Merge remote-tracking branch 'origin/develop' into feature/OIDF-53

# Conflicts: # .env # .github/workflows/ci.yml # .gitignore # README.md # modules/admin-server/build.gradle.kts # modules/admin-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/KeyController.kt # modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml # modules/openid-federation-common/build.gradle.kts # modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/logic/EntityLogic.kt # modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/mapper/JsonMapper.kt # modules/openid-federation-common/src/commonTest/kotlin/com/sphereon/oid/fed/common/logic/EntityLogicTest.kt # modules/persistence/src/commonMain/kotlin/com/sphereon/oid/fed/persistence/Persistence.kt # modules/persistence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/1.sqm # modules/persistence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/2.sqm # modules/persistence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/Account.sq # modules/persistence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/Key.sq # modules/persistence/src/jvmMain/kotlin/com.sphereon.oid.fed.persistence/Persistence.jvm.kt # modules/services/build.gradle.kts # modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/AccountService.kt # modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/Constants.kt # modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/KeyService.kt # modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/extensions/KeyExtensions.kt # settings.gradle.kts
Sphereon-Opensource · Sep 16, 2024 · 6f208d7 · 6f208d7
2 parents 66b7df2 + 0eff6ac
commit 6f208d7
Show file tree

Hide file tree

Showing 91 changed files with 2,566 additions and 788 deletions.
diff --git a/.docker/admin-server/Dockerfile b/.docker/admin-server/Dockerfile
@@ -0,0 +1,19 @@
+FROM openjdk:21-jdk as builder
+RUN microdnf install findutils
+
+WORKDIR /app
+
+COPY . /app
+
+RUN chmod +x ./gradlew
+
+RUN ./gradlew :modules:admin-server:bootJar -x test -x allTests -x jsBrowserTest
+
+FROM openjdk:21-jdk as runner
+
+WORKDIR /app
+
+COPY .env .env
+COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.0.1.jar ./admin-server-0.0.1.jar
+
+ENTRYPOINT ["java", "-jar", "admin-server-0.0.1.jar"]
diff --git a/.docker/federation-server/Dockerfile b/.docker/federation-server/Dockerfile
@@ -0,0 +1,19 @@
+FROM openjdk:21-jdk as builder
+RUN microdnf install findutils
+
+WORKDIR /app
+
+COPY . /app
+
+RUN chmod +x ./gradlew
+
+RUN ./gradlew :modules:federation-server:bootJar -x test -x allTests -x jsBrowserTest
+
+FROM openjdk:21-jdk as runner
+
+WORKDIR /app
+
+COPY .env .env
+COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.0.1.jar ./federation-server-0.0.1.jar
+
+ENTRYPOINT ["java", "-jar", "federation-server-0.0.1.jar"]
diff --git a/.env b/.env
@@ -1,5 +1,15 @@
-DATASOURCE_URL=jdbc:postgresql://localhost:5432/openid-federation-db
+APP_KEY=Nit5tWts42QeCynT1Q476LyStDeSd4xb
+
+ROOT_IDENTIFIER=http://localhost:8081
+
+DATASOURCE_URL=jdbc:postgresql://db:5432/openid-federation-db
 DATASOURCE_USER=openid-federation-db-user
 DATASOURCE_PASSWORD=openid-federation-db-password
 DATASOURCE_DB=openid-federation-db
-APP_KEY=Nit5tWts42QeCynT1Q476LyStDeSd4xb
+
+KMS_PROVIDER=local
+
+LOCAL_KMS_DATASOURCE_URL=jdbc:postgresql://local-kms-db:5432/openid-federation-local-kms-db
+LOCAL_KMS_DATASOURCE_USER=openid-federation-local-kms-db-user
+LOCAL_KMS_DATASOURCE_PASSWORD=openid-federation-local-kms-db-password
+LOCAL_KMS_DATASOURCE_DB=openid-federation-local-kms-db
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -18,13 +18,20 @@ jobs:
           distribution: adopt-hotspot
           java-version: 17
 
-      - name: Build the stack
-        run: docker compose -f docker-compose.yaml up -d
+      - name: Run database
+        run: docker compose -f docker-compose.yaml up db -d
         env:
           DATASOURCE_USER: ${{ secrets.DATASOURCE_USER }}
           DATASOURCE_PASSWORD: ${{ secrets.DATASOURCE_PASSWORD }}
           DATASOURCE_URL: ${{ secrets.DATASOURCE_URL }}
 
+      - name: Run local KMS database
+        run: docker compose -f docker-compose.yaml up local-kms-db -d
+        env:
+          DATASOURCE_USER: ${{ secrets.LOCAL_KMS_DATASOURCE_USER }}
+          DATASOURCE_PASSWORD: ${{ secrets.LOCAL_KMS_DATASOURCE_PASSWORD }}
+          DATASOURCE_URL: ${{ secrets.LOCAL_KMS_DATASOURCE_URL }}
+
       - name: Setup Gradle
         uses: gradle/gradle-build-action@v3
 
@@ -35,6 +42,11 @@ jobs:
       - name: Execute Gradle build
         run: ./gradlew build
         env:
+          APP_KEY: ${{ secrets.APP_KEY }}
           DATASOURCE_USER: ${{ secrets.DATASOURCE_USER }}
           DATASOURCE_PASSWORD: ${{ secrets.DATASOURCE_PASSWORD }}
           DATASOURCE_URL: ${{ secrets.DATASOURCE_URL }}
+          LOCAL_KMS_DATASOURCE_USER: ${{ secrets.LOCAL_KMS_DATASOURCE_USER }}
+          LOCAL_KMS_DATASOURCE_PASSWORD: ${{ secrets.LOCAL_KMS_DATASOURCE_PASSWORD }}
+          LOCAL_KMS_DATASOURCE_URL: ${{ secrets.LOCAL_KMS_DATASOURCE_URL }}
+          KMS_PROVIDER: local
diff --git a/.gitignore b/.gitignore
@@ -20,6 +20,5 @@ captures
 /platforms/
 /platform-tools/
 /.temp/
-/docker/.env
 /.run/*
-kotlin-js-store/
+kotlin-js-store/
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ In the context of OpenID Federation, Entity Statements play a crucial role. Thes
 about the entity, such as its public keys and metadata. This framework allows entities to assert their identity and
 capabilities in a standardized manner, enabling seamless integration and interoperability within federations.
 
-## Key Concepts
+# Key Concepts
 
 - **Federation**: A group of organizations that agree to interoperate under a set of common rules defined in a
   federation policy.
@@ -92,3 +92,32 @@ purposes. **It is not intended for use in production environments** due to signi
 
 - Entity Statements can include additional claims as required by applications and protocols.
 - Metadata in Subordinate Statements overrides that in the Entity’s own configuration.
+
+# Servers Deployment Instructions
+
+## Docker Setup
+
+For seamless deployment of the OpenID Federation servers, Docker and Docker Compose offer the most efficient and
+straightforward approach.
+
+## Essential Commands
+
+### Build Docker Images
+
+- `docker compose build` - Compile the Docker images for the services.
+- `docker compose build --no-cache` - Compile the Docker images without utilizing the build cache, ensuring a clean
+  build.
+
+### Manage Services:
+
+- `docker compose up` - Initiate the services.
+- `docker compose up -d` - Launch the services in detached mode, allowing them to run in the background.
+- `docker compose down` - Terminate the services.
+- `docker compose down -v` - Terminate the services and remove associated volumes.
+- `docker compose up db -d` - Start only the database container in detached mode for isolated database operations.
+- `docker compose up federation-server -d` - Start only the Federation Server in detached mode.
+
+## API Endpoints via Docker
+
+* Federation API: Accessible at http://localhost:8080
+* Admin Server API: Accessible at http://localhost:8081
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,23 +1,92 @@
-version: '3.9'
-
 services:
   db:
     image: postgres:latest
     container_name: openid-federation-datastore
     environment:
       POSTGRES_USER: ${DATASOURCE_USER}
       POSTGRES_PASSWORD: ${DATASOURCE_PASSWORD}
-      POSTGRES_DB: openid-federation-db
+      POSTGRES_DB: ${DATASOURCE_DB}
     ports:
       - "5432:5432"
     volumes:
       - postgres_data:/var/lib/postgresql/data
     networks:
       - openid_network
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -d ${DATASOURCE_DB} -U ${DATASOURCE_USER}" ]
+      interval: 3s
+      timeout: 5s
+      retries: 20
+
+  local-kms-db:
+    image: postgres:latest
+    container_name: openid-federation-local-kms-datastore
+    environment:
+      POSTGRES_USER: ${LOCAL_KMS_DATASOURCE_USER}
+      POSTGRES_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
+      POSTGRES_DB: ${LOCAL_KMS_DATASOURCE_DB}
+    ports:
+      - "5433:5432"
+    volumes:
+      - local_kms_data:/var/lib/postgresql/data
+    networks:
+      - openid_network
+    healthcheck:
+      test: [ "CMD-SHELL", "pg_isready -d ${LOCAL_KMS_DATASOURCE_DB} -U ${LOCAL_KMS_DATASOURCE_USER}" ]
+      interval: 3s
+      timeout: 5s
+      retries: 20
+
+  federation-server:
+    build:
+      context: .
+      dockerfile: ./.docker/federation-server/Dockerfile
+    ports:
+      - "8080:8080"
+    container_name: openid-federation-server
+    environment:
+      DATASOURCE_URL: ${DATASOURCE_URL}
+      DATASOURCE_USER: ${DATASOURCE_USER}
+      DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+    depends_on:
+      admin-server:
+        condition: service_started
+      db:
+        condition: service_healthy
+    networks:
+      - openid_network
+
+  admin-server:
+    build:
+      context: .
+      dockerfile: ./.docker/admin-server/Dockerfile
+    ports:
+      - "8081:8080"
+    container_name: openid-federation-server-admin
+    environment:
+      DATASOURCE_URL: ${DATASOURCE_URL}
+      DATASOURCE_USER: ${DATASOURCE_USER}
+      DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+      APP_KEY: ${APP_KEY}
+      KMS_PROVIDER: ${KMS_PROVIDER}
+      LOCAL_KMS_DATASOURCE_URL: ${LOCAL_KMS_DATASOURCE_URL}
+      LOCAL_KMS_DATASOURCE_USER: ${LOCAL_KMS_DATASOURCE_USER}
+      LOCAL_KMS_DATASOURCE_PASSWORD: ${LOCAL_KMS_DATASOURCE_PASSWORD}
+      LOCAL_KMS_DATASOURCE_DB: ${LOCAL_KMS_DATASOURCE_DB}
+      ROOT_IDENTIFIER: ${ROOT_IDENTIFIER}
+
+    depends_on:
+      db:
+        condition: service_healthy
+      local-kms-db:
+        condition: service_healthy
+    networks:
+      - openid_network
 
 networks:
   openid_network:
     driver: bridge
 
 volumes:
-  postgres_data:
+  postgres_data:
+  local_kms_data:
diff --git a/modules/admin-server/build.gradle.kts b/modules/admin-server/build.gradle.kts
@@ -32,6 +32,7 @@ dependencies {
     testImplementation(libs.testcontainer.postgres)
     runtimeOnly(libs.postgres)
     runtimeOnly(libs.springboot.devtools)
+    implementation("io.ktor:ktor-serialization-kotlinx-json:2.3.11")
 }
 
 kotlin {

diff --git a/.../src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/AuthorityHintController.kt b/.../src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/AuthorityHintController.kt
@@ -0,0 +1,39 @@
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.openapi.models.CreateAuthorityHintDTO
+import com.sphereon.oid.fed.persistence.models.AuthorityHint
+import com.sphereon.oid.fed.services.AuthorityHintService
+import org.springframework.web.bind.annotation.DeleteMapping
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/accounts/{accountUsername}/authority-hints")
+class AuthorityHintController {
+    private val authorityHintService = AuthorityHintService()
+
+    @GetMapping
+    fun getAuthorityHints(@PathVariable accountUsername: String): Array<AuthorityHint> {
+        return authorityHintService.findByAccountUsername(accountUsername)
+    }
+
+    @PostMapping
+    fun createAuthorityHint(
+        @PathVariable accountUsername: String,
+        @RequestBody body: CreateAuthorityHintDTO
+    ): AuthorityHint {
+        return authorityHintService.createAuthorityHint(accountUsername, body.identifier)
+    }
+
+    @DeleteMapping("/{id}")
+    fun deleteAuthorityHint(
+        @PathVariable accountUsername: String,
+        @PathVariable id: Int
+    ): AuthorityHint {
+        return authorityHintService.deleteAuthorityHint(accountUsername, id)
+    }
+}
diff --git a/...in-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/CritController.kt b/...in-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/CritController.kt
@@ -0,0 +1,41 @@
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.openapi.models.CreateCritDTO
+import com.sphereon.oid.fed.persistence.models.Crit
+import com.sphereon.oid.fed.services.CritService
+import org.springframework.web.bind.annotation.DeleteMapping
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/accounts/{accountUsername}/crits")
+class CritController {
+    private val critService = CritService()
+
+    @PostMapping
+    fun createCrit(
+        @PathVariable accountUsername: String,
+        @RequestBody body: CreateCritDTO
+    ): Crit {
+        return critService.create(accountUsername, body.claim)
+    }
+
+    @GetMapping
+    fun getCrits(
+        @PathVariable accountUsername: String
+    ): Array<Crit> {
+        return critService.findByAccountUsername(accountUsername)
+    }
+
+    @DeleteMapping("/{id}")
+    fun deleteCrit(
+        @PathVariable accountUsername: String,
+        @PathVariable id: Int
+    ): Crit {
+        return critService.delete(accountUsername, id)
+    }
+}
diff --git a/...in/com/sphereon/oid/fed/server/admin/controllers/EntityConfigurationMetadataController.kt b/...in/com/sphereon/oid/fed/server/admin/controllers/EntityConfigurationMetadataController.kt
@@ -0,0 +1,45 @@
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.openapi.models.CreateMetadataDTO
+import com.sphereon.oid.fed.openapi.models.EntityConfigurationMetadataDTO
+import com.sphereon.oid.fed.services.EntityConfigurationMetadataService
+import org.springframework.web.bind.annotation.DeleteMapping
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/accounts/{accountUsername}/metadata")
+class EntityConfigurationMetadataController {
+    private val entityConfigurationMetadataService = EntityConfigurationMetadataService()
+
+    @GetMapping
+    fun get(
+        @PathVariable accountUsername: String
+    ): Array<EntityConfigurationMetadataDTO> {
+        return entityConfigurationMetadataService.findByAccountUsername(accountUsername)
+    }
+
+    @PostMapping
+    fun create(
+        @PathVariable accountUsername: String,
+        @RequestBody body: CreateMetadataDTO
+    ): EntityConfigurationMetadataDTO {
+        return entityConfigurationMetadataService.createEntityConfigurationMetadata(
+            accountUsername,
+            body.key,
+            body.metadata
+        )
+    }
+
+    @DeleteMapping("/{id}")
+    fun delete(
+        @PathVariable accountUsername: String,
+        @PathVariable id: Int
+    ): EntityConfigurationMetadataDTO {
+        return entityConfigurationMetadataService.deleteEntityConfigurationMetadata(accountUsername, id)
+    }
+}