README.md

# Test Plan for CAPIF Api Events Service
At this documentation you will have all information and related files and examples of test plan for this API.

---
## Test Case 1: Creates a new individual CAPIF Event Subscription.

**Test ID**: ***capif_api_events-1***

**Description**:

  This test case will check that a CAPIF subscriber (Invoker or Publisher) can Subscribe to Events

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)

**Execution Steps**:

  1. Register Invoker and Onboard Invoker at CCF
  2. Subscribe to Events
  3. Retrieve {subscriberId} and {subscriptionId} from Location Header

**Information of Test**:

  1. Perform [Invoker Onboarding]

  2. Event Subscription:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body]
     3. Use **Invoker Certificate**

**Expected Result**:

  1. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**

  2. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.

  3. Event Subscriptions are stored in CAPIF Database

---
## Test Case 2: Creates a new individual CAPIF Event Subscription with Invalid SubscriberId

**Test ID**: ***capif_api_events-2***

**Description**:

  This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Subscribe to Events without valid SubcriberId

**Pre-Conditions**:

  * CAPIF subscriber is not pre-authorised (has invalid InvokerId or apfId)

**Execution Steps**:

  1. Register Invoker and Onboard Invoker at CCF
  2. Subscribe to Events

**Information of Test**:

  1. Perform [Invoker Onboarding]

  2. Event Subscription:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{SUBSCRIBER_NOT_REGISTERED}/subscriptions**
     2. body [event subscription request body]
     3. Use **Invoker Certificate**

**Expected Result**:

  1. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**

  2. Response to Event Subscription must accomplish:
     1. **404 Not Found**
     2. Error Response Body must accomplish with **ProblemDetails** data structure with:
        * status 404
        * title with message "Not Found"
        * detail with message "Invoker or APF or AEF or AMF Not found".
        * cause with message "Subscriber Not Found".

  3. Event Subscriptions are not stored in CAPIF Database

---
## Test Case 3: Deletes an individual CAPIF Event Subscription

**Test ID**: ***capif_api_events-3***

**Description**:

  This test case will check that a CAPIF subscriber (Invoker or Publisher) can Delete an Event Subscription

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)

**Execution Steps**:

  1. Register Invoker and Onboard Invoker at CCF
  2. Subscribe to Events
  3. Retrieve {subscriberId} and {subscriptionId} from Location Header
  4. Remove Event Subscription

**Information of Test**:

  1. Perform [Invoker Onboarding]

  2. Event Subscription:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body]
     3. Use **Invoker Certificate**

  3. Remove Event Subscription:
     1. Send **DELETE** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. Use **Invoker Certificate**

**Expected Result**:

  1. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**

  2. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.

  3. Event Subscriptions are stored in CAPIF Database
  4. Remove Event Subscription:
     1. **204 No Content**

  5. Event Subscription is not present at CAPIF Database.

---
## Test Case 4: Deletes an individual CAPIF Event Subscription with invalid SubscriberId

**Test ID**: ***capif_api_events-4***

**Description**:

  This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Delete to Events without valid SubcriberId

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId).
  * CAPIF subscriber is subscribed to Events.

**Execution Steps**:

  1. Register Invoker and Onboard Invoker at CCF
  2. Subscribe to Events
  3. Retrieve Location Header with subscriptionId.
  4. Remove Event Subscribed with not valid Subscriber.

**Information of Test**:

  1. Perform [Invoker Onboarding]

  2. Event Subscription:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body]
     3. Use **Invoker Certificate**

  3. Remove Event Subcription with not valid subscriber:
     1. Send **DELETE** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{SUBSCRIBER_ID_NOT_VALID}/subscriptions/{subcriptionId}**
     2. Use **Invoker Certificate**

**Expected Result**:

  1. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**

  2. Response to Event Subscription must accomplish:
     1. 201 Created
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.

  3. Event Subscriptions are stored in CAPIF Database
  4. Error Response Body must accomplish with **ProblemDetails** data structure with:

     * status 404
     * title with message "Not Found"
     * detail with message "Invoker or APF or AEF or AMF Not found".
     * cause with message "Subscriber Not Found".

---
## Test Case 5: Deletes an individual CAPIF Event Subscription with invalid SubscriptionId

**Test ID**: ***capif_api_events-5***

**Description**:

  This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Delete an Event Subscription without valid SubscriptionId

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has invalid InvokerId or apfId).
  * CAPIF subscriber is subscribed to Events.

**Execution Steps**:

  1. Register Invoker and Onboard Invoker at CCF
  2. Subscribe to Events
  3. Retrieve Location Header with subscriptionId.
  4. Remove Event Subscribed with not valid Subscriber.

**Information of Test**:

  1. Perform [Invoker Onboarding]

  2. Event Subscription:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body]
     3. Use **Invoker Certificate**

  3. Remove Event Subcription with not valid subscriber:
     1. Send **DELETE** to to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subcriberId}/subscriptions/{SUBSCRIPTION_ID_NOT_VALID}**
     2. Use **Invoker Certificate**

**Expected Result**:

  1. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**

  2. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.

  3. Event Subscriptions are stored in CAPIF Database
  4. Remove Event Subscription with not valid subscriber:
     1. **404 Not Found**
     2. Error Response Body must accomplish with **ProblemDetails** data structure with:
        * status 404
        * detail with message "Service API not existing".
        * cause with message "Event API subscription id not found".

---
## Test Case 6: Invoker receives Service API Invocation events

**Test ID**: ***capif_api_events-6***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF Send **TO** logging service result of invocations to their APIs.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered and published APIs.
  * API Provider had a Service API Published on CAPIF
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register provider and publish one API at CCF
  2. Register Invoker and Onboard Invoker at CCF
  3. Discover published APIs and extract apiIds and apiNames
  4. Subscribe to **SERVICE_API_INVOCATION_SUCCESS** and **SERVICE_API_INVOCATION_FAILURE** event filtering by aefId. Enhanced_event_report active at supported features.
  5. Retrieve {subscriberId} and {subscriptionId} from Location Header
  6. Emulate Success and Failure on API invocation of provider by Invoker, using Invocation Logs API.

**Information of Test**:

  1. Perform [provider registration]
  2. Publish Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_1**
     * Store **serviceApiId**
     * Use **APF Certificate**

  3. Perform [invoker onboarding]
  4. Discover published APIs:

     * Get **Api Ids** And **Api Names** from response.

  5. Event Subscription to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE of provider previously registered:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['SERVICE_API_INVOCATION_SUCCESS','SERVICE_API_INVOCATION_FAILURE']**
        2. eventFilter: only receive events from provider's aefId.
        3. supportedFeatures: binary 0100 -> string **4**
     3. Use **Invoker Certificate**

  6. Create Log Entry emulating provider receive Success and Failure api invocation from invoker:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
     2. body [log entry request body] with:
        1. aefId from provider published.
        2. apiInvokerId from invoker onboarded.
        3. apiId of published API
        4. apiName of published API
        5. 200 and 400 results in two logs.
     3. Use **AEF Certificate**

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Response to creation of log entry on CCF must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/api-invocation-logs/{apiVersion}/{aefId}/subscriptions/{logId}**
  3. Mock Server received messages must accomplish:
     1. **Two Events have been received**.
     2. Validate received events follow **EventNotification** data structure, with **invocationLog** in **eventDetail** parameter.
        1. One should be **SERVICE_API_INVOCATION_SUCCESS** related with **200** result at Log.
        2. The other one must be **SERVICE_API_INVOCATION_FAILURE** related with **400** result at Log.

---
## Test Case 7: Invoker subscribe to Service API Available and Unavailable events

**Test ID**: ***capif_api_events-7***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered and published APIs.
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register provider and publish one API at CCF
  2. Register Invoker and Onboard Invoker at CCF
  3. Discover published APIs and extract apiIds and apiNames
  4. Subscribe to **SERVICE_API_AVAILABLE** and **SERVICE_API_UNAVAILABLE** event filtering by aefId. Enhanced_event_report active at supported features.
  5. Retrieve {subscriberId} and {subscriptionId} from Location Header
  6. Provider publish new API.
  7. Provider remove published API.

**Information of Test**:

  1. Perform [provider registration]
  2. Publish Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_1**
     * Store **serviceApiId**
     * Use **APF Certificate**

  3. Perform [invoker onboarding]
  4. Discover published APIs:

     * Get **Api Ids** And **Api Names** from response.

  5. Event Subscription to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE of provider previously registered:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['SERVICE_API_AVAILABLE','SERVICE_API_UNAVAILABLE']**
        2. eventFilter: only receive events from provider's aefId.
        3. supportedFeatures: binary 0100 -> string **4**
     3. Use **Invoker Certificate**

  6. Publish new Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_2**
     * Store **serviceApiId**
     * Use **APF Certificate**

  7. Remove published Service API at CCF:
     * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID}**
     * Use **APF Certificate**


**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.

  2. Mock Server received messages must accomplish:
     1. **Two Events have been received**.
     2. Validate received events follow **EventNotification** data structure, with **apiIds** in **eventDetail** parameter.
        1. One should be **SERVICE_API_AVAILABLE** apiId of **service_2** published API.
        2. The other one must be **SERVICE_API_UNAVAILABLE** apiId of **service_1** published API.

---
## Test Case 8: Invoker subscribe to Service API Update

**Test ID**: ***capif_api_events-8***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to SERVICE_API_UPDATE, receive the notification when AEF Update some information on API Published.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered and published APIs.
  * API Provider had a Service API Published on CAPIF
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register Provider and publish one API at CCF
  2. Register Invoker and Onboard Invoker at CCF
  3. Discover published APIs and extract apiIds and apiNames
  4. Subscribe to **SERVICE_API_UPDATE** event filtering by aefId. Enhanced_event_report active at supported features.
  5. Retrieve {subscriberId} and {subscriptionId} from Location Header at event subscription
  6. Provider update information of Service API Published.

**Information of Test**:

  1. Check and Clean Mock Server
  2. Perform [provider registration]
  3. Publish Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_1**
     * Use ***APF Certificate***
     * Store **serviceApiId**

  4. Perform [invoker onboarding]
  5. Discover published APIs:

     * Get **Api Ids** And **Api Names** from response.

  6. Event Subscription to SERVICE_API_UPDATE of provider previously registered:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['SERVICE_API_UPDATE']**
        2. eventFilter: only receive events from provider's aefId.
        3. supportedFeatures: binary 0100 -> string **4**
     3. Use **Invoker Certificate**

  7. Update published API at CCF:
     * Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
     * body [service api description] with overrided **apiName** to **service_1**_modified**
     * Use **APF Certificate**

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Response to Update Published Service API:
     1. **200 OK**
     2. Response Body must follow **ServiceAPIDescription** data structure with:
        * apiName **service_1**_modified**
  3. Mock Server received messages must accomplish:
     1. **One Event has been received**.
     2. Validate received events follow **EventNotification** data structure, with **serviceAPIDescriptions** in **eventDetail** parameter.
        1. Event should be **SERVICE_API_UPDATE** with **eventDetail** with modified **apiName**.

---
## Test Case 9: Provider subscribe to API Invoker events

**Test ID**: ***capif_api_events-9***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Provider subscribed to API Invoker events (API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED), receive the notifications when Invoker is onboarded, updated and removed respectively.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered.
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register Provider at CCF
  2. Subscribe Provider to **API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED** events. Enhanced_event_report active at supported features.
  3. Register Invoker and Onboard Invoker at CCF
  4. Update Onboarding Information at CCF with a minor change on "notificationDestination"
  5. Offboard Invoker

**Information of Test**:

  1. Check and Clean Mock Server
  2. Perform [provider registration]
  3. Event Subscription to API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED events:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['API_INVOKER_ONBOARDED', 'API_INVOKER_UPDATED', 'API_INVOKER_OFFBOARDED']**
        2. supportedFeatures: binary 0100 -> string **4**
     3. Use **Provider AMF Certificate**
  4. Perform [invoker onboarding]
  5. Update information of previously onboarded Invoker:
     * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
     * Reference Request Body is: [put invoker onboarding body]
       * "notificationDestination": "**http://host.docker.internal:8086/netapp_new_callback**",
  6. Offboard:
     * Send **DELETE** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
  3. Response to Update Request (PUT) with minor change must contain:
     1. **200 OK** response.
     2. notificationDestination on response must contain the new value
  4. Response to Offboard Request (DELETE) must contain:
     1. **204 No Content**
  5. Mock Server received messages must accomplish:
     1. **Three Events have been received**.
     2. Validate received events follow **EventNotification** data structure, with **apiInvokerIds** in **eventDetail** parameter.
        1. One Event should be **API_INVOKER_ONBOARDED** with **eventDetail** with modified **apiInvokerId**.
        2. One Event should be **API_INVOKER_UPDATED** with **eventDetail** with modified **apiInvokerId**.
        3. One Event should be **API_INVOKER_OFFBOARDED** with **eventDetail** with modified **apiInvokerId**.
---
## Test Case 10: Provider subscribed to ACL update event

**Test ID**: ***capif_api_events-10***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Provider subscribed to ACCESS_CONTROL_POLICY_UPDATE receive a notification when ACL Changes.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered.
  * API Provider had one Service API Published on CAPIF
  * API Invoker had a Security Context for the Service API published by provider.
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register Provider at CCF.
  2. Publish a provider API with name **service_1**.
  3. Register Invoker and Onboard Invoker at CCF.
  4. Subscribe Provider to **ACCESS_CONTROL_POLICY_UPDATE** event. Enhanced_event_report active at supported features.
  5. Discover APIs filtered by **aef_id**
  6. Create Security Context for Invoker.
  7. Provider Retrieve ACL

**Information of Test**:

  1. Check and Clean Mock Server
  2. Perform [provider registration]
  3. Perform [invoker onboarding]
  4. Event Subscription to **ACCESS_CONTROL_POLICY_UPDATE** event:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['ACCESS_CONTROL_POLICY_UPDATE']**
        2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
        3. supportedFeatures: binary 0100 -> string **4**
     3. Use **Provider AMF Certificate**
  5. Discover published APIs
  6. Create Security Context for Invoker
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Use **Invoker Certificate**
  7. Provider Retrieve ACL
     * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
     * Use **serviceApiId** and **aefId**
     * Use AEF Provider Certificate

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Create security context:
     1. **201 Created** response.
     2. body returned must accomplish **ServiceSecurity** data structure.
     3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
  3. ACL Response:
     1. **200 OK** Response.
     2. body returned must accomplish **AccessControlPolicyList** data structure.
     3. apiInvokerPolicies must:
        1. contain only one object.
        2. apiInvokerId must match apiInvokerId registered previously.
  4. Mock Server received messages must accomplish:
     1. **One Event has been received**.
     2. Validate received event follow **EventNotification** data structure, with **accCtrlPolListExt** in **eventDetail** parameter.
        1. One Event should be **ACCESS_CONTROL_POLICY_UPDATE** with **eventDetail** with **accCtrlPolListExt** including the **apiId** and **apiInvokerPolicies**.

---
## Test Case 11: Provider receives an ACL unavailable event when invoker remove Security Context.

**Test ID**: ***capif_api_events-11***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to ACCESS_CONTROL_POLICY_UNAVAILABLE will receive the notification when AEF remove Security Context created previously.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered.
  * API Provider had one Service API Published on CAPIF
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register Provider at CCF.
  2. Publish a provider API with name **service_1**.
  3. Register Invoker and Onboard Invoker at CCF.
  4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event. Enhanced_event_report active at supported features.
  5. Discover APIs filtered by **aef_id**
  6. Create Security Context for Invoker.
  7. Provider Retrieve ACL.
  8. Remove Security Context for Invoker.

**Information of Test**:

  1. Check and Clean Mock Server
  2. Perform [provider registration]
  3. Perform [invoker onboarding]
  4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE']**
        2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
        3. supportedFeatures: binary 0100 -> string **4**
     3. Use **Invoker Certificate**
  5. Discover published APIs
  6. Create Security Context for Invoker
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Use **Invoker Certificate**
  7. Provider Retrieve ACL
     * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
     * Use **serviceApiId** and **aefId**
     * Use **AEF Provider Certificate**
  8. Delete Security Context of Invoker by Provider:
     * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Use **AEF Certificate**

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Create security context:
     1. **201 Created** response.
     2. body returned must accomplish **ServiceSecurity** data structure.
     3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
  3. ACL Response:
     1. **200 OK** Response.
     2. body returned must accomplish **AccessControlPolicyList** data structure.
     3. apiInvokerPolicies must:
        1. contain only one object.
        2. apiInvokerId must match apiInvokerId registered previously.
  4. Delete security context:
     1. **204 No Content** response.
  5. Mock Server received messages must accomplish:
     1. **One Event has been received**.
     2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
        1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
---
## Test Case 12: Invoker receives an Invoker Authorization Revoked and ACL unavailable event when Provider revoke Invoker Authorization.

**Test ID**: ***capif_api_events-12***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to API_INVOKER_AUTHORIZATION_REVOKED and ACCESS_CONTROL_POLICY_UNAVAILABLE receive both notification when AEF revoke invoker's authorization.
  Enhanced Event Report feature must be active.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered.
  * API Provider had one Service API Published on CAPIF
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register Provider at CCF.
  2. Publish a provider API with name **service_1**.
  3. Register Invoker and Onboard Invoker at CCF.
  4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events.  Enhanced_event_report active at supported features.
  5. Discover APIs filtered by **aef_id**
  6. Create Security Context for Invoker.
  7. Revoke Authorization by Provider.

**Information of Test**:

  1. Check and Clean Mock Server
  2. Perform [provider registration]
  3. Perform [invoker onboarding]
  4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** event:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE','API_INVOKER_AUTHORIZATION_REVOKED']**
        2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
        3. supportedFeatures: binary 0100 -> string **4**
     3. Use **Invoker Certificate**
  5. Discover published APIs
  6. Create Security Context for Invoker
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Use **Invoker Certificate**
  7. Revoke Authorization by Provider:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
     * body [security notification body]
     * Using **AEF Certificate**.

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Create security context:
     1. **201 Created** response.
     2. body returned must accomplish **ServiceSecurity** data structure.
     3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
  4. Revoke Authorization:
     1. **204 No Content** response.
  5. Mock Server received messages must accomplish:
     1. **Two Events has been received**.
     2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
        1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
        2. One Event should be **API_INVOKER_AUTHORIZATION_REVOKED** without **eventDetail**.

---
## Test Case 13: Creates a new individual CAPIF Event Subscription without supported features attribute.

**Test ID**: ***capif_api_events-13***

**Description**:

  This test case will check error when CAPIF subscriber (Invoker or Publisher) Subscribe to Events without supported features attribute.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)

**Execution Steps**:

  1. Register Invoker and Onboard Invoker at CCF
  2. Subscribe to Events without supported features
  3. Retrieve {subscriberId} and {subscriptionId} from Location Header

**Information of Test**:

  1. Perform [Invoker Onboarding]

  2. Event Subscription:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body]
        1. supportedFeatures NOT PRESENT.
     3. Use **Invoker Certificate**

**Expected Result**:

  1. Response to Onboard request must accomplish:
     1. **201 Created**
     2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
        * apiInvokerId
        * onboardingInformation->apiInvokerCertificate must contain the public key signed.
     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**

  1. Response to Event Subscription must accomplish:
     1. **400 Bad Request**
     2. Error Response Body must accomplish with **ProblemDetails** data structure with:
        * status 400
        * title with message "Bad Request"
        * detail with message "supportedFeatures not present in request".
        * cause with message "supportedFeatures not present".

---

## Test Case 14: Invoker receives Service API Invocation events without Enhanced Event Report

**Test ID**: ***capif_api_events-14***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF Send **TO** logging service result of invocations to their APIs.
  Enhanced Event Report feature must be inactive.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered and published APIs.
  * API Provider had a Service API Published on CAPIF
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register provider and publish one API at CCF
  2. Register Invoker and Onboard Invoker at CCF
  3. Discover published APIs and extract apiIds and apiNames
  4. Subscribe to **SERVICE_API_INVOCATION_SUCCESS** and **SERVICE_API_INVOCATION_FAILURE** event filtering by aefId. Enhanced_event_report inactive at supported features.
  5. Retrieve {subscriberId} and {subscriptionId} from Location Header
  6. Emulate Success and Failure on API invocation of provider by Invoker, using Invocation Logs API.

**Information of Test**:

  1. Perform [provider registration]
  2. Publish Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_1**
     * Store **serviceApiId**
     * Use **APF Certificate**

  3. Perform [invoker onboarding]
  4. Discover published APIs:

     * Get **Api Ids** And **Api Names** from response.

  5. Event Subscription to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE of provider previously registered:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['SERVICE_API_INVOCATION_SUCCESS','SERVICE_API_INVOCATION_FAILURE']**
        2. eventFilter: only receive events from provider's aefId.
        3. supportedFeatures: binary 0000 -> string **0**
     3. Use **Invoker Certificate**

  6. Create Log Entry emulating provider receive Success and Failure api invocation from invoker:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
     2. body [log entry request body] with:
        1. aefId from provider published.
        2. apiInvokerId from invoker onboarded.
        3. apiId of published API
        4. apiName of published API
        5. 200 and 400 results in two logs.
     3. Use **AEF Certificate**

**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.
  2. Response to creation of log entry on CCF must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/api-invocation-logs/{apiVersion}/{aefId}/subscriptions/{logId}**
  3. Mock Server received messages must accomplish:
     1. **Two Events have been received**.
     2. Validate received events follow **EventNotification** data structure, without **eventDetail** parameter.
        1. One should be **SERVICE_API_INVOCATION_SUCCESS** related with **200** result at Log.
        2. The other one must be **SERVICE_API_INVOCATION_FAILURE** related with **400** result at Log.

---
## Test Case 15: Invoker subscribe to Service API Available and Unavailable events without Enhanced Event Report

**Test ID**: ***capif_api_events-15***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it.
  Enhanced Event Report feature must be inactive.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered and published APIs.
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register provider and publish one API at CCF
  2. Register Invoker and Onboard Invoker at CCF
  3. Discover published APIs and extract apiIds and apiNames
  4. Subscribe to **SERVICE_API_AVAILABLE** and **SERVICE_API_UNAVAILABLE** event filtering by aefId. Enhanced_event_report inactive at supported features.
  5. Retrieve {subscriberId} and {subscriptionId} from Location Header
  6. Provider publish new API.
  7. Provider remove published API.

**Information of Test**:

  1. Perform [provider registration]
  2. Publish Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_1**
     * Store **serviceApiId**
     * Use **APF Certificate**

  3. Perform [invoker onboarding]
  4. Discover published APIs:

     * Get **Api Ids** And **Api Names** from response.

  5. Event Subscription to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE of provider previously registered:
     1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
     2. body [event subscription request body] with:
        1. events: **['SERVICE_API_AVAILABLE','SERVICE_API_UNAVAILABLE']**
        2. eventFilter: only receive events from provider's aefId.
        3. supportedFeatures: binary 0000 -> string **0**
     3. Use **Invoker Certificate**

  6. Publish new Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_2**
     * Store **serviceApiId**
     * Use **APF Certificate**

  7. Remove published Service API at CCF:
     * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID}**
     * Use **APF Certificate**


**Expected Result**:

  1. Response to Event Subscription must accomplish:
     1. **201 Created**
     2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
     3. Response Body must follow **EventSubscription** data structure.

  2. Mock Server received messages must accomplish:
     1. **Two Events have been received**.
     2. Validate received events follow **EventNotification** data structure, without **eventDetail** parameter.
        1. One should be **SERVICE_API_AVAILABLE** apiId of **service_2** published API.
        2. The other one must be **SERVICE_API_UNAVAILABLE** apiId of **service_1** published API.

---
## Test Case 16: Invoker subscribe to Service API Update without Enhanced Event Report

**Test ID**: ***capif_api_events-16***, ***mockserver***

**Description**:

  This test case will check that a CAPIF Invoker subscribed to SERVICE_API_UPDATE, receive the notification when AEF Update some information on API Published.
  Enhanced Event Report feature must be inactive.

**Pre-Conditions**:

  * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
  * CAPIF provider is correctly registered and published APIs.
  * API Provider had a Service API Published on CAPIF
  * **Mock Server is up and running to receive requests.**
  * **Mock Server is clean.**

**Execution Steps**:

  1. Register Provider and publish one API at CCF
  2. Register Invoker and Onboard Invoker at CCF
  3. Discover published APIs and extract apiIds and apiNames
  4. Subscribe to **SERVICE_API_UPDATE** event filtering by aefId. Enhanced_event_report inactive at supported features.
  5. Retrieve {subscriberId} and {subscriptionId} from Location Header at event subscription
  6. Provider update information of Service API Published.

**Information of Test**:

  1. Check and Clean Mock Server
  2. Perform [provider registration]
  3. Publish Service API at CCF:

     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
     * body [service api description] with apiName **service_1**
     * Use ***APF Certificate***
     * Store **serviceApiId**

  4. Perform [invoker onboarding]
  5. Discover published APIs:

     * Get **Api Ids** And **Api Names** from response.