Skip to content

Commit

Permalink
fix for DDCCGW-694 : kid generation with url encoding & DDCCGW-668 : …
Browse files Browse the repository at this point in the history 
…resolving did with corrosponding kid (#41)
  • Loading branch information
@dattatrayamote
dattatrayamote authored Aug 7, 2024
1 parent b0c0f3b commit 78d775e
Show file tree
Hide file tree
Showing 4 changed files with 163 additions and 44 deletions.
9 changes: 9 additions & 0 deletions src/main/java/tng/trustnetwork/keydistribution/repository/SignerInformationRepository.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,21 @@ public interface SignerInformationRepository extends JpaRepository<SignerInforma

List<SignerInformationEntity> getByCountryIsAndGroupIs(String country, String group);

List<SignerInformationEntity> getByCountryIsAndGroupIsAndKidIs(String country, String group, String kid);

List<SignerInformationEntity> getByDomainIsAndGroupIs(String domain, String group);

List<SignerInformationEntity> getByDomainIsAndGroupIsAndKidIs(String domain, String group, String kid);

List<SignerInformationEntity> getByGroupIs(String group);

List<SignerInformationEntity> getByGroupIsAndKidIs(String group, String kid);

List<SignerInformationEntity> getByDomainIsAndCountryIsAndGroupIs(String domain, String country, String group);

List<SignerInformationEntity> getByDomainIsAndCountryIsAndGroupIsAndKidIs(
String domain, String country, String group, String kid);

List<SignerInformationEntity> getBySubjectHashIsAndCountryIsAndDomainIs(
String subjectHash, String country, String domain);

Expand Down
23 changes: 23 additions & 0 deletions src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,13 @@ public List<SignerInformationEntity> getCertificatesByDomainParticipantGroup(
return signerInformationRepository.getByDomainIsAndCountryIsAndGroupIs(domain, participant, group);
}


public List<SignerInformationEntity> getCertificatesByDomainParticipantGroupKid(
String domain, String participant, String group, String kid) {

return signerInformationRepository.getByDomainIsAndCountryIsAndGroupIsAndKidIs(domain, participant, group, kid);
}

/**
* Returns signer information that are filtered by participant.
*
Expand Down Expand Up @@ -178,6 +185,11 @@ public List<SignerInformationEntity> getCertificatesByGroupCountry(String group,
return signerInformationRepository.getByCountryIsAndGroupIs(country, group);
}

public List<SignerInformationEntity> getCertificatesByKidGroupCountry(String country, String group, String kid) {

return signerInformationRepository.getByCountryIsAndGroupIsAndKidIs(country, group, kid);
}

/**
* Returns signer information that are filtered by domain and group.
*
Expand All @@ -190,6 +202,12 @@ public List<SignerInformationEntity> getCertificatesByDomainGroup(String domain,
return signerInformationRepository.getByDomainIsAndGroupIs(domain, group);
}


public List<SignerInformationEntity> getCertificatesByDomainGroupKid(String domain, String group, String kid) {

return signerInformationRepository.getByDomainIsAndGroupIsAndKidIs(domain, group, kid);
}

/**
* Returns signer information that are filtered by group.
*
Expand All @@ -201,6 +219,11 @@ public List<SignerInformationEntity> getCertificatesByGroup(String group) {
return signerInformationRepository.getByGroupIs(group);
}

public List<SignerInformationEntity> getCertificatesByGroupKid(String group, String kid) {

return signerInformationRepository.getByGroupIsAndKidIs(group, kid);
}

/**
* Returns signer information that are filtered by subjectHash, country, and domain.
*
Expand Down
95 changes: 89 additions & 6 deletions src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@
import com.apicatalog.jsonld.loader.DocumentLoader;
import com.danubetech.keyformats.crypto.ByteSigner;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.util.Base64URL;
import eu.europa.ec.dgc.utils.CertificateUtils;
import foundation.identity.jsonld.JsonLDException;
import foundation.identity.jsonld.JsonLDObject;
import info.weboftrust.ldsignatures.jsonld.LDSecurityKeywords;
import info.weboftrust.ldsignatures.signer.JsonWebSignature2020LdSigner;
import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
Expand Down Expand Up @@ -197,6 +197,29 @@ public void job() {
() -> signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, group),
Collections::emptyList)))));

// Add all domain, country, group, kid specific did
domains.forEach(
domain -> countries.forEach(
country -> groups.forEach(
group -> {
List<SignerInformationEntity> entityList =
signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, group);

entityList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(domain, getParticipantCode(country), getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByDomainParticipantGroupKid(
domain, country, group, entity.getKid()),

Collections::emptyList
));
});
}
)));


// Add all country and group specific did
countries.forEach(
country -> groups.forEach(
Expand All @@ -205,6 +228,27 @@ public void job() {
() -> signerInformationService.getCertificatesByGroupCountry(group, country),
Collections::emptyList))));

// Add all country, group, kid specific did
countries.forEach(
country -> groups.forEach(
group -> {
List<SignerInformationEntity> entityList =
signerInformationService.getCertificatesByGroupCountry(group, country);

entityList.forEach(entity -> {

didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByKidGroupCountry(
country, group, entity.getKid()),

Collections::emptyList
));
});
}));

// Add all domain and group specific did
domains.forEach(
domain -> groups.forEach(
Expand All @@ -213,13 +257,50 @@ public void job() {
() -> signerInformationService.getCertificatesByDomainGroup(domain, group),
Collections::emptyList))));

// Add all domain, group and kid specific did
domains.forEach(
domain -> groups.forEach(
group -> {
List<SignerInformationEntity> entityList =
signerInformationService.getCertificatesByDomainGroup(domain, group);
entityList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(domain, WILDCARD_CHAR, getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByDomainGroupKid(
domain, group, entity.getKid()),

Collections::emptyList
));
});
}));

// Add all group specific did
groups.forEach(
group -> didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group)),
() -> signerInformationService.getCertificatesByGroup(group),
Collections::emptyList)));

// Add all group, kid specific did
groups.forEach(
group -> {
List<SignerInformationEntity> entityList = signerInformationService.getCertificatesByGroup(group);
entityList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByGroupKid(group, entity.getKid()),

Collections::emptyList
));
});
}
);


Map<DidSpecification, String> didDocuments = new HashMap<>();
didSpecifications.forEach(specification -> didDocuments
.put(specification, this.generateTrustList(specification, false)));
Expand Down Expand Up @@ -271,8 +352,8 @@ private String generateTrustList(DidSpecification specification, boolean onlyRef
for (SignerInformationEntity signerInformationEntity : signerInformationEntities) {

if (onlyReferences) {
trustList.getVerificationMethod().add(specification.getEntryId(
URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8)));
trustList.getVerificationMethod().add(
specification.getEntryId(encodeKid(signerInformationEntity.getKid())));

} else {
X509Certificate parsedCertificate = kdsCertUtils.parseCertificate(signerInformationEntity.getRawData());
Expand Down Expand Up @@ -360,10 +441,9 @@ private void addTrustListEntry(DidTrustList trustList,

DidTrustListEntry trustListEntry = new DidTrustListEntry();
trustListEntry.setType("JsonWebKey2020");
trustListEntry.setId(specification.getEntryId(
URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8)));
trustListEntry.setId(specification.getEntryId(encodeKid(signerInformationEntity.getKid())));
trustListEntry.setController(specification.getDocumentId(false));
publicKeyJwk.setKid(URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8));
publicKeyJwk.setKid(encodeKid(signerInformationEntity.getKid()));
trustListEntry.setPublicKeyJwk(publicKeyJwk);

trustList.getVerificationMethod().add(trustListEntry);
Expand Down Expand Up @@ -439,4 +519,7 @@ private String generateNonce() {
return nonce.toString();
}

private String encodeKid(String kid) {
return Base64URL.encode(kid).toString();
}
}
Loading

0 comments on commit 78d775e

Please sign in to comment.