add cors config for external wallets (#22)

* add cors config for external wallets

* adjust cors

* rename package

* remove security hotspot

* add tests

* remove sonar exclusions

* add test

* add csrf disable

* add csrf disable for specific endpoints

* add csrf disable for specific endpoints

* add csrf disable for specific matchers

CHANGELOG.md

@@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [v1.0.10](https://github.com/in2workspace/in2-verifier-api/releases/tag/v1.0.9)
+## [v1.0.11](https://github.com/in2workspace/in2-verifier-api/releases/tag/v1.0.11)
+### Fixed
+- Add cors configuration to allow requests from external wallets, on the endpoints the wallet use.
+
+## [v1.0.10](https://github.com/in2workspace/in2-verifier-api/releases/tag/v1.0.10)
 ### Fixed
 - Add an error page for errors during the client authentication request.
 

build.gradle

@@ -10,7 +10,7 @@ plugins {
 }
 
 group = 'es.in2'
-version = '1.0.10'
+version = '1.0.11'
 
 java {
 	toolchain {
@@ -46,11 +46,10 @@ sonar {
 		property "sonar.organization", "in2workspace"
 		property "sonar.host.url", "https://sonarcloud.io"
 		property 'sonar.coverage.exclusions',
-				"src/main/java/es/in2/vcverifier/VcVerifierApplication.java, " +
-						"src/main/java/es/in2/vcverifier/service/impl/ClientAssertionValidationServiceImpl.java, " +
-						"src/main/java/es/in2/vcverifier/service/impl/TrustFrameworkServiceImpl.java, " +
-						"src/main/java/es/in2/vcverifier/service/impl/CertificateValidationServiceImpl.java, " +
-						"src/main/java/es/in2/vcverifier/exception/MismatchOrganizationIdentifierException.java"
+				"src/main/java/es/in2/verifier/VerifierApplication.java, " +
+						"src/main/java/es/in2/verifier/service/impl/TrustFrameworkServiceImpl.java, " +
+						"src/main/java/es/in2/verifier/service/impl/CertificateValidationServiceImpl.java, " +
+						"src/main/java/es/in2/verifier/exception/MismatchOrganizationIdentifierException.java"
 	}
 }
 
@@ -67,12 +66,12 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-actuator'
 	// Cryptography
 	implementation 'com.nimbusds:nimbus-jose-jwt:9.40'
-	implementation 'org.bitcoinj:bitcoinj-core:0.17-alpha5'
+	implementation 'org.bitcoinj:bitcoinj-core:0.17-beta1'
 	implementation 'io.github.novacrypto:Base58:2022.01.17'
 	//Jackson
 	implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.2'
 	// JSON
-	implementation 'org.json:json:20230227'
+	implementation 'org.json:json:20240303'
 	// QR GENERATOR
 	implementation 'com.github.kenglxn.QRGen:javase:3.0.1'
 	// DevTools
@@ -122,7 +121,6 @@ tasks.jacocoTestReport {
 	}
 	classDirectories.setFrom(files(classDirectories.files.collect {
 		fileTree(dir: it, exclude: [
-				"**/AuthorizationResponseProcessorServiceImpl.class",
 				"**/TrustFrameworkServiceImpl.class",
 				"**/CertificateValidationServiceImpl.class",
 				"**/MismatchOrganizationIdentifierException.class",

src/main/java/es/in2/vcverifier/VcVerifierApplication.java → src/main/java/es/in2/verifier/VerifierApplication.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier;
+package es.in2.verifier;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.DeserializationFeature;
@@ -14,7 +14,7 @@
 @SpringBootApplication
 @EnableConfigurationProperties
 @ConfigurationPropertiesScan
-public class VcVerifierApplication {
+public class VerifierApplication {
 
     private static final ObjectMapper OBJECT_MAPPER =
             JsonMapper.builder()
@@ -23,7 +23,7 @@ public class VcVerifierApplication {
                     .serializationInclusion(JsonInclude.Include.NON_NULL)
                     .build();
     public static void main(String[] args) {
-        SpringApplication.run(VcVerifierApplication.class, args);
+        SpringApplication.run(VerifierApplication.class, args);
     }
 
     @Bean

src/main/java/es/in2/vcverifier/component/CryptoComponent.java → src/main/java/es/in2/verifier/component/CryptoComponent.java

@@ -1,13 +1,13 @@
-package es.in2.vcverifier.component;
+package es.in2.verifier.component;
 
 import com.nimbusds.jose.crypto.bc.BouncyCastleProviderSingleton;
 import com.nimbusds.jose.jwk.Curve;
 import com.nimbusds.jose.jwk.ECKey;
 import com.nimbusds.jose.jwk.KeyUse;
-import es.in2.vcverifier.config.CryptoConfig;
-import es.in2.vcverifier.exception.DidKeyCreationException;
-import es.in2.vcverifier.exception.ECKeyCreationException;
-import es.in2.vcverifier.util.UVarInt;
+import es.in2.verifier.config.CryptoConfig;
+import es.in2.verifier.exception.DidKeyCreationException;
+import es.in2.verifier.exception.ECKeyCreationException;
+import es.in2.verifier.util.UVarInt;
 import lombok.RequiredArgsConstructor;
 import org.bitcoinj.base.Base58;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;

src/main/java/es/in2/vcverifier/config/CacheStore.java → src/main/java/es/in2/verifier/config/CacheStore.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config;
+package es.in2.verifier.config;
 
 import com.google.common.cache.Cache;
 import com.google.common.cache.CacheBuilder;

src/main/java/es/in2/vcverifier/config/CacheStoreConfig.java → src/main/java/es/in2/verifier/config/CacheStoreConfig.java

@@ -1,8 +1,8 @@
-package es.in2.vcverifier.config;
+package es.in2.verifier.config;
 
-import es.in2.vcverifier.config.properties.SecurityProperties;
-import es.in2.vcverifier.model.AuthorizationCodeData;
-import es.in2.vcverifier.model.AuthorizationRequestJWT;
+import es.in2.verifier.config.properties.SecurityProperties;
+import es.in2.verifier.model.AuthorizationCodeData;
+import es.in2.verifier.model.AuthorizationRequestJWT;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

src/main/java/es/in2/vcverifier/config/ClientLoaderConfig.java → src/main/java/es/in2/verifier/config/ClientLoaderConfig.java

@@ -1,9 +1,9 @@
-package es.in2.vcverifier.config;
+package es.in2.verifier.config;
 
-import es.in2.vcverifier.exception.ClientLoadingException;
-import es.in2.vcverifier.model.ClientData;
-import es.in2.vcverifier.model.ExternalTrustedListYamlData;
-import es.in2.vcverifier.service.TrustFrameworkService;
+import es.in2.verifier.exception.ClientLoadingException;
+import es.in2.verifier.model.ClientData;
+import es.in2.verifier.model.ExternalTrustedListYamlData;
+import es.in2.verifier.service.TrustFrameworkService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

src/main/java/es/in2/vcverifier/config/CryptoConfig.java → src/main/java/es/in2/verifier/config/CryptoConfig.java

@@ -1,6 +1,6 @@
-package es.in2.vcverifier.config;
+package es.in2.verifier.config;
 
-import es.in2.vcverifier.config.properties.CryptoProperties;
+import es.in2.verifier.config.properties.CryptoProperties;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Configuration;
 

src/main/java/es/in2/vcverifier/config/JtiTokenCache.java → src/main/java/es/in2/verifier/config/JtiTokenCache.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config;
+package es.in2.verifier.config;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;

src/main/java/es/in2/vcverifier/config/WebSocketConfig.java → src/main/java/es/in2/verifier/config/WebSocketConfig.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config;
+package es.in2.verifier.config;
 
 import org.springframework.context.annotation.Configuration;
 import org.springframework.messaging.simp.config.MessageBrokerRegistry;

src/main/java/es/in2/vcverifier/config/properties/CryptoProperties.java → src/main/java/es/in2/verifier/config/properties/CryptoProperties.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config.properties;
+package es.in2.verifier.config.properties;
 
 import jakarta.validation.constraints.NotNull;
 import org.springframework.boot.context.properties.ConfigurationProperties;

src/main/java/es/in2/vcverifier/config/properties/SecurityProperties.java → src/main/java/es/in2/verifier/config/properties/SecurityProperties.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config.properties;
+package es.in2.verifier.config.properties;
 
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.NotNull;
@@ -9,7 +9,7 @@
 
 import java.util.Optional;
 
-import static es.in2.vcverifier.util.Constants.MINUTES;
+import static es.in2.verifier.util.Constants.MINUTES;
 @Validated
 @ConfigurationProperties(prefix = "security")
 public record SecurityProperties(

src/main/java/es/in2/vcverifier/config/properties/TrustFrameworkProperties.java → src/main/java/es/in2/verifier/config/properties/TrustFrameworkProperties.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config.properties;
+package es.in2.verifier.config.properties;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.NestedConfigurationProperty;

src/main/java/es/in2/vcverifier/config/properties/VerifierUiLoginUrisProperties.java → src/main/java/es/in2/verifier/config/properties/VerifierUiLoginUrisProperties.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.config.properties;
+package es.in2.verifier.config.properties;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
 

src/main/java/es/in2/vcverifier/controller/ClientErrorController.java → src/main/java/es/in2/verifier/controller/ClientErrorController.java

@@ -1,6 +1,6 @@
-package es.in2.vcverifier.controller;
+package es.in2.verifier.controller;
 
-import es.in2.vcverifier.config.properties.VerifierUiLoginUrisProperties;
+import es.in2.verifier.config.properties.VerifierUiLoginUrisProperties;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
 import org.springframework.stereotype.Controller;

src/main/java/es/in2/vcverifier/controller/LoginQrController.java → src/main/java/es/in2/verifier/controller/LoginQrController.java

@@ -1,8 +1,8 @@
-package es.in2.vcverifier.controller;
+package es.in2.verifier.controller;
 
-import es.in2.vcverifier.config.properties.SecurityProperties;
-import es.in2.vcverifier.config.properties.VerifierUiLoginUrisProperties;
-import es.in2.vcverifier.exception.QRCodeGenerationException;
+import es.in2.verifier.config.properties.SecurityProperties;
+import es.in2.verifier.config.properties.VerifierUiLoginUrisProperties;
+import es.in2.verifier.exception.QRCodeGenerationException;
 import lombok.RequiredArgsConstructor;
 import net.glxn.qrgen.javase.QRCode;
 import org.springframework.http.HttpStatus;

src/main/java/es/in2/vcverifier/controller/Oid4vpController.java → src/main/java/es/in2/verifier/controller/Oid4vpController.java

@@ -1,9 +1,9 @@
-package es.in2.vcverifier.controller;
+package es.in2.verifier.controller;
 
-import es.in2.vcverifier.config.CacheStore;
-import es.in2.vcverifier.exception.ResourceNotFoundException;
-import es.in2.vcverifier.model.AuthorizationRequestJWT;
-import es.in2.vcverifier.service.AuthorizationResponseProcessorService;
+import es.in2.verifier.config.CacheStore;
+import es.in2.verifier.exception.ResourceNotFoundException;
+import es.in2.verifier.model.AuthorizationRequestJWT;
+import es.in2.verifier.service.AuthorizationResponseProcessorService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;

src/main/java/es/in2/vcverifier/controller/ResolverController.java → src/main/java/es/in2/verifier/controller/ResolverController.java

@@ -1,8 +1,8 @@
-package es.in2.vcverifier.controller;
+package es.in2.verifier.controller;
 
-import es.in2.vcverifier.model.CustomJWK;
-import es.in2.vcverifier.model.CustomJWKS;
-import es.in2.vcverifier.service.DIDService;
+import es.in2.verifier.model.CustomJWK;
+import es.in2.verifier.model.CustomJWKS;
+import es.in2.verifier.service.DIDService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;

src/main/java/es/in2/vcverifier/exception/ClientLoadingException.java → src/main/java/es/in2/verifier/exception/ClientLoadingException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class ClientLoadingException extends RuntimeException{
 

src/main/java/es/in2/vcverifier/exception/CredentialException.java → src/main/java/es/in2/verifier/exception/CredentialException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class CredentialException extends RuntimeException {
     public CredentialException(String message) {

src/main/java/es/in2/vcverifier/exception/CredentialMappingException.java → src/main/java/es/in2/verifier/exception/CredentialMappingException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class CredentialMappingException extends RuntimeException{
 

src/main/java/es/in2/vcverifier/exception/CredentialRevokedException.java → src/main/java/es/in2/verifier/exception/CredentialRevokedException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class CredentialRevokedException extends RuntimeException {
     public CredentialRevokedException(String message) {

src/main/java/es/in2/vcverifier/exception/DidKeyCreationException.java → src/main/java/es/in2/verifier/exception/DidKeyCreationException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class DidKeyCreationException extends RuntimeException{
 

src/main/java/es/in2/vcverifier/exception/ECKeyCreationException.java → src/main/java/es/in2/verifier/exception/ECKeyCreationException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class ECKeyCreationException extends RuntimeException {
 

src/main/java/es/in2/vcverifier/exception/FailedCommunicationException.java → src/main/java/es/in2/verifier/exception/FailedCommunicationException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class FailedCommunicationException extends RuntimeException {
 

src/main/java/es/in2/vcverifier/exception/InvalidCredentialTypeException.java → src/main/java/es/in2/verifier/exception/InvalidCredentialTypeException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class InvalidCredentialTypeException extends RuntimeException {
 

src/main/java/es/in2/vcverifier/exception/InvalidSpringProfile.java → src/main/java/es/in2/verifier/exception/InvalidSpringProfile.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class InvalidSpringProfile extends RuntimeException{
     public InvalidSpringProfile(String message) {

src/main/java/es/in2/vcverifier/exception/IssuerNotAuthorizedException.java → src/main/java/es/in2/verifier/exception/IssuerNotAuthorizedException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class IssuerNotAuthorizedException extends RuntimeException {
     public IssuerNotAuthorizedException(String message) {

src/main/java/es/in2/vcverifier/exception/IssuerOrParticipantIdException.java → src/main/java/es/in2/verifier/exception/IssuerOrParticipantIdException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class IssuerOrParticipantIdException extends RuntimeException {
 

src/main/java/es/in2/vcverifier/exception/JWTClaimMissingException.java → src/main/java/es/in2/verifier/exception/JWTClaimMissingException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class JWTClaimMissingException extends RuntimeException{
 

src/main/java/es/in2/vcverifier/exception/JWTCreationException.java → src/main/java/es/in2/verifier/exception/JWTCreationException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class JWTCreationException extends RuntimeException {
 

src/main/java/es/in2/vcverifier/exception/JWTParsingException.java → src/main/java/es/in2/verifier/exception/JWTParsingException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class JWTParsingException extends RuntimeException{
 

src/main/java/es/in2/vcverifier/exception/JWTVerificationException.java → src/main/java/es/in2/verifier/exception/JWTVerificationException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class JWTVerificationException extends RuntimeException {
 

src/main/java/es/in2/vcverifier/exception/JsonConversionException.java → src/main/java/es/in2/verifier/exception/JsonConversionException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class JsonConversionException extends RuntimeException{
 

src/main/java/es/in2/vcverifier/exception/MismatchOrganizationIdentifierException.java → src/main/java/es/in2/verifier/exception/MismatchOrganizationIdentifierException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class MismatchOrganizationIdentifierException extends RuntimeException {
         public MismatchOrganizationIdentifierException(String message) {

src/main/java/es/in2/vcverifier/exception/OrganizationIdentifierNotFoundException.java → src/main/java/es/in2/verifier/exception/OrganizationIdentifierNotFoundException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class OrganizationIdentifierNotFoundException extends Exception {
     public OrganizationIdentifierNotFoundException(String message) {

src/main/java/es/in2/vcverifier/exception/PublicKeyDecodingException.java → src/main/java/es/in2/verifier/exception/PublicKeyDecodingException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class PublicKeyDecodingException extends RuntimeException {
     public PublicKeyDecodingException(String message) {

src/main/java/es/in2/vcverifier/exception/QRCodeGenerationException.java → src/main/java/es/in2/verifier/exception/QRCodeGenerationException.java

@@ -1,4 +1,4 @@
-package es.in2.vcverifier.exception;
+package es.in2.verifier.exception;
 
 public class QRCodeGenerationException extends RuntimeException{