forked from eclipse-tractusx/managed-identity-wallet
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e982919
commit 4227f3e
Showing
10 changed files
with
670 additions
and
3 deletions.
There are no files selected for viewing
126 changes: 126 additions & 0 deletions
126
...java/org/eclipse/tractusx/managedidentitywallets/apidocs/SecureTokenControllerApiDoc.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
/* | ||
* ******************************************************************************* | ||
* Copyright (c) 2021,2024 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* ****************************************************************************** | ||
*/ | ||
|
||
package org.eclipse.tractusx.managedidentitywallets.apidocs; | ||
|
||
import io.swagger.v3.oas.annotations.Operation; | ||
import io.swagger.v3.oas.annotations.media.Content; | ||
import io.swagger.v3.oas.annotations.media.ExampleObject; | ||
import io.swagger.v3.oas.annotations.parameters.RequestBody; | ||
import io.swagger.v3.oas.annotations.responses.ApiResponse; | ||
import io.swagger.v3.oas.annotations.responses.ApiResponses; | ||
|
||
import java.lang.annotation.ElementType; | ||
import java.lang.annotation.Retention; | ||
import java.lang.annotation.RetentionPolicy; | ||
import java.lang.annotation.Target; | ||
|
||
public class SecureTokenControllerApiDoc { | ||
|
||
@Target(ElementType.METHOD) | ||
@Retention(RetentionPolicy.RUNTIME) | ||
@RequestBody(content = { | ||
@Content(examples = { | ||
@ExampleObject(name = "Request Secure Token using Scopes", value = """ | ||
{ | ||
"audience": "BPNL000000000009", | ||
"client_id": "your_client_id", | ||
"client_secret": "your_client_secret", | ||
"grant_type": "client_credentials", | ||
"bearer_access_scope": "org.eclipse.tractusx.vc.type:ValidCredentialType:read" | ||
} | ||
""" | ||
), | ||
@ExampleObject(name = "Request Secure Token using Access Token", value = """ | ||
{ | ||
"audience": "BPNL000000000009", | ||
"client_id": "your_client_id", | ||
"client_secret": "your_client_secret", | ||
"grant_type": "client_credentials", | ||
"access_token": "a_jwt_token" | ||
} | ||
""" | ||
) | ||
}) | ||
}) | ||
@ApiResponses(value = { | ||
@ApiResponse(responseCode = "201", content = { | ||
@Content(examples = { | ||
@ExampleObject(name = "Success response", value = """ | ||
{ | ||
"token": "a_jwt_token", | ||
"expiresAt": 1706888709315 | ||
} | ||
""" | ||
) | ||
}) | ||
}), | ||
|
||
@ApiResponse(responseCode = "400", content = { | ||
@Content(examples = { | ||
@ExampleObject(name = "Unknown BPN", value = """ | ||
{ | ||
"error": "UnknownBusinessPartnerNumber", | ||
"errorDescription": "The provided BPN 'BPNL000000000001' is unknown" | ||
} | ||
""" | ||
), | ||
|
||
@ExampleObject(name = "Wrong Grant Type", value = """ | ||
{ | ||
"error": "UnsupportedGrantTypeException", | ||
"errorDescription": "The provided 'grant_type' is not valid. Use 'client_credentials'." | ||
} | ||
""" | ||
), | ||
|
||
@ExampleObject(name = "Invalid Secure Token Request", value = """ | ||
{ | ||
"error": "InvalidSecureTokenRequest", | ||
"errorDescription": "The provided data could not be used to create and sign a token." | ||
} | ||
""" | ||
) | ||
}) | ||
}), | ||
|
||
@ApiResponse(responseCode = "500", description = "Any other internal server error", content = { | ||
@Content(examples = { | ||
@ExampleObject(name = "Internal server error", value = """ | ||
{ | ||
"type": "about:blank", | ||
"title": "Error Title", | ||
"status": 500, | ||
"detail": "Error Details", | ||
"instance": "API endpoint", | ||
"properties": { | ||
"timestamp": 1689762476720 | ||
} | ||
} | ||
""" | ||
) | ||
}) | ||
}) | ||
}) | ||
@Operation(summary = "Create and Sign Access Tokens", description = "The endpoint for creating and signing access tokens which are to be used during a verifiable presentation flow.") | ||
public @interface PostSecureTokenDoc { | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
110 changes: 110 additions & 0 deletions
110
...in/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
/* | ||
* ******************************************************************************* | ||
* Copyright (c) 2021,2024 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* ****************************************************************************** | ||
*/ | ||
|
||
package org.eclipse.tractusx.managedidentitywallets.controller; | ||
|
||
import com.nimbusds.jwt.JWT; | ||
import com.nimbusds.jwt.JWTParser; | ||
import io.swagger.v3.oas.annotations.tags.Tag; | ||
import jakarta.validation.Valid; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.SneakyThrows; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.eclipse.tractusx.managedidentitywallets.apidocs.SecureTokenControllerApiDoc; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.BusinessPartnerNumber; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.IdpTokenResponse; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.StsTokenErrorResponse; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.StsTokenResponse; | ||
import org.eclipse.tractusx.managedidentitywallets.dto.SecureTokenRequest; | ||
import org.eclipse.tractusx.managedidentitywallets.exception.InvalidSecureTokenRequest; | ||
import org.eclipse.tractusx.managedidentitywallets.exception.UnknownBusinessPartnerNumber; | ||
import org.eclipse.tractusx.managedidentitywallets.exception.UnsupportedGrantTypeException; | ||
import org.eclipse.tractusx.managedidentitywallets.interfaces.SecureTokenService; | ||
import org.eclipse.tractusx.managedidentitywallets.service.IdpAuthorization; | ||
import org.springframework.http.HttpStatus; | ||
import org.springframework.http.MediaType; | ||
import org.springframework.http.ResponseEntity; | ||
import org.springframework.web.bind.annotation.ExceptionHandler; | ||
import org.springframework.web.bind.annotation.PostMapping; | ||
import org.springframework.web.bind.annotation.RequestBody; | ||
import org.springframework.web.bind.annotation.RestController; | ||
|
||
import java.util.Set; | ||
|
||
@RestController | ||
@Slf4j | ||
@RequiredArgsConstructor | ||
@Tag(name = "STS") | ||
public class SecureTokenController { | ||
|
||
private final SecureTokenService tokenService; | ||
|
||
private final IdpAuthorization idpAuthorization; | ||
|
||
@SneakyThrows | ||
@PostMapping(path = "/token", consumes = { MediaType.APPLICATION_JSON_VALUE }, produces = { MediaType.APPLICATION_JSON_VALUE }) | ||
@SecureTokenControllerApiDoc.PostSecureTokenDoc | ||
public ResponseEntity<StsTokenResponse> store( | ||
@Valid @RequestBody SecureTokenRequest secureTokenRequest | ||
) { | ||
// handle idp authorization | ||
IdpTokenResponse idpResponse = idpAuthorization.fromSecureTokenRequest(secureTokenRequest); | ||
BusinessPartnerNumber bpn = idpResponse.bpn(); | ||
// todo bri: accept did & bpn | ||
BusinessPartnerNumber partnerBpn = new BusinessPartnerNumber(secureTokenRequest.getAudience()); | ||
|
||
// create the SI token and put/create the access_token inside | ||
JWT responseJwt; | ||
if (secureTokenRequest.assertValidWithAccessToken()) { | ||
log.debug("Signing si token."); | ||
responseJwt = tokenService.issueToken( | ||
bpn, | ||
partnerBpn, | ||
JWTParser.parse(secureTokenRequest.getAccessToken()) | ||
); | ||
} else if (secureTokenRequest.assertValidWithScopes()) { | ||
log.debug("Creating access token and signing si token."); | ||
responseJwt = tokenService.issueToken( | ||
bpn, | ||
partnerBpn, | ||
Set.of(secureTokenRequest.getBearerAccessScope()) | ||
); | ||
} else { | ||
throw new InvalidSecureTokenRequest("The provided data could not be used to create and sign a token."); | ||
} | ||
|
||
// create the response | ||
log.debug("Preparing StsTokenResponse."); | ||
StsTokenResponse response = StsTokenResponse.builder() | ||
.token(responseJwt.serialize()) | ||
.expiresAt(responseJwt.getJWTClaimsSet().getExpirationTime().getTime()) | ||
.build(); | ||
return ResponseEntity.status(HttpStatus.CREATED).body(response); | ||
} | ||
|
||
@ExceptionHandler({ UnsupportedGrantTypeException.class, InvalidSecureTokenRequest.class, UnknownBusinessPartnerNumber.class }) | ||
public ResponseEntity<StsTokenErrorResponse> getErrorResponse(RuntimeException e) { | ||
StsTokenErrorResponse response = new StsTokenErrorResponse(); | ||
response.setError(e.getClass().getSimpleName()); | ||
response.setErrorDescription(e.getMessage()); | ||
return ResponseEntity.badRequest().body(response); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
35 changes: 35 additions & 0 deletions
35
src/main/java/org/eclipse/tractusx/managedidentitywallets/interfaces/SecureTokenIssuer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
/* | ||
* ******************************************************************************* | ||
* Copyright (c) 2021,2024 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* ****************************************************************************** | ||
*/ | ||
|
||
package org.eclipse.tractusx.managedidentitywallets.interfaces; | ||
|
||
import com.nimbusds.jwt.JWT; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.DID; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.KeyPair; | ||
|
||
import java.time.Instant; | ||
import java.util.Set; | ||
|
||
public interface SecureTokenIssuer { | ||
JWT createAccessToken(KeyPair keyPair, DID self, DID partner, Instant expirationTime, Set<String> scopes); | ||
|
||
JWT createIdToken(KeyPair keyPair, DID self, DID partner, Instant expirationTime, JWT accessToken); | ||
} |
39 changes: 39 additions & 0 deletions
39
src/main/java/org/eclipse/tractusx/managedidentitywallets/interfaces/SecureTokenService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
/* | ||
* ******************************************************************************* | ||
* Copyright (c) 2021,2024 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | ||
* License for the specific language governing permissions and limitations | ||
* under the License. | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* ****************************************************************************** | ||
*/ | ||
|
||
package org.eclipse.tractusx.managedidentitywallets.interfaces; | ||
|
||
import org.eclipse.tractusx.managedidentitywallets.domain.BusinessPartnerNumber; | ||
import org.eclipse.tractusx.managedidentitywallets.domain.DID; | ||
|
||
import com.nimbusds.jwt.JWT; | ||
|
||
import java.util.Set; | ||
|
||
public interface SecureTokenService { | ||
JWT issueToken(DID self, DID partner, Set<String> scopes); | ||
|
||
JWT issueToken(BusinessPartnerNumber self, BusinessPartnerNumber partner, Set<String> scopes); | ||
|
||
JWT issueToken(DID self, DID partner, JWT accessToken); | ||
|
||
JWT issueToken(BusinessPartnerNumber self, BusinessPartnerNumber partner, JWT accessToken); | ||
} |
Oops, something went wrong.