Skip to content

feat: add ManufacturerCredential #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
paullatzelsperger merged 1 commit into from
Jan 20, 2026
Merged

feat: add ManufacturerCredential #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion extensions/api/mgmt/src/main/java/org/eclipse/edc/virtualized/api/data/DataRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,11 @@

package org.eclipse.edc.virtualized.api.data;

import org.jetbrains.annotations.Nullable;

public record DataRequest(
String providerId,
String policyId
String policyId,
@Nullable String policyType
) {
}
17 changes: 17 additions & 0 deletions extensions/api/mgmt/src/main/java/org/eclipse/edc/virtualized/service/Data.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
import org.eclipse.edc.policy.model.Permission;
import org.eclipse.edc.policy.model.Policy;

import java.util.Map;

public class Data {
public static final Policy MEMBERSHIP_POLICY = Policy.Builder.newInstance()
.permission(Permission.Builder.newInstance()
Expand All @@ -34,4 +36,19 @@ public class Data {
.build())
.build())
.build();

public static final Policy MANUFACTURER_POLICY = Policy.Builder.newInstance()
.permission(Permission.Builder.newInstance()
.action(Action.Builder.newInstance()
.type("http://www.w3.org/ns/odrl/2/use")
.build())
.constraint(AtomicConstraint.Builder.newInstance()
.leftExpression(new LiteralExpression("ManufacturerCredential"))
.operator(Operator.EQ)
.rightExpression(new LiteralExpression("active"))
.build())
.build())
.build();

public static final Map<String, Policy> POLICY_MAP = Map.of("membership", MEMBERSHIP_POLICY, "manufacturer", MANUFACTURER_POLICY);
}
9 changes: 7 additions & 2 deletions ...nsions/api/mgmt/src/main/java/org/eclipse/edc/virtualized/service/DataRequestService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@

import static java.net.http.HttpClient.newHttpClient;
import static java.util.Optional.ofNullable;
import static org.eclipse.edc.virtualized.service.Data.MEMBERSHIP_POLICY;
import static org.eclipse.edc.virtualized.service.Data.POLICY_MAP;

/**
* this is a wrapper service that initiates the contract negotiation and the transfer process, waits for its completion, and then downloads the data.
Expand All @@ -65,7 +67,7 @@ public DataRequestService(ContractNegotiationService contractNegotiationService,
public CompletableFuture<ServiceResult<Object>> getData(ParticipantContext participantContext, DataRequest dataRequest) {
return initiateContractNegotiation(participantContext, dataRequest)
.thenCompose(this::waitForContractNegotiation)
.thenCompose(contractNegotiation -> startTransferProcess(participantContext, contractNegotiation))
.thenCompose(agreement -> startTransferProcess(participantContext, agreement))
.thenCompose(this::waitForTransferProcess)
.thenCompose(transferProcess -> getEdr(transferProcess.getId()))
.thenCompose(this::downloadData)
Expand All @@ -87,14 +89,17 @@ private CompletableFuture<String> initiateContractNegotiation(ParticipantContext
if (addressForDid.failed()) {
return CompletableFuture.failedFuture(new RuntimeException("Could not resolve address for did: %s".formatted(addressForDid.getFailureDetail())));
}

var policy = ofNullable(dataRequest.policyType()).map(POLICY_MAP::get).orElse(MEMBERSHIP_POLICY);

var offerId = ContractOfferId.parseId(dataRequest.policyId());
var rq = ContractRequest.Builder.newInstance()
.protocol("dataspace-protocol-http:2025-1")
.counterPartyAddress(addressForDid.getContent())
.contractOffer(ContractOffer.Builder.newInstance()
.id(dataRequest.policyId())
.assetId(offerId.getContent().assetIdPart())
.policy(Data.MEMBERSHIP_POLICY.toBuilder()
.policy(policy.toBuilder()
.target(offerId.getContent().assetIdPart())
.assigner(dataRequest.providerId())
.type(PolicyType.OFFER)
Expand Down
5 changes: 5 additions & 0 deletions k8s/apps/controlplane-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,11 @@ data:
edc.iam.dcp.scopes.membership.type: "DEFAULT"
edc.iam.dcp.scopes.membership.value: "org.eclipse.edc.vc.type:MembershipCredential:read"

edc.iam.dcp.scopes.manufacturer.id: "manufacturer-scope"
edc.iam.dcp.scopes.manufacturer.type: "POLICY"
edc.iam.dcp.scopes.manufacturer.value: "org.eclipse.edc.vc.type:ManufacturerCredential:read"
edc.iam.dcp.scopes.manufacturer.prefix-mapping: "ManufacturerCredential"

# Trusted Issuers
edc.iam.trusted-issuer.issuer.id: "did:web:issuerservice.edc-v.svc.cluster.local%3A10016:issuer"

Expand Down
64 changes: 55 additions & 9 deletions k8s/apps/issuerservice-seed-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ spec:

# Create Keycloak client for Vault access
echo "Creating Vault Access Client"
curl -sf -X POST "${KC_HOST}/admin/realms/edcv/clients" \
if curl -sf -X POST "${KC_HOST}/admin/realms/edcv/clients" \
-H "Authorization: Bearer ${KC_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
Expand Down Expand Up @@ -127,9 +127,11 @@ spec:
}
}
]
}'

echo "✓ Vault Access Token created"
}'; then
echo "✓ Vault Access Token created"
else
echo "⚠ Vault Access Client creation failed (may already exist)"
fi

echo ""
echo "================================================"
Expand Down Expand Up @@ -192,7 +194,7 @@ spec:

echo ""
echo "================================================"
echo "Step 3: Create AttestationDefinition"
echo "Step 3: Create AttestationDefinitions"
echo "================================================"

# Get issuer token
Expand All @@ -208,7 +210,8 @@ spec:
exit 1
fi

# Create attestation definition
# Create attestation definitions
echo "Creating Membership AttestationDefinition"
curl -sf -X POST "http://issuerservice.edc-v.svc.cluster.local:10013/api/admin/v1alpha/participants/aXNzdWVy/attestations" \
-H "Authorization: Bearer ${ISSUER_TOKEN}" \
-H "Content-Type: application/json" \
Expand All @@ -217,15 +220,26 @@ spec:
"configuration": {},
"id": "membership-attestation-def-1"
}'

echo "Creating Manufacturer AttestationDefinition"
curl -sf -X POST "http://issuerservice.edc-v.svc.cluster.local:10013/api/admin/v1alpha/participants/aXNzdWVy/attestations" \
-H "Authorization: Bearer ${ISSUER_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"attestationType": "manufacturer",
"configuration": {},
"id": "manufacturer-attestation-def-1"
}'

echo "✓ AttestationDefinition created"
echo "✓ AttestationDefinitions created"

echo ""
echo "================================================"
echo "Step 4: Create CredentialDefinition"
echo "Step 4: Create CredentialDefinitions"
echo "================================================"

# Create credential definition
# Create credential definitions
echo "Creating Membership CredentialDefinition"
curl -sf -X POST "http://issuerservice.edc-v.svc.cluster.local:10013/api/admin/v1alpha/participants/aXNzdWVy/credentialdefinitions" \
-H "Authorization: Bearer ${ISSUER_TOKEN}" \
-H "Content-Type: application/json" \
Expand Down Expand Up @@ -256,6 +270,38 @@ spec:
"format": "VC1_0_JWT",
"validity": "604800"
}'

echo "Creating Manufacturer CredentialDefinition"
curl -sf -X POST "http://issuerservice.edc-v.svc.cluster.local:10013/api/admin/v1alpha/participants/aXNzdWVy/credentialdefinitions" \
-H "Authorization: Bearer ${ISSUER_TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"attestations": ["manufacturer-attestation-def-1"],
"credentialType": "ManufacturerCredential",
"id": "manufacturer-credential-def",
"jsonSchema": "{}",
"jsonSchemaUrl": "https://example.com/schema/manufacturer-credential.json",
"mappings": [
{
"input": "contractVersion",
"output": "credentialSubject.contractVersion",
"required": true
},
{
"input": "component_types",
"output": "credentialSubject.part_types",
"required": "true"
},
{
"input": "since",
"output": "credentialSubject.since",
"required": true
}
],
"rules": [],
"format": "VC1_0_JWT",
"validity": "604800"
}'

echo "✓ CredentialDefinition created"
echo ""
Expand Down
10 changes: 9 additions & 1 deletion k8s/apps/tenant-manager-seed-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,15 @@ spec:
"issuer": "did:web:issuerservice.edc-v.svc.cluster.local%3A10016:issuer",
"format": "VC1_0_JWT",
"id": "membership-credential-def"
}]
},
{
"type": "ManufacturerCredential",
"issuer": "did:web:issuerservice.edc-v.svc.cluster.local%3A10016:issuer",
"format": "VC1_0_JWT",
"id": "manufacturer-credential-def",
"role": "manufacturer"
}
]
}
}')

Expand Down
1 change: 0 additions & 1 deletion k8s/apps/ui.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ spec:
containers:
- name: jad-web-ui
image:
# ghcr.io/aruba-it-s-p-a/edc-client-participant-fe:3b202e0bb6c88ddef712686e635e25357852377a
ghcr.io/aruba-it-s-p-a/edc-public-participant-portal:demo-madrid
ports:
- containerPort: 80
Expand Down
12 changes: 6 additions & 6 deletions ...or/DataProcessorAttestationExtension.java → ...rer/ManufacturerAttestationExtension.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.issuerservice.seed.attestation.dataprocessor;
package org.eclipse.edc.issuerservice.seed.attestation.manufacturer;

import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationDefinitionValidatorRegistry;
import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationSourceFactoryRegistry;
Expand All @@ -21,11 +21,11 @@
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;

import static org.eclipse.edc.issuerservice.seed.attestation.dataprocessor.DataProcessorAttestationExtension.NAME;
import static org.eclipse.edc.issuerservice.seed.attestation.manufacturer.ManufacturerAttestationExtension.NAME;

@Extension(NAME)
public class DataProcessorAttestationExtension implements ServiceExtension {
public static final String NAME = "DataProcessor Attestations Extension";
public class ManufacturerAttestationExtension implements ServiceExtension {
public static final String NAME = "Manufacturer Attestations Extension";

@Inject
private AttestationSourceFactoryRegistry registry;
Expand All @@ -40,7 +40,7 @@ public String name() {

@Override
public void initialize(ServiceExtensionContext context) {
registry.registerFactory("dataprocessor", new DataProcessorAttestationSourceFactory());
validatorRegistry.registerValidator("dataprocessor", new DataProcessorAttestationSourceValidator());
registry.registerFactory("manufacturer", new ManufacturerAttestationSourceFactory());
validatorRegistry.registerValidator("manufacturer", new ManufacturerAttestationSourceValidator());
}
}
10 changes: 6 additions & 4 deletions ...essor/DataProcessorAttestationSource.java → ...cturer/ManufacturerAttestationSource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,24 +12,26 @@
*
*/

package org.eclipse.edc.issuerservice.seed.attestation.dataprocessor;
package org.eclipse.edc.issuerservice.seed.attestation.manufacturer;

import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationContext;
import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationSource;
import org.eclipse.edc.spi.result.Result;

import java.time.Instant;
import java.util.Map;

public record DataProcessorAttestationSource(Map<String, Object> config) implements AttestationSource {
public record ManufacturerAttestationSource(Map<String, Object> config) implements AttestationSource {
private static final String DEFAULT_CONTRACT_VERSION = "1.0.0";
private static final String LEVEL = "processing";

@Override
public Result<Map<String, Object>> execute(AttestationContext context) {
var contractVersion = config.getOrDefault("contractVersion", DEFAULT_CONTRACT_VERSION);

return Result.success(Map.of(
"contractVersion", contractVersion,
"level", LEVEL,
"component_types", "all",
"since", Instant.now().toString(),
"id", context.participantContextId()
));
}
Expand Down
6 changes: 3 additions & 3 deletions ...ataProcessorAttestationSourceFactory.java → ...ManufacturerAttestationSourceFactory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,16 @@
*
*/

package org.eclipse.edc.issuerservice.seed.attestation.dataprocessor;
package org.eclipse.edc.issuerservice.seed.attestation.manufacturer;

import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationSource;
import org.eclipse.edc.issuerservice.spi.issuance.attestation.AttestationSourceFactory;
import org.eclipse.edc.issuerservice.spi.issuance.model.AttestationDefinition;

public class DataProcessorAttestationSourceFactory implements AttestationSourceFactory {
public class ManufacturerAttestationSourceFactory implements AttestationSourceFactory {
@Override
public AttestationSource createSource(AttestationDefinition definition) {
var config = definition.getConfiguration();
return new DataProcessorAttestationSource(config);
return new ManufacturerAttestationSource(config);
}
}
4 changes: 2 additions & 2 deletions ...aProcessorAttestationSourceValidator.java → ...nufacturerAttestationSourceValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,13 @@
*
*/

package org.eclipse.edc.issuerservice.seed.attestation.dataprocessor;
package org.eclipse.edc.issuerservice.seed.attestation.manufacturer;

import org.eclipse.edc.issuerservice.spi.issuance.model.AttestationDefinition;
import org.eclipse.edc.validator.spi.ValidationResult;
import org.eclipse.edc.validator.spi.Validator;

public class DataProcessorAttestationSourceValidator implements Validator<AttestationDefinition> {
public class ManufacturerAttestationSourceValidator implements Validator<AttestationDefinition> {
@Override
public ValidationResult validate(AttestationDefinition input) {
return ValidationResult.success();
Expand Down
2 changes: 1 addition & 1 deletion ...rservice/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@
#
#
org.eclipse.edc.issuerservice.seed.attestation.membership.MembershipAttestationsExtension
org.eclipse.edc.issuerservice.seed.attestation.dataprocessor.DataProcessorAttestationExtension
org.eclipse.edc.issuerservice.seed.attestation.manufacturer.ManufacturerAttestationExtension
2 changes: 1 addition & 1 deletion requests/EDC-V Onboarding/CFM - Provision Consumer/Create a new Tenant.bru
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
meta {
name: Create a new Tenant
type: http
seq: 2
seq: 3
}

post {
Expand Down
14 changes: 9 additions & 5 deletions requests/EDC-V Onboarding/CFM - Provision Consumer/Deploy Participant Profile.bru
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
meta {
name: Deploy Participant Profile
type: http
seq: 3
seq: 4
}

post {
Expand All @@ -13,12 +13,16 @@ post {
body:json {
{
"id": "{{$randomAlphaNumeric}}",
"identifier": "{{participant_did}}",
"properties": {
},
"identifier": "{{participant_did}}-{{$randomNamePrefix}}",
"properties": {},
"cellId": "{{cell_id}}",
"version": 0,
"vpaProperties": {}
"vpaProperties": {},
"participantRoles": {
"{{dataspace_id}}": [
"manufacturer"
]
}
}
}

Expand Down
2 changes: 1 addition & 1 deletion requests/EDC-V Onboarding/CFM - Provision Consumer/Get Participant Profile.bru
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
meta {
name: Get Participant Profile
type: http
seq: 4
seq: 5
}

get {
Expand Down
2 changes: 1 addition & 1 deletion requests/EDC-V Onboarding/CFM - Provision Consumer/Obtain Secret from Vault.bru
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
meta {
name: Obtain Secret from Vault
type: http
seq: 5
seq: 6
}

get {
Expand Down
Loading
Loading