build(1.0.0-rc.4): merge main into dev

.github/workflows/release.yml

@@ -58,7 +58,7 @@
           helm dependency update
 
       - name: Run chart-releaser
         uses: helm/[email protected]
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
           CR_SKIP_EXISTING: "true"
@@ -128,15 +128,15 @@
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: ${{ matrix.image }}
-           # Automatically prepare image tags; See action docs for more examples. 
-           # semver patter will generate tags like these for example :1 :1.2 :1.2.3
+          # Automatically prepare image tags; See action docs for more examples. 
+          # semver patter will generate tags like these for example :1 :1.2 :1.2.3
           tags: |
-             type=ref,event=branch
-             type=ref,event=pr
-             type=raw,value=latest
-             type=semver,pattern={{version}},value=${{ needs.release-helm-chart.outputs.app-version }}
-             type=semver,pattern={{major}},value=${{ needs.release-helm-chart.outputs.app-version }}
-             type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-helm-chart.outputs.app-version }}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=raw,value=latest
+            type=semver,pattern={{version}},value=${{ needs.release-helm-chart.outputs.app-version }}
+            type=semver,pattern={{major}},value=${{ needs.release-helm-chart.outputs.app-version }}
+            type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-helm-chart.outputs.app-version }}
 
       - name: Build and push Docker images
         uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0

CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## [1.0.0-rc.4](https://github.com/eclipse-tractusx/ssi-credential-issuer/compare/v1.0.0-rc.3...v1.0.0-rc.4) (2024-05-13)
+
+
+### Bug Fixes
+
+* adjust multiple ssi detail handling ([#116](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/116)) ([7e8df9d](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/7e8df9dd35953fc5ed3c199dbd6357cc574feec4))
+* **approval:** send mail and notification to requester ([#101](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/101)) ([0fe249c](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/0fe249ceb5728be69055320718ff9b3deb7a3f52))
+* **credential:** remove duplicate credential ([#113](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/113)) ([f2cc13d](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/f2cc13dd810970095c3969a7996c4f00d22f967a))
+* **credentials:** remove quality credential ([#97](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/97)) ([e6a817d](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/e6a817d61ac8a713b9be623a361a26e2e4354964)), closes [#95](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/95)
+* **notification:** adjust notification creation url ([#98](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/98)) ([ae966e9](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/ae966e97395a38e56d88e5479e34c0dac6bc3914))
+* **qualityCredential:** re add quality credential ([#114](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/114)) ([d962baf](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/d962bafd9df92dd5cbaf12a5aa93fa37c4ec29f7)), closes [#107](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/107)
+* return pending credentials ([#117](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/117)) ([21defc7](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/21defc7ab1238c0dd250c0f69cd3c55cc1cf47cf)), closes [#109](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/109)
+* **seeding:** set consortia to seeding paths ([#96](https://github.com/eclipse-tractusx/ssi-credential-issuer/issues/96)) ([8e16f04](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/8e16f04ee8310318149d27318cbdf1c1dd4bf8c8))
+
+
+### Miscellaneous Chores
+
+* release 1.0.0-rc.4 ([f159102](https://github.com/eclipse-tractusx/ssi-credential-issuer/commit/f1591024624317e403fab442539a1b7a332a4c16))
+
 ## [1.0.0-rc.3](https://github.com/eclipse-tractusx/ssi-credential-issuer/compare/v1.0.0-rc.1...v1.0.0-rc.3) (2024-04-30)
 
 

charts/ssi-credential-issuer/Chart.yaml

@@ -20,8 +20,8 @@
 apiVersion: v2
 name: ssi-credential-issuer
 type: application
-version: 1.0.0-rc.3
-appVersion: 1.0.0-rc.3
+version: 1.0.0-rc.4
+appVersion: 1.0.0-rc.4
 description: Helm chart for SSI Credential Issuer
 home: https://github.com/eclipse-tractusx/ssi-credential-issuer
 dependencies:

charts/ssi-credential-issuer/README.md

@@ -27,7 +27,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: ssi-credential-issuer
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 1.0.0-rc.3
+    version: 1.0.0-rc.4
 ```
 
 ## Requirements

consortia/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/ssi-credential-issuer
     repoURL: 'https://github.com/eclipse-tractusx/ssi-credential-issuer.git'
-    targetRevision: ssi-credential-issuer-1.0.0-rc.3
+    targetRevision: ssi-credential-issuer-1.0.0-rc.4
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/appsetup-stable.yaml

@@ -29,7 +29,7 @@ spec:
   source:
     path: ''
     repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
-    targetRevision: ssi-credential-issuer-1.0.0-rc.3
+    targetRevision: ssi-credential-issuer-1.0.0-rc.4
     plugin:
       env:
         - name: HELM_VALUES

consortia/environments/values-beta.yaml

@@ -57,6 +57,8 @@ issuer:
 issuermigrations:
   logging:
     default: "Debug"
+  seeding:
+    testDataEnvironments: "consortia"
 
 processesworker:
   logging:

consortia/environments/values-dev.yaml

@@ -63,6 +63,8 @@ issuermigrations:
   imagePullPolicy: "Always"
   logging:
     default: "Debug"
+  seeding:
+    testDataEnvironments: "consortia"
 
 processesworker:
   image:

consortia/environments/values-int.yaml

@@ -57,6 +57,8 @@ issuer:
 issuermigrations:
   logging:
     default: "Debug"
+  seeding:
+    testDataEnvironments: "consortia"
 
 processesworker:
   logging:

consortia/environments/values-pen.yaml

@@ -57,6 +57,8 @@ issuer:
 issuermigrations:
   logging:
     default: "Debug"
+  seeding:
+    testDataEnvironments: "consortia"
 
 processesworker:
   logging:

consortia/environments/values-rc.yaml

@@ -63,6 +63,8 @@ issuermigrations:
   imagePullPolicy: "Always"
   logging:
     default: "Debug"
+  seeding:
+    testDataEnvironments: "consortia"
 
 processesworker:
   image:

docs/architecture/Security_Assessment.md

@@ -0,0 +1,114 @@
+# Security Assessment SSI Credential Issuer
+
+|                           |                                                                                                |
+| ------------------------- | ---------------------------------------------------------------------------------------------- |
+| Contact for product       | [@evegufy](https://github.com/evegufy) <br> [@jjeroch](https://github.com/jjeroch)             |
+| Security responsible      | tbd |
+| Version number of product | 1.0.0                                                                                          |
+| Dates of assessment       | tbd: Assessment                                                                      |
+| Status of assessment      | Assessment Report                                                                            |
+
+## Product Description
+
+The SSI Credential Issuer product is an REST API project with two Process Worker processes, so a pure backend component (without implementation of an user interface).
+
+The main purpose of the product is to provide authenticated CX Users the possibility to create credentials inside the issuer and holder wallet. Furthermore, it handles the revocation and expiry handling for credentials.
+
+The SSI Credential Issuer comprises the technical foundation for functional interaction, monitoring, auditing and further functionalities.
+
+The product can be run anywhere: it can be deployed as a docker image, e.g. on Kubernetes (platform-independent, cloud, on prem or local).
+
+The SSI Credential Issuer is using following key frameworks:
+
+- .Net
+- Entity Framework
+[Development Concept](/Development%20Concept.md)
+
+## Data Flow Diagram
+
+```mermaid
+flowchart LR
+
+    CU(Company user or Service Account)
+    K("Keycloak (REST API)")
+    IS(Issuer Service)
+    CS(Credential Service)
+    RS(Revocation Service)
+    EW(Expiry Worker)
+    IW(Issuer Wallet)
+    HW(3rd Party Holder Wallets)
+    P(Portal Backend)
+    PHD[(Issuer DB \n Postgres \n EF Core for mapping \n objects to SQL)]
+
+    subgraph centralidp[centralidp Keycloak]
+     K
+    end
+
+    subgraph companyrealm[SharedIdP Keycloak or ownIdP]
+     CU
+    end
+
+    subgraph SSI-Issuer-Component Product
+     IS
+     CS
+     RS
+     EW
+     PHD
+    end
+
+    subgraph External Systems
+     P
+     IW
+     HW
+    end
+
+    K-->|"Authentication & Authorization Data \n (Using JWT)"|IS
+    K-->|"Authentication & Authorization Data \n (Using JWT)"|CS
+    K-->|"Authentication & Authorization Data \n (Using JWT)"|RS
+    CU-->|"Consumption of central, read-only REST API \n [HTTPS]"|IS
+    CU-->|"Consumption of central, read-only REST API \n [HTTPS]"|CS
+    CU-->|"Consumption of central, read-only REST API \n [HTTPS]"|RS
+    IS-->|"Read and write credentials"|PHD
+    IS-->|"Read and write credentials"|IW
+    IS-->|"Read and write credentials"|HW
+    EW-->|"Read and write credentials"|IW
+    RS-->|"Read and write credentials"|IW
+    P-->|"Create and revoke credentials"|IS
+    IS-->|"Create notifications and mails"|P
+    CS-->|"Read credentials and document"|PHD
+    RS-->|"Read and update credential data"|PHD
+    CU-->|"IAM with OIDC \n [HTTPS]"|K
+```
+
+### Changes compared to last Security Assessment
+
+N/A
+
+### Features for Upcoming Versions
+
+N/A
+
+## Threats & Risks
+
+TBD
+
+### Mitigated Threats
+
+N/A
+
+### Performed Security Checks
+
+- Static Application Security Testing (SAST) - CodeQL
+- Software Composition Analysis (SCA) - Dependabot
+- Container Scan conducted - Trivy
+- Infrastructure as Code - KICS
+- Secret Scanning - GitGuardian
+- Dynamic Application Security Testing (DAST) - OWASP ZAP (Unauthenticated)
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2024 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/ssi-credential-issuer

src/Directory.Build.props

@@ -20,6 +20,6 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>1.0.0</VersionPrefix>
-    <VersionSuffix>rc.3</VersionSuffix>
+    <VersionSuffix>rc.4</VersionSuffix>
   </PropertyGroup>
 </Project>

src/database/SsiCredentialIssuer.DbAccess/Models/SsiApprovalData.cs

@@ -27,7 +27,8 @@ public record SsiApprovalData(
     VerifiedCredentialTypeId Type,
     Guid? ProcessId,
     VerifiedCredentialTypeKindId? Kind,
-    string? Bpn,
+    string Bpn,
+    string UserId,
     JsonDocument? Schema,
     DetailData? DetailData
 );

src/issuer/SsiCredentialIssuer.Service/Models/UseCaseParticipationData.cs → src/database/SsiCredentialIssuer.DbAccess/Models/UseCaseParticipationData.cs

@@ -17,10 +17,9 @@
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
 
-using Org.Eclipse.TractusX.SsiCredentialIssuer.DBAccess.Models;
 using Org.Eclipse.TractusX.SsiCredentialIssuer.Entities.Enums;
 
-namespace Org.Eclipse.TractusX.SsiCredentialIssuer.Service.Models;
+namespace Org.Eclipse.TractusX.SsiCredentialIssuer.DBAccess.Models;
 
 public record UseCaseParticipationData
 (
@@ -33,13 +32,13 @@ IEnumerable<CompanySsiExternalTypeDetailData> VerifiedCredentials
 public record CertificateParticipationData
 (
     VerifiedCredentialTypeId CredentialType,
-    IEnumerable<CompanySsiExternalTypeDetailData> VerifiedCredentials
+    IEnumerable<CompanySsiExternalTypeDetailData> Credentials
 );
 
 public record CompanySsiExternalTypeDetailData
 (
     ExternalTypeDetailData ExternalDetailData,
-    CompanySsiDetailData? SsiDetailData
+    IEnumerable<CompanySsiDetailData> SsiDetailData
 );
 
 public record CompanySsiDetailData