Merge branch 'develop' into feature/OIDF-15

# Conflicts:
#	.env
#	.github/workflows/ci.yml
#	.gitignore
#	README.md
#	modules/openid-federation-common/build.gradle.kts
#	modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/httpclient/OidFederationClient.kt
#	modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/jwt/JoseJwt.kt
#	modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/mapper/JsonMapper.kt
#	modules/openid-federation-common/src/jsMain/kotlin/com/sphereon/oid/fed/common/jwt/JoseJwt.js.kt
#	modules/openid-federation-common/src/jsTest/kotlin/com/sphereon/oid/fed/common/jwt/JoseJwtTest.js.kt
#	modules/openid-federation-common/src/jvmMain/kotlin/com/sphereon/oid/fed/common/jwt/JoseJwt.jvm.kt
#	modules/openid-federation-common/src/jvmTest/kotlin/com/sphereon/oid/fed/common/httpclient/OidFederationClientTest.kt
#	modules/openid-federation-common/src/jvmTest/kotlin/com/sphereon/oid/fed/common/jwt/JoseJwtTest.jvm.kt
#	modules/persistence/src/commonMain/kotlin/com/sphereon/oid/fed/persistence/Persistence.kt
#	modules/persistence/src/commonMain/kotlin/com/sphereon/oid/fed/persistence/repositories/AccountRepository.kt
#	modules/persistence/src/commonMain/kotlin/com/sphereon/oid/fed/persistence/repositories/KeyRepository.kt
#	modules/persistence/src/jvmMain/kotlin/com.sphereon.oid.fed.persistence/Persistence.jvm.kt

.docker/admin-server/Dockerfile

@@ -0,0 +1,19 @@
+FROM openjdk:21-jdk as builder
+RUN microdnf install findutils
+
+WORKDIR /app
+
+COPY . /app
+
+RUN chmod +x ./gradlew
+
+RUN ./gradlew :modules:admin-server:jar -x test -x allTests -x jsBrowserTest
+
+FROM openjdk:21-jdk as runner
+
+WORKDIR /app
+
+COPY .env .env
+COPY --from=builder /app/modules/admin-server/build/libs/admin-server-0.0.1.jar ./admin-server-0.0.1.jar
+
+ENTRYPOINT ["java", "-jar", "admin-server-0.0.1.jar"]

.docker/federation-server/Dockerfile

@@ -0,0 +1,19 @@
+FROM openjdk:21-jdk as builder
+RUN microdnf install findutils
+
+WORKDIR /app
+
+COPY . /app
+
+RUN chmod +x ./gradlew
+
+RUN ./gradlew :modules:federation-server:jar -x test -x allTests -x jsBrowserTest
+
+FROM openjdk:21-jdk as runner
+
+WORKDIR /app
+
+COPY .env .env
+COPY --from=builder /app/modules/federation-server/build/libs/federation-server-0.0.1.jar ./federation-server-0.0.1.jar
+
+ENTRYPOINT ["java", "-jar", "federation-server-0.0.1.jar"]

.env

@@ -1,5 +1,5 @@
-DATASOURCE_URL=jdbc:postgresql://localhost:5432/openid-federation-db
+DATASOURCE_URL=jdbc:postgresql://db:5432/openid-federation-db
 DATASOURCE_USER=openid-federation-db-user
 DATASOURCE_PASSWORD=openid-federation-db-password
 DATASOURCE_DB=openid-federation-db
-APP_KEY=Nit5tWts42QeCynT1Q476LyStDeSd4xb
+APP_KEY=Nit5tWts42QeCynT1Q476LyStDeSd4xb

.github/workflows/ci.yml

@@ -19,7 +19,7 @@ jobs:
           java-version: 17
 
       - name: Build the stack
-        run: docker compose -f docker-compose.yaml up -d
+        run: docker compose -f docker-compose.yaml up db -d
         env:
           DATASOURCE_USER: ${{ secrets.DATASOURCE_USER }}
           DATASOURCE_PASSWORD: ${{ secrets.DATASOURCE_PASSWORD }}

.gitignore

@@ -20,6 +20,5 @@ captures
 /platforms/
 /platform-tools/
 /.temp/
-/docker/.env
 /.run/*
-kotlin-js-store/
+kotlin-js-store/

README.md

@@ -15,7 +15,7 @@ In the context of OpenID Federation, Entity Statements play a crucial role. Thes
 about the entity, such as its public keys and metadata. This framework allows entities to assert their identity and
 capabilities in a standardized manner, enabling seamless integration and interoperability within federations.
 
-## Key Concepts
+# Key Concepts
 
 - **Federation**: A group of organizations that agree to interoperate under a set of common rules defined in a
   federation policy.
@@ -92,3 +92,37 @@ purposes. **It is not intended for use in production environments** due to signi
 
 - Entity Statements can include additional claims as required by applications and protocols.
 - Metadata in Subordinate Statements overrides that in the Entity’s own configuration.
+
+# Servers Deployment Instructions
+
+## Docker Setup
+
+For seamless deployment of the OpenID Federation servers, Docker and Docker Compose offer the most efficient and
+straightforward approach.
+
+## Essential Commands
+
+### Build Docker Images
+
+- `docker compose build` - Compile the Docker images for the services.
+- `docker compose build --no-cache` - Compile the Docker images without utilizing the build cache, ensuring a clean
+  build.
+
+### Manage Services:
+
+- `docker compose up` - Initiate the services.
+- `docker compose up -d` - Launch the services in detached mode, allowing them to run in the background.
+- `docker compose down` - Terminate the services.
+- `docker compose down -v` - Terminate the services and remove associated volumes.
+- `docker compose up db -d` - Start only the database container in detached mode for isolated database operations.
+- `docker compose up federation-server -d` - Start only the Federation Server in detached mode.
+
+## API Endpoints via Docker
+
+* Federation API: Accessible at http://localhost:8080
+* Admin Server API: Accessible at http://localhost:8081
+
+## Local Key Management System - Important Notice
+
+Local Key Management Service is designed primarily for testing, development, and local experimentation
+purposes. **It is not intended for use in production environments** due to significant security and compliance risks.

docker-compose.yaml

@@ -1,23 +1,63 @@
-version: '3.9'
-
 services:
   db:
     image: postgres:latest
     container_name: openid-federation-datastore
     environment:
       POSTGRES_USER: ${DATASOURCE_USER}
       POSTGRES_PASSWORD: ${DATASOURCE_PASSWORD}
-      POSTGRES_DB: openid-federation-db
+      POSTGRES_DB: ${DATASOURCE_DB}
     ports:
       - "5432:5432"
     volumes:
       - postgres_data:/var/lib/postgresql/data
     networks:
       - openid_network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d ${DATASOURCE_DB} -U ${DATASOURCE_USER}"]
+      interval: 3s
+      timeout: 5s
+      retries: 20
+
+  federation-server:
+    build:
+      context: .
+      dockerfile: ./.docker/federation-server/Dockerfile
+    ports:
+      - "8080:8080"
+    container_name: openid-federation-server
+    environment:
+      DATASOURCE_URL: ${DATASOURCE_URL}
+      DATASOURCE_USER: ${DATASOURCE_USER}
+      DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+    depends_on:
+      admin-server:
+        condition: service_started
+      db:
+        condition: service_healthy
+    networks:
+      - openid_network
+
+  admin-server:
+    build:
+      context: .
+      dockerfile: ./.docker/admin-server/Dockerfile
+    ports:
+      - "8081:8080"
+    container_name: openid-federation-server-admin
+    environment:
+      DATASOURCE_URL: ${DATASOURCE_URL}
+      DATASOURCE_USER: ${DATASOURCE_USER}
+      DATASOURCE_PASSWORD: ${DATASOURCE_PASSWORD}
+      APP_KEY: ${APP_KEY}
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - openid_network
 
 networks:
   openid_network:
     driver: bridge
 
 volumes:
-  postgres_data:
+  postgres_data:

modules/admin-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/SubordinateController.kt

@@ -0,0 +1,19 @@
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.persistence.models.Subordinate
+import com.sphereon.oid.fed.services.SubordinateService
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/accounts/{accountUsername}/subordinates")
+class SubordinateController {
+    private val subordinateService = SubordinateService()
+
+    @GetMapping
+    fun getSubordinates(@PathVariable accountUsername: String): List<Subordinate> {
+        return subordinateService.findSubordinatesByAccount(accountUsername)
+    }
+}

modules/admin-server/src/main/resources/application.properties

@@ -1,12 +1,9 @@
 spring.config.import=optional:file:../../.env[.properties]
-
-spring.application.name=OpenID Federation
-
+spring.application.name=OpenID Federation Admin Server
 spring.datasource.url=${DATASOURCE_URL}
 spring.datasource.username=${DATASOURCE_USER}
 spring.datasource.password=${DATASOURCE_PASSWORD}
 spring.datasource.driver-class-name=org.postgresql.Driver
-
 # Mapping /actuator/health to /status
 management.endpoints.web.base-path=/
 management.endpoints.web.path-mapping.health=status

modules/admin-server/src/test/kotlin/com/sphereon/oid/fed/server/admin/ApplicationTests.kt

@@ -6,8 +6,8 @@ import org.springframework.boot.test.context.SpringBootTest
 @SpringBootTest
 class ApplicationTests {
 
-  @Test
-  fun contextLoads() {
-  }
+    @Test
+    fun contextLoads() {
+    }
 
 }

modules/admin-server/src/test/kotlin/com/sphereon/oid/fed/server/admin/StatusEndpointTest.kt

@@ -1,12 +1,13 @@
 package com.sphereon.oid.fed.server.admin
 
 import org.junit.jupiter.api.Test
+import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
 import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.test.web.servlet.MockMvc
-import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
-import org.springframework.test.web.servlet.result.MockMvcResultMatchers.*
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath
+import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
 
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)

modules/federation-server/README.md

@@ -0,0 +1,27 @@
+# Federation Server
+
+API
+<br>
+```/status``` - To check health status
+
+<br>
+
+Add environment file (.env) with following properties
+
+```
+DATASOURCE_USER=<USER>
+DATASOURCE_PASSWORD=<PASSWORD>
+DATASOURCE_URL=<URL>
+```
+
+To build
+<br>
+```./gradlew :modules:federation-server:build```
+
+To run
+<br>
+```./gradlew :modules:federation-server:bootRun```
+
+To run tests
+<br>
+```./gradlew :modules:federation-server:test```

modules/federation-server/build.gradle.kts

@@ -0,0 +1,46 @@
+plugins {
+    alias(libs.plugins.springboot)
+    alias(libs.plugins.springDependencyManagement)
+    alias(libs.plugins.kotlinJvm)
+    alias(libs.plugins.kotlinPluginSpring)
+    application
+}
+
+group = "com.sphereon.oid.fed.server.federation"
+version = "0.0.1"
+
+java {
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(21)
+    }
+}
+
+dependencies {
+    api(projects.modules.openapi)
+    api(projects.modules.openidFederationCommon)
+    api(projects.modules.persistence)
+    api(projects.modules.services)
+    implementation(libs.springboot.actuator)
+    implementation(libs.springboot.web)
+    implementation(libs.springboot.data.jdbc)
+    implementation(libs.kotlin.reflect)
+    testImplementation(libs.springboot.test)
+    testImplementation(libs.testcontainer.junit)
+    testImplementation(libs.springboot.testcontainer)
+    runtimeOnly(libs.springboot.devtools)
+}
+
+kotlin {
+    compilerOptions {
+        freeCompilerArgs.addAll("-Xjsr305=strict")
+    }
+}
+
+tasks.withType<Test> {
+    useJUnitPlatform()
+    testLogging {
+        setExceptionFormat("full")
+        events("started", "skipped", "passed", "failed")
+        showStandardStreams = true
+    }
+}

modules/federation-server/src/main/kotlin/com/sphereon/oid/fed/server/federation/Application.kt

@@ -0,0 +1,11 @@
+package com.sphereon.oid.fed.server.federation
+
+import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.runApplication
+
+@SpringBootApplication
+class Application
+
+fun main(args: Array<String>) {
+    runApplication<Application>(*args)
+}

modules/federation-server/src/main/kotlin/com/sphereon/oid/fed/server/federation/controllers/FederationController.kt

@@ -0,0 +1,38 @@
+package com.sphereon.oid.fed.server.federation.controllers
+
+import com.sphereon.oid.fed.services.SubordinateService
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping()
+class FederationController {
+    private val subordinateService = SubordinateService()
+
+    @GetMapping("/.well-known/openid-federation")
+    fun getRootEntityConfigurationStatement(): String {
+        throw NotImplementedError()
+    }
+
+    @GetMapping("/{username}/.well-known/openid-federation")
+    fun getAccountEntityConfigurationStatement(@PathVariable username: String): String {
+        throw NotImplementedError()
+    }
+
+    @GetMapping("/list")
+    fun getRootSubordinatesList(): List<String> {
+        return subordinateService.findSubordinatesByAccountAsList("root")
+    }
+
+    @GetMapping("/{username}/list")
+    fun getSubordinatesList(@PathVariable username: String): List<String> {
+        return subordinateService.findSubordinatesByAccountAsList(username)
+    }
+
+    @GetMapping("/fetch")
+    fun getSubordinateStatement(): List<String> {
+        throw NotImplementedError()
+    }
+}