Skip to content

Commit

Permalink
commit: fix for trustlist-ref references to trustlist on key type lev…
Browse files Browse the repository at this point in the history 
…el (SCA, DSC) and key level is configurable feature switch
  • Loading branch information
@dattatrayamote
dattatrayamote committed Sep 18, 2024
1 parent a7a478b commit 2ea1543
Show file tree
Hide file tree
Showing 5 changed files with 115 additions and 89 deletions.
1 change: 1 addition & 0 deletions src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ public static class Proxy {
public static class DidConfig {

private Boolean enableDidGeneration;
private Boolean enableKidLevelDidGeneration;

private String didId;
private String didController;
Expand Down
199 changes: 111 additions & 88 deletions src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
Expand Down Expand Up @@ -136,7 +137,7 @@ public String getEntryId(String kid) {

private String getListPathElement(boolean ref) {
if (ref && configProperties.getDid().getTrustListRefPath() != null
&& !configProperties.getDid().getTrustListRefPath().isEmpty()) {
&& !configProperties.getDid().getTrustListRefPath().isEmpty()) {
return configProperties.getDid().getTrustListRefPath();

} else if (!ref && configProperties.getDid().getTrustListPath() != null
Expand Down Expand Up @@ -260,29 +261,6 @@ public void job() {
.collect(Collectors.toSet()))));
})));

// Add all domain, country, group, kid specific did
domains.forEach(
domain -> countries.forEach(
country -> groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, group);

signerInformationEntitiesList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(domain, getParticipantCode(country), getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByDomainParticipantGroupKid(
domain, country, group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}
)));


// Add all country and group specific did
countries.forEach(
Expand All @@ -299,27 +277,6 @@ public void job() {
.collect(Collectors.toSet()))));
}));

// Add all country, group, kid specific did
countries.forEach(
country -> groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByGroupCountry(group, country);

signerInformationEntitiesList.forEach(entity -> {

didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByKidGroupCountry(
country, group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}));

// Add all domain and group specific did
domains.forEach(
Expand Down Expand Up @@ -355,29 +312,6 @@ public void job() {
});



// Add all domain, group and kid specific did
domains.forEach(
domain -> groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByDomainGroup(domain, group);
signerInformationEntitiesList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(domain, WILDCARD_CHAR, getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByDomainGroupKid(
domain, group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}));



// Add all group specific did
groups.forEach(
group -> {
Expand All @@ -403,24 +337,93 @@ public void job() {
.map(group -> getMappedGroupName(group))
.collect(Collectors.toSet()))));

// Add all group, kid specific did
groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByGroup(group);
signerInformationEntitiesList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group),
encodeKid(entity.getKid())),
if (kdsConfigProperties.getDid().getEnableKidLevelDidGeneration()) {
// Add all domain, country, group, kid specific did
domains.forEach(
domain -> countries.forEach(
country -> groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByDomainParticipantGroup(domain, country,
group);

signerInformationEntitiesList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(domain, getParticipantCode(country), getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByDomainParticipantGroupKid(
domain, country, group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}
)));

// Add all country, group, kid specific did
countries.forEach(
country -> groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByGroupCountry(group, country);

signerInformationEntitiesList.forEach(entity -> {

() -> signerInformationService.getCertificatesByGroupKid(group, entity.getKid()),
didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group),
encodeKid(entity.getKid())),

Collections::emptyList,
Collections::emptyList
));
});
}
);
() -> signerInformationService.getCertificatesByKidGroupCountry(
country, group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}));

// Add all domain, group and kid specific did
domains.forEach(
domain -> groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByDomainGroup(domain, group);
signerInformationEntitiesList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(domain, WILDCARD_CHAR, getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByDomainGroupKid(
domain, group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}));

// Add all group, kid specific did
groups.forEach(
group -> {
List<SignerInformationEntity> signerInformationEntitiesList =
signerInformationService.getCertificatesByGroup(group);
signerInformationEntitiesList.forEach(entity -> {
didSpecifications.add(new DidSpecification(
List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group),
encodeKid(entity.getKid())),

() -> signerInformationService.getCertificatesByGroupKid(group, entity.getKid()),

Collections::emptyList,
Collections::emptyList
));
});
}
);

}


Map<DidSpecification, String> didDocuments = new HashMap<>();
Expand Down Expand Up @@ -472,15 +475,35 @@ private String generateTrustList(DidSpecification specification, boolean onlyRef

// Add Certificates
if (onlyReferences) {
if (didRefPathList.isEmpty()) {

String trustListDocumentId = specification.getDocumentId(false);

List<String> specificationGroups = signerInformationEntities.stream()
.filter(entity -> isDeniedGroup(entity.getGroup()))
.map(entity -> getMappedGroupName(entity.getGroup())).toList();

if (didRefPathList.isEmpty() && kdsConfigProperties.getDid().getEnableKidLevelDidGeneration()) {
trustList.getVerificationMethod().add(specification.getDocumentId(false));
} else {

didRefPathList.forEach(path -> {
trustList.getVerificationMethod()
.add(specification.getDocumentId(true) + SEPARATOR_DID_PATH + path);
if (!kdsConfigProperties.getDid().getEnableKidLevelDidGeneration()
&& Arrays.stream(trustList.getId().split(SEPARATOR_DID_PATH))
.anyMatch(specificationGroups::contains)) {

if (trustList.getVerificationMethod().stream()
.noneMatch(id -> id.equals(trustListDocumentId))) {

trustList.getVerificationMethod().add(trustListDocumentId);

}
} else {

trustList.getVerificationMethod()
.add(specification.getDocumentId(true) + SEPARATOR_DID_PATH + path);
}
});
}

trustedIssuerEntities.forEach(did -> {
if (!trustList.getVerificationMethod().contains(did.getUrl())) {
trustList.getVerificationMethod().add(did.getUrl());
Expand Down
1 change: 1 addition & 0 deletions src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ dgc:
did:
cron: "0 0 2 * * *"
enableDidGeneration: true
enableKeyLevelDidGeneration: false
didUploadProvider: local-file
localFile:
directory: <root-directory-of-trustlist>
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception {

didTrustListService.job();

Assertions.assertEquals(110, uploadArgumentCaptor.getAllValues().size());
Assertions.assertEquals(70, uploadArgumentCaptor.getAllValues().size());

int expectedNullDid = 32;

Expand Down
1 change: 1 addition & 0 deletions src/test/resources/application.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ dgc:
did:
cron: ""
enableDidGeneration: true
enableKidLevelDidGeneration: false
didUploadProvider: dummy
didSigningProvider: dummy
git:
Expand Down

0 comments on commit 2ea1543

Please sign in to comment.