eclipse-tractusx / bpn-did-resolution-service Goto Github PK

Tractus-X Resolver Service for BPN <> DID resolution

License: Apache License 2.0

Java 94.75% Dockerfile 1.76% Smarty 3.49%

bpn-did-resolution-service's Introduction

BPN-DID Resolution Service

The BPN-DID Resolution Service (BDRS) provides a directory of Business Partner Numbers (BPN) and their associated DIDs. The directory is used by dataspace participant agents to resolve a DID for a BPN.

The directory is requested via a RESTFul HTTPS API and is designed to be cached locally for resolution operations. When requesting the directory, the client must include a JWT with a presentation containing its MembershipCrediential for authentication.

Implementation

The BDRS is a collection of extensions to the EDC core runtime.

Variants

There are two general variants of BDRS:

Production: named "bdrs-server", this distribution utilizes Postgres and Hashicorp Vault for data and secret retention. Please take a look at the helm chart README
Testing: named "bdrs-server-memory", this distribution uses all in-memory components to lower the barrier of entry and the need for configuration when testing against BDRS

Interacting with BDRS

BDRS comes with two APIs:

Management API: used to maintain directory listing entries. Should not be exposed without additional protection to the internet.
Directory API: clients can obtain the BPN-DID resolution mapping directory as a whole. Clients should implement a reasonable strategy to cache the directory locally. Note that a valid VerifiablePresentation in JWT format, containing a valid MembershipCredential (also JWT format) must be provided as Bearer token in the Authorization header!

Run official Helm charts

checkout the Chart README

Build and run BDRS from source

Build sources (-x test skips the tests):
```
./gradlew build -x test
```

Run with java:

java -jar <VM-PARAMS> runtimes/bdrs-server/build/libs/bdrs-server.jar
java -jar <VM-PARAMS> runtimes/bdrs-server/build/libs/bdrs-server-memory.jar

Note that configuration parameters have to be supplied as VM parameters or environment variables.

Run with Helm (recommended, assuming KinD):

./gradlew dockerize
kind load docker-image bdrs-server:latest
kind load docker-image bdrs-server-memory:latest

helm install bdrs-server charts/bdrs-server \
  --set server.debug.enabled="true" \
  --set server.image.pullPolicy="Never" \
  --set server.image.tag="latest" \
  --set server.image.repository="bdrs-server" \
  -f path/to/your/values.yaml \
  --wait-for-jobs --timeout=120s --dependency-update

Further documentation

please refer to the docs folder for further documentation.

License

Distributed under the Apache 2.0 License. See LICENSE for more information.

bpn-did-resolution-service's People

Contributors

Stargazers

Watchers

Forkers

jimmarino paullatzelsperger wolf4ood szymonkowalczykzf cofinity-x smartsensesolutions lgblaumeiser

bpn-did-resolution-service's Issues

Please add the default information to this new repo

Hi @paullatzelsperger

could you please add a little default description to this new repository.

updates eclipse-tractusx/.eclipsefdn#62

Like for example described in our TRG´s e.g. https://eclipse-tractusx.github.io/docs/release/trg-1/trg-1-1

Thanks in advance.

Directory API fails for JWT VP with LDP VC

Describe the bug

When sending a request to the Directory API using a JWT VP with an LDP VC it throws an error in the BDRS.

To Reproduce

Configure and start up the BDRS via its docker image (0.5.2) together with Postgres and Hashicorp Vault.

Then send a request to http://localhost:8082/api/directory/bpn-directory with a JWT VP with an LDP VC as Bearer Token.
For example use

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRpZDpleGFtcGxlOjB4YWJjI2tleTEifQ.eyJpc3MiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJqdGkiOiJ1cm46dXVpZDozOTc4MzQ0Zi04NTk2LTRjM2EtYTk3OC04ZmNhYmEzOTAzYzUiLCJhdWQiOiJkaWQ6ZXhhbXBsZTo0YTU3NTQ2OTczNDM2ZjZmNmM0YTRhNTc1NzMiLCJuYmYiOjE1NDE0OTM3MjQsImlhdCI6MTU0MTQ5MzcyNCwiZXhwIjoxNTczMDI5NzIzLCJub25jZSI6IjM0M3MkRlNGRGEtIiwidnAiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy9leGFtcGxlcy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVQcmVzZW50YXRpb24iLCJDcmVkZW50aWFsTWFuYWdlclByZXNlbnRhdGlvbiJdLCJ2ZXJpZmlhYmxlQ3JlZGVudGlhbCI6W3siQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy9leGFtcGxlcy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2VkMjU1MTktMjAyMC92MSJdLCJpZCI6Imh0dHA6Ly9leGFtcGxlLmVkdS9jcmVkZW50aWFscy8zNzMyIiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIlVuaXZlcnNpdHlEZWdyZWVDcmVkZW50aWFsIl0sImlzc3VlciI6Imh0dHBzOi8vZXhhbXBsZS5lZHUvaXNzdWVycy8xNCIsImlzc3VhbmNlRGF0ZSI6IjIwMTAtMDEtMDFUMTk6MjM6MjRaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6ZXhhbXBsZTplYmZlYjFmNzEyZWJjNmYxYzI3NmUxMmVjMjEiLCJkZWdyZWUiOnsidHlwZSI6IkJhY2hlbG9yRGVncmVlIiwibmFtZSI6IkJhY2hlbG9yIG9mIFNjaWVuY2UgYW5kIEFydHMifX0sImNyZWRlbnRpYWxTdGF0dXMiOnsiaWQiOiJodHRwczovL2V4YW1wbGUuZWR1L3N0YXR1cy8yNCIsInR5cGUiOiJDcmVkZW50aWFsU3RhdHVzTGlzdDIwMTcifSwicHJvb2YiOnsidHlwZSI6IkVkMjU1MTlTaWduYXR1cmUyMDIwIiwiY3JlYXRlZCI6IjIwMjItMDItMjVUMTQ6NTg6NDNaIiwidmVyaWZpY2F0aW9uTWV0aG9kIjoiaHR0cHM6Ly9leGFtcGxlLmVkdS9pc3N1ZXJzLzE0I2tleS0xIiwicHJvb2ZQdXJwb3NlIjoiYXNzZXJ0aW9uTWV0aG9kIiwicHJvb2ZWYWx1ZSI6InozQlhzRmZ4MXFKNU5zVGtLcVJFalEzQUdoNlJBbUN3dmd1MUhjRFN6SzNQNVFFZzJUQXc4dWZrdEpCdzhRa0FRUmNpTUd5QmY1VDJBSHlSZzJ3MTNVdmhwIn19XX19.GcAjYFJm6KmqZjiYUocN8vEB_UDtKJOl29thxJrWYQeA5HcSAYip_fMvqxbqY7SSN2gdTKkZmZhK0SYTrl-zIXIUlB011PYkIWM4WIlr956BQPAHdYA-gosr8KfFX6Jr1-k0c6xYNt-1sWhtrsXepPNqmTI9kIsGL5hpCyMrvnlak7rsm3sqVy7PYV_vCzElLqReF7unVTsxhdVIQurLiKfQ66JZTrIty-CZ5F-VulKe5Qzbxgz1-YQa1QDPn9uYWfA4_MxP7ukg6cIky8HgK2iIPBozZKjRop7QKEM07xL3aP_2gfzXej35qptGtE8y48pWdOkURYFhcMgymCsV7Q

This causes the error

SEVERE 2024-08-08T13:35:44.361007572 JerseyExtension: Unexpected exception caught
bdrs             | java.lang.IllegalArgumentException: Cannot find a deserializer for non-concrete Map type [map type; class jakarta.json.JsonObject, [simple type, class java.lang.String] -> [simple type, class jakarta.json.JsonValue]]
bdrs             |  at [Source: UNKNOWN; byte offset: #UNKNOWN]
bdrs             |      at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:4624)
bdrs             |      at com.fasterxml.jackson.databind.ObjectMapper.convertValue(ObjectMapper.java:4555)
bdrs             |      at org.eclipse.edc.iam.identitytrust.transform.to.JwtToVerifiablePresentationTransformer.extractCredentials(JwtToVerifiablePresentationTransformer.java:87)
bdrs             |      at org.eclipse.edc.iam.identitytrust.transform.to.JwtToVerifiablePresentationTransformer.lambda$transform$0(JwtToVerifiablePresentationTransformer.java:69)
bdrs             |      at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
bdrs             |      at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(Unknown Source)
bdrs             |      at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
bdrs             |      at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
bdrs             |      at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
bdrs             |      at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(Unknown Source)
bdrs             |      at java.base/java.util.stream.ReferencePipeline.toArray(Unknown Source)
bdrs             |      at java.base/java.util.stream.ReferencePipeline.toArray(Unknown Source)
bdrs             |      at java.base/java.util.stream.ReferencePipeline.toList(Unknown Source)
bdrs             |      at org.eclipse.edc.iam.identitytrust.transform.to.AbstractJwtTransformer.listOrReturn(AbstractJwtTransformer.java:61)
bdrs             |      at org.eclipse.edc.iam.identitytrust.transform.to.JwtToVerifiablePresentationTransformer.transform(JwtToVerifiablePresentationTransformer.java:69)
bdrs             |      at org.eclipse.edc.iam.identitytrust.transform.to.JwtToVerifiablePresentationTransformer.transform(JwtToVerifiablePresentationTransformer.java:32)
bdrs             |      at org.eclipse.edc.transform.TransformerContextImpl.transform(TransformerContextImpl.java:65)
bdrs             |      at org.eclipse.edc.transform.TypeTransformerRegistryImpl.transform(TypeTransformerRegistryImpl.java:61)
bdrs             |      at org.eclipse.tractusx.bdrs.api.directory.authentication.CredentialBasedAuthenticationService.performCredentialValidation(CredentialBasedAuthenticationService.java:95)
bdrs             |      at java.base/java.util.Optional.map(Unknown Source)
bdrs             |      at org.eclipse.tractusx.bdrs.api.directory.authentication.CredentialBasedAuthenticationService.isAuthenticated(CredentialBasedAuthenticationService.java:70)
bdrs             |      at org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter.filter(AuthenticationRequestFilter.java:49)
bdrs             |      at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:108)
bdrs             |      at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:44)
bdrs             |      at org.glassfish.jersey.process.internal.Stages.process(Stages.java:173)
bdrs             |      at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:266)
bdrs             |      at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
bdrs             |      at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
bdrs             |      at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
bdrs             |      at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
bdrs             |      at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
bdrs             |      at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:266)
bdrs             |      at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:253)
bdrs             |      at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:696)
bdrs             |      at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
bdrs             |      at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
bdrs             |      at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:358)
bdrs             |      at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:312)
bdrs             |      at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
bdrs             |      at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
bdrs             |      at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:529)
bdrs             |      at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:221)
bdrs             |      at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1381)
bdrs             |      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
bdrs             |      at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
bdrs             |      at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
bdrs             |      at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1303)
bdrs             |      at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
bdrs             |      at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:192)
bdrs             |      at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
bdrs             |      at org.eclipse.jetty.server.Server.handle(Server.java:563)
bdrs             |      at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
bdrs             |      at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
bdrs             |      at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
bdrs             |      at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:287)
bdrs             |      at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
bdrs             |      at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
bdrs             |      at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
bdrs             |      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.runTask(AdaptiveExecutionStrategy.java:421)
bdrs             |      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.consumeTask(AdaptiveExecutionStrategy.java:390)
bdrs             |      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.tryProduce(AdaptiveExecutionStrategy.java:277)
bdrs             |      at org.eclipse.jetty.util.thread.strategy.AdaptiveExecutionStrategy.run(AdaptiveExecutionStrategy.java:199)
bdrs             |      at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:411)
bdrs             |      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:969)
bdrs             |      at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.doRunJob(QueuedThreadPool.java:1194)
bdrs             |      at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1149)
bdrs             |      at java.base/java.lang.Thread.run(Unknown Source)
bdrs             | Caused by: com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot find a deserializer for non-concrete Map type [map type; class jakarta.json.JsonObject, [simple type, class java.lang.String] -> [simple type, class jakarta.json.JsonValue]]
bdrs             |  at [Source: UNKNOWN; byte offset: #UNKNOWN]
bdrs             |      at com.fasterxml.jackson.databind.exc.InvalidDefinitionException.from(InvalidDefinitionException.java:67)
bdrs             |      at com.fasterxml.jackson.databind.DeserializationContext.reportBadDefinition(DeserializationContext.java:1887)
bdrs             |      at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCache2(DeserializerCache.java:300)
bdrs             |      at com.fasterxml.jackson.databind.deser.DeserializerCache._createAndCacheValueDeserializer(DeserializerCache.java:274)
bdrs             |      at com.fasterxml.jackson.databind.deser.DeserializerCache.findValueDeserializer(DeserializerCache.java:170)
bdrs             |      at com.fasterxml.jackson.databind.DeserializationContext.findRootValueDeserializer(DeserializationContext.java:669)
bdrs             |      at com.fasterxml.jackson.databind.ObjectMapper._findRootDeserializer(ObjectMapper.java:5036)
bdrs             |      at com.fasterxml.jackson.databind.ObjectMapper._convert(ObjectMapper.java:4617)
bdrs             |      ... 66 more

Expected behavior

The API returns

[
    {
        "message": "Request could not be authenticated",
        "type": "AuthenticationFailed",
        "path": null,
        "invalidValue": null
    }
]

and the logs from docker show something like

bdrs             | WARNING 2024-08-08T13:54:10.957961428 Error validating BDRS client VP: No public key could be resolved for key-ID 'did:example:0xabc#key1': This DID is not supported by any of the resolvers: did:example:0xabc, No public key could be resolved for key-ID 'did:example:abfe13f712120431c276e12ecab#keys-1': This DID is not supported by any of the resolvers: did:example:abfe13f712120431c276e12ecab

Context Information

I'm not sure if this is an issue in the BDRS or the EDC or if I'm doing something wrong. For instance the example JWT I provided does not contain a 'holder' property and so on. But from my understanding this is not connected to this error.

Mandatory change in licensing and legal documentation

Description

Due to a change in how we want to license Eclipse Tractus-X, there are a couple of changes
to legal documentation in our repositories.

This issue is created for every active repository in our GitHub org, to remind everyone
about the required changes and also to track the completion of if.

If there are any reasons, why you think this change should not be applied to this repository,
document them as comment on this issue, before closing it. Be aware, that there are most likely no
exceptions for our repositories.

If you have any questions, feel free to join the weekly Community Office Hour
and raise it there.

What has to be done?

The following steps have to be completed, to fully implement the licensing change:

Add a new file LICENSE_non-code in your repository root with the contents of the CC-BY-4.0 license
Remove the /LICENSES directory in case you previously stored the CC-BY-4.0 license there. Make sure there is no other CC-BY-4.0 License left, other than on root as LICENSE_non-code
Add the "Project Licenses" and "Terms of Use" sections to your CONTRIBUTING.md file. See eclipse-tractusx/sig-infra#476 for an example
Adapt "Declared Project License" section in NOTICE.md. See eclipse-tractusx/sig-infra#476 for an example
Please verify, your CONTRIBUTION.md does not have encoding issues. We found several occurences in repositories.

Additional information

You can find detailed information in our Release Guidelines section 7.
The changes have been introduces in eclipse-tractusx/eclipse-tractusx.github.io#856.

You can also see an example on how a repository was changed in eclipse-tractusx/sig-infra#476.

Overall progress tracked in eclipse-tractusx/sig-infra#477

Helm chart values file contains uncommented lines which are part of an example

Describe the bug

File charts/bdrs-server/values.yaml in lines 217-227 contains the following sequence:

  resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  limits:
    cpu: 1.5
    memory: 512Mi
  requests:
    cpu: 500m
    memory: 128Mi

The uncommented limits and requests section is not valid, they are actually part of the comment above.

Same applies to file charts/bdrs-server-memory/values.yaml

To Reproduce

n/a

Expected behavior

limits and requests section is commented out

Screenshots/Error Messages

n/a

Context Information

n/a

Possible Implementation

Comment the appropriate lines

Helm chart values should provide example resource constraints for postgresql

WHAT

Currently the postgresql deployment in the helm charts does not state any resource constraints and relies on the constraints of the referred charts. Proposal is to add an example resource constraint.

WHY

During deployment in a test environment, it took a while to figure out, how the resource constraint have to be defined. By providing a commented example for setting the constraints, an adopter does not have to research for the right configuration but can simply uncomment the proposal and adapt it accordingly.

HOW

Comments in the right section in file charts/bdrs-server/values.yaml that can be simply uncommented or copied into an overwriting values file

FURTHER NOTES

n/a

Add end-to-end testing

Add end-to-end testing.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble