remove duplicate id

wistefan · Dec 19, 2023 · 0c1e04c · 0c1e04c
1 parent 8991c43
commit 0c1e04c
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 14 deletions.
diff --git a/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OIDC4VPIssuerEndpoint.java b/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/OIDC4VPIssuerEndpoint.java
@@ -425,10 +425,10 @@ private VerifiableCredential getVCToSign(List<OIDC4VPMapper> protocolMappers, St
             vc.setContext(List.of("https://www.w3.org/2018/credentials/v1"));
         }
 
-        if (vc.getId() == null) {
+        if (vc.getId() == null && vc.getAdditionalProperties().get("id") == null) {
             vc.setId(URI.create(String.format("uri:uuid:%s", UUID.randomUUID())));
         }
-        if (vc.getCredentialSubject().getId() == null) {
+        if (vc.getCredentialSubject().getId() == null && vc.getCredentialSubject().getClaims().get("id") == null) {
             vc.getCredentialSubject().setId(String.format("uri:uuid:%s", UUID.randomUUID()));
         }
         return vc;

diff --git a/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/signing/JwtSigningService.java b/services/src/main/java/org/keycloak/protocol/oid4vc/issuance/signing/JwtSigningService.java
@@ -1,13 +1,18 @@
 package org.keycloak.protocol.oid4vc.issuance.signing;
 
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
+import org.jboss.logging.Logger;
 import org.keycloak.common.util.KeyUtils;
 import org.keycloak.crypto.*;
 import org.keycloak.jose.jws.JWSBuilder;
+import org.keycloak.protocol.oid4vc.issuance.OIDC4VPWellKnownProviderFactory;
 import org.keycloak.protocol.oid4vc.issuance.signing.jwt_vc.EdDSASignatureSignerContext;
 import org.keycloak.protocol.oid4vc.model.VerifiableCredential;
 import org.keycloak.representations.JsonWebToken;
@@ -30,14 +35,16 @@
 
 public class JwtSigningService extends SigningService<String> {
 
+
+    private static final Logger LOGGER = Logger.getLogger(JwtSigningService.class);
+
     public static final String PROVIDER_ID = "jwt-signing";
     private static final String ID_TEMPLATE = "urn:uuid:%s";
 
     private SignatureSignerContext signatureSignerContext;
 
     public JwtSigningService(KeyLoader keyLoader, String keyId, Clock clock, String algorithmType) {
         super(keyLoader, keyId, clock, algorithmType);
-
         var signingKey = getKeyWrapper(algorithmType);
         signatureSignerContext = switch (algorithmType) {
             case ED_25519 -> new EdDSASignatureSignerContext(signingKey);
@@ -51,23 +58,17 @@ public JwtSigningService(KeyLoader keyLoader, String keyId, Clock clock, String
 
     @Override
     public String signCredential(VerifiableCredential verifiableCredential) {
-
         JsonWebToken jsonWebToken = new JsonWebToken();
         Optional.ofNullable(verifiableCredential.getExpirationDate()).ifPresent(d -> jsonWebToken.exp(d.getTime()));
         jsonWebToken.issuer(verifiableCredential.getIssuer().toString());
         jsonWebToken.nbf(clock.instant().getEpochSecond());
         jsonWebToken.iat(clock.instant().getEpochSecond());
-        var credentialId = Optional.ofNullable(verifiableCredential.getAdditionalProperties().get("id")).orElse(String.format(ID_TEMPLATE, UUID.randomUUID()));
-        if (credentialId instanceof String idString) {
-            jsonWebToken.id(idString);
-        } else if (credentialId instanceof URI idUri) {
-            jsonWebToken.id(idUri.toString());
-        } else {
-            throw new SigningServiceException("The id needs to be a URI or a string.");
-        }
+        var credentialId = Optional.ofNullable(verifiableCredential.getId()).orElse(URI.create(String.format(ID_TEMPLATE, UUID.randomUUID())));
+        jsonWebToken.id(credentialId.toString());
+
         jsonWebToken.subject(verifiableCredential.getCredentialSubject().getId());
         jsonWebToken.setOtherClaims("vc", verifiableCredential);
-        return signToken(jsonWebToken, type);
+        return signToken(jsonWebToken, "JWT");
     }
 
     protected String signToken(JsonWebToken jsonWebToken, String type) {
@@ -137,7 +138,7 @@ protected KeyPair parsePem(String keyString) {
                     new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
             return new KeyPair(publicKey, privateKey);
         } catch (NoSuchAlgorithmException | InvalidKeySpecException | IOException e) {
-            throw new SigningServiceException("Was not able to get the public key.", e);
+            throw new SigningServiceException("Was not able to get the private key.", e);
         }
     }
 }