Test/con x wallet

edc-controlplane/edc-controlplane-construct-x/local/README.md

@@ -5,9 +5,8 @@ This `docker-compose.yaml` provides you a minimal environment for testing a pair
 
 It will start the following containers on your local machine: 
 
-- one instance of an issuer-service 
-- two instances of identity-hubs (for consumer and provider each)
-- two instances of our current Construct-X controlplanes (as above)
+- two instances of con-x wallets (one for a con-x issuer and one for a consumer and a provider each)
+- two instances of our current Construct-X controlplanes (one for a consumer and a provider each)
 - two instances of our current Construct-X dataplanes (as above)
 - one Postgres DB (which is, for the sake of saving you resources on your local machine, shared by all aforementioned containers)
 - one HashiCorp Vault (also shared)
@@ -17,8 +16,11 @@ It will start the following containers on your local machine:
 
 Before anything else, please make sure you have the docker images for con-x-controlplane-postgresql-hashicorp-vault in your local docker repository, see [here](../con-x-controlplane-postgresql-hashicorp-vault/README.md) and [here](../../../edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/README.md). 
 
-Beyond that, you need to obtain the docker images needed to run the identity hub and the issuer services. In order to do so, please check out this [repository](https://github.com/FraunhoferISST/dev-identity-services) and clone it onto your local machine. The upper section of this [README](https://github.com/FraunhoferISST/dev-identity-services/blob/main/runtimes/dev/README.md) informs 
-you about the steps necessary to create the docker images. 
+Beyond that, you need to obtain the docker image needed to run the wallets. The image is hosted on ghcr.io and should 
+be downloaded automatically as soon as you start the docker-compose (see below). If the image download fails, the most 
+likely reason is that you need to do a docker login first. Please use a GitHub account, that is a member of the project-construct-x GitHub organization. If you don't already have one, you will need to create a Personal Access Token (classic) on your GitHub account. This token should minimally have the 'read:packages' privilege. 
+
+Then please open a shell and do a docker login with that token as described [here](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic).
 
 
 ### Start the environment
@@ -59,11 +61,10 @@ The issuer-participant will act as the dataspaces' trusted issuer. This issuer i
 out verifiable credentials, which the members of the dataspace can use to prove their membership (or potentially other
 relevant properties of themselves) to other partners in the same dataspace. After the registration of the issuer we are
 also providing the basic definition of the credential that shall be issued. And we also need register the expected (
-user-) members of the dataspace at the issuer service as holders at the trusted issuer's participant context. 
-
-Assuming that the majority of users does not (at least in the beginning) want to get into the details of designing credentials, you can most probably skip the `Optionalconfig` folder (though it does no harm, if you run these requests, as long as you don't edit these requests in any way). If you're interested in the (rather advanced) topic of using customized credential subject contents in your credentials, you can take a further look at this [README](https://github.com/FraunhoferISST/dev-identity-services/blob/main/runtimes/dev/README.md). 
+user-) members of the dataspace at the issuer service as holders at the trusted issuer's participant context.
 
-Pretty much the same goes for the `createAttestation` and the `createCredentialDef` requests. If you're an average user, you just need to know that 
+The `createAttestation` and the `createCredentialDef` requests are technically necessary to prepare the issuer to handle 
+incoming credential requests from the consumer and provider wallet. If you're an average user, you just need to know that 
 they are a technical necessity at this point and you just to need to run them to ensure that rest of the requests in this collection can be executed properly. 
 
 ### Create a consumer and a provider identity
@@ -79,15 +80,6 @@ respectively. And we can also do some kind of a simulated DCP flow with the just
 documentation in the Bruno collection if you are interested in learning some more details (though that is directed at
 the more advanced members of the audience here, beginners can definitely skip that part).
 
-#### Known issue / validating the identity setup
-In rare cases (chances seem to be below 0.5 %) there is currently a possibility, that one of the `CreateParticipant` calls may (silently) fail. We assume that this is something that needs to be fixed on the upstream EDC identity hub project. See this [issue](https://github.com/eclipse-edc/IdentityHub/issues/913) for details. If you are unfortunate enough encounter this bug, you should notice that one of the calls in the `InspectOutcome` folder shows an empty response and that (at least) the last call of `Simulated DCP Flow` shows a negative test result. 
-
-If one encounter one these symptoms, we would suggest that you cleanly restart the entire docker compose (see below). Chances 
-are near 99 % that on your next attempt, you won't encounter this problem again. 
-
-Also, if you're interested in some more details 
-
-
 ### Do a transaction between provider and consumer
 
 Finally, we are ready now to do a more or less 'normal' DSP/DCP protocol backed transaction between the consumer and the

edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh

@@ -49,4 +49,29 @@ create_and_store_keypair() {
 # create keypair for consumer and provider dataplane:
 
 create_and_store_keypair "cons"
-create_and_store_keypair "prov"
+create_and_store_keypair "prov"
+
+create_and_store_aes_key() {
+  local prefix=$1
+  local aes_key
+
+  # AES-Key erzeugen
+  aes_key="$(openssl rand -base64 32 | tr -d '\n')"
+
+  # AES-Key in Vault schreiben, Pfad an Prefix koppeln
+  jq -n --arg content "$aes_key" '{data:{content:$content}}' | \
+    curl -sSf \
+      -H "X-Vault-Token: $TOKEN" \
+      -H "Content-Type: application/json" \
+      -X POST \
+      --data-binary @- \
+      "$VAULT/v1/secret/data/${prefix}-aes-key-alias" \
+    || { echo "Failed to create aes key entry for ${prefix}"; exit 1; }
+
+  echo "AES key stored at secret/data/${prefix}-aes-key-alias"
+}
+
+# create AES keys for wallets
+create_and_store_aes_key "issuer-wallet"
+create_and_store_aes_key "consumer-wallet"
+create_and_store_aes_key "provider-wallet"

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru

@@ -19,17 +19,17 @@ vars {
   PROVIDER_IDHUB_ID_API: http://localhost:21100/api/identity
   PROVIDER_IDHUB_STS_API: http://localhost:21500/api/sts
   PROVIDER_IDHUB_CREDS_API: http://localhost:21600/api/credentials
-  ISS_ID: did:web:local-issuer-service:con-x-issuer
-  CONS_ID: did:web:consumer-idhub:user:consumer
-  PROV_ID: did:web:provider-idhub:user:provider
-  B64_ISS_ID: 
-  B64_CONS_ID: 
-  B64_PROV_ID: 
+  ISS_ID: did:web:local-issuer-wallet:con-x-issuer
+  CONS_ID: did:web:consumer-wallet:user:consumer
+  PROV_ID: did:web:provider-wallet:user:provider
   cons_access_token: eyJraWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIja2V5LTEiLCJhbGciOiJFZDI1NTE5In0.eyJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIiLCJuYmYiOjE3NzAyNzg5NTQsInNjb3BlIjoib3JnLmVjbGlwc2UudHJhY3R1c3gudmMudHlwZTpNZW1iZXJzaGlwQ3JlZGVudGlhbDpyZWFkIiwiaXNzIjoiZGlkOndlYjpjb25zdW1lci1pZGh1Yjp1c2VyOmNvbnN1bWVyIiwiZXhwIjoxNzcwMjc5MjU0LCJpYXQiOjE3NzAyNzg5NTQsImp0aSI6ImFjY2Vzc3Rva2VuLTcxYThmNTA5LTgwYTktNDMwZC1iMjU0LTMxNGFiYTBkNjY5OSJ9.ipRpdi_Ekh7y4IIqhqLgHU35Fn7NNkv6e6hILXy8pZObdy33y3MKppI61424eyHwqzmh7X2kwV2S5gDy3aOKCQ
   prov_access_token: eyJraWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIja2V5LTEiLCJhbGciOiJFZDI1NTE5In0.eyJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJuYmYiOjE3NzAyNzg5NTUsImlzcyI6ImRpZDp3ZWI6cHJvdmlkZXItaWRodWI6dXNlcjpwcm92aWRlciIsImV4cCI6MTc3MDI3OTI1NSwiaWF0IjoxNzcwMjc4OTU1LCJqdGkiOiJkNjA0MTVjOS1kMGM0LTRiNWQtYjI4My01ZmNmYjhlMDY2OGQiLCJ0b2tlbiI6ImV5SnJhV1FpT2lKa2FXUTZkMlZpT21OdmJuTjFiV1Z5TFdsa2FIVmlPblZ6WlhJNlkyOXVjM1Z0WlhJamEyVjVMVEVpTENKaGJHY2lPaUpGWkRJMU5URTVJbjAuZXlKaGRXUWlPaUprYVdRNmQyVmlPbU52Ym5OMWJXVnlMV2xrYUhWaU9uVnpaWEk2WTI5dWMzVnRaWElpTENKemRXSWlPaUprYVdRNmQyVmlPbkJ5YjNacFpHVnlMV2xrYUhWaU9uVnpaWEk2Y0hKdmRtbGtaWElpTENKdVltWWlPakUzTnpBeU56ZzVOVFFzSW5OamIzQmxJam9pYjNKbkxtVmpiR2x3YzJVdWRISmhZM1IxYzNndWRtTXVkSGx3WlRwTlpXMWlaWEp6YUdsd1EzSmxaR1Z1ZEdsaGJEcHlaV0ZrSWl3aWFYTnpJam9pWkdsa09uZGxZanBqYjI1emRXMWxjaTFwWkdoMVlqcDFjMlZ5T21OdmJuTjFiV1Z5SWl3aVpYaHdJam94Tnpjd01qYzVNalUwTENKcFlYUWlPakUzTnpBeU56ZzVOVFFzSW1wMGFTSTZJbUZqWTJWemMzUnZhMlZ1TFRjeFlUaG1OVEE1TFRnd1lUa3RORE13WkMxaU1qVTBMVE14TkdGaVlUQmtOalk1T1NKOS5pcFJwZGlfRWtoN3k0SUlxaHFMZ0hVMzVGbjdOTmt2NmU2aElMWHk4cFpPYmR5MzN5M01LcHBJNjE0MjRleUh3cXptaDdYMmt3VjJTNWdEeTNhT0tDUSJ9.42YDTnuzZ0RprqLjFw6hUoAXrgpPxyzKNFrqLdbWz6HXAiujkq32QAFU-M9gtQ0hMNcjshRZUX6DryBWxhGNDw
   offerId: MQ==:YXNzZXRJZA==:MDFhN2ZjYWYtODgzOS00N2JmLTllZDAtM2Y0YjliMTFiOWM5
   negotiation-id: 3745ad50-6b99-4142-bf1a-509b3d0e313d
   contractId: 3345f7f1-f735-4c92-8aa2-6e137203b2f9
   transferId: 3ebe55c6-900a-4c03-b213-20c5c3f0274d
   pullSecret: eyJraWQiOiJwcm92X3B1YiIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJhbm9ueW1vdXMiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJzdWIiOiJhbm9ueW1vdXMiLCJpYXQiOjE3NzAyNzg5ODgsImp0aSI6IjUwYWQxMjk3LWZhN2QtNDI0ZC1hNjBhLTg5M2MwMGE4OTZhYyJ9.GkSz0qXhFmqPaLQpfPLkAvODX-iekoAQvLh3Kglhm7DApNF3PsGnv-Qzm7m8eNAqTUTWB9XXkRng_XqWmuAd-FWvzwG8d7ZaAahuykkOgX1W7vHWBMdJa-zvNm0cnzm-TQLWYCU-tDSKk_g_UrDUaFf9Jdq-avCoer3wcZrEmrf0K4o_WWs-l5hZEfDIOYHRsgoCY3P8pMcZYRjV57zdLUDl9SvLuCRR0ex0fKxJ2pb7mlaCL5ooD6fRaqWyrLvrIKZaDYfwKrX7IRJT9ePKyls9VKA9JBakh676L0jBr5-2TYG3uE9Xhyv4CZlqyck-_NyiL4Jao8-lL5FVCbPDVQ
+  ISS_PART_CONT: localissuer
+  CONS_PART_CONT: consumer
+  PROV_PART_CONT: provider
 }

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru

@@ -14,6 +14,19 @@ headers {
   x-api-key: YWRtaW4.adminKey
 }
 
+script:pre-request {
+  const t = Date.now();
+  await new Promise(resolve => setTimeout(resolve, 2500));
+  console.log("Waited " + (Date.now() - t) + " ms");
+}
+
+tests {
+  test("Got non-empty response", function(){
+    const body = res.getBody();
+    expect(body).to.be.an("array").that.is.not.empty;
+  })
+}
+
 settings {
   encodeUrl: true
   timeout: 0

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials.bru

@@ -14,6 +14,13 @@ headers {
   x-api-key: YWRtaW4.adminKey
 }
 
+tests {
+  test("Got non-empty response", function(){
+    const body = res.getBody()
+    expect(body).to.be.an("array").that.is.not.empty;
+  })
+}
+
 settings {
   encodeUrl: true
   timeout: 0

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru

@@ -16,30 +16,37 @@ headers {
 
 body:json {
   {
-      "roles":[],
-      "serviceEndpoints":[{
+    "roles": [],
+    "serviceEndpoints": [
+      {
         "id": "ConsumerCredentialService-ID",
-        "type": "CredentialService", 
-        "serviceEndpoint": "http://consumer-idhub:13131/api/credentials/v1/participants/{{B64_CONS_ID}}"
-      }],
-      "active": true,
-      "participantContextId": "{{CONS_ID}}",
-      "did": "{{CONS_ID}}",
-      "key":{
-          "keyId": "{{CONS_ID}}#key-1",
-          "privateKeyAlias": "{{CONS_ID}}-alias",
-          "keyGeneratorParams":{
-              "algorithm": "EdDSA",
-              "curve": "Ed25519"
-          }
+        "type": "CredentialService",
+        "serviceEndpoint": "http://consumer-wallet:13131/api/credentials/v1/participants/{{CONS_PART_CONT}}"
+      },
+      {
+        "id": "ConsumerIssuerService-ID",
+        "type": "IssuerService",
+        "serviceEndpoint": "http://consumer-wallet:13132/api/issuance/v1alpha/participants/{{CONS_PART_CONT}}"
       }
+    ],
+    "active": true,
+    "participantContextId": "{{CONS_PART_CONT}}",
+    "did": "{{CONS_ID}}",
+    "key": {
+      "keyId": "{{CONS_ID}}#key-1",
+      "privateKeyAlias": "{{CONS_ID}}-alias",
+      "keyGeneratorParams": {
+        "algorithm": "EdDSA",
+        "curve": "Ed25519"
+      }
+    }
   }
 }
 
 script:pre-request {
-  const btoa = require("btoa");
   const cons_id = bru.getEnvVar("CONS_ID");
-  bru.setEnvVar("B64_CONS_ID", btoa(cons_id));
+  const participantContext = cons_id.split(":").slice(3).join(":").replace(/:/g, "-");
+  bru.setEnvVar("CONS_PART_CONT", participantContext);
 }
 
 script:post-response {

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru

@@ -1,7 +1,7 @@
 meta {
   name: Get Consumer DID Doc
   type: http
-  seq: 2
+  seq: 3
 }
 
 get {
@@ -11,7 +11,7 @@ get {
 }
 
 headers {
-  Host: consumer-idhub
+  Host: consumer-wallet
 }
 
 settings {

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru → edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerDevMemCredential.bru

@@ -1,11 +1,11 @@
 meta {
-  name: RequestConsumerCredential
+  name: RequestConsumerDevMemCredential
   type: http
-  seq: 3
+  seq: 2
 }
 
 post {
-  url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/participants/{{B64_CONS_ID}}/credentials/request
+  url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/participants/{{CONS_PART_CONT}}/credentials/request
   body: json
   auth: none
 }
@@ -16,15 +16,15 @@ body:json {
       "credentials": [{
           "format": "VC1_0_JWT",
           "type": "MembershipCredential", 
-          "id": "MC-Cred-Def"
+          "id": "dev-credential-def-1"
       }]
   }
 }
 
 script:pre-request {
-  const btoa = require("btoa");
   const cons_id = bru.getEnvVar("CONS_ID");
-  bru.setEnvVar("B64_CONS_ID", btoa(cons_id));
+  const participantContext = cons_id.split(":").slice(3).join(":").replace(/:/g, "-");
+  bru.setEnvVar("CONS_PART_CONT", participantContext);
   req.setHeader("x-api-key", bru.getEnvVar("CONSUMER_IH_APIKEY"));
 }
 

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru

@@ -19,13 +19,18 @@ body:json {
     "roles": [],
     "serviceEndpoints": [
       {
-        "id": "Issuer-IssuerService", 
-        "type": "IssuerService", 
-        "serviceEndpoint": "http://local-issuer-service:13132/api/issuance/v1alpha/participants/{{B64_ISS_ID}}"
+        "id": "IssuerIssuerService-ID",
+        "type": "IssuerService",
+        "serviceEndpoint": "http://local-issuer-wallet:13132/api/issuance/v1alpha/participants/{{ISS_PART_CONT}}"
+      },
+      {
+        "id": "IssuerCredentialService-ID",
+        "type": "CredentialService",
+        "serviceEndpoint": "http://local-issuer-wallet:13131/api/credentials/v1/participants/{{ISS_PART_CONT}}"
       }
     ],
     "active": true,
-    "participantContextId": "{{ISS_ID}}",
+    "participantContextId": "{{ISS_PART_CONT}}",
     "did": "{{ISS_ID}}",
     "key": {
       "keyId": "{{ISS_ID}}#key-1",
@@ -39,9 +44,9 @@ body:json {
 }
 
 script:pre-request {
-  const btoa = require("btoa");
   const iss_id = bru.getEnvVar("ISS_ID");
-  bru.setEnvVar("B64_ISS_ID", btoa(iss_id));
+  const participantContext = iss_id.split(":").slice(3).join(":").replace(/:/g, "-");
+  bru.setEnvVar("ISS_PART_CONT", participantContext);
 }
 
 script:post-response {

edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Get Issuer DID Doc.bru

@@ -0,0 +1,20 @@
+meta {
+  name: Get Issuer DID Doc
+  type: http
+  seq: 2
+}
+
+get {
+  url: {{ISSUER_DID_API}}/con-x-issuer/did.json
+  body: none
+  auth: inherit
+}
+
+headers {
+  Host: local-issuer-wallet
+}
+
+settings {
+  encodeUrl: true
+  timeout: 0
+}