How to obtain DAT from fraunhofer DAPS

[alzcurda]

We are running some tests with the IDS Broker open source implementation and we are running into problems when trying to test the multipart endpoints using the Postman collection available with the documentation.

We have a local deployment of the broker based on the latest docker image but we are using the default Fraunhofer DAPS server (https://daps.aisec.fraunhofer.de/v2/). We are using a dummy certificate generated by the Fraunhofer DAPS for the Trusted Connector implementation as the broker's X509 certificate. We generated a DAT manually with this certificate by launching the Trusted Connector.

For instance, when testing {{connectorUrl}}/infrastructure with the following body:

{
 "@context" : {
 "ids" : "https://w3id.org/idsa/core/",
 "idsc" : "https://w3id.org/idsa/code/",
 "xsd":"http://www.w3.org/2001/XMLSchema#"
 },
 "@type" : "ids:DescriptionRequestMessage",
 "@id" : "http://industrialdataspace.org/1a421b8c-3407-44a8-aeb9-253f145c869a",
 "ids:issued" : {"@value":"2021-05-25T15:35:34.589Z","@type":"xsd:dateTimeStamp"},
 "ids:modelVersion" : "4.0.0",
 "ids:senderAgent":{"@id":"https://localhost/agent"},
 "ids:issuerConnector":{"@id":"https://localhost/59a68243"},
 "ids:securityToken" : {
 "@type" : "ids:DynamicAttributeToken",
 "@id" : "https://w3id.org/idsa/autogen/dynamicAttributeToken/2bd53efc-5995-d75590476820",
 "ids:tokenFormat" : {
 "@id" : "https://w3id.org/idsa/code/JWT"
 },
 "ids:tokenValue" : "{{dat}}"
 }
}

We get the following response indicating that the token value is invalid:

--CR6Fo4hpAN9WFVMdInbPsejReX6oYkWWy7N6nHW-
Content-Disposition: form-data; name="header"
Content-Type: application/ld+json
Content-Length: 1117
{
  "@context" : {
    "ids" : "https://w3id.org/idsa/core/",
    "idsc" : "https://w3id.org/idsa/code/"
  },
  "@type" : "ids:RejectionMessage",
  "@id" : "https://w3id.org/idsa/autogen/rejectionMessage/987c2c89-9c5f-4ae8-abdc-8e30c17039ac",
  "ids:rejectionReason" : {
    "@id" : "https://w3id.org/idsa/code/INTERNAL_RECIPIENT_ERROR"
  },
  "ids:securityToken" : {
    "@type" : "ids:DynamicAttributeToken",
    "@id" : "https://w3id.org/idsa/autogen/dynamicAttributeToken/38210f7d-a306-46d5-9755-7de6ae901335",
    "ids:tokenFormat" : {
      "@id" : "https://w3id.org/idsa/code/JWT"
    },
    "ids:tokenValue" : "INVALID"
  },
  "ids:modelVersion" : "4.0.3",
  "ids:issuerConnector" : {
    "@id" : "https://localhost/"
  },
  "ids:recipientAgent" : [ ],
  "ids:recipientConnector" : [ ],
  "ids:senderAgent" : {
    "@id" : "https://www.iais.fraunhofer.de/"
  },
  "ids:correlationMessage" : {
    "@id" : "http://industrialdataspace.org/1a421b8c-3407-44a8-aeb9-253f145c869a"
  },
  "ids:issued" : {
    "@value" : "2022-02-17T16:24:11.632Z",
    "@type" : "http://www.w3.org/2001/XMLSchema#dateTimeStamp"
  }
}
--CR6Fo4hpAN9WFVMdInbPsejReX6oYkWWy7N6nHW-
Content-Disposition: form-data; name="payload"
Content-Type: text/plain
Content-Length: 63
Failed to retrieve own DAPS token, preventing a valid response.
--CR6Fo4hpAN9WFVMdInbPsejReX6oYkWWy7N6nHW---

The internal logs of the broker show the following exception and stacktrace:

broker-localhost-broker-core-1          | 2022-02-17T16:34:36.965753900Z 16:34:36.965 [http-nio-8080-exec-8] INFO  de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider - Token needs to be fetched anew from DAPS
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451653000Z de.fraunhofer.iais.eis.ids.component.core.TokenRetrievalException: Unable to retrieve DAPS token.
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451740500Z        at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider.getSecurityToken(DapsSecurityTokenProvider.java:96)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451751800Z        at de.fraunhofer.iais.eis.ids.component.core.SecurityTokenProvider.getSecurityTokenAsDAT(SecurityTokenProvider.java:12)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451756800Z        at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.handle(MessageDispatcher.java:69)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451768500Z        at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.lambda$dispatch$2(MessageDispatcher.java:51)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451774200Z        at java.base/java.util.Optional.map(Optional.java:265)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451777500Z        at de.fraunhofer.iais.eis.ids.component.core.MessageDispatcher.dispatch(MessageDispatcher.java:51)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451780800Z        at de.fraunhofer.iais.eis.ids.component.core.DefaultComponent.process(DefaultComponent.java:45)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451786100Z        at de.fraunhofer.iais.eis.ids.component.interaction.multipart.MultipartComponentInteractor.process(MultipartComponentInteractor.java:87)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451790400Z        at de.fraunhofer.iais.eis.ids.component.protocol.http.server.ComponentController.processMessage(ComponentController.java:237)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451795800Z        at de.fraunhofer.iais.eis.ids.component.protocol.http.server.ComponentController.infrastructureLevelCommunication(ComponentController.java:205)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451886700Z        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451909600Z        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451915100Z        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451920300Z        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451925600Z        at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451930900Z        at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451936100Z        at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451941700Z        at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)        
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451947300Z        at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.451952800Z        at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452023100Z        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452029900Z        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452035000Z        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452039800Z        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452045000Z        at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452063000Z        at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452069200Z        at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452074400Z        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452079700Z        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452085100Z        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452090300Z        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452095300Z        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452100500Z        at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452105800Z        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452111000Z        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452116200Z        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452121600Z        at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452126900Z        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452132200Z        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452137600Z        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452143100Z        at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452148500Z        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452172200Z        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452178200Z        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452190200Z        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452201200Z        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452206700Z        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452211800Z        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452312800Z        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452320100Z        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452327500Z        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452333200Z        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452338500Z        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452343700Z        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452351900Z        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452359600Z        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452365200Z        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452370700Z        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452376100Z        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1589)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452381300Z        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452421200Z        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452438400Z        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452443900Z        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452449900Z        at java.base/java.lang.Thread.run(Thread.java:829)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452745200Z Caused by: java.io.IOException: Unable to retrieve DAPS token (response code: 400)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452785900Z  Response: {"error":"invalid_client","error_description":"Error decoding JWT: No verification key available"}
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452799800Z        at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.acquireAccessTokenFromDaps(DapsTokenRetriever.java:190)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.452805500Z        at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsTokenRetriever.retrieveToken(DapsTokenRetriever.java:101)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.453049300Z        at de.fraunhofer.iais.eis.ids.component.ecosystemintegration.daps.DapsSecurityTokenProvider.getSecurityToken(DapsSecurityTokenProvider.java:94)
broker-localhost-broker-core-1          | 2022-02-17T16:34:37.453071000Z        ... 63 more
broker-localhost-broker-reverseproxy-1  | 2022-02-17T16:34:37.477791800Z 172.30.0.1 - - [17/Feb/2022:16:34:37 +0000] "POST /infrastructure HTTP/1.1" 200 1502 "-" "PostmanRuntime/7.29.0"

Our question is: how do we generate a valid DAT from the Fraunhofer DAPS to use in testing the IDS Broker endpoints? Which certificate should be used for the broker? Is it possible to do that manually or are the DATs only generated when a connection from the IDS connector is made to the Fraunhofer DAPS?

[MKoehler6]

I have same problem. I tried to change the network in docker-compose.yml of Broker to 'testbed' in hope, the broker can connect to DAPS, when both are in the same docker-network, but nothing works. Anyone knows a solution?

[NehaThawani44]

Is the broker working for you without daps validation? If yes then please confirm we can be clear then it's a DAPS issue.

[MKoehler6]

thanks for quick answering, yesterday I installed the testbed new from the beginning and now it works... maybe I messed up with the certificates..

[alzcurda]

thanks for quick answering, yesterday I installed the testbed new from the beginning and now it works... maybe I messed up with the certificates..

Could you tell me what certificates did you use?

[NehaThawani44]

Keystore (isst-brokerkeystore.jks) and server.key+server.crt

[MKoehler6]

thanks for quick answering, yesterday I installed the testbed new from the beginning and now it works... maybe I messed up with the certificates..

Could you tell me what certificates did you use?

I use the certificates testbed5 for a new connector and now it works

[NehaThawani44]

Which certificate was missing?

[MKoehler6]

Which certificate was missing?

nothing, I changed the truststores of DAPS and broker, but this was unnecessary, and something went wrong... fortunately I found the video of IDSA-Winterdays, where the testbed was demonstrated

[NehaThawani44]

So 5.0.0-Snapshot of the broker is working for you?

[MKoehler6]

I use the broker from testbed-repo, its broker-core-4.2.8-SNAPSHOT