Skip to content

Commit

Permalink
chore: split token-core into token-lib (#4572)
Browse files Browse the repository at this point in the history
* chore: split token-core into token-lib

* fix e2e, comp and pg tests

* checkstyle

* fix license header
  • Loading branch information
paullatzelsperger authored Oct 23, 2024
1 parent a6c7855 commit 0627e14
Show file tree
Hide file tree
Showing 29 changed files with 69 additions and 35 deletions.
31 changes: 31 additions & 0 deletions core/common/lib/token-lib/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
/*
* Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

plugins {
`java-library`
`maven-publish`
}

dependencies {
api(project(":spi:common:keys-spi"))
api(project(":spi:common:token-spi"))
api(project(":spi:common:jwt-spi"))
api(project(":spi:common:jwt-signer-spi"))

implementation(project(":core:common:lib:crypto-common-lib")) // for the CryptoConverter
implementation(libs.nimbus.jwt)
api(libs.bouncyCastle.bcpkixJdk18on)
}


Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 - 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
Expand All @@ -14,6 +14,7 @@

package org.eclipse.edc.token.rules;

import org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.token.spi.TokenValidationRule;
Expand All @@ -22,8 +23,6 @@

import java.util.Map;

import static com.nimbusds.jwt.JWTClaimNames.AUDIENCE;


public class AudienceValidationRule implements TokenValidationRule {
private final String expectedAudience;
Expand All @@ -34,7 +33,7 @@ public AudienceValidationRule(String expectedAudience) {

@Override
public Result<Void> checkRule(@NotNull ClaimToken toVerify, @Nullable Map<String, Object> additional) {
var audiences = toVerify.getListClaim(AUDIENCE);
var audiences = toVerify.getListClaim(JwtRegisteredClaimNames.AUDIENCE);
if (audiences.isEmpty()) {
return Result.failure("Required audience (aud) claim is missing in token");
} else if (!audiences.contains(expectedAudience)) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 - 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
Expand All @@ -14,6 +14,7 @@

package org.eclipse.edc.token.rules;

import org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.token.spi.TokenValidationRule;
Expand All @@ -23,9 +24,6 @@
import java.time.Clock;
import java.util.Map;

import static com.nimbusds.jwt.JWTClaimNames.EXPIRATION_TIME;
import static com.nimbusds.jwt.JWTClaimNames.ISSUED_AT;


/**
* Token validation rule that checks if the token is not expired and if the "issued at" claim is valued correctly
Expand Down Expand Up @@ -55,7 +53,7 @@ public ExpirationIssuedAtValidationRule(Clock clock, int issuedAtLeeway, boolean
@Override
public Result<Void> checkRule(@NotNull ClaimToken toVerify, @Nullable Map<String, Object> additional) {
var now = clock.instant();
var expires = toVerify.getInstantClaim(EXPIRATION_TIME);
var expires = toVerify.getInstantClaim(JwtRegisteredClaimNames.EXPIRATION_TIME);
if (expires == null) {
if (!allowNull) {
return Result.failure("Required expiration time (exp) claim is missing in token");
Expand All @@ -64,7 +62,7 @@ public Result<Void> checkRule(@NotNull ClaimToken toVerify, @Nullable Map<String
return Result.failure("Token has expired (exp)");
}

var issuedAt = toVerify.getInstantClaim(ISSUED_AT);
var issuedAt = toVerify.getInstantClaim(JwtRegisteredClaimNames.ISSUED_AT);
if (issuedAt != null) {
if (issuedAt.isAfter(expires)) {
return Result.failure("Issued at (iat) claim is after expiration time (exp) claim in token");
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022 - 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
* Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
Expand All @@ -14,6 +14,7 @@

package org.eclipse.edc.token.rules;

import org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.token.spi.TokenValidationRule;
Expand All @@ -23,8 +24,6 @@
import java.time.Clock;
import java.util.Map;

import static com.nimbusds.jwt.JWTClaimNames.NOT_BEFORE;


/**
* Token validation rule that checks if the "not before" claim is valid
Expand Down Expand Up @@ -54,7 +53,7 @@ public NotBeforeValidationRule(Clock clock, int notBeforeLeeway, boolean allowNu
public Result<Void> checkRule(@NotNull ClaimToken toVerify, @Nullable Map<String, Object> additional) {
var now = clock.instant();
var leewayNow = now.plusSeconds(notBeforeLeeway);
var notBefore = toVerify.getInstantClaim(NOT_BEFORE);
var notBefore = toVerify.getInstantClaim(JwtRegisteredClaimNames.NOT_BEFORE);

if (notBefore == null) {
if (!allowNull) {
Expand Down
10 changes: 2 additions & 8 deletions core/common/token-core/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,8 @@ plugins {
}

dependencies {
api(project(":spi:common:keys-spi"))
api(project(":spi:common:token-spi"))
api(project(":spi:common:jwt-spi"))
api(project(":spi:common:jwt-signer-spi"))

implementation(project(":core:common:lib:crypto-common-lib")) // for the CryptoConverter
implementation(libs.nimbus.jwt)
api(libs.bouncyCastle.bcpkixJdk18on)
implementation(project(":core:common:lib:token-lib"))
implementation(project(":core:common:lib:crypto-common-lib"))
}


3 changes: 2 additions & 1 deletion dist/bom/controlplane-base-bom/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ dependencies {
// core dependencies
api(project(":core:common:boot"))
api(project(":core:common:connector-core"))
api(project(":core:common:token-core"))
api(project(":core:control-plane:control-plane-core"))
api(project(":core:common:edr-store-core"))
api(project(":data-protocols:dsp"))
Expand All @@ -49,5 +50,5 @@ dependencies {
}

edcBuild {

}
1 change: 1 addition & 0 deletions dist/bom/dataplane-base-bom/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ dependencies {
// core dependencies
api(project(":core:common:boot"))
api(project(":core:common:connector-core"))
api(project(":core:common:token-core"))
api(project(":core:data-plane:data-plane-core"))


Expand Down
1 change: 1 addition & 0 deletions dist/bom/sts-feature-bom/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ dependencies {
// core dependencies
api(project(":core:common:boot"))
api(project(":core:common:connector-core"))
api(project(":core:common:token-core"))


// extension dependencies
Expand Down
3 changes: 2 additions & 1 deletion extensions/common/auth/auth-delegated/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,9 @@ plugins {
dependencies {
api(project(":spi:common:auth-spi"))
api(project(":spi:common:token-spi"))
implementation(project(":core:common:token-core")) // for the validation rules
implementation(project(":core:common:lib:crypto-common-lib"))
implementation(project(":core:common:lib:token-lib"))

implementation(libs.jakarta.rsApi)
implementation(libs.nimbus.jwt)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ dependencies {
implementation(project(":spi:common:jwt-spi"))
implementation(project(":spi:common:identity-trust-spi"))
implementation(project(":core:common:lib:util-lib"))
implementation(project(":core:common:token-core")) // for the token rules
implementation(project(":core:common:lib:token-lib"))


testImplementation(project(":core:common:lib:json-ld-lib"))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

package org.eclipse.edc.verifiablecredentials.jwt.rules;

import com.nimbusds.jwt.JWTClaimNames;
import org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.token.spi.TokenValidationRule;
Expand All @@ -29,8 +29,8 @@
public class IssuerEqualsSubjectRule implements TokenValidationRule {
@Override
public Result<Void> checkRule(@NotNull ClaimToken toVerify, @Nullable Map<String, Object> additional) {
var iss = toVerify.getStringClaim(JWTClaimNames.ISSUER);
var sub = toVerify.getStringClaim(JWTClaimNames.SUBJECT);
var iss = toVerify.getStringClaim(JwtRegisteredClaimNames.ISSUER);
var sub = toVerify.getStringClaim(JwtRegisteredClaimNames.SUBJECT);

return iss != null && Objects.equals(iss, sub) ?
Result.success() :
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ dependencies {
implementation(project(":spi:common:participant-spi"))
implementation(project(":core:common:lib:util-lib"))
implementation(project(":core:common:lib:crypto-common-lib"))
implementation(project(":core:common:token-core"))
implementation(project(":core:common:lib:token-lib"))
implementation(project(":extensions:common:crypto:lib:jws2020-lib"))
implementation(project(":extensions:common:crypto:jwt-verifiable-credentials"))
implementation(project(":extensions:common:crypto:ldp-verifiable-credentials"))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,11 @@ dependencies {
api(project(":spi:common:transaction-spi"))
api(project(":spi:common:identity-trust-spi"))
api(project(":spi:common:identity-trust-sts-spi"))
api(project(":spi:common:jwt-signer-spi"))

implementation(project(":spi:common:keys-spi"))
implementation(project(":extensions:common:iam:identity-trust:identity-trust-sts:identity-trust-sts-embedded"))
implementation(project(":core:common:token-core"))
implementation(project(":core:common:lib:token-lib"))
implementation(project(":core:common:lib:store-lib"))

testImplementation(testFixtures(project(":spi:common:identity-trust-sts-spi")))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ dependencies {
implementation(project(":core:common:lib:util-lib"))
testImplementation(testFixtures(project(":spi:common:identity-trust-spi")))
testImplementation(project(":core:common:junit"))
testImplementation(project(":core:common:token-core"))
testImplementation(project(":core:common:lib:token-lib"))
testImplementation(libs.nimbus.jwt)
}

3 changes: 2 additions & 1 deletion extensions/common/iam/oauth2/oauth2-core/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,9 @@ dependencies {
api(project(":spi:common:http-spi"))
api(project(":spi:common:oauth2-spi"))
implementation(project(":spi:common:keys-spi"))
implementation(project(":spi:common:jwt-signer-spi"))
implementation(project(":extensions:common:iam:oauth2:oauth2-client"))
implementation(project(":core:common:token-core"))
implementation(project(":core:common:lib:token-lib"))

implementation(libs.nimbus.jwt)

Expand Down
1 change: 1 addition & 0 deletions extensions/common/iam/oauth2/oauth2-daps/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ dependencies {
api(project(":spi:common:oauth2-spi"))

testImplementation(project(":core:common:connector-core"))
testImplementation(project(":core:common:token-core"))
testImplementation(project(":extensions:common:iam:oauth2:oauth2-core"))
testImplementation(project(":core:common:junit"))
testImplementation(libs.testcontainers.junit)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ plugins {
dependencies {
api(project(":spi:data-plane:data-plane-http-spi"))
api(project(":spi:common:oauth2-spi"))
api(project(":core:common:token-core"))

api(project(":spi:common:jwt-signer-spi"))
implementation(project(":core:common:lib:token-lib"))
implementation(project(":spi:common:keys-spi"))

testImplementation(project(":core:common:junit"))
Expand Down
2 changes: 1 addition & 1 deletion extensions/data-plane/data-plane-iam/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ dependencies {
api(project(":spi:common:token-spi"))
api(project(":spi:data-plane:data-plane-spi"))

implementation(project(":core:common:token-core"))
implementation(project(":core:common:lib:token-lib"))

testImplementation(project(":core:common:junit"))
}
Expand Down
1 change: 1 addition & 0 deletions settings.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ include(":core:common:lib:http-lib")
include(":core:common:lib:keys-lib")
include(":core:common:lib:query-lib")
include(":core:common:lib:store-lib")
include(":core:common:lib:token-lib")
include(":core:common:lib:state-machine-lib")
include(":core:common:lib:crypto-common-lib")
include(":core:common:lib:json-lib")
Expand Down
1 change: 1 addition & 0 deletions spi/common/identity-trust-spi/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ plugins {

dependencies {
api(project(":spi:common:core-spi"))
api(project(":spi:common:token-spi"))
api(project(":spi:common:participant-spi"))
api(project(":spi:common:policy:request-policy-context-spi"))
api(project(":spi:common:policy-engine-spi"))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

package org.eclipse.edc.iam.identitytrust.spi;


import org.eclipse.edc.participant.spi.ParticipantAgentServiceExtension;

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ plugins {

dependencies {
implementation(project(":core:common:connector-core"))
implementation(project(":core:common:token-core"))
implementation(project(":core:data-plane:data-plane-core"))
implementation(project(":extensions:common:api:control-api-configuration"))
implementation(project(":extensions:common:http"))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ public class DataPlaneSelectorEndToEndTest {
"edc.core.retry.retries.max", "0"
),
":core:common:connector-core",
":core:common:token-core",
":core:control-plane:control-plane-core",
":core:data-plane-selector:data-plane-selector-core",
":extensions:control-plane:transfer:transfer-data-plane-signaling",
Expand Down
1 change: 1 addition & 0 deletions system-tests/e2e-transfer-test/data-plane/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ plugins {

dependencies {
implementation(project(":core:data-plane:data-plane-core"))
implementation(project(":core:common:token-core"))
implementation(project(":extensions:common:api:control-api-configuration"))
implementation(project(":extensions:common:http"))
implementation(project(":extensions:control-plane:api:control-plane-api-client"))
Expand Down

0 comments on commit 0627e14

Please sign in to comment.