From 7830b0b0b06cadde98ec4b4bc27b5bad3279f59a Mon Sep 17 00:00:00 2001
From: John Melati <github@jcmelati.com>
Date: Sun, 20 Oct 2024 14:05:04 +0200
Subject: [PATCH] fix: reorder authority hints to process trust anchors first

---
 .../com/sphereon/oid/fed/client/trustchain/TrustChain.kt   | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/modules/openid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/trustchain/TrustChain.kt b/modules/openid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/trustchain/TrustChain.kt
index a3ee1c3c..0b9134fc 100644
--- a/modules/openid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/trustchain/TrustChain.kt
+++ b/modules/openid-federation-client/src/commonMain/kotlin/com/sphereon/oid/fed/client/trustchain/TrustChain.kt
@@ -69,7 +69,11 @@ class TrustChain(private val fetchService: IFetchCallbackService, private val cr
 
         val authorityHints = entityStatement.authorityHints ?: return null
 
-        for (authority in authorityHints) {
+        val reorderedAuthorityHints = authorityHints.sortedBy { hint ->
+            if (trustAnchors.contains(hint)) 0 else 1
+        }
+
+        for (authority in reorderedAuthorityHints) {
             val result = processAuthority(
                 authority,
                 entityIdentifier,
@@ -161,6 +165,7 @@ class TrustChain(private val fetchService: IFetchCallbackService, private val cr
             // Check if the entity key exists in subordinate statement
             val entityKeyExistsInSubordinateStatement = checkKidInJwks(keys, lastStatementKid)
             if (!entityKeyExistsInSubordinateStatement) return null
+
             // If authority is in trust anchors, return the completed chain
             if (trustAnchors.contains(authority)) {
                 chain.add(subordinateStatementJwt)