Merge branch trusted-content-resolver:main into main

.gitignore

@@ -44,3 +44,10 @@ server/logs/
 
 ### js ###
 **/node_modules
+
+### py ###
+*.egg-info
+.coverage
+
+## TRAIN specific ##
+/clients/java/all_dependent_jars/

.gitlab-ci.yml

@@ -8,7 +8,7 @@ variables:
   MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
 
 # This template uses jdk8 for verifying and deploying images
-image: maven:3.9.0-eclipse-temurin-17
+image: maven:3.9-eclipse-temurin-21
 
 # Cache downloaded dependencies and plugins between builds.
 # To keep cache across branches add 'key: "$CI_JOB_NAME"'
@@ -26,19 +26,26 @@ stages:
   stage: test
   script:
     - 'mvn $MAVEN_CLI_OPTS verify'
-  except:
-    variables:
-      - $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+  artifacts:
+    when: always
+    reports:
+      junit:
+        - clients/java/target/surefire-reports/TEST-*.xml
+        - service/target/surefire-reports/TEST-*.xml
+#  except:
+#    variables:
+#      - $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+
 
-# Verify merge requests using JDK17
-verify:jdk17:
+# Verify merge requests using JDK
+verify:jdk:
   <<: *verify
 
 # To deploy packages from CI, create a ci_settings.xml file
 # For deploying packages to GitLab's Maven Repository: See https://docs.gitlab.com/ee/user/packages/maven_repository/index.html#create-maven-packages-with-gitlab-cicd for more details.
 # Please note: The GitLab Maven Repository is currently only available in GitLab Premium / Ultimate.
 # For `master` branch run `mvn deploy` automatically.
-deploy:jdk17:
+deploy:jdk:
   stage: deploy
   script:
     - 'mvn $MAVEN_CLI_OPTS package jib:build -am'

Makefile

+ansible:
+	ansible-playbook ansible.playbook.yml --connection=local -i localhost,

ansible.playbook.yml

-# ansible-playbook ansible.playbook.yml --connection=local -i localhost, #--tags=macos --extra-vars "custom_shell_config=.profile.ada.sh"
-- name: trusted_content_resolver
+- name: trusted-content-resolver
   hosts: all
   vars:
-    custom_shell_config: "{{ lookup('ansible.builtin.env', 'CUSTOM_SHELL_CONFIG') }}"
+    custom_shell_config: "{{ lookup('ansible.builtin.env', 'CUSTOM_SHELL_CONFIG', default='.bash_profile') }}"
   tasks:
-    - name: Set _found_shell_config to the first existing file, raising an error if a file is not found
-      ansible.builtin.set_fact:
-        _found_shell_config_file: "{{ lookup('ansible.builtin.first_found', findme) }}"
-      vars:
-        findme:
-          - "{{ ansible_env.HOME }}/{{ custom_shell_config }}"
-          - "{{ ansible_env.HOME }}/.bash_profile"
-          - "{{ ansible_env.HOME }}/.zshrc"
-          - "{{ ansible_env.HOME }}/.profile"
-          - "{{ ansible_env.HOME }}/.bashrc"
+
+    - include_tasks: "./clients/go/ansible.playbook.yml"
       tags:
-        - java
         - go
+
+    - include_tasks: "./clients/java/ansible.playbook.yml"
+      tags:
+        - java
+
+    - include_tasks: "./clients/js/ansible.playbook.yml"
+      tags:
         - js
-        - py
 
-    - include_tasks: './clients/go/ansible.playbook.yml'
-      tags: ['go']
-    - include_tasks: './clients/java/ansible.playbook.yml'
-      tags: ['java']
-    - include_tasks: './clients/js/ansible.playbook.yml'
-      tags: ['js']
-    - include_tasks: './clients/py/ansible.playbook.yml'
-      tags: ['py']
+    - include_tasks: "./clients/py/ansible.playbook.yml"
+      tags:
+        - py

api/pom.xml

@@ -38,8 +38,8 @@
                 <groupId>org.openapitools</groupId>
                 <artifactId>openapi-generator-maven-plugin</artifactId>
                 <configuration>
-                    <generateApis>false</generateApis>					
-		</configuration>
+                    <generateApis>false</generateApis>
+		        </configuration>
                 <executions>
                     <execution>
                         <id>generate-trusted-content-resolver-api</id>

bdd/.gitignore

+/example/clients/java/*.java
+/example/clients/py/*.py
+/example/clients/go/*.go
+/example/clients/js/*.js

bdd/Makefile

+# see https://makefiletutorial.com/
+
+SHELL := /bin/bash -eu -o pipefail
+PYTHON_3 ?= python3
+PYTHON_D ?= /opt/python.d
+SOURCE_PATHS := "src/train_bdd"
+CMD_SELENIUM := train_bdd.selenium # :: NOT Implemented yet
+
+VENV_PATH_DEV := $(PYTHON_D)/dev/train/bdd
+VENV_PATH_PROD := $(PYTHON_D)/prod/train/bdd
+
+setup_dev: $(VENV_PATH_DEV)
+
+
+$(VENV_PATH_DEV):
+	$(PYTHON_3) -m venv $(VENV_PATH_DEV)
+	"$(VENV_PATH_DEV)/bin/pip" install -U pip wheel
+	"$(VENV_PATH_DEV)/bin/pip" install -e ".[dev]"
+
+setup_prod: $(VENV_PATH_PROD)
+
+$(VENV_PATH_PROD):
+	$(PYTHON_3) -m venv $(VENV_PATH_PROD)
+	"$(VENV_PATH_PROD)/bin/pip" install -U pip wheel
+	"$(VENV_PATH_PROD)/bin/pip" install .
+
+isort:
+	"$(VENV_PATH_DEV)/bin/isort" $(SOURCE_PATHS) tests
+
+pylint:
+	"$(VENV_PATH_DEV)/bin/pylint" $(SOURCE_PATHS) tests
+
+coverage_run:
+	"$(VENV_PATH_DEV)/bin/coverage" run -m pytest -m "not integration"
+
+coverage_report:
+	"$(VENV_PATH_DEV)/bin/coverage" report
+
+mypy:
+	"$(VENV_PATH_DEV)/bin/mypy" $(SOURCE_PATHS)
+
+code_check: \
+	setup_dev \
+	isort \
+	pylint \
+	coverage_run coverage_report \
+	mypy
+
+run_selenium: setup_prod
+	source "$(VENV_PATH_PROD)/bin/activate" && $(CMD_SELENIUM)
+
+run_bdd_prod: setup_prod
+	source "$(VENV_PATH_PROD)/bin/activate" && behave
+
+run_bdd_dev: setup_dev
+	source "$(VENV_PATH_DEV)/bin/activate" && behave
+
+clean_dev:
+	rm -rfv  "$(VENV_PATH_DEV)"
+
+clean_prod:
+	rm -rfv  "$(VENV_PATH_PROD)"
+
+activate_env_prod:
+	@echo "source \"$(VENV_PATH_PROD)/bin/activate\""
+
+activate_env_dev:
+	@echo "source \"$(VENV_PATH_DEV)/bin/activate\""
+
+start-trusted-content-resolver-server-in-debug-mode:
+	mvn -f ../pom.xml clean install
+	mvn -f ../service/pom.xml spring-boot:run -Dmaven.surefire.debug
+
+pre-setup:
+	cd ../docker && docker compose --env-file unires.env -f uni-resolver-web.yml up -d
+	cd ../docker && docker compose up -d

bdd/env.andrei.danciuc.sh

+#!/bin/env bash
+
+export TRAIN_TRUST_CONTENT_RESOLVER_HOST="http://localhost:8887"
+source TRAIN_TRUST_CONTENT_RESOLVER_CLIENT_PY_VENV="/opt/python.d/dev/train/trusted_content_resolver_client"
+source TRAIN_TRUST_CONTENT_RESOLVER_CLIENT_JAVA_TARGET="/Users/A200084132/a-train/andrei.danciuc/trusted-content-resolver/clients/java/target/"

bdd/env.sample.sh

+#!/bin/env bash
+
+export TRAIN_TRUST_CONTENT_RESOLVER_HOST="http://localhost:8887"
+source TRAIN_TRUST_CONTENT_RESOLVER_CLIENT_PY_VENV="/opt/python.d/dev/train/trusted_content_resolver_client"
+source TRAIN_TRUST_CONTENT_RESOLVER_CLIENT_JAVA_TARGET="/Users/app/trusted-content-resolver/clients/java/target/"

bdd/example/clients/README.rst

+Real or templated examples for Client Implementation.

bdd/example/clients/go/trust_content_resolver_example.go.j2

+// go list ... | grep 'a'
+
+import "eu.xfsc.train.tcr.client.ResolveServiceClient"

bdd/example/clients/java/TrustContentResolverExample.java.j2

+// mvn dependency:copy-dependencies -DoutputDirectory=all_dependent_jars
+// java --class-path="all_dependent_jars/*.jar:" TrustContentResolverExample.java
+
+import java.util.List;
+import eu.xfsc.train.tcr.client.ResolveServiceClient;
+import eu.xfsc.train.tcr.api.generated.model.ResolveResult;
+
+class TrustContentResolverExample {
+
+    public static void main(String args[])
+    {
+        System.out.println("result");
+        ResolveServiceClient client = new ResolveServiceClient("some-baseUrl", "some-jwt");
+        List<ResolveResult> result = client.resolveTrustList(
+           "{{ did }}",
+            "{{ trust_framework_pointers[0] }}",
+            null
+        );
+        System.out.println(result.size());
+    }
+}

bdd/example/clients/java/run_java_example.sh

+#!/usr/bin/env bash
+
+set -eu -o pipefail
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+cd $SCRIPT_DIR/../../../../clients/java
+
+## Collect all jars dependencies into single folder
+test !-d all_dependent_jars && mvn dependency:copy-dependencies -DoutputDirectory=all_dependent_jars -q
+
+## Collect jars into CLASSPATH
+CLASSPATH_="$(pwd)/target/trusted-content-resolver-java-client-1.0.0-SNAPSHOT.jar"
+for i in $(pwd)/all_dependent_jars/*.jar; do CLASSPATH_=$CLASSPATH_:$i; done
+
+## Execute example script
+java -cp $CLASSPATH_ $SCRIPT_DIR/TrustContentResolverExample.java

bdd/example/clients/js/trust_content_resolver_example.js.j2

+// npm list -g 'a'
+
+const ResolveServiceClient = require("eu.xfsc.train.tcr.client.ResolveServiceClient");

bdd/example/clients/py/trust_content_resolver_example.py.j2

+from trusted_content_resolver_client.resolve_service_client import resolve_trust_list
+
+if __name__ == '__main__':
+    print(resolve_trust_list(
+        trust_framework_pointers={{ trust_framework_pointers }},
+        did="{{ did }}"
+    ))

bdd/example/service/README.rst

+Real or templated examples for Server Implementation.

bdd/features/01 DNS Zone Manager.feature

+Feature:  Publishing the Trust Framework and the DID in the DNS Zone file
+
+  Background: fully environment setup
+
+    Given that the Notary Connector (API) is online
+    And the DNS-Server is running (NSD & KNOT DNS-Server)
+    And The DNS entry is configured
+    And DNSSEC is configured
+
+  Scenario: 00024-A1_A create request of trust framework is successfully reflected in the SQLite storage and DNS Zone file (200)
+
+    Given the fully environment setup
+    When the Notary has sent a create request of trust framework via the Notary Connector (API)
+    And the Trust Framework has been created in the Trust List Provisioning Domain
+    Then the Trust Framework is reflected as a PTR record in the DNS Zone Manager SQLite DataBase Zone file
+    And the DID corresponding to the Trust Framework is published as URI records in the DNS Zone Manager SQLite DataBase Zone file
+
+  Scenario: 00024-A1_2_An update request of trust framework is successfully reflected in the SQLite storage and DNS Zone File (200)
+
+    Given the fully environment setup
+    When the Notary has sent an update request of trust framework via the Notary Connector (API)
+    And the updated Trust Framework has been published in the Trust List Provisioning Domain
+    Then the Trust Framework update is reflected as a PTR record in the DNS Zone Manager SQLite DataBase Zone file
+    And the DID corresponding to the Trust Framework is published as URI records in the DNS Zone Manager SQLite DataBase Zone file
+    And the Zone file is resigned based on DNSSEC for every new update
+
+  Scenario: 00024-A3_A wrong context leads to an exception (400)
+
+    Given the fully environment setup
+    When the context of the Notary request is wrong
+    Then the request leads to an exception (400)
+    And an audit entry is created
+
+  Scenario: 00024-A4_A missing data leads to an exception (404)
+
+    Given the fully environment setup
+    When the Notary request has some missing data
+    Then the request leads to an exception (404)
+    And an audit entry is created
+
+  Scenario: 00024-A5_An error is provided if a record is in progress by the operator
+ #low priority
+  @manual
+    Given the fully environment setup
+    And an update or create record is still in progress by the operator
+    When a next create/update request of trust framework is sent
+    Then an error `409 Conflict` is provided
\ No newline at end of file

bdd/features/02 Trust List Management.feature

+Feature: Trust List Management
+  allow CRUD (create, read, update, delete) operations on the trust list at the Trusted Data Store
+
+  Scenario: 00015-A1_A request update has been successfully reflected in the trust list (200)
+    Given fully environment setup
+      And a trust list at the Trusted Data Store
+     When the Notary sends an update request of trust list via the Notary Connector (API)
+     Then a request update is reflected in the trust list (200)
+
+    When in create operation
+    Then a new trust list entry is created
+
+    When in read operation
+
+    Then trust list is referenced by name `endpoint/federation1.test.train.trust-scheme.de`
+    # e.g. https://tspa.trust-scheme.de/tspa_train_domain/api/v1/scheme/federation1.test.train.trust-scheme.de
+
+    When in update operation
+    Then the requested change is reflected in trust list
+
+    When in delete operation
+    Then the trust list entry of the entity is deleted from the list
+
+    Given client rust client installed
\ No newline at end of file

bdd/features/03 Trust Framework Configuration.feature

+Feature: Creation of trust frameworks
+  creation and configuration of DIDs with well-known did configurations
+  instantiation of trust lists, the envelopment of trust lists in Verifiable Credentials
+  with proof and configuring the enveloped VCs in the service end point of DID Documents
+
+  Background: fully environment setup
+
+    Given that the Notary Connector (API) is online
+    And the DNS-Server is running
+    And the DID Resolver is running
+
+  Scenario: 00014-A1_1_A create request of trust framework is successfully reflected in the DNS Zone File (200)
+
+    Given the fully environment setup
+    When the Notary sends a create request of trust framework via the Notary Connector (API)
+    Then the Trust Framework is created in the Trust List Provisioning Domain
+    And the Trust Framework is reflected as a PTR record in the DNS Zone Manager (Zone File 200)
+    And the DID is enrolled as a URI RR mapped with corresponding Trust Framework
+
+  Scenario: 00014-A1_2_An update request of trust framework is successfully reflected in the DNS Zone File (200)
+
+    Given the fully environment setup
+    When the Notary sends an update request of trust framework via the Notary Connector (API)
+    Then the updated Trust Framework is published in the Trust List Provisioning Domain
+    And the Trust Framework is reflected as a PTR record in the DNS Zone Manager (Zone File 200)
+    And the DID is enrolled as a URI RR mapped with corresponding Trust Framework
+
+  Scenario: 00014-A2_An instantiation of a trust list is reflected in the trust list storage with possibility to retrieve via API endpoints
+
+    Given the fully environment setup
+    When the Notary sends a create request of Trust List via the Notary Connector (API)
+    Then a Trust List is published in storage (Web Server or IPFS) with retrievable API endpoint in the Trust List Provisioning Domain
+
+  Scenario: 00014-A3_Creation of a Verifiable Credential (VC) is allowed with ability to sign the credential
+
+    Given the fully environment setup
+    When the DID is enrolled via the Notary Connector (API) as a URI RR mapped with corresponding Trust Framework
+    Then a DID Document is created for the DID and stored on a https URL resource
+    And the DID document defines a Service End Point with the URI to a VC
+    Then the VC (e.g. "VC_1") is created so that it can be resolved via the URI in the DID Document
+    And the "VC_1" contains the URI to resolve the Trust List
+    And the "VC_1" is signed so that it can be validated with the public key from the DID Document
+
+  Scenario: 00014-A4_A wrong context leads to an exception (400)
+
+    Given the fully environment setup
+    When the context of the Notary request is wrong
+    Then the request leads to an exception (400)
+    And an audit entry is created
+
+  Scenario: 00014-A5_A missing data leads to an exception (404)
+
+    Given the fully environment setup
+    When the Notary request has some missing data
+    Then the request leads to an exception (404)
+    And an audit entry is created
+
+  Scenario: 00014-A6_An error is provided if a record is in progress by the operator
+ #low priority
+  @manual
+    Given the fully environment setup
+    And an update or create record is still in progress by the operator
+    When a next create/update request of trust framework is sent
+    Then an error `409 Conflict` is provided
+
+  Scenario: 00014-A7_Should be able to reference Trust Frameworks from other Domains
+
+    Given the fully environment setup
+    When a Trust Framework DNS entry (_scheme._trust.federation1.com) contains several PTR RRs (PTR RR_1,PTR RR_2,PTR RR_3)
+    Then each PTR RR points to a DNS entry where the location of a trust list can be found, in a URI RR
+    And the PTR RRs allows one Trust Framework to point to several trust lists from other Domains
\ No newline at end of file