diff --git a/extensions/README.md b/extensions/README.md index 94b5d147e43..6c0f968a74e 100644 --- a/extensions/README.md +++ b/extensions/README.md @@ -42,7 +42,6 @@ - [Local](common/transaction/transaction-local/) - Vault - [Azure](common/vault/vault-azure/) - - [Filesystem](common/vault/vault-filesystem/) - [HashiCorp](common/vault/vault-hashicorp/) - Control Plane - [Management API](control-plane/api/management-api/) diff --git a/extensions/common/iam/oauth2/oauth2-daps/build.gradle.kts b/extensions/common/iam/oauth2/oauth2-daps/build.gradle.kts index 84f550af075..3cad7f9ac35 100644 --- a/extensions/common/iam/oauth2/oauth2-daps/build.gradle.kts +++ b/extensions/common/iam/oauth2/oauth2-daps/build.gradle.kts @@ -21,7 +21,6 @@ dependencies { api(project(":spi:common:oauth2-spi")) testImplementation(project(":core:common:connector-core")) - testImplementation(project(":extensions:common:vault:vault-filesystem")) testImplementation(project(":extensions:common:iam:oauth2:oauth2-core")) testImplementation(project(":core:common:junit")) testImplementation(libs.testcontainers.junit) diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/DapsIntegrationTest.java b/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/DapsIntegrationTest.java index 6b725e84487..67a8fba5215 100644 --- a/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/DapsIntegrationTest.java +++ b/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/DapsIntegrationTest.java @@ -39,9 +39,10 @@ @ComponentTest class DapsIntegrationTest { + public static final String CLIENT_CERTIFICATE_ALIAS = "1"; + public static final String CLIENT_PRIVATE_KEY_ALIAS = "2"; private static final String AUDIENCE_IDS_CONNECTORS_ALL = "idsc:IDS_CONNECTORS_ALL"; private static final String CLIENT_ID = "68:99:2E:D4:13:2D:FD:3A:66:6B:85:DE:FB:98:2E:2D:FD:E7:83:D7"; - private static final String CLIENT_KEYSTORE_KEY_ALIAS = "1"; private static final String CLIENT_KEYSTORE_PASSWORD = "1234"; private final Path resourceFolder = findBuildRoot().toPath().resolve("extensions/common/iam/oauth2/oauth2-daps/src/test/resources"); @@ -88,8 +89,8 @@ protected void before(EdcExtension extension) { "edc.oauth.provider.audience", AUDIENCE_IDS_CONNECTORS_ALL, "edc.oauth.endpoint.audience", AUDIENCE_IDS_CONNECTORS_ALL, "edc.oauth.provider.jwks.url", dapsUrl + jwksPath, - "edc.oauth.certificate.alias", CLIENT_KEYSTORE_KEY_ALIAS, - "edc.oauth.private.key.alias", CLIENT_KEYSTORE_KEY_ALIAS, + "edc.oauth.certificate.alias", CLIENT_CERTIFICATE_ALIAS, + "edc.oauth.private.key.alias", CLIENT_PRIVATE_KEY_ALIAS, "edc.iam.token.scope", "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL" )); } diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/VaultSeedExtension.java b/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/VaultSeedExtension.java new file mode 100644 index 00000000000..d8d80cda3e6 --- /dev/null +++ b/extensions/common/iam/oauth2/oauth2-daps/src/test/java/org/eclipse/edc/iam/oauth2/daps/VaultSeedExtension.java @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation + * + */ + +package org.eclipse.edc.iam.oauth2.daps; + +import org.eclipse.edc.junit.testfixtures.TestUtils; +import org.eclipse.edc.runtime.metamodel.annotation.Inject; +import org.eclipse.edc.spi.security.Vault; +import org.eclipse.edc.spi.system.ServiceExtension; +import org.eclipse.edc.spi.system.ServiceExtensionContext; + +import static org.eclipse.edc.iam.oauth2.daps.DapsIntegrationTest.CLIENT_CERTIFICATE_ALIAS; +import static org.eclipse.edc.iam.oauth2.daps.DapsIntegrationTest.CLIENT_PRIVATE_KEY_ALIAS; + +public class VaultSeedExtension implements ServiceExtension { + + @Inject + private Vault vault; + + @Override + public void initialize(ServiceExtensionContext context) { + var certificate = TestUtils.getResourceFileContentAsString("certificate.pem"); + var privateKey = TestUtils.getResourceFileContentAsString("privatekey.pem"); + vault.storeSecret(CLIENT_CERTIFICATE_ALIAS, certificate); + vault.storeSecret(CLIENT_PRIVATE_KEY_ALIAS, privateKey); + } +} diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension new file mode 100644 index 00000000000..1d3d2812785 --- /dev/null +++ b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -0,0 +1 @@ +org.eclipse.edc.iam.oauth2.daps.VaultSeedExtension \ No newline at end of file diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/certificate.pem b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/certificate.pem new file mode 100644 index 00000000000..4b9fc86a113 --- /dev/null +++ b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/certificate.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDazCCAlOgAwIBAgIUKLpU2zUcd6PlJQ90Jt2WbdG/kxgwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMTExMjIwODA1NTJaFw0zMTEx +MjAwODA1NTJaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw +HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDq4RvLUrLw6tfY5/8Wz6QmG93Gyagbwvr4Y5nXXfMf +lKwAyV6FbxIXp2KnguuXq4wEAss0D3CHbRoSG6Wwur46gigDSaFZIqKKog1dXXaa +2GopTyptAUTedLPD2k5ZeyrU6kRqdOkOj0N1IqrqqrBSSs57zIFz7U86TUEx13+x +FrzpfkiToSPACpvHX4TSs+6bLOnImfqlGghh4lmq22RgRoUFqGa0IrLY1tARsr7g +lcxKWt1VdnudXGA32HL3QIAfTvhitbw4R3068s+wswCpkW98MjHogSR+6x3YvQI/ +gkiyZn5/5jWxrlbOwaFMB5xNkuSd5UnE4PAiaDVUNNprAgMBAAGjUzBRMB0GA1Ud +DgQWBBRomS7UEy39OmZrhd77mC4t/eeD1zAfBgNVHSMEGDAWgBRomS7UEy39OmZr +hd77mC4t/eeD1zAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBj +KgRXg+6rJih1ENc7y2xKKoGS8GvLCAKp9KmRer3nycaqR/2YmOqAatyFKscW4FCh +s/WIel/L+8SEJSsaAXnfcjk5R18qbxFGY74z25Pbdxskq0WEWrxCVDL4jrPOSFIw +9rY4Ym6rtaPUrelcXpvNuaCSDDVlZt9R7BGncwU0sZCIHtxKnMQklnNhQ2ppRq/e +loVCvuYHS6aTG+QSj5Fejqmazgagf94yRdhQuO0HSCjU/PFyUmthCUGVGGGjcjfT +QookwrHG0TIlXkCCgVcQF+7W6g8MnxJD7JxFDM0LfmKjzx1AstY/Hv6W0JHBaSUm +96sClTHVKuOjc8ox80Oo +-----END CERTIFICATE----- diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/empty-vault.properties b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/empty-vault.properties deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/keystore.p12 b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/keystore.p12 deleted file mode 100644 index 9c6de06e27a..00000000000 Binary files a/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/keystore.p12 and /dev/null differ diff --git a/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/privatekey.pem b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/privatekey.pem new file mode 100644 index 00000000000..7742994cbd7 --- /dev/null +++ b/extensions/common/iam/oauth2/oauth2-daps/src/test/resources/privatekey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDq4RvLUrLw6tfY +5/8Wz6QmG93Gyagbwvr4Y5nXXfMflKwAyV6FbxIXp2KnguuXq4wEAss0D3CHbRoS +G6Wwur46gigDSaFZIqKKog1dXXaa2GopTyptAUTedLPD2k5ZeyrU6kRqdOkOj0N1 +IqrqqrBSSs57zIFz7U86TUEx13+xFrzpfkiToSPACpvHX4TSs+6bLOnImfqlGghh +4lmq22RgRoUFqGa0IrLY1tARsr7glcxKWt1VdnudXGA32HL3QIAfTvhitbw4R306 +8s+wswCpkW98MjHogSR+6x3YvQI/gkiyZn5/5jWxrlbOwaFMB5xNkuSd5UnE4PAi +aDVUNNprAgMBAAECggEAek/feXIHXQ3ueTXW0LowcOfyBaLduBdBOjgj1NNH2BpD +t+UlI7dDZK314eV7afAbabtKtkGUB/H4sZVUI0Qb67v7ujqNmy0+F5NsAkK5kMlB +/2EKZtlSU8XSFxuH0XEiTN3x4r4e30YbitQSzUE1sKTkAfPtNcFOkL3KRXpDNKPz +I7KkJM7/Z7f2uzX70p/kTwAYksPNsKJZHyHCHk/l0kBDA37/MRRrM8a8qmBp/l22 +wgmwPjGjTU3KLAjsIxVvQQzV6/EV1H+wHlgHDxj9DcSqmrwJv7MuiIakpxntemfp +Ps5PQqnJbO4Jt9foR8V3ok1+zry9c8DorsbzYd1CgQKBgQD7f5VG1BLh5XHykB8/ +Fr8qrji465PCYllrdIgNR1toPKqc/+IRsVMAZoXyG5NlT+G6Jp1uI6eeKk0aPYnP +83vuaU2xgFPJMKIb2ufF2iLybTckST0KJUH4EaeJ/wTjhXvS6wSNkZZPyhXs2LzU +O2r/oey3cQv1DyMiVTTRGd9BFwKBgQDvFV+lhJpY95XphaXgIj6GXUIlcKyur5vv +IP/LfO3FZPk9zsqDN7ZmpzrHv+VZGCWR9iEnH8qIe+7P7PY93m4jXXXiALHeWEHZ +phKt2a7PLNt9uz/F+rfs+BY7SyXIZpJf4pH2kIJ0jnxHl26JYHDt/CSq+6y2ZsgI +QMgUG/b9zQKBgQDKRlTjgJInSYkaFDxtW3gpdbJ9WEuhHcTZngIG3AtyjMiUOWGz +5TDis5KrpO4pn9PnCkO4X8jidxdIMZJzxFs650rrplC9EfZv/OJIyScuYBTnhFgp +nsmuIVTksk1WSPfMLeWdjyibx+dWdQN6lsd6Dtv6tlttn90cMfem7e4XxQKBgByL +z8TChW9T+HlOdNTDIfYHEovH3UZqP1MY/JG+U+F6weuoUjPCpiuxkeohtm+h23KH +EcRLHnKXYZc/8tLGSR493YJjlNk4bnxfQOGzGRUxhO+JOP8ZhXZs1LK1sUgxPw7l +zYnEDV9/V8Vwhkku060GqxYjQKbytLWPjpQgFqiNAoGAdRZumtaUu1NZ3agKLNdJ +F7CCExrwPWA01U2QT+c/fi1BZppy+tFxBUx8I7dIm/72I3Dxe4wjcyztC71E0ZcJ +6EKRNjNspzJEo2cvhl17HpLfWPfwHMSbyajjXzsiZAmynM+1gDgR/OdvoSm734RK +6qFiMzfjNG4FjMcKmwEoNn8= +-----END PRIVATE KEY----- diff --git a/extensions/common/vault/vault-filesystem/build.gradle.kts b/extensions/common/vault/vault-filesystem/build.gradle.kts deleted file mode 100644 index b3fcb71f9b7..00000000000 --- a/extensions/common/vault/vault-filesystem/build.gradle.kts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * - */ - -plugins { - `java-library` -} - -dependencies { - api(project(":spi:common:core-spi")) - implementation(project(":spi:common:keys-spi")) - implementation(project(":core:common:lib:keys-lib")) - implementation(project(":core:common:lib:util-lib")) - implementation(libs.bouncyCastle.bcpkixJdk18on) - - testImplementation(libs.nimbus.jwt) - testImplementation(libs.bouncyCastle.bcprovJdk18on) - testImplementation(project(":core:common:connector-core")) -} - - diff --git a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsCertificateResolver.java b/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsCertificateResolver.java deleted file mode 100644 index 812c981c9ca..00000000000 --- a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsCertificateResolver.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.eclipse.edc.keys.spi.CertificateResolver; -import org.eclipse.edc.spi.EdcException; - -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; - -/** - * Resolves an X509 certificate from a JKS keystore. - */ -public class FsCertificateResolver implements CertificateResolver { - protected Map certCache = new HashMap<>(); - - /** - * Constructor. - * - * @param keyStore the keystore - */ - public FsCertificateResolver(KeyStore keyStore) { - try { - Enumeration iter = keyStore.aliases(); - while (iter.hasMoreElements()) { - String alias = iter.nextElement(); - if (!keyStore.isKeyEntry(alias)) { - continue; - } - Certificate certificate = keyStore.getCertificate(alias); - if (certificate instanceof X509Certificate) { - certCache.put(alias, (X509Certificate) certificate); - } - } - } catch (GeneralSecurityException e) { - throw new EdcException(e); - } - } - - @Override - public X509Certificate resolveCertificate(String id) { - return certCache.get(id); - } -} diff --git a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsVault.java b/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsVault.java deleted file mode 100644 index 61e57bff53e..00000000000 --- a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsVault.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.eclipse.edc.spi.EdcException; -import org.eclipse.edc.spi.result.Result; -import org.eclipse.edc.spi.security.Vault; -import org.jetbrains.annotations.Nullable; - -import java.io.IOException; -import java.io.Writer; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; -import java.util.Properties; -import java.util.concurrent.atomic.AtomicReference; - -/** - * Implements a vault backed by a properties file. - */ -public class FsVault implements Vault { - private final AtomicReference> secrets = new AtomicReference<>(new HashMap<>()); - private final Path vaultFile; - private final boolean persistent; - - public FsVault(Path vaultFile, boolean persistent) { - this.persistent = persistent; - this.vaultFile = vaultFile; - loadSecretFile(); - } - - @Override - public @Nullable - String resolveSecret(String key) { - return Optional.of(secrets) - .map(AtomicReference::get) - .map(s -> s.get(key)) - .orElseGet(() -> { - loadSecretFile(); - return secrets.get().get(key); - }); - } - - @Override - public synchronized Result storeSecret(String key, String value) { - var newSecrets = new HashMap<>(secrets.get()); - newSecrets.put(key, value); - var properties = new Properties(); - properties.putAll(newSecrets); - if (persistent) { - try (Writer writer = Files.newBufferedWriter(vaultFile)) { - properties.store(writer, null); - } catch (IOException e) { - return Result.failure(e.getMessage()); - } - } - secrets.set(newSecrets); - return Result.success(); - } - - @Override - public Result deleteSecret(String key) { - var newSecrets = new HashMap<>(secrets.get()); - newSecrets.remove(key); - var properties = new Properties(); - properties.putAll(newSecrets); - if (persistent) { - try (Writer writer = Files.newBufferedWriter(vaultFile)) { - properties.store(writer, null); - } catch (IOException e) { - return Result.failure(e.getMessage()); - } - } - secrets.set(newSecrets); - return Result.success(); - } - - private void loadSecretFile() { - try (var stream = Files.newInputStream(this.vaultFile)) { - var properties = new Properties(); - properties.load(stream); - for (var name : properties.stringPropertyNames()) { - secrets.get().put(name, properties.getProperty(name)); - } - } catch (IOException e) { - throw new EdcException(e); - } - } -} diff --git a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsVaultExtension.java b/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsVaultExtension.java deleted file mode 100644 index e16f82e150f..00000000000 --- a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/FsVaultExtension.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.eclipse.edc.runtime.metamodel.annotation.BaseExtension; -import org.eclipse.edc.runtime.metamodel.annotation.Extension; -import org.eclipse.edc.runtime.metamodel.annotation.Provider; -import org.eclipse.edc.runtime.metamodel.annotation.Setting; -import org.eclipse.edc.spi.EdcException; -import org.eclipse.edc.spi.security.Vault; -import org.eclipse.edc.spi.system.ServiceExtension; -import org.eclipse.edc.spi.system.ServiceExtensionContext; - -import java.nio.file.Files; -import java.nio.file.Paths; - -/** - * Bootstraps the file system-based vault extension. - */ -@BaseExtension -@Extension(value = FsVaultExtension.NAME) -public class FsVaultExtension implements ServiceExtension { - - @Setting - static final String VAULT_LOCATION = "edc.vault"; - - @Setting - static final String PERSISTENT_VAULT = "edc.vault.persistent"; - - public static final String NAME = "FS Vault"; - - - @Override - public String name() { - return NAME; - } - - - @Provider - public Vault vault(ServiceExtensionContext context) { - var vaultLocation = context.getSetting(VAULT_LOCATION, "dataspaceconnector-vault.properties"); - var vaultPath = Paths.get(vaultLocation); - if (!Files.exists(vaultPath)) { - throw new EdcException("Vault file does not exist: " + vaultLocation); - } - var persistentVault = context.getSetting(PERSISTENT_VAULT, true); - return new FsVault(vaultPath, persistentVault); - } - - -} diff --git a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/JksPrivateKeyResolver.java b/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/JksPrivateKeyResolver.java deleted file mode 100644 index c7c135b8756..00000000000 --- a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/JksPrivateKeyResolver.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * Fraunhofer Institute for Software and Systems Engineering - Improvements - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.bouncycastle.openssl.jcajce.JcaPEMWriter; -import org.eclipse.edc.keys.AbstractPrivateKeyResolver; -import org.eclipse.edc.keys.spi.KeyParserRegistry; -import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.result.Result; -import org.eclipse.edc.spi.system.configuration.Config; -import org.jetbrains.annotations.NotNull; - -import java.io.IOException; -import java.io.StringWriter; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -/** - * Resolves an RSA or EC private key from a JKS keystore. This is not suitable for production environments, because the keystore - * password is kept in memory for subsequent queries against the JKS. In addition, the {@link KeyStore} will not work in a clustered environment. - */ -public class JksPrivateKeyResolver extends AbstractPrivateKeyResolver { - - private final String password; - private final KeyStore keyStore; - private final Monitor monitor; - - /** - * Constructor. - * Caches the private keys for performance. - * - * @param password the keystore password. Individual key passwords are not supported. - * @param keyStore the keystore - * @param config The config, for resolving the private key in case of fallback - * @param monitor the monitor - */ - public JksPrivateKeyResolver(KeyParserRegistry registry, String password, KeyStore keyStore, Config config, Monitor monitor) { - super(registry, config, monitor); - this.password = password; - this.keyStore = keyStore; - this.monitor = monitor; - } - - @NotNull - @Override - protected Result resolveInternal(String keyId) { - var encodedPwd = password.toCharArray(); - - try { - var iter = keyStore.aliases(); - while (iter.hasMoreElements()) { - var alias = iter.nextElement(); - if (!keyStore.isKeyEntry(alias) || !alias.equals(keyId)) { - continue; - } - // convert to PEM string so that the base class can interpret it. - var key = keyStore.getKey(alias, encodedPwd); - var out = new StringWriter(); - var pw = new JcaPEMWriter(out); - pw.writeObject(key); - pw.close(); - return Result.success(out.toString()); - } - return Result.failure("Private Key with ID '%s' not found in KeyStore.".formatted(keyId)); - - } catch (GeneralSecurityException | IOException e) { - monitor.warning("Error resolving key from KeyStore", e); - return Result.failure("Error resolving key from KeyStore: " + e.getMessage()); - } - } -} diff --git a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/JskPrivateKeyResolverExtension.java b/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/JskPrivateKeyResolverExtension.java deleted file mode 100644 index aaff463ce35..00000000000 --- a/extensions/common/vault/vault-filesystem/src/main/java/org/eclipse/edc/vault/filesystem/JskPrivateKeyResolverExtension.java +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.eclipse.edc.keys.spi.CertificateResolver; -import org.eclipse.edc.keys.spi.KeyParserRegistry; -import org.eclipse.edc.keys.spi.PrivateKeyResolver; -import org.eclipse.edc.runtime.metamodel.annotation.Extension; -import org.eclipse.edc.runtime.metamodel.annotation.Inject; -import org.eclipse.edc.runtime.metamodel.annotation.Provider; -import org.eclipse.edc.runtime.metamodel.annotation.Provides; -import org.eclipse.edc.runtime.metamodel.annotation.Setting; -import org.eclipse.edc.spi.EdcException; -import org.eclipse.edc.spi.system.ServiceExtension; -import org.eclipse.edc.spi.system.ServiceExtensionContext; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Paths; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -import static org.eclipse.edc.vault.filesystem.JskPrivateKeyResolverExtension.NAME; - -@Extension(NAME) -@Provides({ PrivateKeyResolver.class, CertificateResolver.class }) -public class JskPrivateKeyResolverExtension implements ServiceExtension { - public static final String NAME = "JKS PrivateKeyResolver Extension"; - - @Setting - static final String KEYSTORE_LOCATION = "edc.keystore"; - - @Setting - static final String KEYSTORE_PASSWORD = "edc.keystore.password"; - - @Inject - private KeyParserRegistry registry; - private KeyStore keyStore; - - - @Override - public void initialize(ServiceExtensionContext context) { - - var monitor = context.getMonitor(); - monitor.warning("Using the JSK-based Vault and PrivateKeyResolver is intended only for testing and demo purposes. Do NOT use this in a production scenario!"); - - keyStore = loadKeyStore(context); - - } - - @Provider - public PrivateKeyResolver createResolver(ServiceExtensionContext context) { - var keystorePassword = context.getSetting(KEYSTORE_PASSWORD, null); - return new JksPrivateKeyResolver(registry, keystorePassword, keyStore, context.getConfig(), context.getMonitor().withPrefix("PrivateKeyResolution")); - } - - @Provider - public CertificateResolver createCertificateResolver() { - return new FsCertificateResolver(keyStore); - } - - private KeyStore loadKeyStore(ServiceExtensionContext context) { - var keyStoreLocation = context.getSetting(KEYSTORE_LOCATION, "dataspaceconnector-keystore.jks"); - var keyStorePath = Paths.get(keyStoreLocation); - if (!Files.exists(keyStorePath)) { - throw new EdcException("Key store does not exist: " + keyStoreLocation); - } - - var keystorePassword = context.getSetting(KEYSTORE_PASSWORD, null); - if (keystorePassword == null) { - throw new EdcException("Key store password was not specified"); - } - - try (var stream = Files.newInputStream(keyStorePath)) { - var keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - keyStore.load(stream, keystorePassword.toCharArray()); - return keyStore; - } catch (IOException | GeneralSecurityException e) { - throw new EdcException(e); - } - } -} diff --git a/extensions/common/vault/vault-filesystem/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/common/vault/vault-filesystem/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension deleted file mode 100644 index 7b3d29b44ba..00000000000 --- a/extensions/common/vault/vault-filesystem/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ /dev/null @@ -1,16 +0,0 @@ -# -# Copyright (c) 2020, 2021 Microsoft Corporation -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Microsoft Corporation - initial API and implementation -# -# - -org.eclipse.edc.vault.filesystem.FsVaultExtension -org.eclipse.edc.vault.filesystem.JskPrivateKeyResolverExtension diff --git a/extensions/common/vault/vault-filesystem/src/test/java/org/eclipse/edc/vault/filesystem/FsVaultTest.java b/extensions/common/vault/vault-filesystem/src/test/java/org/eclipse/edc/vault/filesystem/FsVaultTest.java deleted file mode 100644 index 886b87082b1..00000000000 --- a/extensions/common/vault/vault-filesystem/src/test/java/org/eclipse/edc/vault/filesystem/FsVaultTest.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.net.URISyntaxException; -import java.nio.file.Paths; - -import static org.junit.jupiter.api.Assertions.assertEquals; - -class FsVaultTest { - private static final String TEST_VAULT = "test-vault.properties"; - - private FsVault vault; - - @Test - void verifyResolution() { - assertEquals("secretvalue1", vault.resolveSecret("secret1")); - assertEquals("secretvalue2", vault.resolveSecret("secret2")); - } - - @BeforeEach - void setUp() throws URISyntaxException { - var uri = getClass().getClassLoader().getResource(TEST_VAULT).toURI(); - vault = new FsVault(Paths.get(uri), false); - } -} diff --git a/extensions/common/vault/vault-filesystem/src/test/java/org/eclipse/edc/vault/filesystem/JksPrivateKeyResolverTest.java b/extensions/common/vault/vault-filesystem/src/test/java/org/eclipse/edc/vault/filesystem/JksPrivateKeyResolverTest.java deleted file mode 100644 index 52a3591619b..00000000000 --- a/extensions/common/vault/vault-filesystem/src/test/java/org/eclipse/edc/vault/filesystem/JksPrivateKeyResolverTest.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2020, 2021 Microsoft Corporation - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Microsoft Corporation - initial API and implementation - * Fraunhofer Institute for Software and Systems Engineering - Improvements - * - */ - -package org.eclipse.edc.vault.filesystem; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.eclipse.edc.keys.keyparsers.PemParser; -import org.eclipse.edc.keys.spi.KeyParserRegistry; -import org.eclipse.edc.spi.result.Result; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Disabled; -import org.junit.jupiter.api.Test; - -import java.security.KeyStore; -import java.security.Security; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.ArgumentMatchers.anyString; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -@Disabled("This resolver will be refactored shortly") -class JksPrivateKeyResolverTest { - private static final String PASSWORD = "test123"; - private static final String TEST_KEYSTORE = "edc-test-keystore.jks"; - - private JksPrivateKeyResolver keyResolver; - private KeyParserRegistry registry; - - @Test - public void resolve_rsaKey() { - assertThat(keyResolver.resolvePrivateKey("testkey")) - .isNotNull(); - } - - @Test - public void resolve_ecKey() { - assertThat(keyResolver.resolvePrivateKey("testkey-ec")) - .isNotNull(); - } - - @BeforeEach - void setUp() throws Exception { - var url = getClass().getClassLoader().getResource(JksPrivateKeyResolverTest.TEST_KEYSTORE); - var keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - assert url != null; - try (var stream = url.openStream()) { - keyStore.load(stream, JksPrivateKeyResolverTest.PASSWORD.toCharArray()); - } - registry = mock(); - var parser = new PemParser(mock()); - when(registry.parse(anyString())).thenAnswer(a -> Result.success(parser.parse(a.getArgument(0)))); - keyResolver = new JksPrivateKeyResolver(registry, JksPrivateKeyResolverTest.PASSWORD, keyStore, mock(), mock()); - Security.addProvider(new BouncyCastleProvider()); - } - -} diff --git a/extensions/common/vault/vault-filesystem/src/test/resources/edc-test-keystore.jks b/extensions/common/vault/vault-filesystem/src/test/resources/edc-test-keystore.jks deleted file mode 100644 index c5d9e5348e2..00000000000 Binary files a/extensions/common/vault/vault-filesystem/src/test/resources/edc-test-keystore.jks and /dev/null differ diff --git a/extensions/common/vault/vault-filesystem/src/test/resources/readme-keystore.txt b/extensions/common/vault/vault-filesystem/src/test/resources/readme-keystore.txt deleted file mode 100644 index 9225e29f2f3..00000000000 --- a/extensions/common/vault/vault-filesystem/src/test/resources/readme-keystore.txt +++ /dev/null @@ -1 +0,0 @@ -The edc-test-keystore.jks contains a test self-signed RSA private key with the alias 'testkey' and a test self-signed EC private key with the alias 'testkey-ec'. The keystore password is test123. diff --git a/extensions/common/vault/vault-filesystem/src/test/resources/test-vault.properties b/extensions/common/vault/vault-filesystem/src/test/resources/test-vault.properties deleted file mode 100644 index 412b0690d3d..00000000000 --- a/extensions/common/vault/vault-filesystem/src/test/resources/test-vault.properties +++ /dev/null @@ -1,16 +0,0 @@ -# -# Copyright (c) 2020, 2021 Microsoft Corporation -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Microsoft Corporation - initial API and implementation -# -# - -secret1=secretvalue1 -secret2=secretvalue2 diff --git a/launchers/sts-server/build.gradle.kts b/launchers/sts-server/build.gradle.kts index bda19569402..93ca06104b8 100644 --- a/launchers/sts-server/build.gradle.kts +++ b/launchers/sts-server/build.gradle.kts @@ -28,7 +28,6 @@ dependencies { implementation(project(":extensions:common:iam:identity-trust:identity-trust-sts:identity-trust-sts-api")) api(project(":extensions:common:iam:identity-trust:identity-trust-sts:identity-trust-sts-client-configuration")) implementation(project(":extensions:common:configuration:configuration-filesystem")) - implementation(project(":extensions:common:vault:vault-filesystem")) } diff --git a/settings.gradle.kts b/settings.gradle.kts index f6f647f1548..4a193876fe0 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -148,7 +148,6 @@ include(":extensions:common:transaction:transaction-atomikos") include(":extensions:common:transaction:transaction-local") include(":extensions:common:validator:validator-data-address-http-data") include(":extensions:common:validator:validator-data-address-kafka") -include(":extensions:common:vault:vault-filesystem") include(":extensions:common:vault:vault-hashicorp") include(":extensions:common:store:sql:edr-index-sql") diff --git a/system-tests/e2e-dataplane-tests/runtimes/data-plane/build.gradle.kts b/system-tests/e2e-dataplane-tests/runtimes/data-plane/build.gradle.kts index 6a8b007ed46..2f5bacd979e 100644 --- a/system-tests/e2e-dataplane-tests/runtimes/data-plane/build.gradle.kts +++ b/system-tests/e2e-dataplane-tests/runtimes/data-plane/build.gradle.kts @@ -22,7 +22,6 @@ dependencies { implementation(project(":extensions:data-plane:data-plane-http")) implementation(project(":extensions:data-plane:data-plane-control-api")) implementation(project(":extensions:data-plane:data-plane-public-api-v2")) - implementation(project(":extensions:common:vault:vault-filesystem")) } edcBuild { diff --git a/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/AbstractDataPlaneTest.java b/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/AbstractDataPlaneTest.java index 5b72fcd1a17..1e0a12b9767 100644 --- a/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/AbstractDataPlaneTest.java +++ b/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/AbstractDataPlaneTest.java @@ -15,6 +15,8 @@ package org.eclipse.edc.test.e2e; import org.eclipse.edc.junit.extensions.EdcRuntimeExtension; +import org.eclipse.edc.junit.testfixtures.TestUtils; +import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.test.e2e.participant.DataPlaneParticipant; import org.junit.jupiter.api.extension.RegisterExtension; @@ -30,4 +32,16 @@ public abstract class AbstractDataPlaneTest { "data-plane", DATAPLANE.dataPlaneConfiguration() ); + + protected void seedVault() { + var vault = runtime.getService(Vault.class); + + var privateKeyContent = TestUtils.getResourceFileContentAsString("certs/key.pem"); + vault.storeSecret("1", privateKeyContent); + + var publicKey = TestUtils.getResourceFileContentAsString("certs/cert.pem"); + vault.storeSecret("public-key", publicKey); + + vault.storeSecret("provision-oauth-secret", "supersecret"); + } } diff --git a/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlanePublicApiEndToEndTest.java b/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlanePublicApiEndToEndTest.java index a853b69c9c2..94c7136c11b 100644 --- a/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlanePublicApiEndToEndTest.java +++ b/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlanePublicApiEndToEndTest.java @@ -84,6 +84,7 @@ void setup() { @Test void httpPull_missingToken_expect401() { + seedVault(); DATAPLANE.getDataPlanePublicEndpoint() .baseRequest() .contentType(ContentType.JSON) @@ -103,6 +104,7 @@ void httpPull_missingToken_expect401() { @Test void httpPull_invalidToken_expect403() { + seedVault(); var token = "some-invalid-token"; DATAPLANE.getDataPlanePublicEndpoint() .baseRequest() @@ -122,6 +124,7 @@ void httpPull_invalidToken_expect403() { @ParameterizedTest(name = "Method = {0}") @ValueSource(strings = { "POST", "PUT", "PATCH" }) void request_withBody_expect200(String method) { + seedVault(); backendDataAddress.getProperties().put(EDC_NAMESPACE + "proxyBody", "true"); backendDataAddress.getProperties().put(EDC_NAMESPACE + "mediaType", "application/json"); @@ -153,6 +156,7 @@ void request_withBody_expect200(String method) { @ParameterizedTest(name = "Method = {0}") @ValueSource(strings = { "GET", "DELETE", "HEAD" }) void request_noBody_expect200(String method) { + seedVault(); var token = createEdr(); var body = DATAPLANE.getDataPlanePublicEndpoint() .baseRequest() @@ -170,6 +174,7 @@ void request_noBody_expect200(String method) { @Test void request_getMultipleIdenticalQuery() { + seedVault(); var token = createEdr(); var body = DATAPLANE.getDataPlanePublicEndpoint() .baseRequest() diff --git a/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlaneSignalingApiEndToEndTest.java b/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlaneSignalingApiEndToEndTest.java index 961fd6736a4..b78f7ae25f2 100644 --- a/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlaneSignalingApiEndToEndTest.java +++ b/system-tests/e2e-dataplane-tests/tests/src/test/java/org/eclipse/edc/test/e2e/DataPlaneSignalingApiEndToEndTest.java @@ -75,6 +75,7 @@ void setup() { @DisplayName("Verify the POST /v1/dataflows endpoint returns the correct EDR") @Test void startTransfer() throws JsonProcessingException { + seedVault(); var jsonLd = runtime.getContext().getService(JsonLd.class); var processId = "test-processId"; @@ -89,6 +90,7 @@ void startTransfer() throws JsonProcessingException { .then() .body(Matchers.notNullValue()) .statusCode(200) + .log().ifError() .extract().body().asString(); var dataFlowResponseMessage = jsonLd.expand(mapper.readValue(resultJson, JsonObject.class)) @@ -113,6 +115,7 @@ void startTransfer() throws JsonProcessingException { @DisplayName("Verify that GET /v1/dataflows/{id}/state returns the correct state") @Test void getState() { + seedVault(); var dataFlowId = "test-flowId"; var flow = DataFlow.Builder.newInstance() @@ -136,6 +139,7 @@ void getState() { @DisplayName("Verify that POST /v1/dataflows/{id}/terminate terminates the flow, with an optional message") @Test void terminate() { + seedVault(); var dataFlowId = "test-flowId"; var flow = DataFlow.Builder.newInstance() @@ -169,6 +173,7 @@ void terminate() { } + private DataFlowStartMessage createStartMessage(String processId) { return DataFlowStartMessage.Builder.newInstance() .processId(processId) diff --git a/system-tests/e2e-dataplane-tests/tests/src/test/resources/consumer-vault.properties b/system-tests/e2e-dataplane-tests/tests/src/test/resources/consumer-vault.properties deleted file mode 100644 index f17168a0345..00000000000 --- a/system-tests/e2e-dataplane-tests/tests/src/test/resources/consumer-vault.properties +++ /dev/null @@ -1,3 +0,0 @@ -public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE----- -1=-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBl6XaJnXTL+6D\nWip3aBhU+MzmY4d1V9hbTm1tiZ3gE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7\nEddidN0ITHB9cQNdAfdUJ5njmsGSPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7\nDHacZT/+OztBH1RwkG2ymM94Hf8HI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvj\nX5qASakBtXISKIsOU84N0/2HDN3WEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga7\n75bPXN3M+JTSaIKE7dZbKzvx0Zi0h5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2\nYmnneYoVAgMBAAECggEBAJHXiN6bctAyn+DcoHlsNkhtVw+Jk5bXIutGXjHTJtiU\nK//siAGC78IZMyXmi0KndPVCdBwShROVW8xWWIiXuZxy2Zvm872xqX4Ah3JsN7/Q\nNrXdVBUDo38zwIGkxqIfIz9crZ4An+J/eq5zaTfRHzCLtswMqjRS2hFeBY5cKrBY\n4bkSDGTP/c5cP7xS/UwaiTR2Ptd41f4zTyd4l5rl30TYHpazQNlbdxcOV4jh2Rnp\nE0+cFEvEfeagVq7RmfBScKG5pk4qcRG0q2QHMyK5y00hdYvhdRjSgN7xIDkeO5B8\ns8/tSLU78nCl2gA9IKxTXYLitpISwZ81Q04mEAKRRtECgYEA+6lKnhn//aXerkLo\nZOLOjWQZhh005jHdNxX7DZqLpTrrfxc8v15KWUkAK1H0QHqYvfPrbbsBV1MY1xXt\nsKmkeu/k8fJQzCIvFN4K2J5W5kMfq9PSw5d3XPeDaQuXUVaxBVp0gzPEPHmkKRbA\nAkUqY0oJwA9gMKf8dK+flmLZfbsCgYEAxO4Roj2G46/Oox1GEZGxdLpiMpr9rEdR\nJlSZ9kMGfddNLV7sFp6yPXDcyc/AOqeNj7tw1MyoT3Ar454+V0q83EZzCXvs4U6f\njUrfFcoVWIwf9AV/J4KWzMIzfqPIeNwqymZKd6BrZgcXXvAEPWt27mwO4a1GhC4G\noZv0t3lAsm8CgYAQ8C0IhSF4tgBN5Ez19VoHpDQflbmowLRt77nNCZjajyOokyzQ\niI0ig0pSoBp7eITtTAyNfyew8/PZDi3IVTKv35OeQTv08VwP4H4EZGve5aetDf3C\nkmBDTpl2qYQOwnH5tUPgTMypcVp+NXzI6lTXB/WuCprjy3qvc96e5ZpT3wKBgQC8\nXny/k9rTL/eYTwgXBiWYYjBL97VudUlKQOKEjNhIxwkrvQBXIrWbz7lh0Tcu49al\nBcaHxru4QLO6pkM7fGHq0fh3ufJ8EZjMrjF1xjdk26Q05o0aXe+hLKHVIRVBhlfo\nArB4fRo+HcpdJXjox0KcDQCvHe+1v9DYBTWvymv4QQKBgBy3YH7hKz35DcXvA2r4\nKis9a4ycuZqTXockO4rkcIwC6CJp9JbHDIRzig8HYOaRqmZ4a+coqLmddXr2uOF1\n7+iAxxG1KzdT6uFNd+e/j2cdUjnqcSmz49PRtdDswgyYhoDT+W4yVGNQ4VuKg6a3\nZ3pC+KTdoHSKeA2FyAGnSUpD\n-----END PRIVATE KEY----- -provision-oauth-secret=supersecret diff --git a/system-tests/e2e-dataplane-tests/tests/src/test/resources/provider-vault.properties b/system-tests/e2e-dataplane-tests/tests/src/test/resources/provider-vault.properties deleted file mode 100644 index f17168a0345..00000000000 --- a/system-tests/e2e-dataplane-tests/tests/src/test/resources/provider-vault.properties +++ /dev/null @@ -1,3 +0,0 @@ -public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE----- -1=-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBl6XaJnXTL+6D\nWip3aBhU+MzmY4d1V9hbTm1tiZ3gE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7\nEddidN0ITHB9cQNdAfdUJ5njmsGSPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7\nDHacZT/+OztBH1RwkG2ymM94Hf8HI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvj\nX5qASakBtXISKIsOU84N0/2HDN3WEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga7\n75bPXN3M+JTSaIKE7dZbKzvx0Zi0h5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2\nYmnneYoVAgMBAAECggEBAJHXiN6bctAyn+DcoHlsNkhtVw+Jk5bXIutGXjHTJtiU\nK//siAGC78IZMyXmi0KndPVCdBwShROVW8xWWIiXuZxy2Zvm872xqX4Ah3JsN7/Q\nNrXdVBUDo38zwIGkxqIfIz9crZ4An+J/eq5zaTfRHzCLtswMqjRS2hFeBY5cKrBY\n4bkSDGTP/c5cP7xS/UwaiTR2Ptd41f4zTyd4l5rl30TYHpazQNlbdxcOV4jh2Rnp\nE0+cFEvEfeagVq7RmfBScKG5pk4qcRG0q2QHMyK5y00hdYvhdRjSgN7xIDkeO5B8\ns8/tSLU78nCl2gA9IKxTXYLitpISwZ81Q04mEAKRRtECgYEA+6lKnhn//aXerkLo\nZOLOjWQZhh005jHdNxX7DZqLpTrrfxc8v15KWUkAK1H0QHqYvfPrbbsBV1MY1xXt\nsKmkeu/k8fJQzCIvFN4K2J5W5kMfq9PSw5d3XPeDaQuXUVaxBVp0gzPEPHmkKRbA\nAkUqY0oJwA9gMKf8dK+flmLZfbsCgYEAxO4Roj2G46/Oox1GEZGxdLpiMpr9rEdR\nJlSZ9kMGfddNLV7sFp6yPXDcyc/AOqeNj7tw1MyoT3Ar454+V0q83EZzCXvs4U6f\njUrfFcoVWIwf9AV/J4KWzMIzfqPIeNwqymZKd6BrZgcXXvAEPWt27mwO4a1GhC4G\noZv0t3lAsm8CgYAQ8C0IhSF4tgBN5Ez19VoHpDQflbmowLRt77nNCZjajyOokyzQ\niI0ig0pSoBp7eITtTAyNfyew8/PZDi3IVTKv35OeQTv08VwP4H4EZGve5aetDf3C\nkmBDTpl2qYQOwnH5tUPgTMypcVp+NXzI6lTXB/WuCprjy3qvc96e5ZpT3wKBgQC8\nXny/k9rTL/eYTwgXBiWYYjBL97VudUlKQOKEjNhIxwkrvQBXIrWbz7lh0Tcu49al\nBcaHxru4QLO6pkM7fGHq0fh3ufJ8EZjMrjF1xjdk26Q05o0aXe+hLKHVIRVBhlfo\nArB4fRo+HcpdJXjox0KcDQCvHe+1v9DYBTWvymv4QQKBgBy3YH7hKz35DcXvA2r4\nKis9a4ycuZqTXockO4rkcIwC6CJp9JbHDIRzig8HYOaRqmZ4a+coqLmddXr2uOF1\n7+iAxxG1KzdT6uFNd+e/j2cdUjnqcSmz49PRtdDswgyYhoDT+W4yVGNQ4VuKg6a3\nZ3pC+KTdoHSKeA2FyAGnSUpD\n-----END PRIVATE KEY----- -provision-oauth-secret=supersecret diff --git a/system-tests/e2e-transfer-test/control-plane/build.gradle.kts b/system-tests/e2e-transfer-test/control-plane/build.gradle.kts index f9f6d4bc3d9..f438c0d7282 100644 --- a/system-tests/e2e-transfer-test/control-plane/build.gradle.kts +++ b/system-tests/e2e-transfer-test/control-plane/build.gradle.kts @@ -20,7 +20,6 @@ dependencies { implementation(project(":core:common:token-core")) implementation(project(":core:control-plane:control-plane-core")) implementation(project(":data-protocols:dsp")) - implementation(project(":extensions:common:vault:vault-filesystem")) implementation(project(":extensions:common:http")) implementation(project(":extensions:common:iam:iam-mock")) implementation(project(":extensions:control-plane:api:control-plane-api")) diff --git a/system-tests/e2e-transfer-test/data-plane/build.gradle.kts b/system-tests/e2e-transfer-test/data-plane/build.gradle.kts index bd1207165fc..8f43f906b4b 100644 --- a/system-tests/e2e-transfer-test/data-plane/build.gradle.kts +++ b/system-tests/e2e-transfer-test/data-plane/build.gradle.kts @@ -25,7 +25,6 @@ dependencies { implementation(project(":extensions:data-plane:data-plane-http-oauth2")) implementation(project(":extensions:data-plane:data-plane-control-api")) implementation(project(":extensions:data-plane:data-plane-signaling:data-plane-signaling-api")) - implementation(project(":extensions:common:vault:vault-filesystem")) } edcBuild { diff --git a/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferEndToEndTestBase.java b/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferEndToEndTestBase.java index e183a37bb67..8b87614e580 100644 --- a/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferEndToEndTestBase.java +++ b/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferEndToEndTestBase.java @@ -15,17 +15,18 @@ package org.eclipse.edc.test.e2e; import jakarta.json.JsonObject; +import org.eclipse.edc.junit.extensions.EdcRuntimeExtension; +import org.eclipse.edc.spi.security.Vault; import java.time.Duration; import java.util.Map; import java.util.UUID; import static org.eclipse.edc.connector.controlplane.test.system.utils.PolicyFixtures.noConstraintPolicy; +import static org.eclipse.edc.junit.testfixtures.TestUtils.getResourceFileContentAsString; public abstract class TransferEndToEndTestBase { - protected final Duration timeout = Duration.ofSeconds(60); - protected static final TransferEndToEndParticipant CONSUMER = TransferEndToEndParticipant.Builder.newInstance() .name("consumer") .id("urn:connector:consumer") @@ -34,6 +35,19 @@ public abstract class TransferEndToEndTestBase { .name("provider") .id("urn:connector:provider") .build(); + protected final Duration timeout = Duration.ofSeconds(60); + + protected static void seedVault(EdcRuntimeExtension runtime) { + var vault = runtime.getService(Vault.class); + + var privateKeyContent = getResourceFileContentAsString("certs/key.pem"); + vault.storeSecret("1", privateKeyContent); + + var publicKey = getResourceFileContentAsString("certs/cert.pem"); + vault.storeSecret("public-key", publicKey); + + vault.storeSecret("provision-oauth-secret", "supersecret"); + } protected void createResourcesOnProvider(String assetId, JsonObject contractPolicy, Map dataAddressProperties) { PROVIDER.createAsset(assetId, Map.of("description", "description"), dataAddressProperties); diff --git a/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPullEndToEndTest.java b/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPullEndToEndTest.java index ea0b372c9ba..47dd5ff0c47 100644 --- a/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPullEndToEndTest.java +++ b/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPullEndToEndTest.java @@ -28,6 +28,7 @@ import org.eclipse.edc.junit.annotations.EndToEndTest; import org.eclipse.edc.junit.annotations.PostgresqlIntegrationTest; import org.eclipse.edc.junit.extensions.EdcClassRuntimesExtension; +import org.eclipse.edc.junit.extensions.EdcRuntimeExtension; import org.eclipse.edc.spi.event.EventEnvelope; import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.AfterEach; @@ -72,55 +73,6 @@ class TransferPullEndToEndTest { - @Nested - @EndToEndTest - class InMemory extends Tests { - - @RegisterExtension - static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( - Runtimes.InMemory.controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()), - backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), - Runtimes.InMemory.controlPlane("provider-control-plane", PROVIDER.controlPlaneConfiguration()), - Runtimes.InMemory.dataPlane("provider-data-plane", PROVIDER.dataPlaneConfiguration()), - backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) - ); - - } - - @Nested - @EndToEndTest - class EmbeddedDataPlane extends Tests { - - @RegisterExtension - static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( - Runtimes.InMemory.controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()), - backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), - Runtimes.InMemory.controlPlaneEmbeddedDataPlane("provider-control-plane", PROVIDER.controlPlaneEmbeddedDataPlaneConfiguration()), - backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) - ); - - } - - @Nested - @PostgresqlIntegrationTest - class Postgres extends Tests { - - @RegisterExtension - static final BeforeAllCallback CREATE_DATABASES = context -> { - createDatabase(CONSUMER.getName()); - createDatabase(PROVIDER.getName()); - }; - - @RegisterExtension - static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( - Runtimes.Postgres.controlPlane("consumer-control-plane", CONSUMER.controlPlanePostgresConfiguration()), - backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), - Runtimes.Postgres.controlPlane("provider-control-plane", PROVIDER.controlPlanePostgresConfiguration()), - Runtimes.Postgres.dataPlane("provider-data-plane", PROVIDER.dataPlanePostgresConfiguration()), - backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) - ); - } - abstract static class Tests extends TransferEndToEndTestBase { private static final ObjectMapper MAPPER = new ObjectMapper(); private static final String CALLBACK_PATH = "hooks"; @@ -139,6 +91,7 @@ void tearDown() { @Test void httpPull_dataTransfer_withCallbacks() { + seedVaults(); var assetId = UUID.randomUUID().toString(); createResourcesOnProvider(assetId, noConstraintPolicy(), httpDataAddressProperties()); var dynamicReceiverProps = CONSUMER.dynamicReceiverPrivateProperties(); @@ -175,6 +128,7 @@ void httpPull_dataTransfer_withCallbacks() { @Test void httpPull_dataTransfer_withEdrCache() { + seedVaults(); var assetId = UUID.randomUUID().toString(); createResourcesOnProvider(assetId, PolicyFixtures.contractExpiresIn("10s"), httpDataAddressProperties()); var dynamicReceiverProps = CONSUMER.dynamicReceiverPrivateProperties(); @@ -204,6 +158,7 @@ void httpPull_dataTransfer_withEdrCache() { @Test void suspendAndResume_httpPull_dataTransfer_withEdrCache() { + seedVaults(); var assetId = UUID.randomUUID().toString(); createResourcesOnProvider(assetId, noConstraintPolicy(), httpDataAddressProperties()); @@ -240,6 +195,7 @@ void suspendAndResume_httpPull_dataTransfer_withEdrCache() { @Test void pullFromHttp_httpProvision() { + seedVaults(); var assetId = UUID.randomUUID().toString(); createResourcesOnProvider(assetId, noConstraintPolicy(), Map.of( "name", "transfer-test", @@ -266,6 +222,7 @@ void pullFromHttp_httpProvision() { @Test void shouldTerminateTransfer_whenContractExpires_fixedInForcePeriod() { + seedVaults(); var assetId = UUID.randomUUID().toString(); var now = Instant.now(); @@ -285,6 +242,7 @@ void shouldTerminateTransfer_whenContractExpires_fixedInForcePeriod() { @Test void shouldTerminateTransfer_whenContractExpires_durationInForcePeriod() { + seedVaults(); var assetId = UUID.randomUUID().toString(); var now = Instant.now(); // contract was valid from t-10d to t-5d, so "now" it is expired @@ -300,13 +258,6 @@ void shouldTerminateTransfer_whenContractExpires_durationInForcePeriod() { }); } - private void awaitTransferToBeInState(String transferProcessId, TransferProcessStates state) { - await().atMost(timeout).until( - () -> CONSUMER.getTransferProcessState(transferProcessId), - it -> Objects.equals(it, state.name()) - ); - } - public JsonObject createCallback(String url, boolean transactional, Set events) { return Json.createObjectBuilder() .add(TYPE, EDC_NAMESPACE + "CallbackAddress") @@ -319,6 +270,15 @@ public JsonObject createCallback(String url, boolean transactional, Set .build(); } + protected abstract void seedVaults(); + + private void awaitTransferToBeInState(String transferProcessId, TransferProcessStates state) { + await().atMost(timeout).until( + () -> CONSUMER.getTransferProcessState(transferProcessId), + it -> Objects.equals(it, state.name()) + ); + } + @NotNull private Map httpDataAddressProperties() { return Map.of( @@ -352,4 +312,79 @@ private String callbackUrl() { } + @Nested + @EndToEndTest + class InMemory extends Tests { + + private static final EdcRuntimeExtension CONSUMER_RUNTIME = Runtimes.InMemory.controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()); + private static final EdcRuntimeExtension PROVIDER_RUNTIME = Runtimes.InMemory.controlPlane("provider-control-plane", PROVIDER.controlPlaneConfiguration()); + private static final EdcRuntimeExtension PROVIDER_DATAPLANE = Runtimes.InMemory.dataPlane("provider-data-plane", PROVIDER.dataPlaneConfiguration()); + @RegisterExtension + static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( + CONSUMER_RUNTIME, + backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), + PROVIDER_RUNTIME, + PROVIDER_DATAPLANE, + backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) + ); + + @Override + protected void seedVaults() { + seedVault(CONSUMER_RUNTIME); + seedVault(PROVIDER_RUNTIME); + seedVault(PROVIDER_DATAPLANE); + } + } + + @Nested + @EndToEndTest + class EmbeddedDataPlane extends Tests { + + private static final EdcRuntimeExtension CONSUMER_RUNTIME = Runtimes.InMemory.controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()); + private static final EdcRuntimeExtension PROVIDER_RUNTIME = Runtimes.InMemory.controlPlaneEmbeddedDataPlane("provider-control-plane", PROVIDER.controlPlaneEmbeddedDataPlaneConfiguration()); + @RegisterExtension + static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( + CONSUMER_RUNTIME, + backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), + PROVIDER_RUNTIME, + backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) + ); + + @Override + protected void seedVaults() { + seedVault(CONSUMER_RUNTIME); + seedVault(PROVIDER_RUNTIME); + } + } + + @Nested + @PostgresqlIntegrationTest + class Postgres extends Tests { + + @RegisterExtension + static final BeforeAllCallback CREATE_DATABASES = context -> { + createDatabase(CONSUMER.getName()); + createDatabase(PROVIDER.getName()); + }; + + private static final EdcRuntimeExtension CONSUMER_RUNTIME = Runtimes.Postgres.controlPlane("consumer-control-plane", CONSUMER.controlPlanePostgresConfiguration()); + private static final EdcRuntimeExtension PROVIDER_RUNTIME = Runtimes.Postgres.controlPlane("provider-control-plane", PROVIDER.controlPlanePostgresConfiguration()); + private static final EdcRuntimeExtension PROVIDER_DATAPLANE = Runtimes.Postgres.dataPlane("provider-data-plane", PROVIDER.dataPlanePostgresConfiguration()); + @RegisterExtension + static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( + CONSUMER_RUNTIME, + backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), + PROVIDER_RUNTIME, + PROVIDER_DATAPLANE, + backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) + ); + + @Override + protected void seedVaults() { + seedVault(CONSUMER_RUNTIME); + seedVault(PROVIDER_RUNTIME); + seedVault(PROVIDER_DATAPLANE); + } + } + } diff --git a/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPushEndToEndTest.java b/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPushEndToEndTest.java index 77bdd7ab728..c405ec34320 100644 --- a/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPushEndToEndTest.java +++ b/system-tests/e2e-transfer-test/runner/src/test/java/org/eclipse/edc/test/e2e/TransferPushEndToEndTest.java @@ -19,6 +19,7 @@ import org.eclipse.edc.junit.annotations.EndToEndTest; import org.eclipse.edc.junit.annotations.PostgresqlIntegrationTest; import org.eclipse.edc.junit.extensions.EdcClassRuntimesExtension; +import org.eclipse.edc.junit.extensions.EdcRuntimeExtension; import org.jetbrains.annotations.NotNull; import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; @@ -48,59 +49,11 @@ class TransferPushEndToEndTest { - @Nested - @EndToEndTest - class InMemory extends Tests { - - @RegisterExtension - static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( - controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()), - backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), - controlPlane("provider-control-plane", PROVIDER.controlPlaneConfiguration()), - dataPlane("provider-data-plane", PROVIDER.dataPlaneConfiguration()), - backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) - ); - - } - - @Nested - @EndToEndTest - class EmbeddedDataPlane extends Tests { - - @RegisterExtension - static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( - controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()), - backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), - controlPlaneEmbeddedDataPlane("provider-control-plane", PROVIDER.controlPlaneEmbeddedDataPlaneConfiguration()), - backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) - ); - - } - - @Nested - @PostgresqlIntegrationTest - class Postgres extends Tests { - - @RegisterExtension - static final BeforeAllCallback CREATE_DATABASES = context -> { - createDatabase(CONSUMER.getName()); - createDatabase(PROVIDER.getName()); - }; - - @RegisterExtension - static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( - Runtimes.Postgres.controlPlane("consumer-control-plane", CONSUMER.controlPlanePostgresConfiguration()), - backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), - Runtimes.Postgres.controlPlane("provider-control-plane", PROVIDER.controlPlanePostgresConfiguration()), - Runtimes.Postgres.dataPlane("provider-data-plane", PROVIDER.dataPlanePostgresConfiguration()), - backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) - ); - } - abstract static class Tests extends TransferEndToEndTestBase { @Test void httpPushDataTransfer() { + seedVaults(); var assetId = UUID.randomUUID().toString(); createResourcesOnProvider(assetId, noConstraintPolicy(), httpDataAddressProperties()); var destination = httpDataAddress(CONSUMER.backendService() + "/api/consumer/store"); @@ -122,6 +75,7 @@ void httpPushDataTransfer() { @Test void httpToHttp_oauth2Provisioning() { + seedVaults(); var assetId = UUID.randomUUID().toString(); var sourceDataAddressProperties = Map.of( "type", "HttpData", @@ -150,6 +104,8 @@ void httpToHttp_oauth2Provisioning() { }); } + protected abstract void seedVaults(); + private JsonObject httpDataAddress(String baseUrl) { return createObjectBuilder() .add(TYPE, EDC_NAMESPACE + "DataAddress") @@ -173,4 +129,80 @@ private JsonObject noPrivateProperty() { } } + @Nested + @EndToEndTest + class InMemory extends Tests { + + private static final EdcRuntimeExtension CONSUMER_RUNTIME = controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()); + private static final EdcRuntimeExtension PROVIDER_RUNTIME = controlPlane("provider-control-plane", PROVIDER.controlPlaneConfiguration()); + private static final EdcRuntimeExtension PROVIDER_DATAPLANE = dataPlane("provider-data-plane", PROVIDER.dataPlaneConfiguration()); + @RegisterExtension + static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( + CONSUMER_RUNTIME, + backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), + PROVIDER_RUNTIME, + PROVIDER_DATAPLANE, + backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) + ); + + @Override + protected void seedVaults() { + seedVault(CONSUMER_RUNTIME); + seedVault(PROVIDER_RUNTIME); + seedVault(PROVIDER_DATAPLANE); + } + } + + @Nested + @EndToEndTest + class EmbeddedDataPlane extends Tests { + + private static final EdcRuntimeExtension CONSUMER_RUNTIME = controlPlane("consumer-control-plane", CONSUMER.controlPlaneConfiguration()); + private static final EdcRuntimeExtension PROVIDER_RUNTIME = controlPlaneEmbeddedDataPlane("provider-control-plane", PROVIDER.controlPlaneEmbeddedDataPlaneConfiguration()); + @RegisterExtension + static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( + CONSUMER_RUNTIME, + backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), + PROVIDER_RUNTIME, + backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) + ); + + + @Override + protected void seedVaults() { + seedVault(CONSUMER_RUNTIME); + seedVault(PROVIDER_RUNTIME); + } + } + + @Nested + @PostgresqlIntegrationTest + class Postgres extends Tests { + + @RegisterExtension + static final BeforeAllCallback CREATE_DATABASES = context -> { + createDatabase(CONSUMER.getName()); + createDatabase(PROVIDER.getName()); + }; + + private static final EdcRuntimeExtension CONSUMER_RUNTIME = Runtimes.Postgres.controlPlane("consumer-control-plane", CONSUMER.controlPlanePostgresConfiguration()); + private static final EdcRuntimeExtension PROVIDER_RUNTIME = Runtimes.Postgres.controlPlane("provider-control-plane", PROVIDER.controlPlanePostgresConfiguration()); + private static final EdcRuntimeExtension PROVIDER_DATAPLANE = Runtimes.Postgres.dataPlane("provider-data-plane", PROVIDER.dataPlanePostgresConfiguration()); + @RegisterExtension + static final EdcClassRuntimesExtension RUNTIMES = new EdcClassRuntimesExtension( + CONSUMER_RUNTIME, + backendService("consumer-backend-service", CONSUMER.backendServiceConfiguration()), + PROVIDER_RUNTIME, + PROVIDER_DATAPLANE, + backendService("provider-backend-service", PROVIDER.backendServiceConfiguration()) + ); + + @Override + protected void seedVaults() { + seedVault(CONSUMER_RUNTIME); + seedVault(PROVIDER_RUNTIME); + seedVault(PROVIDER_DATAPLANE); + } + } + } diff --git a/system-tests/e2e-transfer-test/runner/src/test/resources/consumer-vault.properties b/system-tests/e2e-transfer-test/runner/src/test/resources/consumer-vault.properties deleted file mode 100644 index f17168a0345..00000000000 --- a/system-tests/e2e-transfer-test/runner/src/test/resources/consumer-vault.properties +++ /dev/null @@ -1,3 +0,0 @@ -public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE----- -1=-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBl6XaJnXTL+6D\nWip3aBhU+MzmY4d1V9hbTm1tiZ3gE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7\nEddidN0ITHB9cQNdAfdUJ5njmsGSPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7\nDHacZT/+OztBH1RwkG2ymM94Hf8HI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvj\nX5qASakBtXISKIsOU84N0/2HDN3WEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga7\n75bPXN3M+JTSaIKE7dZbKzvx0Zi0h5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2\nYmnneYoVAgMBAAECggEBAJHXiN6bctAyn+DcoHlsNkhtVw+Jk5bXIutGXjHTJtiU\nK//siAGC78IZMyXmi0KndPVCdBwShROVW8xWWIiXuZxy2Zvm872xqX4Ah3JsN7/Q\nNrXdVBUDo38zwIGkxqIfIz9crZ4An+J/eq5zaTfRHzCLtswMqjRS2hFeBY5cKrBY\n4bkSDGTP/c5cP7xS/UwaiTR2Ptd41f4zTyd4l5rl30TYHpazQNlbdxcOV4jh2Rnp\nE0+cFEvEfeagVq7RmfBScKG5pk4qcRG0q2QHMyK5y00hdYvhdRjSgN7xIDkeO5B8\ns8/tSLU78nCl2gA9IKxTXYLitpISwZ81Q04mEAKRRtECgYEA+6lKnhn//aXerkLo\nZOLOjWQZhh005jHdNxX7DZqLpTrrfxc8v15KWUkAK1H0QHqYvfPrbbsBV1MY1xXt\nsKmkeu/k8fJQzCIvFN4K2J5W5kMfq9PSw5d3XPeDaQuXUVaxBVp0gzPEPHmkKRbA\nAkUqY0oJwA9gMKf8dK+flmLZfbsCgYEAxO4Roj2G46/Oox1GEZGxdLpiMpr9rEdR\nJlSZ9kMGfddNLV7sFp6yPXDcyc/AOqeNj7tw1MyoT3Ar454+V0q83EZzCXvs4U6f\njUrfFcoVWIwf9AV/J4KWzMIzfqPIeNwqymZKd6BrZgcXXvAEPWt27mwO4a1GhC4G\noZv0t3lAsm8CgYAQ8C0IhSF4tgBN5Ez19VoHpDQflbmowLRt77nNCZjajyOokyzQ\niI0ig0pSoBp7eITtTAyNfyew8/PZDi3IVTKv35OeQTv08VwP4H4EZGve5aetDf3C\nkmBDTpl2qYQOwnH5tUPgTMypcVp+NXzI6lTXB/WuCprjy3qvc96e5ZpT3wKBgQC8\nXny/k9rTL/eYTwgXBiWYYjBL97VudUlKQOKEjNhIxwkrvQBXIrWbz7lh0Tcu49al\nBcaHxru4QLO6pkM7fGHq0fh3ufJ8EZjMrjF1xjdk26Q05o0aXe+hLKHVIRVBhlfo\nArB4fRo+HcpdJXjox0KcDQCvHe+1v9DYBTWvymv4QQKBgBy3YH7hKz35DcXvA2r4\nKis9a4ycuZqTXockO4rkcIwC6CJp9JbHDIRzig8HYOaRqmZ4a+coqLmddXr2uOF1\n7+iAxxG1KzdT6uFNd+e/j2cdUjnqcSmz49PRtdDswgyYhoDT+W4yVGNQ4VuKg6a3\nZ3pC+KTdoHSKeA2FyAGnSUpD\n-----END PRIVATE KEY----- -provision-oauth-secret=supersecret diff --git a/system-tests/e2e-transfer-test/runner/src/test/resources/provider-vault.properties b/system-tests/e2e-transfer-test/runner/src/test/resources/provider-vault.properties deleted file mode 100644 index f17168a0345..00000000000 --- a/system-tests/e2e-transfer-test/runner/src/test/resources/provider-vault.properties +++ /dev/null @@ -1,3 +0,0 @@ -public-key=-----BEGIN CERTIFICATE-----\r\nMIIDazCCAlOgAwIBAgIUZ3/sZXYzW4PjmOXKrZn6WBmUJ+4wDQYJKoZIhvcNAQEL\r\nBQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM\r\nGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjAyMjMxNTA2MDNaFw0zMjAy\r\nMjExNTA2MDNaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw\r\nHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB\r\nAQUAA4IBDwAwggEKAoIBAQDBl6XaJnXTL+6DWip3aBhU+MzmY4d1V9hbTm1tiZ3g\r\nE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7EddidN0ITHB9cQNdAfdUJ5njmsGS\r\nPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7DHacZT/+OztBH1RwkG2ymM94Hf8H\r\nI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvjX5qASakBtXISKIsOU84N0/2HDN3W\r\nEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga775bPXN3M+JTSaIKE7dZbKzvx0Zi0\r\nh5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2YmnneYoVAgMBAAGjUzBRMB0GA1Ud\r\nDgQWBBTvK1wVERwjni4B2vdH7KtEJeVWFzAfBgNVHSMEGDAWgBTvK1wVERwjni4B\r\n2vdH7KtEJeVWFzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBn\r\nQHiPA7OBYukHd9gS7c0HXE+fsWcS3GZeLqcHfQQnV3pte1vTmu9//IVW71wNCJ1/\r\nrySRyODPQoPehxEcyHwupNZSzXK//nPlTdSgjMfFxscvt1YndyQLQYCfyOJMixAe\r\nAqrb14GTFHUUrdor0PyElhkULjkOXUrSIsdBrfWrwLTkelE8NK3tb5ZG8KPzD9Jy\r\n+NwEPPr9d+iHkUkM7EFWw/cl56wka9ryBb97RI7DqbO6/j6OXHMk4GByxKv7DSIR\r\nIvF9/Dw20qytajtaHV0pluFcOBuFc0NfiDvCaQlbTsfjzbc6UmZWbOi9YOJl3VQ/\r\ng3h+15GuzbsSzOCOEYOT\r\n-----END CERTIFICATE----- -1=-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBl6XaJnXTL+6D\nWip3aBhU+MzmY4d1V9hbTm1tiZ3gE0VbUrvGO3LoYaxpPv6zFmsg3uJv6JxVAde7\nEddidN0ITHB9cQNdAfdUJ5njmsGSPbdQuOQTHw0aG7/QvTI/nsvfEE6e0lbV/0e7\nDHacZT/+OztBH1RwkG2ymM94Hf8HI6x7q6yfRTAZOqeOMrPCYTcluAgE9NskoPvj\nX5qASakBtXISKIsOU84N0/2HDN3WEGMXvoHUQu6vrij6BwiwxKaw1AKwWENKoga7\n75bPXN3M+JTSaIKE7dZbKzvx0Zi0h5X+bxc3BJi3Z/CsUBCzE+Y0SFetOiYmyl/2\nYmnneYoVAgMBAAECggEBAJHXiN6bctAyn+DcoHlsNkhtVw+Jk5bXIutGXjHTJtiU\nK//siAGC78IZMyXmi0KndPVCdBwShROVW8xWWIiXuZxy2Zvm872xqX4Ah3JsN7/Q\nNrXdVBUDo38zwIGkxqIfIz9crZ4An+J/eq5zaTfRHzCLtswMqjRS2hFeBY5cKrBY\n4bkSDGTP/c5cP7xS/UwaiTR2Ptd41f4zTyd4l5rl30TYHpazQNlbdxcOV4jh2Rnp\nE0+cFEvEfeagVq7RmfBScKG5pk4qcRG0q2QHMyK5y00hdYvhdRjSgN7xIDkeO5B8\ns8/tSLU78nCl2gA9IKxTXYLitpISwZ81Q04mEAKRRtECgYEA+6lKnhn//aXerkLo\nZOLOjWQZhh005jHdNxX7DZqLpTrrfxc8v15KWUkAK1H0QHqYvfPrbbsBV1MY1xXt\nsKmkeu/k8fJQzCIvFN4K2J5W5kMfq9PSw5d3XPeDaQuXUVaxBVp0gzPEPHmkKRbA\nAkUqY0oJwA9gMKf8dK+flmLZfbsCgYEAxO4Roj2G46/Oox1GEZGxdLpiMpr9rEdR\nJlSZ9kMGfddNLV7sFp6yPXDcyc/AOqeNj7tw1MyoT3Ar454+V0q83EZzCXvs4U6f\njUrfFcoVWIwf9AV/J4KWzMIzfqPIeNwqymZKd6BrZgcXXvAEPWt27mwO4a1GhC4G\noZv0t3lAsm8CgYAQ8C0IhSF4tgBN5Ez19VoHpDQflbmowLRt77nNCZjajyOokyzQ\niI0ig0pSoBp7eITtTAyNfyew8/PZDi3IVTKv35OeQTv08VwP4H4EZGve5aetDf3C\nkmBDTpl2qYQOwnH5tUPgTMypcVp+NXzI6lTXB/WuCprjy3qvc96e5ZpT3wKBgQC8\nXny/k9rTL/eYTwgXBiWYYjBL97VudUlKQOKEjNhIxwkrvQBXIrWbz7lh0Tcu49al\nBcaHxru4QLO6pkM7fGHq0fh3ufJ8EZjMrjF1xjdk26Q05o0aXe+hLKHVIRVBhlfo\nArB4fRo+HcpdJXjox0KcDQCvHe+1v9DYBTWvymv4QQKBgBy3YH7hKz35DcXvA2r4\nKis9a4ycuZqTXockO4rkcIwC6CJp9JbHDIRzig8HYOaRqmZ4a+coqLmddXr2uOF1\n7+iAxxG1KzdT6uFNd+e/j2cdUjnqcSmz49PRtdDswgyYhoDT+W4yVGNQ4VuKg6a3\nZ3pC+KTdoHSKeA2FyAGnSUpD\n-----END PRIVATE KEY----- -provision-oauth-secret=supersecret