diff --git a/api/trusted-issuers-registry.yaml b/api/trusted-issuers-registry.yaml index 23d308d..6fb7ed4 100644 --- a/api/trusted-issuers-registry.yaml +++ b/api/trusted-issuers-registry.yaml @@ -30,6 +30,12 @@ paths: application/json: schema: $ref: '#/components/schemas/ProblemDetails' + '401': + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ProblemDetails' '500': description: Internal Server Error content: @@ -58,6 +64,12 @@ paths: application/json: schema: $ref: '#/components/schemas/ProblemDetails' + '401': + description: Unauthorized + content: + application/json: + schema: + $ref: '#/components/schemas/ProblemDetails' '404': description: Not found content: diff --git a/src/main/java/org/fiware/iam/tir/rest/AnonymousTrustedIssuersRegistry.java b/src/main/java/org/fiware/iam/tir/rest/AnonymousTrustedIssuersRegistry.java new file mode 100644 index 0000000..e294a83 --- /dev/null +++ b/src/main/java/org/fiware/iam/tir/rest/AnonymousTrustedIssuersRegistry.java @@ -0,0 +1,21 @@ +package org.fiware.iam.tir.rest; + +import io.micronaut.context.annotation.Requires; +import io.micronaut.http.annotation.Controller; +import io.micronaut.security.annotation.Secured; +import io.micronaut.security.rules.SecurityRule; +import org.fiware.iam.tir.issuers.IssuersProvider; +import org.fiware.iam.tir.issuers.TrustedIssuerMapper; + + +/** + * Implementation of the Trusted Issuers Registry API that does not require the users to authenticate + */ +@Requires(property="general.trustedIssuersRegistry.authenticated", notEquals="true") +@Controller("${general.basepath:/}") +@Secured(SecurityRule.IS_ANONYMOUS) +public class AnonymousTrustedIssuersRegistry extends TrustedIssuersRegistry{ + public AnonymousTrustedIssuersRegistry(IssuersProvider issuersProvider, TrustedIssuerMapper mapper) { + super(issuersProvider, mapper); + } +} diff --git a/src/main/java/org/fiware/iam/tir/rest/AuthenticatedTrustedIssuersRegistry.java b/src/main/java/org/fiware/iam/tir/rest/AuthenticatedTrustedIssuersRegistry.java new file mode 100644 index 0000000..6cb59e5 --- /dev/null +++ b/src/main/java/org/fiware/iam/tir/rest/AuthenticatedTrustedIssuersRegistry.java @@ -0,0 +1,21 @@ +package org.fiware.iam.tir.rest; + +import io.micronaut.context.annotation.Requires; +import io.micronaut.http.annotation.Controller; +import io.micronaut.security.annotation.Secured; +import io.micronaut.security.rules.SecurityRule; +import org.fiware.iam.tir.issuers.IssuersProvider; +import org.fiware.iam.tir.issuers.TrustedIssuerMapper; + + +/** + * Implementation of the Trusted Issuers Registry API that requires the users to authenticate + */ +@Requires(property="general.trustedIssuersRegistry.authenticated", value="true") +@Controller("${general.basepath:/}") +@Secured(SecurityRule.IS_AUTHENTICATED) +public class AuthenticatedTrustedIssuersRegistry extends TrustedIssuersRegistry{ + public AuthenticatedTrustedIssuersRegistry(IssuersProvider issuersProvider, TrustedIssuerMapper mapper) { + super(issuersProvider, mapper); + } +} diff --git a/src/main/java/org/fiware/iam/tir/rest/TrustedIssuersRegistry.java b/src/main/java/org/fiware/iam/tir/rest/TrustedIssuersRegistry.java index b48066e..2613d5c 100644 --- a/src/main/java/org/fiware/iam/tir/rest/TrustedIssuersRegistry.java +++ b/src/main/java/org/fiware/iam/tir/rest/TrustedIssuersRegistry.java @@ -19,9 +19,7 @@ @RequiredArgsConstructor @Slf4j -@Controller("${general.basepath:/}") -@Secured(SecurityRule.IS_ANONYMOUS) -public class TrustedIssuersRegistry implements TirApi { +abstract class TrustedIssuersRegistry implements TirApi { private final IssuersProvider issuersProvider; private final TrustedIssuerMapper mapper; diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 13d74b2..4f85717 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -36,6 +36,8 @@ endpoints: sensitive: false general: + trustedIssuersRegistry: + authenticated: false contextUrl: "https://registry.lab.gaia-x.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#" ## "https://www.w3.org/2018/credentials/v1", "https://registry.lab.gaia-x.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#", "https://w3id.org/security/suites/jws-2020/v1" diff --git a/src/test/java/org/fiware/iam/tir/rest/AuthenticatedTrustedIssuersRegistryIT.java b/src/test/java/org/fiware/iam/tir/rest/AuthenticatedTrustedIssuersRegistryIT.java new file mode 100644 index 0000000..e9c9532 --- /dev/null +++ b/src/test/java/org/fiware/iam/tir/rest/AuthenticatedTrustedIssuersRegistryIT.java @@ -0,0 +1,95 @@ +package org.fiware.iam.tir.rest; + +import changeMe.JwtProvider; +import com.fasterxml.jackson.databind.ObjectMapper; +import io.github.wistefan.mapping.JavaObjectMapper; +import io.micronaut.context.annotation.Property; +import io.micronaut.http.HttpResponse; +import io.micronaut.http.HttpStatus; +import io.micronaut.security.token.jwt.signature.SignatureGeneratorConfiguration; +import io.micronaut.test.extensions.junit5.annotation.MicronautTest; +import org.fiware.iam.common.configuration.GeneralProperties; +import org.fiware.iam.tir.api.TirApiTestClient; +import org.fiware.iam.tir.api.TirApiTestSpec; +import org.fiware.iam.tir.issuers.TrustedIssuer; +import org.fiware.iam.tir.model.IssuerVO; +import org.fiware.iam.tir.model.IssuersResponseVO; +import org.fiware.ngsi.api.EntitiesApiClient; +import org.junit.jupiter.api.Test; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; + +@MicronautTest(packages = {"org.fiware.iam.tir"}) +@Property(name = "general.trustedIssuersRegistry.authenticated", value = "true") +public class AuthenticatedTrustedIssuersRegistryIT extends NGSIBasedTest implements TirApiTestSpec { + + private final SignatureGeneratorConfiguration signature; + final TirApiTestClient apiClient; + + public AuthenticatedTrustedIssuersRegistryIT(EntitiesApiClient entitiesApiClient, JavaObjectMapper javaObjectMapper, ObjectMapper objectMapper, GeneralProperties generalProperties, SignatureGeneratorConfiguration signature, TirApiTestClient apiClient1) { + super(entitiesApiClient, javaObjectMapper, objectMapper, generalProperties); + this.signature = signature; + this.apiClient = apiClient1; + } + + private String genToken(){ + return new JwtProvider(signature).builder().subject("test").issuer("issuer").toBearer(); + } + + @Test + @Override + public void getIssuer200() throws Exception { + createIssuer(new TrustedIssuer("someId").setIssuer("someDid")); + assertEquals(HttpStatus.OK, apiClient.getIssuer(genToken(), "someDid").getStatus()); + } + + @Override + public void getIssuer400() throws Exception { + } + + @Test + @Override + public void getIssuer401() throws Exception { + createIssuer(new TrustedIssuer("someId").setIssuer("someDid")); + HttpResponse response = callAndCatch(() -> apiClient.getIssuer("someDid")); + assertEquals(HttpStatus.UNAUTHORIZED,response.getStatus()); + } + + @Override + public void getIssuer404() throws Exception { + } + + @Override + public void getIssuer500() throws Exception { + } + + @Test + @Override + public void getIssuers200() throws Exception { + createIssuer(new TrustedIssuer("someId").setIssuer("someDid")); + createIssuer(new TrustedIssuer("someId2").setIssuer("someDid2")); + + HttpResponse issuersResponse = apiClient.getIssuers(genToken(), 100, null); + assertThat(issuersResponse).extracting(HttpResponse::getStatus).isEqualTo(HttpStatus.OK); + + IssuersResponseVO responseBody = issuersResponse.body(); + assertThat(responseBody).extracting(IssuersResponseVO::getItems).asList().hasSize(2); + } + + @Override + public void getIssuers400() throws Exception { + } + + @Test + @Override + public void getIssuers401() throws Exception { + createIssuer(new TrustedIssuer("someId").setIssuer("someDid")); + HttpResponse response = callAndCatch(() -> apiClient.getIssuers(100, null)); + assertEquals(HttpStatus.UNAUTHORIZED,response.getStatus()); + } + + @Override + public void getIssuers500() throws Exception { + } +} diff --git a/src/test/java/org/fiware/iam/tir/rest/DidRegistryIT.java b/src/test/java/org/fiware/iam/tir/rest/DidRegistryIT.java index 0ecf8cf..7529b5b 100644 --- a/src/test/java/org/fiware/iam/tir/rest/DidRegistryIT.java +++ b/src/test/java/org/fiware/iam/tir/rest/DidRegistryIT.java @@ -50,6 +50,9 @@ public DidService mockDidService() { .id("did:web:someDid") .addVerificationMethodItem(new JsonWebKey2020VerificationMethodVO().id("did:web:someDid").publicKeyJwk(new JWKVO().x5u("example.com/cert"))); + private String genToken(){ + return new JwtProvider(signature).builder().subject("test").issuer("issuer").toBearer(); + } public DidRegistryIT(EntitiesApiClient entitiesApiClient, JavaObjectMapper javaObjectMapper, ObjectMapper objectMapper, GeneralProperties generalProperties, DidApiTestClient apiClient, InMemoryPartiesRepo partyRepo, DidService didService, SignatureGeneratorConfiguration signature) { super(entitiesApiClient, javaObjectMapper, objectMapper, generalProperties); this.apiClient = apiClient; @@ -61,13 +64,13 @@ public DidRegistryIT(EntitiesApiClient entitiesApiClient, JavaObjectMapper javaO @Test @Override public void getDIDDocument200() throws Exception { - String bearerToken = new JwtProvider(signature).builder().toBearer(); + when(didService.retrieveDidDocument("did:web:someDid")).thenReturn(Optional.of(SOME_DID_DOCUMENT)); when(didService.getCertificate(SOME_DID_DOCUMENT)).thenReturn(Optional.of("someCert")); createIssuer(new TrustedIssuer("did:web:someId").setIssuer("did:web:someDid")); partyRepo.updateParties(); - HttpResponse answer = apiClient.getDIDDocument(bearerToken, "did:web:someDid", null); + HttpResponse answer = apiClient.getDIDDocument(genToken(), "did:web:someDid", null); assertEquals(HttpStatus.OK, answer.getStatus()); assertEquals(toJson(SOME_DID_DOCUMENT), toJson(answer.getBody().get())); @@ -81,7 +84,7 @@ private String toJson(Object obj) { @Disabled("Test client verifies the parameter already") @Override public void getDIDDocument400() throws Exception { - HttpResponse answer = apiClient.getDIDDocument(null, null); + HttpResponse answer = apiClient.getDIDDocument(genToken(),null, null); assertEquals(HttpStatus.BAD_REQUEST, answer.getStatus()); } @@ -96,7 +99,7 @@ public void getDIDDocument401() throws Exception { @Test @Override public void getDIDDocument404() throws Exception { - HttpResponse answer = apiClient.getDIDDocument("did:ebsi:unknown", null); + HttpResponse answer = apiClient.getDIDDocument(genToken(),"did:ebsi:unknown", null); assertEquals(HttpStatus.NOT_FOUND, answer.getStatus()); } diff --git a/src/test/java/org/fiware/iam/tir/rest/TrustedIssuersRegistryIT.java b/src/test/java/org/fiware/iam/tir/rest/TrustedIssuersRegistryIT.java index b05dfc9..d7f3c79 100644 --- a/src/test/java/org/fiware/iam/tir/rest/TrustedIssuersRegistryIT.java +++ b/src/test/java/org/fiware/iam/tir/rest/TrustedIssuersRegistryIT.java @@ -5,6 +5,7 @@ import io.micronaut.http.HttpMessage; import io.micronaut.http.HttpResponse; import io.micronaut.http.HttpStatus; +import io.micronaut.security.token.jwt.signature.SignatureGeneratorConfiguration; import io.micronaut.test.extensions.junit5.annotation.MicronautTest; import org.fiware.iam.common.configuration.GeneralProperties; import org.fiware.iam.tir.api.TirApiTestClient; @@ -21,8 +22,7 @@ @MicronautTest(packages = {"org.fiware.iam.tir"}) public class TrustedIssuersRegistryIT extends NGSIBasedTest implements TirApiTestSpec { - - private final TirApiTestClient apiClient; + final TirApiTestClient apiClient; public TrustedIssuersRegistryIT(EntitiesApiClient entitiesApiClient, JavaObjectMapper javaObjectMapper, ObjectMapper objectMapper, GeneralProperties generalProperties, TirApiTestClient apiClient) { super(entitiesApiClient, javaObjectMapper, objectMapper, generalProperties); @@ -43,6 +43,12 @@ public void getIssuer400() throws Exception { assertEquals(HttpStatus.BAD_REQUEST, apiClient.getIssuer(null).getStatus()); } + @Disabled("Not possible in anonymous case") + @Override + public void getIssuer401() throws Exception { + + } + @Test @Override public void getIssuer404() throws Exception { @@ -74,6 +80,12 @@ public void getIssuers400() throws Exception { assertEquals(HttpStatus.BAD_REQUEST, callAndCatch(() -> apiClient.getIssuers(-1, null)).getStatus()); } + @Disabled("Not possible in anonymous case") + @Override + public void getIssuers401() throws Exception { + + } + @Disabled("Can't provoke it") @Override public void getIssuers500() throws Exception { diff --git a/src/test/resources/application.yaml b/src/test/resources/application.yaml index b1fd936..8cb4a08 100644 --- a/src/test/resources/application.yaml +++ b/src/test/resources/application.yaml @@ -27,6 +27,8 @@ micronaut: read-timeout: 30 general: + trustedIssuersRegistry: + authenticated: false contextUrl: "https://registry.lab.gaia-x.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#" ## "https://www.w3.org/2018/credentials/v1", "https://registry.lab.gaia-x.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#", "https://w3id.org/security/suites/jws-2020/v1"