diff --git a/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java b/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java index 1e7b98a..99b4799 100644 --- a/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java +++ b/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java @@ -94,6 +94,7 @@ public static class Proxy { public static class DidConfig { private Boolean enableDidGeneration; + private Boolean enableKidLevelDidGeneration; private String didId; private String didController; diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java index 0d74ca3..468b88a 100644 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java +++ b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java @@ -41,6 +41,7 @@ import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.HashMap; @@ -136,7 +137,7 @@ public String getEntryId(String kid) { private String getListPathElement(boolean ref) { if (ref && configProperties.getDid().getTrustListRefPath() != null - && !configProperties.getDid().getTrustListRefPath().isEmpty()) { + && !configProperties.getDid().getTrustListRefPath().isEmpty()) { return configProperties.getDid().getTrustListRefPath(); } else if (!ref && configProperties.getDid().getTrustListPath() != null @@ -260,29 +261,6 @@ public void job() { .collect(Collectors.toSet())))); }))); - // Add all domain, country, group, kid specific did - domains.forEach( - domain -> countries.forEach( - country -> groups.forEach( - group -> { - List signerInformationEntitiesList = - signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, group); - - signerInformationEntitiesList.forEach(entity -> { - didSpecifications.add(new DidSpecification( - List.of(domain, getParticipantCode(country), getMappedGroupName(group), - encodeKid(entity.getKid())), - - () -> signerInformationService.getCertificatesByDomainParticipantGroupKid( - domain, country, group, entity.getKid()), - - Collections::emptyList, - Collections::emptyList - )); - }); - } - ))); - // Add all country and group specific did countries.forEach( @@ -299,27 +277,6 @@ public void job() { .collect(Collectors.toSet())))); })); - // Add all country, group, kid specific did - countries.forEach( - country -> groups.forEach( - group -> { - List signerInformationEntitiesList = - signerInformationService.getCertificatesByGroupCountry(group, country); - - signerInformationEntitiesList.forEach(entity -> { - - didSpecifications.add(new DidSpecification( - List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group), - encodeKid(entity.getKid())), - - () -> signerInformationService.getCertificatesByKidGroupCountry( - country, group, entity.getKid()), - - Collections::emptyList, - Collections::emptyList - )); - }); - })); // Add all domain and group specific did domains.forEach( @@ -355,29 +312,6 @@ public void job() { }); - - // Add all domain, group and kid specific did - domains.forEach( - domain -> groups.forEach( - group -> { - List signerInformationEntitiesList = - signerInformationService.getCertificatesByDomainGroup(domain, group); - signerInformationEntitiesList.forEach(entity -> { - didSpecifications.add(new DidSpecification( - List.of(domain, WILDCARD_CHAR, getMappedGroupName(group), - encodeKid(entity.getKid())), - - () -> signerInformationService.getCertificatesByDomainGroupKid( - domain, group, entity.getKid()), - - Collections::emptyList, - Collections::emptyList - )); - }); - })); - - - // Add all group specific did groups.forEach( group -> { @@ -403,24 +337,93 @@ public void job() { .map(group -> getMappedGroupName(group)) .collect(Collectors.toSet())))); - // Add all group, kid specific did - groups.forEach( - group -> { - List signerInformationEntitiesList = - signerInformationService.getCertificatesByGroup(group); - signerInformationEntitiesList.forEach(entity -> { - didSpecifications.add(new DidSpecification( - List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group), - encodeKid(entity.getKid())), + if (kdsConfigProperties.getDid().getEnableKidLevelDidGeneration()) { + // Add all domain, country, group, kid specific did + domains.forEach( + domain -> countries.forEach( + country -> groups.forEach( + group -> { + List signerInformationEntitiesList = + signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, + group); + + signerInformationEntitiesList.forEach(entity -> { + didSpecifications.add(new DidSpecification( + List.of(domain, getParticipantCode(country), getMappedGroupName(group), + encodeKid(entity.getKid())), + + () -> signerInformationService.getCertificatesByDomainParticipantGroupKid( + domain, country, group, entity.getKid()), + + Collections::emptyList, + Collections::emptyList + )); + }); + } + ))); + + // Add all country, group, kid specific did + countries.forEach( + country -> groups.forEach( + group -> { + List signerInformationEntitiesList = + signerInformationService.getCertificatesByGroupCountry(group, country); + + signerInformationEntitiesList.forEach(entity -> { - () -> signerInformationService.getCertificatesByGroupKid(group, entity.getKid()), + didSpecifications.add(new DidSpecification( + List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group), + encodeKid(entity.getKid())), - Collections::emptyList, - Collections::emptyList - )); - }); - } - ); + () -> signerInformationService.getCertificatesByKidGroupCountry( + country, group, entity.getKid()), + + Collections::emptyList, + Collections::emptyList + )); + }); + })); + + // Add all domain, group and kid specific did + domains.forEach( + domain -> groups.forEach( + group -> { + List signerInformationEntitiesList = + signerInformationService.getCertificatesByDomainGroup(domain, group); + signerInformationEntitiesList.forEach(entity -> { + didSpecifications.add(new DidSpecification( + List.of(domain, WILDCARD_CHAR, getMappedGroupName(group), + encodeKid(entity.getKid())), + + () -> signerInformationService.getCertificatesByDomainGroupKid( + domain, group, entity.getKid()), + + Collections::emptyList, + Collections::emptyList + )); + }); + })); + + // Add all group, kid specific did + groups.forEach( + group -> { + List signerInformationEntitiesList = + signerInformationService.getCertificatesByGroup(group); + signerInformationEntitiesList.forEach(entity -> { + didSpecifications.add(new DidSpecification( + List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group), + encodeKid(entity.getKid())), + + () -> signerInformationService.getCertificatesByGroupKid(group, entity.getKid()), + + Collections::emptyList, + Collections::emptyList + )); + }); + } + ); + + } Map didDocuments = new HashMap<>(); @@ -472,15 +475,35 @@ private String generateTrustList(DidSpecification specification, boolean onlyRef // Add Certificates if (onlyReferences) { - if (didRefPathList.isEmpty()) { + + String trustListDocumentId = specification.getDocumentId(false); + + List specificationGroups = signerInformationEntities.stream() + .filter(entity -> isDeniedGroup(entity.getGroup())) + .map(entity -> getMappedGroupName(entity.getGroup())).toList(); + + if (didRefPathList.isEmpty() && kdsConfigProperties.getDid().getEnableKidLevelDidGeneration()) { trustList.getVerificationMethod().add(specification.getDocumentId(false)); } else { + didRefPathList.forEach(path -> { - trustList.getVerificationMethod() - .add(specification.getDocumentId(true) + SEPARATOR_DID_PATH + path); + if (!kdsConfigProperties.getDid().getEnableKidLevelDidGeneration() + && Arrays.stream(trustList.getId().split(SEPARATOR_DID_PATH)) + .anyMatch(specificationGroups::contains)) { + + if (trustList.getVerificationMethod().stream() + .noneMatch(id -> id.equals(trustListDocumentId))) { + + trustList.getVerificationMethod().add(trustListDocumentId); + + } + } else { + + trustList.getVerificationMethod() + .add(specification.getDocumentId(true) + SEPARATOR_DID_PATH + path); + } }); } - trustedIssuerEntities.forEach(did -> { if (!trustList.getVerificationMethod().contains(did.getUrl())) { trustList.getVerificationMethod().add(did.getUrl()); diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 9d6e802..7d98902 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -87,6 +87,7 @@ dgc: did: cron: "0 0 2 * * *" enableDidGeneration: true + enableKeyLevelDidGeneration: false didUploadProvider: local-file localFile: directory: diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java index d183377..1fd2dcb 100644 --- a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java +++ b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java @@ -206,7 +206,7 @@ void testTrustList(boolean isEcAlgorithm) throws Exception { didTrustListService.job(); - Assertions.assertEquals(110, uploadArgumentCaptor.getAllValues().size()); + Assertions.assertEquals(70, uploadArgumentCaptor.getAllValues().size()); int expectedNullDid = 32; diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index ce649d3..db18085 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -38,6 +38,7 @@ dgc: did: cron: "" enableDidGeneration: true + enableKidLevelDidGeneration: false didUploadProvider: dummy didSigningProvider: dummy git: