chore[534] updated createIrsPolicyIfMissing()

CHANGELOG.md

@@ -65,6 +65,8 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - Updated github/codeql-action from 2 to 3
 - Updated actions/download-artifact from 3 to 4actions/download-artifact from 3 to 4
 - Updated com.nimbusds:nimbus-jose-jwt from 9.37.1 to 9.37.3
+- Changed some java implementations according to security findings ( business logic unchanged )
+- Updated createIrsPolicyIfMissing() method to validate policies based on rightOperand values rather than policyIDs
 
 ### Removed
 - Shell descriptor entity with underlying logic

tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/base/irs/IrsService.java

@@ -1,7 +1,7 @@
 /********************************************************************************
  * Copyright (c) 2022, 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
  * Copyright (c) 2022, 2023 ZF Friedrichshafen AG
- * Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2022, 2023, 2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -39,6 +39,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
@@ -143,43 +144,53 @@ void saveOrUpdateAssets(AssetCallbackRepository repository, AssetBase asset) {
     @Override
     public void createIrsPolicyIfMissing() {
         log.info("Check if irs policy exists");
-        List<PolicyResponse> irsPolicies = irsApiClient.getPolicies(adminApiKey);
+        List<PolicyResponse> irsPolicies = Objects.requireNonNullElse(irsApiClient.getPolicies(adminApiKey), Collections.emptyList());
         log.info("Irs has following policies: {}", irsPolicies);
-
         log.info("Required constraints from application yaml are : {}", traceabilityProperties.getRightOperand());
 
 
-        //update existing policies
-        irsPolicies.stream().filter(
-                        irsPolicy -> traceabilityProperties.getRightOperand().equals(irsPolicy.policyId()))
-                .forEach(existingPolicy -> checkAndUpdatePolicy(irsPolicies));
-
-
-        //create missing policies
-        boolean missingPolicy = irsPolicies.stream().noneMatch(irsPolicy -> irsPolicy.policyId().equals(traceabilityProperties.getRightOperand()));
-        if (missingPolicy) {
-            createPolicy();
+        PolicyResponse matchingIrsPolicy = irsPolicies.stream()
+                .filter(irsPolicy -> irsPolicy.permissions().stream()
+                        .flatMap(permission -> permission.getConstraints().stream())
+                        .anyMatch(constraint ->
+                                constraint.getOr().stream().anyMatch(rightO ->
+                                        rightO.getRightOperand().stream().anyMatch(value ->
+                                                value.equals(traceabilityProperties.getRightOperand())))
+                                        ||
+                                        constraint.getAnd().stream().allMatch(rightO ->
+                                                rightO.getRightOperand().stream().allMatch(value ->
+                                                        value.equals(traceabilityProperties.getRightOperand())))
+                        ))
+                .findFirst()
+                .orElse(null);
+
+        if (matchingIrsPolicy == null) {
+            createMissingPolicies();
+        } else {
+            checkAndUpdateExpiredPolicies((matchingIrsPolicy));
         }
     }
 
-    private void createPolicy() {
+    private void createMissingPolicies() {
         log.info("Irs policy does not exist creating {}", traceabilityProperties.getRightOperand());
         irsApiClient.registerPolicy(adminApiKey, RegisterPolicyRequest.from(traceabilityProperties.getLeftOperand(), OperatorType.fromValue(traceabilityProperties.getOperatorType()), traceabilityProperties.getRightOperand(), traceabilityProperties.getValidUntil()));
     }
 
-    private void checkAndUpdatePolicy(List<PolicyResponse> requiredPolicies) {
-        Optional<PolicyResponse> requiredPolicy = requiredPolicies.stream().filter(policyItem -> policyItem.policyId().equals(traceabilityProperties.getRightOperand())).findFirst();
-        if (requiredPolicy.isPresent() &&
-                traceabilityProperties.getValidUntil().isAfter(requiredPolicy.get().validUntil())
-        ) {
-            log.info("IRS Policy {} has outdated validity updating new ttl {}", traceabilityProperties.getRightOperand(), requiredPolicy);
+    private void checkAndUpdateExpiredPolicies(PolicyResponse matchingIrsPolicy) {
+        if (isPolicyExpired(matchingIrsPolicy)) {
+            log.info("IRS Policy {} has outdated validity updating new ttl {}", traceabilityProperties.getRightOperand(), matchingIrsPolicy);
             irsApiClient.deletePolicy(adminApiKey, traceabilityProperties.getRightOperand());
             irsApiClient.registerPolicy(adminApiKey, RegisterPolicyRequest.from(traceabilityProperties.getLeftOperand(), OperatorType.fromValue(traceabilityProperties.getOperatorType()), traceabilityProperties.getRightOperand(), traceabilityProperties.getValidUntil()));
         }
     }
 
+    private boolean isPolicyExpired(PolicyResponse requiredPolicy) {
+        return traceabilityProperties.getValidUntil().isAfter(requiredPolicy.validUntil());
+    }
+
     public List<PolicyResponse> getPolicies() {
         return irsApiClient.getPolicies(adminApiKey);
     }
 
+
 }

tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/base/irs/model/request/RegisterPolicyRequest.java

@@ -1,5 +1,5 @@
 /********************************************************************************
- * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023,2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -28,7 +28,6 @@
 import java.time.Instant;
 import java.time.OffsetDateTime;
 import java.util.List;
-import java.util.UUID;
 
 public record RegisterPolicyRequest(
         String policyId,
@@ -37,7 +36,7 @@ public record RegisterPolicyRequest(
 ) {
     public static RegisterPolicyRequest from(String leftOperand, OperatorType operatorType, String rightOperand, OffsetDateTime ttl) {
         return new RegisterPolicyRequest(
-                UUID.randomUUID().toString(),
+                rightOperand,
                 ttl.toInstant(),
                 List.of(new Permission(
                         PolicyType.USE,

tx-backend/src/test/java/org/eclipse/tractusx/traceability/assets/infrastructure/repository/rest/irs/IrsServiceTest.java

@@ -1,5 +1,5 @@
 /********************************************************************************
- * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ * Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -34,7 +34,6 @@
 import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.JobStatus;
 import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.Parameter;
 import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.PolicyResponse;
-import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.RegisterJobResponse;
 import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.Shell;
 import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.relationship.Aspect;
 import org.eclipse.tractusx.traceability.assets.infrastructure.base.irs.model.response.relationship.LinkedItem;
@@ -124,7 +123,7 @@ void givenNoPolicyExist_whenCreateIrsPolicyIfMissing_thenCreateIt() {
     @Test
     void givenPolicyExist_whenCreateIrsPolicyIfMissing_thenDoNotCreateIt() {
         // given
-        final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.now(), List.of());
+        final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.now(), List.of(new Permission(PolicyType.USE, List.of(new Constraints(List.of(), List.of(new Constraint("leftOperand1", OperatorType.EQ, List.of("test"))))))));
         when(irsClient.getPolicies(anyString())).thenReturn(List.of(existingPolicy));
         when(traceabilityProperties.getRightOperand()).thenReturn("test");
         when(traceabilityProperties.getValidUntil()).thenReturn(OffsetDateTime.parse("2023-07-02T16:01:05.309Z"));
@@ -139,7 +138,7 @@ void givenPolicyExist_whenCreateIrsPolicyIfMissing_thenDoNotCreateIt() {
     @Test
     void givenOutdatedPolicyExist_whenCreateIrsPolicyIfMissing_thenUpdateIt() {
         // given
-        final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), List.of());
+        final PolicyResponse existingPolicy = new PolicyResponse("test", OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), OffsetDateTime.parse("2023-07-03T16:01:05.309Z"), List.of(new Permission(PolicyType.USE, List.of(new Constraints(List.of(), List.of(new Constraint("leftOperand1", OperatorType.EQ, List.of("test"))))))));
         when(irsClient.getPolicies(anyString())).thenReturn(List.of(existingPolicy));
         when(traceabilityProperties.getRightOperand()).thenReturn("test");
         when(traceabilityProperties.getOperatorType()).thenReturn("eq");