy(file, targetFile, StandardCopyOption.REPLACE_EXISTING);
+                    return FileVisitResult.CONTINUE;
+                }
+
+                @Override
+                public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException {
+                    Path targetDir = targetDirectory.resolve(sourceDirectory.relativize(dir));
+                    Files.createDirectories(targetDir);
+                    return FileVisitResult.CONTINUE;
+                }
+            });
+        } catch (IOException e) {
+            log.error("Failed to copy files from {} to {}: {}", sourcePath, targetDirectory, e.getMessage());
+        }
+
+        try {
+            Git git = Git.open(new File(configProperties.getDid().getGit().getWorkdir()));
+            git.add().addFilepattern(".").call();
+            git.commit().setMessage("Added DID files on " + Instant.now()).call();
+            git.push().setCredentialsProvider(new UsernamePasswordCredentialsProvider(
+                "anonymous", configProperties.getDid().getGit().getPat())).call();
+            git.close();
+            log.info("Successfully uploaded DID files to Git repository {}",
+                     configProperties.getDid().getGit().getUrl());
+        } catch (GitAPIException | IOException e) {
+            log.error("Error during Git commit & push: {}",e.getMessage());
+        }
+    }
+
+    private void deleteDirectoryAndContents(String directoryPath) {
+        Path dir = Paths.get(directoryPath);
+        if (dir.toFile().exists()) {
+
+            try (DirectoryStream<Path> stream = Files.newDirectoryStream(dir)) {
+                for (Path path : stream) {
+                    if (Files.isDirectory(path)) {
+                        deleteDirectoryAndContents(path.toString());
+                    } else {
+                        Files.delete(path);
+                    }
+                }
+            } catch (IOException e) {
+                log.error("Error deleting file {}",e.getMessage());
+            }
+            try {
+                Files.delete(dir);
+            } catch (IOException e) {
+                log.error("Error deleting root directory {}",e.getMessage());
+            }
+        } else {
+            log.info("Directory {} does not exist, skippig deletion", dir);
+        }
+    }
+}

src/main/resources/application.yml

@@ -94,8 +94,13 @@ dgc:
     enableDidGeneration: true
     didUploadProvider: local-file
     localFile:
-      directory: ./did
+      directory: <root-directory-of-trustlist>
       file-name: did.json
+    git:
+      workdir: <root-of-cloned-git-repo>
+      prefix: <prefix-dir-in-git-repo>
+      url: <git-repo-url>
+      pat: <personal-access-token-for-git>
     didSigningProvider: dummy
     ld-proof-verification-method: did:web:dummy.net
     ld-proof-nonce: n0nc3

src/test/resources/application.yml

@@ -43,6 +43,11 @@ dgc:
     enableDidGeneration: true
     didUploadProvider: dummy
     didSigningProvider: dummy
+    git:
+      workdir: ""
+      prefix: ""
+      url: ""
+      pat: ""
     ld-proof-verification-method: did:web:dummy.net
     ld-proof-nonce: n0nc3
     ld-proof-domain: d0m4in