From 3e664019b460a859cc61e58f4fdca107a7c5e4b1 Mon Sep 17 00:00:00 2001
From: Torsten Egenolf <torsten.egenolf@t-systems.com>
Date: Mon, 10 Jun 2024 18:54:01 +0200
Subject: [PATCH] fix(did): kid as jwk field

---
 .../keydistribution/service/did/DidTrustListService.java   | 2 +-
 .../service/did/entity/DidTrustListEntry.java              | 7 +++++--
 .../keydistribution/service/DidTrustListServiceTest.java   | 4 +++-
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
index 4b192b6..b94cb70 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java
@@ -360,8 +360,8 @@ private void addTrustListEntry(DidTrustList trustList,
         trustListEntry.setType("JsonWebKey2020");
         trustListEntry.setId(specification.getEntryId(
             URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8)));
-        trustListEntry.setKid(URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8));
         trustListEntry.setController(specification.getDocumentId(false));
+        publicKeyJwk.setKid(URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8));
         trustListEntry.setPublicKeyJwk(publicKeyJwk);
 
         trustList.getVerificationMethod().add(trustListEntry);
diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java
index 75c3c8d..fa30153 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java
@@ -33,12 +33,11 @@
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 
 @Data
+//Following spec: https://www.w3.org/TR/did-core/#verification-methods
 public class DidTrustListEntry {
 
     private String id;
 
-    private String kid;
-
     private String type;
 
     private String controller;
@@ -52,6 +51,10 @@ public abstract static class PublicKeyJwk {
         @JsonProperty("kty")
         private String keyType;
 
+        //https://datatracker.ietf.org/doc/html/rfc7517#section-4
+        @JsonProperty("kid")
+        private String kid;
+
         @JsonProperty("x5c")
         private List<String> encodedX509Certificates;
 
diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java
index f327257..940e371 100644
--- a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java
+++ b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java
@@ -511,7 +511,7 @@ private void assertVerificationMethod(Object in, String kid, X509Certificate dsc
         Assertions.assertEquals(parentDidId, jsonNode.get("controller"));
         Assertions.assertEquals(parentDidId + "#" + URLEncoder.encode(kid, StandardCharsets.UTF_8),
                                 jsonNode.get("id"));
-        Assertions.assertEquals(URLEncoder.encode(kid, StandardCharsets.UTF_8), jsonNode.get("kid"));
+
 
         LinkedHashMap<?, ?> publicKeyJwk = (LinkedHashMap<?, ?>) jsonNode.get("publicKeyJwk");
 
@@ -523,6 +523,7 @@ private void assertVerificationMethod(Object in, String kid, X509Certificate dsc
             Assertions.assertEquals(CertificateTestUtils.SignerType.EC.getSigningAlgorithm(),
                                     publicKeyJwk.get("kty").toString());
             Assertions.assertEquals("P-256", publicKeyJwk.get("crv").toString());
+            Assertions.assertEquals(URLEncoder.encode(kid, StandardCharsets.UTF_8), publicKeyJwk.get("kid"));
         } else {
             Assertions.assertEquals(((RSAPublicKey) dsc.getPublicKey()).getPublicExponent(),
                                     new BigInteger(Base64.getUrlDecoder().decode(publicKeyJwk.get("e").toString())));
@@ -530,6 +531,7 @@ private void assertVerificationMethod(Object in, String kid, X509Certificate dsc
                                     new BigInteger(Base64.getUrlDecoder().decode(publicKeyJwk.get("n").toString())));
             Assertions.assertEquals(CertificateTestUtils.SignerType.RSA.getSigningAlgorithm(),
                                     publicKeyJwk.get("kty").toString());
+            Assertions.assertEquals(URLEncoder.encode(kid, StandardCharsets.UTF_8), publicKeyJwk.get("kid"));
         }
         ArrayList<String> x5c = ((ArrayList<String>) publicKeyJwk.get("x5c"));
         Assertions.assertEquals(Base64.getEncoder().encodeToString(dsc.getEncoded()), x5c.get(0));