build(v2.0.0-RC5): merge main into dev #691

Reviewed-By: Evelyn Gurschler <[email protected]>

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Backend.
 
+## 2.0.0-RC5
+
+### Changes
+* **Administration Service**
+* adjusted POST: api/administration/companydata/useCaseParticipation to create framework credentials with the ssi credential issuer
+
+### Bugfix
+* **Process Worker**
+* adjusted technical user creation process
+
 ## 2.0.0-RC4
 
 ### Changes

src/Directory.Build.props

@@ -20,6 +20,6 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>2.0.0</VersionPrefix>
-    <VersionSuffix>RC4</VersionSuffix>
+    <VersionSuffix>RC5</VersionSuffix>
   </PropertyGroup>
 </Project>

src/administration/Administration.Service/BusinessLogic/ICompanyDataBusinessLogic.cs

@@ -43,7 +43,7 @@ public interface ICompanyDataBusinessLogic
 
     Task<IEnumerable<SsiCertificateData>> GetSsiCertificatesAsync();
 
-    Task CreateUseCaseParticipation(UseCaseParticipationCreationData data, CancellationToken cancellationToken);
+    Task<Guid> CreateUseCaseParticipation(UseCaseParticipationCreationData data, CancellationToken cancellationToken);
     Task CreateSsiCertificate(SsiCertificateCreationData data, CancellationToken cancellationToken);
 
     Task<Pagination.Response<CredentialDetailData>> GetCredentials(int page, int size, CompanySsiDetailStatusId? companySsiDetailStatusId, VerifiedCredentialTypeId? credentialTypeId, string? companyName, CompanySsiDetailSorting? sorting);

src/administration/Administration.Service/BusinessLogic/ServiceAccountBusinessLogic.cs

@@ -36,6 +36,7 @@
 using Org.Eclipse.TractusX.Portal.Backend.Provisioning.Library.Enums;
 using Org.Eclipse.TractusX.Portal.Backend.Provisioning.Library.Models;
 using Org.Eclipse.TractusX.Portal.Backend.Provisioning.Library.Service;
+using ServiceAccountData = Org.Eclipse.TractusX.Portal.Backend.PortalBackend.DBAccess.Models.ServiceAccountData;
 
 namespace Org.Eclipse.TractusX.Portal.Backend.Administration.Service.BusinessLogic;
 
@@ -318,10 +319,10 @@ public async Task HandleServiceAccountCreationCallback(Guid processId, Authentic
         switch (processData.ProcessTypeId)
         {
             case ProcessTypeId.OFFER_SUBSCRIPTION:
-                HandleOfferSubscriptionTechnicalUserCallback(processId, callbackData, context, processData.SubscriptionData ?? throw new UnexpectedConditionException("subcriptionData should never be null here"));
+                await HandleOfferSubscriptionTechnicalUserCallback(processId, callbackData, context, processData.SubscriptionData ?? throw new UnexpectedConditionException("subcriptionData should never be null here")).ConfigureAwait(false);
                 break;
             case ProcessTypeId.DIM_TECHNICAL_USER:
-                HandleDimTechnicalUserCallback(callbackData, processData.ServiceAccountData ?? throw new UnexpectedConditionException("serviceAccountData should never be null here"));
+                await HandleDimTechnicalUserCallback(callbackData, processData.ServiceAccountData ?? throw new UnexpectedConditionException("serviceAccountData should never be null here")).ConfigureAwait(false);
                 break;
             default:
                 throw new ControllerArgumentException($"process {processId} has invalid processType {processData.ProcessTypeId}");
@@ -331,7 +332,7 @@ public async Task HandleServiceAccountCreationCallback(Guid processId, Authentic
         await portalRepositories.SaveAsync().ConfigureAwait(ConfigureAwaitOptions.None);
     }
 
-    private void HandleOfferSubscriptionTechnicalUserCallback(Guid processId, AuthenticationDetail callbackData, ManualProcessStepData context, (Guid? OfferSubscriptionId, Guid? CompanyId, string? OfferName) subscriptionData)
+    private async Task HandleOfferSubscriptionTechnicalUserCallback(Guid processId, AuthenticationDetail callbackData, ManualProcessStepData context, SubscriptionData subscriptionData)
     {
         if (subscriptionData.OfferSubscriptionId is null)
         {
@@ -349,11 +350,11 @@ private void HandleOfferSubscriptionTechnicalUserCallback(Guid processId, Authen
         }
 
         var name = $"sa-{subscriptionData.OfferName}-{subscriptionData.OfferSubscriptionId}";
-        CreateDimServiceAccount(callbackData, subscriptionData.CompanyId.Value, name, CompanyServiceAccountTypeId.MANAGED, x => x.OfferSubscriptionId = subscriptionData.OfferSubscriptionId);
+        await CreateDimServiceAccount(callbackData, subscriptionData.CompanyId.Value, name, CompanyServiceAccountTypeId.MANAGED, x => x.OfferSubscriptionId = subscriptionData.OfferSubscriptionId).ConfigureAwait(false);
         context.ScheduleProcessSteps([ProcessStepTypeId.TRIGGER_ACTIVATE_SUBSCRIPTION]);
     }
 
-    private void HandleDimTechnicalUserCallback(AuthenticationDetail callbackData, (string? ServiceAccountName, Guid? CompanyId) serviceAccountData)
+    private async Task HandleDimTechnicalUserCallback(AuthenticationDetail callbackData, ServiceAccountData serviceAccountData)
     {
         if (serviceAccountData.ServiceAccountName is null)
         {
@@ -366,10 +367,10 @@ private void HandleDimTechnicalUserCallback(AuthenticationDetail callbackData, (
         }
 
         var name = $"dim-{serviceAccountData.ServiceAccountName}";
-        CreateDimServiceAccount(callbackData, serviceAccountData.CompanyId.Value, name, CompanyServiceAccountTypeId.OWN, null);
+        await CreateDimServiceAccount(callbackData, serviceAccountData.CompanyId.Value, name, CompanyServiceAccountTypeId.OWN, null).ConfigureAwait(false);
     }
 
-    private void CreateDimServiceAccount(AuthenticationDetail callbackData, Guid companyId, string name, CompanyServiceAccountTypeId serviceAccountTypeId, Action<CompanyServiceAccount>? setOptionalParameters)
+    private async Task CreateDimServiceAccount(AuthenticationDetail callbackData, Guid companyId, string name, CompanyServiceAccountTypeId serviceAccountTypeId, Action<CompanyServiceAccount>? setOptionalParameters)
     {
         var identity = portalRepositories.GetInstance<IUserRepository>().CreateIdentity(companyId, UserStatusId.ACTIVE, IdentityTypeId.COMPANY_SERVICE_ACCOUNT, null);
         var serviceAccountRepository = portalRepositories.GetInstance<IServiceAccountRepository>();
@@ -381,6 +382,13 @@ private void CreateDimServiceAccount(AuthenticationDetail callbackData, Guid com
             serviceAccountTypeId,
             setOptionalParameters);
 
+        var userRolesRepository = portalRepositories.GetInstance<IUserRolesRepository>();
+        var userRoleData = await userRolesRepository.GetUserRoleDataUntrackedAsync(_settings.DimCreationRoles).ToListAsync().ConfigureAwait(false);
+        foreach (var roleData in userRoleData)
+        {
+            userRolesRepository.CreateIdentityAssignedRole(serviceAccount.Id, roleData.UserRoleId);
+        }
+
         var cryptoConfig = _settings.EncryptionConfigs.SingleOrDefault(x => x.Index == _settings.EncryptionConfigIndex) ?? throw new ConfigurationException($"EncryptionModeIndex {_settings.EncryptionConfigIndex} is not configured");
         var (secret, initializationVector) = CryptoHelper.Encrypt(callbackData.ClientSecret, Convert.FromHexString(cryptoConfig.EncryptionKey), cryptoConfig.CipherMode, cryptoConfig.PaddingMode);
 

src/administration/Administration.Service/Controllers/CompanyDataController.cs

@@ -236,11 +236,8 @@ public IAsyncEnumerable<VerifiedCredentialTypeId> GetCertificateTypes() =>
     [Route("useCaseParticipation")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
-    public async Task<NoContentResult> CreateUseCaseParticipation([FromForm] UseCaseParticipationCreationData data, CancellationToken cancellationToken)
-    {
-        await _logic.CreateUseCaseParticipation(data, cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
-        return NoContent();
-    }
+    public Task<Guid> CreateUseCaseParticipation([FromForm] UseCaseParticipationCreationData data, CancellationToken cancellationToken) =>
+        _logic.CreateUseCaseParticipation(data, cancellationToken);
 
     /// <summary>
     /// Creates the SSI Certificate request

src/administration/Administration.Service/Controllers/ServiceAccountController.cs

@@ -196,12 +196,12 @@ public IAsyncEnumerable<UserRoleWithDescription> GetServiceAccountRolesAsync(str
     /// </summary>
     /// <param name="processId">The processId that was passed as externalId with the request for creation of the technical user.</param>
     /// <param name="callbackData">Information of the technical user which was created.</param>
-    /// <remarks>Example: POST: api/administration/serviceaccount/cllback/{externalId}</remarks>
+    /// <remarks>Example: POST: api/administration/serviceaccount/callback/{externalId}</remarks>
     /// <response code="200">returns all service account roles</response>
     [HttpPost]
     [Authorize(Roles = "technical_roles_management")]
-    [Authorize(Policy = PolicyTypes.ValidCompany)]
-    [Route("callback/{externalId}")]
+    [Authorize(Policy = PolicyTypes.ServiceAccount)]
+    [Route("callback/{processId}")]
     public async Task<OkResult> ServiceAccountCreationCallback([FromRoute] Guid processId, [FromBody] AuthenticationDetail callbackData)
     {
         await _logic.HandleServiceAccountCreationCallback(processId, callbackData).ConfigureAwait(ConfigureAwaitOptions.None);

src/administration/Administration.Service/Models/UseCaseParticipationCreationData.cs

@@ -18,15 +18,16 @@
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
 
+using Org.Eclipse.TractusX.Portal.Backend.IssuerComponent.Library.Models;
 using Org.Eclipse.TractusX.Portal.Backend.PortalBackend.PortalEntities.Enums;
 
 namespace Org.Eclipse.TractusX.Portal.Backend.Administration.Service.Models;
 
 public record UseCaseParticipationCreationData
 (
     Guid VerifiedCredentialExternalTypeDetailId,
-    VerifiedCredentialTypeId CredentialType,
-    IFormFile Document
+    UseCaseFrameworkId Framework,
+    IFormFile? Document
 );
 
 public record SsiCertificateCreationData

src/externalsystems/IssuerComponent.Library/BusinessLogic/IIssuerComponentBusinessLogic.cs

@@ -28,4 +28,5 @@ public interface IIssuerComponentBusinessLogic
     Task StoreBpnlCredentialResponse(Guid applicationId, IssuerResponseData data);
     Task<IApplicationChecklistService.WorkerChecklistProcessStepExecutionResult> CreateMembershipCredential(IApplicationChecklistService.WorkerChecklistProcessStepData context, CancellationToken cancellationToken);
     Task StoreMembershipCredentialResponse(Guid applicationId, IssuerResponseData data);
+    Task<Guid> CreateFrameworkCredentialData(Guid useCaseFrameworkVersionId, UseCaseFrameworkId frameworkId, Guid identityId, CancellationToken cancellationToken);
 }

src/externalsystems/IssuerComponent.Library/BusinessLogic/IssuerComponentBusinessLogic.cs

@@ -174,4 +174,29 @@ public async Task StoreMembershipCredentialResponse(Guid applicationId, IssuerRe
                 ? [ProcessStepTypeId.START_CLEARING_HOUSE]
                 : null);
     }
+
+    public async Task<Guid> CreateFrameworkCredentialData(Guid useCaseFrameworkVersionId, UseCaseFrameworkId frameworkId, Guid identityId, CancellationToken cancellationToken)
+    {
+        var (holder, businessPartnerNumber, walletInformation) = await repositories.GetInstance<ICompanyRepository>().GetWalletData(identityId).ConfigureAwait(false);
+        if (holder is null)
+        {
+            throw new ConflictException("The holder must be set");
+        }
+
+        if (businessPartnerNumber is null)
+        {
+            throw new ConflictException("The bpn must be set");
+        }
+
+        if (walletInformation is null)
+        {
+            throw new ConflictException("The wallet information must be set");
+        }
+
+        var cryptoConfig = _settings.EncryptionConfigs.SingleOrDefault(x => x.Index == walletInformation.EncryptionMode) ?? throw new ConfigurationException($"EncryptionModeIndex {walletInformation.EncryptionMode} is not configured");
+        var secret = CryptoHelper.Decrypt(walletInformation.ClientSecret, walletInformation.InitializationVector, Convert.FromHexString(cryptoConfig.EncryptionKey), cryptoConfig.CipherMode, cryptoConfig.PaddingMode);
+
+        var data = new CreateFrameworkCredentialRequest(holder, businessPartnerNumber, frameworkId, useCaseFrameworkVersionId, new TechnicalUserDetails(walletInformation.WalletUrl, walletInformation.ClientId, secret), null);
+        return await service.CreateFrameworkCredential(data, cancellationToken).ConfigureAwait(false);
+    }
 }

src/externalsystems/IssuerComponent.Library/Models/CreateFrameworkCredentialRequest.cs

@@ -0,0 +1,31 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+using System.Text.Json.Serialization;
+
+namespace Org.Eclipse.TractusX.Portal.Backend.IssuerComponent.Library.Models;
+
+public record CreateFrameworkCredentialRequest(
+    [property: JsonPropertyName("holder")] string Holder,
+    [property: JsonPropertyName("businessPartnerNumber")] string HolderBpn,
+    [property: JsonPropertyName("useCaseFrameworkId")] UseCaseFrameworkId UseCaseFrameworkId,
+    [property: JsonPropertyName("useCaseFrameworkVersionId")] Guid UseCaseFrameworkVersionId,
+    [property: JsonPropertyName("technicalUserDetails")] TechnicalUserDetails? TechnicalUserDetails,
+    [property: JsonPropertyName("callbackUrl")] string? CallbackUrl
+);

src/externalsystems/IssuerComponent.Library/Models/UseCaseFrameworkId.cs

@@ -0,0 +1,55 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+using System.Runtime.Serialization;
+
+namespace Org.Eclipse.TractusX.Portal.Backend.IssuerComponent.Library.Models;
+
+public enum UseCaseFrameworkId
+{
+    [EnumMember(Value = "TraceabilityCredential")]
+    TRACEABILITY_CREDENTIAL = 1,
+
+    [EnumMember(Value = "PcfCredential")]
+    PCF_CREDENTIAL = 2,
+
+    [EnumMember(Value = "BehaviorTwinCredential")]
+    BEHAVIOR_TWIN_CREDENTIAL = 3,
+
+    [EnumMember(Value = "vehicleDismantle")]
+    VEHICLE_DISMANTLE = 4,
+
+    [EnumMember(Value = "CircularEconomyCredential")]
+    CIRCULAR_ECONOMY = 5,
+
+    [EnumMember(Value = "QualityCredential")]
+    QUALITY_CREDENTIAL = 6,
+
+    [EnumMember(Value = "BusinessPartnerCredential")]
+    BUSINESS_PARTNER_NUMBER = 7,
+
+    [EnumMember(Value = "DemandCapacityCredential")]
+    DEMAND_AND_CAPACITY_MANAGEMENT = 8,
+
+    [EnumMember(Value = "DemandCapacityCredential")]
+    DEMAND_AND_CAPACITY_MANAGEMENT_PURIS = 9,
+
+    [EnumMember(Value = "BusinessPartnerCredential")]
+    BUSINESS_PARTNER_DATA_MANAGEMENT = 10
+}

src/externalsystems/IssuerComponent.Library/Service/IIssuerComponentService.cs

@@ -25,4 +25,5 @@ public interface IIssuerComponentService
 {
     Task<bool> CreateBpnlCredential(CreateBpnCredentialRequest data, CancellationToken cancellationToken);
     Task<bool> CreateMembershipCredential(CreateMembershipCredentialRequest data, CancellationToken cancellationToken);
+    Task<Guid> CreateFrameworkCredential(CreateFrameworkCredentialRequest data, CancellationToken cancellationToken);
 }

src/externalsystems/IssuerComponent.Library/Service/IssuerComponentService.cs

@@ -48,4 +48,12 @@ await httpClient.PostAsJsonAsync("/api/issuer/membership", data, Options, cancel
             .CatchingIntoServiceExceptionFor("issuer-component-membership-post", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE).ConfigureAwait(false);
         return true;
     }
+
+    public async Task<Guid> CreateFrameworkCredential(CreateFrameworkCredentialRequest data, CancellationToken cancellationToken)
+    {
+        var httpClient = await tokenService.GetAuthorizedClient<IssuerComponentService>(_settings, cancellationToken).ConfigureAwait(false);
+        var result = await httpClient.PostAsJsonAsync("/api/issuer/framework", data, Options, cancellationToken)
+            .CatchingIntoServiceExceptionFor("issuer-component-framework-post", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE).ConfigureAwait(false);
+        return await result.Content.ReadFromJsonAsync<Guid>(cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
+    }
 }

src/marketplace/Offers.Library/Service/OfferSetupService.cs

@@ -582,7 +582,7 @@ await _notificationService.CreateNotifications(
         await _dimService.CreateTechnicalUser(bpn, new TechnicalUserData(processId.Value, $"sa-{offerName}-{offerSubscriptionId}"), cancellationToken).ConfigureAwait(ConfigureAwaitOptions.None);
         return new ValueTuple<IEnumerable<ProcessStepTypeId>?, ProcessStepStatusId, bool, string?>(
             [
-                ProcessStepTypeId.AWAIT_DIM_RESPONSE
+                ProcessStepTypeId.AWAIT_CREATE_DIM_TECHNICAL_USER_RESPONSE
             ],
             ProcessStepStatusId.DONE,
             true,

src/portalbackend/PortalBackend.DBAccess/Models/ServiceAccountData.cs

@@ -0,0 +1,22 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+namespace Org.Eclipse.TractusX.Portal.Backend.PortalBackend.DBAccess.Models;
+
+public record ServiceAccountData(string? ServiceAccountName, Guid? CompanyId);

src/portalbackend/PortalBackend.DBAccess/Models/SubscriptionData.cs

@@ -0,0 +1,22 @@
+/********************************************************************************
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+namespace Org.Eclipse.TractusX.Portal.Backend.PortalBackend.DBAccess.Models;
+
+public record SubscriptionData(Guid? OfferSubscriptionId, Guid? CompanyId, string? OfferName);