From 7debd2af872f7d37ef4eeb732c044f1fec8e9890 Mon Sep 17 00:00:00 2001
From: Torsten Egenolf <torsten.egenolf@t-systems.com>
Date: Wed, 8 May 2024 16:09:08 +0200
Subject: [PATCH] feat(domain): added domain to signer information (DSC)

---
 .../entity/SignerInformationEntity.java       |  6 ++--
 .../SignerCertificateDownloadService.java     |  3 +-
 .../service/SignerInformationService.java     | 17 +++++-----
 .../service/did/DidTrustListService.java      |  2 +-
 .../changelog/alter-signer-information.yaml   |  2 +-
 .../SignerCertificateDownloadServiceTest.java |  7 ++--
 .../service/SignerInformationServiceTest.java | 32 +++++++++----------
 .../testdata/SignerInformationTestHelper.java | 17 ++++++++++
 8 files changed, 53 insertions(+), 33 deletions(-)

diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java
index ea34352..3e3a028 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java
@@ -74,10 +74,10 @@ public class SignerInformationEntity {
     private String country;
 
     /**
-     * The thumbprint of the cert.
+     * The domain of the cert.
      */
-    @Column(name = "thumbprint")
-    private String thumbprint;
+    @Column(name = "domain")
+    private String domain;
 
     /**
      * Timestamp of the last record update.
diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java b/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java
index 35f3b60..9d9bf8e 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java
@@ -22,6 +22,7 @@
 
 import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector;
 import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
+import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -53,7 +54,7 @@ public void downloadCertificates() {
 
         log.info("Certificates download started");
 
-        List<TrustListItem> trustedCerts = dgcGatewayConnector.getTrustedCertificates();
+        List<TrustedCertificateTrustListItem> trustedCerts = dgcGatewayConnector.getDdccTrustedCertificates();
         signerInformationService.updateTrustedCertsList(trustedCerts);
 
         List<TrustListItem> trustedCsca = dgcGatewayConnector.getTrustedCscaCertificates();
diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java b/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java
index b2b82fd..626227a 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java
@@ -20,7 +20,7 @@
 
 package tng.trustnetwork.keydistribution.service;
 
-import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
+import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem;
 import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.List;
@@ -77,9 +77,10 @@ public List<String> getListOfValidKids() {
      * @param trustedCerts defines the list of trusted certificates.
      */
     @Transactional
-    public void updateTrustedCertsList(List<TrustListItem> trustedCerts) {
+    public void updateTrustedCertsList(List<TrustedCertificateTrustListItem> trustedCerts) {
 
-        List<String> trustedCertsKids = trustedCerts.stream().map(TrustListItem::getKid).collect(Collectors.toList());
+        List<String> trustedCertsKids = trustedCerts.stream().map(
+            TrustedCertificateTrustListItem::getKid).collect(Collectors.toList());
         List<String> alreadyStoredCerts = getListOfValidKids();
         List<String> certsToDelete = new ArrayList<>();
 
@@ -92,7 +93,7 @@ public void updateTrustedCertsList(List<TrustListItem> trustedCerts) {
 
         List<SignerInformationEntity> signerInformationEntities = new ArrayList<>();
 
-        for (TrustListItem cert : trustedCerts) {
+        for (TrustedCertificateTrustListItem cert : trustedCerts) {
             if (!alreadyStoredCerts.contains(cert.getKid())) {
                 signerInformationEntities.add(getSignerInformationEntity(cert));
                 certsToDelete.add(cert.getKid());
@@ -104,14 +105,14 @@ public void updateTrustedCertsList(List<TrustListItem> trustedCerts) {
         signerInformationRepository.saveAllAndFlush(signerInformationEntities);
     }
 
-    private SignerInformationEntity getSignerInformationEntity(TrustListItem cert) {
+    private SignerInformationEntity getSignerInformationEntity(TrustedCertificateTrustListItem cert) {
 
         SignerInformationEntity signerEntity = new SignerInformationEntity();
         signerEntity.setKid(cert.getKid());
-        signerEntity.setCreatedAt(cert.getTimestamp() == null ? ZonedDateTime.now() : cert.getTimestamp());
+        signerEntity.setCreatedAt(ZonedDateTime.now());
         signerEntity.setCountry(cert.getCountry());
-        signerEntity.setThumbprint((cert.getThumbprint()));
-        signerEntity.setRawData(cert.getRawData());
+        signerEntity.setRawData(cert.getCertificate());
+        signerEntity.setDomain(cert.getDomain());
 
         return signerEntity;
     }
diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
index 78efe69..9b74c7d 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
@@ -196,7 +196,7 @@ private String generateTrustList(List<String> countries) throws Exception {
 
             } else {
                 log.error("Public Key is not RSA or EC Public Key for cert {} of country {}",
-                          signerInformationEntity.getThumbprint(),
+                          signerInformationEntity.getKid(),
                           signerInformationEntity.getCountry());
             }
         }
diff --git a/src/main/resources/db/changelog/alter-signer-information.yaml b/src/main/resources/db/changelog/alter-signer-information.yaml
index 0c20c4e..740fbe2 100644
--- a/src/main/resources/db/changelog/alter-signer-information.yaml
+++ b/src/main/resources/db/changelog/alter-signer-information.yaml
@@ -17,7 +17,7 @@ databaseChangeLog:
                   name: country
                   type: varchar(2)
               - column:
-                  name: thumbprint
+                  name: domain
                   type: varchar(512)
               - column:
                   name: updated_at
diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java
index a2d6dde..d2a2cbe 100644
--- a/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java
+++ b/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java
@@ -24,6 +24,7 @@
 import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
 import java.util.ArrayList;
 import java.util.List;
+import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
@@ -62,9 +63,9 @@ void downloadEmptyCertificatesList() {
 
     @Test
     void downloadCertificates() {
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
-        Mockito.when(dgcGatewayDownloadConnector.getTrustedCertificates()).thenReturn(trustList);
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
+        Mockito.when(dgcGatewayDownloadConnector.getDdccTrustedCertificates()).thenReturn(trustList);
 
         signerCertificateDownloadService.downloadCertificates();
 
diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java
index 7a6d356..8c9a5fc 100644
--- a/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java
+++ b/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java
@@ -21,10 +21,10 @@
 package tng.trustnetwork.keydistribution.service;
 
 import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector;
-import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
 import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.List;
+import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -60,7 +60,7 @@ void clearRepositoryData()  {
 
     @Test
     void updateEmptyRepositoryWithEmptyCertList()  {
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
 
         signerInformationService.updateTrustedCertsList(trustList);
 
@@ -72,8 +72,8 @@ void updateEmptyRepositoryWithEmptyCertList()  {
 
     @Test
     void updateEmptyRepositoryWithOneCert()  {
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
 
         signerInformationService.updateTrustedCertsList(trustList);
 
@@ -90,10 +90,10 @@ void updateEmptyRepositoryWithOneCert()  {
 
     @Test
     void updateEmptyRepositoryWithCerts()  {
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_2_STR));
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_3_STR));
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_2_STR));
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_3_STR));
 
         signerInformationService.updateTrustedCertsList(trustList);
 
@@ -115,10 +115,10 @@ void updateEmptyRepositoryWithCerts()  {
 
     @Test
     void updateEmptyRepositoryWithSameCertsTwice() {
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_2_STR));
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_3_STR));
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR));
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_2_STR));
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_3_STR));
 
         signerInformationService.updateTrustedCertsList(trustList);
 
@@ -150,9 +150,9 @@ void updateRepositoryWithOneNewCertAndOneRevoked() {
         signerInformationTestHelper.insertCertString(SignerInformationTestHelper.TEST_CERT_2_STR);
 
 
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_2_STR));
-        trustList.add(signerInformationTestHelper.createTrustListItem(SignerInformationTestHelper.TEST_CERT_3_STR));
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_2_STR));
+        trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_3_STR));
 
         signerInformationService.updateTrustedCertsList(trustList);
 
@@ -176,7 +176,7 @@ void updateRepositoryWithEmptyCertList() {
         signerInformationTestHelper.insertCertString(SignerInformationTestHelper.TEST_CERT_2_STR);
         signerInformationTestHelper.insertCertString(SignerInformationTestHelper.TEST_CERT_3_STR);
 
-        ArrayList<TrustListItem> trustList = new ArrayList<>();
+        ArrayList<TrustedCertificateTrustListItem> trustList = new ArrayList<>();
 
         signerInformationService.updateTrustedCertsList(trustList);
 
diff --git a/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java b/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java
index 0ca740a..8d132cc 100644
--- a/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java
+++ b/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java
@@ -21,6 +21,7 @@
 package tng.trustnetwork.keydistribution.testdata;
 
 import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
+import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem;
 import eu.europa.ec.dgc.utils.CertificateUtils;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
@@ -167,4 +168,20 @@ public TrustListItem createTrustListItem(String certStr) {
         return item;
     }
 
+    public TrustedCertificateTrustListItem createTrustedCertificateTrustListItem(String certStr) {
+        String kid;
+        try {
+            kid = certificateUtils.getCertKid(convertStringToX509Cert(certStr));
+        }catch (CertificateException e) {
+            kid = "kid_"+ ZonedDateTime.now();
+        }
+
+        //TrustListItem item = new TrustListItem();
+        TrustedCertificateTrustListItem item = new TrustedCertificateTrustListItem();
+        item.setKid(kid);
+        item.setCertificate(certStr);
+
+        return item;
+    }
+
 }