diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java index 2b91f13..673f132 100644 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java +++ b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java @@ -130,6 +130,15 @@ public String getDocumentId(boolean ref) { + String.join(SEPARATOR_DID_PATH, path)); } + public String getControllerId(boolean ref) { + //Example Id: did:web:tng-cdn-dev.who.int:trustlist:v.2.0.0:DDCC:XXA:DSC + //Controller Id: did:web:tng-cdn-dev.who.int:trustlist:v.2.0.0:DDCC:XXA + return configProperties.getDid().getDidId() + + SEPARATOR_DID_PATH + getListPathElement(ref) + + (path.size() <= 1 ? "" : SEPARATOR_DID_PATH + + String.join(SEPARATOR_DID_PATH, path.subList(0, path.size() - 1))); + } + public String getEntryId(String kid) { //Example: did:web:tng-cdn-dev.who.int:trustlist:v.2.0.0:DDCC:XXA:DSC#kidkidkid return getDocumentId(false) + SEPARATOR_DID_ID + kid; @@ -470,7 +479,7 @@ private String generateTrustList(DidSpecification specification, boolean onlyRef DidTrustList trustList = new DidTrustList(); trustList.setContext(DID_CONTEXTS); trustList.setId(specification.getDocumentId(onlyReferences)); - trustList.setController(specification.getDocumentId(onlyReferences)); + trustList.setController(specification.getControllerId(onlyReferences)); trustList.setVerificationMethod(new ArrayList<>()); // Add Certificates @@ -525,18 +534,34 @@ private String generateTrustList(DidSpecification specification, boolean onlyRef PublicKey publicKey = parsedCertificate.getPublicKey(); DidTrustListEntry.PublicKeyJwk publicKeyJwk = null; - if (publicKey instanceof RSAPublicKey rsaPublicKey) { - publicKeyJwk = new DidTrustListEntry.RsaPublicKeyJwk( - rsaPublicKey, List.of(signerInformationEntity.getRawData())); - } else if (publicKey instanceof ECPublicKey ecPublicKey) { - publicKeyJwk = new DidTrustListEntry.EcPublicKeyJwk( - ecPublicKey, List.of(signerInformationEntity.getRawData())); + try { + if (publicKey instanceof RSAPublicKey rsaPublicKey) { + publicKeyJwk = new DidTrustListEntry.RsaPublicKeyJwk( + rsaPublicKey, List.of(signerInformationEntity.getRawData())); - } else { - log.error("Public Key is not RSA or EC Public Key for cert {} of country {}", - signerInformationEntity.getKid(), - signerInformationEntity.getCountry()); + } else if (publicKey instanceof ECPublicKey ecPublicKey) { + publicKeyJwk = new DidTrustListEntry.EcPublicKeyJwk( + ecPublicKey, List.of(signerInformationEntity.getRawData())); + + } else { + log.error("Public Key is not RSA or EC Public Key for cert {} of country {}", + signerInformationEntity.getKid(), + signerInformationEntity.getCountry()); + + continue; + } + + } catch (Exception ex) { + String failedFor = " Domain -- " + signerInformationEntity.getDomain() + "," + + " Country -- " + signerInformationEntity.getCountry() + "," + + " Group -- " + signerInformationEntity.getGroup() + "," + + " KID -- " + signerInformationEntity.getKid(); + + log.error("PublicKey Export Generation Failed for : [" + failedFor + " ]" + + "\n" + " Exception : " + ex.getMessage()); + + continue; } addTrustListEntry(trustList, specification, signerInformationEntity, publicKeyJwk); @@ -596,7 +621,7 @@ private void addTrustListEntry(DidTrustList trustList, DidTrustListEntry trustListEntry = new DidTrustListEntry(); trustListEntry.setType("JsonWebKey2020"); trustListEntry.setId(specification.generateTrustListVerificationId(signerInformationEntity)); - trustListEntry.setController(specification.getDocumentId(false)); + trustListEntry.setController(specification.getControllerId(false)); publicKeyJwk.setKid(encodeKid(signerInformationEntity.getKid())); trustListEntry.setPublicKeyJwk(publicKeyJwk); diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java index 1fd2dcb..774dcbe 100644 --- a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java +++ b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java @@ -240,7 +240,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist"); break; case "did:web:abc:trustlist:-": - Assertions.assertEquals("did:web:abc:trustlist:-", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist", parsed.getController()); Assertions.assertEquals(4, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-",encodeKid(certDscDeKid)), @@ -254,7 +254,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:-": - Assertions.assertEquals("did:web:abc:trustlist:-:-", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-", parsed.getController()); Assertions.assertEquals(4, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-",encodeKid(certDscDeKid)), @@ -264,7 +264,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:-": - Assertions.assertEquals("did:web:abc:trustlist:DCC:-", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC", parsed.getController()); Assertions.assertEquals(4, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-",encodeKid(certDscDeKid)), @@ -275,7 +275,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { case "did:web:abc:trustlist:DCC:XEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU:DSC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU:DSC",encodeKid(certDscEuKid)), @@ -283,7 +283,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC": - Assertions.assertEquals("did:web:abc:trustlist:DCC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist", parsed.getController()); Assertions.assertEquals(4, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC", encodeKid(certDscDeKid)), @@ -293,7 +293,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:XEU": - Assertions.assertEquals("did:web:abc:trustlist:-:XEU", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU",encodeKid(certCscaEuKid)), @@ -303,7 +303,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:DEU": - Assertions.assertEquals("did:web:abc:trustlist:-:DEU", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU",encodeKid(certDscDeKid)), @@ -313,7 +313,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:XEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU:CSA", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU:CSA",encodeKid(certCscaEuKid)), @@ -321,7 +321,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:DEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU:DSC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU:DSC",encodeKid(certDscDeKid)), @@ -329,7 +329,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:DEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU:CSA", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU:CSA",encodeKid(certCscaDeKid)), @@ -338,7 +338,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:DEU": - Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU",encodeKid(certDscDeKid)), @@ -348,7 +348,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:XEU": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU",encodeKid(certDscEuKid)), @@ -358,7 +358,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:XEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:-:XEU:DSC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-:XEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU:DSC",encodeKid(certDscEuKid)), @@ -366,7 +366,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:DEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:-:DEU:DSC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-:DEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU:DSC",encodeKid(certDscDeKid)), @@ -374,7 +374,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:DEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:-:DEU:CSA", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-:DEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU:CSA",encodeKid(certCscaDeKid)), @@ -382,7 +382,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:-:CSA": - Assertions.assertEquals("did:web:abc:trustlist:-:-:CSA", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-:-", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-:CSA",encodeKid(certCscaEuKid)), @@ -392,7 +392,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:-:DSC": - Assertions.assertEquals("did:web:abc:trustlist:-:-:DSC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-:-", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-:DSC",encodeKid(certDscEuKid)), @@ -402,7 +402,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:XEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:-:XEU:CSA", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-:XEU", parsed.getController()); Assertions.assertEquals(1, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU:CSA",encodeKid(certCscaEuKid)), @@ -410,7 +410,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:-:DSC": - Assertions.assertEquals("did:web:abc:trustlist:DCC:-:DSC", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC:-", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-:DSC",encodeKid(certDscDeKid)), @@ -420,7 +420,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:DCC:-:CSA": - Assertions.assertEquals("did:web:abc:trustlist:DCC:-:CSA", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC:-", parsed.getController()); Assertions.assertEquals(2, parsed.getVerificationMethod().size()); assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-:CSA",encodeKid(certCscaDeKid)), @@ -430,12 +430,12 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { break; case "did:web:abc:trustlist:-:XY": - Assertions.assertEquals("did:web:abc:trustlist:-:XY", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:-", parsed.getController()); Assertions.assertEquals(0, parsed.getVerificationMethod().size()); break; case "did:web:abc:trustlist:DCC:XY": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XY", parsed.getController()); + Assertions.assertEquals("did:web:abc:trustlist:DCC", parsed.getController()); Assertions.assertEquals(0, parsed.getVerificationMethod().size()); break; @@ -502,7 +502,6 @@ private void assertVerificationMethod(Object in, String kid, X509Certificate dsc LinkedHashMap jsonNode = (LinkedHashMap) in; Assertions.assertEquals("JsonWebKey2020", jsonNode.get("type")); - Assertions.assertEquals(parentDidId, jsonNode.get("controller")); Assertions.assertTrue(jsonNode.get("id").toString().contains(parentDidId) && jsonNode.get("id").toString().contains(encodeKid(kid)));;