From b298b62e987d328c8a7fd3d761d11e593df4b9ca Mon Sep 17 00:00:00 2001 From: Aaron Coburn Date: Tue, 23 May 2023 15:17:48 -0400 Subject: [PATCH 1/3] JCL-359: Add denyAccess method to AccessGrantClient --- .../client/accessgrant/AccessDenial.java | 214 ++++++++++++++++++ .../client/accessgrant/AccessGrantClient.java | 72 ++++++ .../accessgrant/AccessGrantClientTest.java | 34 +++ .../accessgrant/MockAccessGrantServer.java | 24 ++ access-grant/src/test/resources/vc-7.json | 32 +++ access-grant/src/test/resources/vc-8.json | 32 +++ 6 files changed, 408 insertions(+) create mode 100644 access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java create mode 100644 access-grant/src/test/resources/vc-7.json create mode 100644 access-grant/src/test/resources/vc-8.json diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java new file mode 100644 index 00000000000..163216ee29c --- /dev/null +++ b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java @@ -0,0 +1,214 @@ +/* + * Copyright 2023 Inrupt Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to use, + * copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the + * Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, + * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +package com.inrupt.client.accessgrant; + +import static com.inrupt.client.accessgrant.Utils.*; +import static java.nio.charset.StandardCharsets.UTF_8; + +import com.inrupt.client.spi.JsonService; +import com.inrupt.client.spi.ServiceProvider; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.time.Instant; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.commons.io.IOUtils; + +/** + * An Access Grant abstraction, for use with interacting with Solid resources. + */ +public class AccessDenial implements AccessCredential { + + private static final String TYPE = "type"; + private static final String REVOCATION_LIST_2020_STATUS = "RevocationList2020Status"; + private static final Set supportedTypes = getSupportedTypes(); + private static final JsonService jsonService = ServiceProvider.getJsonService(); + + private final String credential; + private final URI issuer; + private final URI identifier; + private final Set types; + private final Set purposes; + private final Set modes; + private final Set resources; + private final URI recipient; + private final URI creator; + private final Instant expiration; + private final Status status; + + /** + * Read a verifiable presentation as an AccessDenial. + * + * @param grant the Access Denial serialized as a verifiable presentation + */ + protected AccessDenial(final String grant) throws IOException { + try (final InputStream in = new ByteArrayInputStream(grant.getBytes())) { + // TODO process as JSON-LD + final Map data = jsonService.fromJson(in, + new HashMap(){}.getClass().getGenericSuperclass()); + + final List vcs = getCredentialsFromPresentation(data, supportedTypes); + if (vcs.size() != 1) { + throw new IllegalArgumentException( + "Invalid Access Denial: ambiguous number of verifiable credentials"); + } + final Map vc = vcs.get(0); + + if (asSet(data.get(TYPE)).orElseGet(Collections::emptySet).contains("VerifiablePresentation")) { + this.credential = grant; + this.issuer = asUri(vc.get("issuer")).orElseThrow(() -> + new IllegalArgumentException("Missing or invalid issuer field")); + this.identifier = asUri(vc.get("id")).orElseThrow(() -> + new IllegalArgumentException("Missing or invalid id field")); + + this.types = asSet(vc.get(TYPE)).orElseGet(Collections::emptySet); + this.expiration = asInstant(vc.get("expirationDate")).orElse(Instant.MAX); + + final Map subject = asMap(vc.get("credentialSubject")).orElseThrow(() -> + new IllegalArgumentException("Missing or invalid credentialSubject field")); + + this.creator = asUri(subject.get("id")).orElseThrow(() -> + new IllegalArgumentException("Missing or invalid credentialSubject.id field")); + + // V1 Access Denial, using gConsent + final Map consent = asMap(subject.get("providedConsent")).orElseThrow(() -> + // Unsupported structure + new IllegalArgumentException("Invalid Access Denial: missing consent clause")); + + final Optional person = asUri(consent.get("isProvidedToPerson")); + final Optional controller = asUri(consent.get("isProvidedToController")); + final Optional other = asUri(consent.get("isProvidedTo")); + + this.recipient = person.orElseGet(() -> controller.orElseGet(() -> other.orElse(null))); + this.modes = asSet(consent.get("mode")).orElseGet(Collections::emptySet); + this.resources = asSet(consent.get("forPersonalData")).orElseGet(Collections::emptySet) + .stream().map(URI::create).collect(Collectors.toSet()); + this.purposes = asSet(consent.get("forPurpose")).orElseGet(Collections::emptySet); + this.status = asMap(vc.get("credentialStatus")).flatMap(credentialStatus -> + asSet(credentialStatus.get(TYPE)).filter(statusTypes -> + statusTypes.contains(REVOCATION_LIST_2020_STATUS)).map(x -> + asRevocationList2020(credentialStatus))).orElse(null); + } else { + throw new IllegalArgumentException("Invalid Access Denial: missing VerifiablePresentation type"); + } + } + } + + /** + * Create an AccessDenial object from a serialized form. + * + * @param serialization the serialized access denial + * @return a parsed access denial + */ + public static AccessDenial of(final String serialization) { + try { + return new AccessDenial(serialization); + } catch (final IOException ex) { + throw new IllegalArgumentException("Unable to read access denial", ex); + } + } + + /** + * Create an AccessDenial object from a serialized form. + * + * @param serialization the serialized access grant + * @return a parsed access grant + */ + public static AccessDenial of(final InputStream serialization) { + try { + return of(IOUtils.toString(serialization, UTF_8)); + } catch (final IOException ex) { + throw new IllegalArgumentException("Unable to read access denial", ex); + } + } + + @Override + public Set getTypes() { + return types; + } + + @Override + public Set getModes() { + return modes; + } + + @Override + public Optional getStatus() { + return Optional.ofNullable(status); + } + + @Override + public Instant getExpiration() { + return expiration; + } + + @Override + public URI getIssuer() { + return issuer; + } + + @Override + public URI getIdentifier() { + return identifier; + } + + @Override + public Set getPurposes() { + return purposes; + } + + @Override + public Set getResources() { + return resources; + } + + @Override + public URI getCreator() { + return creator; + } + + @Override + public Optional getRecipient() { + return Optional.ofNullable(recipient); + } + + @Override + public String serialize() { + return credential; + } + + static Set getSupportedTypes() { + final Set types = new HashSet<>(); + types.add("SolidAccessDenial"); + types.add("http://www.w3.org/ns/solid/vc#SolidAccessDenial"); + return Collections.unmodifiableSet(types); + } +} diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java index bddf85bbea1..f37e1a3785b 100644 --- a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java +++ b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java @@ -99,8 +99,10 @@ public class AccessGrantClient { private static final String MODE = "mode"; private static final URI ACCESS_GRANT = URI.create("http://www.w3.org/ns/solid/vc#SolidAccessGrant"); private static final URI ACCESS_REQUEST = URI.create("http://www.w3.org/ns/solid/vc#SolidAccessRequest"); + private static final URI ACCESS_DENIAL = URI.create("http://www.w3.org/ns/solid/vc#SolidAccessDenial"); private static final Set ACCESS_GRANT_TYPES = getAccessGrantTypes(); private static final Set ACCESS_REQUEST_TYPES = getAccessRequestTypes(); + private static final Set ACCESS_DENIAL_TYPES = getAccessDenialTypes(); private final Client client; private final ClientCache metadataCache; @@ -234,6 +236,38 @@ public CompletionStage grantAccess(final AccessRequest request) { }); } + /** + * Issue an access denial receipt based on an access request. + * + * @param request the access request + * @return the next stage of completion containing the issued access denial + */ + public CompletionStage denyAccess(final AccessRequest request) { + Objects.requireNonNull(request, "Request may not be null!"); + return v1Metadata().thenCompose(metadata -> { + final Map data = buildAccessDenialv1(request.getCreator(), request.getResources(), + request.getModes(), request.getExpiration(), request.getPurposes()); + final Request req = Request.newBuilder(metadata.issueEndpoint) + .header(CONTENT_TYPE, APPLICATION_JSON) + .POST(Request.BodyPublishers.ofByteArray(serialize(data))).build(); + + return client.send(req, Response.BodyHandlers.ofInputStream()) + .thenApply(res -> { + try (final InputStream input = res.body()) { + final int status = res.statusCode(); + if (isSuccess(status)) { + return processVerifiableCredential(input, ACCESS_DENIAL_TYPES, AccessDenial.class); + } + throw new AccessGrantException("Unable to issue Access Denial: HTTP error " + status, + status); + } catch (final IOException ex) { + throw new AccessGrantException( + "Unexpected I/O exception while processing Access Denial", ex); + } + }); + }); + } + /** * Issue an access grant or request. * @@ -509,6 +543,8 @@ public CompletionStage fetch(final URI identifie return (T) processVerifiableCredential(input, ACCESS_GRANT_TYPES, clazz); } else if (AccessRequest.class.equals(clazz)) { return (T) processVerifiableCredential(input, ACCESS_REQUEST_TYPES, clazz); + } else if (AccessDenial.class.equals(clazz)) { + return (T) processVerifiableCredential(input, ACCESS_DENIAL_TYPES, clazz); } throw new AccessGrantException("Unable to fetch credential as " + clazz); } @@ -539,6 +575,8 @@ T processVerifiableCredential(final InputStream inp return (T) AccessGrant.of(new String(serialize(presentation), UTF_8)); } else if (AccessRequest.class.isAssignableFrom(clazz)) { return (T) AccessRequest.of(new String(serialize(presentation), UTF_8)); + } else if (AccessDenial.class.isAssignableFrom(clazz)) { + return (T) AccessDenial.of(new String(serialize(presentation), UTF_8)); } } throw new AccessGrantException("Invalid Access Grant: missing supported type"); @@ -695,6 +733,33 @@ static URI asUri(final Object value) { return null; } + static Map buildAccessDenialv1(final URI agent, final Set resources, final Set modes, + final Instant expiration, final Set purposes) { + Objects.requireNonNull(agent, "Access denial agent may not be null!"); + final Map consent = new HashMap<>(); + consent.put(MODE, modes); + consent.put(HAS_STATUS, "https://w3id.org/GConsent#ConsentStatusRefused"); + consent.put(FOR_PERSONAL_DATA, resources); + consent.put(IS_PROVIDED_TO_PERSON, agent); + if (!purposes.isEmpty()) { + consent.put("forPurpose", purposes); + } + + final Map subject = new HashMap<>(); + subject.put("providedConsent", consent); + + final Map credential = new HashMap<>(); + credential.put(CONTEXT, Arrays.asList(VC_CONTEXT_URI, INRUPT_CONTEXT_URI)); + if (expiration != null) { + credential.put("expirationDate", expiration.truncatedTo(ChronoUnit.SECONDS).toString()); + } + credential.put(CREDENTIAL_SUBJECT, subject); + + final Map data = new HashMap<>(); + data.put("credential", credential); + return data; + } + static Map buildAccessGrantv1(final URI agent, final Set resources, final Set modes, final Instant expiration, final Set purposes) { Objects.requireNonNull(agent, "Access grant agent may not be null!"); @@ -768,6 +833,13 @@ static Set getAccessGrantTypes() { return Collections.unmodifiableSet(types); } + static Set getAccessDenialTypes() { + final Set types = new HashSet<>(); + types.add("SolidAccessDenial"); + types.add(ACCESS_DENIAL.toString()); + return Collections.unmodifiableSet(types); + } + static boolean isAccessGrant(final URI type) { return "SolidAccessGrant".equals(type.toString()) || ACCESS_GRANT.equals(type); } diff --git a/access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantClientTest.java b/access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantClientTest.java index f1a35c3abe8..1c2426d9ab3 100644 --- a/access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantClientTest.java +++ b/access-grant/src/test/java/com/inrupt/client/accessgrant/AccessGrantClientTest.java @@ -383,6 +383,40 @@ void testGrantAccess() { assertEquals(resources, grant.getResources()); } + @Test + void testDenyAccess() { + final Map claims = new HashMap<>(); + claims.put("webid", WEBID); + claims.put("sub", SUB); + claims.put("iss", ISS); + claims.put("azp", AZP); + final String token = generateIdToken(claims); + final AccessGrantClient client = agClient.session(OpenIdSession.ofIdToken(token)); + + final URI agent = URI.create("https://id.test/agent"); + final Instant expiration = Instant.parse("2022-09-12T12:00:00Z"); + final Set modes = new HashSet<>(Arrays.asList("Read", "Append")); + final Set purposes = Collections.singleton("https://purpose.test/Purpose1"); + + final Set resources = Collections.singleton(URI.create("https://storage.test/data/")); + final AccessRequest request = client.requestAccess(agent, resources, modes, purposes, expiration) + .toCompletableFuture().join(); + + final AccessDenial denial = client.denyAccess(request).toCompletableFuture().join(); + + assertTrue(denial.getTypes().contains("SolidAccessDenial")); + assertEquals(Optional.of(agent), denial.getRecipient()); + assertEquals(modes, denial.getModes()); + assertEquals(expiration, denial.getExpiration()); + assertEquals(baseUri, denial.getIssuer()); + assertEquals(purposes, denial.getPurposes()); + assertEquals(resources, denial.getResources()); + + final CompletionException err = assertThrows(CompletionException.class, () -> + client.session(Session.anonymous()).denyAccess(request).toCompletableFuture().join()); + assertTrue(err.getCause() instanceof AccessGrantException); + } + @Test void testGrantAccessNoAuth() { final Map claims = new HashMap<>(); diff --git a/access-grant/src/test/java/com/inrupt/client/accessgrant/MockAccessGrantServer.java b/access-grant/src/test/java/com/inrupt/client/accessgrant/MockAccessGrantServer.java index a85e7817d7b..1eea9fa0226 100644 --- a/access-grant/src/test/java/com/inrupt/client/accessgrant/MockAccessGrantServer.java +++ b/access-grant/src/test/java/com/inrupt/client/accessgrant/MockAccessGrantServer.java @@ -177,6 +177,29 @@ private void setupMocks() { .willReturn(aResponse() .withStatus(404))); + // Access Denial + wireMockServer.stubFor(post(urlEqualTo("/issue")) + .atPriority(1) + .withHeader("Authorization", containing("Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.")) + .withRequestBody(containing("\"providedConsent\"")) + .withRequestBody(containing("\"2022-09-12T12:00:00Z\"")) + .willReturn(aResponse() + .withStatus(200) + .withHeader("Content-Type", "application/json") + .withBody(getResource("/vc-7.json", wireMockServer.baseUrl())))); + + // Access Request + wireMockServer.stubFor(post(urlEqualTo("/issue")) + .atPriority(1) + .withHeader("Authorization", containing("Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.")) + .withRequestBody(containing("\"hasConsent\"")) + .withRequestBody(containing("\"2022-09-12T12:00:00Z\"")) + .willReturn(aResponse() + .withStatus(200) + .withHeader("Content-Type", "application/json") + .withBody(getResource("/vc-8.json", wireMockServer.baseUrl())))); + + // Access Grant wireMockServer.stubFor(post(urlEqualTo("/issue")) .atPriority(1) .withHeader("Authorization", containing("Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.")) @@ -187,6 +210,7 @@ private void setupMocks() { .withHeader("Content-Type", "application/json") .withBody(getResource("/vc-4.json", wireMockServer.baseUrl())))); + // Access Request wireMockServer.stubFor(post(urlEqualTo("/issue")) .atPriority(1) .withHeader("Authorization", containing("Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.")) diff --git a/access-grant/src/test/resources/vc-7.json b/access-grant/src/test/resources/vc-7.json new file mode 100644 index 00000000000..550ce0ef1f1 --- /dev/null +++ b/access-grant/src/test/resources/vc-7.json @@ -0,0 +1,32 @@ +{ + "@context":[ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/ed25519-2020/v1", + "https://w3id.org/vc-revocation-list-2020/v1", + "https://schema.inrupt.com/credentials/v1.jsonld"], + "id":"{{baseUrl}}/access-denial-1", + "type":["VerifiableCredential","SolidAccessDenial"], + "issuer":"{{baseUrl}}", + "expirationDate":"2022-09-12T12:00:00Z", + "issuanceDate":"2022-08-25T20:34:05.153Z", + "credentialStatus":{ + "id":"https://accessgrant.example/status/CVAM#2832", + "revocationListCredential":"https://accessgrant.example/status/CVAM", + "revocationListIndex":"2832", + "type":"RevocationList2020Status"}, + "credentialSubject":{ + "id":"https://id.test/username", + "providedConsent":{ + "mode":["Read","Append"], + "hasStatus":"https://w3id.org/GConsent#ConsentStatusRefused", + "isProvidedToPerson":"https://id.test/agent", + "forPurpose":["https://purpose.test/Purpose1"], + "forPersonalData":["https://storage.test/data/"]}}, + "proof":{ + "created":"2022-08-25T20:34:05.236Z", + "proofPurpose":"assertionMethod", + "proofValue":"nIeQF44XVik7onnAbdkbp8xxJ2C8JoTw6-VtCkAzxuWYRFsSfYpft5MuAJaivyeKDmaK82Lj_YsME2xgL2WIBQ", + "type":"Ed25519Signature2020", + "verificationMethod":"https://accessgrant.example/key/1e332728-4af5-46e4-a5db-4f7b89e3f378"} +} + diff --git a/access-grant/src/test/resources/vc-8.json b/access-grant/src/test/resources/vc-8.json new file mode 100644 index 00000000000..6691894239a --- /dev/null +++ b/access-grant/src/test/resources/vc-8.json @@ -0,0 +1,32 @@ +{ + "@context":[ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/ed25519-2020/v1", + "https://w3id.org/vc-revocation-list-2020/v1", + "https://schema.inrupt.com/credentials/v1.jsonld"], + "id":"{{baseUrl}}/access-request-5", + "type":["VerifiableCredential","SolidAccessRequest"], + "issuer":"{{baseUrl}}", + "expirationDate":"2022-09-12T12:00:00Z", + "issuanceDate":"2022-08-25T20:34:05.153Z", + "credentialStatus":{ + "id":"https://accessgrant.example/status/CVAM#2832", + "revocationListCredential":"https://accessgrant.example/status/CVAM", + "revocationListIndex":"2832", + "type":"RevocationList2020Status"}, + "credentialSubject":{ + "id":"https://id.test/username", + "hasConsent":{ + "mode":["Read","Append"], + "hasStatus":"https://w3id.org/GConsent#ConsentStatusRequested", + "isConsentForDataSubject":"https://id.test/agent", + "forPurpose":["https://purpose.test/Purpose1"], + "forPersonalData":["https://storage.test/data/"]}}, + "proof":{ + "created":"2022-08-25T20:34:05.236Z", + "proofPurpose":"assertionMethod", + "proofValue":"nIeQF44XVik7onnAbdkbp8xxJ2C8JoTw6-VtCkAzxuWYRFsSfYpft5MuAJaivyeKDmaK82Lj_YsME2xgL2WIBQ", + "type":"Ed25519Signature2020", + "verificationMethod":"https://accessgrant.example/key/1e332728-4af5-46e4-a5db-4f7b89e3f378"} +} + From 0569bb01503bcba840b34774eaef20cac4db0a92 Mon Sep 17 00:00:00 2001 From: Aaron Coburn Date: Tue, 23 May 2023 15:40:24 -0400 Subject: [PATCH 2/3] Clean up error messages --- .../java/com/inrupt/client/accessgrant/AccessGrantClient.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java index f37e1a3785b..e960a2bfe5d 100644 --- a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java +++ b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrantClient.java @@ -194,11 +194,11 @@ public CompletionStage requestAccess(final URI agent, final Set Date: Wed, 24 May 2023 08:23:15 -0400 Subject: [PATCH 3/3] update javadocs --- .../client/accessgrant/AccessDenial.java | 14 ++++++------- .../client/accessgrant/AccessGrant.java | 2 +- .../client/accessgrant/AccessRequest.java | 20 +++++++++---------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java index 163216ee29c..9b0674ecb01 100644 --- a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java +++ b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessDenial.java @@ -43,7 +43,7 @@ import org.apache.commons.io.IOUtils; /** - * An Access Grant abstraction, for use with interacting with Solid resources. + * An Access Denial abstraction, for use when interacting with Solid resources. */ public class AccessDenial implements AccessCredential { @@ -67,10 +67,10 @@ public class AccessDenial implements AccessCredential { /** * Read a verifiable presentation as an AccessDenial. * - * @param grant the Access Denial serialized as a verifiable presentation + * @param serialization the Access Denial serialized as a verifiable presentation */ - protected AccessDenial(final String grant) throws IOException { - try (final InputStream in = new ByteArrayInputStream(grant.getBytes())) { + protected AccessDenial(final String serialization) throws IOException { + try (final InputStream in = new ByteArrayInputStream(serialization.getBytes())) { // TODO process as JSON-LD final Map data = jsonService.fromJson(in, new HashMap(){}.getClass().getGenericSuperclass()); @@ -83,7 +83,7 @@ protected AccessDenial(final String grant) throws IOException { final Map vc = vcs.get(0); if (asSet(data.get(TYPE)).orElseGet(Collections::emptySet).contains("VerifiablePresentation")) { - this.credential = grant; + this.credential = serialization; this.issuer = asUri(vc.get("issuer")).orElseThrow(() -> new IllegalArgumentException("Missing or invalid issuer field")); this.identifier = asUri(vc.get("id")).orElseThrow(() -> @@ -139,8 +139,8 @@ public static AccessDenial of(final String serialization) { /** * Create an AccessDenial object from a serialized form. * - * @param serialization the serialized access grant - * @return a parsed access grant + * @param serialization the serialized access denial + * @return a parsed access denial */ public static AccessDenial of(final InputStream serialization) { try { diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrant.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrant.java index 9388f70d602..d9f76e0c770 100644 --- a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrant.java +++ b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessGrant.java @@ -43,7 +43,7 @@ import org.apache.commons.io.IOUtils; /** - * An Access Grant abstraction, for use with interacting with Solid resources. + * An Access Grant abstraction, for use when interacting with Solid resources. */ public class AccessGrant implements AccessCredential { diff --git a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessRequest.java b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessRequest.java index 4647adf103a..2928f845757 100644 --- a/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessRequest.java +++ b/access-grant/src/main/java/com/inrupt/client/accessgrant/AccessRequest.java @@ -43,7 +43,7 @@ import org.apache.commons.io.IOUtils; /** - * An Access Request abstraction, for use with interacting with Solid resources. + * An Access Request abstraction, for use when interacting with Solid resources. */ public class AccessRequest implements AccessCredential { @@ -67,10 +67,10 @@ public class AccessRequest implements AccessCredential { /** * Read a verifiable presentation as an AccessRequest. * - * @param grant the serialized form of an Access Request + * @param serialization the serialized form of an Access Request */ - protected AccessRequest(final String grant) throws IOException { - try (final InputStream in = new ByteArrayInputStream(grant.getBytes())) { + protected AccessRequest(final String serialization) throws IOException { + try (final InputStream in = new ByteArrayInputStream(serialization.getBytes())) { // TODO process as JSON-LD final Map data = jsonService.fromJson(in, new HashMap(){}.getClass().getGenericSuperclass()); @@ -83,7 +83,7 @@ protected AccessRequest(final String grant) throws IOException { final Map vc = vcs.get(0); if (asSet(data.get(TYPE)).orElseGet(Collections::emptySet).contains("VerifiablePresentation")) { - this.credential = grant; + this.credential = serialization; this.issuer = asUri(vc.get("issuer")).orElseThrow(() -> new IllegalArgumentException("Missing or invalid issuer field")); this.identifier = asUri(vc.get("id")).orElseThrow(() -> @@ -123,14 +123,14 @@ protected AccessRequest(final String grant) throws IOException { /** * Create an AccessRequest object from a serialized form. * - * @param serialization the serialized access grant - * @return a parsed access grant + * @param serialization the serialized access request + * @return a parsed access request */ public static AccessRequest of(final String serialization) { try { return new AccessRequest(serialization); } catch (final IOException ex) { - throw new IllegalArgumentException("Unable to read access grant", ex); + throw new IllegalArgumentException("Unable to read access request", ex); } } @@ -138,13 +138,13 @@ public static AccessRequest of(final String serialization) { * Create an AccessRequest object from a serialized form. * * @param serialization the access request - * @return a parsed access grant + * @return a parsed access request */ public static AccessRequest of(final InputStream serialization) { try { return of(IOUtils.toString(serialization, UTF_8)); } catch (final IOException ex) { - throw new IllegalArgumentException("Unable to read access grant", ex); + throw new IllegalArgumentException("Unable to read access request", ex); } }