fix:Base64URL encoding for kid

Signed-off-by: Kothari <Kaushal.Kothari@t-systems.com>
WorldHealthOrganization · Aug 20, 2024 · 6827819 · 6827819
1 parent a898a56
commit 6827819
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/service/did/DidTrustListService.java b/src/main/java/eu/europa/ec/dgc/gateway/service/did/DidTrustListService.java
@@ -23,6 +23,7 @@
 import com.apicatalog.jsonld.document.JsonDocument;
 import com.danubetech.keyformats.crypto.ByteSigner;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jose.util.Base64URL;
 import eu.europa.ec.dgc.gateway.config.DgcConfigProperties;
 import eu.europa.ec.dgc.gateway.entity.SignerInformationEntity;
 import eu.europa.ec.dgc.gateway.entity.TrustedIssuerEntity;
@@ -262,7 +263,7 @@ private void addTrustListEntry(DidTrustListDto trustList,
                 + SEPARATOR_COLON
                 + getCountryAsLowerCaseAlpha3(cert.getCountry())
                 + SEPARATOR_FRAGMENT
-                + URLEncoder.encode(cert.getKid(), StandardCharsets.UTF_8));
+                + getEncodedKid(cert.getKid()));;
         trustListEntry.setController(configProperties.getDid().getTrustListControllerPrefix()
                 + SEPARATOR_COLON + getCountryAsLowerCaseAlpha3(cert.getCountry()));
         trustListEntry.setPublicKeyJwk(publicKeyJwk);
@@ -282,4 +283,8 @@ private Optional<TrustedCertificateTrustList> searchForIssuer(TrustedCertificate
                 .equals(cert.getParsedCertificate().getIssuerX500Principal()))
             .findFirst();
     }
+
+    private String getEncodedKid(String kid) {
+        return Base64URL.encode(kid).toString();
+    }
 }
diff --git a/src/test/java/eu/europa/ec/dgc/gateway/service/DidTrustListServiceTest.java b/src/test/java/eu/europa/ec/dgc/gateway/service/DidTrustListServiceTest.java
@@ -23,6 +23,7 @@
 import static org.mockito.Mockito.doNothing;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.nimbusds.jose.util.Base64URL;
 import eu.europa.ec.dgc.gateway.entity.FederationGatewayEntity;
 import eu.europa.ec.dgc.gateway.entity.SignerInformationEntity;
 import eu.europa.ec.dgc.gateway.entity.TrustedPartyEntity;
@@ -220,12 +221,12 @@ void testTrustList(boolean isEcAlgorithm) throws Exception {
         Assertions.assertEquals("b", parsed.getController());
         Assertions.assertEquals(6, parsed.getVerificationMethod().size());
 
-        assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(), "c" + ":deu" + "#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)),
+        assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(), "c" + ":deu" + "#" + getEncodedKid(certDscDeKid)),
             certDscDeKid, certDscDe, certCscaDe, "deu");
-        assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(), "c:xeu#kid2"),
-            "kid2", certDscEu, certCscaEu, "xeu");
-        assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(), "c:xex#kid3"),
-            "kid3", federatedCertDscEx, null, "xex");
+        assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(), "c" + ":xeu" + "#" + getEncodedKid("kid2")),
+                "kid2", certDscEu, certCscaEu, "xeu");
+        assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(), "c" + ":xex" + "#" + getEncodedKid("kid3")),
+                "kid3", federatedCertDscEx, null, "xex");
 
         Assertions.assertTrue(parsed.getVerificationMethod().contains("did:trusted:DE:issuer"));
         Assertions.assertTrue(parsed.getVerificationMethod().contains("did:trusted:EU:issuer"));
@@ -261,7 +262,7 @@ private void assertVerificationMethod(Object in, String kid, X509Certificate dsc
         LinkedHashMap jsonNode = (LinkedHashMap) in;
         Assertions.assertEquals("JsonWebKey2020", jsonNode.get("type"));
         Assertions.assertEquals("d" + ":" + country, jsonNode.get("controller"));
-        Assertions.assertEquals("c" + ":" + country + "#" + URLEncoder.encode(kid, StandardCharsets.UTF_8), jsonNode.get("id"));
+        Assertions.assertEquals("c" + ":" + country + "#" + getEncodedKid(kid), jsonNode.get("id"));
 
         LinkedHashMap publicKeyJwk = (LinkedHashMap) jsonNode.get("publicKeyJwk");
 
@@ -313,4 +314,8 @@ private static class LDProof {
 
         }
     }
+
+    private String getEncodedKid(String kid) {
+        return Base64URL.encode(kid).toString();
+    }
 }