feat(SSI): adds E2E test for Catalog request with real MIW (#544)

* feat(SSI): adds E2E test for Catalog request with real MIW flow using SSI flow

* fix after review

* fix after review

.github/workflows/verify.yaml

@@ -159,3 +159,20 @@ jobs:
 
       - name: Run Postgresql E2E tests
         run: ./gradlew test -DincludeTags="PostgresqlIntegrationTest"
+
+  ssi-integration-tests:
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    needs: [ verify-formatting, verify-license-headers ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup-java
+
+      - uses: actions/checkout@v2
+      - name: Starting MIW, Keycloak and Postgres Servers
+        run: |
+          docker compose -f edc-tests/e2e-tests/src/test/resources/docker-compose.yml up -d 
+
+      - name: Run MIW E2E tests
+        run: ./gradlew test -DincludeTags="MiwIntegrationTest"

core/json-ld-core/src/main/java/org/eclipse/tractusx/edc/jsonld/JsonLdExtension.java

@@ -34,10 +34,12 @@ public class JsonLdExtension implements ServiceExtension {
 
     public static final String CREDENTIALS_V_1 = "https://www.w3.org/2018/credentials/v1";
     public static final String CREDENTIALS_SUMMARY_V_1 = "https://w3id.org/2023/catenax/credentials/summary/v1";
+    public static final String CREDENTIALS_SUMMARY_V_1_FALLBACK = "https://catenax-ng.github.io/product-core-schemas/SummaryVC.json";
     private static final String PREFIX = "document" + File.separator;
     private static final Map<String, String> FILES = Map.of(
             CREDENTIALS_V_1, PREFIX + "credential-v1.jsonld",
-            CREDENTIALS_SUMMARY_V_1, PREFIX + "summary-vc-context-v1.jsonld");
+            CREDENTIALS_SUMMARY_V_1, PREFIX + "summary-vc-context-v1.jsonld",
+            CREDENTIALS_SUMMARY_V_1_FALLBACK, PREFIX + "summary-vc-context-v1.jsonld");
     @Inject
     private JsonLd jsonLdService;
 

core/json-ld-core/src/main/resources/document/summary-vc-context-v1.jsonld

@@ -18,7 +18,7 @@
       "@id": "summary:items",
       "@type": "https://schema.org/Text"
     },
-    "contract-template": {
+    "contractTemplate": {
       "@id": "summary:contract-template",
       "@type": "https://schema.org/Text"
     }

edc-extensions/ssi/ssi-miw-credential-client/src/main/java/org/eclipse/tractusx/edc/iam/ssi/miw/api/MiwApiClientImpl.java

@@ -137,7 +137,9 @@ private Result<Void> handleVerifyResult(Map<String, Object> response) {
         if (valid) {
             return Result.success();
         } else {
-            return Result.failure(format("Verification failed with response: %s", response));
+            var msg = "MIW verification failed";
+            monitor.severe(msg);
+            return Result.failure(msg);
         }
     }
 

edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tag/MiwIntegrationTest.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.tractusx.edc.tag;
+
+import org.eclipse.edc.junit.annotations.IntegrationTest;
+import org.junit.jupiter.api.Tag;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@IntegrationTest
+@Tag("MiwIntegrationTest")
+public @interface MiwIntegrationTest {
+}
+

edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/catalog/MiwSsiCatalogTest.java

@@ -0,0 +1,98 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.tractusx.edc.tests.catalog;
+
+import org.eclipse.tractusx.edc.lifecycle.Participant;
+import org.eclipse.tractusx.edc.lifecycle.ParticipantRuntime;
+import org.eclipse.tractusx.edc.tag.MiwIntegrationTest;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.tractusx.edc.helpers.CatalogHelperFunctions.getDatasetAssetId;
+import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.frameworkPolicy;
+import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.noConstraintPolicyDefinition;
+import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_BPN;
+import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_DSP_CALLBACK;
+import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_NAME;
+import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.sokratesConfiguration;
+
+@MiwIntegrationTest
+public class MiwSsiCatalogTest {
+
+    protected static final Participant SOKRATES = new Participant(SOKRATES_NAME, SOKRATES_BPN, sokratesConfiguration());
+    static final String MIW_SOKRATES_URL = "http://localhost:8080";
+    static final String OAUTH_TOKEN_URL = "http://localhost:8081/realms/miw_test/protocol/openid-connect/token";
+
+    @RegisterExtension
+    protected static final ParticipantRuntime SOKRATES_RUNTIME = new ParticipantRuntime(
+            ":edc-tests:runtime:runtime-memory-ssi",
+            SOKRATES_NAME,
+            SOKRATES_BPN,
+            sokratesSsiMiwConfiguration()
+    );
+
+    public static Map<String, String> sokratesSsiMiwConfiguration() {
+        var ssiConfiguration = new HashMap<String, String>() {
+            {
+                put("tx.ssi.miw.url", MIW_SOKRATES_URL);
+                put("tx.ssi.oauth.token.url", OAUTH_TOKEN_URL);
+                put("tx.ssi.oauth.client.id", "miw_private_client");
+                put("tx.ssi.oauth.client.secret.alias", "client_secret_alias");
+                put("tx.ssi.miw.authority.id", "BPNL000000000000");
+                put("tx.vault.seed.secrets", "client_secret_alias:miw_private_client");
+                put("tx.ssi.endpoint.audience", SOKRATES_DSP_CALLBACK);
+            }
+        };
+        var baseConfiguration = sokratesConfiguration();
+        ssiConfiguration.putAll(baseConfiguration);
+        return ssiConfiguration;
+    }
+
+    @Test
+    @DisplayName("Verify that Sokrates receives only the offers he is permitted to")
+    void requestCatalog_fulfillsPolicy_shouldReturnOffer() {
+        // arrange
+        SOKRATES.createAsset("test-asset");
+        SOKRATES.createAsset("test-asset-1");
+
+        var bpnAccessPolicy = frameworkPolicy("test-ap1", Map.of("BPN", "active"));
+        var contractPolicy = noConstraintPolicyDefinition("test-cp1");
+        var dismantlerAccessPolicy = frameworkPolicy("test-ap2", Map.of("Dismantler", "active"));
+
+        SOKRATES.createPolicy(bpnAccessPolicy);
+        SOKRATES.createPolicy(contractPolicy);
+        SOKRATES.createPolicy(dismantlerAccessPolicy);
+
+        SOKRATES.createContractDefinition("test-asset", "test-def", "test-ap1", "test-cp1");
+        SOKRATES.createContractDefinition("test-asset-1", "test-def-2", "test-ap2", "test-cp1");
+
+
+        // act
+        var catalog = SOKRATES.getCatalogDatasets(SOKRATES);
+
+        // assert
+        assertThat(catalog).isNotEmpty()
+                .hasSize(1)
+                .allSatisfy(co -> {
+                    assertThat(getDatasetAssetId(co)).isEqualTo("test-asset");
+                });
+
+    }
+}

edc-tests/e2e-tests/src/test/resources/db.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# /********************************************************************************
+#  Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0.
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+#
+
+set -e
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE DATABASE miw;
+    CREATE USER miw_user WITH ENCRYPTED PASSWORD 'password';
+    GRANT ALL PRIVILEGES ON DATABASE miw TO miw_user;
+    \c miw keycloak
+    GRANT ALL ON SCHEMA public TO miw_user;
+EOSQL

edc-tests/e2e-tests/src/test/resources/docker-compose.yml

@@ -0,0 +1,91 @@
+#
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+version: '3'
+
+volumes:
+  postgres_data:
+    driver: local
+
+services:
+  postgres:
+    image: postgres
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      - ./db.sh:/docker-entrypoint-initdb.d/init-database.sh
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    ports:
+      - "5432:5432"
+
+  wallet:
+    platform: linux/amd64
+    container_name: managed-identity-wallet
+    image: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service:0.0.1-snapshot.2994d69
+    ports:
+      - "8080:8080"
+    environment:
+      #application env variables need to setup in IDE
+      APPLICATION_PORT: 8080
+      APPLICATION_ENVIRONMENT: dev
+      DB_HOST: postgres
+      DB_PORT: 5432
+      USE_SSL: 'false'
+
+      #create miw database and update below properties
+      DB_USER_NAME: keycloak
+      DB_PASSWORD: password
+      DB_NAME: miw
+      KEYCLOAK_MIW_PUBLIC_CLIENT: miw_public
+      MANAGEMENT_PORT: 8090
+      MIW_HOST_NAME: localhost:8080
+      ENFORCE_HTTPS_IN_DID_RESOLUTION: 'false'
+      ENCRYPTION_KEY: Woh9waid4Ei5eez0aitieghoow9so4oe
+      AUTHORITY_WALLET_BPN: BPNL000000000000
+      AUTHORITY_WALLET_NAME: Catena-X
+      AUTHORITY_WALLET_DID: "did:web:localhost:8080:BPNL000000000000"
+      VC_SCHEMA_LINK: https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json
+      SUMMARY_VC_SCHEMA_LINK: https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/SummaryVC.json
+      VC_EXPIRY_DATE: 01-01-2025
+      SUPPORTED_FRAMEWORK_VC_TYPES: "cx-behavior-twin: Behavior Twin,cx-pcf: PCF,cx-quality: Quality,cx-resiliency: Resiliency,cx-sustainability: Sustainability,cx-traceability: ID_3.0_Trace"
+      KEYCLOAK_REALM: miw_test
+      KEYCLOAK_CLIENT_ID: miw_private_client
+      AUTH_SERVER_URL: http://keycloak:8081
+    entrypoint: ["java","-jar", "miw-latest.jar", "--spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8081/realms/miw_test"]
+    depends_on: [ postgres , keycloak ]
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:21.0.2
+    environment:
+      DB_VENDOR: POSTGRES
+      DB_ADDR: postgres
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_SCHEMA: public
+      DB_PASSWORD: password
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+    entrypoint: [ "/opt/keycloak/bin/kc.sh", "start-dev" ,"--import-realm", "--http-port=8081" ]
+    volumes:
+      - ./miw_test_realm.json:/opt/keycloak/data/import/miw_test_realm.json
+    ports:
+      - "8081:8081"
+    depends_on:
+      - postgres