9449895499

Committed 10 Jun 2024 02:08PM UTC coverage: 51.341% (+0.3%) from 51.047%

Build # 9449895499

Build Type

Pull #38

github

Committed by

wistefan

Commit Message

fix tests

Pull Request Pull Request #38: deny if the credential type is not included

Run Details

8 of 12 new or added lines in 3 files covered. (66.67%)

24 existing lines in 2 files now uncovered.

976 of 1901 relevant lines covered (51.34%)

0.58 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

14.58

/verifier/credentialsConfig.go

package verifier

import (
        "context"
        "fmt"
        "net/url"
        "time"

        "github.com/fiware/VCVerifier/tir"
        "github.com/procyon-projects/chrono"

        "github.com/fiware/VCVerifier/common"
        "github.com/fiware/VCVerifier/config"
        "github.com/fiware/VCVerifier/logging"
        "github.com/patrickmn/go-cache"
        "golang.org/x/exp/maps"
)

const CACHE_EXPIRY = 60

/**
* Provides information about credentialTypes associated with services and there trust anchors.
 */
type CredentialsConfig interface {
        // should return the list of credentialtypes to be requested via the scope parameter
        GetScope(serviceIdentifier string) (credentialTypes []string, err error)
        // get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant.
        GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
        // get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers
        // and that the issuer has permission to issue such claims.
        GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
        // The credential types that are required for the given service and scope
        RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error)
}

type ServiceBackedCredentialsConfig struct {
        initialConfig *config.ConfigRepo
        configClient  *config.ConfigClient
}

func InitServiceBackedCredentialsConfig(repoConfig *config.ConfigRepo) (credentialsConfig CredentialsConfig, err error) {
        var configClient config.ConfigClient
        if repoConfig.ConfigEndpoint == "" {
                logging.Log().Warn("No endpoint for the configuration service is configured. Only static configuration will be provided.")
        } else {

                _, err = url.Parse(repoConfig.ConfigEndpoint)
                if err != nil {
                        logging.Log().Errorf("The service endpoint %s is not a valid url. Err: %v", repoConfig.ConfigEndpoint, err)
                        return
                }
                configClient, err = config.NewCCSHttpClient(repoConfig.ConfigEndpoint)
                if err != nil {
                        logging.Log().Warnf("Was not able to instantiate the config client.")
                }
        }

        scb := ServiceBackedCredentialsConfig{configClient: &configClient, initialConfig: repoConfig}

        err = scb.fillStaticValues()
        if err != nil {
                return nil, err
        }

        if repoConfig.ConfigEndpoint != "" {

                _, err := chrono.NewDefaultTaskScheduler().ScheduleAtFixedRate(scb.fillCache, time.Duration(repoConfig.UpdateInterval)*time.Second)
                if err != nil {
                        logging.Log().Errorf("failed scheduling task: %v", err)
                        return nil, err
                }
        }

        return scb, err
}

func (cc ServiceBackedCredentialsConfig) fillStaticValues() error {
        for _, configuredService := range cc.initialConfig.Services {
                logging.Log().Debugf("Add to service cache: %s", configuredService.Id)
                common.GlobalCache.ServiceCache.Set(configuredService.Id, configuredService, cache.DefaultExpiration)
        }
        return nil
}

func (cc ServiceBackedCredentialsConfig) fillCache(context.Context) {
        configClient := *(cc.configClient)
        services, err := configClient.GetServices()
        if err != nil {
                logging.Log().Warnf("Was not able to update the credentials config from the external service. Will try again. Err: %v.", err)
                return
        }
        for _, configuredService := range services {
                common.GlobalCache.ServiceCache.Set(configuredService.Id, configuredService, cache.DefaultExpiration)

                var tirEndpoints []string

                for serviceScope, credentials := range configuredService.ServiceScopes {
                        for _, credential := range credentials {
                                serviceIssuersLists, err := cc.GetTrustedIssuersLists(configuredService.Id, serviceScope, credential.Type)
                                if err != nil {
                                        logging.Log().Errorf("failed caching issuers lists in fillCache(): %v", err)
                                } else {
                                        tirEndpoints = append(tirEndpoints, serviceIssuersLists...)
                                }
                        }
                }
                common.GlobalCache.TirEndpoints.Set(tir.TirEndpointsCache, tirEndpoints, cache.NoExpiration)
        }

}

func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error) {
        cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
        if hit {
                logging.Log().Debugf("Found service for %s", serviceIdentifier)
                configuredService := cacheEntry.(config.ConfiguredService)
                return configuredService.GetRequiredCredentialTypes(scope), nil
        }
        logging.Log().Errorf("No service entry for %s", serviceIdentifier)
        return []string{}, fmt.Errorf("no service %s configured", serviceIdentifier)
}

// FIXME shall we return all scopes or just the default one?
func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error) {
        cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
        if hit {
                logging.Log().Debugf("Found scope for %s", serviceIdentifier)
                configuredService := cacheEntry.(config.ConfiguredService)
                return maps.Keys(configuredService.ServiceScopes), nil
        }
        logging.Log().Debugf("No scope entry for %s", serviceIdentifier)
        return []string{}, nil
}

func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error) {
        logging.Log().Debugf("Get participants list for %s - %s - %s.", serviceIdentifier, scope, credentialType)
        cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
        if hit {
                credential, ok := cacheEntry.(config.ConfiguredService).GetCredential(scope, credentialType)
                if ok {
                        logging.Log().Debugf("Found trusted participants %s for %s - %s", credential.TrustedParticipantsLists, serviceIdentifier, credentialType)
                        return credential.TrustedParticipantsLists, nil
                }
        }
        logging.Log().Debugf("No trusted participants for %s - %s", serviceIdentifier, credentialType)
        return []string{}, nil
}

func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error) {
        logging.Log().Debugf("Get issuers list for %s - %s - %s.", serviceIdentifier, scope, credentialType)
        cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)
        if hit {
                credential, ok := cacheEntry.(config.ConfiguredService).GetCredential(scope, credentialType)
                if ok {
                        logging.Log().Debugf("Found trusted issuers for %s for %s - %s", credential.TrustedIssuersLists, serviceIdentifier, credentialType)
                        return credential.TrustedIssuersLists, nil
                }
        }
        logging.Log().Debugf("No trusted issuers for %s - %s", serviceIdentifier, credentialType)
        return []string{}, nil
}

1	package verifier
2
3	import (
4	"context"
5	"fmt"
6	"net/url"
7	"time"
8
9	"github.com/fiware/VCVerifier/tir"
10	"github.com/procyon-projects/chrono"
11
12	"github.com/fiware/VCVerifier/common"
13	"github.com/fiware/VCVerifier/config"
14	"github.com/fiware/VCVerifier/logging"
15	"github.com/patrickmn/go-cache"
16	"golang.org/x/exp/maps"
17	)
18
19	const CACHE_EXPIRY = 60
20
21	/**
22	* Provides information about credentialTypes associated with services and there trust anchors.
23	*/
24	type CredentialsConfig interface {
25	// should return the list of credentialtypes to be requested via the scope parameter
26	GetScope(serviceIdentifier string) (credentialTypes []string, err error)
27	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check its issued by a trusted participant.
28	GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
29	// get (EBSI TrustedIssuersRegistry compliant) endpoints for the given service/credential combination, to check that credentials are issued by trusted issuers
30	// and that the issuer has permission to issue such claims.
31	GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error)
32	// The credential types that are required for the given service and scope
33	RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error)
34	}
35
36	type ServiceBackedCredentialsConfig struct {
37	initialConfig *config.ConfigRepo
38	configClient *config.ConfigClient
39	}
40
41	func InitServiceBackedCredentialsConfig(repoConfig *config.ConfigRepo) (credentialsConfig CredentialsConfig, err error) {	1✔
42	var configClient config.ConfigClient	1✔
43	if repoConfig.ConfigEndpoint == "" {	2✔
44	logging.Log().Warn("No endpoint for the configuration service is configured. Only static configuration will be provided.")	1✔
45	} else {	1✔
46		×
47	_, err = url.Parse(repoConfig.ConfigEndpoint)	×
48	if err != nil {	×
49	logging.Log().Errorf("The service endpoint %s is not a valid url. Err: %v", repoConfig.ConfigEndpoint, err)	×
50	return	×
51	}	×
52	configClient, err = config.NewCCSHttpClient(repoConfig.ConfigEndpoint)	×
53	if err != nil {	×
54	logging.Log().Warnf("Was not able to instantiate the config client.")	×
55	}	×
56	}
57
58	scb := ServiceBackedCredentialsConfig{configClient: &configClient, initialConfig: repoConfig}	1✔
59		1✔
60	err = scb.fillStaticValues()	1✔
61	if err != nil {	1✔
62	return nil, err	×
63	}	×
64
65	if repoConfig.ConfigEndpoint != "" {	1✔
NEW 66		×
67	_, err := chrono.NewDefaultTaskScheduler().ScheduleAtFixedRate(scb.fillCache, time.Duration(repoConfig.UpdateInterval)*time.Second)	×
68	if err != nil {	×
69	logging.Log().Errorf("failed scheduling task: %v", err)	×
70	return nil, err	×
71	}	×
72	}
73
74	return scb, err	1✔
75	}
76
77	func (cc ServiceBackedCredentialsConfig) fillStaticValues() error {	1✔
78	for _, configuredService := range cc.initialConfig.Services {	1✔
79	logging.Log().Debugf("Add to service cache: %s", configuredService.Id)	×
NEW 80	common.GlobalCache.ServiceCache.Set(configuredService.Id, configuredService, cache.DefaultExpiration)	×
81	}	×
82	return nil	1✔
83	}
84
85	func (cc ServiceBackedCredentialsConfig) fillCache(context.Context) {	×
86	configClient := *(cc.configClient)	×
87	services, err := configClient.GetServices()	×
88	if err != nil {	×
89	logging.Log().Warnf("Was not able to update the credentials config from the external service. Will try again. Err: %v.", err)	×
90	return	×
91	}	×
92	for _, configuredService := range services {	×
NEW 93	common.GlobalCache.ServiceCache.Set(configuredService.Id, configuredService, cache.DefaultExpiration)	×
94		×
95	var tirEndpoints []string	×
96		×
97	for serviceScope, credentials := range configuredService.ServiceScopes {	×
98	for _, credential := range credentials {	×
99	serviceIssuersLists, err := cc.GetTrustedIssuersLists(configuredService.Id, serviceScope, credential.Type)	×
100	if err != nil {	×
101	logging.Log().Errorf("failed caching issuers lists in fillCache(): %v", err)	×
102	} else {	×
103	tirEndpoints = append(tirEndpoints, serviceIssuersLists...)	×
104	}	×
105	}
106	}
NEW 107	common.GlobalCache.TirEndpoints.Set(tir.TirEndpointsCache, tirEndpoints, cache.NoExpiration)	×
108	}
109
110	}
111
112	func (cc ServiceBackedCredentialsConfig) RequiredCredentialTypes(serviceIdentifier string, scope string) (credentialTypes []string, err error) {	×
113	cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)	×
114	if hit {	×
115	logging.Log().Debugf("Found service for %s", serviceIdentifier)	×
116	configuredService := cacheEntry.(config.ConfiguredService)	×
117	return configuredService.GetRequiredCredentialTypes(scope), nil	×
118	}	×
119	logging.Log().Errorf("No service entry for %s", serviceIdentifier)	×
120	return []string{}, fmt.Errorf("no service %s configured", serviceIdentifier)	×
121	}
122
123	// FIXME shall we return all scopes or just the default one?
124	func (cc ServiceBackedCredentialsConfig) GetScope(serviceIdentifier string) (credentialTypes []string, err error) {	×
125	cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)	×
126	if hit {	×
127	logging.Log().Debugf("Found scope for %s", serviceIdentifier)	×
128	configuredService := cacheEntry.(config.ConfiguredService)	×
129	return maps.Keys(configuredService.ServiceScopes), nil	×
130	}	×
131	logging.Log().Debugf("No scope entry for %s", serviceIdentifier)	×
132	return []string{}, nil	×
133	}
134
135	func (cc ServiceBackedCredentialsConfig) GetTrustedParticipantLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error) {	×
136	logging.Log().Debugf("Get participants list for %s - %s - %s.", serviceIdentifier, scope, credentialType)	×
137	cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)	×
138	if hit {	×
139	credential, ok := cacheEntry.(config.ConfiguredService).GetCredential(scope, credentialType)	×
140	if ok {	×
141	logging.Log().Debugf("Found trusted participants %s for %s - %s", credential.TrustedParticipantsLists, serviceIdentifier, credentialType)	×
142	return credential.TrustedParticipantsLists, nil	×
143	}	×
144	}
145	logging.Log().Debugf("No trusted participants for %s - %s", serviceIdentifier, credentialType)	×
146	return []string{}, nil	×
147	}
148
149	func (cc ServiceBackedCredentialsConfig) GetTrustedIssuersLists(serviceIdentifier string, scope string, credentialType string) (trustedIssuersRegistryUrl []string, err error) {	×
150	logging.Log().Debugf("Get issuers list for %s - %s - %s.", serviceIdentifier, scope, credentialType)	×
151	cacheEntry, hit := common.GlobalCache.ServiceCache.Get(serviceIdentifier)	×
152	if hit {	×
153	credential, ok := cacheEntry.(config.ConfiguredService).GetCredential(scope, credentialType)	×
154	if ok {	×
155	logging.Log().Debugf("Found trusted issuers for %s for %s - %s", credential.TrustedIssuersLists, serviceIdentifier, credentialType)	×
156	return credential.TrustedIssuersLists, nil	×
157	}	×
158	}
159	logging.Log().Debugf("No trusted issuers for %s - %s", serviceIdentifier, credentialType)	×
160	return []string{}, nil	×
161	}

FIWARE / VCVerifier / 9449895499

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous