Fix missing result check in DecentralizedIdentityService

bscholtes1A · bscholtes1A · commit 9aa1d0abaa82 · 2022-09-23T13:52:26.000+02:00
diff --git a/extensions/common/iam/decentralized-identity/identity-did-service/src/main/java/org/eclipse/dataspaceconnector/identity/DecentralizedIdentityService.java b/extensions/common/iam/decentralized-identity/identity-did-service/src/main/java/org/eclipse/dataspaceconnector/identity/DecentralizedIdentityService.java
@@ -93,6 +93,10 @@ public Result<ClaimToken> verifyJwtToken(TokenRepresentation tokenRepresentation
 
             monitor.debug("verification successful! Fetching data from IdentityHub");
             var credentialsResult = credentialsVerifier.getVerifiedCredentials(didResult.getContent());
+            if (credentialsResult.failed()) {
+                credentialsResult.getFailureMessages().forEach(m -> monitor.debug(() -> "Failure when getting verified credentials: " + m));
+                return Result.failure("Failed to get verifiable credentials: " + credentialsResult.getFailureDetail());
+            }
 
             monitor.debug("Building ClaimToken");
             var tokenBuilder = ClaimToken.Builder.newInstance();
diff --git a/extensions/common/iam/decentralized-identity/identity-did-service/src/test/java/org/eclipse/dataspaceconnector/identity/DecentralizedIdentityServiceTest.java b/extensions/common/iam/decentralized-identity/identity-did-service/src/test/java/org/eclipse/dataspaceconnector/identity/DecentralizedIdentityServiceTest.java
@@ -14,6 +14,14 @@
 
 package org.eclipse.dataspaceconnector.identity;
 
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.eclipse.dataspaceconnector.junit.testfixtures.TestUtils.getResourceFileContentAsString;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jose.jwk.ECKey;
@@ -26,7 +34,6 @@
 import org.eclipse.dataspaceconnector.iam.did.spi.document.VerificationMethod;
 import org.eclipse.dataspaceconnector.iam.did.spi.resolution.DidResolver;
 import org.eclipse.dataspaceconnector.iam.did.spi.resolution.DidResolverRegistry;
-import org.eclipse.dataspaceconnector.spi.iam.ClaimToken;
 import org.eclipse.dataspaceconnector.spi.iam.TokenParameters;
 import org.eclipse.dataspaceconnector.spi.monitor.ConsoleMonitor;
 import org.eclipse.dataspaceconnector.spi.result.Result;
@@ -36,10 +43,7 @@
 
 import java.time.Clock;
 import java.util.Map;
-
-import static org.eclipse.dataspaceconnector.junit.testfixtures.TestUtils.getResourceFileContentAsString;
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import java.util.UUID;
 
 /**
  * Test the {@link DecentralizedIdentityService} with a key algorithm. See {@link WithP256Test} for concrete impl.
@@ -48,30 +52,47 @@
 abstract class DecentralizedIdentityServiceTest {
     private static final String DID_DOCUMENT = getResourceFileContentAsString("dids.json");
 
+    private CredentialsVerifier credentialsVerifierMock;
     private DecentralizedIdentityService identityService;
 
     @Test
     void generateAndVerifyJwtToken_valid() {
-        var result = identityService.obtainClientCredentials(TokenParameters.Builder.newInstance()
-                .scope("Foo")
-                .audience("Bar")
-                .build());
+        when(credentialsVerifierMock.getVerifiedCredentials(any())).thenReturn(Result.success(Map.of("region", "eu")));
+
+        var result = identityService.obtainClientCredentials(defaultTokenParameters());
         assertTrue(result.succeeded());
 
-        Result<ClaimToken> verificationResult = identityService.verifyJwtToken(result.getContent(), "Bar");
+        var verificationResult = identityService.verifyJwtToken(result.getContent(), "Bar");
         assertTrue(verificationResult.succeeded());
         assertEquals("eu", verificationResult.getContent().getClaims().get("region"));
     }
 
     @Test
     void generateAndVerifyJwtToken_wrongAudience() {
-        var result = identityService.obtainClientCredentials(TokenParameters.Builder.newInstance()
-                .scope("Foo")
-                .audience("Bar")
-                .build());
+        var result = identityService.obtainClientCredentials(defaultTokenParameters());
+
+        var verificationResult = identityService.verifyJwtToken(result.getContent(), "Bar2");
+        assertTrue(verificationResult.failed());
+    }
+
+    @Test
+    void generateAndVerifyJwtToken_getVerifiedCredentialsFailed() {
+        var errorMsg = UUID.randomUUID().toString();
+        when(credentialsVerifierMock.getVerifiedCredentials(any())).thenReturn(Result.failure(errorMsg));
 
-        Result<ClaimToken> verificationResult = identityService.verifyJwtToken(result.getContent(), "Bar2");
+        var result = identityService.obtainClientCredentials(defaultTokenParameters());
+        assertTrue(result.succeeded());
+
+        var verificationResult = identityService.verifyJwtToken(result.getContent(), "Bar");
         assertTrue(verificationResult.failed());
+        assertThat(verificationResult.getFailureDetail()).contains(errorMsg);
+    }
+
+    private static TokenParameters defaultTokenParameters() {
+        return TokenParameters.Builder.newInstance()
+                .scope("Foo")
+                .audience("Bar")
+                .build();
     }
 
     @BeforeEach
@@ -80,9 +101,9 @@ void setUp() {
         var privateKey = new EcPrivateKeyWrapper(keyPair.toECKey());
 
         var didResolver = new TestResolverRegistry(DID_DOCUMENT, keyPair);
-        CredentialsVerifier verifier = document -> Result.success(Map.of("region", "eu"));
-        String didUrl = "random.did.url";
-        identityService = new DecentralizedIdentityService(didResolver, verifier, new ConsoleMonitor(), privateKey, didUrl, Clock.systemUTC());
+        credentialsVerifierMock = mock(CredentialsVerifier.class);
+        var didUrl = "random.did.url";
+        identityService = new DecentralizedIdentityService(didResolver, credentialsVerifierMock, new ConsoleMonitor(), privateKey, didUrl, Clock.systemUTC());
     }
 
     @NotNull
@@ -114,7 +135,7 @@ public void register(DidResolver resolver) {
         public Result<DidDocument> resolve(String didKey) {
             try {
                 var did = new ObjectMapper().readValue(hubUrlDid, DidDocument.class);
-                ECKey key = (ECKey) keyPair.toPublicJWK();
+                var key = (ECKey) keyPair.toPublicJWK();
                 did.getVerificationMethod().add(VerificationMethod.Builder.create()
                         .type("JsonWebKey2020")
                         .id("test-key")
