diff --git a/CREDITS.pdf b/CREDITS.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..9587a1d1692ae87d018354dfa8e6ecdde402eb45
Binary files /dev/null and b/CREDITS.pdf differ
diff --git a/LICENSE b/LICENSE
index baba40205e1e260e1c134130068e399f94c4284c..acd578109c274504ed94e3e1def85e0454f94023 100644
--- a/LICENSE
+++ b/LICENSE
@@ -2,3 +2,4 @@
Refer to [licence description](https://eupl.eu/1.2/en/)
+SIMPL is granting credits to open source projects referred in the CREDITS.pdf file.
\ No newline at end of file
diff --git a/openapi/openApi-doc-1.0.0-release.json b/openapi/openApi-doc-1.0.0-release.json
new file mode 100644
index 0000000000000000000000000000000000000000..fc8e74128ab6f084f7967d6dd5a785ab9c15b53e
--- /dev/null
+++ b/openapi/openApi-doc-1.0.0-release.json
@@ -0,0 +1,1902 @@
+{
+ "openapi": "3.0.1",
+ "info": {
+ "title": "OpenAPI definition",
+ "version": "v0"
+ },
+ "servers": [
+ {
+ "url": "https://users-roles.authority.svc.cluster.local",
+ "description": "Generated server url"
+ }
+ ],
+ "paths": {
+ "/user/{uuid}": {
+ "get": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Get user by UUID",
+ "description": "Retrieves a user by its UUID",
+ "operationId": "getUserByUuid",
+ "parameters": [
+ {
+ "name": "uuid",
+ "in": "path",
+ "description": "The UUID of the user",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "example": "01929051-2adb-7ee5-994a-b36f64fbb4dd"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved user",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/KeycloakUserDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid UUID format"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "User not found"
+ }
+ }
+ },
+ "put": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Update user",
+ "description": "Updates the details of an existing user by its UUID",
+ "operationId": "updateUser",
+ "parameters": [
+ {
+ "name": "uuid",
+ "in": "path",
+ "description": "The UUID of the user",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "example": "01929051-2adb-7ee5-994a-b36f64fbb4dd"
+ }
+ ],
+ "requestBody": {
+ "description": "The user details to update",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/KeycloakUserDTO"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "User updated successfully"
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "User not found"
+ }
+ }
+ },
+ "delete": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Delete user",
+ "description": "Deletes a user by its UUID",
+ "operationId": "deleteUser",
+ "parameters": [
+ {
+ "name": "uuid",
+ "in": "path",
+ "description": "The UUID of the user",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "example": "01929051-2adb-7ee5-994a-b36f64fbb4dd"
+ }
+ ],
+ "responses": {
+ "204": {
+ "description": "User deleted successfully"
+ },
+ "400": {
+ "description": "Invalid UUID format"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "User not found"
+ }
+ }
+ }
+ },
+ "/user/{uuid}/roles": {
+ "get": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Get user roles",
+ "description": "Retrieves the roles associated with a user by its UUID",
+ "operationId": "getRoles",
+ "parameters": [
+ {
+ "name": "uuid",
+ "in": "path",
+ "description": "The UUID of the user",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "example": "01929051-2adb-7ee5-994a-b36f64fbb4dd"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved user roles",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/KeycloakRoleDTO"
+ }
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "User not found"
+ }
+ }
+ },
+ "put": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Update user roles",
+ "description": "Updates the roles associated with a user by its UUID",
+ "operationId": "updateUserRoles",
+ "parameters": [
+ {
+ "name": "uuid",
+ "in": "path",
+ "description": "The UUID of the user",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "example": "01929051-2adb-7ee5-994a-b36f64fbb4dd"
+ }
+ ],
+ "requestBody": {
+ "description": "The list of roles to be assigned to the user",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "User roles updated successfully"
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "User not found"
+ }
+ }
+ }
+ },
+ "/role": {
+ "put": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Update an existing role",
+ "description": "Updates the details of an existing role in the system",
+ "operationId": "update",
+ "requestBody": {
+ "description": "The details of the role to be updated",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/KeycloakRoleDTO"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "409": {
+ "description": "Conflict"
+ },
+ "200": {
+ "description": "Successfully updated the role",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/RoleDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: Cannot modify role's name or User does not have the required role"
+ },
+ "404": {
+ "description": "Role not found"
+ }
+ }
+ },
+ "post": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Create a new role",
+ "description": "Creates a new role in the system with the provided details",
+ "operationId": "create",
+ "requestBody": {
+ "description": "The details of the role to be created",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/KeycloakRoleDTO"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "409": {
+ "description": "Conflict: role already exists"
+ },
+ "201": {
+ "description": "Successfully created the role",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/RoleDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/role/{id}/identity-attributes": {
+ "put": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Assign identity attributes to a role",
+ "description": "Assigns a list of identity attribute IDs to a specified role",
+ "operationId": "replaceIdentityAttributes",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "path",
+ "description": "The UUID of the role to which identity attributes will be assigned",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "example": "123e4567-e89b-12d3-a456-426614174000"
+ }
+ ],
+ "requestBody": {
+ "description": "List of identity attribute codes to be assigned to the role",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Successfully assigned identity attributes"
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "Role not found"
+ }
+ }
+ }
+ },
+ "/user/as-t1user": {
+ "post": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Create a user",
+ "description": "Creates a new tier-one user",
+ "operationId": "createUserAsT1",
+ "requestBody": {
+ "description": "The user details",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/KeycloakUserDTO"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "409": {
+ "description": "Conflict: User already exists"
+ },
+ "201": {
+ "description": "User created successfully",
+ "content": {
+ "text/plain": {
+ "schema": {
+ "type": "string",
+ "description": "The Id of the newly created user",
+ "example": "01929051-2adb-7ee5-994a-b36f64fbb4dd"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/session/credential": {
+ "post": {
+ "tags": [
+ "session-controller"
+ ],
+ "summary": "Validate Tier 1 session",
+ "description": "Validate the tier one session against the ephemeral proof stored in the agent",
+ "operationId": "validateTierOneSession",
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/TierOneSessionDTO"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "204": {
+ "description": "Tier 1 session validated successfully"
+ },
+ "422": {
+ "description": "Invalid Tier 1 session"
+ }
+ }
+ }
+ },
+ "/role/{id}/duplicate-identity-attribute": {
+ "post": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Duplicate identity attributes to another role",
+ "description": "Duplicates identity attributes from the source role to the destination role",
+ "operationId": "duplicateIdentityAttributeToAnOtherRole",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "path",
+ "description": "The UUID of the source role",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ }
+ }
+ ],
+ "requestBody": {
+ "description": "The UUID of the destination role",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Successfully duplicated identity attributes"
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "Source or destination role not found"
+ }
+ }
+ }
+ },
+ "/role/assigned-identity-attributes": {
+ "post": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Get identity attributes from role list",
+ "description": "Retrieves a list of identity attributes associated with the provided roles",
+ "operationId": "getIdentityAttributesFromRoleList",
+ "requestBody": {
+ "description": "List of role names from which to retrieve identity attributes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved identity attributes",
+ "content": {
+ "*/*": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/mtls/ephemeral-proof": {
+ "post": {
+ "tags": [
+ "mtls-controller"
+ ],
+ "summary": "Store Ephemeral Proof",
+ "description": "Stores the ephemeral proof for a participant identified by their UUID",
+ "operationId": "storeCallerEphemeralProof",
+ "parameters": [
+ {
+ "name": "Credential-Id",
+ "in": "header",
+ "description": "The Public Key Hash of the participant",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "description": "The ephemeral proof to be stored",
+ "content": {
+ "text/plain": {
+ "schema": {
+ "type": "string"
+ }
+ }
+ },
+ "required": true
+ },
+ "responses": {
+ "200": {
+ "description": "Ephemeral proof successfully stored"
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "404": {
+ "description": "Participant not found"
+ }
+ }
+ }
+ },
+ "/credential": {
+ "get": {
+ "tags": [
+ "credential-controller"
+ ],
+ "summary": "Check if a credential is present",
+ "description": "Returns true if a credential is present, false otherwise",
+ "operationId": "hasCredential",
+ "responses": {
+ "200": {
+ "description": "Successfully checked credential presence",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "boolean",
+ "description": "Boolean indicating if a credential is present",
+ "example": true
+ }
+ }
+ }
+ }
+ }
+ },
+ "post": {
+ "tags": [
+ "credential-controller"
+ ],
+ "summary": "Upload a credential file",
+ "description": "Uploads a credential file to the server and returns the ID of the uploaded credential",
+ "operationId": "uploadCredential",
+ "parameters": [
+ {
+ "name": "file",
+ "in": "query",
+ "description": "The credential file to be uploaded",
+ "required": true,
+ "content": {
+ "multipart/form-data": {}
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "multipart/form-data": {
+ "schema": {
+ "required": [
+ "file"
+ ],
+ "type": "object",
+ "properties": {
+ "file": {
+ "type": "string",
+ "format": "binary"
+ }
+ }
+ }
+ }
+ }
+ },
+ "responses": {
+ "201": {
+ "description": "Successfully uploaded credential",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "integer",
+ "description": "The id of the uploaded credential",
+ "example": 12345
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid file format"
+ }
+ }
+ },
+ "delete": {
+ "tags": [
+ "credential-controller"
+ ],
+ "summary": "Delete the credential",
+ "description": "Deletes the existing credential from the server",
+ "operationId": "delete",
+ "responses": {
+ "204": {
+ "description": "Successfully deleted credential"
+ },
+ "404": {
+ "description": "Credential not found"
+ }
+ }
+ }
+ },
+ "/user": {
+ "get": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Get user by email",
+ "description": "Retrieves a user by its email address",
+ "operationId": "getUser",
+ "parameters": [
+ {
+ "name": "email",
+ "in": "query",
+ "description": "The email of the user",
+ "required": true,
+ "schema": {
+ "type": "string"
+ },
+ "example": "user@example.com"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved user",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/KeycloakUserDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid email format"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "User not found"
+ }
+ }
+ }
+ },
+ "/user/search": {
+ "get": {
+ "tags": [
+ "user-controller"
+ ],
+ "summary": "Search users",
+ "description": "Searches for users based on various filter criteria",
+ "operationId": "search",
+ "parameters": [
+ {
+ "name": "username",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "firstName",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "lastName",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "email",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "first",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "format": "int32"
+ }
+ },
+ {
+ "name": "max",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "integer",
+ "format": "int32"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved list of users",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/KeycloakUserDTO"
+ }
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid filter criteria"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/session/{credentialId}": {
+ "get": {
+ "tags": [
+ "session-controller"
+ ],
+ "summary": "Retrieve identity attributes of a participant",
+ "description": "Fetches the identity attributes associated with the specified participant ID",
+ "operationId": "getIdentityAttributesOfParticipant",
+ "parameters": [
+ {
+ "name": "credentialId",
+ "in": "path",
+ "description": "The Public Key Hash of the participant",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved identity attributes",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/IdentityAttributeDTO"
+ }
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Ephemeral proof not found"
+ }
+ }
+ }
+ },
+ "/role/{id}": {
+ "get": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Find role by ID",
+ "description": "Retrieves a role by its unique identifier (UUID)",
+ "operationId": "findById",
+ "parameters": [
+ {
+ "name": "id",
+ "in": "path",
+ "description": "The UUID of the role",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "example": "123e4567-e89b-12d3-a456-426614174000"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved the role",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/RoleDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid UUID format"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "Role not found"
+ }
+ }
+ }
+ },
+ "/role/search": {
+ "get": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Search roles",
+ "description": "Searches for roles based on the provided filter criteria and pagination settings",
+ "operationId": "search_1",
+ "parameters": [
+ {
+ "name": "name",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "description",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "attributeName",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "page",
+ "in": "query",
+ "description": "Zero-based page index (0..N)",
+ "required": false,
+ "schema": {
+ "minimum": 0,
+ "type": "integer",
+ "default": 0
+ }
+ },
+ {
+ "name": "size",
+ "in": "query",
+ "description": "The size of the page to be returned",
+ "required": false,
+ "schema": {
+ "minimum": 1,
+ "type": "integer",
+ "default": 10
+ }
+ },
+ {
+ "name": "sort",
+ "in": "query",
+ "description": "Sorting criteria in the format: property,(asc|desc). Default sort order is ascending. Multiple sort criteria are supported.",
+ "required": false,
+ "schema": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "default": [
+ "id,ASC"
+ ]
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved the list of roles",
+ "content": {
+ "*/*": {
+ "schema": {
+ "$ref": "#/components/schemas/PageResponseRoleDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid filter or pagination parameters"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/mtls/ping": {
+ "get": {
+ "tags": [
+ "mtls-controller"
+ ],
+ "summary": "Ping the participant",
+ "description": "Performs a ping operation to check the participant's status using its credential id",
+ "operationId": "ping",
+ "parameters": [
+ {
+ "name": "Credential-Id",
+ "in": "header",
+ "description": "The Public Key Hash of the participant",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully pinged the participant",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ParticipantWithIdentityAttributesDTO"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Participant not found"
+ }
+ }
+ }
+ },
+ "/identity-attribute/search": {
+ "get": {
+ "tags": [
+ "identity-attribute-controller"
+ ],
+ "summary": "Search identity attributes with ownership",
+ "description": "Searches for identity attributes with ownership based on the provided filter and pagination settings",
+ "operationId": "search_2",
+ "parameters": [
+ {
+ "name": "code",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "name",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "enabled",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "boolean"
+ }
+ },
+ {
+ "name": "participantTypeIn",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "participantTypeNotIn",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "assignedToParticipant",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "boolean"
+ }
+ },
+ {
+ "name": "updateTimestampFrom",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string",
+ "format": "date-time"
+ }
+ },
+ {
+ "name": "updateTimestampTo",
+ "in": "query",
+ "required": false,
+ "schema": {
+ "type": "string",
+ "format": "date-time"
+ }
+ },
+ {
+ "name": "page",
+ "in": "query",
+ "description": "Zero-based page index (0..N)",
+ "required": false,
+ "schema": {
+ "minimum": 0,
+ "type": "integer",
+ "default": 0
+ }
+ },
+ {
+ "name": "size",
+ "in": "query",
+ "description": "The size of the page to be returned",
+ "required": false,
+ "schema": {
+ "minimum": 1,
+ "type": "integer",
+ "default": 10
+ }
+ },
+ {
+ "name": "sort",
+ "in": "query",
+ "description": "Sorting criteria in the format: property,(asc|desc). Default sort order is ascending. Multiple sort criteria are supported.",
+ "required": false,
+ "schema": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "default": [
+ "id,ASC"
+ ]
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved the identity attributes",
+ "content": {
+ "*/*": {
+ "schema": {
+ "$ref": "#/components/schemas/PagedModelIdentityAttributeWithOwnershipDTO"
+ }
+ }
+ }
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/credential/public-key": {
+ "get": {
+ "tags": [
+ "credential-controller"
+ ],
+ "summary": "Retrieve the public key",
+ "description": "Fetches the public key associated with the stored credential",
+ "operationId": "getPublicKey",
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved public key",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/CredentialDTO"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Credential not found"
+ }
+ }
+ }
+ },
+ "/credential/my-id": {
+ "get": {
+ "tags": [
+ "credential-controller"
+ ],
+ "summary": "Retrieve participant ID",
+ "description": "Fetches the participant ID associated with the current participant",
+ "operationId": "getMyParticipantId",
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved participant ID",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ParticipantDTO"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Credential not found"
+ }
+ }
+ }
+ },
+ "/credential/credential-id": {
+ "get": {
+ "tags": [
+ "credential-controller"
+ ],
+ "summary": "Retrieve credential ID",
+ "description": "Fetches the credential ID associated with the current participant",
+ "operationId": "getCredentialId",
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved credential ID",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ParticipantDTO"
+ }
+ }
+ }
+ },
+ "404": {
+ "description": "Credential not found"
+ }
+ }
+ }
+ },
+ "/agent/ping": {
+ "get": {
+ "tags": [
+ "agent-controller"
+ ],
+ "summary": "Ping a participant",
+ "description": "Pings a participant using the provided FQDN and returns identity attributes",
+ "operationId": "ping_1",
+ "parameters": [
+ {
+ "name": "fqdn",
+ "in": "query",
+ "description": "Fully Qualified Domain Name of the participant",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully pinged the participant",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/ParticipantWithIdentityAttributesDTO"
+ }
+ }
+ }
+ },
+ "400": {
+ "description": "Invalid FQDN provided"
+ }
+ }
+ }
+ },
+ "/agent/identity-attributes": {
+ "get": {
+ "tags": [
+ "agent-controller"
+ ],
+ "summary": "Get identity attributes with ownership",
+ "description": "Returns a list of identity attributes with ownership details",
+ "operationId": "getIdentityAttributesWithOwnership",
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved identity attributes with ownership",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/IdentityAttributeWithOwnershipDTO"
+ }
+ }
+ }
+ }
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/agent/identity-attributes/{credentialId}": {
+ "get": {
+ "tags": [
+ "agent-controller"
+ ],
+ "summary": "Get identity attributes with ownership",
+ "description": "Returns a list of identity attributes with ownership details",
+ "operationId": "getParticipantIdentityAttributes",
+ "parameters": [
+ {
+ "name": "certificateId",
+ "in": "query",
+ "description": "The certificate ID of the participant",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ },
+ {
+ "name": "credentialId",
+ "in": "path",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved identity attributes with ownership",
+ "content": {
+ "application/json": {
+ "schema": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/IdentityAttributeDTO"
+ }
+ }
+ }
+ }
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ },
+ "/agent/echo": {
+ "get": {
+ "tags": [
+ "agent-controller"
+ ],
+ "summary": "Get echo information",
+ "description": "Returns echo information including connection and MTLS status",
+ "operationId": "echo",
+ "responses": {
+ "200": {
+ "description": "Successfully retrieved echo information",
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/EchoDTO"
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "/session/current": {
+ "delete": {
+ "tags": [
+ "session-controller"
+ ],
+ "summary": "Current User Logout",
+ "description": "End the session for the current user",
+ "operationId": "deleteCurrentSession",
+ "responses": {
+ "204": {
+ "description": "Successfully deleted user session"
+ },
+ "400": {
+ "description": "Communication error with Keycloak admin"
+ }
+ }
+ }
+ },
+ "/role/{roleId}": {
+ "delete": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Delete a role by id",
+ "description": "Removes a role from the system using its id",
+ "operationId": "delete_1",
+ "parameters": [
+ {
+ "name": "roleId",
+ "in": "path",
+ "description": "The name of the role to be deleted",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ }
+ }
+ ],
+ "responses": {
+ "204": {
+ "description": "Successfully deleted the role"
+ },
+ "400": {
+ "description": "Invalid role name"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ },
+ "404": {
+ "description": "Role not found"
+ }
+ }
+ }
+ },
+ "/role/delete-attribute": {
+ "delete": {
+ "tags": [
+ "role-controller"
+ ],
+ "summary": "Delete an identity attribute from a role",
+ "description": "Removes an identity attribute from a specified role",
+ "operationId": "deleteAttributeFromRole",
+ "parameters": [
+ {
+ "name": "roleId",
+ "in": "query",
+ "description": "The UUID of the role from which the attribute will be removed",
+ "required": true,
+ "schema": {
+ "type": "string",
+ "format": "uuid"
+ }
+ },
+ {
+ "name": "attributeCode",
+ "in": "query",
+ "description": "The code of the attribute to be removed",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "responses": {
+ "204": {
+ "description": "Successfully removed the attribute from the role"
+ },
+ "400": {
+ "description": "Invalid input data"
+ },
+ "401": {
+ "description": "Access denied"
+ },
+ "403": {
+ "description": "Forbidden: User does not have the required role"
+ }
+ }
+ }
+ }
+ },
+ "components": {
+ "schemas": {
+ "ErrorDTO": {
+ "type": "object",
+ "properties": {
+ "error": {
+ "type": "string"
+ },
+ "elementName": {
+ "type": "string"
+ }
+ }
+ },
+ "KeycloakUserDTO": {
+ "required": [
+ "email",
+ "firstName",
+ "lastName",
+ "password",
+ "username"
+ ],
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "readOnly": true
+ },
+ "username": {
+ "type": "string"
+ },
+ "firstName": {
+ "type": "string"
+ },
+ "lastName": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "password": {
+ "type": "string"
+ },
+ "roles": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "KeycloakRoleDTO": {
+ "required": [
+ "name"
+ ],
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ }
+ }
+ },
+ "RoleDTO": {
+ "required": [
+ "id",
+ "name"
+ ],
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "name": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "assignedIdentityAttributes": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "TierOneSessionDTO": {
+ "required": [
+ "jwt"
+ ],
+ "type": "object",
+ "properties": {
+ "jwt": {
+ "type": "string"
+ }
+ }
+ },
+ "IdentityAttributeDTO": {
+ "required": [
+ "assignableToRoles",
+ "code",
+ "enabled",
+ "name"
+ ],
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "code": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "assignableToRoles": {
+ "type": "boolean"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "creationTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "updateTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "participantTypes": {
+ "uniqueItems": true,
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "used": {
+ "type": "boolean",
+ "readOnly": true
+ }
+ }
+ },
+ "PageMetadata": {
+ "type": "object",
+ "properties": {
+ "size": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "number": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "totalElements": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "totalPages": {
+ "type": "integer",
+ "format": "int64"
+ }
+ }
+ },
+ "PageResponseRoleDTO": {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/RoleDTO"
+ }
+ },
+ "page": {
+ "$ref": "#/components/schemas/PageMetadata"
+ },
+ "empty": {
+ "type": "boolean"
+ }
+ }
+ },
+ "ParticipantDTO": {
+ "required": [
+ "organization",
+ "participantType"
+ ],
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "participantType": {
+ "type": "string"
+ },
+ "organization": {
+ "type": "string"
+ },
+ "creationTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "updateTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "credentialId": {
+ "type": "string"
+ },
+ "expiryDate": {
+ "type": "string",
+ "format": "date-time"
+ }
+ }
+ },
+ "ParticipantWithIdentityAttributesDTO": {
+ "required": [
+ "organization",
+ "participantType"
+ ],
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "participantType": {
+ "type": "string"
+ },
+ "organization": {
+ "type": "string"
+ },
+ "creationTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "updateTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "credentialId": {
+ "type": "string"
+ },
+ "expiryDate": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "identityAttributes": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/IdentityAttributeDTO"
+ }
+ }
+ }
+ },
+ "IdentityAttributeWithOwnershipDTO": {
+ "required": [
+ "assignableToRoles",
+ "code",
+ "enabled",
+ "name"
+ ],
+ "type": "object",
+ "properties": {
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "code": {
+ "type": "string"
+ },
+ "name": {
+ "type": "string"
+ },
+ "description": {
+ "type": "string"
+ },
+ "assignableToRoles": {
+ "type": "boolean"
+ },
+ "enabled": {
+ "type": "boolean"
+ },
+ "creationTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "updateTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "participantTypes": {
+ "uniqueItems": true,
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "used": {
+ "type": "boolean",
+ "readOnly": true
+ },
+ "assignedToParticipant": {
+ "type": "boolean"
+ }
+ }
+ },
+ "PagedModelIdentityAttributeWithOwnershipDTO": {
+ "type": "object",
+ "properties": {
+ "content": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/IdentityAttributeWithOwnershipDTO"
+ }
+ },
+ "page": {
+ "$ref": "#/components/schemas/PageMetadata"
+ }
+ }
+ },
+ "CredentialDTO": {
+ "type": "object",
+ "properties": {
+ "publicKey": {
+ "type": "string"
+ }
+ }
+ },
+ "EchoDTO": {
+ "required": [
+ "organization",
+ "participantType"
+ ],
+ "type": "object",
+ "properties": {
+ "username": {
+ "type": "string"
+ },
+ "email": {
+ "type": "string"
+ },
+ "connectionStatus": {
+ "type": "string",
+ "enum": [
+ "CONNECTED",
+ "NOT_CONNECTED"
+ ]
+ },
+ "mtlsStatus": {
+ "type": "string",
+ "enum": [
+ "SECURED",
+ "NOT_SECURED"
+ ]
+ },
+ "userIdentityAttributes": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ },
+ "id": {
+ "type": "string",
+ "format": "uuid"
+ },
+ "participantType": {
+ "type": "string"
+ },
+ "organization": {
+ "type": "string"
+ },
+ "creationTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "updateTimestamp": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "credentialId": {
+ "type": "string"
+ },
+ "expiryDate": {
+ "type": "string",
+ "format": "date-time"
+ },
+ "identityAttributes": {
+ "type": "array",
+ "items": {
+ "$ref": "#/components/schemas/IdentityAttributeDTO"
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/pipeline.variables.sh b/pipeline.variables.sh
index a5a09eb470998447527e889a3d29d6250f48c3ef..a143c0eeb48e8d376d4d268c476c6b2259365bd8 100644
--- a/pipeline.variables.sh
+++ b/pipeline.variables.sh
@@ -1 +1 @@
-PROJECT_VERSION_NUMBER="1.1.0"
\ No newline at end of file
+PROJECT_VERSION_NUMBER="1.2.0"
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index f5fc48b6e23062895398a55b35fce3b8b29c1b87..e6b420cedfd3a120463032bdb7477fee950af67d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,12 +5,12 @@
<parent>
<groupId>eu.europa.ec.simpl</groupId>
<artifactId>simpl-parent</artifactId>
- <version>1.1.0</version>
+ <version>1.2.0-RC</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<artifactId>usersroles</artifactId>
- <version>1.1.0</version>
+ <version>1.2.0-RC</version>
<packaging>jar</packaging>
<name>UsersRoles</name>