feat: add participant id extraction function to dataspace profile context (#5154)

Author: ronjaquensel

core/common/connector-core/src/main/java/org/eclipse/edc/connector/core/CoreServicesExtension.java

@@ -9,6 +9,7 @@
  *
  *  Contributors:
  *       Microsoft Corporation - initial API and implementation
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -31,22 +32,16 @@
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Provider;
-import org.eclipse.edc.runtime.metamodel.annotation.Setting;
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.edc.validator.spi.DataAddressValidatorRegistry;
 
-import static org.eclipse.edc.participant.spi.ParticipantAgentService.DEFAULT_IDENTITY_CLAIM_KEY;
-
 @Extension(value = CoreServicesExtension.NAME)
 public class CoreServicesExtension implements ServiceExtension {
 
     public static final String NAME = "Core Services";
 
-    @Setting(description = "The name of the claim key used to determine the participant identity", defaultValue = DEFAULT_IDENTITY_CLAIM_KEY)
-    public static final String EDC_AGENT_IDENTITY_KEY = "edc.agent.identity.key";
-
     @Inject
     private TypeManager typeManager;
 
@@ -74,9 +69,8 @@ public void prepare() {
     }
 
     @Provider
-    public ParticipantAgentService participantAgentService(ServiceExtensionContext context) {
-        var identityKey = context.getSetting(EDC_AGENT_IDENTITY_KEY, DEFAULT_IDENTITY_CLAIM_KEY);
-        return new ParticipantAgentServiceImpl(identityKey);
+    public ParticipantAgentService participantAgentService() {
+        return new ParticipantAgentServiceImpl();
     }
 
     @Provider

core/common/connector-core/src/main/java/org/eclipse/edc/connector/core/agent/ParticipantAgentServiceImpl.java

@@ -9,6 +9,7 @@
  *
  *  Contributors:
  *       Microsoft Corporation - initial API and implementation
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -23,36 +24,22 @@
 import java.util.HashMap;
 import java.util.List;
 
-import static java.util.Objects.requireNonNull;
-import static org.eclipse.edc.participant.spi.ParticipantAgent.PARTICIPANT_IDENTITY;
-
 /**
  * Default implementation.
  */
 public class ParticipantAgentServiceImpl implements ParticipantAgentService {
-    private final String identityClaimKey;
-    private final List<ParticipantAgentServiceExtension> extensions = new ArrayList<>();
 
-    public ParticipantAgentServiceImpl() {
-        identityClaimKey = DEFAULT_IDENTITY_CLAIM_KEY;
-    }
+    private final List<ParticipantAgentServiceExtension> extensions = new ArrayList<>();
 
-    public ParticipantAgentServiceImpl(String key) {
-        requireNonNull(key, "key");
-        this.identityClaimKey = key;
-    }
+    public ParticipantAgentServiceImpl() { }
 
     @Override
-    public ParticipantAgent createFor(ClaimToken token) {
+    public ParticipantAgent createFor(ClaimToken token, String participantId) {
         var attributes = new HashMap<String, String>();
+        
         extensions.stream().map(extension -> extension.attributesFor(token)).forEach(attributes::putAll);
-        if (!attributes.containsKey(PARTICIPANT_IDENTITY)) {
-            var claim = token.getClaim(identityClaimKey);
-            if (claim != null) {
-                attributes.put(PARTICIPANT_IDENTITY, claim.toString());
-            }
-        }
-        return new ParticipantAgent(token.getClaims(), attributes);
+        
+        return new ParticipantAgent(participantId, token.getClaims(), attributes);
     }
 
     @Override

core/common/connector-core/src/test/java/org/eclipse/edc/connector/core/agent/ParticipantAgentServiceImplTest.java

@@ -9,6 +9,7 @@
  *
  *  Contributors:
  *       Microsoft Corporation - initial API and implementation
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -21,7 +22,6 @@
 import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
-import static org.eclipse.edc.connector.core.agent.ParticipantAgentServiceImpl.DEFAULT_IDENTITY_CLAIM_KEY;
 import static org.eclipse.edc.participant.spi.ParticipantAgent.PARTICIPANT_IDENTITY;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
@@ -41,61 +41,36 @@ void verifyRegisteredExtensionIsInvoked() {
         var participantAgentService = new ParticipantAgentServiceImpl();
         participantAgentService.register(extension);
 
-        var participantAgent = participantAgentService.createFor(ClaimToken.Builder.newInstance().build());
+        var participantAgent = participantAgentService.createFor(ClaimToken.Builder.newInstance().build(), "test-participant");
 
         assertThat(participantAgent.getAttributes().containsKey("foo")).isTrue();
         verify(extension).attributesFor(isA(ClaimToken.class));
     }
-
-    @Test
-    void verifyDefaultIdentityClaim() {
-        var participantAgentService = new ParticipantAgentServiceImpl();
-        var agent = participantAgentService.createFor(ClaimToken.Builder.newInstance().claim(DEFAULT_IDENTITY_CLAIM_KEY, "test-participant").build());
-
-        assertThat(agent.getIdentity()).isEqualTo("test-participant");
-    }
-
+    
     @Test
-    void verifyNoDefaultIdentityClaim() {
+    void verifyIdentityIsAddedToParticipantAgent() {
         var participantAgentService = new ParticipantAgentServiceImpl();
-        var agent = participantAgentService.createFor(ClaimToken.Builder.newInstance().build());
-
-        assertThat(agent.getIdentity()).isNull();
-    }
-
-    @Test
-    void verifyCustomIdentityClaim() {
-        var participantAgentService = new ParticipantAgentServiceImpl("custom-key");
-        var agent = participantAgentService.createFor(ClaimToken.Builder.newInstance().claim("custom-key", "test-participant").build());
-
-        assertThat(agent.getIdentity()).isEqualTo("test-participant");
+        var participantId = "test-participant";
+        
+        var participantAgent = participantAgentService.createFor(ClaimToken.Builder.newInstance().build(), participantId);
+        
+        assertThat(participantAgent.getIdentity()).isEqualTo(participantId);
     }
 
     @Test
-    void verifyExtensionCreatesIdentity() {
+    void verifyGivenIdentityOverridesIdentityCreatedByExtension() {
         var participantAgentService = new ParticipantAgentServiceImpl();
+        var extensionParticipantId = "overridden-participant";
+        var givenParticipantId = "test-participant";
 
-        ParticipantAgentServiceExtension extension = mock(ParticipantAgentServiceExtension.class);
-        when(extension.attributesFor(isA(ClaimToken.class))).thenReturn(Map.of(PARTICIPANT_IDENTITY, "test-participant"));
+        var extension = mock(ParticipantAgentServiceExtension.class);
+        when(extension.attributesFor(isA(ClaimToken.class))).thenReturn(Map.of(PARTICIPANT_IDENTITY, extensionParticipantId));
         participantAgentService.register(extension);
 
-        var agent = participantAgentService.createFor(ClaimToken.Builder.newInstance().build());
+        var agent = participantAgentService.createFor(ClaimToken.Builder.newInstance().build(), givenParticipantId);
 
-        assertThat(agent.getIdentity()).isEqualTo("test-participant");
+        assertThat(agent.getIdentity())
+                .isNotEqualTo(extensionParticipantId)
+                .isEqualTo(givenParticipantId);
     }
-
-    @Test
-    void verifyExtensionOverridesDefaultIdentityClaim() {
-        var participantAgentService = new ParticipantAgentServiceImpl();
-
-        ParticipantAgentServiceExtension extension = mock(ParticipantAgentServiceExtension.class);
-        when(extension.attributesFor(isA(ClaimToken.class))).thenReturn(Map.of(PARTICIPANT_IDENTITY, "test-participant"));
-        participantAgentService.register(extension);
-
-        var agent = participantAgentService.createFor(ClaimToken.Builder.newInstance().claim(DEFAULT_IDENTITY_CLAIM_KEY, "overriden-identity").build());
-
-        assertThat(agent.getIdentity()).isEqualTo("test-participant");
-    }
-
-
 }

core/control-plane/control-plane-aggregate-services/src/main/java/org/eclipse/edc/connector/controlplane/services/ControlPlaneServicesExtension.java

@@ -11,6 +11,7 @@
  *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
  *       Cofinity-X - unauthenticated DSP version endpoint
  *       Cofinity-X - add participantId to DataspaceProfileContext
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -277,7 +278,7 @@ contractValidationService, protocolTokenValidator(), dataAddressValidator, trans
     @Provider
     public ProtocolTokenValidator protocolTokenValidator() {
         if (protocolTokenValidator == null) {
-            protocolTokenValidator = new ProtocolTokenValidatorImpl(identityService, policyEngine, monitor, participantAgentService);
+            protocolTokenValidator = new ProtocolTokenValidatorImpl(identityService, policyEngine, monitor, participantAgentService, dataspaceProfileContextRegistry);
         }
         return protocolTokenValidator;
     }

core/control-plane/control-plane-aggregate-services/src/main/java/org/eclipse/edc/connector/controlplane/services/catalog/CatalogProtocolServiceImpl.java

@@ -10,6 +10,7 @@
  *  Contributors:
  *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
  *       Cofinity-X - add participantId to DataspaceProfileContext
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -19,6 +20,7 @@
 import org.eclipse.edc.connector.controlplane.catalog.spi.CatalogRequestMessage;
 import org.eclipse.edc.connector.controlplane.catalog.spi.DataServiceRegistry;
 import org.eclipse.edc.connector.controlplane.catalog.spi.Dataset;
+import org.eclipse.edc.connector.controlplane.catalog.spi.DatasetRequestMessage;
 import org.eclipse.edc.connector.controlplane.catalog.spi.DatasetResolver;
 import org.eclipse.edc.connector.controlplane.services.spi.catalog.CatalogProtocolService;
 import org.eclipse.edc.connector.controlplane.services.spi.protocol.ProtocolTokenValidator;
@@ -72,7 +74,11 @@ public ServiceResult<Catalog> getCatalog(CatalogRequestMessage message, TokenRep
 
     @Override
     public @NotNull ServiceResult<Dataset> getDataset(String datasetId, TokenRepresentation tokenRepresentation, String protocol) {
-        return transactionContext.execute(() -> protocolTokenValidator.verify(tokenRepresentation, RequestCatalogPolicyContext::new)
+        var message = DatasetRequestMessage.Builder.newInstance()
+                .protocol(protocol)
+                .datasetId(datasetId)
+                .build();
+        return transactionContext.execute(() -> protocolTokenValidator.verify(tokenRepresentation, RequestCatalogPolicyContext::new, message)
                 .map(agent -> datasetResolver.getById(agent, datasetId, protocol))
                 .compose(dataset -> {
                     if (dataset == null) {

core/control-plane/control-plane-aggregate-services/src/main/java/org/eclipse/edc/connector/controlplane/services/contractnegotiation/ContractNegotiationProtocolServiceImpl.java

@@ -10,6 +10,7 @@
  *  Contributors:
  *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
  *       Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. - implementation for provider offer
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -23,6 +24,7 @@
 import org.eclipse.edc.connector.controlplane.contract.spi.types.agreement.ContractAgreementVerificationMessage;
 import org.eclipse.edc.connector.controlplane.contract.spi.types.agreement.ContractNegotiationEventMessage;
 import org.eclipse.edc.connector.controlplane.contract.spi.types.negotiation.ContractNegotiation;
+import org.eclipse.edc.connector.controlplane.contract.spi.types.negotiation.ContractNegotiationRequestMessage;
 import org.eclipse.edc.connector.controlplane.contract.spi.types.negotiation.ContractNegotiationTerminationMessage;
 import org.eclipse.edc.connector.controlplane.contract.spi.types.negotiation.ContractOfferMessage;
 import org.eclipse.edc.connector.controlplane.contract.spi.types.negotiation.ContractRequestMessage;
@@ -196,9 +198,14 @@ public ServiceResult<ContractNegotiation> notifyTerminated(ContractNegotiationTe
     @Override
     @WithSpan
     @NotNull
-    public ServiceResult<ContractNegotiation> findById(String id, TokenRepresentation tokenRepresentation) {
+    public ServiceResult<ContractNegotiation> findById(String id, TokenRepresentation tokenRepresentation, String protocol) {
+        var message = ContractNegotiationRequestMessage.Builder.newInstance()
+                .negotiationId(id)
+                .protocol(protocol)
+                .build();
+        
         return transactionContext.execute(() -> getNegotiation(id)
-                .compose(contractNegotiation -> verifyRequest(tokenRepresentation, contractNegotiation.getLastContractOffer().getPolicy(), null)
+                .compose(contractNegotiation -> verifyRequest(tokenRepresentation, contractNegotiation.getLastContractOffer().getPolicy(), message)
                         .compose(agent -> validateRequest(agent, contractNegotiation)
                                 .map(it -> contractNegotiation))));
     }

core/control-plane/control-plane-aggregate-services/src/main/java/org/eclipse/edc/connector/controlplane/services/protocol/ProtocolTokenValidatorImpl.java

@@ -9,6 +9,7 @@
  *
  *  Contributors:
  *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -20,6 +21,7 @@
 import org.eclipse.edc.policy.context.request.spi.RequestPolicyContext;
 import org.eclipse.edc.policy.engine.spi.PolicyEngine;
 import org.eclipse.edc.policy.model.Policy;
+import org.eclipse.edc.protocol.spi.DataspaceProfileContextRegistry;
 import org.eclipse.edc.spi.iam.IdentityService;
 import org.eclipse.edc.spi.iam.RequestContext;
 import org.eclipse.edc.spi.iam.RequestScope;
@@ -38,15 +40,17 @@ public class ProtocolTokenValidatorImpl implements ProtocolTokenValidator {
     private final IdentityService identityService;
     private final PolicyEngine policyEngine;
     private final ParticipantAgentService agentService;
+    private final DataspaceProfileContextRegistry dataspaceProfileContextRegistry;
 
     private final Monitor monitor;
 
     public ProtocolTokenValidatorImpl(IdentityService identityService, PolicyEngine policyEngine, Monitor monitor,
-                                      ParticipantAgentService agentService) {
+                                      ParticipantAgentService agentService, DataspaceProfileContextRegistry dataspaceProfileContextRegistry) {
         this.identityService = identityService;
         this.monitor = monitor;
         this.policyEngine = policyEngine;
         this.agentService = agentService;
+        this.dataspaceProfileContextRegistry = dataspaceProfileContextRegistry;
     }
 
     @Override
@@ -66,7 +70,13 @@ public ServiceResult<ParticipantAgent> verify(TokenRepresentation tokenRepresent
         }
 
         var claimToken = tokenValidation.getContent();
-        var participantAgent = agentService.createFor(claimToken);
+        
+        var idExtractionFunction = dataspaceProfileContextRegistry.getIdExtractionFunction(message.getProtocol());
+        if (idExtractionFunction == null) {
+            return ServiceResult.badRequest("Unsupported protocol: " + message.getProtocol());
+        }
+        
+        var participantAgent = agentService.createFor(claimToken, idExtractionFunction.apply(claimToken));
         return ServiceResult.success(participantAgent);
     }
 

core/control-plane/control-plane-aggregate-services/src/main/java/org/eclipse/edc/connector/controlplane/services/transferprocess/TransferProcessProtocolServiceImpl.java

@@ -10,6 +10,7 @@
  *  Contributors:
  *       Microsoft Corporation - initial API and implementation
  *       Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. - initiate provider process
+ *       Cofinity-X - make participant id extraction dependent on dataspace profile context
  *
  */
 
@@ -27,6 +28,7 @@
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.TransferProcess;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.TransferProcessStates;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.protocol.TransferCompletionMessage;
+import org.eclipse.edc.connector.controlplane.transfer.spi.types.protocol.TransferProcessRequestMessage;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.protocol.TransferRemoteMessage;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.protocol.TransferRequestMessage;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.protocol.TransferStartMessage;
@@ -137,9 +139,14 @@ public ServiceResult<TransferProcess> notifyTerminated(TransferTerminationMessag
     @Override
     @WithSpan
     @NotNull
-    public ServiceResult<TransferProcess> findById(String id, TokenRepresentation tokenRepresentation) {
+    public ServiceResult<TransferProcess> findById(String id, TokenRepresentation tokenRepresentation, String protocol) {
+        var message = TransferProcessRequestMessage.Builder.newInstance()
+                .transferProcessId(id)
+                .protocol(protocol)
+                .build();
+        
         return transactionContext.execute(() -> fetchRequestContext(id, this::findTransferProcessById)
-                .compose(context -> verifyRequest(tokenRepresentation, context, null))
+                .compose(context -> verifyRequest(tokenRepresentation, context, message))
                 .compose(context -> validateCounterParty(context.participantAgent(), context.agreement(), context.transferProcess())));
     }
 

core/control-plane/control-plane-aggregate-services/src/test/java/org/eclipse/edc/connector/controlplane/services/catalog/CatalogProtocolServiceImplTest.java

@@ -129,7 +129,7 @@ void shouldReturnDataset() {
             var participantAgent = createParticipantAgent();
             var dataset = createDataset();
 
-            when(protocolTokenValidator.verify(eq(tokenRepresentation), any())).thenReturn(ServiceResult.success(participantAgent));
+            when(protocolTokenValidator.verify(eq(tokenRepresentation), any(), any())).thenReturn(ServiceResult.success(participantAgent));
             when(datasetResolver.getById(any(), any(), any())).thenReturn(dataset);
 
             var result = service.getDataset("datasetId", tokenRepresentation, "protocol");
@@ -144,7 +144,7 @@ void shouldFail_whenDatasetIsNull() {
             var participantAgent = createParticipantAgent();
             var tokenRepresentation = createTokenRepresentation();
 
-            when(protocolTokenValidator.verify(eq(tokenRepresentation), any())).thenReturn(ServiceResult.success(participantAgent));
+            when(protocolTokenValidator.verify(eq(tokenRepresentation), any(), any())).thenReturn(ServiceResult.success(participantAgent));
             when(datasetResolver.getById(any(), any(), any())).thenReturn(null);
 
             var result = service.getDataset("datasetId", tokenRepresentation, "protocol");
@@ -156,7 +156,7 @@ void shouldFail_whenDatasetIsNull() {
         void shouldFail_whenTokenValidationFails() {
             var tokenRepresentation = createTokenRepresentation();
 
-            when(protocolTokenValidator.verify(eq(tokenRepresentation), any())).thenReturn(ServiceResult.unauthorized("unauthorized"));
+            when(protocolTokenValidator.verify(eq(tokenRepresentation), any(), any())).thenReturn(ServiceResult.unauthorized("unauthorized"));
 
             var result = service.getDataset("datasetId", tokenRepresentation, "protocol");