From 4295df1f1e3ccd03919a7dc9060e3e6a79fa0a57 Mon Sep 17 00:00:00 2001
From: Dimitris Zarras <138439389+dzarras@users.noreply.github.com>
Date: Wed, 29 May 2024 12:51:24 +0300
Subject: [PATCH] Expose SD-JWT VC Issuer metadata via
 `/.well-known/jwt-vc-issuer`. (#171)

---
 docker-compose/haproxy/haproxy.conf            |  4 ++--
 .../ec/eudi/pidissuer/PidIssuerApplication.kt  |  2 +-
 .../pidissuer/adapter/input/web/MetaDataApi.kt | 18 +++++++++---------
 3 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/docker-compose/haproxy/haproxy.conf b/docker-compose/haproxy/haproxy.conf
index b78600d2..94a00575 100755
--- a/docker-compose/haproxy/haproxy.conf
+++ b/docker-compose/haproxy/haproxy.conf
@@ -26,7 +26,7 @@ frontend all_http_frontend
 frontend all_https_frontend
     bind 0.0.0.0:443 ssl crt /etc/ssl/certs/localhost.tls.pem
     use_backend keycloak-backend if { path_beg /idp }
-    use_backend pid-issuer-metadata if { path /.well-known/jwt-issuer/pid-issuer }
+    use_backend pid-issuer-metadata if { path /.well-known/jwt-vc-issuer/pid-issuer }
     use_backend pid-issuer-backend if { path_beg /pid-issuer }
 
 backend keycloak-backend
@@ -36,7 +36,7 @@ backend keycloak-backend
     server server1 keycloak:8080 cookie server1
 
 backend pid-issuer-metadata
-    http-request return status 200 content-type application/json lf-string "{\"issuer\":\"https://localhost/pid-issuer/\",\"jwks_uri\":\"https://localhost/pid-issuer/public_keys.jwks\"}"
+    http-request return status 200 content-type application/json lf-string "{\"issuer\":\"https://localhost/pid-issuer\",\"jwks_uri\":\"https://localhost/pid-issuer/public_keys.jwks\"}"
 
 backend pid-issuer-backend
     balance roundrobin
diff --git a/src/main/kotlin/eu/europa/ec/eudi/pidissuer/PidIssuerApplication.kt b/src/main/kotlin/eu/europa/ec/eudi/pidissuer/PidIssuerApplication.kt
index a3e11aad..e97691c8 100644
--- a/src/main/kotlin/eu/europa/ec/eudi/pidissuer/PidIssuerApplication.kt
+++ b/src/main/kotlin/eu/europa/ec/eudi/pidissuer/PidIssuerApplication.kt
@@ -534,7 +534,7 @@ fun beans(clock: Clock) = beans {
                 authorize(WalletApi.NOTIFICATION_ENDPOINT, hasAnyAuthority(*scopes.toTypedArray()))
                 authorize(MetaDataApi.WELL_KNOWN_OPENID_CREDENTIAL_ISSUER, permitAll)
                 authorize(MetaDataApi.WELL_KNOWN_JWKS, permitAll)
-                authorize(MetaDataApi.WELL_KNOWN_JWT_ISSUER, permitAll)
+                authorize(MetaDataApi.WELL_KNOWN_JWT_VC_ISSUER, permitAll)
                 authorize(MetaDataApi.PUBLIC_KEYS, permitAll)
                 authorize(IssuerUi.GENERATE_CREDENTIALS_OFFER, permitAll)
                 authorize(IssuerApi.CREATE_CREDENTIALS_OFFER, permitAll)
diff --git a/src/main/kotlin/eu/europa/ec/eudi/pidissuer/adapter/input/web/MetaDataApi.kt b/src/main/kotlin/eu/europa/ec/eudi/pidissuer/adapter/input/web/MetaDataApi.kt
index 459cc974..7fdc9e30 100644
--- a/src/main/kotlin/eu/europa/ec/eudi/pidissuer/adapter/input/web/MetaDataApi.kt
+++ b/src/main/kotlin/eu/europa/ec/eudi/pidissuer/adapter/input/web/MetaDataApi.kt
@@ -39,11 +39,11 @@ class MetaDataApi(
         GET(WELL_KNOWN_JWKS, accept(MediaType.APPLICATION_JSON)) { _ ->
             handleGetJwtIssuerJwkSet()
         }
-        GET(WELL_KNOWN_JWT_ISSUER, accept(MediaType.APPLICATION_JSON)) {
-            handleGetJwtIssuer()
+        GET(WELL_KNOWN_JWT_VC_ISSUER, accept(MediaType.APPLICATION_JSON)) {
+            handleGetJwtVcIssuerMetadata()
         }
         GET(PUBLIC_KEYS, accept(MediaType.APPLICATION_JSON)) {
-            handleGetJwtIssuerJwks()
+            handleGetJwtVcIssuerJwks()
         }
     }
 
@@ -53,28 +53,28 @@ class MetaDataApi(
     private suspend fun handleGetJwtIssuerJwkSet(): ServerResponse =
         TODO()
 
-    private suspend fun handleGetJwtIssuer(): ServerResponse =
+    private suspend fun handleGetJwtVcIssuerMetadata(): ServerResponse =
         ServerResponse.ok()
             .json()
             .bodyValueAndAwait(
                 buildJsonObject {
                     put("issuer ", JsonPrimitive(credentialIssuerMetaData.id.externalForm))
-                    put("jwks ", Json.parseToJsonElement(credentialIssuerMetaData.jwtIssuerJwks.toString(true)))
+                    put("jwks ", Json.parseToJsonElement(credentialIssuerMetaData.jwtVcIssuerJwks.toString(true)))
                 },
             )
 
-    private suspend fun handleGetJwtIssuerJwks(): ServerResponse =
+    private suspend fun handleGetJwtVcIssuerJwks(): ServerResponse =
         ServerResponse.ok()
             .json()
-            .bodyValueAndAwait(credentialIssuerMetaData.jwtIssuerJwks.toString(true))
+            .bodyValueAndAwait(credentialIssuerMetaData.jwtVcIssuerJwks.toString(true))
 
     companion object {
         const val WELL_KNOWN_OPENID_CREDENTIAL_ISSUER = "/.well-known/openid-credential-issuer"
         const val WELL_KNOWN_JWKS = "/.well-known/jwks.json"
-        const val WELL_KNOWN_JWT_ISSUER = "/.well-known/jwt-issuer"
+        const val WELL_KNOWN_JWT_VC_ISSUER = "/.well-known/jwt-vc-issuer"
         const val PUBLIC_KEYS = "/public_keys.jwks"
     }
 }
 
-private val CredentialIssuerMetaData.jwtIssuerJwks: JWKSet
+private val CredentialIssuerMetaData.jwtVcIssuerJwks: JWKSet
     get() = JWKSet(specificCredentialIssuers.mapNotNull { it.publicKey })