fix after review

charts/tractusx-connector-azure-vault/README.md

@@ -33,7 +33,6 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
 - `controlplane.ssi.miw.url`: the URL
 - `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.miw.authorityIssuer`: the DID URL of the issuer authority
 - `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
 - `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
 - `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
@@ -163,7 +162,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
 | controlplane.service.annotations | object | `{}` |  |
 | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
 | controlplane.ssi.miw.authorityId | string | `""` |  |
-| controlplane.ssi.miw.authorityIssuer | string | `""` |  |
 | controlplane.ssi.miw.url | string | `""` |  |
 | controlplane.ssi.oauth.client.id | string | `""` |  |
 | controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` |  |

charts/tractusx-connector-azure-vault/README.md.gotmpl

@@ -33,7 +33,6 @@
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
 - `controlplane.ssi.miw.url`: the URL
 - `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.miw.authorityIssuer`: the DID URL of the issuer authority
 - `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
 - `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
 - `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml

@@ -119,17 +119,15 @@ spec:
             # SSI / MIW CONFIGURATION
             ##########################
             - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.controlplane.ssi.miw.url }}
+              value: {{ .Values.controlplane.ssi.miw.url | quote }}
             - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.controlplane.ssi.miw.authorityId }}
-            - name: "TX_SSI_MIW_AUTHORITY_ISSUER"
-              value: {{ .Values.controlplane.ssi.miw.authorityIssuer }}
+              value: {{ .Values.controlplane.ssi.miw.authorityId | quote }}
             - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.controlplane.ssi.oauth.tokenurl }}
+              value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }}
             - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.controlplane.ssi.oauth.client.id }}
+              value: {{ .Values.controlplane.ssi.oauth.client.id | quote }}
             - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias }}
+              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }}
             - name: "TX_SSI_ENDPOINT_AUDIENCE"
               value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
 

charts/tractusx-connector-azure-vault/values.yaml

@@ -127,7 +127,6 @@ controlplane:
     miw:
       url: ""
       authorityId: ""
-      authorityIssuer: ""
     oauth:
       tokenurl: ""
       client:

charts/tractusx-connector-memory/README.md

@@ -159,7 +159,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.5.0-r
 | runtime.service.annotations | object | `{}` |  |
 | runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
 | runtime.ssi.miw.authorityId | string | `""` |  |
-| runtime.ssi.miw.authorityIssuer | string | `""` |  |
 | runtime.ssi.miw.url | string | `""` |  |
 | runtime.ssi.oauth.client.id | string | `""` |  |
 | runtime.ssi.oauth.client.secretAlias | string | `"client-secret"` |  |

charts/tractusx-connector-memory/templates/deployment-runtime.yaml

@@ -119,17 +119,15 @@ spec:
             # SSI / MIW CONFIGURATION
             ##########################
             - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.runtime.ssi.miw.url }}
+              value: {{ .Values.runtime.ssi.miw.url | quote }}
             - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.runtime.ssi.miw.authorityId }}
-            - name: "TX_SSI_MIW_AUTHORITY_ISSUER"
-              value: {{ .Values.runtime.ssi.miw.authorityIssuer }}
+              value: {{ .Values.runtime.ssi.miw.authorityId | quote }}
             - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.runtime.ssi.oauth.tokenurl }}
+              value: {{ .Values.runtime.ssi.oauth.tokenurl | quote }}
             - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.runtime.ssi.oauth.client.id }}
+              value: {{ .Values.runtime.ssi.oauth.client.id | quote }}
             - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.runtime.ssi.oauth.client.secretAlias }}
+              value: {{ .Values.runtime.ssi.oauth.client.secretAlias | quote }}
             - name: "TX_SSI_ENDPOINT_AUDIENCE"
               value: {{ printf "%s%s" (include "txdc.runtime.url.protocol" .) .Values.runtime.endpoints.protocol.path | quote }}
 

charts/tractusx-connector-memory/values.yaml

@@ -125,7 +125,6 @@ runtime:
     miw:
       url: ""
       authorityId: ""
-      authorityIssuer: ""
     oauth:
       tokenurl: ""
       client:

charts/tractusx-connector/README.md

@@ -30,7 +30,6 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
 - `controlplane.ssi.miw.url`: the URL
 - `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.miw.authorityIssuer`: the DID URL of the issuer authority
 - `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
 - `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
 - `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
@@ -157,7 +156,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.5.0-rc3 \
 | controlplane.service.annotations | object | `{}` |  |
 | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
 | controlplane.ssi.miw.authorityId | string | `""` |  |
-| controlplane.ssi.miw.authorityIssuer | string | `""` |  |
 | controlplane.ssi.miw.url | string | `""` |  |
 | controlplane.ssi.oauth.client.id | string | `""` |  |
 | controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` |  |

charts/tractusx-connector/README.md.gotmpl

@@ -30,7 +30,6 @@
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
 - `controlplane.ssi.miw.url`: the URL
 - `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.miw.authorityIssuer`: the DID URL of the issuer authority
 - `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
 - `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
 - `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.

charts/tractusx-connector/templates/deployment-controlplane.yaml

@@ -122,8 +122,6 @@ spec:
               value: {{ .Values.controlplane.ssi.miw.url }}
             - name: "TX_SSI_MIW_AUTHORITY_ID"
               value: {{ .Values.controlplane.ssi.miw.authorityId }}
-            - name: "TX_SSI_MIW_AUTHORITY_ISSUER"
-              value: {{ .Values.controlplane.ssi.miw.authorityIssuer }}
             - name: "TX_SSI_OAUTH_TOKEN_URL"
               value: {{ .Values.controlplane.ssi.oauth.tokenurl }}
             - name: "TX_SSI_OAUTH_CLIENT_ID"

charts/tractusx-connector/values.yaml

@@ -128,7 +128,6 @@ controlplane:
     miw:
       url: ""
       authorityId: ""
-      authorityIssuer: ""
     oauth:
       tokenurl: ""
       client:

docs/samples/example-dataspace/plato-values.yaml

@@ -44,7 +44,6 @@ controlplane:
       miw:
         url: ""
         authorityId: ""
-        authorityIssuer: ""
       oauth:
         tokenurl: ""
         client:

docs/samples/example-dataspace/sokrates-values.yaml

@@ -43,7 +43,6 @@ controlplane:
     miw:
       url: ""
       authorityId: ""
-      authorityIssuer: ""
     oauth:
       tokenurl: ""
       client:

edc-extensions/ssi/ssi-miw-credential-client/src/main/java/org/eclipse/tractusx/edc/iam/ssi/miw/config/SsiMiwConfiguration.java

@@ -44,8 +44,7 @@ private Builder() {
         public static Builder newInstance() {
             return new Builder();
         }
-
-
+
         public Builder url(String url) {
             config.url = url;
             return this;

edc-extensions/ssi/ssi-miw-credential-client/src/main/java/org/eclipse/tractusx/edc/iam/ssi/miw/rule/SsiCredentialIssuerValidationRule.java

@@ -34,6 +34,10 @@
 import static org.eclipse.tractusx.edc.iam.ssi.spi.jsonld.CredentialsNamespaces.VP_PROPERTY;
 import static org.eclipse.tractusx.edc.iam.ssi.spi.jsonld.JsonLdTypeFunctions.extractObjectsOfType;
 
+/**
+ * {@link TokenValidationRule} that compares the issuer in the Verifiable Credential (Summary) with the one provided
+ * by configuration.
+ */
 public class SsiCredentialIssuerValidationRule implements TokenValidationRule {
 
     private static final String SUBJECT_ISSUER_EXTRACTOR_PREFIX = "Credential issuer extractor:";

edc-extensions/ssi/ssi-miw-credential-client/src/main/java/org/eclipse/tractusx/edc/iam/ssi/miw/rule/SsiCredentialSubjectIdValidationRule.java

@@ -35,6 +35,10 @@
 import static org.eclipse.tractusx.edc.iam.ssi.spi.jsonld.CredentialsNamespaces.VP_PROPERTY;
 import static org.eclipse.tractusx.edc.iam.ssi.spi.jsonld.JsonLdTypeFunctions.extractObjectsOfType;
 
+/**
+ * {@link TokenValidationRule} that compares the issuer of the VP (JWT format) with the credential subject id of
+ * the Verifiable Credential (Summary)
+ */
 public class SsiCredentialSubjectIdValidationRule implements TokenValidationRule {
 
     private static final String CREDENTIAL_SUBJECT_EXTRACTOR_PREFIX = "Credential subject extractor:";

edc-extensions/ssi/ssi-miw-credential-client/src/test/java/org/eclipse/tractusx/edc/iam/ssi/miw/SsiMiwApiClientExtensionTest.java

@@ -33,9 +33,8 @@
 @ExtendWith(DependencyInjectionExtension.class)
 public class SsiMiwApiClientExtensionTest {
 
-    SsiMiwApiClientExtension extension;
-
-    SsiMiwConfiguration cfg = mock(SsiMiwConfiguration.class);
+    private final SsiMiwConfiguration cfg = mock(SsiMiwConfiguration.class);
+    private SsiMiwApiClientExtension extension;
 
     @BeforeEach
     void setup(ObjectFactory factory, ServiceExtensionContext context) {

edc-extensions/ssi/ssi-miw-credential-client/src/test/java/org/eclipse/tractusx/edc/iam/ssi/miw/SsiMiwConfigurationExtensionTest.java

@@ -38,9 +38,9 @@
 @ExtendWith(DependencyInjectionExtension.class)
 public class SsiMiwConfigurationExtensionTest {
 
-    SsiMiwConfigurationExtension extension;
+    private SsiMiwConfigurationExtension extension;
 
-    ServiceExtensionContext context;
+    private ServiceExtensionContext context;
 
     @BeforeEach
     void setup(ObjectFactory factory, ServiceExtensionContext context) {

edc-extensions/ssi/ssi-miw-credential-client/src/test/java/org/eclipse/tractusx/edc/iam/ssi/miw/SsiMiwValidationRuleExtensionTest.java

@@ -33,10 +33,9 @@
 @ExtendWith(DependencyInjectionExtension.class)
 public class SsiMiwValidationRuleExtensionTest {
 
-    SsiMiwValidationRuleExtension extension;
-
-    SsiValidationRuleRegistry registry = mock(SsiValidationRuleRegistry.class);
-    SsiMiwConfiguration cfg = mock(SsiMiwConfiguration.class);
+    private final SsiValidationRuleRegistry registry = mock(SsiValidationRuleRegistry.class);
+    private final SsiMiwConfiguration cfg = mock(SsiMiwConfiguration.class);
+    private SsiMiwValidationRuleExtension extension;
 
     @BeforeEach
     void setup(ObjectFactory factory, ServiceExtensionContext context) {
@@ -55,5 +54,5 @@ void initialize(ServiceExtensionContext context) {
 
         verify(cfg).getAuthorityIssuer();
     }
-    
+
 }

edc-extensions/ssi/ssi-miw-credential-client/src/test/java/org/eclipse/tractusx/edc/iam/ssi/miw/rule/SsiCredentialSubjectIdValidationRuleTest.java

@@ -36,7 +36,7 @@ public class SsiCredentialSubjectIdValidationRuleTest {
 
     static final Map<String, String> CONTEXT_CACHE = Map.of(CX_SUMMARY_NS_V1, SummaryContext.SUMMARY_CONTEXT);
 
-    SsiCredentialSubjectIdValidationRule validationRule = new SsiCredentialSubjectIdValidationRule(mock(Monitor.class));
+    private final SsiCredentialSubjectIdValidationRule validationRule = new SsiCredentialSubjectIdValidationRule(mock(Monitor.class));
 
     @Test
     void checkRule() throws JsonProcessingException {
@@ -49,7 +49,7 @@ void checkRule() throws JsonProcessingException {
 
         assertThat(result.succeeded()).isTrue();
     }
-    
+
     @Test
     void checkRule_shouldFail_whenIssuerMissingInClaims() throws JsonProcessingException {
         var vp = expand(createObjectMapper().readValue(SUMMARY_VP, JsonObject.class), CONTEXT_CACHE);

edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/catalog/MiwSsiCatalogTest.java

@@ -56,7 +56,7 @@ public static Map<String, String> sokratesSsiMiwConfiguration() {
                 put("tx.ssi.oauth.client.id", "miw_private_client");
                 put("tx.ssi.oauth.client.secret.alias", "client_secret_alias");
                 put("tx.ssi.miw.authority.id", "BPNL000000000000");
-//                put("tx.ssi.miw.authority.issuer", "did:web:localhost%3A8080:BPNL000000000000");
+                put("tx.ssi.miw.authority.issuer", "did:web:localhost%3A8080:BPNL000000000000");
                 put("tx.vault.seed.secrets", "client_secret_alias:miw_private_client");
                 put("tx.ssi.endpoint.audience", SOKRATES_DSP_CALLBACK);
             }