feat: exchange identity extractor (eclipse-tractusx#2677)

* fix: remove didextractionfunction

* chore: collapse membershipcredential-based extractors into one

* fix: update e2e test expected return value

Author: arnoweiss

edc-extensions/dataspace-protocol/cx-dataspace-protocol/src/main/java/org/eclipse/tractusx/edc/protocol/cx/identifier/BpnExtractionFunction.java

@@ -21,31 +21,76 @@
 package org.eclipse.tractusx.edc.protocol.cx.identifier;
 
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
+import org.eclipse.edc.protocol.spi.ParticipantIdExtractionFunction;
+import org.eclipse.edc.spi.EdcException;
+import org.eclipse.edc.spi.iam.ClaimToken;
 import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.tractusx.edc.protocol.core.identifier.MembershipCredentialIdExtractionFunction;
+import org.eclipse.edc.spi.result.Result;
+import org.eclipse.tractusx.edc.core.utils.credentials.CredentialTypePredicate;
 
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
+import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.CX_CREDENTIAL_NS;
+
 /**
  * Extracts the BPN (= holderIdentifier property) from the MembershipCredential as the participant id.
  * Used to handle id extraction for DSP 0.8.
  */
-public class BpnExtractionFunction extends MembershipCredentialIdExtractionFunction {
-    
+public class BpnExtractionFunction implements ParticipantIdExtractionFunction {
+
+    private static final String VC_CLAIM = "vc";
+    private static final String IDENTITY_CREDENTIAL = "MembershipCredential";
     private static final String IDENTITY_PROPERTY = "holderIdentifier";
 
+    private final CredentialTypePredicate typePredicate = new CredentialTypePredicate(CX_CREDENTIAL_NS, IDENTITY_CREDENTIAL);
+    private final Monitor monitor;
+
     public BpnExtractionFunction(Monitor monitor) {
-        super(monitor);
+        this.monitor = monitor.withPrefix(getClass().getSimpleName());
     }
 
     @Override
-    public String identityProperty() {
-        return IDENTITY_PROPERTY;
+    public String apply(ClaimToken claimToken) {
+        var credentials = getCredentialList(claimToken)
+                .orElseThrow(failure -> new EdcException("Failed to fetch credentials from the claim token: %s".formatted(failure.getFailureDetail())));
+
+        return credentials.stream()
+                .filter(typePredicate)
+                .findFirst()
+                .flatMap(this::getIdentifier)
+                .orElseThrow(() -> {
+                    var msg = "Required credential type '%s' not present in ClaimToken, cannot extract property '%s'".formatted(IDENTITY_CREDENTIAL, IDENTITY_PROPERTY);
+                    monitor.warning(msg);
+                    return new EdcException(msg);
+                });
     }
-    
-    @Override
-    public Optional<String> getIdentifier(VerifiableCredential vc) {
+
+    @SuppressWarnings("unchecked")
+    private Result<List<VerifiableCredential>> getCredentialList(ClaimToken claimToken) {
+        var vcListClaim = claimToken.getClaims().get(VC_CLAIM);
+
+        if (vcListClaim == null) {
+            var msg = "ClaimToken did not contain a '%s' claim.".formatted(VC_CLAIM);
+            monitor.warning(msg);
+            return Result.failure(msg);
+        }
+        if (!(vcListClaim instanceof List)) {
+            var msg = "ClaimToken contains a '%s' claim, but the type is incorrect. Expected %s, got %s.".formatted(VC_CLAIM, List.class.getName(), vcListClaim.getClass().getName());
+            monitor.warning(msg);
+            return Result.failure(msg);
+        }
+        var vcList = (List<VerifiableCredential>) vcListClaim;
+        if (vcList.isEmpty()) {
+            var msg = "ClaimToken contains a '%s' claim but it did not contain any VerifiableCredentials.".formatted(VC_CLAIM);
+            monitor.warning(msg);
+            return Result.failure(msg);
+        }
+        return Result.success(vcList);
+    }
+
+    private Optional<String> getIdentifier(VerifiableCredential vc) {
         return vc.getCredentialSubject().stream()
                 .flatMap(credentialSubject -> credentialSubject.getClaims().entrySet().stream())
                 .filter(entry -> entry.getKey().endsWith(IDENTITY_PROPERTY))

edc-extensions/dataspace-protocol/cx-dataspace-protocol/src/test/java/org/eclipse/tractusx/edc/protocol/cx/identifier/BpnExtractionFunctionTest.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
  * Copyright (c) 2025 Cofinity-X GmbH
  * Copyright (c) 2026 SAP SE
  *
@@ -20,50 +21,95 @@
 
 package org.eclipse.tractusx.edc.protocol.cx.identifier;
 
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.CredentialSubject;
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.Issuer;
 import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
+import org.eclipse.edc.spi.EdcException;
 import org.eclipse.edc.spi.iam.ClaimToken;
 import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.tractusx.edc.protocol.core.identifier.MembershipCredentialIdExtractionFunction;
-import org.eclipse.tractusx.edc.protocol.core.identifier.MembershipCredentialIdExtractionFunctionTest;
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtensionContext;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.ArgumentsProvider;
 import org.junit.jupiter.params.provider.ArgumentsSource;
 
+import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Stream;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
 import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.CX_CREDENTIAL_NS;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
-public class BpnExtractionFunctionTest extends MembershipCredentialIdExtractionFunctionTest {
+public class BpnExtractionFunctionTest {
 
+    public static final String DID = "did:web:example";
     public static final String BPN = "bpn";
     public static final String ID_PROPERTY = "holderIdentifier";
 
     private final Monitor monitor = mock();
 
-    @Override
-    protected MembershipCredentialIdExtractionFunction extractionFunction() {
+    private BpnExtractionFunction extractionFunction() {
         when(monitor.withPrefix(anyString())).thenReturn(monitor);
         return new BpnExtractionFunction(monitor);
     }
-    
-    @Override
-    protected String expectedId() {
-        return BPN;
-    }
 
     @ParameterizedTest
     @ArgumentsSource(VerifiableCredentialArgumentProvider.class)
     void apply(VerifiableCredential credential) {
         var id = extractionFunction().apply(ClaimToken.Builder.newInstance().claim("vc", List.of(credential)).build());
-        assertThat(id).isEqualTo(expectedId());
+        assertThat(id).isEqualTo(BPN);
+    }
+
+    @Test
+    void apply_fails_WhenCredentialNotFound() {
+        assertThatThrownBy(() -> extractionFunction().apply(ClaimToken.Builder.newInstance().claim("vc", List.of(vc("FooCredential", Map.of("foo", "bar")))).build()))
+                .isInstanceOf(EdcException.class)
+                .hasMessage("Required credential type 'MembershipCredential' not present in ClaimToken, cannot extract property '%s'", ID_PROPERTY);
+    }
+
+    @Test
+    void apply_fails_whenNoVcClaims() {
+        assertThatThrownBy(() -> extractionFunction().apply(ClaimToken.Builder.newInstance().build()))
+                .isInstanceOf(EdcException.class)
+                .hasMessageContaining("Failed to fetch credentials from the claim token: ClaimToken did not contain a 'vc' claim");
+    }
+
+    @Test
+    void apply_fails_whenNullVcClaims() {
+        assertThatThrownBy(() -> extractionFunction().apply(ClaimToken.Builder.newInstance().claim("vc", null).build()))
+                .isInstanceOf(EdcException.class)
+                .hasMessageContaining("Failed to fetch credentials from the claim token: ClaimToken did not contain a 'vc' claim");
+    }
+
+    @Test
+    void apply_fails_WhenVcClaimIsNotList() {
+        assertThatThrownBy(() -> extractionFunction().apply(ClaimToken.Builder.newInstance().claim("vc", "wrong").build()))
+                .isInstanceOf(EdcException.class)
+                .hasMessageContaining("Failed to fetch credentials from the claim token: ClaimToken contains a 'vc' claim, but the type is incorrect. Expected java.util.List, got java.lang.String.");
+    }
+
+    @Test
+    void apply_fails_WhenVcClaimsIsEmptyList() {
+        assertThatThrownBy(() -> extractionFunction().apply(ClaimToken.Builder.newInstance().claim("vc", List.of()).build()))
+                .isInstanceOf(EdcException.class)
+                .hasMessageContaining("Failed to fetch credentials from the claim token: ClaimToken contains a 'vc' claim but it did not contain any VerifiableCredentials.");
+    }
+
+    private static VerifiableCredential vc(String type, Map<String, Object> claims) {
+        return VerifiableCredential.Builder.newInstance().type(type)
+                .issuanceDate(Instant.now())
+                .issuer(new Issuer("issuer", Map.of()))
+                .credentialSubject(CredentialSubject.Builder.newInstance()
+                        .id(claims.containsKey("id") ? claims.get("id").toString() : null)
+                        .claims(claims)
+                        .build())
+                .build();
     }
 
     private static class VerifiableCredentialArgumentProvider implements ArgumentsProvider {

edc-extensions/dataspace-protocol/dataspace-protocol-core/build.gradle.kts

@@ -37,6 +37,7 @@ dependencies {
 
     implementation(libs.edc.spi.participant)
     implementation(libs.edc.spi.protocol)
+    implementation(libs.edc.iam.decentralized.claims.core)
 
     implementation(project(":spi:core-spi"))
     implementation(project(":core:core-utils"))

edc-extensions/dataspace-protocol/dataspace-protocol-core/src/main/java/org/eclipse/tractusx/edc/protocol/core/CoreDataspaceProtocolExtension.java

@@ -20,6 +20,7 @@
 
 package org.eclipse.tractusx.edc.protocol.core;
 
+import org.eclipse.edc.iam.decentralizedclaims.core.defaults.DefaultDcpParticipantIdExtractionFunction;
 import org.eclipse.edc.participantcontext.single.spi.SingleParticipantContextSupplier;
 import org.eclipse.edc.protocol.dsp.http.spi.api.DspBaseWebhookAddress;
 import org.eclipse.edc.protocol.spi.DataspaceProfileContext;
@@ -28,7 +29,6 @@
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
-import org.eclipse.tractusx.edc.protocol.core.identifier.DidExtractionFunction;
 
 import static org.eclipse.edc.protocol.dsp.spi.type.Dsp2025Constants.DATASPACE_PROTOCOL_HTTP_V_2025_1;
 import static org.eclipse.edc.protocol.dsp.spi.type.Dsp2025Constants.V_2025_1;
@@ -47,6 +47,6 @@ public class CoreDataspaceProtocolExtension implements ServiceExtension {
 
     @Override
     public void initialize(ServiceExtensionContext context) {
-        contextRegistry.register(new DataspaceProfileContext(DATASPACE_PROTOCOL_HTTP_V_2025_1, V_2025_1, () -> dspWebhookAddress.get() + V_2025_1_PATH, new DidExtractionFunction(monitor)));
+        contextRegistry.register(new DataspaceProfileContext(DATASPACE_PROTOCOL_HTTP_V_2025_1, V_2025_1, () -> dspWebhookAddress.get() + V_2025_1_PATH, new DefaultDcpParticipantIdExtractionFunction()));
     }
 }