feat: add authority hints support

Sphereon-Opensource · Aug 22, 2024 · ce249ec · ce249ec
1 parent eb11212
commit ce249ec
Show file tree

Hide file tree

Showing 7 changed files with 118 additions and 7 deletions.
diff --git a/.../src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/AuthorityHintController.kt b/.../src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/AuthorityHintController.kt
@@ -0,0 +1,39 @@
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.openapi.models.CreateAuthorityHintDTO
+import com.sphereon.oid.fed.persistence.models.AuthorityHint
+import com.sphereon.oid.fed.services.AuthorityHintService
+import org.springframework.web.bind.annotation.DeleteMapping
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/accounts/{accountUsername}/authority-hints")
+class AuthorityHintController {
+    private val authorityHintService = AuthorityHintService()
+
+    @GetMapping
+    fun getAuthorityHints(@PathVariable accountUsername: String): Array<AuthorityHint> {
+        return authorityHintService.findByAccountUsername(accountUsername)
+    }
+
+    @PostMapping
+    fun createAuthorityHint(
+        @PathVariable accountUsername: String,
+        @RequestBody body: CreateAuthorityHintDTO
+    ): AuthorityHint {
+        return authorityHintService.createAuthorityHint(accountUsername, body.identifier)
+    }
+
+    @DeleteMapping("/{id}")
+    fun deleteAuthorityHint(
+        @PathVariable accountUsername: String,
+        @PathVariable id: Int
+    ): AuthorityHint {
+        return authorityHintService.deleteAuthorityHint(accountUsername, id)
+    }
+}
diff --git a/modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml b/modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml
@@ -2502,6 +2502,15 @@ components:
         - key
         - value
 
+    CreateAuthorityHintDTO:
+      type: object
+      properties:
+        identifier:
+          type: string
+          description: The authority identifier.
+          example: openid_relying_party
+      required:
+        - identifier
 
     OAuthDynamicClientMetadata:
       type:
@@ -3728,4 +3737,4 @@ components:
       enum:
         - LOCAL
       description: Enum for KMS integrations.
-      example: LOCAL
+      example: LOCAL
diff --git a/...monMain/kotlin/com/sphereon/oid/fed/common/builder/EntityConfigurationStatementBuilder.kt b/...monMain/kotlin/com/sphereon/oid/fed/common/builder/EntityConfigurationStatementBuilder.kt
@@ -15,6 +15,7 @@ class EntityConfigurationStatementBuilder {
     private var iat: Int? = null
     private lateinit var jwks: Array<JwkDTO>
     private var metadata: MutableMap<String, JsonObject> = mutableMapOf()
+    private val authorityHints: MutableList<String> = mutableListOf()
 
     fun iss(iss: String) = apply { this.iss = iss }
     fun exp(exp: Int) = apply { this.exp = exp }
@@ -25,6 +26,10 @@ class EntityConfigurationStatementBuilder {
         this.metadata[metadata.first] = metadata.second
     }
 
+    fun authorityHint(hint: String) = apply {
+        this.authorityHints.add(hint)
+    }
+
     @OptIn(ExperimentalSerializationApi::class)
     private fun createJwks(jwks: Array<JwkDTO>): JsonObject {
         val jsonArray: JsonArray = Json.encodeToJsonElement(ArraySerializer(JwkDTO.serializer()), jwks) as JsonArray
@@ -41,7 +46,8 @@ class EntityConfigurationStatementBuilder {
             exp = exp ?: throw IllegalArgumentException("exp must be provided"),
             iat = iat ?: throw IllegalArgumentException("iat must be provided"),
             jwks = createJwks(jwks),
-            metadata = JsonObject(metadata)
+            metadata = JsonObject(metadata),
+            authorityHints = if (authorityHints.isNotEmpty()) authorityHints.toTypedArray() else null
         )
     }
 }
diff --git a/...stence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/AuthorityHint.sq b/...stence/src/commonMain/sqldelight/com/sphereon/oid/fed/persistence/models/AuthorityHint.sq
@@ -9,3 +9,12 @@ UPDATE AuthorityHint SET deleted_at = CURRENT_TIMESTAMP WHERE id = ? AND deleted
 
 findByAccountId:
 SELECT * FROM AuthorityHint WHERE account_id = ? AND deleted_at IS NULL;
+
+findById:
+SELECT * FROM AuthorityHint WHERE id = ? AND deleted_at IS NULL;
+
+findByAccountIdAndId:
+SELECT * FROM AuthorityHint WHERE account_id = ? AND id = ? AND deleted_at IS NULL;
+
+findByAccountIdAndIdentifier:
+SELECT * FROM AuthorityHint WHERE account_id = ? AND identifier = ? AND deleted_at IS NULL;
diff --git a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/AuthorityHintService.kt b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/AuthorityHintService.kt
@@ -0,0 +1,41 @@
+package com.sphereon.oid.fed.services
+
+import com.sphereon.oid.fed.persistence.Persistence
+import com.sphereon.oid.fed.persistence.models.AuthorityHint
+
+class AuthorityHintService {
+
+    fun createAuthorityHint(accountUsername: String, identifier: String): AuthorityHint {
+        val account = Persistence.accountQueries.findByUsername(accountUsername).executeAsOneOrNull()
+            ?: throw IllegalArgumentException(Constants.ACCOUNT_NOT_FOUND)
+
+        Persistence.authorityHintQueries.findByAccountIdAndIdentifier(account.id, identifier).executeAsOneOrNull()
+            ?: throw IllegalArgumentException(Constants.AUTHORITY_HINT_ALREADY_EXISTS)
+
+        return Persistence.authorityHintQueries.create(account.id, identifier)
+            .executeAsOneOrNull()
+            ?: throw IllegalStateException(Constants.FAILED_TO_CREATE_AUTHORITY_HINT)
+    }
+
+    fun deleteAuthorityHint(accountUsername: String, id: Int): AuthorityHint {
+        val account = Persistence.accountQueries.findByUsername(accountUsername).executeAsOneOrNull()
+            ?: throw IllegalArgumentException(Constants.ACCOUNT_NOT_FOUND)
+
+        Persistence.authorityHintQueries.findByAccountIdAndId(account.id, id).executeAsOneOrNull()
+            ?: throw IllegalArgumentException(Constants.AUTHORITY_HINT_NOT_FOUND)
+
+        return Persistence.authorityHintQueries.delete(id).executeAsOneOrNull()
+            ?: throw IllegalStateException(Constants.FAILED_TO_DELETE_AUTHORITY_HINT)
+    }
+
+    fun findByAccountId(accountId: Int): Array<AuthorityHint> {
+        return Persistence.authorityHintQueries.findByAccountId(accountId).executeAsList().toTypedArray()
+    }
+
+    fun findByAccountUsername(accountUsername: String): Array<AuthorityHint> {
+        val account = Persistence.accountQueries.findByUsername(accountUsername).executeAsOneOrNull()
+            ?: throw IllegalArgumentException(Constants.ACCOUNT_NOT_FOUND)
+
+        return findByAccountId(account.id)
+    }
+}
diff --git a/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/Constants.kt b/modules/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/Constants.kt
@@ -10,5 +10,9 @@ class Constants {
         const val ENTITY_CONFIGURATION_METADATA_ALREADY_EXISTS = "Entity configuration metadata already exists"
         const val FAILED_TO_CREATE_ENTITY_CONFIGURATION_METADATA = "Failed to create entity configuration metadata"
         const val ENTITY_CONFIGURATION_METADATA_NOT_FOUND = "Entity configuration metadata not found"
+        const val FAILED_TO_CREATE_AUTHORITY_HINT = "Failed to create authority hint"
+        const val AUTHORITY_HINT_NOT_FOUND = "Authority hint not found"
+        const val FAILED_TO_DELETE_AUTHORITY_HINT = "Failed to delete authority hint"
+        const val AUTHORITY_HINT_ALREADY_EXISTS = "Authority hint already exists"
     }
 }
diff --git a/...es/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/EntityStatementService.kt b/...es/services/src/commonMain/kotlin/com/sphereon/oid/fed/services/EntityStatementService.kt
@@ -15,16 +15,17 @@ class EntityStatementService {
     private val entityConfigurationStatementQueries = Persistence.entityConfigurationStatementQueries
     private val accountQueries = Persistence.accountQueries
     private val subordinateQueries = Persistence.subordinateQueries
+    private val authorityHintQueries = Persistence.authorityHintQueries
 
     fun findByUsername(accountUsername: String): EntityConfigurationStatement {
         val account = accountQueries.findByUsername(accountUsername).executeAsOneOrNull()
             ?: throw IllegalArgumentException(Constants.ACCOUNT_NOT_FOUND)
-
+        val identifier = accountService.getAccountIdentifier(account.username)
         val keys = keyService.getKeys(accountUsername).map { it.toJwkDTO() }.toTypedArray()
-
         val hasSubordinates = subordinateQueries.findByAccountId(account.id).executeAsList().isNotEmpty()
-
-        val identifier = accountService.getAccountIdentifier(account.username)
+        val authorityHints =
+            authorityHintQueries.findByAccountId(account.id).executeAsList().map { it.identifier }.toTypedArray()
+        val metadata = Persistence.entityConfigurationMetadataQueries.findByAccountId(account.id).executeAsList()
 
         val entityConfigurationStatement = EntityConfigurationStatementBuilder()
             .iss(identifier)
@@ -45,7 +46,9 @@ class EntityStatementService {
             )
         }
 
-        val metadata = Persistence.entityConfigurationMetadataQueries.findByAccountId(account.id).executeAsList()
+        authorityHints.forEach {
+            entityConfigurationStatement.authorityHint(it)
+        }
 
         metadata.forEach {
             entityConfigurationStatement.metadata(