Skip to content

Commit

Permalink
feat: get rid of cid claim in EDR auth token
Browse files Browse the repository at this point in the history
  • Loading branch information
bscholtes1A committed Oct 13, 2023
1 parent 7876288 commit c1e7739
Show file tree
Hide file tree
Showing 8 changed files with 4 additions and 177 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@
package org.eclipse.edc.connector.transfer.dataplane;

import org.eclipse.edc.connector.api.control.configuration.ControlApiConfiguration;
import org.eclipse.edc.connector.contract.spi.negotiation.store.ContractNegotiationStore;
import org.eclipse.edc.connector.dataplane.selector.spi.client.DataPlaneSelectorClient;
import org.eclipse.edc.connector.dataplane.spi.client.DataPlaneClient;
import org.eclipse.edc.connector.transfer.dataplane.api.ConsumerPullTransferTokenValidationApiController;
Expand All @@ -25,7 +24,6 @@
import org.eclipse.edc.connector.transfer.dataplane.proxy.ConsumerPullDataPlaneProxyResolver;
import org.eclipse.edc.connector.transfer.dataplane.spi.security.DataEncrypter;
import org.eclipse.edc.connector.transfer.dataplane.spi.token.ConsumerPullTokenExpirationDateFunction;
import org.eclipse.edc.connector.transfer.dataplane.validation.ContractValidationRule;
import org.eclipse.edc.connector.transfer.dataplane.validation.ExpirationDateValidationRule;
import org.eclipse.edc.connector.transfer.spi.callback.ControlApiUrl;
import org.eclipse.edc.connector.transfer.spi.flow.DataFlowManager;
Expand Down Expand Up @@ -57,9 +55,6 @@ public class TransferDataPlaneCoreExtension implements ServiceExtension {

public static final String NAME = "Transfer Data Plane Core";

@Inject
private ContractNegotiationStore contractNegotiationStore;

@Inject
private Vault vault;

Expand Down Expand Up @@ -109,7 +104,7 @@ public void initialize(ServiceExtensionContext context) {
var keyPair = keyPairFromConfig(context);
var controller = new ConsumerPullTransferTokenValidationApiController(tokenValidationService(keyPair.getPublic()), dataEncrypter, typeManager);
webService.registerResource(controlApiConfiguration.getContextAlias(), controller);

var resolver = new ConsumerPullDataPlaneProxyResolver(dataEncrypter, typeManager, new TokenGenerationServiceImpl(keyPair.getPrivate()), tokenExpirationDateFunction);
dataFlowManager.register(new ConsumerPullTransferDataFlowController(selectorClient, resolver));
dataFlowManager.register(new ProviderPushTransferDataFlowController(callbackUrl, dataPlaneClient));
Expand All @@ -130,7 +125,6 @@ private KeyPair keyPairFromConfig(ServiceExtensionContext context) {

private TokenValidationService tokenValidationService(PublicKey publicKey) {
var registry = new TokenValidationRulesRegistryImpl();
registry.addRule(new ContractValidationRule(contractNegotiationStore, clock));
registry.addRule(new ExpirationDateValidationRule(clock));
return new TokenValidationServiceImpl(id -> publicKey, registry);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ private Result<String> resolveProxyUrl(DataPlaneInstance instance) {
private Result<String> generateAccessToken(DataAddress source, String contractId) {
var encryptedDataAddress = dataEncrypter.encrypt(typeManager.writeValueAsString(source));
return tokenExpirationDateFunction.expiresAt(source, contractId)
.compose(expiration -> tokenGenerationService.generate(new ConsumerPullDataPlaneProxyTokenDecorator(expiration, contractId, encryptedDataAddress)))
.compose(expiration -> tokenGenerationService.generate(new ConsumerPullDataPlaneProxyTokenDecorator(expiration, encryptedDataAddress)))
.map(TokenRepresentation::getToken);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
import java.util.Map;

import static java.util.Collections.emptyMap;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.CONTRACT_ID;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.DATA_ADDRESS;
import static org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames.EXPIRATION_TIME;

Expand All @@ -32,20 +31,17 @@
class ConsumerPullDataPlaneProxyTokenDecorator implements JwtDecorator {

private final Date expirationDate;
private final String contractId;
private final String encryptedDataAddress;

ConsumerPullDataPlaneProxyTokenDecorator(Date expirationDate, String contractId, String encryptedDataAddress) {
ConsumerPullDataPlaneProxyTokenDecorator(Date expirationDate, String encryptedDataAddress) {
this.expirationDate = expirationDate;
this.contractId = contractId;
this.encryptedDataAddress = encryptedDataAddress;
}

@Override
public Map<String, Object> claims() {
return Map.of(
EXPIRATION_TIME, expirationDate,
CONTRACT_ID, contractId,
DATA_ADDRESS, encryptedDataAddress
);
}
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,6 @@
import java.util.UUID;

import static org.assertj.core.api.Assertions.assertThat;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.CONTRACT_ID;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.DATA_ADDRESS;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.HTTP_PROXY;
import static org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames.EXPIRATION_TIME;
Expand Down Expand Up @@ -89,7 +88,6 @@ void verifyToDataAddressSuccess() {
var decorator = captor.getValue();

assertThat(decorator.claims())
.containsEntry(CONTRACT_ID, request.getContractId())
.containsEntry(DATA_ADDRESS, encryptedAddress)
.containsEntry(EXPIRATION_TIME, expiration);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
import java.util.concurrent.ThreadLocalRandom;

import static org.assertj.core.api.Assertions.assertThat;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.CONTRACT_ID;
import static org.eclipse.edc.connector.transfer.dataplane.spi.TransferDataPlaneConstants.DATA_ADDRESS;
import static org.eclipse.edc.jwt.spi.JwtRegisteredClaimNames.EXPIRATION_TIME;

Expand All @@ -40,15 +39,14 @@ public void setUp() {
expiration = Date.from(Instant.now().plusSeconds(ThreadLocalRandom.current().nextInt(1, 10)));
contractId = UUID.randomUUID().toString();
encryptedDataAddress = UUID.randomUUID().toString();
decorator = new ConsumerPullDataPlaneProxyTokenDecorator(expiration, contractId, encryptedDataAddress);
decorator = new ConsumerPullDataPlaneProxyTokenDecorator(expiration, encryptedDataAddress);
}

@Test
void claims() {
var result = decorator.claims();

assertThat(result)
.containsEntry(CONTRACT_ID, contractId)
.containsEntry(DATA_ADDRESS, encryptedDataAddress)
.containsEntry(EXPIRATION_TIME, expiration);
}
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@

import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest;

import static org.eclipse.edc.spi.CoreConstants.EDC_NAMESPACE;

/**
* Type of Data Plane transfer.
*/
Expand All @@ -32,14 +30,4 @@ public interface TransferDataPlaneConstants {
* data source as an encrypted string.
*/
String DATA_ADDRESS = "dad";

/**
* Claim of the token used in input of Data Plane public API containing the contract id.
*/
String CONTRACT_ID = "cid";

/**
* Claim of the token used in input of Data Plane public API containing the contract id with namespace.
*/
String EDC_CONTRACT_ID = EDC_NAMESPACE + "cid";
}

0 comments on commit c1e7739

Please sign in to comment.