feat(test): add integration tests for MIW

.github/workflows/verify.yaml

@@ -135,7 +135,7 @@ jobs:
       - uses: ./.github/actions/setup-java
 
       - name: Run Integration tests
-        run: ./gradlew test -DincludeTags="ComponentTest"
+        run: ./gradlew test -DincludeTags="ComponentTest" -PverboseTest=true
 
   api-tests:
     runs-on: ubuntu-latest
@@ -146,7 +146,7 @@ jobs:
       - uses: ./.github/actions/setup-java
 
       - name: Run API tests
-        run: ./gradlew test -DincludeTags="ApiTest"
+        run: ./gradlew test -DincludeTags="ApiTest" -PverboseTest=true
 
   end-to-end-tests:
     runs-on: ubuntu-latest
@@ -157,7 +157,7 @@ jobs:
       - uses: ./.github/actions/setup-java
 
       - name: Run E2E tests
-        run: ./gradlew test -DincludeTags="EndToEndTest"
+        run: ./gradlew test -DincludeTags="EndToEndTest" -PverboseTest=true
 
   postgres-tests:
     runs-on: ubuntu-latest
@@ -185,7 +185,7 @@ jobs:
           PGPASSWORD: password
 
       - name: Run Postgresql E2E tests
-        run: ./gradlew test -DincludeTags="PostgresqlIntegrationTest"
+        run: ./gradlew test -DincludeTags="PostgresqlIntegrationTest" -PverboseTest=true
 
   ssi-integration-tests:
     runs-on: ubuntu-latest
@@ -195,11 +195,35 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - uses: ./.github/actions/setup-java
-
-      - uses: actions/checkout@v2
       - name: Starting MIW, Keycloak and Postgres Servers
         run: |
-          docker compose -f edc-tests/e2e-tests/src/test/resources/docker-compose.yml up -d 
+          cd edc-tests/miw-tests/src/test/resources
+          docker compose up --wait || docker compose logs 
+
+      - uses: nick-fields/retry@v2
+        name: Wait until MIW is booted up
+        with:
+          timeout_minutes: 1
+          max_attempts: 60
+          continue_on_error: false
+          command: |
+            code=$(curl -IL -sw "%{http_code}" http://localhost:8080/api/actuator/health -o /dev/null)
+            if [ "$code" -ne "401" ]; then
+              echo "MIW not ready, status = $code"
+              docker compose -f edc-tests/miw-tests/src/test/resources/docker-compose.yml logs
+              exit 1;
+            fi
+
+      - name: Load test data
+        run: |
+          docker ps 
+          docker exec resources-postgres-1 /opt/seed.sh
 
       - name: Run MIW E2E tests
-        run: ./gradlew test -DincludeTags="MiwIntegrationTest"
+        run: |
+          ./gradlew compileJava compileTestJava
+          ./gradlew -p edc-tests/e2e-tests test -DincludeTags="MiwIntegrationTest" -PverboseTest=true
+
+      - name: Run MIW compliance tests
+        run: |
+          ./gradlew -p edc-tests/miw-tests test -DincludeTags="MiwIntegrationTest" -PverboseTest=true

edc-tests/e2e-tests/build.gradle.kts

@@ -44,6 +44,7 @@ dependencies {
     testCompileOnly(project(":edc-tests:runtime:runtime-memory"))
     testCompileOnly(project(":edc-tests:runtime:runtime-memory-ssi"))
     testCompileOnly(project(":edc-tests:runtime:runtime-postgresql"))
+    testImplementation(libs.edc.auth.oauth2.client)
 }
 
 // do not publish

edc-tests/miw-tests/README.md

@@ -0,0 +1,3 @@
+# E2E-Tests
+
+This module contains JUnit tests that spin up multiple runtimes in one JVM.

edc-tests/miw-tests/build.gradle.kts

@@ -0,0 +1,54 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+plugins {
+    `java-library`
+}
+
+dependencies {
+    testImplementation(project(":spi:edr-cache-spi"))
+    testImplementation(project(":edc-extensions:control-plane-adapter-api"))
+    testImplementation(libs.okhttp.mockwebserver)
+    testImplementation(libs.restAssured)
+    testImplementation(libs.nimbus.jwt)
+    testImplementation(libs.postgres)
+    testImplementation(libs.awaitility)
+    testImplementation(libs.aws.s3)
+    testImplementation(libs.edc.spi.core)
+    testImplementation(libs.edc.junit)
+    testImplementation(libs.edc.spi.policy)
+    testImplementation(libs.edc.spi.contract)
+    testImplementation(libs.edc.core.api)
+    testImplementation(libs.edc.spi.catalog)
+    testImplementation(libs.edc.api.catalog)
+    testImplementation(libs.edc.api.contractnegotiation)
+    testImplementation(libs.edc.api.transferprocess)
+    testImplementation(libs.edc.spi.dataplane.selector)
+    testImplementation(libs.edc.ext.jsonld)
+    testImplementation(libs.edc.dsp)
+    testImplementation(testFixtures(libs.edc.sql.core))
+
+
+    testCompileOnly(project(":edc-tests:runtime:extensions"))
+    testCompileOnly(project(":edc-tests:runtime:runtime-memory"))
+    testCompileOnly(project(":edc-tests:runtime:runtime-memory-ssi"))
+    testCompileOnly(project(":edc-tests:runtime:runtime-postgresql"))
+    testImplementation(project(":edc-extensions:ssi:ssi-miw-credential-client"))
+    testImplementation(libs.edc.auth.oauth2.client)
+}
+
+// do not publish
+edcBuild {
+    publish.set(false)
+}

edc-tests/miw-tests/src/test/java/org/eclipse/tractusx/edc/tag/MiwIntegrationTest.java

@@ -0,0 +1,31 @@
+/*
+ *  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *
+ */
+
+package org.eclipse.tractusx.edc.tag;
+
+import org.eclipse.edc.junit.annotations.IntegrationTest;
+import org.junit.jupiter.api.Tag;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ ElementType.TYPE })
+@Retention(RetentionPolicy.RUNTIME)
+@IntegrationTest
+@Tag("MiwIntegrationTest")
+public @interface MiwIntegrationTest {
+}
+

edc-tests/miw-tests/src/test/java/org/eclipse/tractusx/edc/tests/miw/README.md

@@ -0,0 +1,72 @@
+# Function-testing the Managed-Identity-Wallet
+
+## Test setup
+
+As test subject we used a `docker-compose.yml` file located in `src/main/resources/`. From that directory, simply
+execute `docker compose up --wait`, and then, once everything is started,
+run `docker exec -i resources-postgres-1 /opt/seed.sh` to seed test data.
+
+## Test suite description
+
+### `t0001` Request and verify a VP
+
+### `t0002` Wrong audience
+
+This test asserts, that a verification request is rejected, if the wrong `audience=` query parameter is supplied.
+The `audience` query parameter must match the `aud` claim inside the token.
+
+### `t0003` A self-signed VP token is rejected
+
+This test asserts, that submitting a self-generated JWT (containing the original VP claim) should be rejected. The MIW
+should only accept JWTs that were signed by the requestor's private key, which is hosted in MIW. Currently, no JWT
+validation is done.
+
+A rejected flow would be:
+
+- request VC from MIW
+- request VP from MIW, returned in JWT format
+- decode the JWT, unpack the payload
+- generate a random keypair
+- re-use the original claims (payload) and header
+- sign with the random keypair
+
+### `t0004` A bogus JWT is rejected
+
+This test is an amendment to `t0003` in that it not only forges the JWT itself, but the JWT does not contain any of the
+required claims. For example, it does not even contain a `vp` claim, so there is no VerifiablePresentation.
+
+### `t0005` A forged VC proof (altered JWS) is rejected
+
+This test asserts, that an altered (and potentially even malformed) `jws` proof is rejected. This test specifically
+targets the use of JsonWebSignature2020, because there the `proof` object contains a `jws` field.
+
+Altering that `jws` value, here by replacing all "a" with "X" should cause the MIW to reject the verification request.
+
+### `t0006` A tampered VC proof (changed document) is rejected
+
+Similar to `t0005`, which alters the proof itself, this test alters the document, for which the proof was created.
+Technically this should alter the document hash, so the proof becomes invalid, and the MIW should reject the request.
+
+### `t0007` Forged `iss` claim is rejected
+
+In this test we construct an impersonation attack, which assumes there are at least two participants in the MIW.
+Participant 1 requests a VP, decodes it, replaces the `iss` claim with the ID of Participant 2 and - using again a
+randomly generated keypair - signs this forged VP token. This effectively gives any participant the possibility to mount
+impersonation attacks.
+
+> Note that Participant 2 was created in the database using the `src/test/resources/db.sh` script
+
+### `t0008` Invalid `iss` claim is rejected (non-existent user)
+
+This test attempts to have a JWT verified where the `iss` claim cannot be resolved.
+
+### `t0009` Invalid `iss` claim is rejected (not did:web format)
+
+This test asserts that a malformed `iss` claim is rejected by MIW. Specifically, the claim must be in `did:web:....`
+format.
+
+### `t0010` An altered `aud` claim is rejected
+
+Similar to `t0007`, and in extension to `t0003`, this test asserts, that a verification request is rejected by MIW, if
+the `aud` claim inside the JWT token was replaced.
+> Note that this attack is only possible if the integrity and provenance of the JWT is not checked, see `t0003`.