From 5e8858849dc04f9451f75c103ca594110744fb48 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Fri, 19 Jul 2024 15:07:24 +0200 Subject: [PATCH] update credentials, tests and export postman environments --- README.md | 30 ++++-- .../consumer/dataprocessor-credential.json | 2 +- .../k8s/consumer/membership-credential.json | 2 +- .../provider/dataprocessor-credential.json | 4 +- .../k8s/provider/dataprocessor_vc.json | 3 +- .../k8s/provider/membership-credential.json | 2 +- .../consumer/dataprocessor-credential.json | 2 +- .../local/consumer/membership-credential.json | 2 +- .../provider/dataprocessor-credential.json | 4 +- .../local/provider/membership-credential.json | 2 +- .../provider/unsigned/dataprocessor_vc.json | 4 +- .../postman/MVD K8S.postman_environment.json | 51 +++++++++++ ...Local Development.postman_environment.json | 51 +++++++++++ .../postman/MVD.postman_collection.json | 6 +- .../AbstractCredentialEvaluationFunction.java | 42 +++++++++ .../dcp/policy/DataAccessLevelFunction.java | 32 ++++--- ...embershipCredentialEvaluationFunction.java | 39 +++++--- .../dcp/policy/PolicyEvaluationExtension.java | 18 ++-- .../tests/transfer/TransferEndToEndTest.java | 91 ++++++++++++++++++- .../test/resources/negotiation-request.json | 6 +- 20 files changed, 323 insertions(+), 70 deletions(-) create mode 100644 deployment/postman/MVD K8S.postman_environment.json create mode 100644 deployment/postman/MVD Local Development.postman_environment.json create mode 100644 extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java diff --git a/README.md b/README.md index 572a64fe..fa79bdfe 100644 --- a/README.md +++ b/README.md @@ -80,28 +80,38 @@ resolve the actual asset from "provider-qna" and "provider-manufacturing". Both assets of "provider-qna" and "provider-manufacturing" have some access restrictions on them: -- `asset-1`: requires a membership credential to view and a Data Processor credential to negotiate a contract and - transfer data -- `asset-2`: requires a membership credential to view and a Sensitive Data credential to negotiate a contract +- `asset-1`: requires a membership credential to view and a Data Processor credential with `"level": "processing"` to + negotiate a contract and transfer data +- `asset-2`: requires a membership credential to view and a Data Processor credential with a `"level": "sensitive"` to + negotiate a contract These requirements are formulated as EDC policies. In addition, it is a dataspace rule that the `MembershipCredential` must be presented in _every_ request. This credential attests that the holder is a member of the dataspace. -In this fictitious dataspace, the DataProcessorCredential attests to the "ability of the holder to process data", and -the SensitiveDataCredential attests to the "ability of the holder to handle sensitive data". +In this fictitious dataspace, the DataProcessorCredential attests to the "ability of the holder to process data at a +certain level". The following levels exist: -All participants of the dataspace are in possession of the `MembershipCredential` as well as a `DataProcessorCredential`. -_None possess the `SensitiveDataCredential`_. That means that no contract for `asset-2` can be negotiated! -For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants' credential -storage ([no issuance](#5-no-issuance-yet)). +- `"processing"`: means, the holder can process non-sensitive data +- `"sensitive"`: means, the holder has undergone "some very highly secure vetting process" and can process sensitive + data + +The information about the level of data a holder can process is stored in the `credentialSubject` of the +DataProcessorCredential. + +All participants of the dataspace are in possession of the `MembershipCredential` as well as +a `DataProcessorCredential` with level `"processing"`. +_None possess the `DataProcessorCredential` with level="sensitive"_. That means that no contract for `asset-2` can be +negotiated. For the purposes of this demo the VerifiableCredentials are pre-created and are seeded to the participants' +credential storage ([no issuance](#5-no-issuance-yet)). If the consumer wants to view the consolidated catalog (containing assets from the provider's Q&A and manufacturing departments), then negotiate a contract for an asset, and then transfer the asset, she needs to present several credentials: - catalog request: present `MembershipCredential` -- contract negotiation: `MembershipCredential` and `DataProcessorCredential` or `SensitiveDataCredential`, respectively +- contract negotiation: `MembershipCredential` and `DataProcessorCredential(level=processing)` + or `DataProcessorCredential(level=sensitive)`, respectively - transfer process: `MembershipCredential` ## Running the demo (inside IntelliJ) diff --git a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json index ea34cf64..62395359 100644 --- a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json +++ b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "JWT", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyMTM4NDg3Mn0.y8vY5eF3VMyt0jGPrfsNn5oQMBDsNgMFGf0aw1zMR4NFuOw7OqaUc-zI2UjMRR00hUz9bykWKqCRK_KwG1pCAw", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTcyMTM4NTQ3N30.4GxNoNT9to7tlKfddUk5_fjAyetNH7FBkKNJui3Q_672IorxR43ztuRTOqgyoF_hNzN-fMkTYrwrLZaLhRYSDg", "credential": { "credentialSubject": [ { diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json index dc54c118..436d353e 100644 --- a/deployment/assets/credentials/k8s/consumer/membership-credential.json +++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzODQ4NzJ9.fmcOHOKLERAta_gMx98fPLvyxiFOYEnZIMGFgr9fiydNGbEGOPrcxuFoh7wqtS2HiKWhjm0zZqld4iAr-c2WBg", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4Mzpjb25zdW1lciIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoiZml6ei5idXp6QHdoYXRldmVyLmNvbSIsInNpbmNlIjoiMjAyMy0wMS0wMVQwMDowMDowMFoifX19LCJpYXQiOjE3MjEzODU0Nzd9.xJMVUqBGBu8idgFLWeRkPsCLRxihPC6ZEQT35lDB2U8O0NeU5VG2Ivd1fLlrsfZYC8kyE6IY1KnmCqvxQ-3ZDw", "format": "JWT", "credential": { "credentialSubject": [ diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json index da4e84e9..fdae4060 100644 --- a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json +++ b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "JSON_LD", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg0ODcyfQ.nmUHyL1zIjwzSnt_0uQddAT3ULkofNrUYZTSnVBH3uOPmBDO5RdUvfVXrczOPZMi6Psg288vge7J6glEae0fBA", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg1NDc3fQ.YrLF1TqSbkulxWA4PZr5YcLwdiKaZES7-AEdB1gIK2tO6S757Sz6Z7AMQopmW0mydWOE72utRwpFJhph9tdzCQ", "credential": { "credentialSubject": [ { @@ -23,7 +23,7 @@ "id": "http://org.yourdataspace.com/credentials/1265", "type": [ "VerifiableCredential", - "UseCaseFrameworkCondition" + "DataProcessorCredential" ], "issuer": { "id": "did:example:dataspace-issuer", diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json index 34b441c4..a696ca16 100644 --- a/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json +++ b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json @@ -18,6 +18,7 @@ "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { "id": "did:web:provider-identityhub%3A7083:provider", - "level": "processing" + "level": "processing", + "contractVersion": "1.0.0" } } \ No newline at end of file diff --git a/deployment/assets/credentials/k8s/provider/membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json index 1daa6819..3fa53f10 100644 --- a/deployment/assets/credentials/k8s/provider/membership-credential.json +++ b/deployment/assets/credentials/k8s/provider/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.lpiYgm4TA-3Zx-mGagXQ7HfCgCPlPuh5oX8rItwsG721mt2_xACmlUCBFs8W0_GRDyI5GTDl73jegpTI-LnICw", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3Nn0.f41m3GDzxy4KcnuBsOTPOP3sp7rm4xERn-HzfetJd5w1yYXH0V6RnRd63otYgZt-96V9xNSM3TbTbuHhFhtkBQ", "format": "JSON_LD", "credential": { "credentialSubject": [ diff --git a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json index cb6444d0..04883adb 100644 --- a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json +++ b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "JWT", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3MjEzODQ4NzJ9.rPSA0yvZuiGXnNqXqde-QAYBYXyJ1wDB2-1q2IAiigttX2LbE9paCEvJOXC_hf6Vi1nI-5gzvvIRAESKim2dBw", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsImNvbnRyYWN0VmVyc2lvbiI6Im12ZC1jcmVkZW50aWFsczpjb250cmFjdFZlcnNpb24iLCJsZXZlbCI6Im12ZC1jcmVkZW50aWFsczpsZXZlbCJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbSNEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIiwibGV2ZWwiOiJwcm9jZXNzaW5nIn19LCJpYXQiOjE3MjEzODU0Nzd9.vmumM-nRghKDASiwXZoRumnGAq_aRRw7UNO6PaIZZGu-Swl4GQzL5-4aXhEw0FrRMBRchmK9_FUcWenzbcBaDw", "credential": { "credentialSubject": [ { diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json index f67c17bc..a97b92c6 100644 --- a/deployment/assets/credentials/local/consumer/membership-credential.json +++ b/deployment/assets/credentials/local/consumer/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.Hle3iommEl5rgeFCY3i6GpvSa5JDEp6bDL9A7GhmJiG_KOa7rMw5EqlDTg3c3ZxFkIwSzQNElPkFcrPA7Sd-Dw", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjphbGljZS1pZGVudGl0eWh1YiUzQTcwODM6YWxpY2UiLCJzdWIiOiJkaWQ6d2ViOmFsaWNlLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInZjIjp7IkBjb250ZXh0IjpbImh0dHBzOi8vd3d3LnczLm9yZy8yMDE4L2NyZWRlbnRpYWxzL3YxIiwiaHR0cHM6Ly93M2lkLm9yZy9zZWN1cml0eS9zdWl0ZXMvandzLTIwMjAvdjEiLCJodHRwczovL3d3dy53My5vcmcvbnMvZGlkL3YxIix7Im12ZC1jcmVkZW50aWFscyI6Imh0dHBzOi8vdzNpZC5vcmcvbXZkL2NyZWRlbnRpYWxzLyIsIm1lbWJlcnNoaXAiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcCIsIm1lbWJlcnNoaXBUeXBlIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXBUeXBlIiwid2Vic2l0ZSI6Im12ZC1jcmVkZW50aWFsczp3ZWJzaXRlIiwiY29udGFjdCI6Im12ZC1jcmVkZW50aWFsczpjb250YWN0Iiwic2luY2UiOiJtdmQtY3JlZGVudGlhbHM6c2luY2UifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwODMiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3N30.hpaXIX61B0yAXVDbXkpjVXEJyShYCJa-A0HJNUvWcpn_dpDgHoS9ocSPHUEfS3eNnJWodsQ0AFDSnyndjOymCA", "format": "JWT", "credential": { "credentialSubject": [ diff --git a/deployment/assets/credentials/local/provider/dataprocessor-credential.json b/deployment/assets/credentials/local/provider/dataprocessor-credential.json index fd772b2f..f2bab6bd 100644 --- a/deployment/assets/credentials/local/provider/dataprocessor-credential.json +++ b/deployment/assets/credentials/local/provider/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "JWT", - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg0ODcyfQ.beXpdPKlqEpDIBl1DoVtA2PQDQcF_Pl9hHjC2Bbz7T5AOm-o77YevEahUugh831QqjFvOKoYR8Ct1M7PWPE_Dg", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsImh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20jRGF0YVByb2Nlc3NvckNyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOmV4YW1wbGU6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzIxMzg1NDc3fQ._i_hg7MgTYZOb_ZsDvQpZrKZQkiN7VDs8sHyBng7cSTAaQoGgCOt8br4yhMw38Qs1EYYHT87S4Fs_yTmp8niDw", "credential": { "credentialSubject": [ { @@ -23,7 +23,7 @@ "id": "http://org.yourdataspace.com/credentials/1265", "type": [ "VerifiableCredential", - "UseCaseFrameworkCondition" + "DataProcessorCredential" ], "issuer": { "id": "did:example:dataspace-issuer", diff --git a/deployment/assets/credentials/local/provider/membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json index 37c6470d..4f25dfad 100644 --- a/deployment/assets/credentials/local/provider/membership-credential.json +++ b/deployment/assets/credentials/local/provider/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NDg3Mn0.LhjWOy5yoxkwxvbDJnTKxmgLJjyJuNlaO970oqaQjXdomOtsvatzzO2_7Ir5JRynSHnEhtyr7tp95du_zriYCg", + "rawVc": "eyJraWQiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyI2tleS0xIiwidHlwIjoiSldUIiwiYWxnIjoiRWREU0EifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTpkYXRhc3BhY2UtaXNzdWVyIiwiYXVkIjoiZGlkOndlYjpib2ItaWRlbnRpdHlodWIlM0E3MDgzOmJvYiIsInN1YiI6ImRpZDp3ZWI6Ym9iLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tI01lbWJlcnNoaXBDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDpleGFtcGxlOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTcyMTM4NTQ3N30.2-ZplCofXyq-Uj9rVmY1tt9rLcXxIw6HVByq-v338mx7qiQSQqt1cv_0RNZ5doMQqR5n1L2MycA5EQtRZGlqCg", "format": "JWT", "credential": { "credentialSubject": [ diff --git a/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json index 2a07e091..8095b0bc 100644 --- a/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json +++ b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json @@ -18,7 +18,7 @@ "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { "id": "did:web:localhost%3A7093", - "contractVersion": "1.0.0", - "level": "processing" + "level": "processing", + "contractVersion": "1.0.0" } } \ No newline at end of file diff --git a/deployment/postman/MVD K8S.postman_environment.json b/deployment/postman/MVD K8S.postman_environment.json new file mode 100644 index 00000000..040e1f4a --- /dev/null +++ b/deployment/postman/MVD K8S.postman_environment.json @@ -0,0 +1,51 @@ +{ + "id": "9432baf7-0849-46e4-a1a7-dece247a41be", + "name": "MVD K8S", + "values": [ + { + "key": "HOST", + "value": "http://localhost/consumer/cp", + "type": "default", + "enabled": true + }, + { + "key": "CS_URL", + "value": "http://localhost/consumer/cs/", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_ID", + "value": "did:web:provider-identityhub%3A7083:provider", + "type": "default", + "enabled": true + }, + { + "key": "CATALOG_SERVER_DSP_URL", + "value": "http://provider-catalog-server-controlplane:8082", + "type": "default", + "enabled": true + }, + { + "key": "CONSUMER_CATALOG_QUERY_URL", + "value": "http://localhost/consumer/fc", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_DSP_URL", + "value": "http://provider-qna-controlplane:8082", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_PUBLIC_API", + "value": "http://localhost/provider-qna/public", + "type": "default", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2024-07-19T12:19:41.675Z", + "_postman_exported_using": "Postman/11.4.0" +} \ No newline at end of file diff --git a/deployment/postman/MVD Local Development.postman_environment.json b/deployment/postman/MVD Local Development.postman_environment.json new file mode 100644 index 00000000..8f8a436a --- /dev/null +++ b/deployment/postman/MVD Local Development.postman_environment.json @@ -0,0 +1,51 @@ +{ + "id": "35c096d9-84c2-499f-8ed0-8bcf3275370b", + "name": "MVD Local Development", + "values": [ + { + "key": "HOST", + "value": "http://localhost:8081", + "type": "default", + "enabled": true + }, + { + "key": "CS_URL", + "value": "http://localhost:7082", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_ID", + "value": "did:web:localhost%3A7093", + "type": "default", + "enabled": true + }, + { + "key": "CATALOG_SERVER_DSP_URL", + "value": "http://localhost:8092", + "type": "default", + "enabled": true + }, + { + "key": "CONSUMER_CATALOG_QUERY_URL", + "value": "http://localhost:8084", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_DSP_URL", + "value": "http://localhost:8192", + "type": "default", + "enabled": true + }, + { + "key": "PROVIDER_PUBLIC_API", + "value": "http://localhost:12001", + "type": "default", + "enabled": true + } + ], + "_postman_variable_scope": "environment", + "_postman_exported_at": "2024-07-19T12:19:50.250Z", + "_postman_exported_using": "Postman/11.4.0" +} \ No newline at end of file diff --git a/deployment/postman/MVD.postman_collection.json b/deployment/postman/MVD.postman_collection.json index 01bf99bb..fa29ce5f 100644 --- a/deployment/postman/MVD.postman_collection.json +++ b/deployment/postman/MVD.postman_collection.json @@ -91,7 +91,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-membership\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:permission\": [\n {\n \"odrl:action\": \"use\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"MembershipCredential\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"active\"\n }\n }\n ]\n }\n}" + "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-membership\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:permission\": [\n {\n \"odrl:action\": \"USE\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"MembershipCredential\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"active\"\n }\n }\n ]\n }\n}" }, "url": { "raw": "{{HOST}}/api/management/v3/policydefinitions", @@ -124,7 +124,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-dataprocessor\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:obligation\": [\n {\n \"odrl:action\": \"use\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"DataAccess.level\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"processing\"\n }\n }\n ]\n }\n}" + "raw": "{\n \"@context\": {\n \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n },\n \"@type\": \"PolicyDefinitionRequestDto\",\n \"@id\": \"require-dataprocessor\",\n \"policy\": {\n \"@type\": \"http://www.w3.org/ns/odrl/2/Set\",\n \"odrl:obligation\": [\n {\n \"odrl:action\": \"USE\",\n \"odrl:constraint\": {\n \"@type\": \"LogicalConstraint\",\n \"odrl:leftOperand\": \"DataAccess.level\",\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"processing\"\n }\n }\n ]\n }\n}" }, "url": { "raw": "{{HOST}}/api/management/v3/policydefinitions", @@ -570,7 +570,7 @@ ], "body": { "mode": "raw", - "raw": "{\n \"@context\": {\n \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n },\n \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n \"counterPartyId\": \"{{PROVIDER_ID}}\",\n \"protocol\": \"dataspace-protocol-http\",\n \"policy\": {\n \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:MjcyMzMyZjgtZWM2ZS00MTQ0LWIyYjgtM2ExMzIzMDFjZmQ1\",\n \"assigner\": \"{{PROVIDER_ID}}\",\n \"permission\": [],\n \"prohibition\": [],\n \"odrl:obligation\": {\n \"odrl:action\": {\n \"@id\": \"use\"\n },\n \"odrl:constraint\": {\n \"odrl:leftOperand\": {\n \"@id\": \"DataAccess.level\"\n },\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"processing\"\n }\n },\n \"target\": \"asset-1\"\n },\n \"callbackAddresses\": []\n}", + "raw": "{\n \"@context\": {\n \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n },\n \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n \"counterPartyAddress\": \"{{PROVIDER_DSP_URL}}/api/dsp\",\n \"counterPartyId\": \"{{PROVIDER_ID}}\",\n \"protocol\": \"dataspace-protocol-http\",\n \"policy\": {\n \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n \"@type\": \"http://www.w3.org/ns/odrl/2/Offer\",\n \"@id\": \"bWVtYmVyLWFuZC1kYXRhcHJvY2Vzc29yLWRlZg==:YXNzZXQtMQ==:NDFiMWQzZDUtOTA0OS00ZGRmLTk5MDEtNTYxOTVhYmQzNjNj\",\n \"assigner\": \"{{PROVIDER_ID}}\",\n \"permission\": [],\n \"prohibition\": [],\n \"odrl:obligation\": {\n \"odrl:action\": {\n \"@id\": \"USE\"\n },\n \"odrl:constraint\": {\n \"odrl:leftOperand\": {\n \"@id\": \"DataAccess.level\"\n },\n \"odrl:operator\": {\n \"@id\": \"odrl:eq\"\n },\n \"odrl:rightOperand\": \"processing\"\n }\n },\n \"target\": \"asset-1\"\n },\n \"callbackAddresses\": []\n}", "options": { "raw": { "language": "json" diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java new file mode 100644 index 00000000..f1564868 --- /dev/null +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AbstractCredentialEvaluationFunction.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2024 Metaform Systems, Inc. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Metaform Systems, Inc. - initial API and implementation + * + */ + +package org.eclipse.edc.demo.dcp.policy; + +import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential; +import org.eclipse.edc.spi.agent.ParticipantAgent; +import org.eclipse.edc.spi.result.Result; + +import java.util.List; + +public class AbstractCredentialEvaluationFunction { + private static final String VC_CLAIM = "vc"; + protected static final String MVD_NAMESPACE = "https://w3id.org/mvd/credentials/"; + + protected Result> getCredentialList(ParticipantAgent agent) { + var vcListClaim = agent.getClaims().get(VC_CLAIM); + + if (vcListClaim == null) { + return Result.failure("ParticipantAgent did not contain a '%s' claim.".formatted(VC_CLAIM)); + } + if (!(vcListClaim instanceof List)) { + return Result.failure("ParticipantAgent contains a '%s' claim, but the type is incorrect. Expected %s, received %s.".formatted(VC_CLAIM, List.class.getName(), vcListClaim.getClass().getName())); + } + var vcList = (List) vcListClaim; + if (vcList.isEmpty()) { + return Result.failure("ParticipantAgent contains a '%s' claim but it did not contain any VerifiableCredentials.".formatted(VC_CLAIM)); + } + return Result.success(vcList); + } +} diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java index b4ab48b1..86cbf899 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/DataAccessLevelFunction.java @@ -23,13 +23,9 @@ import java.util.Map; import java.util.Objects; -public class DataAccessLevelFunction implements AtomicConstraintFunction { +public class DataAccessLevelFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction { - private final String level; - - public DataAccessLevelFunction(String level) { - this.level = level; - } + private static final String DATAPROCESSOR_CRED_TYPE = "DataProcessorCredential"; @Override public boolean evaluate(Operator operator, Object rightOperand, Duty duty, PolicyContext policyContext) { @@ -37,22 +33,30 @@ public boolean evaluate(Operator operator, Object rightOperand, Duty duty, Polic policyContext.reportProblem("Cannot evaluate operator %s, only %s is supported".formatted(operator, Operator.EQ)); return false; } - if (!"level".equalsIgnoreCase(rightOperand.toString())) { - policyContext.reportProblem("Data access credentials only support right operand 'level', but found '%s'".formatted(operator.toString())); - return false; - } var pa = policyContext.getContextData(ParticipantAgent.class); if (pa == null) { policyContext.reportProblem("ParticipantAgent not found on PolicyContext"); return false; } - var claims = pa.getClaims(); + var credentialResult = getCredentialList(pa); + if (credentialResult.failed()) { + policyContext.reportProblem(credentialResult.getFailureDetail()); + return false; + } + + return credentialResult.getContent() + .stream() + .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(DATAPROCESSOR_CRED_TYPE))) + .flatMap(credential -> credential.getCredentialSubject().stream()) + .anyMatch(credentialSubject -> { + var version = credentialSubject.getClaim(MVD_NAMESPACE, "contractVersion"); + var level = credentialSubject.getClaim(MVD_NAMESPACE, "level"); - String version = getClaim("contractVersion", claims); - String level = getClaim("level", claims); + return version != null && Objects.equals(level, rightOperand); + }); - return version != null && Objects.equals(level, rightOperand); + } public String key() { diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java index f27a7ea4..5b8142a1 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/MembershipCredentialEvaluationFunction.java @@ -14,22 +14,25 @@ package org.eclipse.edc.demo.dcp.policy; +import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential; import org.eclipse.edc.jsonld.spi.JsonLdKeywords; import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; import org.eclipse.edc.policy.engine.spi.PolicyContext; import org.eclipse.edc.policy.model.Operator; import org.eclipse.edc.policy.model.Permission; import org.eclipse.edc.spi.agent.ParticipantAgent; +import org.eclipse.edc.spi.result.Result; import java.time.Instant; import java.util.List; import java.util.Map; -public class MembershipCredentialEvaluationFunction implements AtomicConstraintFunction { +public class MembershipCredentialEvaluationFunction extends AbstractCredentialEvaluationFunction implements AtomicConstraintFunction { public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential"; - private static final String MEMBERSHIP_CLAIM = "https://w3id.org/mvd/credentials/membership"; - private static final String MEMBERSHIP_SINCE_CLAIM = "https://w3id.org/mvd/credentials/since"; + private static final String MEMBERSHIP_CLAIM = "membership"; + private static final String SINCE_CLAIM = "since"; + private static final String ACTIVE = "active"; @SuppressWarnings("unchecked") @Override @@ -38,24 +41,30 @@ public boolean evaluate(Operator operator, Object rightOperand, Permission permi policyContext.reportProblem("Invalid operator '%s', only accepts '%s'".formatted(operator, Operator.EQ)); return false; } + if (!ACTIVE.equals(rightOperand)) { + policyContext.reportProblem("Right-operand must be equal to '%s', but was '%s'".formatted(ACTIVE, rightOperand)); + return false; + } + var pa = policyContext.getContextData(ParticipantAgent.class); if (pa == null) { policyContext.reportProblem("No ParticipantAgent found on context."); return false; } - var claims = pa.getClaims(); - Map> membership = (Map>) claims.get(MEMBERSHIP_CLAIM); - if ("active".equalsIgnoreCase(rightOperand.toString())) { - String since = getArrayValue(membership.get(MEMBERSHIP_SINCE_CLAIM)); - var membershipStartDate = Instant.parse(since); - - return membershipStartDate.isBefore(Instant.now()); + var credentialResult = getCredentialList(pa); + if (credentialResult.failed()) { + policyContext.reportProblem(credentialResult.getFailureDetail()); + return false; } - return false; - } - private T getArrayValue(List entry) { - return (T) ((Map) entry.get(0)).get(JsonLdKeywords.VALUE); + return credentialResult.getContent() + .stream() + .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(MEMBERSHIP_CONSTRAINT_KEY))) + .flatMap(vc -> vc.getCredentialSubject().stream().filter(cs -> cs.getClaims().containsKey(MEMBERSHIP_CLAIM))) + .anyMatch(credential -> { + var membershipClaim = (Map) credential.getClaim(MVD_NAMESPACE, MEMBERSHIP_CLAIM); + var membershipStartDate = Instant.parse(membershipClaim.get(SINCE_CLAIM).toString()); + return membershipStartDate.isBefore(Instant.now()); + }); } - } diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java index 6de506c3..e9f3e0d2 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java @@ -43,26 +43,22 @@ public class PolicyEvaluationExtension implements ServiceExtension { @Override public void initialize(ServiceExtensionContext context) { var fct = new MembershipCredentialEvaluationFunction(); - this.bindPermissionFunction(fct, TRANSFER_PROCESS_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - this.bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - this.bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); - registerDataAccessLevelFunction("processing"); - registerDataAccessLevelFunction("sensitive"); + bindPermissionFunction(fct, TRANSFER_PROCESS_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + bindPermissionFunction(fct, NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + bindPermissionFunction(fct, CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); + + registerDataAccessLevelFunction(); } - private void registerDataAccessLevelFunction(String accessLevel) { - var function = new DataAccessLevelFunction(accessLevel); + private void registerDataAccessLevelFunction() { + var function = new DataAccessLevelFunction(); var accessLevelKey = function.key(); bindDutyFunction(function, TRANSFER_PROCESS_SCOPE, accessLevelKey); bindDutyFunction(function, NEGOTIATION_SCOPE, accessLevelKey); bindDutyFunction(function, CATALOG_SCOPE, accessLevelKey); - - bindDutyFunction(function, TRANSFER_PROCESS_REQUEST_SCOPE, accessLevelKey); - bindDutyFunction(function, NEGOTIATION_REQUEST_SCOPE, accessLevelKey); - bindDutyFunction(function, CATALOG_REQUEST_SCOPE, accessLevelKey); } private void bindPermissionFunction(AtomicConstraintFunction function, String scope, String constraintType) { diff --git a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java index 9caa308a..43ff9edf 100644 --- a/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java +++ b/tests/end2end/src/test/java/org/eclipse/edc/demo/tests/transfer/TransferEndToEndTest.java @@ -62,6 +62,8 @@ public class TransferEndToEndTest { // public API endpoint of the provider-qna connector, goes through the ingress controller private static final String PROVIDER_PUBLIC_URL = "http://127.0.0.1/provider-qna/public"; private static final String PROVIDER_MANAGEMENT_URL = "http://127.0.0.1/provider-qna/cp"; + + private static final Duration TEST_TIMEOUT_DURATION = Duration.ofSeconds(120); private static final Duration TEST_POLL_DELAY = Duration.ofSeconds(2); @@ -96,7 +98,7 @@ public String fromIri(String s) { } @Test - void transferData() { + void transferData_hasPermission_shouldTransferData() { System.out.println("Waiting for Provider dataplane to come online"); // wait until provider's dataplane is available await().atMost(TEST_TIMEOUT_DURATION) @@ -247,4 +249,91 @@ void transferData() { assertThat(response).isNotEmpty(); } + + @Test + void transferData_doesNotHavePermission_shouldTerminate() { + System.out.println("Waiting for Provider dataplane to come online"); + // wait until provider's dataplane is available + await().atMost(TEST_TIMEOUT_DURATION) + .pollDelay(TEST_POLL_DELAY) + .untilAsserted(() -> { + var jp = baseRequest() + .get(PROVIDER_MANAGEMENT_URL + "/api/management/v3/dataplanes") + .then() + .statusCode(200) + .log().ifValidationFails() + .extract().body().jsonPath(); + + var state = jp.getString("state"); + assertThat(state).isEqualTo("[AVAILABLE]"); + }); + + System.out.println("Provider dataplane is online, fetching catalog"); + + var emptyQueryBody = Json.createObjectBuilder() + .add("@context", Json.createObjectBuilder().add("edc", "https://w3id.org/edc/v0.0.1/ns/")) + .add("@type", "QuerySpec") + .build(); + var offerId = new AtomicReference(); + // get catalog, extract offer ID + await().atMost(TEST_TIMEOUT_DURATION) + .pollDelay(TEST_POLL_DELAY) + .untilAsserted(() -> { + var jo = baseRequest() + .body(emptyQueryBody) + .post(CONSUMER_CATALOG_URL + "/api/catalog/v1alpha/catalog/query") + .then() + .log().ifError() + .statusCode(200) + .extract().body().as(JsonArray.class); + + var offerIdsFiltered = jo.stream().map(jv -> { + + var expanded = jsonLd.expand(jv.asJsonObject()).orElseThrow(f -> new AssertionError(f.getFailureDetail())); + var cat = transformerRegistry.transform(expanded, Catalog.class).orElseThrow(f -> new AssertionError(f.getFailureDetail())); + return cat.getDatasets().stream().filter(ds -> ds instanceof Catalog) // filter for CatalogAssets + .map(ds -> (Catalog) ds) + .filter(sc -> sc.getDataServices().stream().anyMatch(dataService -> dataService.getEndpointUrl().contains("provider-qna"))) // filter for assets from the Q&A Provider + .flatMap(c -> c.getDatasets().stream()) + .filter(dataset -> dataset.getId().equals("asset-2")) // we should not be allowed to negotiation for this asset! + .map(Dataset::getOffers) + .map(offers -> offers.keySet().iterator().next()) + .findFirst() + .orElse(null); + }).toList(); + assertThat(offerIdsFiltered).hasSize(1); + var oid = offerIdsFiltered.get(0); + assertThat(oid).isNotNull(); + offerId.set(oid); + }); + + System.out.println("Initiate contract negotiation"); + + // initiate negotiation + var negotiationRequest = TestUtils.getResourceFileContentAsString("negotiation-request.json") + .replace("{{PROVIDER_ID}}", PROVIDER_ID) + .replace("{{PROVIDER_DSP_URL}}", PROVIDER_DSP_URL) + .replace("{{OFFER_ID}}", offerId.get()); + var negotiationId = baseRequest() + .body(negotiationRequest) + .post(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations") + .then() + .log().ifError() + .statusCode(200) + .extract().body().jsonPath().getString("@id"); + assertThat(negotiationId).isNotNull(); + + //wait until negotiation is TERMINATED + await().atMost(TEST_TIMEOUT_DURATION) + .pollDelay(TEST_POLL_DELAY) + .untilAsserted(() -> { + var jp = baseRequest() + .get(CONSUMER_MANAGEMENT_URL + "/api/management/v3/contractnegotiations/" + negotiationId) + .then() + .statusCode(200) + .extract().body().jsonPath(); + var state = jp.getString("state"); + assertThat(state).isEqualTo("TERMINATED"); + }); + } } diff --git a/tests/end2end/src/test/resources/negotiation-request.json b/tests/end2end/src/test/resources/negotiation-request.json index 97218afc..b8a4c6c1 100644 --- a/tests/end2end/src/test/resources/negotiation-request.json +++ b/tests/end2end/src/test/resources/negotiation-request.json @@ -15,16 +15,16 @@ "prohibition": [], "odrl:obligation": { "odrl:action": { - "@id": "use" + "@id": "USE" }, "odrl:constraint": { "odrl:leftOperand": { - "@id": "FrameworkCredential.pcf" + "@id": "DataAccess.level" }, "odrl:operator": { "@id": "odrl:eq" }, - "odrl:rightOperand": "active" + "odrl:rightOperand": "processing" } }, "target": "asset-1"