Merge pull request #1389 from Cofinity-X/chore/security-fixes

Security improvements

pom.xml

@@ -63,7 +63,6 @@ SPDX-License-Identifier: Apache-2.0
         <maven-failsafe-plugin.version>3.2.5</maven-failsafe-plugin.version>
         <maven-site-plugin.version>4.0.0-M11</maven-site-plugin.version>
         <!-- versions for 3rd party dependecies -->
-        <commons.fileupload>1.5</commons.fileupload>
         <logback.version>1.5.6</logback.version>
         <eclipse-dash-ip.version>1.1.0</eclipse-dash-ip.version>
         <nimbus-jose-jwt.version>9.40</nimbus-jose-jwt.version>
@@ -92,7 +91,7 @@ SPDX-License-Identifier: Apache-2.0
         <awaitility.version>4.2.1</awaitility.version>
         <micrometer.version>1.11.4</micrometer.version>
         <!-- TODO https://github.com/eclipse-tractusx/traceability-foss/issues/978 update to the cx release version of irs lib IMPORTANT NO SNAPSHOT-->
-        <irs-client-lib.version>2.1.22</irs-client-lib.version>
+        <irs-client-lib.version>2.1.25</irs-client-lib.version>
         <json-schema-validator.version>5.4.0</json-schema-validator.version>
         <!-- Sonar related properties -->
         <sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>

tx-backend/pom.xml

@@ -67,12 +67,6 @@ SPDX-License-Identifier: Apache-2.0
             <version>${json-schema-validator.version}</version>
         </dependency>
 
-        <dependency>
-            <groupId>commons-fileupload</groupId>
-            <artifactId>commons-fileupload</artifactId>
-            <version>${commons.fileupload}</version>
-        </dependency>
-
 
         <!-- IRS Client for decentral registry approach -->
         <dependency>

tx-backend/src/main/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnEdcFacade.java

@@ -32,8 +32,8 @@
 import org.eclipse.edc.spi.types.domain.edr.EndpointDataReference;
 import org.eclipse.tractusx.irs.edc.client.ContractNegotiationService;
 import org.eclipse.tractusx.irs.edc.client.EDCCatalogFacade;
-import org.eclipse.tractusx.irs.edc.client.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.irs.edc.client.model.CatalogItem;
+import org.eclipse.tractusx.irs.edc.client.storage.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.traceability.bpn.domain.model.BpdmRequest;
 import org.eclipse.tractusx.traceability.bpn.infrastructure.model.BusinessPartnerResponse;
 import org.eclipse.tractusx.traceability.common.properties.BpdmProperties;

tx-backend/src/main/java/org/eclipse/tractusx/traceability/notification/domain/base/service/NotificationsEDCFacade.java

@@ -31,9 +31,9 @@
 import org.eclipse.edc.spi.types.domain.edr.EndpointDataReference;
 import org.eclipse.tractusx.irs.edc.client.ContractNegotiationService;
 import org.eclipse.tractusx.irs.edc.client.EDCCatalogFacade;
-import org.eclipse.tractusx.irs.edc.client.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.irs.edc.client.model.CatalogItem;
 import org.eclipse.tractusx.irs.edc.client.policy.PolicyCheckerService;
+import org.eclipse.tractusx.irs.edc.client.storage.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.traceability.common.properties.EdcProperties;
 import org.eclipse.tractusx.traceability.common.properties.TraceabilityProperties;
 import org.eclipse.tractusx.traceability.contracts.application.service.ContractService;

tx-backend/src/main/resources/application.yml

@@ -75,6 +75,7 @@ edc:
 irs-edc-client:
   callback:
     mapping: /internal/endpoint-data-reference
+    negotiation-mapping: /internal/negotiation-callback
   callback-url: ${EDC_CALLBACK_URL_EDC_CLIENT}
   controlplane:
     request-ttl: PT10M # How long to wait for an async EDC negotiation request to finish, ISO 8601 Duration

tx-backend/src/test/java/org/eclipse/tractusx/traceability/bpn/domain/service/BpnEdcFacadeTest.java

@@ -29,13 +29,13 @@
 import org.eclipse.edc.spi.types.domain.edr.EndpointDataReference;
 import org.eclipse.tractusx.irs.edc.client.ContractNegotiationService;
 import org.eclipse.tractusx.irs.edc.client.EDCCatalogFacade;
-import org.eclipse.tractusx.irs.edc.client.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.irs.edc.client.exceptions.ContractNegotiationException;
 import org.eclipse.tractusx.irs.edc.client.exceptions.TransferProcessException;
 import org.eclipse.tractusx.irs.edc.client.exceptions.UsagePolicyExpiredException;
 import org.eclipse.tractusx.irs.edc.client.exceptions.UsagePolicyPermissionException;
 import org.eclipse.tractusx.irs.edc.client.model.CatalogItem;
 import org.eclipse.tractusx.irs.edc.client.model.TransferProcessResponse;
+import org.eclipse.tractusx.irs.edc.client.storage.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.traceability.bpn.infrastructure.model.BusinessPartnerResponse;
 import org.eclipse.tractusx.traceability.common.properties.BpdmProperties;
 import org.junit.jupiter.api.Test;

tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/EdcSupport.java

@@ -21,7 +21,7 @@
 
 import com.xebialabs.restito.semantics.Condition;
 import org.eclipse.edc.spi.types.domain.edr.EndpointDataReference;
-import org.eclipse.tractusx.irs.edc.client.EndpointDataReferenceStorage;
+import org.eclipse.tractusx.irs.edc.client.storage.EndpointDataReferenceStorage;
 import org.eclipse.tractusx.traceability.integration.common.config.RestitoConfig;
 import org.glassfish.grizzly.http.util.HttpStatus;
 import org.springframework.beans.factory.annotation.Autowired;