chore: Bump EDC upstream to 0.11.0 (#145)

---------

Signed-off-by: Lars Geyer-Blaumeiser <[email protected]>
Co-authored-by: ndr_brt <[email protected]>

api/authentication/src/main/java/org/eclipse/tractusx/bdrs/api/directory/authentication/CredentialBasedAuthenticationExtension.java

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft
+ * Copyright (c) 2025 Cofinity-X GmbH
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -19,21 +20,18 @@
 
 package org.eclipse.tractusx.bdrs.api.directory.authentication;
 
-import dev.failsafe.RetryPolicy;
-import okhttp3.OkHttpClient;
 import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter;
 import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry;
-import org.eclipse.edc.http.client.EdcHttpClientImpl;
-import org.eclipse.edc.http.spi.EdcHttpClient;
 import org.eclipse.edc.iam.did.spi.resolution.DidPublicKeyResolver;
 import org.eclipse.edc.iam.identitytrust.service.verification.MultiFormatPresentationVerifier;
-import org.eclipse.edc.iam.identitytrust.transform.to.JwtToVerifiableCredentialTransformer;
-import org.eclipse.edc.iam.identitytrust.transform.to.JwtToVerifiablePresentationTransformer;
-import org.eclipse.edc.iam.verifiablecredentials.StatusList2021RevocationService;
+import org.eclipse.edc.iam.identitytrust.spi.SecureTokenService;
 import org.eclipse.edc.iam.verifiablecredentials.VerifiableCredentialValidationServiceImpl;
+import org.eclipse.edc.iam.verifiablecredentials.revocation.bitstring.BitstringStatusListRevocationService;
+import org.eclipse.edc.iam.verifiablecredentials.revocation.statuslist2021.StatusList2021RevocationService;
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.RevocationServiceRegistry;
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.revocation.bitstringstatuslist.BitstringStatusListStatus;
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.revocation.statuslist2021.StatusList2021Status;
 import org.eclipse.edc.iam.verifiablecredentials.spi.validation.TrustedIssuerRegistry;
-import org.eclipse.edc.jsonld.JsonLdConfiguration;
-import org.eclipse.edc.jsonld.TitaniumJsonLd;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Provider;
@@ -43,7 +41,6 @@
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.edc.token.spi.TokenValidationRulesRegistry;
 import org.eclipse.edc.token.spi.TokenValidationService;
-import org.eclipse.edc.transform.TypeTransformerRegistryImpl;
 import org.eclipse.edc.transform.spi.TypeTransformerRegistry;
 import org.eclipse.edc.verifiablecredentials.jwt.JwtPresentationVerifier;
 import org.eclipse.edc.web.spi.WebService;
@@ -58,12 +55,15 @@
  */
 @Extension(NAME)
 public class CredentialBasedAuthenticationExtension implements ServiceExtension {
-    public static final long DEFAULT_REVOCATION_CACHE_VALIDITY_MILLIS = 15 * 60 * 1000L;
-    @Setting(value = "Validity period of cached StatusList2021 credential entries in milliseconds.", defaultValue = DEFAULT_REVOCATION_CACHE_VALIDITY_MILLIS + "", type = "long")
-    public static final String REVOCATION_CACHE_VALIDITY = "edc.iam.credential.revocation.cache.validity";
+
     public static final String NAME = "Directory API Authentication Extension";
-    public static final String MONITOR_PREFIX = "Presentation Transformation";
+
+    private static final long DEFAULT_REVOCATION_CACHE_VALIDITY_MILLIS = 15 * 60 * 1000L;
     private static final String DIRECTORY_CONTEXT = "directory";
+
+    @Setting(value = "Validity period of cached StatusList2021 credential entries in milliseconds.", defaultValue = DEFAULT_REVOCATION_CACHE_VALIDITY_MILLIS + "", type = "long")
+    public static final String REVOCATION_CACHE_VALIDITY = "edc.iam.credential.revocation.cache.validity";
+
     @Inject
     private WebService webService;
     @Inject
@@ -76,12 +76,14 @@ public class CredentialBasedAuthenticationExtension implements ServiceExtension
     private DidPublicKeyResolver didPublicKeyResolver;
     @Inject
     private Clock clock;
-
     @Inject
     private ApiAuthenticationRegistry registry;
-
+    @Inject
+    private RevocationServiceRegistry revocationServiceRegistry;
+    @Inject
     private TrustedIssuerRegistry trustedIssuerRegistry;
-    private TypeTransformerRegistryImpl typeTransformerRegistry;
+    @Inject
+    private TypeTransformerRegistry typeTransformerRegistry;
 
     @Override
     public String name() {
@@ -96,36 +98,18 @@ public void initialize(ServiceExtensionContext context) {
         var presentationVerifier = new MultiFormatPresentationVerifier(null, jwtVerifier);
 
         var validity = context.getConfig().getLong(REVOCATION_CACHE_VALIDITY, DEFAULT_REVOCATION_CACHE_VALIDITY_MILLIS);
-        var statuslistService = new StatusList2021RevocationService(typeManager.getMapper(), validity);
-        var validationService = new VerifiableCredentialValidationServiceImpl(presentationVerifier, createTrustedIssuerRegistry(), statuslistService, clock);
+        revocationServiceRegistry.addService(StatusList2021Status.TYPE, new StatusList2021RevocationService(typeManager.getMapper(), validity));
+        revocationServiceRegistry.addService(BitstringStatusListStatus.TYPE, new BitstringStatusListRevocationService(typeManager.getMapper(), validity));
+        var validationService = new VerifiableCredentialValidationServiceImpl(presentationVerifier, trustedIssuerRegistry, revocationServiceRegistry, clock);
 
-        var authService = new CredentialBasedAuthenticationService(context.getMonitor(), typeManager.getMapper(), validationService, typeTransformerRegistry(context));
+        var authService = new CredentialBasedAuthenticationService(context.getMonitor(), typeManager.getMapper(), validationService, typeTransformerRegistry);
         registry.register(DIRECTORY_CONTEXT, authService);
         webService.registerResource(DIRECTORY_CONTEXT, new AuthenticationRequestFilter(registry, DIRECTORY_CONTEXT));
     }
 
-    // must provide this, so the TrustedIssuerRegistryConfigurationExtension can inject it
     @Provider
-    public TrustedIssuerRegistry createTrustedIssuerRegistry() {
-        if (trustedIssuerRegistry == null) {
-            trustedIssuerRegistry = new TrustedIssuerRegistryImpl();
-        }
-        return trustedIssuerRegistry;
+    public SecureTokenService secureTokenService() {
+        return (map, s) -> null; // not really needed but requested by the runtime because of some tangles into trusted-issuer-core
     }
 
-    @Provider
-    public TypeTransformerRegistry typeTransformerRegistry(ServiceExtensionContext context) {
-        if (typeTransformerRegistry == null) {
-            typeTransformerRegistry = new TypeTransformerRegistryImpl();
-            var monitor = context.getMonitor().withPrefix(MONITOR_PREFIX);
-            typeTransformerRegistry.register(new JwtToVerifiablePresentationTransformer(monitor, typeManager.getMapper(JSON_LD), new TitaniumJsonLd(monitor, JsonLdConfiguration.Builder.newInstance().build())));
-            typeTransformerRegistry.register(new JwtToVerifiableCredentialTransformer(monitor));
-        }
-        return typeTransformerRegistry;
-    }
-
-    @Provider
-    public EdcHttpClient httpClient(ServiceExtensionContext context) {
-        return new EdcHttpClientImpl(new OkHttpClient(), RetryPolicy.ofDefaults(), context.getMonitor().withPrefix(MONITOR_PREFIX));
-    }
-}
+}

api/authentication/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension

@@ -17,4 +17,3 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 org.eclipse.tractusx.bdrs.api.directory.authentication.CredentialBasedAuthenticationExtension
-org.eclipse.tractusx.bdrs.api.directory.authentication.KeyParserRegistryExtension

api/directory-api/src/main/java/org/eclipse/tractusx/bdrs/api/directory/DirectoryApiExtension.java

@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft
+ * Copyright (c) 2025 Cofinity-X GmbH
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.
@@ -25,6 +26,8 @@
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 import org.eclipse.edc.web.spi.WebService;
+import org.eclipse.edc.web.spi.configuration.PortMapping;
+import org.eclipse.edc.web.spi.configuration.PortMappingRegistry;
 import org.eclipse.tractusx.bdrs.spi.store.DidEntryStore;
 
 import static org.eclipse.tractusx.bdrs.api.directory.DirectoryApiExtension.NAME;
@@ -37,23 +40,31 @@ public class DirectoryApiExtension implements ServiceExtension {
     public static final String NAME = "BPN Directory API";
 
     @Setting(value = "Port for the Directory API", required = true)
-    public static final String MGMT_API_PORT = "web.http.directory.port";
-    @Setting(value = "Path for the Management API", required = true)
-    public static final String MGMT_API_PATH = "web.http.directory.path";
+    public static final String DIRECTORY_API_PORT = "web.http.directory.port";
+    @Setting(value = "Path for the Directory API", required = true)
+    public static final String DIRECTORY_API_PATH = "web.http.directory.path";
     static final String CONTEXT_NAME = "directory";
     @Inject
     private DidEntryStore store;
 
     @Inject
     private WebService webService;
 
+    @Inject
+    private PortMappingRegistry portMappingRegistry;
+
     @Override
     public String name() {
         return NAME;
     }
 
     @Override
     public void initialize(ServiceExtensionContext context) {
+        var port = context.getSetting(DIRECTORY_API_PORT, 8082);
+        var path = context.getSetting(DIRECTORY_API_PATH, "/directory");
+        var portMapping = new PortMapping(CONTEXT_NAME, port, path);
+        portMappingRegistry.register(portMapping);
+
         webService.registerResource(CONTEXT_NAME, new DirectoryApiController(store));
     }
 

api/management-api/src/main/java/org/eclipse/tractusx/bdrs/api/management/ManagementApiExtension.java

@@ -21,21 +21,21 @@
 
 import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter;
 import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry;
-import org.eclipse.edc.runtime.metamodel.annotation.BaseExtension;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Setting;
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 import org.eclipse.edc.web.spi.WebService;
+import org.eclipse.edc.web.spi.configuration.PortMapping;
+import org.eclipse.edc.web.spi.configuration.PortMappingRegistry;
 import org.eclipse.tractusx.bdrs.spi.store.DidEntryStore;
 
 import static org.eclipse.tractusx.bdrs.api.management.ManagementApiExtension.NAME;
 
 /**
  * Loads resources for the BPN Directory Management API.
  */
-@BaseExtension
 @Extension(NAME)
 public class ManagementApiExtension implements ServiceExtension {
     public static final String NAME = "Management API";
@@ -53,13 +53,21 @@ public class ManagementApiExtension implements ServiceExtension {
     @Inject
     private ApiAuthenticationRegistry registry;
 
+    @Inject
+    private PortMappingRegistry portMappingRegistry;
+
     @Override
     public String name() {
         return NAME;
     }
 
     @Override
     public void initialize(ServiceExtensionContext context) {
+        var port = context.getSetting(MGMT_API_PORT, 8081);
+        var path = context.getSetting(MGMT_API_PATH, "/management");
+        var portMapping = new PortMapping(CONTEXT_NAME, port, path);
+        portMappingRegistry.register(portMapping);
+
         webService.registerResource(CONTEXT_NAME, new ManagementApiController(store));
         webService.registerResource(CONTEXT_NAME, new AuthenticationRequestFilter(registry, "management-api"));
     }

build.gradle.kts

@@ -41,7 +41,7 @@ allprojects {
 
     // configure which version of the annotation processor to use. defaults to the same version as the plugin
     configure<org.eclipse.edc.plugins.autodoc.AutodocExtension> {
-        outputDirectory.set(project.buildDir)
+        outputDirectory.set(project.layout.buildDirectory.asFile)
         processorVersion.set(annotationProcessorVersion)
     }
 

charts/bdrs-server-memory/templates/deployment.yaml

@@ -160,6 +160,9 @@ spec:
             - name: "WEB_HTTP_DIRECTORY_PATH"
               value: {{ .Values.server.endpoints.directory.path | quote }}
 
+            - name: "EDC_IAM_ISSUER_ID"
+              value: "required but not really needed"
+
             #############################
             ## TRUSTED ISSUER CONFIG
             #############################

charts/bdrs-server/templates/deployment.yaml

@@ -191,6 +191,8 @@ spec:
             - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
               value: {{ .Values.vault.hashicorp.paths.health | quote }}
 
+            - name: "EDC_IAM_ISSUER_ID"
+              value: "required but not really needed"
 
             #############################
             ## TRUSTED ISSUER CONFIG