From 7c9cee848fbc53ed98066fe02cc7d6157c66a6dd Mon Sep 17 00:00:00 2001 From: dvasunin Date: Fri, 1 Mar 2024 01:32:28 +0200 Subject: [PATCH 01/12] feat: no need for MIW configuration if vrel3 converter is active --- .../selfdescriptionfactory/SDFactory.java | 32 ++++++--- .../config/DefaultFeignConfig.java | 20 ++++-- .../config/SecurityConfig.java | 70 ++++++++++++------- .../config/TechnicalUsersDetails.java | 5 +- .../service/AuthChecker.java | 45 ++++++++++++ .../service/clearinghouse/ClearingHouse.java | 54 ++++++++++---- .../clearinghouse/ClearingHouseClient.java | 6 +- .../clearinghouse/ClearingHouseMock.java | 45 ------------ .../clearinghouse/ClearingHouseRemote.java | 47 ------------- .../service/wallet/CustodianClient.java | 6 +- 10 files changed, 176 insertions(+), 154 deletions(-) create mode 100644 src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/AuthChecker.java delete mode 100644 src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseMock.java delete mode 100644 src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseRemote.java diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/SDFactory.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/SDFactory.java index 39a839d8..f1b8b6e9 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/SDFactory.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/SDFactory.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -28,19 +28,21 @@ import lombok.extern.slf4j.Slf4j; import org.eclipse.tractusx.selfdescriptionfactory.api.vrel3.ApiApiDelegate; import org.eclipse.tractusx.selfdescriptionfactory.model.vrel3.SelfdescriptionPostRequest; +import org.eclipse.tractusx.selfdescriptionfactory.service.AuthChecker; import org.eclipse.tractusx.selfdescriptionfactory.service.clearinghouse.ClearingHouse; -import org.eclipse.tractusx.selfdescriptionfactory.service.wallet.CustodianWallet; +import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.convert.ConversionService; +import org.springframework.core.env.Environment; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Service; import java.net.URI; import java.time.Duration; import java.time.Instant; import java.util.*; +import java.util.function.Function; /** * A service to create and manipulate of Self-Description document @@ -48,17 +50,23 @@ @Service @RequiredArgsConstructor @Slf4j -public class SDFactory implements ApiApiDelegate { +public class SDFactory implements ApiApiDelegate, InitializingBean { @Value("${app.verifiableCredentials.durationDays:90}") private int duration; - private final CustodianWallet custodianWallet; private final ConversionService conversionService; private final ClearingHouse clearingHouse; + private final Environment environment; + private final AuthChecker authChecker; + + private Function> decoratedFunction; - @PreAuthorize("hasAuthority(@securityRoles.createRole)") @Override public ResponseEntity selfdescriptionPost(SelfdescriptionPostRequest selfdescriptionPostRequest) { + return decoratedFunction.apply(selfdescriptionPostRequest); + } + + private ResponseEntity doWork(SelfdescriptionPostRequest selfdescriptionPostRequest) { var processed = Objects.requireNonNull(conversionService.convert(selfdescriptionPostRequest, SelfDescription.class), "Converted SD-Document is null. Very strange"); var verifiableCredential = VerifiableCredential.builder() .contexts(processed.getContexts()) @@ -69,13 +77,17 @@ public ResponseEntity selfdescriptionPost(SelfdescriptionPostRequest selfd .credentialSubject(CredentialSubject.fromJsonObject(processed)) .type(processed.getType()) .build(); - // This call signs the VC at MIW as it was in versions prior to CH - // var verifiableCredentialSigned = custodianWallet.getSignedVC(verifiableCredential); clearingHouse.sendToClearingHouse(verifiableCredential, processed.getExternalId()); - return new ResponseEntity<>(HttpStatus.ACCEPTED); } + @Override + public void afterPropertiesSet() { + decoratedFunction = Arrays.asList(environment.getActiveProfiles()).contains("test") + ? this::doWork + : authChecker.getAuthorizedFn(this::doWork); + } + @Getter @RequiredArgsConstructor @EqualsAndHashCode(callSuper = true) diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java index af171f0e..370b2d49 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -41,11 +41,17 @@ @Slf4j public class DefaultFeignConfig { @Bean - public RequestInterceptor getRequestInterceptor(KeycloakManager keycloakManager) { - return requestTemplate -> Optional.of(requestTemplate.feignTarget().name()) - .map(keycloakManager::getToken) - .ifPresent(token -> requestTemplate.header("Authorization", "Bearer ".concat(token))); - + public RequestInterceptor getRequestInterceptor(KeycloakManager keycloakManager, TechnicalUsersDetails technicalUsersDetails) { + return requestTemplate -> { + Optional.of(requestTemplate.feignTarget().name()) + .map(keycloakManager::getToken) + .map("Bearer "::concat) + .ifPresent(token -> requestTemplate.header("Authorization", token)); + Optional.of(requestTemplate.feignTarget().name()) + .map(technicalUsersDetails.getUsersDetails()::get) + .map(TechnicalUsersDetails.UserDetail::uri) + .ifPresent(requestTemplate::target); + }; } @Bean diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java index 8fc475e7..aa7813d2 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -20,16 +20,19 @@ package org.eclipse.tractusx.selfdescriptionfactory.config; +import lombok.RequiredArgsConstructor; import lombok.SneakyThrows; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.web.ServerProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.convert.converter.Converter; +import org.springframework.core.env.Environment; import org.springframework.security.authentication.AbstractAuthenticationToken; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; @@ -41,6 +44,7 @@ import org.springframework.web.cors.CorsConfigurationSource; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; +import java.util.Arrays; import java.util.Collection; import java.util.List; import java.util.Map; @@ -49,13 +53,12 @@ @Configuration @EnableWebSecurity @EnableMethodSecurity +@RequiredArgsConstructor public class SecurityConfig { - private static final String[] PUBLIC_URL = { "/ping", "/*/public/**", "/api-docs/**", "/swagger-ui/**", - "*/swagger-ui/**", "/v3/api-docs/**" }; - @Value("${keycloak.resource.clientid}") private String resourceName; + private final Environment environment; public interface Jwt2AuthoritiesConverter extends Converter> { } @@ -85,31 +88,48 @@ public Jwt2AuthenticationConverter authenticationConverter(Jwt2AuthoritiesConver @SneakyThrows @Bean - public SecurityFilterChain filterChain(HttpSecurity http, Jwt2AuthenticationConverter authenticationConverter, - ServerProperties serverProperties) { + public SecurityFilterChain filterChain(HttpSecurity http, Jwt2AuthenticationConverter authenticationConverter) { + + // Configure OAuth2 with custom authorities mapping + http.oauth2ResourceServer(oauth2 -> oauth2.jwt( + jwt -> jwt.jwtAuthenticationConverter(authenticationConverter) + )); + + // Enable anonymous access + http.anonymous(Customizer.withDefaults()); - // Enable OAuth2 with custom authorities mapping - http.oauth2ResourceServer().jwt().jwtAuthenticationConverter(authenticationConverter); + // Configure CORS with custom source + http.cors(cors -> cors.configurationSource(corsConfigurationSource())); - // Enable anonymous - http.anonymous(); + // Configure stateless session management + http.sessionManagement(session -> session.sessionCreationPolicy( + SessionCreationPolicy.STATELESS + )); - // Enable and configure CORS - http.cors().configurationSource(corsConfigurationSource()); + // Disable CSRF due to stateless session management + http.csrf(AbstractHttpConfigurer::disable); - // State-less session (state in access-token only) - http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + // Define authorization for requests + if (Arrays.asList(environment.getActiveProfiles()).contains("test")) { + http.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll()); + } else { + http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()); + } - // Disable CSRF because of state-less session-management - http.csrf().disable(); + http.headers(headers -> { + // Equivalent to xssProtection().and() in the deprecated configuration + // The XSS protection is enabled by default and the X-XSS-Protection header is not necessary to set if you're using modern browser security features. - http.authorizeHttpRequests() - //.requestMatchers("/actuator/**").authenticated() - .anyRequest().permitAll(); + // Content Security Policy configuration + headers.contentSecurityPolicy(csp -> csp.policyDirectives("default-src 'self'; script-src 'self' 'unsafe-inline'")); + // The .and() is not needed as the lambda configuration allows chaining within the same context. - http.headers().xssProtection().and() - .contentSecurityPolicy("default-src 'self'; script-src 'self' 'unsafe-inline'").and() - .httpStrictTransportSecurity().requestMatcher(AnyRequestMatcher.INSTANCE); + // HTTP Strict Transport Security configuration + headers.httpStrictTransportSecurity(hsts -> hsts + .includeSubDomains(true) + .maxAgeInSeconds(31536000) + .requestMatcher(AnyRequestMatcher.INSTANCE)); // Apply HSTS to all requests + }); return http.build(); } @@ -128,4 +148,4 @@ protected CorsConfigurationSource corsConfigurationSource() { return source; } -} \ No newline at end of file +} diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/TechnicalUsersDetails.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/TechnicalUsersDetails.java index 3273ba4a..b4ab52d8 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/TechnicalUsersDetails.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/TechnicalUsersDetails.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -31,6 +31,7 @@ public class TechnicalUsersDetails { private Map usersDetails; public record UserDetail ( + String uri, String serverUrl, String realm, String username, diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/AuthChecker.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/AuthChecker.java new file mode 100644 index 00000000..8042f6f9 --- /dev/null +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/AuthChecker.java @@ -0,0 +1,45 @@ +/******************************************************************************** + * Copyright (c) 2024 T-Systems International GmbH + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +package org.eclipse.tractusx.selfdescriptionfactory.service; + +import lombok.RequiredArgsConstructor; +import org.springframework.beans.factory.ObjectFactory; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.stereotype.Component; + +import java.util.function.Function; + +@Component +@RequiredArgsConstructor +public class AuthChecker { + + private final ObjectFactory factory; + + public Function getAuthorizedFn(Function function) { + return t -> factory.getObject().checkAuthorized(t, function); + } + + @PreAuthorize("hasAuthority(@securityRoles.createRole)") + public R checkAuthorized(T t, Function function) { + return function.apply(t); + } + +} diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java index 910da773..f1d797e4 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -21,23 +21,53 @@ package org.eclipse.tractusx.selfdescriptionfactory.service.clearinghouse; import com.danubetech.verifiablecredentials.VerifiableCredential; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; import lombok.RequiredArgsConstructor; +import lombok.SneakyThrows; +import lombok.extern.slf4j.Slf4j; +import org.eclipse.tractusx.selfdescriptionfactory.config.TechnicalUsersDetails; import org.eclipse.tractusx.selfdescriptionfactory.service.keycloak.KeycloakManager; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.core.env.Environment; +import org.springframework.stereotype.Service; +import java.util.Arrays; import java.util.Optional; +@Slf4j +@Service @RequiredArgsConstructor -public abstract class ClearingHouse { - @Value("${app.usersDetails.clearingHouse.uri}") - private String clearingHouseUrl; - @Autowired - protected KeycloakManager keycloakManager; +public class ClearingHouse implements InitializingBean { - public abstract void doWork(String url, VerifiableCredential payload, String externalId, String token); + private final KeycloakManager keycloakManager; + private final TechnicalUsersDetails technicalUsersDetails; + private final ClearingHouseClient clearingHouseClient; + private final ObjectMapper objectMapper = new ObjectMapper(); + private final Environment environment; - public void sendToClearingHouse(VerifiableCredential verifiableCredential, String externalId) { - doWork(clearingHouseUrl, verifiableCredential, externalId, "Bearer ".concat(Optional.ofNullable(keycloakManager.getToken("clearingHouse")).orElse(""))); + public void sendToClearingHouse(VerifiableCredential payload, String externalId) { + if (log.isDebugEnabled()) { + debug(payload, externalId); + } + if (!Arrays.asList(environment.getActiveProfiles()).contains("test")) { + clearingHouseClient.send(payload, externalId); + } + } + @SneakyThrows + protected void debug(VerifiableCredential payload, String externalId) { + var annotation = ClearingHouseClient.class.getAnnotation(FeignClient.class); + var name = annotation.name(); + Optional.ofNullable(technicalUsersDetails.getUsersDetails().get(name)).map(TechnicalUsersDetails.UserDetail::uri).ifPresent(uri -> log.debug("URL: {}", uri)); + Optional.of(name).map(keycloakManager::getToken).ifPresent(token -> log.debug("Authorization: {}", token)); + log.debug("ExternalId: {}", externalId); + log.debug("payload: {}", objectMapper.writeValueAsString(payload)); + } + + + @Override + public void afterPropertiesSet() { + objectMapper.enable(SerializationFeature.INDENT_OUTPUT); } } diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseClient.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseClient.java index a81b5cf9..2fda9cb1 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseClient.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseClient.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -26,7 +26,7 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestParam; -@FeignClient(name = "clearingHouse", url = "${app.usersDetails.clearingHouse.uri}") +@FeignClient(name = "clearingHouse", url = "http://placeholder:8080") public interface ClearingHouseClient { @PostMapping void send(@RequestBody VerifiableCredential verifiableCredential, @RequestParam("externalId") String externalId); diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseMock.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseMock.java deleted file mode 100644 index 125f1d47..00000000 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseMock.java +++ /dev/null @@ -1,45 +0,0 @@ -/******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0. - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - ********************************************************************************/ - -package org.eclipse.tractusx.selfdescriptionfactory.service.clearinghouse; - -import com.danubetech.verifiablecredentials.VerifiableCredential; -import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.RequiredArgsConstructor; -import lombok.SneakyThrows; -import lombok.extern.slf4j.Slf4j; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Service; - -@Service -@Profile("test") -@Slf4j -@RequiredArgsConstructor -public class ClearingHouseMock extends ClearingHouse{ - private final ObjectMapper objectMapper; - @Override - @SneakyThrows - public void doWork(String url, VerifiableCredential payload, String externalId, String token) { - log.debug("URL: {}", url); - log.debug("Authorization: {}", token); - log.debug("ExternalId: {}", externalId); - log.debug("Payload: {}", objectMapper.writeValueAsString(payload)); - } -} diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseRemote.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseRemote.java deleted file mode 100644 index e6db8400..00000000 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouseRemote.java +++ /dev/null @@ -1,47 +0,0 @@ -/******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0. - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - ********************************************************************************/ - -package org.eclipse.tractusx.selfdescriptionfactory.service.clearinghouse; - -import com.danubetech.verifiablecredentials.VerifiableCredential; -import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.RequiredArgsConstructor; -import lombok.SneakyThrows; -import lombok.extern.slf4j.Slf4j; -import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.stereotype.Service; - -@ConditionalOnMissingBean(ClearingHouseMock.class) -@Service -@Slf4j -@RequiredArgsConstructor -public class ClearingHouseRemote extends ClearingHouse{ - private final ClearingHouseClient clearingHouseClient; - private final ObjectMapper objectMapper; - - @Override - @SneakyThrows - public void doWork(String url, VerifiableCredential payload, String externalId, String token) { - log.info("This is url: " + url); - log.info("This is payload: " + objectMapper.writeValueAsString(payload)); - log.info("External id " + externalId); - clearingHouseClient.send(payload, externalId); - } -} diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/wallet/CustodianClient.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/wallet/CustodianClient.java index 63d76812..73f13886 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/wallet/CustodianClient.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/wallet/CustodianClient.java @@ -1,6 +1,6 @@ /******************************************************************************** - * Copyright (c) 2022,2023 T-Systems International GmbH - * Copyright (c) 2022,2023 Contributors to the Eclipse Foundation + * Copyright (c) 2022,2024 T-Systems International GmbH + * Copyright (c) 2022,2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -29,7 +29,7 @@ import java.util.Map; -@FeignClient(name = "custodianWallet", url = "${app.usersDetails.custodianWallet.uri}") +@FeignClient(name = "custodianWallet", url = "http://placeholder:8080") public interface CustodianClient { @GetMapping(path = "/wallets/{walletId}") Map getWalletData(@PathVariable("walletId") String walletId); From a3aa322cab4ac6c734d698a4c9fcf295b1a149dd Mon Sep 17 00:00:00 2001 From: dvasunin Date: Wed, 20 Mar 2024 17:24:07 +0200 Subject: [PATCH 02/12] feat: make context jsonld files available as static resource --- README.md | 2 +- .../config/SecurityConfig.java | 7 -- .../config/WebConfig.java | 100 ++++++++++++++++++ src/main/resources/application.yml | 13 +-- ...v22.04.jsonld => sd-document-v2204.jsonld} | 0 ...ocument-v2210 => sd-document-v2210.jsonld} | 0 6 files changed, 104 insertions(+), 18 deletions(-) create mode 100644 src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/WebConfig.java rename src/main/resources/verifiablecredentials/{sd-document-v22.04.jsonld => sd-document-v2204.jsonld} (100%) rename src/main/resources/verifiablecredentials/{sd-document-v2210 => sd-document-v2210.jsonld} (100%) diff --git a/README.md b/README.md index 39460f73..31bd3d3e 100644 --- a/README.md +++ b/README.md @@ -61,7 +61,7 @@ For the VC we have to provide valid JSON context where we have a reference to an from known ontology. This object carries the claims the SD-Factory signs. The document is published on the github repository of the project. The vocabulary URL can be changed when will be provided by Trusted Framework. Currently, we support -[a vocabulary for Version 22.10 of Trust Framework](src/main/resources/verifiablecredentials/sd-document-v2210). +[a vocabulary for Version 22.10 of Trust Framework](src/main/resources/verifiablecredentials/sd-document-v2210.jsonld). # REST Interface diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java index aa7813d2..2eee824d 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/SecurityConfig.java @@ -109,13 +109,6 @@ public SecurityFilterChain filterChain(HttpSecurity http, Jwt2AuthenticationConv // Disable CSRF due to stateless session management http.csrf(AbstractHttpConfigurer::disable); - // Define authorization for requests - if (Arrays.asList(environment.getActiveProfiles()).contains("test")) { - http.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll()); - } else { - http.authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated()); - } - http.headers(headers -> { // Equivalent to xssProtection().and() in the deprecated configuration // The XSS protection is enabled by default and the X-XSS-Protection header is not necessary to set if you're using modern browser security features. diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/WebConfig.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/WebConfig.java new file mode 100644 index 00000000..78973ed7 --- /dev/null +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/WebConfig.java @@ -0,0 +1,100 @@ +/******************************************************************************** + * Copyright (c) 2024 T-Systems International GmbH + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +package org.eclipse.tractusx.selfdescriptionfactory.config; + +import io.vavr.control.Try; +import jakarta.servlet.http.HttpServletRequest; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.http.MediaType; +import org.springframework.lang.Nullable; +import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer; +import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; +import org.springframework.web.servlet.resource.ResourceResolver; +import org.springframework.web.servlet.resource.ResourceResolverChain; + +import java.util.List; +import java.util.Objects; +import java.util.Optional; + +@Configuration +public class WebConfig implements WebMvcConfigurer { + + @Override + public void configureContentNegotiation(ContentNegotiationConfigurer configurer) { + configurer.mediaType("jsonld", new MediaType("application", "ld+json")) + .mediaType("yml", new MediaType("application", "yaml")) + .mediaType("yaml", new MediaType("application", "yaml")) + .mediaType("yml", new MediaType("text", "yaml")) + .mediaType("yaml", new MediaType("text", "yaml")); + } + + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + registry.addResourceHandler("/context/**") // URL pattern for static resources + .addResourceLocations("classpath:/verifiablecredentials/") // Location of static resources + .setCachePeriod(3600) // Cache period in seconds (optional) + .resourceChain(true) // Enable resource chain optimization (optional) + .addResolver(new CustomResolver()); + } + + private static class CustomResolver implements ResourceResolver { + + /** + * Resolves the requested resource based on the provided request path and locations using the given chain. + * If the resource is not found in the provided locations, falls back to the chain to resolve it. + * + * @param request the HttpServletRequest object + * @param requestPath the path of the requested resource + * @param locations the list of possible resource locations to search in + * @param chain the ResourceResolverChain to delegate resource resolution if needed + * @return the resolved resource or null if not found + */ + @Override + @Nullable + public Resource resolveResource(@Nullable HttpServletRequest request, String requestPath, + List locations, ResourceResolverChain chain) { + // Modify the requestPath to remove any trailing "/" + var requestPathModified = requestPath.endsWith("/") ? requestPath.substring(0, requestPath.length() - 1) : requestPath; + // Attempt to resolve the resource in each location or with a ".jsonld" extension + return locations.stream() + .flatMap(location -> Optional.ofNullable(resolveResource(location, requestPathModified)) + .or(() -> Optional.ofNullable(resolveResource(location, requestPathModified.concat(".jsonld")))) + .stream() + ).findAny() + .orElseGet(() -> chain.resolveResource(request, requestPath, locations)); + } + private Resource resolveResource(Resource location, String requestPath) { + return Try.of(() -> location.createRelative(requestPath)) + .filter(resolvedResource ->resolvedResource.exists() && resolvedResource.isReadable()) + .getOrNull(); + } + + @Override + @Nullable + public String resolveUrlPath(String resourcePath, List locations, ResourceResolverChain chain) { + return Try.ofSupplier(() -> resolveResource(null, resourcePath, locations, chain)) + .mapTry(Resource::getURL) + .map(Objects::toString).getOrNull(); + } + } +} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 4cfa6fe5..e9abb224 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,6 +1,6 @@ ################################################################################# -# Copyright (c) 2022,2023 T-Systems International GmbH -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2024 T-Systems International GmbH +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -48,15 +48,8 @@ app: schema2210Url: https://f1c82785-5598-41c7-a083-01a8e1a80e19.mock.pstmn.io/ctxsd gaia-x-participant-schema: https://registry.lab.gaia-x.eu/development/api/trusted-schemas-registry/v2/schemas gaia-x-service-schema: https://gaia-x.gitlab.io/gaia-x-community/gaia-x-self-descriptions/service/ontology.json - #catena-x-schema: https://github.com/catenax-ng/tx-sd-factory/raw/clearing-house/src/main/resources/verifiablecredentials.jsonld/catenax.jsonld - catena-x-schema: https://f1c82785-5598-41c7-a083-01a8e1a80e19.mock.pstmn.io/ctxsd + catena-x-schema: https://sdfactory.int.demo.catena-x.net/context/sd-document-v2210 usersDetails: - custodianWallet: - #uri: https://managed-identity-wallets.int.demo.catena-x.net/api - #serverUrl: https://centralidp.int.demo.catena-x.net/auth - #realm: CX-Central - #clientId: sa-cl5-custodian-1 - #clientSecret: clearingHouse: #uri: https://validation.dev.dih-cloud.com/api/v1/compliance #auth-server-url: https://iam.dev.dih-cloud.com//auth diff --git a/src/main/resources/verifiablecredentials/sd-document-v22.04.jsonld b/src/main/resources/verifiablecredentials/sd-document-v2204.jsonld similarity index 100% rename from src/main/resources/verifiablecredentials/sd-document-v22.04.jsonld rename to src/main/resources/verifiablecredentials/sd-document-v2204.jsonld diff --git a/src/main/resources/verifiablecredentials/sd-document-v2210 b/src/main/resources/verifiablecredentials/sd-document-v2210.jsonld similarity index 100% rename from src/main/resources/verifiablecredentials/sd-document-v2210 rename to src/main/resources/verifiablecredentials/sd-document-v2210.jsonld From 7892072441d516b1820c551791aacde5e273a897 Mon Sep 17 00:00:00 2001 From: dvasunin Date: Tue, 2 Apr 2024 12:38:01 +0300 Subject: [PATCH 03/12] docs: CHANGELOG update --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48c08f24..18e9f9c1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Fixed - Fixed the CVE-2024-22259 and CVE-2024-22257 security issue +### Changed +- unused configuration entries in application.yml are not mandatory (e.g. `app.usersDetails.custodianWallet` +for catena-x-ctx profile) +- if `test` profile is active then authentication is turned off for the service +- files placed to the resources/verifiablecredentials directory are served by the service's web-server as static +resources. If a file has .jsonld extension then correct `Content-Type` is set for it even if extension is missed in URL +(e.g. for URL https://{SERVICE_HOST}/context/sd-document-v2210 the file resources/verifiablecredentials/sd-document-v2210.jsonld +is returned while `Content-Type` is set to `application/ld+json`) +- correct `Content-Type` is set for YAML extension (can be `application/yaml` or `text/yaml`) + ## [2.1.10] - 2024-02-28 ### Changed - Updated Spring Boot to 3.2.3 to fix CVE-2024-22234 and CVE-2024-22243 From bf379a3b26ce5a8907dcb5120a7edf6d18798fe8 Mon Sep 17 00:00:00 2001 From: dvasunin Date: Tue, 2 Apr 2024 12:48:45 +0300 Subject: [PATCH 04/12] fix: change schema2210Url parameter to the locally deployed schema --- src/main/resources/application.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index e9abb224..985df8c4 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -45,10 +45,9 @@ app: version: ^project.version^ verifiableCredentials: durationDays: 90 - schema2210Url: https://f1c82785-5598-41c7-a083-01a8e1a80e19.mock.pstmn.io/ctxsd + schema2210Url: https://sdfactory.int.demo.catena-x.net/context/sd-document-v2210 gaia-x-participant-schema: https://registry.lab.gaia-x.eu/development/api/trusted-schemas-registry/v2/schemas gaia-x-service-schema: https://gaia-x.gitlab.io/gaia-x-community/gaia-x-self-descriptions/service/ontology.json - catena-x-schema: https://sdfactory.int.demo.catena-x.net/context/sd-document-v2210 usersDetails: clearingHouse: #uri: https://validation.dev.dih-cloud.com/api/v1/compliance From 588e6c399ec5ac8a278c42061e2d4160e5d68c7e Mon Sep 17 00:00:00 2001 From: adityagajbhiye9 <133367448+adityagajbhiye9@users.noreply.github.com> Date: Tue, 23 Apr 2024 12:57:33 +0530 Subject: [PATCH 05/12] chore reference url removed - verify schema url removed from application.yaml and added as a secret. --- charts/sdfactory/templates/deployment.yaml | 5 +++++ charts/sdfactory/templates/secret.yaml | 1 + charts/sdfactory/values.yaml | 2 ++ src/main/resources/application.yml | 2 +- 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/sdfactory/templates/deployment.yaml b/charts/sdfactory/templates/deployment.yaml index 06e40e71..5bc70922 100644 --- a/charts/sdfactory/templates/deployment.yaml +++ b/charts/sdfactory/templates/deployment.yaml @@ -113,6 +113,11 @@ spec: secretKeyRef: name: {{ include "sdfactory.applicationSecret.name" . }} key: clearingHouse-clientSecret + - name: APP.VERIFIABLECREDENTIALS.SCHEMA2210URL + valueFrom: + secretKeyRef: + name: {{ include "sdfactory.applicationSecret.name" . }} + key: verifycredentials-uri readinessProbe: tcpSocket: diff --git a/charts/sdfactory/templates/secret.yaml b/charts/sdfactory/templates/secret.yaml index b5aaf4ff..f26e8fd1 100644 --- a/charts/sdfactory/templates/secret.yaml +++ b/charts/sdfactory/templates/secret.yaml @@ -36,3 +36,4 @@ stringData: clearingHouse-realm: {{ .Values.sdfactory.secret.clearingHouseRealm | default (printf "%s-%s" "realm" (randAlpha 6)) }} clearingHouse-clientId: {{ .Values.sdfactory.secret.clearingHouseClientId | default (randAlphaNum 16) }} clearingHouse-clientSecret: {{ .Values.sdfactory.secret.clearingHouseClientSecret | default (randAlphaNum 16) }} + verifycredentials-uri: {{ .Values.sdfactory.secret.verifycredentialsUri|default (https://verifycredential-uri) }} \ No newline at end of file diff --git a/charts/sdfactory/values.yaml b/charts/sdfactory/values.yaml index c6e202c0..146fa421 100644 --- a/charts/sdfactory/values.yaml +++ b/charts/sdfactory/values.yaml @@ -87,6 +87,8 @@ sdfactory: clearingHouseClientId: "" # -- Details for Clearing House Client Secret clearingHouseClientSecret: "" + # -- Details for Verifying Client uri + verifycredentialsUri: "" service: # -- Type of service diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 985df8c4..e2e5f4f4 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -45,7 +45,7 @@ app: version: ^project.version^ verifiableCredentials: durationDays: 90 - schema2210Url: https://sdfactory.int.demo.catena-x.net/context/sd-document-v2210 +# schema2210Url: gaia-x-participant-schema: https://registry.lab.gaia-x.eu/development/api/trusted-schemas-registry/v2/schemas gaia-x-service-schema: https://gaia-x.gitlab.io/gaia-x-community/gaia-x-self-descriptions/service/ontology.json usersDetails: From bad3d652a19ce49c06aa028339472bf869ea89dd Mon Sep 17 00:00:00 2001 From: adityagajbhiye9 <133367448+adityagajbhiye9@users.noreply.github.com> Date: Tue, 23 Apr 2024 13:05:16 +0530 Subject: [PATCH 06/12] chore updated chart version --- charts/sdfactory/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sdfactory/Chart.yaml b/charts/sdfactory/Chart.yaml index 9cb99938..013e1fbc 100644 --- a/charts/sdfactory/Chart.yaml +++ b/charts/sdfactory/Chart.yaml @@ -38,7 +38,7 @@ sources: # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "2.1.12" +version: "2.1.13" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From 85c09ebb1abe127bd65ff51982f8c891ea7175f1 Mon Sep 17 00:00:00 2001 From: adityagajbhiye9 <133367448+adityagajbhiye9@users.noreply.github.com> Date: Tue, 23 Apr 2024 13:14:07 +0530 Subject: [PATCH 07/12] chore corrected the chart version --- charts/sdfactory/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sdfactory/Chart.yaml b/charts/sdfactory/Chart.yaml index 013e1fbc..da53b0bd 100644 --- a/charts/sdfactory/Chart.yaml +++ b/charts/sdfactory/Chart.yaml @@ -38,7 +38,7 @@ sources: # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "2.1.13" +version: "2.1.16" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to From a1c75d5ab188968900800cfe6e9a712f05d9b592 Mon Sep 17 00:00:00 2001 From: dvasunin Date: Tue, 23 Apr 2024 11:05:46 +0300 Subject: [PATCH 08/12] fix: remove Insertion of sensitive information into log files; add logging the status code and url on error --- .../selfdescriptionfactory/config/DefaultFeignConfig.java | 2 ++ .../service/clearinghouse/ClearingHouse.java | 3 --- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java index 370b2d49..1f62678a 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/config/DefaultFeignConfig.java @@ -70,6 +70,8 @@ public ErrorDecoder getErrorDecoder(ObjectMapper mapper) { .getOrElse(responseStr); var statusCode = HttpStatusCode.valueOf(response.status()); log.error("Error in Feign client: {}", msg); + log.error("Status code: {}", statusCode); + log.error("URL: {}", response.request().url()); if (response.request().body() != null) { log.error("Original payload: {}", new String(response.request().body(), response.request().charset())); } diff --git a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java index f1d797e4..da8b1fd2 100644 --- a/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java +++ b/src/main/java/org/eclipse/tractusx/selfdescriptionfactory/service/clearinghouse/ClearingHouse.java @@ -27,7 +27,6 @@ import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.eclipse.tractusx.selfdescriptionfactory.config.TechnicalUsersDetails; -import org.eclipse.tractusx.selfdescriptionfactory.service.keycloak.KeycloakManager; import org.springframework.beans.factory.InitializingBean; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.core.env.Environment; @@ -41,7 +40,6 @@ @RequiredArgsConstructor public class ClearingHouse implements InitializingBean { - private final KeycloakManager keycloakManager; private final TechnicalUsersDetails technicalUsersDetails; private final ClearingHouseClient clearingHouseClient; private final ObjectMapper objectMapper = new ObjectMapper(); @@ -60,7 +58,6 @@ protected void debug(VerifiableCredential payload, String externalId) { var annotation = ClearingHouseClient.class.getAnnotation(FeignClient.class); var name = annotation.name(); Optional.ofNullable(technicalUsersDetails.getUsersDetails().get(name)).map(TechnicalUsersDetails.UserDetail::uri).ifPresent(uri -> log.debug("URL: {}", uri)); - Optional.of(name).map(keycloakManager::getToken).ifPresent(token -> log.debug("Authorization: {}", token)); log.debug("ExternalId: {}", externalId); log.debug("payload: {}", objectMapper.writeValueAsString(payload)); } From 9bc1f71d9664fab6dfa936452a3f933565a3028e Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Tue, 23 Apr 2024 15:20:50 +0530 Subject: [PATCH 09/12] parameterized vschemaurl --- charts/sdfactory/templates/deployment.yaml | 2 +- charts/sdfactory/values-beta.yaml | 1 + charts/sdfactory/values-dev.yaml | 1 + charts/sdfactory/values-int.yaml | 1 + charts/sdfactory/values-pen.yaml | 2 +- charts/sdfactory/values-test.yaml | 1 + charts/sdfactory/values.yaml | 2 +- src/main/resources/application.yml | 2 +- 8 files changed, 8 insertions(+), 4 deletions(-) diff --git a/charts/sdfactory/templates/deployment.yaml b/charts/sdfactory/templates/deployment.yaml index 5bc70922..0593c835 100644 --- a/charts/sdfactory/templates/deployment.yaml +++ b/charts/sdfactory/templates/deployment.yaml @@ -113,7 +113,7 @@ spec: secretKeyRef: name: {{ include "sdfactory.applicationSecret.name" . }} key: clearingHouse-clientSecret - - name: APP.VERIFIABLECREDENTIALS.SCHEMA2210URL + - name: APP_VERIFIABLECREDENTIALS_SCHEMA2210URL valueFrom: secretKeyRef: name: {{ include "sdfactory.applicationSecret.name" . }} diff --git a/charts/sdfactory/values-beta.yaml b/charts/sdfactory/values-beta.yaml index 1bc30b69..1bdc4920 100644 --- a/charts/sdfactory/values-beta.yaml +++ b/charts/sdfactory/values-beta.yaml @@ -71,3 +71,4 @@ sdfactory: clearingHouseRealm: "" clearingHouseClientId: "" clearingHouseClientSecret: "" + verifycredentialsUri: "" clearingHouseClientId: "" clearingHouseClientSecret: "" + verifycredentialsUri: "" clearingHouseClientId: "" clearingHouseClientSecret: "" + verifycredentialsUri: "" clearingHouseClientId: "" clearingHouseClientSecret: "" - + verifycredentialsUri: "" clearingHouseClientId: "" clearingHouseClientSecret: "" + verifycredentialsUri: " Date: Tue, 23 Apr 2024 15:30:14 +0530 Subject: [PATCH 10/12] updated chart version --- README.md | 2 +- charts/sdfactory/README.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3dde4ea1..4fd81a2d 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ further processing. ```shell Software version: 2.1.10 -Helm Chart version: 2.1.15 +Helm Chart version: 2.1.16 ``` diff --git a/charts/sdfactory/README.md b/charts/sdfactory/README.md index 66545a5a..0848afd5 100644 --- a/charts/sdfactory/README.md +++ b/charts/sdfactory/README.md @@ -1,6 +1,6 @@ # sdfactory -![Version: 2.1.15](https://img.shields.io/badge/Version-2.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.10](https://img.shields.io/badge/AppVersion-2.1.10-informational?style=flat-square) +![Version: 2.1.16](https://img.shields.io/badge/Version-2.1.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.10](https://img.shields.io/badge/AppVersion-2.1.10-informational?style=flat-square) Helm Charts for SD Factory application. Self-Description Factory component is responsible for the creation of Self Descriptions. @@ -55,6 +55,7 @@ Helm Charts for SD Factory application. Self-Description Factory component is re | sdfactory.secret.jwkSetUri | string | `""` | JWK Set URI | | sdfactory.secret.realm | string | `""` | Keycloak Realm detail | | sdfactory.secret.resource | string | `""` | Keycloak Resource detail | +| sdfactory.secret.verifycredentialsUri | string | `""` | Details for Verifying Client uri | | securityContext.allowPrivilegeEscalation | bool | `false` | | | securityContext.capabilities.drop[0] | string | `"ALL"` | | | securityContext.runAsGroup | int | `1000` | | From c711d4583d2912ea2d9bd1c37053e25e74ddfaa0 Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Tue, 23 Apr 2024 15:46:58 +0530 Subject: [PATCH 11/12] updated default value --- charts/sdfactory/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/sdfactory/templates/secret.yaml b/charts/sdfactory/templates/secret.yaml index f26e8fd1..0b930609 100644 --- a/charts/sdfactory/templates/secret.yaml +++ b/charts/sdfactory/templates/secret.yaml @@ -36,4 +36,4 @@ stringData: clearingHouse-realm: {{ .Values.sdfactory.secret.clearingHouseRealm | default (printf "%s-%s" "realm" (randAlpha 6)) }} clearingHouse-clientId: {{ .Values.sdfactory.secret.clearingHouseClientId | default (randAlphaNum 16) }} clearingHouse-clientSecret: {{ .Values.sdfactory.secret.clearingHouseClientSecret | default (randAlphaNum 16) }} - verifycredentials-uri: {{ .Values.sdfactory.secret.verifycredentialsUri|default (https://verifycredential-uri) }} \ No newline at end of file + verifycredentials-uri: {{ .Values.sdfactory.secret.verifycredentialsUri|default "https://verifycredential-uri" }} \ No newline at end of file From ffe0513241ff43590a3708cfe2a7718ff27e7e30 Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Thu, 25 Apr 2024 13:03:28 +0530 Subject: [PATCH 12/12] added missing brace --- charts/sdfactory/values-beta.yaml | 2 +- charts/sdfactory/values-dev.yaml | 2 +- charts/sdfactory/values-int.yaml | 2 +- charts/sdfactory/values-pen.yaml | 2 +- charts/sdfactory/values-test.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/sdfactory/values-beta.yaml b/charts/sdfactory/values-beta.yaml index 1bdc4920..e7376a66 100644 --- a/charts/sdfactory/values-beta.yaml +++ b/charts/sdfactory/values-beta.yaml @@ -71,4 +71,4 @@ sdfactory: clearingHouseRealm: "" clearingHouseClientId: "" clearingHouseClientSecret: "" - verifycredentialsUri: "" diff --git a/charts/sdfactory/values-dev.yaml b/charts/sdfactory/values-dev.yaml index 0aff548a..d0006e7a 100644 --- a/charts/sdfactory/values-dev.yaml +++ b/charts/sdfactory/values-dev.yaml @@ -71,4 +71,4 @@ sdfactory: clearingHouseRealm: "" clearingHouseClientId: "" clearingHouseClientSecret: "" - verifycredentialsUri: "" diff --git a/charts/sdfactory/values-int.yaml b/charts/sdfactory/values-int.yaml index c0818055..104c911e 100644 --- a/charts/sdfactory/values-int.yaml +++ b/charts/sdfactory/values-int.yaml @@ -71,4 +71,4 @@ sdfactory: clearingHouseRealm: "" clearingHouseClientId: "" clearingHouseClientSecret: "" - verifycredentialsUri: "" diff --git a/charts/sdfactory/values-pen.yaml b/charts/sdfactory/values-pen.yaml index 327f2633..ba1f3a03 100644 --- a/charts/sdfactory/values-pen.yaml +++ b/charts/sdfactory/values-pen.yaml @@ -71,4 +71,4 @@ sdfactory: clearingHouseRealm: "" clearingHouseClientId: "" clearingHouseClientSecret: "" - verifycredentialsUri: "" diff --git a/charts/sdfactory/values-test.yaml b/charts/sdfactory/values-test.yaml index f22dceaf..ae80413f 100644 --- a/charts/sdfactory/values-test.yaml +++ b/charts/sdfactory/values-test.yaml @@ -76,4 +76,4 @@ sdfactory: clearingHouseRealm: "" clearingHouseClientId: "" clearingHouseClientSecret: "" - verifycredentialsUri: ""