refactor: rename modules and packages, fix minor nits (#523)

* renamed AccessTokenVerifier -> SelfIssuedTokenVerifier * moved inmem stores into dedicated package * moved SelfISsuedTokenVerifier to identity-hub-core * moved SelfIssuedTokenConstants to SPI * moved CredentialQueryResolverImpl to identity-hub-core * moved EdcScopeToCriterionTransformer to identity-hub-core * remove credential-query-lib * moved verifiable-resentation-lib into identity-hub-core * moved presentation-api to extensions/protocols/dcp * split identity-hub-store-spi up into individual SPIs * fixed typo: identithub -> identityhub * split up validators module * moved all classes in dedicated SPI packages in identity-hub-spi * removed debug log statement * span create-presentation in ONE transaction * refactor participantId -> participantContextId * checkstyle, api version * license headers
eclipse-edc · Jan 16, 2025 · bca2455 · bca2455
1 parent 2fbcbdf
commit bca2455
Show file tree

Hide file tree

Showing 229 changed files with 1,026 additions and 1,009 deletions.
diff --git a/core/identity-hub-core/build.gradle.kts b/core/identity-hub-core/build.gradle.kts
@@ -4,10 +4,12 @@ plugins {
 
 dependencies {
     api(project(":spi:identity-hub-spi"))
-    api(project(":spi:identity-hub-store-spi"))
+    api(project(":spi:verifiable-credential-spi"))
+    api(project(":spi:keypair-spi"))
+    api(project(":spi:participant-context-spi"))
+    api(project(":spi:did-spi"))
     implementation(project(":core:lib:verifiable-presentation-lib"))
     implementation(project(":core:lib:accesstoken-lib"))
-    implementation(project(":core:lib:credential-query-lib"))
     implementation(libs.edc.spi.dcp) //SignatureSuiteRegistry
     implementation(libs.edc.spi.jwt.signer)
     implementation(libs.edc.core.connector) // for the CriterionToPredicateConverterImpl
@@ -29,6 +31,9 @@ dependencies {
 
     testImplementation(libs.edc.junit)
     testImplementation(libs.edc.jsonld)
-    testImplementation(testFixtures(project(":spi:identity-hub-store-spi")))
+    testImplementation(testFixtures(project(":spi:keypair-spi")))
+    testImplementation(testFixtures(project(":spi:participant-context-spi")))
+    testImplementation(testFixtures(project(":spi:verifiable-credential-spi")))
     testImplementation(testFixtures(libs.edc.vc.jwt)) // JWT generator
+
 }
diff --git a/...identity-hub-core/src/main/java/org/eclipse/edc/identityhub/DefaultServicesExtension.java b/...identity-hub-core/src/main/java/org/eclipse/edc/identityhub/DefaultServicesExtension.java
@@ -22,15 +22,15 @@
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.revocation.bitstringstatuslist.BitstringStatusListStatus;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.revocation.statuslist2021.StatusList2021Status;
 import org.eclipse.edc.identityhub.accesstoken.rules.ClaimIsPresentRule;
-import org.eclipse.edc.identityhub.defaults.InMemoryCredentialStore;
-import org.eclipse.edc.identityhub.defaults.InMemoryKeyPairResourceStore;
-import org.eclipse.edc.identityhub.defaults.InMemoryParticipantContextStore;
-import org.eclipse.edc.identityhub.defaults.InMemorySignatureSuiteRegistry;
-import org.eclipse.edc.identityhub.query.EdcScopeToCriterionTransformer;
-import org.eclipse.edc.identityhub.spi.ScopeToCriterionTransformer;
-import org.eclipse.edc.identityhub.spi.store.CredentialStore;
-import org.eclipse.edc.identityhub.spi.store.KeyPairResourceStore;
-import org.eclipse.edc.identityhub.spi.store.ParticipantContextStore;
+import org.eclipse.edc.identityhub.defaults.EdcScopeToCriterionTransformer;
+import org.eclipse.edc.identityhub.defaults.store.InMemoryCredentialStore;
+import org.eclipse.edc.identityhub.defaults.store.InMemoryKeyPairResourceStore;
+import org.eclipse.edc.identityhub.defaults.store.InMemoryParticipantContextStore;
+import org.eclipse.edc.identityhub.defaults.store.InMemorySignatureSuiteRegistry;
+import org.eclipse.edc.identityhub.spi.keypair.store.KeyPairResourceStore;
+import org.eclipse.edc.identityhub.spi.participantcontext.store.ParticipantContextStore;
+import org.eclipse.edc.identityhub.spi.transformation.ScopeToCriterionTransformer;
+import org.eclipse.edc.identityhub.spi.verifiablecredentials.store.CredentialStore;
 import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
 import org.eclipse.edc.jwt.validation.jti.JtiValidationStore;
 import org.eclipse.edc.keys.spi.PrivateKeyResolver;
@@ -46,10 +46,10 @@
 import org.eclipse.edc.verifiablecredentials.jwt.rules.JtiValidationRule;
 
 import static org.eclipse.edc.identityhub.DefaultServicesExtension.NAME;
-import static org.eclipse.edc.identityhub.accesstoken.verification.AccessTokenConstants.ACCESS_TOKEN_SCOPE_CLAIM;
-import static org.eclipse.edc.identityhub.accesstoken.verification.AccessTokenConstants.DCP_ACCESS_TOKEN_CONTEXT;
-import static org.eclipse.edc.identityhub.accesstoken.verification.AccessTokenConstants.DCP_SELF_ISSUED_TOKEN_CONTEXT;
-import static org.eclipse.edc.identityhub.accesstoken.verification.AccessTokenConstants.TOKEN_CLAIM;
+import static org.eclipse.edc.identityhub.spi.verification.SelfIssuedTokenConstants.ACCESS_TOKEN_SCOPE_CLAIM;
+import static org.eclipse.edc.identityhub.spi.verification.SelfIssuedTokenConstants.DCP_ACCESS_TOKEN_CONTEXT;
+import static org.eclipse.edc.identityhub.spi.verification.SelfIssuedTokenConstants.DCP_SELF_ISSUED_TOKEN_CONTEXT;
+import static org.eclipse.edc.identityhub.spi.verification.SelfIssuedTokenConstants.TOKEN_CLAIM;
 
 @Extension(NAME)
 public class DefaultServicesExtension implements ServiceExtension {
@@ -110,7 +110,7 @@ public KeyPairResourceStore createDefaultKeyPairResourceStore() {
     @Provider(isDefault = true)
     public ScopeToCriterionTransformer createScopeTransformer(ServiceExtensionContext context) {
         context.getMonitor().warning("Using the default EdcScopeToCriterionTransformer. This is not intended for production use and should be replaced " +
-                                     "with a specialized implementation for your dataspace");
+                "with a specialized implementation for your dataspace");
         return new EdcScopeToCriterionTransformer();
     }
 

diff --git a/...entity-hub-core/src/main/java/org/eclipse/edc/identityhub/core/CoreServicesExtension.java b/...entity-hub-core/src/main/java/org/eclipse/edc/identityhub/core/CoreServicesExtension.java
@@ -19,26 +19,26 @@
 import org.eclipse.edc.iam.identitytrust.spi.verification.SignatureSuiteRegistry;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.RevocationServiceRegistry;
-import org.eclipse.edc.identithub.verifiablecredential.CredentialStatusCheckServiceImpl;
-import org.eclipse.edc.identithub.verifiablepresentation.PresentationCreatorRegistryImpl;
-import org.eclipse.edc.identithub.verifiablepresentation.VerifiablePresentationServiceImpl;
-import org.eclipse.edc.identithub.verifiablepresentation.generators.JwtEnvelopedPresentationGenerator;
-import org.eclipse.edc.identithub.verifiablepresentation.generators.JwtPresentationGenerator;
-import org.eclipse.edc.identithub.verifiablepresentation.generators.LdpPresentationGenerator;
-import org.eclipse.edc.identityhub.accesstoken.verification.AccessTokenVerifierImpl;
+import org.eclipse.edc.identityhub.core.services.query.CredentialQueryResolverImpl;
+import org.eclipse.edc.identityhub.core.services.verifiablecredential.CredentialStatusCheckServiceImpl;
+import org.eclipse.edc.identityhub.core.services.verifiablepresentation.PresentationCreatorRegistryImpl;
+import org.eclipse.edc.identityhub.core.services.verifiablepresentation.VerifiablePresentationServiceImpl;
+import org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators.JwtEnvelopedPresentationGenerator;
+import org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators.JwtPresentationGenerator;
+import org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators.LdpPresentationGenerator;
+import org.eclipse.edc.identityhub.core.services.verification.SelfIssuedTokenVerifierImpl;
 import org.eclipse.edc.identityhub.publickey.KeyPairResourcePublicKeyResolver;
-import org.eclipse.edc.identityhub.query.CredentialQueryResolverImpl;
-import org.eclipse.edc.identityhub.spi.ScopeToCriterionTransformer;
 import org.eclipse.edc.identityhub.spi.keypair.KeyPairService;
+import org.eclipse.edc.identityhub.spi.keypair.store.KeyPairResourceStore;
 import org.eclipse.edc.identityhub.spi.model.IdentityHubConstants;
 import org.eclipse.edc.identityhub.spi.participantcontext.ParticipantContextService;
-import org.eclipse.edc.identityhub.spi.store.CredentialStore;
-import org.eclipse.edc.identityhub.spi.store.KeyPairResourceStore;
+import org.eclipse.edc.identityhub.spi.transformation.ScopeToCriterionTransformer;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.CredentialStatusCheckService;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.generator.PresentationCreatorRegistry;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.generator.VerifiablePresentationService;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.resolution.CredentialQueryResolver;
-import org.eclipse.edc.identityhub.spi.verification.AccessTokenVerifier;
+import org.eclipse.edc.identityhub.spi.verifiablecredentials.store.CredentialStore;
+import org.eclipse.edc.identityhub.spi.verification.SelfIssuedTokenVerifier;
 import org.eclipse.edc.jsonld.spi.JsonLd;
 import org.eclipse.edc.jsonld.util.JacksonJsonLd;
 import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
@@ -56,6 +56,7 @@
 import org.eclipse.edc.token.JwtGenerationService;
 import org.eclipse.edc.token.spi.TokenValidationRulesRegistry;
 import org.eclipse.edc.token.spi.TokenValidationService;
+import org.eclipse.edc.transaction.spi.TransactionContext;
 import org.eclipse.edc.verifiablecredentials.linkeddata.LdpIssuer;
 
 import java.net.URISyntaxException;
@@ -125,6 +126,8 @@ public class CoreServicesExtension implements ServiceExtension {
     private ParticipantContextService participantContextService;
     @Inject
     private JwsSignerProvider jwsSignerProvider;
+    @Inject
+    private TransactionContext transactionContext;
 
     @Override
     public String name() {
@@ -139,9 +142,9 @@ public void initialize(ServiceExtensionContext context) {
     }
 
     @Provider
-    public AccessTokenVerifier createAccessTokenVerifier(ServiceExtensionContext context) {
+    public SelfIssuedTokenVerifier createAccessTokenVerifier(ServiceExtensionContext context) {
         var keyResolver = new KeyPairResourcePublicKeyResolver(store, keyParserRegistry, context.getMonitor(), fallbackService);
-        return new AccessTokenVerifierImpl(tokenValidationService, keyResolver, tokenValidationRulesRegistry, publicKeyResolver, participantContextService);
+        return new SelfIssuedTokenVerifierImpl(tokenValidationService, keyResolver, tokenValidationRulesRegistry, publicKeyResolver, participantContextService);
     }
 
     @Provider
@@ -152,7 +155,7 @@ public CredentialQueryResolver createCredentialQueryResolver(ServiceExtensionCon
     @Provider
     public PresentationCreatorRegistry presentationCreatorRegistry(ServiceExtensionContext context) {
         if (presentationCreatorRegistry == null) {
-            presentationCreatorRegistry = new PresentationCreatorRegistryImpl(keyPairService, participantContextService);
+            presentationCreatorRegistry = new PresentationCreatorRegistryImpl(keyPairService, participantContextService, transactionContext);
             var jwtGenerationService = new JwtGenerationService(jwsSignerProvider);
             presentationCreatorRegistry.addCreator(new JwtPresentationGenerator(clock, jwtGenerationService), CredentialFormat.VC1_0_JWT);
 

diff --git a/...ub/query/CredentialQueryResolverImpl.java → ...es/query/CredentialQueryResolverImpl.java b/...ub/query/CredentialQueryResolverImpl.java → ...es/query/CredentialQueryResolverImpl.java
@@ -12,16 +12,16 @@
  *
  */
 
-package org.eclipse.edc.identityhub.query;
+package org.eclipse.edc.identityhub.core.services.query;
 
 import org.eclipse.edc.iam.identitytrust.spi.model.PresentationQueryMessage;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.RevocationServiceRegistry;
-import org.eclipse.edc.identityhub.spi.ScopeToCriterionTransformer;
-import org.eclipse.edc.identityhub.spi.store.CredentialStore;
+import org.eclipse.edc.identityhub.spi.transformation.ScopeToCriterionTransformer;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.model.VcStatus;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.model.VerifiableCredentialResource;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.resolution.CredentialQueryResolver;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.resolution.QueryResult;
+import org.eclipse.edc.identityhub.spi.verifiablecredentials.store.CredentialStore;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.query.Criterion;
 import org.eclipse.edc.spi.query.QuerySpec;
@@ -173,7 +173,7 @@ private Result<Collection<VerifiableCredentialResource>> queryCredentials(List<C
     }
 
     private QuerySpec convertToQuerySpec(Criterion criteria, String participantContextId) {
-        var filterByParticipant = new Criterion("participantId", "=", participantContextId);
+        var filterByParticipant = new Criterion("participantContextId", "=", participantContextId);
         var filterNotRevoked = new Criterion("state", "!=", VcStatus.REVOKED.code());
         var filterNotExpired = new Criterion("state", "!=", VcStatus.EXPIRED.code());
         return QuerySpec.Builder.newInstance()

diff --git a/...ial/CredentialStatusCheckServiceImpl.java → ...ial/CredentialStatusCheckServiceImpl.java b/...ial/CredentialStatusCheckServiceImpl.java → ...ial/CredentialStatusCheckServiceImpl.java
@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.identithub.verifiablecredential;
+package org.eclipse.edc.identityhub.core.services.verifiablecredential;
 
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.RevocationServiceRegistry;
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.CredentialStatusCheckService;

diff --git a/...tion/PresentationCreatorRegistryImpl.java → ...tion/PresentationCreatorRegistryImpl.java b/...tion/PresentationCreatorRegistryImpl.java → ...tion/PresentationCreatorRegistryImpl.java
@@ -13,7 +13,7 @@
  *
  */
 
-package org.eclipse.edc.identithub.verifiablepresentation;
+package org.eclipse.edc.identityhub.core.services.verifiablepresentation;
 
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredentialContainer;
@@ -27,23 +27,26 @@
 import org.eclipse.edc.identityhub.spi.verifiablecredentials.generator.PresentationGenerator;
 import org.eclipse.edc.spi.EdcException;
 import org.eclipse.edc.spi.query.Criterion;
+import org.eclipse.edc.transaction.spi.TransactionContext;
 
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 import static java.util.Optional.ofNullable;
-import static org.eclipse.edc.identithub.verifiablepresentation.generators.PresentationGeneratorConstants.CONTROLLER_ADDITIONAL_DATA;
+import static org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators.PresentationGeneratorConstants.CONTROLLER_ADDITIONAL_DATA;
 
 public class PresentationCreatorRegistryImpl implements PresentationCreatorRegistry {
 
     private final Map<CredentialFormat, PresentationGenerator<?>> creators = new HashMap<>();
     private final KeyPairService keyPairService;
     private final ParticipantContextService participantContextService;
+    private final TransactionContext transactionContext;
 
-    public PresentationCreatorRegistryImpl(KeyPairService keyPairService, ParticipantContextService participantContextService) {
+    public PresentationCreatorRegistryImpl(KeyPairService keyPairService, ParticipantContextService participantContextService, TransactionContext transactionContext) {
         this.keyPairService = keyPairService;
         this.participantContextService = participantContextService;
+        this.transactionContext = transactionContext;
     }
 
     @Override
@@ -56,28 +59,30 @@ public void addCreator(PresentationGenerator<?> creator, CredentialFormat format
     public <T> T createPresentation(String participantContextId, List<VerifiableCredentialContainer> credentials, CredentialFormat format, Map<String, Object> additionalData) {
         var creator = ofNullable(creators.get(format)).orElseThrow(() -> new EdcException("No %s was found for CredentialFormat %s".formatted(PresentationGenerator.class.getSimpleName(), format)));
 
-        var query = ParticipantResource.queryByParticipantId(participantContextId)
+        var query = ParticipantResource.queryByParticipantContextId(participantContextId)
                 .filter(new Criterion("state", "=", KeyPairState.ACTIVATED.code()))
                 .build();
 
-        var keyPairResult = keyPairService.query(query)
-                .orElseThrow(f -> new EdcException("Error obtaining private key for participant '%s': %s".formatted(participantContextId, f.getFailureDetail())));
+        return transactionContext.execute(() -> {
+            var keyPairResult = keyPairService.query(query)
+                    .orElseThrow(f -> new EdcException("Error obtaining private key for participant '%s': %s".formatted(participantContextId, f.getFailureDetail())));
 
-        // check if there is a default key pair
-        var keyPair = keyPairResult.stream().filter(KeyPairResource::isDefaultPair).findAny()
-                .orElseGet(() -> keyPairResult.stream().findFirst().orElse(null));
+            // check if there is a default key pair
+            var keyPair = keyPairResult.stream().filter(KeyPairResource::isDefaultPair).findAny()
+                    .orElseGet(() -> keyPairResult.stream().findFirst().orElse(null));
 
-        if (keyPair == null) {
-            throw new EdcException("No active key pair found for participant '%s'".formatted(participantContextId));
-        }
+            if (keyPair == null) {
+                throw new EdcException("No active key pair found for participant '%s'".formatted(participantContextId));
+            }
 
-        var did = participantContextService.getParticipantContext(participantContextId)
-                .map(ParticipantContext::getDid)
-                .orElseThrow(f -> new EdcException(f.getFailureDetail()));
+            var did = participantContextService.getParticipantContext(participantContextId)
+                    .map(ParticipantContext::getDid)
+                    .orElseThrow(f -> new EdcException(f.getFailureDetail()));
 
-        var additionalDataWithController = new HashMap<>(additionalData);
-        additionalDataWithController.put(CONTROLLER_ADDITIONAL_DATA, did);
+            var additionalDataWithController = new HashMap<>(additionalData);
+            additionalDataWithController.put(CONTROLLER_ADDITIONAL_DATA, did);
 
-        return (T) creator.generatePresentation(credentials, keyPair.getPrivateKeyAlias(), keyPair.getKeyId(), did, additionalDataWithController);
+            return (T) creator.generatePresentation(credentials, keyPair.getPrivateKeyAlias(), keyPair.getKeyId(), did, additionalDataWithController);
+        });
     }
 }
diff --git a/...on/VerifiablePresentationServiceImpl.java → ...on/VerifiablePresentationServiceImpl.java b/...on/VerifiablePresentationServiceImpl.java → ...on/VerifiablePresentationServiceImpl.java
@@ -13,7 +13,7 @@
  *
  */
 
-package org.eclipse.edc.identithub.verifiablepresentation;
+package org.eclipse.edc.identityhub.core.services.verifiablepresentation;
 
 import jakarta.json.JsonObject;
 import org.eclipse.edc.iam.identitytrust.spi.model.PresentationResponseMessage;
@@ -39,7 +39,7 @@
 import static org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat.VC1_0_JWT;
 import static org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat.VC1_0_LD;
 import static org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat.VC2_0_JOSE;
-import static org.eclipse.edc.identithub.verifiablepresentation.generators.LdpPresentationGenerator.TYPE_ADDITIONAL_DATA;
+import static org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators.LdpPresentationGenerator.TYPE_ADDITIONAL_DATA;
 
 public class VerifiablePresentationServiceImpl implements VerifiablePresentationService {
     private final PresentationCreatorRegistry registry;

diff --git a/...rs/JwtEnvelopedPresentationGenerator.java → ...rs/JwtEnvelopedPresentationGenerator.java b/...rs/JwtEnvelopedPresentationGenerator.java → ...rs/JwtEnvelopedPresentationGenerator.java
@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.identithub.verifiablepresentation.generators;
+package org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators;
 
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialFormat;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredentialContainer;
@@ -28,7 +28,7 @@
 import java.util.Map;
 
 import static org.eclipse.edc.iam.verifiablecredentials.spi.VcConstants.VC_PREFIX_V2;
-import static org.eclipse.edc.identithub.verifiablepresentation.generators.PresentationGeneratorConstants.CONTROLLER_ADDITIONAL_DATA;
+import static org.eclipse.edc.identityhub.core.services.verifiablepresentation.generators.PresentationGeneratorConstants.CONTROLLER_ADDITIONAL_DATA;
 
 /**
  * Creates verifiable presentations according to Version 2.0 of the Verifiable Credential Data Model, that are secured