agera-edc · cpeeyush · Jul 4, 2022 · Jun 22, 2022 · Jun 22, 2022 · Jun 22, 2022
diff --git a/client-cli/build.gradle.kts b/client-cli/build.gradle.kts
@@ -17,6 +17,8 @@ dependencies {
 
     api(project(":rest-client"))
     implementation("com.fasterxml.jackson.core:jackson-databind:$jacksonVersion")
+
+    testImplementation(testFixtures(project(":rest-client")))
     testImplementation("org.assertj:assertj-core:${assertj}")
     testImplementation("org.mockito:mockito-core:${mockitoVersion}")
     testImplementation("com.github.javafaker:javafaker:${faker}")

diff --git a/.../src/main/java/org/eclipse/dataspaceconnector/registration/cli/AddParticipantCommand.java b/.../src/main/java/org/eclipse/dataspaceconnector/registration/cli/AddParticipantCommand.java
@@ -31,7 +31,7 @@ class AddParticipantCommand implements Callable<Integer> {
 
     @Override
     public Integer call() {
-        command.cli.registryApiClient.addParticipant(idsUrl, command.cli.clientDid);
+        command.cli.registryApiClient.addParticipant(idsUrl);
 
         return 0;
     }

diff --git a/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/ClientUtils.java b/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/ClientUtils.java
@@ -0,0 +1,53 @@
+/*
+ *  Copyright (c) 2022 Microsoft Corporation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Microsoft Corporation - initial API and implementation
+ *
+ */
+
+package org.eclipse.dataspaceconnector.registration.cli;
+
+import org.eclipse.dataspaceconnector.iam.did.crypto.credentials.VerifiableCredentialFactory;
+import org.eclipse.dataspaceconnector.registration.client.ApiClient;
+import org.eclipse.dataspaceconnector.registration.client.ApiClientFactory;
+import org.eclipse.dataspaceconnector.spi.iam.TokenRepresentation;
+import org.eclipse.dataspaceconnector.spi.result.Result;
+import org.jetbrains.annotations.NotNull;
+
+import java.time.Clock;
+import java.util.Objects;
+
+
+public class ClientUtils {
+    private ClientUtils() {
+    }
+
+    /**
+     * Create a registration apiUrl API client configured to issue JWT tokens from the given issuer, signed by the given key.
+     *
+     * @param apiUrl API base URL.
+     * @param issuer JWT token issuer.
+     * @param privateKeyData JWT token signing key.
+     * @return configured API client.
+     */
+    @NotNull
+    public static ApiClient createApiClient(String apiUrl, String issuer, String privateKeyData) {
+        var privateKey = CryptoUtils.parseFromPemEncodedObjects(privateKeyData);
+
+        return ApiClientFactory.createApiClient(apiUrl, parameters -> {
+            var token = VerifiableCredentialFactory.create(
+                    privateKey,
+                    issuer,
+                    Objects.requireNonNull(parameters.getAudience(), "audience"),
+                    Clock.systemUTC()).serialize();
+            return Result.success(TokenRepresentation.Builder.newInstance().token(token).build());
+        });
+    }
+}
diff --git a/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/CryptoUtils.java b/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/CryptoUtils.java
@@ -0,0 +1,49 @@
+/*
+ *  Copyright (c) 2022 Microsoft Corporation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Microsoft Corporation - initial API and implementation
+ *
+ */
+
+package org.eclipse.dataspaceconnector.registration.cli;
+
+import com.nimbusds.jose.JOSEException;
+import com.nimbusds.jose.jwk.JWK;
+import com.nimbusds.jose.jwk.KeyType;
+import org.eclipse.dataspaceconnector.iam.did.crypto.key.EcPrivateKeyWrapper;
+import org.eclipse.dataspaceconnector.iam.did.spi.key.PrivateKeyWrapper;
+
+public class CryptoUtils {
+
+    /**
+     * Parses a private key from the specified string of one or more PEM-encoded objects.
+     * <p>
+     * The data must contain a PKCS#8 PrivateKeyInfo (PEM header: BEGIN PRIVATE KEY) object.
+     *
+     * @param pemEncodedObjects The string of PEM-encoded object(s).
+     * @return The wrapper for the private key.
+     * @throws IllegalArgumentException If key parsing failed, the key type is not supported, or
+     *                                  the private key is missing.
+     */
+    public static PrivateKeyWrapper parseFromPemEncodedObjects(String pemEncodedObjects) {
+        try {
+            var jwk = JWK.parseFromPEMEncodedObjects(pemEncodedObjects);
+            if (!jwk.isPrivate()) {
+                throw new IllegalArgumentException("Missing private key");
+            }
+            if (jwk.getKeyType() == KeyType.EC) {
+                return new EcPrivateKeyWrapper(jwk.toECKey());
+            }
+            throw new IllegalArgumentException("Unsupported key type: " + jwk.getKeyType());
+        } catch (JOSEException e) {
+            throw new IllegalArgumentException("Key parsing failed: " + e);
+        }
+    }
+}
diff --git a/...src/main/java/org/eclipse/dataspaceconnector/registration/cli/RegistrationServiceCli.java b/...src/main/java/org/eclipse/dataspaceconnector/registration/cli/RegistrationServiceCli.java
@@ -14,11 +14,14 @@
 
 package org.eclipse.dataspaceconnector.registration.cli;
 
-import org.eclipse.dataspaceconnector.registration.client.ApiClientFactory;
 import org.eclipse.dataspaceconnector.registration.client.api.RegistryApi;
 import picocli.CommandLine;
 import picocli.CommandLine.Command;
 
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
 @Command(name = "registration-service-cli", mixinStandardHelpOptions = true,
         description = "Client utility for MVD registration service.",
         subcommands = {
@@ -31,6 +34,9 @@ public class RegistrationServiceCli {
     @CommandLine.Option(names = "-d", required = true, description = "Client DID")
     String clientDid;
 
+    @CommandLine.Option(names = "-k", required = true, description = "File containing the private key in PEM format")
+    Path privateKeyFile;
+
     RegistryApi registryApiClient;
 
     public static void main(String... args) {
@@ -51,7 +57,13 @@ private int executionStrategy(CommandLine.ParseResult parseResult) {
     }
 
     private void init() {
-        var apiClient = ApiClientFactory.createApiClient(service);
-        registryApiClient = new RegistryApi(apiClient);
+        String privateKeyData;
+        try {
+            privateKeyData = Files.readString(privateKeyFile);
+        } catch (IOException e) {
+            throw new RuntimeException("Error reading file " + privateKeyFile, e);
+        }
+        var apiClient = ClientUtils.createApiClient(service, clientDid, privateKeyData);
+        this.registryApiClient = new RegistryApi(apiClient);
     }
 }
diff --git a/...nt-cli/src/test/java/org/eclipse/dataspaceconnector/registration/cli/ClientUtilsTest.java b/...nt-cli/src/test/java/org/eclipse/dataspaceconnector/registration/cli/ClientUtilsTest.java
@@ -0,0 +1,65 @@
+/*
+ *  Copyright (c) 2022 Microsoft Corporation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Microsoft Corporation - initial API and implementation
+ *
+ */
+
+package org.eclipse.dataspaceconnector.registration.cli;
+
+import com.github.javafaker.Faker;
+import com.nimbusds.jose.jwk.JWK;
+import com.nimbusds.jwt.SignedJWT;
+import org.eclipse.dataspaceconnector.iam.did.crypto.credentials.VerifiableCredentialFactory;
+import org.eclipse.dataspaceconnector.iam.did.crypto.key.EcPublicKeyWrapper;
+import org.eclipse.dataspaceconnector.registration.client.TestKeyData;
+import org.junit.jupiter.api.Test;
+
+import java.net.URI;
+import java.net.http.HttpRequest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class ClientUtilsTest {
+    static final Faker FAKER = new Faker();
+    static final String AUTHORIZATION = "Authorization";
+    static final String BEARER = "Bearer";
+
+    @Test
+    void createApiClient() throws Exception {
+        var apiUrl = FAKER.internet().url();
+        var issuer = FAKER.internet().url();
+        var privateKeyData = TestKeyData.PRIVATE_KEY_P256;
+        var publicKey = new EcPublicKeyWrapper(JWK.parseFromPEMEncodedObjects(TestKeyData.PUBLIC_KEY_P256).toECKey());
+
+        var requestBuilder = HttpRequest.newBuilder().uri(URI.create(randomUrl()));
+
+        var apiClient = ClientUtils.createApiClient(apiUrl, issuer, privateKeyData);
+
+        apiClient.getRequestInterceptor().accept(requestBuilder);
+
+        var httpHeaders = requestBuilder.build().headers();
+        assertThat(httpHeaders.map())
+                .containsOnlyKeys(AUTHORIZATION);
+        var authorizationHeaders = httpHeaders.allValues(AUTHORIZATION);
+        assertThat(authorizationHeaders).hasSize(1);
+        var authorizationHeader = authorizationHeaders.get(0);
+        var authHeaderParts = authorizationHeader.split(" ", 2);
+        assertThat(authHeaderParts[0]).isEqualTo(BEARER);
+        var jwt = SignedJWT.parse(authHeaderParts[1]);
+        var verificationResult = VerifiableCredentialFactory.verify(jwt, publicKey, apiUrl);
+        assertThat(verificationResult.succeeded()).isTrue();
+        assertThat(jwt.getJWTClaimsSet().getIssuer()).isEqualTo(issuer);
+    }
+
+    static String randomUrl() {
+        return "https://" + FAKER.internet().url();
+    }
+}
diff --git a/...nt-cli/src/test/java/org/eclipse/dataspaceconnector/registration/cli/CryptoUtilsTest.java b/...nt-cli/src/test/java/org/eclipse/dataspaceconnector/registration/cli/CryptoUtilsTest.java
@@ -0,0 +1,52 @@
+/*
+ *  Copyright (c) 2022 Microsoft Corporation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Microsoft Corporation - initial API and implementation
+ *
+ */
+
+package org.eclipse.dataspaceconnector.registration.cli;
+
+import org.eclipse.dataspaceconnector.registration.client.TestKeyData;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+
+class CryptoUtilsTest {
+
+    @Test
+    void parseFromPemEncodedObjects_succeeds() {
+        var keyPair = CryptoUtils.parseFromPemEncodedObjects(TestKeyData.PRIVATE_KEY_P256);
+        assertThat(keyPair.signer()).isNotNull();
+    }
+
+    @Test
+    void parseFromPemEncodedObjects_onMissingPrivateKey_fails() {
+        assertThatExceptionOfType(IllegalArgumentException.class)
+                .isThrownBy(() -> CryptoUtils.parseFromPemEncodedObjects(TestKeyData.PUBLIC_KEY_P256))
+                .withMessageContaining("Missing private key");
+    }
+
+    @Test
+    void parseFromPemEncodedObjects_onUnsupportedKeyType_fails() {
+        assertThatExceptionOfType(IllegalArgumentException.class)
+                .isThrownBy(() -> CryptoUtils.parseFromPemEncodedObjects(TestKeyData.PRIVATE_KEY_RSA))
+                .withMessageContaining("Unsupported key type: RSA");
+    }
+
+    @Test
+    void parseFromPemEncodedObjects_onKeyNotParsed_fails() {
+        var garbledPrivateKeyData = TestKeyData.PRIVATE_KEY_P256.replace('=', 'x');
+        assertThatExceptionOfType(IllegalArgumentException.class)
+                .isThrownBy(() -> CryptoUtils.parseFromPemEncodedObjects(garbledPrivateKeyData))
+                .withMessageContaining("Key parsing failed");
+    }
+}
diff --git a/...rc/test/java/org/eclipse/dataspaceconnector/registration/cli/ParticipantsCommandTest.java b/...rc/test/java/org/eclipse/dataspaceconnector/registration/cli/ParticipantsCommandTest.java
@@ -17,14 +17,18 @@
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.javafaker.Faker;
+import org.eclipse.dataspaceconnector.registration.client.TestKeyData;
 import org.eclipse.dataspaceconnector.registration.client.api.RegistryApi;
 import org.eclipse.dataspaceconnector.registration.client.models.Participant;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import picocli.CommandLine;
 
 import java.io.PrintWriter;
 import java.io.StringWriter;
+import java.nio.file.Files;
+import java.nio.file.Path;
 import java.util.List;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -37,6 +41,7 @@ class ParticipantsCommandTest {
 
     static final Faker FAKER = new Faker();
     static final ObjectMapper MAPPER = new ObjectMapper();
+    static Path privateKeyFile;
 
     Participant participant1 = createParticipant();
     Participant participant2 = createParticipant();
@@ -48,6 +53,13 @@ class ParticipantsCommandTest {
     CommandLine cmd = new CommandLine(app);
     StringWriter sw = new StringWriter();
 
+    @BeforeAll
+    static void setUpClass() throws Exception {
+        privateKeyFile = Files.createTempFile("test", ".pem");
+        privateKeyFile.toFile().deleteOnExit();
+        Files.writeString(privateKeyFile, TestKeyData.PRIVATE_KEY_P256);
+    }
+
     @BeforeEach
     void setUp() {
         app.registryApiClient = mock(RegistryApi.class);
@@ -77,12 +89,13 @@ void add() {
 
         assertThat(exitCode).isEqualTo(0);
         assertThat(serverUrl).isEqualTo(app.service);
-        verify(app.registryApiClient).addParticipant(idsUrl, did);
+        verify(app.registryApiClient).addParticipant(idsUrl);
     }
 
     private int executeParticipantsAdd(String idsUrl) {
         return cmd.execute(
                 "-d", did,
+                "-k", privateKeyFile.toString(),
                 "-s", serverUrl,
                 "participants", "add",
                 "--ids-url", idsUrl);
@@ -91,6 +104,7 @@ private int executeParticipantsAdd(String idsUrl) {
     private int executeParticipantsList() {
         return cmd.execute(
                 "-d", did,
+                "-k", privateKeyFile.toString(),
                 "-s", serverUrl,
                 "participants", "list");
     }

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,9 +7,17 @@ services:
       args:
         JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005"
     environment:
-      EDC_API_AUTH_KEY: ApiKeyDefaultValue
+      JWT_AUDIENCE: http://localhost:8182/authority
+      EDC_IAM_DID_WEB_USE_HTTPS: false
       WEB_HTTP_AUTHORITY_PORT: 8182
       WEB_HTTP_AUTHORITY_PATH: /authority
     ports:
       - "8182:8182"
       - "5005:5005"
+  did-server:
+    container_name: did-server
+    image: nginx
+    volumes:
+     - ./resources/webdid:/usr/share/nginx/html
+    ports:
+     - "8080:80"