-
Notifications
You must be signed in to change notification settings - Fork 54
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(test): add integration tests for MIW
- Loading branch information
1 parent
0c68b47
commit c875f46
Showing
18 changed files
with
3,307 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
# E2E-Tests | ||
|
||
This module contains JUnit tests that spin up multiple runtimes in one JVM. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
/* | ||
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* Contributors: | ||
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation | ||
* | ||
*/ | ||
|
||
plugins { | ||
`java-library` | ||
} | ||
|
||
dependencies { | ||
testImplementation(project(":spi:edr-cache-spi")) | ||
testImplementation(project(":edc-extensions:control-plane-adapter-api")) | ||
testImplementation(libs.okhttp.mockwebserver) | ||
testImplementation(libs.restAssured) | ||
testImplementation(libs.nimbus.jwt) | ||
testImplementation(libs.postgres) | ||
testImplementation(libs.awaitility) | ||
testImplementation(libs.aws.s3) | ||
testImplementation(libs.edc.spi.core) | ||
testImplementation(libs.edc.junit) | ||
testImplementation(libs.edc.spi.policy) | ||
testImplementation(libs.edc.spi.contract) | ||
testImplementation(libs.edc.core.api) | ||
testImplementation(libs.edc.spi.catalog) | ||
testImplementation(libs.edc.api.catalog) | ||
testImplementation(libs.edc.api.contractnegotiation) | ||
testImplementation(libs.edc.api.transferprocess) | ||
testImplementation(libs.edc.spi.dataplane.selector) | ||
testImplementation(libs.edc.ext.jsonld) | ||
testImplementation(libs.edc.dsp) | ||
testImplementation(testFixtures(libs.edc.sql.core)) | ||
|
||
|
||
testCompileOnly(project(":edc-tests:runtime:extensions")) | ||
testCompileOnly(project(":edc-tests:runtime:runtime-memory")) | ||
testCompileOnly(project(":edc-tests:runtime:runtime-memory-ssi")) | ||
testCompileOnly(project(":edc-tests:runtime:runtime-postgresql")) | ||
testImplementation(project(":edc-extensions:ssi:ssi-miw-credential-client")) | ||
testImplementation(libs.edc.auth.oauth2.client) | ||
|
||
runtimeOnly(libs.tink) | ||
|
||
} | ||
|
||
// do not publish | ||
edcBuild { | ||
publish.set(false) | ||
} |
31 changes: 31 additions & 0 deletions
31
edc-tests/miw-tests/src/test/java/org/eclipse/tractusx/edc/tag/MiwIntegrationTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
/* | ||
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Apache License, Version 2.0 which is available at | ||
* https://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* Contributors: | ||
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation | ||
* | ||
*/ | ||
|
||
package org.eclipse.tractusx.edc.tag; | ||
|
||
import org.eclipse.edc.junit.annotations.IntegrationTest; | ||
import org.junit.jupiter.api.Tag; | ||
|
||
import java.lang.annotation.ElementType; | ||
import java.lang.annotation.Retention; | ||
import java.lang.annotation.RetentionPolicy; | ||
import java.lang.annotation.Target; | ||
|
||
@Target({ ElementType.TYPE }) | ||
@Retention(RetentionPolicy.RUNTIME) | ||
@IntegrationTest | ||
@Tag("MiwIntegrationTest") | ||
public @interface MiwIntegrationTest { | ||
} | ||
|
72 changes: 72 additions & 0 deletions
72
edc-tests/miw-tests/src/test/java/org/eclipse/tractusx/edc/tests/miw/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# Function-testing the Managed-Identity-Wallet | ||
|
||
## Test setup | ||
|
||
As test subject we used a `docker-compose.yml` file located in `src/main/resources/`. From that directory, simply | ||
execute `docker compose up --wait`, and then, once everything is started, | ||
run `docker exec -i resources-postgres-1 /opt/seed.sh` to seed test data. | ||
|
||
## Test suite description | ||
|
||
### `t0001` Request and verify a VP | ||
|
||
### `t0002` Wrong audience | ||
|
||
This test asserts, that a verification request is rejected, if the wrong `audience=` query parameter is supplied. | ||
The `audience` query parameter must match the `aud` claim inside the token. | ||
|
||
### `t0003` A self-signed VP token is rejected | ||
|
||
This test asserts, that submitting a self-generated JWT (containing the original VP claim) should be rejected. The MIW | ||
should only accept JWTs that were signed by the requestor's private key, which is hosted in MIW. Currently, no JWT | ||
validation is done. | ||
|
||
A rejected flow would be: | ||
|
||
- request VC from MIW | ||
- request VP from MIW, returned in JWT format | ||
- decode the JWT, unpack the payload | ||
- generate a random keypair | ||
- re-use the original claims (payload) and header | ||
- sign with the random keypair | ||
|
||
### `t0004` A bogus JWT is rejected | ||
|
||
This test is an amendment to `t0003` in that it not only forges the JWT itself, but the JWT does not contain any of the | ||
required claims. For example, it does not even contain a `vp` claim, so there is no VerifiablePresentation. | ||
|
||
### `t0005` A forged VC proof (altered JWS) is rejected | ||
|
||
This test asserts, that an altered (and potentially even malformed) `jws` proof is rejected. This test specifically | ||
targets the use of JsonWebSignature2020, because there the `proof` object contains a `jws` field. | ||
|
||
Altering that `jws` value, here by replacing all "a" with "X" should cause the MIW to reject the verification request. | ||
|
||
### `t0006` A tampered VC proof (changed document) is rejected | ||
|
||
Similar to `t0005`, which alters the proof itself, this test alters the document, for which the proof was created. | ||
Technically this should alter the document hash, so the proof becomes invalid, and the MIW should reject the request. | ||
|
||
### `t0007` Forged `iss` claim is rejected | ||
|
||
In this test we construct an impersonation attack, which assumes there are at least two participants in the MIW. | ||
Participant 1 requests a VP, decodes it, replaces the `iss` claim with the ID of Participant 2 and - using again a | ||
randomly generated keypair - signs this forged VP token. This effectively gives any participant the possibility to mount | ||
impersonation attacks. | ||
|
||
> Note that Participant 2 was created in the database using the `src/test/resources/db.sh` script | ||
### `t0008` Invalid `iss` claim is rejected (non-existent user) | ||
|
||
This test attempts to have a JWT verified where the `iss` claim cannot be resolved. | ||
|
||
### `t0009` Invalid `iss` claim is rejected (not did:web format) | ||
|
||
This test asserts that a malformed `iss` claim is rejected by MIW. Specifically, the claim must be in `did:web:....` | ||
format. | ||
|
||
### `t0010` An altered `aud` claim is rejected | ||
|
||
Similar to `t0007`, and in extension to `t0003`, this test asserts, that a verification request is rejected by MIW, if | ||
the `aud` claim inside the JWT token was replaced. | ||
> Note that this attack is only possible if the integrity and provenance of the JWT is not checked, see `t0003`. |
Oops, something went wrong.