Refactoring of the full identity checks. First working version of auto checker of identity against fc.

Author: espona

.idea/gradle.xml

@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.heleade.commons.verify.claims;
+package org.eclipse.edc.heleade.commons.verification.claims;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 
@@ -90,5 +90,33 @@ public static boolean verifyClaim(String verifiedClaim, Map<String, Object> part
     public static boolean verifyClaims(Map<String, Object> participantClaims, Map<String, Object> participantClaimsFromFc) {
         return Objects.equals(participantClaims, participantClaimsFromFc);
     }
+
+    /**
+     * Constructs a JSON string representation of the provided participant information and claims.
+     *
+     * @param participantId the unique identifier of the participant
+     * @param signedClaims the signed claims associated with the participant
+     * @param participantClaims a map containing participant-specific claims as key-value pairs
+     * @return a JSON string representation of the provided input data
+     * @throws RuntimeException if an error occurs while building the JSON string
+     */
+    public static String getJsonBody(String participantId, String signedClaims, Map<String, Object> participantClaims) {
+        try {
+            Map<String, Object> body = Map.of(
+                    "participantId", participantId,
+                    "signedClaims", signedClaims,
+                    "claims", participantClaims,
+                    "@context", Map.of(
+                            "@vocab", "https://w3id.org/edc/v0.0.1/ns/"
+                    )
+            );
+
+            ObjectMapper mapper = new ObjectMapper();
+            return mapper.writeValueAsString(body);
+
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to build JSON body", e);
+        }
+    }
 }
 

…eleade/commons/verify/claims/Claims.java …/commons/verification/claims/Claims.javacommons/src/main/java/org/eclipse/edc/heleade/commons/verify/claims/Claims.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/Claims.java commons/src/main/java/org/eclipse/edc/heleade/commons/verify/claims/Claims.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/Claims.java

@@ -12,12 +12,14 @@
  *
  */
 
-package org.eclipse.edc.heleade.policy.extension.claims.checker;
+package org.eclipse.edc.heleade.commons.verification.claims.checker;
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.eclipse.edc.heleade.commons.verification.claims.Claims;
 import org.eclipse.edc.spi.monitor.Monitor;
 
+import java.io.IOException;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
@@ -45,80 +47,34 @@ public FcParticipantClaimChecker(Monitor monitor, String baseUrl) {
         this.httpClient = HttpClient.newHttpClient();
     }
 
-
     /**
      * Verifies the claims of a participant against the provided signed claims and participant claims data.
      * This method sends an HTTP POST request to the verification endpoint and processes the response
      * to determine the validity of the participant's signature and claims.
      *
+     * @param baseUrl the ur of the FC catalog
      * @param participantId the unique identifier of the participant
      * @param signedClaims the signed claims associated with the participant
      * @param participantClaims a map containing the participant's specific claims as key-value pairs
-     * @return {@code true} if both the signature verification and claims verification are successful,
-     *         {@code false} otherwise
+     * @param httpClient an http client to perform the requests
+     * @return a {@link VerificationResult} object indicating the success or failure of
+     *         signature and claims verification
+     * @throws IOException failure during http request
+     * @throws InterruptedException failure during http request
      */
-    @Override
-    public boolean verifyClaims(String participantId, String signedClaims, Map<String, Object> participantClaims) {
-
-        try {
-
-            String url = baseUrl + "verification";
-            monitor.info("Verifying participant node: " + participantId);
-
-            String json = getJsonBody(participantId, signedClaims, participantClaims);
-            var request = HttpRequest.newBuilder()
-                    .uri(URI.create(url))
-                    .header("Content-Type", "application/json")
-                    .POST(HttpRequest.BodyPublishers.ofString(json))
-                    .build();
-
-            var response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
-
-            VerificationResult result = parseVerificationResponse(response);
-
-            if (!result.signatureResult()) {
-                monitor.warning("Signature verification failed");
-            }
+    public static VerificationResult verifyClaims(String baseUrl, String participantId, String signedClaims, Map<String, Object> participantClaims, HttpClient httpClient) throws IOException, InterruptedException {
+        String url = baseUrl + "verification";
 
-            if (!result.claimsResult()) {
-                monitor.warning("Claims verification failed");
-            }
-
-            return result.signatureResult() && result.claimsResult();
+        String json = Claims.getJsonBody(participantId, signedClaims, participantClaims);
+        var request = HttpRequest.newBuilder()
+                   .uri(URI.create(url))
+                   .header("Content-Type", "application/json")
+                   .POST(HttpRequest.BodyPublishers.ofString(json))
+                   .build();
 
-        } catch (Exception e) {
-            monitor.warning("Failed to verify claims" + e.getMessage());
-            return false;
-        }
+        var response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
 
-    }
-
-    /**
-     * Constructs a JSON string representation of the provided participant information and claims.
-     *
-     * @param participantId the unique identifier of the participant
-     * @param signedClaims the signed claims associated with the participant
-     * @param participantClaims a map containing participant-specific claims as key-value pairs
-     * @return a JSON string representation of the provided input data
-     * @throws RuntimeException if an error occurs while building the JSON string
-     */
-    public String getJsonBody(String participantId, String signedClaims, Map<String, Object> participantClaims) {
-        try {
-            Map<String, Object> body = Map.of(
-                    "participantId", participantId,
-                    "signedClaims", signedClaims,
-                    "claims", participantClaims,
-                    "@context", Map.of(
-                            "@vocab", "https://w3id.org/edc/v0.0.1/ns/"
-                    )
-            );
-
-            ObjectMapper mapper = new ObjectMapper();
-            return mapper.writeValueAsString(body);
-
-        } catch (Exception e) {
-            throw new RuntimeException("Failed to build JSON body", e);
-        }
+        return parseVerificationResponse(response);
     }
 
     /**
@@ -129,7 +85,7 @@ public String getJsonBody(String participantId, String signedClaims, Map<String,
      * @return a {@link VerificationResult} object indicating the success or failure of
      *         signature and claims verification
      */
-    private VerificationResult parseVerificationResponse(HttpResponse<String> response) {
+    public static VerificationResult parseVerificationResponse(HttpResponse<String> response) {
 
         try {
             ObjectMapper mapper = new ObjectMapper();
@@ -155,9 +111,38 @@ private VerificationResult parseVerificationResponse(HttpResponse<String> respon
 
     }
 
+    /**
+     * Verifies the claims of a participant against the provided signed claims and participant claims data.
+     * This method sends an HTTP POST request to the verification endpoint and processes the response
+     * to determine the validity of the participant's signature and claims.
+     *
+     * @param participantId the unique identifier of the participant
+     * @param signedClaims the signed claims associated with the participant
+     * @param participantClaims a map containing the participant's specific claims as key-value pairs
+     * @return {@code true} if both the signature verification and claims verification are successful,
+     *         {@code false} otherwise
+     */
+    @Override
+    public boolean verifyClaims(String participantId, String signedClaims, Map<String, Object> participantClaims) {
+        try {
+
+            VerificationResult result = verifyClaims(this.baseUrl, participantId, signedClaims, participantClaims, this.httpClient);
+
+            if (!result.signatureResult()) {
+                monitor.warning("Signature verification failed");
+            }
 
+            if (!result.claimsResult()) {
+                monitor.warning("Claims verification failed");
+            }
 
+            return result.signatureResult() && result.claimsResult();
 
+        } catch (Exception e) {
+            monitor.warning("Failed to verify claims" + e.getMessage());
+            return false;
+        }
 
+    }
 
 }

…s/checker/FcParticipantClaimChecker.java …s/checker/FcParticipantClaimChecker.javaproviders/policy/claims-checker/src/main/java/org/eclipse/edc/heleade/policy/extension/claims/checker/FcParticipantClaimChecker.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/checker/FcParticipantClaimChecker.java providers/policy/claims-checker/src/main/java/org/eclipse/edc/heleade/policy/extension/claims/checker/FcParticipantClaimChecker.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/checker/FcParticipantClaimChecker.java

@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.heleade.policy.extension.claims.checker;
+package org.eclipse.edc.heleade.commons.verification.claims.checker;
 
 
 import java.util.Map;

…ims/checker/ParticipantClaimChecker.java …ims/checker/ParticipantClaimChecker.javaproviders/policy/claims-checker/src/main/java/org/eclipse/edc/heleade/policy/extension/claims/checker/ParticipantClaimChecker.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/checker/ParticipantClaimChecker.java providers/policy/claims-checker/src/main/java/org/eclipse/edc/heleade/policy/extension/claims/checker/ParticipantClaimChecker.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/checker/ParticipantClaimChecker.java

@@ -12,7 +12,13 @@
  *
  */
 
-package org.eclipse.edc.heleade.policy.extension.claims.checker;
+package org.eclipse.edc.heleade.commons.verification.claims.checker;
+
+import jakarta.json.Json;
+import jakarta.json.JsonObject;
+import jakarta.json.JsonObjectBuilder;
+
+import static org.eclipse.edc.spi.constants.CoreConstants.EDC_NAMESPACE;
 
 /**
  *  * Represents the result of a verification process including signature and claim validation.
@@ -38,4 +44,26 @@ public record VerificationResult(boolean signatureResult, boolean claimsResult)
      */
     public VerificationResult {
     }
+
+    /**
+     * Converts the current instance into a JsonObject representation containing its properties.
+     *
+     * @return a JsonObject containing the attributes of the instance
+     */
+    public JsonObject asJsonObject() {
+        try {
+            // Create a JSON object with the TargetNode properties
+            JsonObjectBuilder builder = Json.createObjectBuilder()
+                    .add(EDC_NAMESPACE + "signatureResult", this.signatureResult())
+                    .add(EDC_NAMESPACE + "claimsResult", this.claimsResult());
+
+            // Build and return the JSON object
+            JsonObject jsonObject = builder.build();
+
+            return jsonObject;
+
+        } catch (Exception e) {
+            throw new RuntimeException("Error converting VerificationResult to JsonObject", e);
+        }
+    }
 }

…n/claims/checker/VerificationResult.java …n/claims/checker/VerificationResult.javaproviders/policy/claims-checker/src/main/java/org/eclipse/edc/heleade/policy/extension/claims/checker/VerificationResult.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/checker/VerificationResult.java providers/policy/claims-checker/src/main/java/org/eclipse/edc/heleade/policy/extension/claims/checker/VerificationResult.java renamed to commons/src/main/java/org/eclipse/edc/heleade/commons/verification/claims/checker/VerificationResult.java

@@ -36,8 +36,8 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import static org.eclipse.edc.heleade.commons.verify.claims.Claims.verifyClaims;
-import static org.eclipse.edc.heleade.commons.verify.claims.Claims.verifySignature;
+import static org.eclipse.edc.heleade.commons.verification.claims.Claims.verifyClaims;
+import static org.eclipse.edc.heleade.commons.verification.claims.Claims.verifySignature;
 
 
 /**

federated-catalog/src/main/java/org/eclipse/edc/heleade/federated/catalog/extension/api/verification/VerificationApiController.java

@@ -22,5 +22,5 @@ dependencies {
     implementation(libs.jakarta.rsApi)
     implementation(libs.edc.control.plane.core)
     implementation(libs.edc.http)
-
+    implementation(project(":commons"))
 }

iam-identity/build.gradle.kts

@@ -112,7 +112,11 @@ public void initialize(ServiceExtensionContext context) {
         IamIdentityService iamIdentityService = new IamIdentityService(typeManager, claims, participantId, signedClaims);
         context.registerService(IdentityService.class, iamIdentityService);
 
-        webService.registerResource(new IamIdentityApiController(iamIdentityService, context.getMonitor()));
+        webService.registerResource(
+                new IamIdentityApiController(iamIdentityService,
+                participantRegistryUrl,
+                context.getMonitor())
+        );
 
     }
 

iam-identity/src/main/java/org/eclipse/edc/heleade/identity/IamIdentityExtension.java

@@ -19,9 +19,13 @@
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
+import org.eclipse.edc.heleade.commons.verification.claims.checker.FcParticipantClaimChecker;
+import org.eclipse.edc.heleade.commons.verification.claims.checker.VerificationResult;
 import org.eclipse.edc.heleade.identity.IamIdentityService;
 import org.eclipse.edc.spi.monitor.Monitor;
 
+import java.net.http.HttpClient;
+
 /**
  * Endpoint to validate the participant identity
  */
@@ -32,18 +36,23 @@ public class IamIdentityApiController {
 
     private final Monitor monitor;
     private final IamIdentityService iamIdentityService;
+    private final HttpClient httpClient;
+    private final String participantRegistryUrl;
 
     /**
      * Instantiates the controller for the verify identity endpoint
      *
      * @param iamIdentityService identity service
+     * @param participantRegistryUrl federated catalog url
      * @param monitor logger object
      */
-    public IamIdentityApiController(IamIdentityService iamIdentityService, Monitor monitor) {
+    public IamIdentityApiController(IamIdentityService iamIdentityService, String participantRegistryUrl, Monitor monitor) {
         this.iamIdentityService = iamIdentityService;
         this.monitor = monitor;
+        this.participantRegistryUrl = participantRegistryUrl;
+        this.httpClient = HttpClient.newHttpClient();
     }
-    
+
     /**
      * Defines the verify identity endpoint
      *
@@ -54,6 +63,24 @@ public IamIdentityApiController(IamIdentityService iamIdentityService, Monitor m
     public String verify() {
         monitor.debug("Verify identity received a request");
 
-        return "{\"response\":\"IdentityProvider: I'm alive!\"}";
+        try {
+
+            monitor.info("Auto Verification participant node: " + iamIdentityService.getClientId());
+
+            VerificationResult result = FcParticipantClaimChecker.verifyClaims(
+                                                    this.participantRegistryUrl,
+                                                    iamIdentityService.getClientId(),
+                                                    iamIdentityService.getSignedClaims(),
+                                                    iamIdentityService.getClaims(),
+                                                    httpClient
+            );
+
+            return result.asJsonObject().toString();
+
+        } catch (Exception e) {
+            monitor.warning("Failed to verify claims" + e.getMessage());
+            return "{\"error\": \"Failed to verify claims:" + e.getMessage() + "\"}";
+        }
+
     }
 }