Skip to content

Commit

Permalink
refactor: moved security checks in protocol service layer (#3668)
Browse files Browse the repository at this point in the history
* refactor: moved security checks in protocol service layer

* pr remarks
  • Loading branch information
wolf4ood authored Nov 30, 2023
1 parent cd9dbec commit c6fb970
Show file tree
Hide file tree
Showing 25 changed files with 598 additions and 345 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@
import org.eclipse.edc.policy.model.Policy;
import org.eclipse.edc.policy.model.PolicyType;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.iam.IdentityService;
import org.eclipse.edc.spi.iam.TokenRepresentation;
import org.eclipse.edc.spi.message.RemoteMessageDispatcherRegistry;
import org.eclipse.edc.spi.monitor.ConsoleMonitor;
import org.eclipse.edc.spi.protocol.ProtocolWebhook;
Expand Down Expand Up @@ -85,7 +87,9 @@ class ContractNegotiationIntegrationTest {
private final ContractValidationService validationService = mock(ContractValidationService.class);
private final RemoteMessageDispatcherRegistry providerDispatcherRegistry = mock(RemoteMessageDispatcherRegistry.class);
private final RemoteMessageDispatcherRegistry consumerDispatcherRegistry = mock(RemoteMessageDispatcherRegistry.class);
private final IdentityService identityService = mock();
protected ClaimToken token = ClaimToken.Builder.newInstance().build();
protected TokenRepresentation tokenRepresentation = TokenRepresentation.Builder.newInstance().build();
private final ProtocolWebhook protocolWebhook = () -> "http://dummy";
private String consumerNegotiationId;

Expand Down Expand Up @@ -119,8 +123,9 @@ void init() {
.protocolWebhook(protocolWebhook)
.build();

consumerService = new ContractNegotiationProtocolServiceImpl(consumerStore, new NoopTransactionContext(), validationService, new ContractNegotiationObservableImpl(), monitor, mock(Telemetry.class));
providerService = new ContractNegotiationProtocolServiceImpl(providerStore, new NoopTransactionContext(), validationService, new ContractNegotiationObservableImpl(), monitor, mock(Telemetry.class));
when(identityService.verifyJwtToken(eq(tokenRepresentation), any())).thenReturn(Result.success(token));
consumerService = new ContractNegotiationProtocolServiceImpl(consumerStore, new NoopTransactionContext(), validationService, identityService, new ContractNegotiationObservableImpl(), monitor, mock(Telemetry.class));
providerService = new ContractNegotiationProtocolServiceImpl(providerStore, new NoopTransactionContext(), validationService, identityService, new ContractNegotiationObservableImpl(), monitor, mock(Telemetry.class));
}

@AfterEach
Expand Down Expand Up @@ -261,7 +266,7 @@ private Answer<Object> onConsumerSentOfferRequest() {
return i -> {
ContractRequestMessage request = i.getArgument(1);
consumerNegotiationId = request.getProcessId();
var result = providerService.notifyRequested(request, token);
var result = providerService.notifyRequested(request, tokenRepresentation);
return toFuture(result);
};
}
Expand All @@ -270,7 +275,7 @@ private Answer<Object> onConsumerSentOfferRequest() {
private Answer<Object> onConsumerSentRejection() {
return i -> {
ContractNegotiationTerminationMessage request = i.getArgument(1);
var result = providerService.notifyTerminated(request, token);
var result = providerService.notifyTerminated(request, tokenRepresentation);
return toFuture(result);
};
}
Expand All @@ -279,7 +284,7 @@ private Answer<Object> onConsumerSentRejection() {
private Answer<Object> onProviderSentAgreementRequest() {
return i -> {
ContractAgreementMessage request = i.getArgument(1);
var result = consumerService.notifyAgreed(request, token);
var result = consumerService.notifyAgreed(request, tokenRepresentation);
return toFuture(result);
};
}
Expand All @@ -288,7 +293,7 @@ private Answer<Object> onProviderSentAgreementRequest() {
private Answer<Object> onProviderSentNegotiationEventMessage() {
return i -> {
ContractNegotiationEventMessage request = i.getArgument(1);
var result = consumerService.notifyFinalized(request, token);
var result = consumerService.notifyFinalized(request, tokenRepresentation);
return toFuture(result);
};
}
Expand All @@ -297,7 +302,7 @@ private Answer<Object> onProviderSentNegotiationEventMessage() {
private Answer<Object> onConsumerSentAgreementVerification() {
return i -> {
ContractAgreementVerificationMessage request = i.getArgument(1);
var result = providerService.notifyVerified(request, token);
var result = providerService.notifyVerified(request, tokenRepresentation);
return toFuture(result);
};
}
Expand All @@ -306,7 +311,7 @@ private Answer<Object> onConsumerSentAgreementVerification() {
private Answer<Object> onProviderSentRejection() {
return i -> {
ContractNegotiationTerminationMessage request = i.getArgument(1);
var result = consumerService.notifyTerminated(request, token);
var result = consumerService.notifyTerminated(request, tokenRepresentation);
return toFuture(result);
};
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
import org.eclipse.edc.spi.asset.AssetIndex;
import org.eclipse.edc.spi.command.CommandHandlerRegistry;
import org.eclipse.edc.spi.event.EventRouter;
import org.eclipse.edc.spi.iam.IdentityService;
import org.eclipse.edc.spi.message.RemoteMessageDispatcherRegistry;
import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.system.ServiceExtension;
Expand Down Expand Up @@ -136,6 +137,9 @@ public class ControlPlaneServicesExtension implements ServiceExtension {
@Inject
private DataAddressValidatorRegistry dataAddressValidator;

@Inject
private IdentityService identityService;

@Override
public String name() {
return NAME;
Expand All @@ -155,7 +159,7 @@ public CatalogService catalogService() {

@Provider
public CatalogProtocolService catalogProtocolService(ServiceExtensionContext context) {
return new CatalogProtocolServiceImpl(datasetResolver, participantAgentService, dataServiceRegistry, context.getParticipantId());
return new CatalogProtocolServiceImpl(datasetResolver, participantAgentService, dataServiceRegistry, identityService, monitor, context.getParticipantId());
}

@Provider
Expand All @@ -178,7 +182,7 @@ public ContractNegotiationService contractNegotiationService() {
@Provider
public ContractNegotiationProtocolService contractNegotiationProtocolService() {
return new ContractNegotiationProtocolServiceImpl(contractNegotiationStore,
transactionContext, contractValidationService, contractNegotiationObservable,
transactionContext, contractValidationService, identityService, contractNegotiationObservable,
monitor, telemetry);
}

Expand All @@ -198,6 +202,6 @@ public TransferProcessService transferProcessService() {
@Provider
public TransferProcessProtocolService transferProcessProtocolService() {
return new TransferProcessProtocolServiceImpl(transferProcessStore, transactionContext, contractNegotiationStore,
contractValidationService, dataAddressValidator, transferProcessObservable, clock, monitor, telemetry);
contractValidationService, identityService, dataAddressValidator, transferProcessObservable, clock, monitor, telemetry);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,20 @@
import org.eclipse.edc.catalog.spi.DataServiceRegistry;
import org.eclipse.edc.catalog.spi.Dataset;
import org.eclipse.edc.catalog.spi.DatasetResolver;
import org.eclipse.edc.connector.service.protocol.BaseProtocolService;
import org.eclipse.edc.connector.spi.catalog.CatalogProtocolService;
import org.eclipse.edc.spi.agent.ParticipantAgentService;
import org.eclipse.edc.spi.iam.ClaimToken;
import org.eclipse.edc.spi.iam.IdentityService;
import org.eclipse.edc.spi.iam.TokenRepresentation;
import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.result.ServiceResult;
import org.jetbrains.annotations.NotNull;

import static java.lang.String.format;
import static java.util.stream.Collectors.toList;
import static org.eclipse.edc.spi.CoreConstants.EDC_NAMESPACE;

public class CatalogProtocolServiceImpl implements CatalogProtocolService {
public class CatalogProtocolServiceImpl extends BaseProtocolService implements CatalogProtocolService {

private static final String PARTICIPANT_ID_PROPERTY_KEY = "participantId";

Expand All @@ -40,7 +43,11 @@ public class CatalogProtocolServiceImpl implements CatalogProtocolService {

public CatalogProtocolServiceImpl(DatasetResolver datasetResolver,
ParticipantAgentService participantAgentService,
DataServiceRegistry dataServiceRegistry, String participantId) {
DataServiceRegistry dataServiceRegistry,
IdentityService identityService,
Monitor monitor,
String participantId) {
super(identityService, monitor);
this.datasetResolver = datasetResolver;
this.participantAgentService = participantAgentService;
this.dataServiceRegistry = dataServiceRegistry;
Expand All @@ -49,32 +56,34 @@ public CatalogProtocolServiceImpl(DatasetResolver datasetResolver,

@Override
@NotNull
public ServiceResult<Catalog> getCatalog(CatalogRequestMessage message, ClaimToken claimToken) {
var agent = participantAgentService.createFor(claimToken);
public ServiceResult<Catalog> getCatalog(CatalogRequestMessage message, TokenRepresentation tokenRepresentation) {
return verifyToken(tokenRepresentation).map(claimToken -> {
var agent = participantAgentService.createFor(claimToken);

try (var datasets = datasetResolver.query(agent, message.getQuerySpec())) {
var dataServices = dataServiceRegistry.getDataServices();
try (var datasets = datasetResolver.query(agent, message.getQuerySpec())) {
var dataServices = dataServiceRegistry.getDataServices();

var catalog = Catalog.Builder.newInstance()
.dataServices(dataServices)
.datasets(datasets.collect(toList()))
.property(EDC_NAMESPACE + PARTICIPANT_ID_PROPERTY_KEY, participantId)
.build();

return ServiceResult.success(catalog);
}
return Catalog.Builder.newInstance()
.dataServices(dataServices)
.datasets(datasets.collect(toList()))
.property(EDC_NAMESPACE + PARTICIPANT_ID_PROPERTY_KEY, participantId)
.build();
}
});
}

@Override
public @NotNull ServiceResult<Dataset> getDataset(String datasetId, ClaimToken claimToken) {
var agent = participantAgentService.createFor(claimToken);
public @NotNull ServiceResult<Dataset> getDataset(String datasetId, TokenRepresentation tokenRepresentation) {
return verifyToken(tokenRepresentation).compose(claimToken -> {
var agent = participantAgentService.createFor(claimToken);

var dataset = datasetResolver.getById(agent, datasetId);
var dataset = datasetResolver.getById(agent, datasetId);

if (dataset == null) {
return ServiceResult.notFound(format("Dataset %s does not exist", datasetId));
}
if (dataset == null) {
return ServiceResult.notFound(format("Dataset %s does not exist", datasetId));
}

return ServiceResult.success(dataset);
return ServiceResult.success(dataset);
});
}
}
Loading

0 comments on commit c6fb970

Please sign in to comment.