hyperledger · patlo-iog · Aug 30, 2024 · Aug 30, 2024 · Aug 30, 2024
@@ -83,12 +83,11 @@ object KeycloakAuthenticatorSpec
 
     suite("KeycloakAuthenticatorSpec")(
       basicSpec
-        .provide(
+        .provideSome[KeycloakContainerCustom](
           KeycloakAuthenticatorImpl.layer,
           ZLayer.fromZIO(initializeClient) >>> KeycloakClientImpl.authzClientLayer >+> KeycloakClientImpl.layer,
           keycloakConfigLayer(),
           keycloakAdminClientLayer,
-          keycloakContainerLayer,
           Client.default,
           KeycloakPermissionManagementService.layer,
           WalletManagementServiceImpl.layer,
@@ -100,12 +99,11 @@ object KeycloakAuthenticatorSpec
           ZLayer.succeed(WalletAdministrationContext.Admin())
         ),
       disabledAutoRptSpec
-        .provide(
+        .provideSome[KeycloakContainerCustom](
           KeycloakAuthenticatorImpl.layer,
           ZLayer.fromZIO(initializeClient) >>> KeycloakClientImpl.authzClientLayer >+> KeycloakClientImpl.layer,
           keycloakConfigLayer(authUpgradeToRPT = false),
           keycloakAdminClientLayer,
-          keycloakContainerLayer,
           Client.default,
           KeycloakPermissionManagementService.layer,
           WalletManagementServiceImpl.layer,
@@ -117,6 +115,7 @@ object KeycloakAuthenticatorSpec
           ZLayer.succeed(WalletAdministrationContext.Admin())
         )
     )
+      .provideLayerShared(keycloakContainerLayer)
       .provide(Runtime.removeDefaultLoggers) @@ TestAspect.sequential
   }
 

@@ -39,22 +39,24 @@ object KeycloakPermissionManagementServiceSpec
       multitenantSuite
     ) @@ sequential @@ TestAspect.before(DBTestUtils.runMigrationAgentDB)
 
-    s.provide(
-      Client.default,
-      keycloakContainerLayer,
-      keycloakAdminConfigLayer,
-      KeycloakAdmin.layer,
-      KeycloakPermissionManagementService.layer,
-      KeycloakAuthenticatorImpl.layer,
-      ZLayer.fromZIO(initializeClient) >>> KeycloakClientImpl.authzClientLayer >+> KeycloakClientImpl.layer,
-      keycloakConfigLayer(),
-      WalletManagementServiceImpl.layer,
-      JdbcWalletNonSecretStorage.layer,
-      JdbcWalletSecretStorage.layer,
-      contextAwareTransactorLayer,
-      pgContainerLayer,
-      apolloLayer
-    ).provide(Runtime.removeDefaultLoggers)
+    s
+      .provideSome[KeycloakContainerCustom](
+        Client.default,
+        keycloakAdminConfigLayer,
+        KeycloakAdmin.layer,
+        KeycloakPermissionManagementService.layer,
+        KeycloakAuthenticatorImpl.layer,
+        ZLayer.fromZIO(initializeClient) >>> KeycloakClientImpl.authzClientLayer >+> KeycloakClientImpl.layer,
+        keycloakConfigLayer(),
+        WalletManagementServiceImpl.layer,
+        JdbcWalletNonSecretStorage.layer,
+        JdbcWalletSecretStorage.layer,
+        contextAwareTransactorLayer,
+        pgContainerLayer,
+        apolloLayer
+      )
+      .provideLayerShared(keycloakContainerLayer)
+      .provide(Runtime.removeDefaultLoggers)
   }
 
   private val successfulCasesSuite = suite("Successful Cases")(

@@ -74,7 +74,7 @@ object OIDCCredentialIssuerServiceSpec
     MockDIDService.resolveDIDExpectation(issuerDidMetadata, issuerDidData)
 
   private val issuerManagedDIDServiceExpectations =
-    MockManagedDIDService.javaKeyPairWithDIDExpectation(issuerKp)
+    MockManagedDIDService.findDIDKeyPairExpectation(issuerKp)
 
   private val getIssuerPrismDidWalletIdExpectations =
     MockDIDNonSecretStorage.getPrismDidWalletIdExpectation(issuerDidData.id, WalletId.default)
@@ -139,7 +139,6 @@ object OIDCCredentialIssuerServiceSpec
               None,
               credentialDefinition
             )
-          _ <- zio.Console.printLine(jwt)
           jwtObject <- ZIO.fromTry(Try(JWSObject.parse(jwt.value)))
           payload <- ZIO.fromEither(Json.decoder.decodeJson(jwtObject.getPayload.toString).flatMap(_.as[Json.Obj]))
           vc <- ZIO.fromEither(payload.get("vc").get.as[Json.Obj])

@@ -73,7 +73,7 @@ object CredentialDefinitionLookupAndPaginationSpec
       )
   ).provideSomeLayerShared(
     mockManagedDIDServiceLayer.exactly(20).toLayer >+> testEnvironmentLayer
-  )
+  ).provide(Runtime.removeDefaultLoggers)
 
   private val credentialDefinitionPaginationSpec = suite("credential-definition-registry pagination logic")(
     test("pagination of the first page with the empty query params") {

@@ -10,8 +10,6 @@ import org.hyperledger.identus.shared.crypto.{Ed25519KeyPair, Secp256k1KeyPair,
 import org.hyperledger.identus.shared.models.WalletAccessContext
 import zio.*
 
-import java.security.{PrivateKey as JavaPrivateKey, PublicKey as JavaPublicKey}
-
 /** A wrapper around Castor's DIDService providing key-management capability. Analogous to the secretAPI in
   * indy-wallet-sdk.
   */
@@ -23,12 +21,6 @@ trait ManagedDIDService {
 
   def syncUnconfirmedUpdateOperations: ZIO[WalletAccessContext, GetManagedDIDError, Unit]
 
-  @deprecated("will be dropped in favor of findDIDKeyPair")
-  def javaKeyPairWithDID(
-      did: CanonicalPrismDID,
-      keyId: String
-  ): URIO[WalletAccessContext, Option[(JavaPrivateKey, JavaPublicKey)]]
-
   def findDIDKeyPair(
       did: CanonicalPrismDID,
       keyId: String

@@ -17,7 +17,6 @@ import org.hyperledger.identus.shared.crypto.{Apollo, Ed25519KeyPair, Secp256k1K
 import org.hyperledger.identus.shared.models.WalletAccessContext
 import zio.*
 
-import java.security.{PrivateKey as JavaPrivateKey, PublicKey as JavaPublicKey}
 import scala.collection.immutable.ArraySeq
 import scala.language.implicitConversions
 
@@ -55,23 +54,6 @@ class ManagedDIDServiceImpl private[walletapi] (
   def syncUnconfirmedUpdateOperations: ZIO[WalletAccessContext, GetManagedDIDError, Unit] =
     syncUnconfirmedUpdateOperationsByDID(did = None)
 
-  def javaKeyPairWithDID(
-      did: CanonicalPrismDID,
-      keyId: String
-  ): URIO[WalletAccessContext, Option[(JavaPrivateKey, JavaPublicKey)]] = {
-    findDIDKeyPair(did, keyId)
-      .flatMap {
-        case None                            => ZIO.none
-        case Some(keyPair: Secp256k1KeyPair) => ZIO.some(keyPair)
-        case _ => ZIO.dieMessage("Only secp256k1 keypair is supported for Java KeyPair conversion")
-      }
-      .map(
-        _.map { keyPair =>
-          (keyPair.privateKey.toJavaPrivateKey, keyPair.publicKey.toJavaPublicKey)
-        }
-      )
-  }
-
   override def findDIDKeyPair(
       did: CanonicalPrismDID,
       keyId: String

@@ -16,13 +16,11 @@ import zio.*
 import zio.mock.*
 import zio.test.Assertion
 
-import java.security.{PrivateKey as JavaPrivateKey, PublicKey as JavaPublicKey}
-
 object MockManagedDIDService extends Mock[ManagedDIDService] {
 
   object GetManagedDIDState extends Effect[CanonicalPrismDID, GetManagedDIDError, Option[ManagedDIDState]]
-  object JavaKeyPairWithDID
-      extends Effect[(CanonicalPrismDID, String), Nothing, Option[(JavaPrivateKey, JavaPublicKey)]]
+  object FindDIDKeyPair
+      extends Effect[(CanonicalPrismDID, String), Nothing, Option[Secp256k1KeyPair | Ed25519KeyPair | X25519KeyPair]]
 
   override val compose: URLayer[mock.Proxy, ManagedDIDService] =
     ZLayer {
@@ -35,16 +33,11 @@ object MockManagedDIDService extends Mock[ManagedDIDService] {
 
         override def syncUnconfirmedUpdateOperations: IO[GetManagedDIDError, Unit] = ???
 
-        override def javaKeyPairWithDID(
-            did: CanonicalPrismDID,
-            keyId: String
-        ): UIO[Option[(JavaPrivateKey, JavaPublicKey)]] =
-          proxy(JavaKeyPairWithDID, did, keyId)
-
         override def findDIDKeyPair(
             did: CanonicalPrismDID,
             keyId: String
-        ): UIO[Option[Secp256k1KeyPair | Ed25519KeyPair | X25519KeyPair]] = ???
+        ): UIO[Option[Secp256k1KeyPair | Ed25519KeyPair | X25519KeyPair]] =
+          proxy(FindDIDKeyPair, (did, keyId))
 
         override def getManagedDIDState(
             did: CanonicalPrismDID
@@ -98,11 +91,9 @@ object MockManagedDIDService extends Mock[ManagedDIDService] {
         )
       )
 
-  def javaKeyPairWithDIDExpectation(ecKeyPair: Secp256k1KeyPair): Expectation[ManagedDIDService] =
-    MockManagedDIDService.JavaKeyPairWithDID(
+  def findDIDKeyPairExpectation(keyPair: Secp256k1KeyPair): Expectation[ManagedDIDService] =
+    MockManagedDIDService.FindDIDKeyPair(
       assertion = Assertion.anything,
-      result = Expectation.value(
-        Some((ecKeyPair.privateKey.toJavaPrivateKey, ecKeyPair.publicKey.toJavaPublicKey))
-      )
+      result = Expectation.value(Some(keyPair))
     )
 }
@@ -3,8 +3,7 @@ package org.hyperledger.identus.connect.core.model
 import org.hyperledger.identus.connect.core.model.ConnectionRecord.{ProtocolState, Role}
 import org.hyperledger.identus.mercury.protocol.connection.{ConnectionRequest, ConnectionResponse}
 import org.hyperledger.identus.mercury.protocol.invitation.v2.Invitation
-import org.hyperledger.identus.shared.models.Failure
-import org.hyperledger.identus.shared.models.WalletId
+import org.hyperledger.identus.shared.models.{Failure, WalletId}
 
 import java.time.temporal.ChronoUnit
 import java.time.Instant

@@ -1,6 +1,6 @@
 package org.hyperledger.identus.mercury
 
-import io.circe._
+import io.circe.*
 import io.circe.parser.*
 import org.hyperledger.identus.*
 import org.hyperledger.identus.mercury.model.*

@@ -560,14 +560,18 @@ class CredentialServiceImpl(
     for {
       issuingKeyId <- getKeyId(jwtIssuerDID, verificationRelationship, EllipticCurve.SECP256K1)
       ecKeyPair <- managedDIDService
-        .javaKeyPairWithDID(jwtIssuerDID.asCanonical, issuingKeyId)
+        .findDIDKeyPair(jwtIssuerDID.asCanonical, issuingKeyId)
+        .flatMap {
+          case Some(keyPair: Secp256k1KeyPair) => ZIO.some(keyPair)
+          case _                               => ZIO.none
+        }
         .someOrFail(KeyPairNotFoundInWallet(jwtIssuerDID, issuingKeyId, "Secp256k1"))
         .orDieAsUnmanagedFailure
-      (privateKey, publicKey) = ecKeyPair
+      Secp256k1KeyPair(publicKey, privateKey) = ecKeyPair
       jwtIssuer = JwtIssuer(
         org.hyperledger.identus.pollux.vc.jwt.DID(jwtIssuerDID.toString),
-        ES256KSigner(privateKey, keyId),
-        publicKey
+        ES256KSigner(privateKey.toJavaPrivateKey, keyId),
+        publicKey.toJavaPublicKey
       )
     } yield jwtIssuer
   }

@@ -11,12 +11,7 @@ import org.hyperledger.identus.mercury.protocol.issuecredential.*
 import org.hyperledger.identus.pollux.anoncreds.AnoncredCredential
 import org.hyperledger.identus.pollux.core.model.*
 import org.hyperledger.identus.pollux.core.model.error.CredentialServiceError
-import org.hyperledger.identus.pollux.core.model.error.CredentialServiceError.{
-  RecordNotFound,
-  RecordNotFoundForThreadIdAndStates,
-  UnsupportedDidFormat,
-  *
-}
+import org.hyperledger.identus.pollux.core.model.error.CredentialServiceError.*
 import org.hyperledger.identus.pollux.core.model.schema.CredentialDefinition
 import org.hyperledger.identus.pollux.core.model.IssueCredentialRecord.{ProtocolState, Role}
 import org.hyperledger.identus.shared.models.{KeyId, UnmanagedFailureException, WalletAccessContext, WalletId}
@@ -57,11 +52,11 @@ object CredentialServiceImplSpec extends MockSpecDefault with CredentialServiceS
 
   private val holderManagedDIDServiceExpectations =
     MockManagedDIDService.getManagedDIDStateExpectation(holderOp)
-      ++ MockManagedDIDService.javaKeyPairWithDIDExpectation(holderKp)
+      ++ MockManagedDIDService.findDIDKeyPairExpectation(holderKp)
 
   private val issuerManagedDIDServiceExpectations =
     MockManagedDIDService.getManagedDIDStateExpectation(issuerOp)
-      ++ MockManagedDIDService.javaKeyPairWithDIDExpectation(issuerKp)
+      ++ MockManagedDIDService.findDIDKeyPairExpectation(issuerKp)
 
   private val singleWalletJWTCredentialSpec =
     suite("Single Wallet JWT Credential")(

@@ -28,7 +28,7 @@ trait VcVerificationServiceSpecHelper {
 
   protected val issuerManagedDIDServiceExpectations: Expectation[ManagedDIDService] =
     MockManagedDIDService.getManagedDIDStateExpectation(issuerOp)
-      ++ MockManagedDIDService.javaKeyPairWithDIDExpectation(issuerKp)
+      ++ MockManagedDIDService.findDIDKeyPairExpectation(issuerKp)
 
   protected val issuerDidResolverLayer: ZLayer[Any, Nothing, PrismDidResolver] = (issuerDidServiceExpectations ++
     issuerManagedDIDServiceExpectations).toLayer >>> ZLayer.fromFunction(PrismDidResolver(_))

@@ -1,5 +1,6 @@
 package org.hyperledger.identus.sharedtest.containers
 
+import jakarta.ws.rs.NotFoundException
 import org.keycloak.admin.client.Keycloak
 import org.keycloak.representations.idm.{
   ClientRepresentation,
@@ -9,15 +10,14 @@ import org.keycloak.representations.idm.{
   UserRepresentation
 }
 import zio.*
-import zio.test.TestAspect.beforeAll
-import zio.test.TestAspectAtLeastR
 
 import java.util.UUID
 import scala.jdk.CollectionConverters.*
 
 type KeycloakAdminClient = Keycloak
 
 trait KeycloakTestContainerSupport {
+
   protected val keycloakContainerLayer: TaskLayer[KeycloakContainerCustom] =
     KeycloakContainerCustom.layer
 
@@ -50,11 +50,19 @@ trait KeycloakTestContainerSupport {
   protected def initializeClient =
     for {
       adminClient <- adminClientZIO
-      _ <- ZIO.attemptBlocking(
-        adminClient
-          .realms()
-          .create(realmRepresentation)
-      )
+      _ <- ZIO
+        .attemptBlocking(
+          adminClient
+            .realm(realmName)
+            .remove()
+        )
+        .catchSome { case _: NotFoundException => ZIO.unit }
+      _ <- ZIO
+        .attemptBlocking(
+          adminClient
+            .realms()
+            .create(realmRepresentation)
+        )
       _ <- ZIO
         .attemptBlocking(
           adminClient
@@ -64,24 +72,6 @@ trait KeycloakTestContainerSupport {
         )
     } yield ()
 
-  def bootstrapKeycloakRealm = adminClientZIO.flatMap(keycloak =>
-    ZIO.attemptBlocking {
-      keycloak.realms().create(realmRepresentation)
-      keycloak.realm(realmName).clients().create(agentClientRepresentation)
-      ()
-    }
-  )
-
-  def bootstrapKeycloakRealmAspect: TestAspectAtLeastR[KeycloakAdminClient] = {
-    val run = for {
-      _ <- ZIO.log("Bootstrapping the Keycloak realm...")
-      _ <- bootstrapKeycloakRealm
-      _ <- ZIO.log("Bootstrap finished")
-    } yield ()
-
-    beforeAll(run.orDie)
-  }
-
   def createUser(username: String, password: String): RIO[KeycloakAdminClient, UserRepresentation] =
     val userRepresentation = {
       val creds = new CredentialRepresentation()

@@ -1,14 +1,13 @@
 package org.hyperledger.identus.sharedtest.containers
 
-import com.dimafeng.testcontainers.{SingleContainer, VaultContainer}
+import com.dimafeng.testcontainers.SingleContainer
 import org.testcontainers.utility.DockerImageName
 import org.testcontainers.vault.VaultContainer as JavaVaultContainer
 
 /** See PostgreSQLContainerCustom for explanation */
 class VaultContainerCustom(
     dockerImageNameOverride: DockerImageName,
     vaultToken: Option[String] = None,
-    secrets: Option[VaultContainer.Secrets] = None,
     isOnGithubRunner: Boolean = false,
     useFileBackend: Boolean = false
 ) extends SingleContainer[JavaVaultContainer[?]] {
@@ -41,9 +40,6 @@ class VaultContainerCustom(
   }
 
   if (vaultToken.isDefined) vaultContainer.withVaultToken(vaultToken.get)
-  secrets.foreach { x =>
-    vaultContainer.withSecretInVault(x.path, x.firstSecret, x.secrets*)
-  }
 
   override val container: JavaVaultContainer[?] = {
     val con = vaultContainer