Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: ContractAgreement validity is not longer asserted when validating token received by Data Plane #3160

Open
bscholtes1A opened this issue Jun 9, 2023 · 7 comments
Open

bug: ContractAgreement validity is not longer asserted when validating token received by Data Plane #3160

bscholtes1A opened this issue Jun 9, 2023 · 7 comments
Labels
bug Something isn't working

Comments

@bscholtes1A
Copy link
Contributor

Bug Report

Describe the Bug

From #2950, the contract validity is no longer checked when validating the token received in input of the Data Plane public API.

See ContractValidationRule.java

Expected Behavior

Token validation should fail if contract is expired.

Observed Behavior

Token validation is successful even if contract is expired.

Possible Implementation

After discussion with @ndr-brt, maybe we want take opportunity of this issue to plug the PolicyEngine in the Data Plane?
However, it would require that the contract agreement information can be retrieved from the Data Plane, which was avoided as per initial design.
@bscholtes1A bscholtes1A added the bug Something isn't working label Jun 9, 2023
@jimmarino
Copy link
Contributor

Can't the token validity always be less than the contract validity, i.e., ensure the token validity is not greater than the contract validity? If the token duration is short enough, this should be OK for most cases.

@bscholtes1A
Copy link
Contributor Author

Can't the token validity always be less than the contract validity, i.e., ensure the token validity is not greater than the contract validity? If the token duration is short enough, this should be OK for most cases.

This can be an approach, but even that requires to be discussed a bit as for now there is not method computing the contract end date except the ContractExpiryCheckFunction, which only computes this date internally and return a boolean.

@jimmarino
Copy link
Contributor

Can't the token validity always be less than the contract validity, i.e., ensure the token validity is not greater than the contract validity? If the token duration is short enough, this should be OK for most cases.

This can be an approach, but even that requires to be discussed a bit as for now there is not method computing the contract end date except the ContractExpiryCheckFunction, which only computes this date internally and return a boolean.

A utility method could do this by delegating to a Policy evaluator or walking the Policy tree. Let's discuss.

@veronikasiska
Copy link

I encountered a case where the contract negotiation was finalised from the consumer side, but terminated from the provider side, due to a mismatch in the client ID and the connector ID in the contract negotiation request ("Invalid client credentials: Invalid counter-party identity"). Still, the file transfer was completed successfully.

Could this be due to the same bug?

@FlorianFehrleIEE
Copy link

Is there anything new regarding this bug?
I am sitting on a project, where I need exactly this missing functionality, which leads to stalling of the project at the moment.

@ndr-brt
Copy link
Member

ndr-brt commented Jan 12, 2024
edited

wouldn't this be superseded by data-plane signaling? (#3704)

@jimmarino
Copy link
Contributor

wouldn't this be superseded by data-plane signaling? (#3704)

Yes, it should be.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jimmarino @ndr-brt @bscholtes1A @veronikasiska @FlorianFehrleIEE