From 5fc1492f250bc7bfe0ea207be78e9497da9e5b83 Mon Sep 17 00:00:00 2001
From: Enrico Risa <enrico.risa@gmail.com>
Date: Mon, 16 Oct 2023 18:01:11 +0200
Subject: [PATCH] feat: STS API spec

---
 .../identity-trust-sts-api/build.gradle.kts   | 33 ++++++++
 .../api/sts/SecureTokenServiceApi.java        | 42 ++++++++++
 .../SecureTokenServiceApiController.java      | 38 +++++++++
 .../api/sts/model/StsAccessToken.java         | 42 ++++++++++
 .../api/sts/model/StsTokenRequest.java        | 56 ++++++++++++++
 .../api/sts/model/StsTokenRequestError.java   | 77 +++++++++++++++++++
 settings.gradle.kts                           |  2 +-
 7 files changed, 289 insertions(+), 1 deletion(-)
 create mode 100644 extensions/common/iam/identity-trust/identity-trust-sts-api/build.gradle.kts
 create mode 100644 extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/SecureTokenServiceApi.java
 create mode 100644 extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/controller/SecureTokenServiceApiController.java
 create mode 100644 extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsAccessToken.java
 create mode 100644 extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequest.java
 create mode 100644 extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequestError.java

diff --git a/extensions/common/iam/identity-trust/identity-trust-sts-api/build.gradle.kts b/extensions/common/iam/identity-trust/identity-trust-sts-api/build.gradle.kts
new file mode 100644
index 00000000000..a49ffed4fbb
--- /dev/null
+++ b/extensions/common/iam/identity-trust/identity-trust-sts-api/build.gradle.kts
@@ -0,0 +1,33 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+plugins {
+    `java-library`
+    `maven-publish`
+    id("io.swagger.core.v3.swagger-gradle-plugin")
+}
+
+dependencies {
+    api(project(":spi:common:web-spi"))
+
+    implementation(libs.jakarta.rsApi)
+    implementation(libs.swagger.annotations.jakarta)
+
+    testImplementation(libs.jersey.common)
+    testImplementation(libs.jersey.server)
+
+    testImplementation(project(":core:common:junit"))
+    testImplementation(testFixtures(project(":extensions:common:http:jersey-core")))
+}
+
diff --git a/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/SecureTokenServiceApi.java b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/SecureTokenServiceApi.java
new file mode 100644
index 00000000000..d063d36732b
--- /dev/null
+++ b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/SecureTokenServiceApi.java
@@ -0,0 +1,42 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.api.sts;
+
+import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.ArraySchema;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.ws.rs.BeanParam;
+import org.eclipse.edc.connector.api.sts.model.StsAccessToken;
+import org.eclipse.edc.connector.api.sts.model.StsTokenRequest;
+import org.eclipse.edc.connector.api.sts.model.StsTokenRequestError;
+
+@OpenAPIDefinition
+@Tag(name = "Secure Token Service Api")
+public interface SecureTokenServiceApi {
+
+
+    @Operation(description = "",
+            responses = {
+                    @ApiResponse(responseCode = "200", description = "The Self-Issued ID token",
+                            content = @Content(schema = @Schema(implementation = StsAccessToken.class))),
+                    @ApiResponse(responseCode = "400", description = "Invalid Request",
+                            content = @Content(array = @ArraySchema(schema = @Schema(implementation = StsTokenRequestError.class))))
+            })
+    StsAccessToken token(@BeanParam StsTokenRequest request);
+}
diff --git a/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/controller/SecureTokenServiceApiController.java b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/controller/SecureTokenServiceApiController.java
new file mode 100644
index 00000000000..9b0f6dce07b
--- /dev/null
+++ b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/controller/SecureTokenServiceApiController.java
@@ -0,0 +1,38 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.api.sts.controller;
+
+import jakarta.ws.rs.BeanParam;
+import jakarta.ws.rs.Consumes;
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.MediaType;
+import org.eclipse.edc.connector.api.sts.SecureTokenServiceApi;
+import org.eclipse.edc.connector.api.sts.model.StsAccessToken;
+import org.eclipse.edc.connector.api.sts.model.StsTokenRequest;
+
+@Path("/")
+public class SecureTokenServiceApiController implements SecureTokenServiceApi {
+
+    @Consumes({ MediaType.APPLICATION_FORM_URLENCODED })
+    @Produces({ MediaType.APPLICATION_JSON })
+    @Path("token")
+    @POST
+    @Override
+    public StsAccessToken token(@BeanParam StsTokenRequest request) {
+        return null;
+    }
+}
diff --git a/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsAccessToken.java b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsAccessToken.java
new file mode 100644
index 00000000000..d7159dc5ed5
--- /dev/null
+++ b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsAccessToken.java
@@ -0,0 +1,42 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.api.sts.model;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+public class StsAccessToken {
+
+    @JsonProperty("access_token")
+    private String accessToken;
+
+    @JsonProperty("tokenType")
+    private String tokenType = "Bearer";
+
+    @JsonProperty("expires_in")
+    private long expiresIn;
+
+
+    public long getExpiresIn() {
+        return expiresIn;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public String getTokenType() {
+        return tokenType;
+    }
+}
diff --git a/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequest.java b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequest.java
new file mode 100644
index 00000000000..344f4f3efd5
--- /dev/null
+++ b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequest.java
@@ -0,0 +1,56 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.api.sts.model;
+
+import jakarta.ws.rs.FormParam;
+
+public class StsTokenRequest {
+
+    @FormParam("grant_type")
+    private String grantType;
+
+    @FormParam("client_id")
+    private String clientId;
+
+    @FormParam("client_secret")
+    private String clientSecret;
+
+    @FormParam("bearer_access_scope")
+    private String bearerAccessScope;
+
+    @FormParam("access_token")
+    private String accessToken;
+
+    public String getGrantType() {
+        return grantType;
+    }
+
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public String getBearerAccessScope() {
+        return bearerAccessScope;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+}
diff --git a/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequestError.java b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequestError.java
new file mode 100644
index 00000000000..6c672d3d61b
--- /dev/null
+++ b/extensions/common/iam/identity-trust/identity-trust-sts-api/src/main/java/org/eclipse/edc/connector/api/sts/model/StsTokenRequestError.java
@@ -0,0 +1,77 @@
+/*
+ *  Copyright (c) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.api.sts.model;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+
+
+public class StsTokenRequestError {
+
+    @JsonProperty
+    private String error;
+    @JsonProperty
+    private String errorDescription;
+    @JsonProperty
+    private String errorUri;
+
+    private StsTokenRequestError() {
+
+    }
+
+    public String getError() {
+        return error;
+    }
+
+    public String getErrorDescription() {
+        return errorDescription;
+    }
+
+    public String getErrorUri() {
+        return errorUri;
+    }
+
+
+    public static class Builder {
+
+        private final StsTokenRequestError apiError = new StsTokenRequestError();
+
+        private Builder() {
+        }
+
+        public static Builder newInstance() {
+            return new Builder();
+        }
+
+        public Builder error(String message) {
+            apiError.error = message;
+            return this;
+        }
+
+        public Builder errorDescription(String type) {
+            apiError.errorDescription = type;
+            return this;
+        }
+
+        public Builder errorUri(String path) {
+            apiError.errorUri = path;
+            return this;
+        }
+
+
+        public StsTokenRequestError build() {
+            return apiError;
+        }
+    }
+}
diff --git a/settings.gradle.kts b/settings.gradle.kts
index eecce4e27b5..34bc9c56b54 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -115,6 +115,7 @@ include(":extensions:common:iam:identity-trust:identity-trust-transform")
 include(":extensions:common:iam:identity-trust:identity-trust-service")
 include(":extensions:common:iam:identity-trust:identity-trust-core")
 include(":extensions:common:iam:identity-trust:identity-trust-sts-embedded")
+include(":extensions:common:iam:identity-trust:identity-trust-sts-api")
 include(":extensions:common:json-ld")
 include(":extensions:common:metrics:micrometer-core")
 include(":extensions:common:monitor:monitor-jdk-logger")
@@ -226,4 +227,3 @@ include(":system-tests:telemetry:telemetry-test-runner")
 include(":system-tests:telemetry:telemetry-test-runtime")
 
 include(":version-catalog")
-