FIWARE / contract-management / #67

Committed 27 Oct 2025 12:33PM UTC coverage: 1.686% (+0.04%) from 1.651%

Build # #67

Build Type

Committed by

Commit Message

wait for the policy

Pull Request Pull Request #12: Support for central marketplace and policy creation

Run Details

117 of 1238 new or added lines in 31 files covered. (9.45%)

5 existing lines in 2 files now uncovered.

587 of 34807 relevant lines covered (1.69%)

0.02 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/main/java/org/fiware/iam/Application.java

package org.fiware.iam;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.PropertyNamingStrategies;
import com.fasterxml.jackson.databind.module.SimpleModule;
import com.nimbusds.jose.JWEAlgorithm;
import io.github.wistefan.dcql.DCQLEvaluator;
import io.github.wistefan.dcql.DcSdJwtCredentialEvaluator;
import io.github.wistefan.dcql.JwtCredentialEvaluator;
import io.github.wistefan.dcql.VcSdJwtCredentialEvaluator;
import io.github.wistefan.dcql.model.CredentialFormat;
import io.github.wistefan.dcql.model.TrustedAuthorityType;
import io.github.wistefan.oid4vp.HolderSigningService;
import io.github.wistefan.oid4vp.OID4VPClient;
import io.github.wistefan.oid4vp.SigningService;
import io.github.wistefan.oid4vp.client.X509SanDnsClientResolver;
import io.github.wistefan.oid4vp.config.HolderConfiguration;
import io.github.wistefan.oid4vp.credentials.CredentialsRepository;
import io.github.wistefan.oid4vp.credentials.FileSystemCredentialsRepository;
import io.github.wistefan.oid4vp.mapping.CredentialFormatDeserializer;
import io.github.wistefan.oid4vp.mapping.TrustedAuthorityTypeDeserializer;
import io.micronaut.context.annotation.Bean;
import io.micronaut.context.annotation.Factory;
import io.micronaut.context.annotation.Requires;
import io.micronaut.runtime.Micronaut;
import jakarta.inject.Singleton;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.fiware.iam.configuration.Oid4VpConfiguration;
import org.fiware.iam.exception.Oid4VpInitException;

import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.ProxySelector;
import java.net.http.HttpClient;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.*;
import java.util.stream.Collectors;

@Factory
public class Application {

    private static final String CACERTS_PATH = System.getProperty("javax.net.ssl.trustStore",
            System.getProperty("java.home") + "/lib/security/cacerts");
    private static final char[] DEFAULT_TRUSTSTORE_PASSWORD = System.getProperty(
            "javax.net.ssl.trustStorePassword", "changeit").toCharArray();

    public static void main(String[] args) {
        Micronaut.run(Application.class, args);
    }

    @Requires(bean = Oid4VpConfiguration.class)
    @Singleton
    public HttpClient httpClient(Oid4VpConfiguration.ProxyConfig proxyConfig) {
        HttpClient.Builder httpClientBuilder = HttpClient.newBuilder();
        // required for the authorization flow to work
        httpClientBuilder.followRedirects(HttpClient.Redirect.NORMAL);
        if (proxyConfig.useProxy()) {
            ProxySelector proxySelector = ProxySelector.of(new InetSocketAddress(proxyConfig.proxyHost(), proxyConfig.proxyPort()));
            httpClientBuilder.proxy(proxySelector);
        }

        return httpClientBuilder.build();
    }

    @Requires(bean = Oid4VpConfiguration.class)
    @Bean
    public CredentialsRepository credentialsRepository(Oid4VpConfiguration oid4VpConfiguration, ObjectMapper objectMapper) {
        return new FileSystemCredentialsRepository(oid4VpConfiguration.getCredentialsFolder(), objectMapper);
    }

    @Requires(bean = Oid4VpConfiguration.class)
    @Bean
    public OID4VPClient oid4VPClient(HttpClient httpClient, ObjectMapper objectMapper, Oid4VpConfiguration oid4VpConfiguration, CredentialsRepository credentialsRepository) {
        // required for octect-key support
        Security.addProvider(new BouncyCastleProvider());

        // properly deserialize dcql
        ObjectMapper authObjectMapper = objectMapper.copy();
        authObjectMapper.setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE);
        SimpleModule deserializerModule = new SimpleModule();
        deserializerModule.addDeserializer(CredentialFormat.class, new CredentialFormatDeserializer());
        deserializerModule.addDeserializer(TrustedAuthorityType.class, new TrustedAuthorityTypeDeserializer());
        authObjectMapper.registerModule(deserializerModule);

        // initialize the holder
        PrivateKey privateKey = loadPrivateKey(oid4VpConfiguration.getHolder().keyType(), oid4VpConfiguration.getHolder().keyPath());
        HolderConfiguration holderConfiguration = new HolderConfiguration(
                oid4VpConfiguration.getHolder().holderId(),
                oid4VpConfiguration.getHolder().holderId().toString(),
                JWEAlgorithm.parse(oid4VpConfiguration.getHolder().signatureAlgorithm()),
                privateKey);
        SigningService signingService = new HolderSigningService(holderConfiguration, objectMapper);

        Set<TrustAnchor> trustAnchors = oid4VpConfiguration.getTrustAnchors()
                .stream()
                .map(Application::loadCertificates)
                .flatMap(List::stream)
                .map(c -> new TrustAnchor(c, null))
                .collect(Collectors.toSet());

        DCQLEvaluator dcqlEvaluator = new DCQLEvaluator(List.of(
                new JwtCredentialEvaluator(),
                new DcSdJwtCredentialEvaluator(),
                new VcSdJwtCredentialEvaluator()));


        return new OID4VPClient(
                httpClient,
                holderConfiguration,
                authObjectMapper,
                List.of(new X509SanDnsClientResolver(trustAnchors, false)),
                dcqlEvaluator,
                credentialsRepository,
                signingService);

    }

    private static PrivateKey loadPrivateKey(String keyType, String filename) {
        try (InputStream is = Application.class.getClassLoader().getResourceAsStream(filename)) {
            if (is == null) {
                throw new IllegalArgumentException("Resource not found: " + filename);
            }

            // Read PEM file content
            String pem = new String(is.readAllBytes(), StandardCharsets.UTF_8)
                    .replaceAll("-----BEGIN (.*)-----", "")
                    .replaceAll("-----END (.*)-----", "")
                    .replaceAll("\\s", "");

            // Base64 decode
            byte[] decoded = Base64.getDecoder().decode(pem);

            // Build key spec
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);
            KeyFactory keyFactory = KeyFactory.getInstance(keyType); // or "EC"
            return keyFactory.generatePrivate(keySpec);
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new Oid4VpInitException(String.format("Was not able to load the private key with type %s from %s", keyType, filename), e);
        }
    }

    private static List<X509Certificate> loadCertificates(String resource) {

        try (InputStream is = Application.class.getClassLoader().getResourceAsStream(resource)) {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            Collection<? extends Certificate> certs = cf.generateCertificates(is);

            List<X509Certificate> list = new ArrayList<>();
            for (Certificate cert : certs) {
                list.add((X509Certificate) cert);
            }
            return list;
        } catch (IOException | CertificateException e) {
            throw new Oid4VpInitException(String.format("Was not able to load the certificates from %s", resource), e);
        }
    }


}

1	package org.fiware.iam;
2
3	import com.fasterxml.jackson.databind.ObjectMapper;
4	import com.fasterxml.jackson.databind.PropertyNamingStrategies;
5	import com.fasterxml.jackson.databind.module.SimpleModule;
6	import com.nimbusds.jose.JWEAlgorithm;
7	import io.github.wistefan.dcql.DCQLEvaluator;
8	import io.github.wistefan.dcql.DcSdJwtCredentialEvaluator;
9	import io.github.wistefan.dcql.JwtCredentialEvaluator;
10	import io.github.wistefan.dcql.VcSdJwtCredentialEvaluator;
11	import io.github.wistefan.dcql.model.CredentialFormat;
12	import io.github.wistefan.dcql.model.TrustedAuthorityType;
13	import io.github.wistefan.oid4vp.HolderSigningService;
14	import io.github.wistefan.oid4vp.OID4VPClient;
15	import io.github.wistefan.oid4vp.SigningService;
16	import io.github.wistefan.oid4vp.client.X509SanDnsClientResolver;
17	import io.github.wistefan.oid4vp.config.HolderConfiguration;
18	import io.github.wistefan.oid4vp.credentials.CredentialsRepository;
19	import io.github.wistefan.oid4vp.credentials.FileSystemCredentialsRepository;
20	import io.github.wistefan.oid4vp.mapping.CredentialFormatDeserializer;
21	import io.github.wistefan.oid4vp.mapping.TrustedAuthorityTypeDeserializer;
22	import io.micronaut.context.annotation.Bean;
23	import io.micronaut.context.annotation.Factory;
24	import io.micronaut.context.annotation.Requires;
25	import io.micronaut.runtime.Micronaut;
26	import jakarta.inject.Singleton;
27	import org.bouncycastle.jce.provider.BouncyCastleProvider;
28	import org.fiware.iam.configuration.Oid4VpConfiguration;
29	import org.fiware.iam.exception.Oid4VpInitException;
30
31	import java.io.IOException;
32	import java.io.InputStream;
33	import java.net.InetSocketAddress;
34	import java.net.ProxySelector;
35	import java.net.http.HttpClient;
36	import java.nio.charset.StandardCharsets;
37	import java.security.KeyFactory;
38	import java.security.NoSuchAlgorithmException;
39	import java.security.PrivateKey;
40	import java.security.Security;
41	import java.security.cert.*;
42	import java.security.spec.InvalidKeySpecException;
43	import java.security.spec.PKCS8EncodedKeySpec;
44	import java.util.*;
45	import java.util.stream.Collectors;
46
47	@Factory
UNCOV 48	public class Application {	×
49
NEW 50	private static final String CACERTS_PATH = System.getProperty("javax.net.ssl.trustStore",	×
NEW 51	System.getProperty("java.home") + "/lib/security/cacerts");	×
NEW 52	private static final char[] DEFAULT_TRUSTSTORE_PASSWORD = System.getProperty(	×
NEW 53	"javax.net.ssl.trustStorePassword", "changeit").toCharArray();	×
54
55	public static void main(String[] args) {
NEW 56	Micronaut.run(Application.class, args);	×
NEW 57	}	×
58
59	@Requires(bean = Oid4VpConfiguration.class)
60	@Singleton
61	public HttpClient httpClient(Oid4VpConfiguration.ProxyConfig proxyConfig) {
NEW 62	HttpClient.Builder httpClientBuilder = HttpClient.newBuilder();	×
63	// required for the authorization flow to work
NEW 64	httpClientBuilder.followRedirects(HttpClient.Redirect.NORMAL);	×
NEW 65	if (proxyConfig.useProxy()) {	×
NEW 66	ProxySelector proxySelector = ProxySelector.of(new InetSocketAddress(proxyConfig.proxyHost(), proxyConfig.proxyPort()));	×
NEW 67	httpClientBuilder.proxy(proxySelector);	×
68	}
69
NEW 70	return httpClientBuilder.build();	×
71	}
72
73	@Requires(bean = Oid4VpConfiguration.class)
74	@Bean
75	public CredentialsRepository credentialsRepository(Oid4VpConfiguration oid4VpConfiguration, ObjectMapper objectMapper) {
NEW 76	return new FileSystemCredentialsRepository(oid4VpConfiguration.getCredentialsFolder(), objectMapper);	×
77	}
78
79	@Requires(bean = Oid4VpConfiguration.class)
80	@Bean
81	public OID4VPClient oid4VPClient(HttpClient httpClient, ObjectMapper objectMapper, Oid4VpConfiguration oid4VpConfiguration, CredentialsRepository credentialsRepository) {
82	// required for octect-key support
NEW 83	Security.addProvider(new BouncyCastleProvider());	×
84
85	// properly deserialize dcql
NEW 86	ObjectMapper authObjectMapper = objectMapper.copy();	×
NEW 87	authObjectMapper.setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE);	×
NEW 88	SimpleModule deserializerModule = new SimpleModule();	×
NEW 89	deserializerModule.addDeserializer(CredentialFormat.class, new CredentialFormatDeserializer());	×
NEW 90	deserializerModule.addDeserializer(TrustedAuthorityType.class, new TrustedAuthorityTypeDeserializer());	×
NEW 91	authObjectMapper.registerModule(deserializerModule);	×
92
93	// initialize the holder
NEW 94	PrivateKey privateKey = loadPrivateKey(oid4VpConfiguration.getHolder().keyType(), oid4VpConfiguration.getHolder().keyPath());	×
NEW 95	HolderConfiguration holderConfiguration = new HolderConfiguration(	×
NEW 96	oid4VpConfiguration.getHolder().holderId(),	×
NEW 97	oid4VpConfiguration.getHolder().holderId().toString(),	×
NEW 98	JWEAlgorithm.parse(oid4VpConfiguration.getHolder().signatureAlgorithm()),	×
99	privateKey);
NEW 100	SigningService signingService = new HolderSigningService(holderConfiguration, objectMapper);	×
101
NEW 102	Set<TrustAnchor> trustAnchors = oid4VpConfiguration.getTrustAnchors()	×
NEW 103	.stream()	×
NEW 104	.map(Application::loadCertificates)	×
NEW 105	.flatMap(List::stream)	×
NEW 106	.map(c -> new TrustAnchor(c, null))	×
NEW 107	.collect(Collectors.toSet());	×
108
NEW 109	DCQLEvaluator dcqlEvaluator = new DCQLEvaluator(List.of(	×
110	new JwtCredentialEvaluator(),
111	new DcSdJwtCredentialEvaluator(),
112	new VcSdJwtCredentialEvaluator()));
113
114
NEW 115	return new OID4VPClient(	×
116	httpClient,
117	holderConfiguration,
118	authObjectMapper,
NEW 119	List.of(new X509SanDnsClientResolver(trustAnchors, false)),	×
120	dcqlEvaluator,
121	credentialsRepository,
122	signingService);
123
124	}
125
126	private static PrivateKey loadPrivateKey(String keyType, String filename) {
NEW 127	try (InputStream is = Application.class.getClassLoader().getResourceAsStream(filename)) {	×
NEW 128	if (is == null) {	×
NEW 129	throw new IllegalArgumentException("Resource not found: " + filename);	×
130	}
131
132	// Read PEM file content
NEW 133	String pem = new String(is.readAllBytes(), StandardCharsets.UTF_8)	×
NEW 134	.replaceAll("-----BEGIN (.*)-----", "")	×
NEW 135	.replaceAll("-----END (.*)-----", "")	×
NEW 136	.replaceAll("\\s", "");	×
137
138	// Base64 decode
NEW 139	byte[] decoded = Base64.getDecoder().decode(pem);	×
140
141	// Build key spec
NEW 142	PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decoded);	×
NEW 143	KeyFactory keyFactory = KeyFactory.getInstance(keyType); // or "EC"	×
NEW 144	return keyFactory.generatePrivate(keySpec);	×
NEW 145	} catch (IOException \| NoSuchAlgorithmException \| InvalidKeySpecException e) {	×
NEW 146	throw new Oid4VpInitException(String.format("Was not able to load the private key with type %s from %s", keyType, filename), e);	×
147	}
148	}
149
150	private static List<X509Certificate> loadCertificates(String resource) {
151
NEW 152	try (InputStream is = Application.class.getClassLoader().getResourceAsStream(resource)) {	×
NEW 153	CertificateFactory cf = CertificateFactory.getInstance("X.509");	×
NEW 154	Collection<? extends Certificate> certs = cf.generateCertificates(is);	×
155
NEW 156	List<X509Certificate> list = new ArrayList<>();	×
NEW 157	for (Certificate cert : certs) {	×
NEW 158	list.add((X509Certificate) cert);	×
NEW 159	}	×
NEW 160	return list;	×
NEW 161	} catch (IOException \| CertificateException e) {	×
NEW 162	throw new Oid4VpInitException(String.format("Was not able to load the certificates from %s", resource), e);	×
163	}
164	}
165
166
167	}

FIWARE / contract-management / #67

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous