chore: fix scripts and tests

src/main/resources/db/changelog/changelog-master.xml

@@ -25,4 +25,5 @@
         xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
         xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
     <include file="/db/changelog/changes/init.sql"/>
+    <include file="/db/changelog/changes/create_jti_table.sql"/>
 </databaseChangeLog>

src/main/resources/db/changelog/changes/create_jti_table.sql

@@ -24,6 +24,9 @@ CREATE TABLE IF NOT EXISTS public.jti
     id                bigserial     NOT NULL,
     jti               uuid          NOT NULL,
     is_used_status    bool          NOT NULL,
+    created_at    timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    modified_at   timestamp(6) NULL,
+    modified_from varchar(255) NULL,
     CONSTRAINT jti_pkey PRIMARY KEY (id)
 );
 COMMENT ON TABLE public.jti IS 'This table will store jti field statuses';

src/test/java/org/eclipse/tractusx/managedidentitywallets/controller/SecureTokenControllerTest.java

@@ -24,6 +24,7 @@
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
+import org.eclipse.tractusx.managedidentitywallets.dao.repository.JtiRepository;
 import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
 import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
 import org.eclipse.tractusx.ssi.lib.did.web.DidWebFactory;
@@ -54,6 +55,9 @@ class SecureTokenControllerTest {
     @Autowired
     private TestRestTemplate testTemplate;
 
+    @Autowired
+    private JtiRepository jtiRepository;
+
     @Test
     void token() {
         // given

src/test/java/org/eclipse/tractusx/managedidentitywallets/service/STSTokenValidationServiceTest.java

@@ -25,7 +25,6 @@
 import com.nimbusds.jose.jwk.Curve;
 import com.nimbusds.jose.jwk.OctetKeyPair;
 import com.nimbusds.jose.jwk.gen.OctetKeyPairGenerator;
-import com.nimbusds.jose.util.Base64URL;
 import com.nimbusds.jwt.JWTClaimsSet;
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
@@ -61,6 +60,7 @@
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.buildClaimsSet;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.buildJWTToken;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.buildWallet;
+import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.generateUuid;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = { ManagedIdentityWalletsApplication.class })
 @ContextConfiguration(initializers = { TestContextInitializer.class })
@@ -104,7 +104,7 @@ public void cleanWallets() {
 
     @Test
     void validateTokenFailureAccessTokenMissingTest() throws JOSEException {
-        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE);
+        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE, generateUuid());
         String siToken = buildJWTToken(JWK_OUTER, outerSet);
 
         ValidationResult result = stsTokenValidationService.validateToken(siToken);
@@ -120,10 +120,10 @@ void validateTokenFailureWrongSignatureInnerTokenTest() throws JOSEException {
                 .keyID("58cb4b32-c2e4-46f0-a3ad-3286e34765ty")
                 .generate();
 
-        JWTClaimsSet innerSet = buildClaimsSet(DID_BPN_2, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE);
+        JWTClaimsSet innerSet = buildClaimsSet(DID_BPN_2, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE, generateUuid());
         String accessToken = buildJWTToken(jwkRandom, innerSet);
 
-        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, ALREADY_EXP_DATE);
+        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, ALREADY_EXP_DATE, generateUuid());
         JWTClaimsSet outerSetFull = addAccessTokenToClaimsSet(accessToken, outerSet);
         String siToken = buildJWTToken(JWK_OUTER, outerSetFull);
 
@@ -135,10 +135,10 @@ void validateTokenFailureWrongSignatureInnerTokenTest() throws JOSEException {
 
     @Test
     void validateTokenFailureExpiredTokenIssNotEqualsSubTest() throws JOSEException {
-        JWTClaimsSet innerSet = buildClaimsSet(DID_BPN_2, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE);
+        JWTClaimsSet innerSet = buildClaimsSet(DID_BPN_2, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE, generateUuid());
         String accessToken = buildJWTToken(JWK_INNER, innerSet);
 
-        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_2, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, ALREADY_EXP_DATE, IAT_VALID_DATE);
+        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_2, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, ALREADY_EXP_DATE, IAT_VALID_DATE, generateUuid());
         JWTClaimsSet outerSetFull = addAccessTokenToClaimsSet(accessToken, outerSet);
         String siToken = buildJWTToken(JWK_OUTER, outerSetFull);
 
@@ -151,10 +151,10 @@ void validateTokenFailureExpiredTokenIssNotEqualsSubTest() throws JOSEException
 
     @Test
     void validateTokenSuccessTest() throws JOSEException {
-        JWTClaimsSet innerSet = buildClaimsSet(DID_BPN_2, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE);
+        JWTClaimsSet innerSet = buildClaimsSet(DID_BPN_2, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE, generateUuid());
         String accessToken = buildJWTToken(JWK_INNER, innerSet);
 
-        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE);
+        JWTClaimsSet outerSet = buildClaimsSet(DID_BPN_1, DID_BPN_1, DID_BPN_1, NONCE, BPN_CREDENTIAL_READ, EXP_VALID_DATE, IAT_VALID_DATE, generateUuid());
         JWTClaimsSet outerSetFull = addAccessTokenToClaimsSet(accessToken, outerSet);
         String siToken = buildJWTToken(JWK_OUTER, outerSetFull);
 

src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/TestUtils.java

@@ -63,6 +63,7 @@
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 
 public class TestUtils {
 
@@ -226,7 +227,7 @@ public static String buildJWTToken(OctetKeyPair jwk, JWTClaimsSet claimsSet) thr
         return signedJWT.serialize();
     }
 
-    public static JWTClaimsSet buildClaimsSet(String issuer, String subject, String audience, String nonce, String scope, Date expiration, Date issuance) {
+    public static JWTClaimsSet buildClaimsSet(String issuer, String subject, String audience, String nonce, String scope, Date expiration, Date issuance, String jti) {
         return new JWTClaimsSet.Builder()
                 .issuer(issuer)
                 .subject(subject)
@@ -235,9 +236,14 @@ public static JWTClaimsSet buildClaimsSet(String issuer, String subject, String
                 .issueTime(issuance)
                 .claim("nonce", nonce)
                 .claim("scope", scope)
+                .claim("jti", jti)
                 .build();
     }
 
+    public static String generateUuid() {
+        return UUID.randomUUID().toString();
+    }
+
     public static JWTClaimsSet addAccessTokenToClaimsSet(String accessToken, JWTClaimsSet initialSet) {
         return new JWTClaimsSet.Builder(initialSet).claim("access_token", accessToken).build();
     }

src/test/java/org/eclipse/tractusx/managedidentitywallets/vp/PresentationServiceTest.java

@@ -30,7 +30,10 @@
 import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
 import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
 import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
+import org.eclipse.tractusx.managedidentitywallets.dao.entity.Jti;
 import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
+import org.eclipse.tractusx.managedidentitywallets.dao.repository.JtiRepository;
+import org.eclipse.tractusx.managedidentitywallets.exception.BadDataException;
 import org.eclipse.tractusx.managedidentitywallets.exception.MissingVcTypesException;
 import org.eclipse.tractusx.managedidentitywallets.exception.PermissionViolationException;
 import org.eclipse.tractusx.managedidentitywallets.service.PresentationService;
@@ -60,6 +63,7 @@
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.buildClaimsSet;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.buildJWTToken;
 import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.createWallet;
+import static org.eclipse.tractusx.managedidentitywallets.utils.TestUtils.generateUuid;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {
         ManagedIdentityWalletsApplication.class })
@@ -75,13 +79,19 @@ public class PresentationServiceTest {
     @Autowired
     private TestRestTemplate restTemplate;
 
+    @Autowired
+    private JtiRepository jtiRepository;
+
     @SneakyThrows
     @Test
     void createPresentation200ResponseAsJWT() {
         boolean asJwt = true;
         String bpn = TestUtils.getRandomBpmNumber();
         String did = generateWalletAndGetDid(bpn);
-        String accessToken = generateAccessToken(did, did, did, BPN_CREDENTIAL_READ);
+        String jtiValue = generateUuid();
+        String accessToken = generateAccessToken(did, did, did, BPN_CREDENTIAL_READ, jtiValue);
+        Jti jti = buildJti(jtiValue, false);
+        jtiRepository.save(jti);
 
         Map<String, Object> presentation = presentationService.createVpWithRequiredScopes(SignedJWT.parse(accessToken), asJwt);
         String vpAsJwt = String.valueOf(presentation.get(VERIFIABLE_PRESENTATION));
@@ -98,7 +108,10 @@ void createPresentation200ResponseAsJsonLD() {
         boolean asJwt = false;
         String bpn = TestUtils.getRandomBpmNumber();
         String did = generateWalletAndGetDid(bpn);
-        String accessToken = generateAccessToken(did, did, did, BPN_CREDENTIAL_READ);
+        String jtiValue = generateUuid();
+        String accessToken = generateAccessToken(did, did, did, BPN_CREDENTIAL_READ, jtiValue);
+        Jti jti = buildJti(jtiValue, false);
+        jtiRepository.save(jti);
 
         Map<String, Object> presentation = presentationService.createVpWithRequiredScopes(SignedJWT.parse(accessToken), asJwt);
         Assertions.assertNotNull(presentation);
@@ -118,7 +131,10 @@ void createPresentationIncorrectVcTypeResponse() {
         boolean asJwt = true;
         String bpn = TestUtils.getRandomBpmNumber();
         String did = generateWalletAndGetDid(bpn);
-        String accessToken = generateAccessToken(did, did, did, INVALID_CREDENTIAL_READ);
+        String jtiValue = generateUuid();
+        String accessToken = generateAccessToken(did, did, did, INVALID_CREDENTIAL_READ, jtiValue);
+        Jti jti = buildJti(jtiValue, false);
+        jtiRepository.save(jti);
 
         Assertions.assertThrows(MissingVcTypesException.class, () ->
                 presentationService.createVpWithRequiredScopes(SignedJWT.parse(accessToken), asJwt));
@@ -128,12 +144,42 @@ void createPresentationIncorrectVcTypeResponse() {
     @Test
     void createPresentationIncorrectRightsRequested() {
         boolean asJwt = true;
-        String accessToken = generateAccessToken(DID_BPN_1, DID_BPN_1, DID_BPN_1, BPN_CREDENTIAL_WRITE);
+        String jtiValue = generateUuid();
+        String accessToken = generateAccessToken(DID_BPN_1, DID_BPN_1, DID_BPN_1, BPN_CREDENTIAL_WRITE, jtiValue);
+        Jti jti = buildJti(jtiValue, false);
+        jtiRepository.save(jti);
 
         Assertions.assertThrows(PermissionViolationException.class, () ->
                 presentationService.createVpWithRequiredScopes(SignedJWT.parse(accessToken), asJwt));
     }
 
+    @SneakyThrows
+    @Test
+    void createPresentationIncorrectNoJtiRecord() {
+        boolean asJwt = false;
+        String bpn = TestUtils.getRandomBpmNumber();
+        String did = generateWalletAndGetDid(bpn);
+        String accessToken = generateAccessToken(did, did, did, BPN_CREDENTIAL_READ, generateUuid());
+
+        BadDataException ex = Assertions.assertThrows(BadDataException.class, () -> presentationService.createVpWithRequiredScopes(SignedJWT.parse(accessToken), asJwt));
+        Assertions.assertEquals("Jti record does not exist", ex.getMessage());
+    }
+
+    @SneakyThrows
+    @Test
+    void createPresentationIncorrectJtiAlreadyUsed() {
+        boolean asJwt = false;
+        String bpn = TestUtils.getRandomBpmNumber();
+        String did = generateWalletAndGetDid(bpn);
+        String jtiValue = generateUuid();
+        String accessToken = generateAccessToken(did, did, did, BPN_CREDENTIAL_READ, jtiValue);
+        Jti jti = buildJti(jtiValue, true);
+        jtiRepository.save(jti);
+
+        BadDataException ex = Assertions.assertThrows(BadDataException.class, () -> presentationService.createVpWithRequiredScopes(SignedJWT.parse(accessToken), asJwt));
+        Assertions.assertEquals("The token was already used", ex.getMessage());
+    }
+
     @SneakyThrows
     private String generateWalletAndGetDid(String bpn) {
         String baseBpn = miwSettings.authorityWalletBpn();
@@ -142,8 +188,12 @@ private String generateWalletAndGetDid(String bpn) {
         return wallet.getDid();
     }
 
-    private String generateAccessToken(String issUrl, String sub, String aud, String scope) throws JOSEException {
-        JWTClaimsSet innerSet = buildClaimsSet(issUrl, sub, aud, TestConstants.NONCE, scope, EXP_VALID_DATE, IAT_VALID_DATE);
+    private Jti buildJti(String value, boolean isUsed) {
+        return Jti.builder().jti(value).isUsedStatus(isUsed).build();
+    }
+
+    private String generateAccessToken(String issUrl, String sub, String aud, String scope, String jwt) throws JOSEException {
+        JWTClaimsSet innerSet = buildClaimsSet(issUrl, sub, aud, TestConstants.NONCE, scope, EXP_VALID_DATE, IAT_VALID_DATE, jwt);
         return buildJWTToken(JWK_INNER, innerSet);
     }
 }