feat: implement Trust Mark Types and Issuers

modules/admin-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/TrustMarkIssuerController.kt

@@ -0,0 +1,57 @@
+package com.sphereon.oid.fed.server.admin.controllers
+
+import com.sphereon.oid.fed.openapi.models.CreateTrustMarkTypeIssuerDTO
+import com.sphereon.oid.fed.persistence.models.TrustMarkIssuer
+import com.sphereon.oid.fed.services.AccountService
+import com.sphereon.oid.fed.services.TrustMarkService
+import org.springframework.web.bind.annotation.DeleteMapping
+import org.springframework.web.bind.annotation.GetMapping
+import org.springframework.web.bind.annotation.PathVariable
+import org.springframework.web.bind.annotation.PostMapping
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RestController
+
+@RestController
+@RequestMapping("/accounts/{username}/trust-mark-types/{id}/issuers")
+class TrustMarkIssuerController {
+    private val accountService = AccountService()
+    private val trustMarkService = TrustMarkService()
+
+    @GetMapping
+    fun getIssuersForTrustMarkType(
+        @PathVariable username: String,
+        @PathVariable id: Int
+    ): List<String> {
+        return trustMarkService.getIssuersForTrustMarkType(
+            accountId = accountService.usernameToAccountId(username),
+            trustMarkTypeId = id
+        )
+    }
+
+    @PostMapping
+    fun addIssuerToTrustMarkType(
+        @PathVariable username: String,
+        @PathVariable id: Int,
+        @RequestBody body: CreateTrustMarkTypeIssuerDTO
+    ): TrustMarkIssuer {
+        return trustMarkService.addIssuerToTrustMarkType(
+            accountId = accountService.usernameToAccountId(username),
+            trustMarkTypeId = id,
+            issuerIdentifier = body.identifier
+        )
+    }
+
+    @DeleteMapping("/{issuerIdentifier}")
+    fun removeIssuerFromTrustMarkType(
+        @PathVariable username: String,
+        @PathVariable id: Int,
+        @PathVariable issuerIdentifier: String
+    ): TrustMarkIssuer {
+        return trustMarkService.removeIssuerFromTrustMarkType(
+            accountId = accountService.usernameToAccountId(username),
+            trustMarkTypeId = id,
+            issuerIdentifier = issuerIdentifier
+        )
+    }
+}

modules/admin-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/TrustMarkDefinitionController.kt → modules/admin-server/src/main/kotlin/com/sphereon/oid/fed/server/admin/controllers/TrustMarkTypeController.kt

@@ -1,8 +1,8 @@
 package com.sphereon.oid.fed.server.admin.controllers
 
-import com.sphereon.oid.fed.openapi.models.CreateTrustMarkDefinitionDTO
-import com.sphereon.oid.fed.openapi.models.TrustMarkDefinitionDTO
-import com.sphereon.oid.fed.openapi.models.UpdateTrustMarkDefinitionDTO
+import com.sphereon.oid.fed.openapi.models.CreateTrustMarkTypeDTO
+import com.sphereon.oid.fed.openapi.models.TrustMarkTypeDTO
+import com.sphereon.oid.fed.openapi.models.UpdateTrustMarkTypeDTO
 import com.sphereon.oid.fed.services.AccountService
 import com.sphereon.oid.fed.services.TrustMarkService
 import org.springframework.web.bind.annotation.DeleteMapping
@@ -15,46 +15,50 @@ import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 
 @RestController
-@RequestMapping("/accounts/{username}/trust-mark-definitions")
-class TrustMarkDefinitionController {
+@RequestMapping("/accounts/{username}/trust-mark-types")
+class TrustMarkTypeController {
     private val accountService = AccountService()
     private val trustMarkService = TrustMarkService()
 
     @GetMapping
-    fun getTrustMarkDefinitions(@PathVariable username: String): List<TrustMarkDefinitionDTO> {
+    fun getTrustMarkTypes(@PathVariable username: String): List<TrustMarkTypeDTO> {
         return trustMarkService.findAllByAccount(accountService.usernameToAccountId(username))
     }
 
     @PostMapping
-    fun createTrustMarkDefinition(
+    fun createTrustMarkType(
         @PathVariable username: String,
-        @RequestBody createDto: CreateTrustMarkDefinitionDTO
-    ): TrustMarkDefinitionDTO {
-        return trustMarkService.createTrustMarkDefinition(accountService.usernameToAccountId(username), createDto)
+        @RequestBody createDto: CreateTrustMarkTypeDTO
+    ): TrustMarkTypeDTO {
+        return trustMarkService.createTrustMarkType(
+            username,
+            createDto,
+            accountService
+        )
     }
 
     @GetMapping("/{id}")
-    fun getTrustMarkDefinitionById(
+    fun getTrustMarkTypeById(
         @PathVariable username: String,
         @PathVariable id: Int
-    ): TrustMarkDefinitionDTO {
+    ): TrustMarkTypeDTO {
         return trustMarkService.findById(accountService.usernameToAccountId(username), id)
     }
 
     @PutMapping("/{id}")
-    fun updateTrustMarkDefinition(
+    fun updateTrustMarkType(
         @PathVariable username: String,
         @PathVariable id: Int,
-        @RequestBody updateDto: UpdateTrustMarkDefinitionDTO
-    ): TrustMarkDefinitionDTO {
-        return trustMarkService.updateTrustMarkDefinition(accountService.usernameToAccountId(username), id, updateDto)
+        @RequestBody updateDto: UpdateTrustMarkTypeDTO
+    ): TrustMarkTypeDTO {
+        return trustMarkService.updateTrustMarkType(accountService.usernameToAccountId(username), id, updateDto)
     }
 
     @DeleteMapping("/{id}")
-    fun deleteTrustMarkDefinition(
+    fun deleteTrustMarkType(
         @PathVariable username: String,
         @PathVariable id: Int
-    ): TrustMarkDefinitionDTO {
-        return trustMarkService.deleteTrustMarkDefinition(accountService.usernameToAccountId(username), id)
+    ): TrustMarkTypeDTO {
+        return trustMarkService.deleteTrustMarkType(accountService.usernameToAccountId(username), id)
     }
 }

modules/openapi/src/commonMain/kotlin/com/sphereon/oid/fed/openapi/openapi.yaml

@@ -1441,7 +1441,7 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/ErrorResponse'
-  '/accounts/{username}/trust-mark-definitions':
+  '/accounts/{username}/trust-mark-types':
     get:
       summary: Get all Trust Mark Definitions
       tags:
@@ -1455,13 +1455,13 @@ paths:
           description: The username of the tenant account.
       responses:
         '200':
-          description: List of trust mark definitions
+          description: List of trust mark types
           content:
             application/json:
               schema:
                 type: array
                 items:
-                  $ref: '#/components/schemas/TrustMarkDefinitionDTO'
+                  $ref: '#/components/schemas/TrustMarkTypeDTO'
 
     post:
       summary: Create a Trust Mark Definition
@@ -1478,16 +1478,16 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/CreateTrustMarkDefinitionDTO'
+              $ref: '#/components/schemas/CreateTrustMarkTypeDTO'
       responses:
         '201':
           description: Trust mark definition created
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/TrustMarkDefinitionDTO'
+                $ref: '#/components/schemas/TrustMarkTypeDTO'
 
-  '/accounts/{username}/trust-mark-definitions/{id}':
+  '/accounts/{username}/trust-mark-types/{id}':
     get:
       summary: Get a Trust Mark Definition by ID
       tags:
@@ -1509,7 +1509,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/TrustMarkDefinitionDTO'
+                $ref: '#/components/schemas/TrustMarkTypeDTO'
     put:
       summary: Update a Trust Mark Definition
       tags:
@@ -1530,14 +1530,14 @@ paths:
         content:
           application/json:
             schema:
-              $ref: '#/components/schemas/CreateTrustMarkDefinitionDTO'
+              $ref: '#/components/schemas/CreateTrustMarkTypeDTO'
       responses:
         '200':
           description: Trust mark definition updated
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/TrustMarkDefinitionDTO'
+                $ref: '#/components/schemas/TrustMarkTypeDTO'
 
     delete:
       summary: Delete a Trust Mark Definition
@@ -2232,11 +2232,18 @@ components:
       type: object
       x-tags:
         - federation
-      properties:
-        a:
+      description: A mapping of trust mark identifiers to their associated issuers.
+      additionalProperties:
+        type: array
+        description: A list of issuers for the trust mark.
+        items:
           type: string
+          format: uri
+          description: The URI of an issuer for the trust mark.
       example:
-        'https://openid.net/certification/op': [ ]
+        'https://openid.net/certification/op':
+          - 'https://example-issuer1.com'
+          - 'https://example-issuer2.com'
         'https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf':
           - 'https://swamid.se'
     TrustMarkOwners:
@@ -3830,69 +3837,68 @@ components:
           description: The identifier of the authority hint.
       required:
         - identifier
-    CreateTrustMarkDefinitionDTO:
+    CreateTrustMarkTypeDTO:
       type: object
       x-tags:
         - federation
       properties:
         identifier:
           type: string
-          description: The unique identifier for the Trust Mark Definition.
+          description: The unique identifier for the Trust Mark Type.
           example: "example-identifier"
         name:
           type: string
-          description: A human-readable name for the Trust Mark Definition.
+          description: A human-readable name for the Trust Mark Type.
           example: "Example Trust Mark"
         description:
           type: string
-          description: A detailed description of the Trust Mark Definition.
+          description: A detailed description of the Trust Mark Type.
           example: "This is a trust mark for demonstrating compliance with XYZ standards."
       required:
-        - identifier
         - name
-    UpdateTrustMarkDefinitionDTO:
+    UpdateTrustMarkTypeDTO:
       type: object
       x-tags:
         - federation
       properties:
         name:
           type: string
-          description: A human-readable name for the Trust Mark Definition.
+          description: A human-readable name for the Trust Mark Type.
           example: "Example Trust Mark"
         description:
           type: string
-          description: A detailed description of the Trust Mark Definition.
+          description: A detailed description of the Trust Mark Type.
           example: "This is a trust mark for demonstrating compliance with XYZ standards."
-    TrustMarkDefinitionDTO:
+    TrustMarkTypeDTO:
       type: object
       x-tags:
         - federation
       properties:
         id:
           type: integer
-          description: The unique identifier of the Trust Mark Definition.
+          description: The unique identifier of the Trust Mark Type.
           example: 123
         identifier:
           type: string
-          description: The unique identifier for the Trust Mark Definition.
+          description: The unique identifier for the Trust Mark Type.
           example: "https://www.example.com/oidf/trustmark/underageSafetyVerified"
         name:
           type: string
-          description: A human-readable name for the Trust Mark Definition.
+          description: A human-readable name for the Trust Mark Type.
           example: "Example Trust Mark"
         description:
           type: string
-          description: A detailed description of the Trust Mark Definition.
+          description: A detailed description of the Trust Mark Type.
           example: "This is a trust mark for demonstrating compliance with XYZ standards."
         createdAt:
           type: string
           format: date-time
-          description: The timestamp when the Trust Mark Definition was created.
+          description: The timestamp when the Trust Mark Type was created.
           example: "2024-12-01T12:00:00Z"
         updatedAt:
           type: string
           format: date-time
-          description: The timestamp when the Trust Mark Definition was last updated.
+          description: The timestamp when the Trust Mark Type was last updated.
           example: "2024-12-15T15:30:00Z"
           nullable: true
       required:
@@ -3901,3 +3907,14 @@ components:
         - name
         - issuerPolicy
         - createdAt
+    CreateTrustMarkTypeIssuerDTO:
+      type: object
+      x-tags:
+        - federation
+      properties:
+        identifier:
+          type: string
+          description: The entity identifier for the Trust Mark Type Issuer.
+          example: "https://www.example.com/oidf"
+      required:
+        - identifier

modules/openid-federation-common/src/commonMain/kotlin/com/sphereon/oid/fed/common/builder/EntityConfigurationStatementBuilder.kt

@@ -3,7 +3,6 @@ package com.sphereon.oid.fed.common.builder
 import com.sphereon.oid.fed.openapi.models.EntityConfigurationStatement
 import com.sphereon.oid.fed.openapi.models.EntityJwks
 import com.sphereon.oid.fed.openapi.models.Jwk
-import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.json.JsonObject
 
 class EntityConfigurationStatementBuilder {
@@ -13,6 +12,7 @@ class EntityConfigurationStatementBuilder {
     private lateinit var jwks: List<Jwk>
     private var metadata: MutableMap<String, JsonObject> = mutableMapOf()
     private val authorityHints: MutableList<String> = mutableListOf()
+    private val trustMarkIssuers: MutableMap<String, List<String>> = mutableMapOf()
     private val crit: MutableList<String> = mutableListOf()
 
     fun iss(iss: String) = apply { this.iss = iss }
@@ -32,7 +32,10 @@ class EntityConfigurationStatementBuilder {
         this.crit.add(claim)
     }
 
-    @OptIn(ExperimentalSerializationApi::class)
+    fun trustMarkIssuer(trustMark: String, issuers: List<String>) = apply {
+        this.trustMarkIssuers[trustMark] = issuers
+    }
+
     private fun createJwks(jwks: List<Jwk>): EntityJwks {
         return EntityJwks(jwks.toTypedArray())
     }
@@ -46,7 +49,8 @@ class EntityConfigurationStatementBuilder {
             jwks = createJwks(jwks),
             metadata = JsonObject(metadata),
             authorityHints = if (authorityHints.isNotEmpty()) authorityHints.toTypedArray() else null,
-            crit = if (crit.isNotEmpty()) crit.toTypedArray() else null
+            crit = if (crit.isNotEmpty()) crit.toTypedArray() else null,
+            trustMarkIssuers = this.trustMarkIssuers.map { (k, v) -> k to v.toTypedArray() }.toMap()
         )
     }
 }

modules/persistence/src/commonMain/kotlin/com/sphereon/oid/fed/persistence/Persistence.kt

@@ -10,7 +10,8 @@ import com.sphereon.oid.fed.persistence.models.SubordinateJwkQueries
 import com.sphereon.oid.fed.persistence.models.SubordinateMetadataQueries
 import com.sphereon.oid.fed.persistence.models.SubordinateQueries
 import com.sphereon.oid.fed.persistence.models.SubordinateStatementQueries
-import com.sphereon.oid.fed.persistence.models.TrustMarkDefinitionQueries
+import com.sphereon.oid.fed.persistence.models.TrustMarkIssuerQueries
+import com.sphereon.oid.fed.persistence.models.TrustMarkTypeQueries
 
 expect object Persistence {
     val entityConfigurationStatementQueries: EntityConfigurationStatementQueries
@@ -23,5 +24,6 @@ expect object Persistence {
     val subordinateStatementQueries: SubordinateStatementQueries
     val subordinateJwkQueries: SubordinateJwkQueries
     val subordinateMetadataQueries: SubordinateMetadataQueries
-    val trustMarkDefinitionQueries: TrustMarkDefinitionQueries
+    val trustMarkTypeQueries: TrustMarkTypeQueries
+    val trustMarkIssuerQueries: TrustMarkIssuerQueries
 }