WorldHealthOrganization · tence · Jun 4, 2024 · May 31, 2024 · May 31, 2024
@@ -106,6 +106,12 @@ public class TrustedIssuerEntity {
     @Column(name = "signature", nullable = false, length = 6000)
     String signature;
 
+    /**
+     * The domain of the trustedIssuer.
+     */
+    @Column(name = "domain")
+    private String domain;
+
     public enum UrlType {
         HTTP,
         DID

@@ -44,10 +44,12 @@ public interface SignerInformationRepository extends JpaRepository<SignerInforma
     List<SignerInformationEntity> getBySubjectHashIsAndCountryIsAndDomainIs(
         String subjectHash, String country, String domain);
 
-    @Query("SELECT DISTINCT s.country FROM SignerInformationEntity s")
+    @Query("SELECT DISTINCT s.country FROM SignerInformationEntity s"
+        + " UNION SELECT DISTINCT t.country FROM TrustedIssuerEntity t")
     List<String> getCountryList();
 
-    @Query("SELECT DISTINCT s.domain FROM SignerInformationEntity s")
+    @Query("SELECT DISTINCT s.domain FROM SignerInformationEntity s"
+        + " UNION SELECT DISTINCT t.domain FROM TrustedIssuerEntity t")
     List<String> getDomainsList();
 
     @Query("SELECT DISTINCT s.group FROM SignerInformationEntity s")

@@ -27,4 +27,11 @@
 public interface TrustedIssuerRepository extends JpaRepository<TrustedIssuerEntity, Long> {
 
     List<TrustedIssuerEntity> findAllByUrlTypeIs(TrustedIssuerEntity.UrlType urlType);
+
+    List<TrustedIssuerEntity> findAllByUrlTypeIsAndDomainIs(TrustedIssuerEntity.UrlType urlType, String domain);
+
+    List<TrustedIssuerEntity> findAllByUrlTypeIsAndCountryIs(TrustedIssuerEntity.UrlType urlType, String country);
+
+    List<TrustedIssuerEntity> findAllByUrlTypeIsAndDomainIsAndCountryIs(
+        TrustedIssuerEntity.UrlType urlType, String domain, String country);
 }
@@ -21,11 +21,8 @@
 package tng.trustnetwork.keydistribution.service;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
-import eu.europa.ec.dgc.gateway.connector.mapper.TrustedIssuerMapper;
 import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer;
-import java.util.ArrayList;
 import java.util.List;
-import java.util.UUID;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
@@ -57,7 +54,28 @@ public class TrustedIssuerService {
      */
     public List<TrustedIssuerEntity> getAllDid() {
 
-        return trustedIssuerRepository.findAllByUrlTypeIs(TrustedIssuerEntity.UrlType.DID);
+        return getAllDid(null, null);
+    }
+
+    /**
+     * Method to query the db for DID documents.
+     *
+     * @param domain filter request by domain - set to null to omit this filter
+     * @param country filter request by country - set to null to omit this filter
+     * @return List holding the found trusted issuers.
+     */
+    public List<TrustedIssuerEntity> getAllDid(String domain, String country) {
+
+        if (domain != null && country != null) {
+            return trustedIssuerRepository.findAllByUrlTypeIsAndDomainIsAndCountryIs(
+                TrustedIssuerEntity.UrlType.DID, domain, country);
+        } else if (domain == null && country != null) {
+            return trustedIssuerRepository.findAllByUrlTypeIsAndCountryIs(TrustedIssuerEntity.UrlType.DID, country);
+        } else if (domain != null && country == null) {
+            return trustedIssuerRepository.findAllByUrlTypeIsAndDomainIs(TrustedIssuerEntity.UrlType.DID, domain);
+        } else {
+            return trustedIssuerRepository.findAllByUrlTypeIs(TrustedIssuerEntity.UrlType.DID);
+        }
     }
 
     /**

@@ -170,23 +170,23 @@ public void job() {
             domain -> didSpecifications.add(new DidSpecification(
                 List.of(domain),
                 () -> signerInformationService.getCertificatesByDomain(domain),
-                trustedIssuerService::getAllDid)));
+                () -> trustedIssuerService.getAllDid(domain, null))));
 
         // Add all Country and Domain specific DID
         domains.forEach(
             domain -> countries.forEach(
                 country -> didSpecifications.add(new DidSpecification(
                     List.of(domain, getParticipantCode(country)),
                     () -> signerInformationService.getCertificatesByCountryDomain(country, domain),
-                    trustedIssuerService::getAllDid)
+                    () -> trustedIssuerService.getAllDid(domain, country))
                 )));
 
         // Add all Domain independent and country specific DID
         countries.forEach(
             country -> didSpecifications.add(new DidSpecification(
                 List.of(WILDCARD_CHAR, getParticipantCode(country)),
                 () -> signerInformationService.getCertificatesByCountry(country),
-                trustedIssuerService::getAllDid)));
+                () -> trustedIssuerService.getAllDid(null, country))));
 
         // Add all domain, country and group specific did
         domains.forEach(
@@ -195,30 +195,30 @@ public void job() {
                     group -> didSpecifications.add(new DidSpecification(
                         List.of(domain, getParticipantCode(country), getMappedGroupName(group)),
                         () -> signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, group),
-                        trustedIssuerService::getAllDid)))));
+                        Collections::emptyList)))));
 
         // Add all country and group specific did
         countries.forEach(
             country -> groups.forEach(
                 group -> didSpecifications.add(new DidSpecification(
                     List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group)),
                     () -> signerInformationService.getCertificatesByGroupCountry(group, country),
-                    trustedIssuerService::getAllDid))));
+                    Collections::emptyList))));
 
         // Add all domain and group specific did
         domains.forEach(
             domain -> groups.forEach(
                 group -> didSpecifications.add(new DidSpecification(
                     List.of(domain, WILDCARD_CHAR, getMappedGroupName(group)),
                     () -> signerInformationService.getCertificatesByDomainGroup(domain, group),
-                    trustedIssuerService::getAllDid))));
+                    Collections::emptyList))));
 
         // Add all group specific did
         groups.forEach(
             group -> didSpecifications.add(new DidSpecification(
             List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group)),
                 () -> signerInformationService.getCertificatesByGroup(group),
-                trustedIssuerService::getAllDid)));
+                Collections::emptyList)));
 
         Map<DidSpecification, String> didDocuments = new HashMap<>();
         didSpecifications.forEach(specification -> didDocuments
@@ -255,7 +255,7 @@ private String generateTrustList(DidSpecification specification, boolean onlyRef
         List<SignerInformationEntity> signerInformationEntities = filterEntities(specification.getCertSupplier().get());
         List<TrustedIssuerEntity> trustedIssuerEntities = specification.getIssuerSupplier().get();
 
-        if (signerInformationEntities.isEmpty() || trustedIssuerEntities.isEmpty()) {
+        if (signerInformationEntities.isEmpty() && trustedIssuerEntities.isEmpty()) {
             log.info("Empty DID for path {}", specification.getPath());
             return null;
         }

@@ -63,6 +63,7 @@ dgc:
         type: did
         url: did:web:tng-cdn-dev.who.int:trustlist
         signature: No-Signature # required because of DB restrictions
+        domain: DCC
     enable-trusted-issuer-resolving: false
   gateway:
     connector:
@@ -111,6 +112,7 @@ dgc:
       XB: XXB
       XO: XXO
       XL: XCL
+      WH: WHO
     group-deny-list:
       - AUTHENTICATION
       - UPLOAD

@@ -53,3 +53,6 @@ databaseChangeLog:
                   type: varchar(6000)
                   constraints:
                     nullable: false
+              - column:
+                  name: domain
+                  type: varchar(50)