From 1f503014daf8840ccf3c2c6cc7d8af780f48d853 Mon Sep 17 00:00:00 2001 From: mahammedtaheer <57249563+mahammedtaheer@users.noreply.github.com> Date: Tue, 3 Oct 2023 16:58:17 +0530 Subject: [PATCH] [ES-313] fixes merged from develop to release branch (#1106) * MOSIP-26891 added condition in caching (#1045) Co-authored-by: Neha Farheen * Mosip 26891 caches in ida module should avoid caching null values (#1046) * MOSIP-26891 added condition in caching * modified the conditions --------- Co-authored-by: Neha Farheen * Mosip 26891 caches in ida module should avoid caching null values (#1047) * MOSIP-26891 added condition in caching * modified the conditions * condition changed --------- Co-authored-by: Neha Farheen * Mosip 26891 caches in ida module should avoid caching null values (#1048) * MOSIP-26891 added condition in caching * modified the conditions * condition changed * condition changed --------- Co-authored-by: Neha Farheen * Mosip 26891 caches in ida module should avoid caching null values (#1049) * MOSIP-26891 added condition in caching * modified the conditions * condition changed * condition changed * condition changed --------- Co-authored-by: Neha Farheen * [BUGFIX] [ES-176] Handles the scenario when no claims are accepted from a set of optional claims sub parameter is added to consented claim by default if it is emptywq * iat validation corrected * [MOSIP-28622] fixed firstname, lastname not populating in e-signet issue. * [MOSIP-28484] Added error handling for deploy.sh script (#1061) * [MOSIP-28484] Added error handling for deploy.sh script * [MOSIP-28484] Updated error handling for deploy.sh script * [MOSIP-28484] Removed exit command --------- Co-authored-by: akilalakshmanan * Implemented the VCI plugin in IDA * Format the code * Changes done * Changes done * Changes done * Decrypted the individualId * [ES-186] Added new Vci Exchange API to add support for VCI. * Added new repo for LD signature library. (#1075) * updated push trigger to include settings.xml for sonar analysis and fixed start up error. * removed show progress argument for wget command to display download progress. * ES-107 * Fixed the cache read issue * ES-187 * ES-187 * [ES-186] Fixed integration issues. * ES-187 * [ES-186] changed the VC ID to UUID instead of PSUT and added locales. * [MOSIP-29163] updated reusable workflows (#1088) * merge from release-1.2.0.1 to develop (#1089) * [MOSIP-21002] Updated kyc error response to have kycStatus and updated db scripts (#872) * Update 1.2_ida-scripts_release.sql (#852) * [MOSIP-21072] Fixed db scripts for upgrade (#865) * [MOSIP-18655] reverted EnvUtil as RefreshScope * [MOSIP-18655] Ignoring test cases temporarily * [MOSIP-18655] Updated EnvUtil to implement env methods * [MOSIP-18655] Ignoring test cases temporarily * [MOSIP-18655] Ignoring test cases temporarily * [MOSIP-18655] reverted EnvUtil as RefreshScope * [MOSIP-18655] reverted EnvUtil as RefreshScope * [MOSIP-18655] Updated EnvUtil to implement env methods * [MOSIP-18655] reverted EnvUtil as RefreshScope * [MOSIP-18655] Updated EnvUtil to implement env methods * [MOSIP-18655] reverted EnvUtil as RefreshScope * [MOSIP-18655] Updated EnvUtil to implement env methods * [MOSIP-18655] reverted EnvUtil as RefreshScope * [MOSIP-18655] Updated EnvUtil to implement env methods * [MOSIP-21072] Fixed db scripts for upgrade * [MOSIP-21002] Updated kyc error response to have kycStatus (#868) * Revert "[MOSIP-21072] Fixed db scripts for upgrade (#865)" (#869) This reverts commit bed76a2ddce57a407a174fd6d682b946cb2b220f. * [MOSIP-21002] Updated kyc error response to have kycStatus and updated db release scripts (#871) * Revert "[MOSIP-21072] Fixed db scripts for upgrade (#865)" This reverts commit bed76a2ddce57a407a174fd6d682b946cb2b220f. * [MOSIP-21072] reverted release script changes * [MOSIP-21072] reverted release script changes * Revert "[MOSIP-21072] reverted release script changes" This reverts commit 4cbb9899f3acc69c3383b339176937ebb1877b0e. * [MOSIP-21072] updated db release scripts (#873) * Revert "[MOSIP-21072] Fixed db scripts for upgrade (#865)" This reverts commit bed76a2ddce57a407a174fd6d682b946cb2b220f. * [MOSIP-21072] reverted release script changes * [MOSIP-21072] reverted release script changes * Revert "[MOSIP-21072] reverted release script changes" This reverts commit 4cbb9899f3acc69c3383b339176937ebb1877b0e. * [MOSIP-21072] updated db release scripts * [MOSIP-21072] Updated exception handling for ekyc (#874) * Revert "[MOSIP-21072] Fixed db scripts for upgrade (#865)" This reverts commit bed76a2ddce57a407a174fd6d682b946cb2b220f. * [MOSIP-21072] reverted release script changes * [MOSIP-21072] reverted release script changes * Revert "[MOSIP-21072] reverted release script changes" This reverts commit 4cbb9899f3acc69c3383b339176937ebb1877b0e. * [MOSIP-21072] updated db release scripts * [MOSIP-21072] Fixed test case * [MOSIP-20984] added support for bio type to be case insensitive (#875) * Revert "[MOSIP-21072] Fixed db scripts for upgrade (#865)" This reverts commit bed76a2ddce57a407a174fd6d682b946cb2b220f. * [MOSIP-21072] reverted release script changes * [MOSIP-21072] reverted release script changes * Revert "[MOSIP-21072] reverted release script changes" This reverts commit 4cbb9899f3acc69c3383b339176937ebb1877b0e. * [MOSIP-21072] updated db release scripts * [MOSIP-21072] Fixed test case * [MOSIP-20984] added support for bio type to be case insensitive Co-authored-by: Loganathan Sekar <42532387+LoganathanSekar7627@users.noreply.github.com> * [MOSIP-20020] Update release_changes.yml * [ MOSIP-20021 ] updated release_changes.yml to update README.md badges * [MOSIP-20028] added action for tagging * Added pre-expire-days & access-allowed values in DB release script. (#897) * release file name changes. * MOSIP-23611- Added flag to enable missing credential retrigger. Disabled by default * Added logger * release file name changes. * release file name changes. * Test case fix * Release Bot Pre-release changes * Update README.md * updated snapshot url in push_trigger.yaml * Added auth context class in internal and otp service, renamed the db script files. * Removed not null constraint to policy id and added kycexchange exception handler. * [DSD-1944] updated keymanager version * updated sonar token * Release Bot Pre-release changes * Update README.md * Code from develop branch. (#1000) * resolved merge conflicts. * [MOSIP-20020] Update release_changes.yml * [ MOSIP-20021 ] updated release_changes.yml to update README.md badges * [MOSIP-20028] added action for tagging * Added pre-expire-days & access-allowed values in DB release script. (#897) * release file name changes. * Added auth context class in internal and otp service, renamed the db script files. * removed not null constraint for policy_id in misp license data. * [DSD-1935]added new token to check sonar_token functionality * [DSD-1935]Updated sonar token * MOSIP-25606 Fixed OIDC Client create/update and corrected address claim attributes. * Added audit entry for kyc exchange and updated idhash in audit entry instead of individual id. * Fixed bugs MOSIP-25718, MOSIP-25717 add opencv jar file for image conversion performance. * Fixed test case. * MOSIP-25757: Created esignet-integration-impl * Removed mock implementations * Changed class name * Changed package name * Changed esignet dependency scope * Added ignore on failed test cases * Added new Identity key binding API in ida service. * MOSIP-25855: Added getAllKycSigningCertificates * Added default values * Removed Authentication Header * Added test classes * Modified test cases * MOSIP-25324 * Added tables in ddl.sql * [MOSIP-25637] Updated postgres-init_trigger.yml workflow (#965) * [MOSIP-25637] Updated postgres-init_trigger.yml workflow * Update postgres-init_trigger.yml * [MOSIP-25637] Updated postgres-init_trigger.yml workflow (#966) * Changes in biomatcher Util for unknown data (#971) Co-authored-by: Neha Farheen * Mosip 26307 change in ida to correct bio sub type value sent in the match request (#972) * Changes in biomatcher Util for unknown data * Bug fixed --------- Co-authored-by: Neha Farheen Co-authored-by: Loganathan Sekar <42532387+LoganathanSekar7627@users.noreply.github.com> * MOSIP-26295: Auditor implementation * MOSIP-25867 * fixed application start error. * MOSIP-26484 * Fixed test case failures * Fixed couple of bugs. Jira # MOSIP-26472, MOSIP-26028. * Renamed TokenInfo to KeyBindedToken * MOSIP-26484 * MOSIP-26484 * Added workaround for key binded auth. * Fixed test case failure error. * MOSIP-26484 (#985) Co-authored-by: ase-101 <> * Fixed audit caching issue * Update AuthTransactionHelper.java * Fixed auditing error * Added Key Binded Token authentication functionality. * ignoring the failed test case temporarily. * Corrected the header names * Corrected the header names * MOSIP-25324 * MOSIP-25324 * MOSIP-25324 * MOSIP-25324 * Changed kycStatus to bindingAuthStatus * Added debug statement. * Fixed issue in comparing the time difference. * DB changes added in release db scripts * Updating certificate to all VIDs for same TokenId and changed logic in fetching the binded certificates. --------- Co-authored-by: Keshav Mishra Co-authored-by: syed-salman-technoforte Co-authored-by: kameshsr Co-authored-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Co-authored-by: M1044292 Co-authored-by: ase-101 <> Co-authored-by: Mohan E Co-authored-by: Neha2365 <110969715+Neha2365@users.noreply.github.com> Co-authored-by: Neha Farheen Co-authored-by: Loganathan Sekar <42532387+LoganathanSekar7627@users.noreply.github.com> Co-authored-by: Anusha Sunkada Co-authored-by: Himaja Dhanyamraju <43470317+HimajaDhanyamraju2@users.noreply.github.com> * updated snapshot url (#1001) * Corrected the upgrade scripts name (#1002) Co-authored-by: ase-101 <> * Release changes (#1004) * Release Bot Pre-release changes * Update README.md --------- Co-authored-by: ckm007 * [DSD-2478] (#1005) * MOSIP-26742 hash logic compatibility release 1201 (#1007) MOSIP-26742 * Added support for legacy method of hashing * Handled salt missing when newhash calculation * Review comment fixes * Updated conditions and added logging --------- Co-authored-by: Loganathan Sekar * Mosip 26742 hash logic compatibility 1 (#1008) * Added support for legacy method of hashing * Test fixes * Handled salt missing when newhash calculation * Review comment fixes * Updated conditions and added logging * Fixed value annotation --------- Co-authored-by: Loganathan Sekar * [MOSIP-23422] updated db_release scripts (#1022) * [MOSIP-27964] updated upgrade sql's * [MOSIP-27964] Update 1.1.5.5_to_1.2.0.1-B1_upgrade.sql (#1032) Signed-off-by: Keshav Mishra * [MOSIP-27964] * [MOSIP-27996] updated rollback sql * [MOSIP-23218] Updated Pom.xml versions. (#1035) * Updated versions to -SNAPSHOT * Updated version to 1.2.0.1-SNAPSHOT * Test fix * [MOSIP-28175]Fixed publish to nexus failure * Fix to salt caching issue * Revert "Include new class from keymanager in imports." This reverts commit 17a2375f82350d9d3a8f3dea26c0bfc3c5fa90a5. * Revert "Added functionality in kyc-exchange API to return response in encrypted form (JWE).MOSIP-25369" This reverts commit ec22724905a167052da7156aa15438efd8058792. * Removed sysadmin * Corrected user * MOSIP-28227 Moved ddl script into upgrade scripts, corrections to upgrade scripts * Added placeholder scripts for upgrade * Jira No. MOSIP-28227, removed the truncate previledge for 3 tables and drop key_policy_def_h table. (#1053) * [MOSIP-28622] fixed firstname, lastname not populating in e-signet issue. * Reverted dependencies snapshot versions (#1059) Co-authored-by: Loganathan Sekar * Fix compilation issue after snapshot version revert. (#1060) * Reverted dependencies snapshot versions * Fixed compilation issue --------- Co-authored-by: Loganathan Sekar * Release changes (#1063) * Release Bot Pre-release changes * Update README.md Signed-off-by: Keshav Mishra --------- Signed-off-by: Keshav Mishra Co-authored-by: ckm007 * Release 1.2.0.1 b4 (#1064) * Reverted dependencies snapshot versions (#1059) Co-authored-by: Loganathan Sekar * Fix compilation issue after snapshot version revert. (#1060) * Reverted dependencies snapshot versions * Fixed compilation issue --------- Co-authored-by: Loganathan Sekar * Release changes (#1063) * Release Bot Pre-release changes * Update README.md Signed-off-by: Keshav Mishra --------- Signed-off-by: Keshav Mishra Co-authored-by: ckm007 * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update push_trigger.yml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra * Update pom.xml Signed-off-by: Keshav Mishra --------- Signed-off-by: Keshav Mishra Co-authored-by: Loganathan Sekar <42532387+LoganathanSekar7627@users.noreply.github.com> Co-authored-by: Loganathan Sekar Co-authored-by: ckm007 * [MOSIP-29044] (#1067) * Rename 1.2.0.1-B3_to_1.2.0.1_rollback.sql to 1.2.0.1-B3_to_1.2.0.1-B4_rollback.sql Signed-off-by: Keshav Mishra * Rename 1.2.0.1-B3_to_1.2.0.1_upgrade.sql to 1.2.0.1-B3_to_1.2.0.1-B4_upgrade.sql Signed-off-by: Keshav Mishra * Create 1.2.0.1-B4_to_1.2.0.1_rollback.sql Signed-off-by: Keshav Mishra * Create Create 1.2.0.1-B4_to_1.2.0.1_upgrade.sql Signed-off-by: Keshav Mishra * Rename Create 1.2.0.1-B4_to_1.2.0.1_upgrade.sql to 1.2.0.1-B4_to_1.2.0.1_upgrade.sql Signed-off-by: Keshav Mishra --------- Signed-off-by: Keshav Mishra * [MOSIP-28484] Added error handling for deploy.sh script (#1065) Co-authored-by: akilalakshmanan * Update push_trigger.yml Signed-off-by: Keshav Mishra * WIP-Changes to allow available otp channel * PSA-171 fix for allowing one of the available channels when both channels specified. * Updated the pom versions * Fix to have case insensitive check for channel attribute --------- Signed-off-by: Keshav Mishra Co-authored-by: Manoj SP <43261486+manojsp12@users.noreply.github.com> Co-authored-by: Loganathan Sekar <42532387+LoganathanSekar7627@users.noreply.github.com> Co-authored-by: Keshav Mishra Co-authored-by: syed-salman-technoforte <72004356+syed-salman-technoforte@users.noreply.github.com> Co-authored-by: syed-salman-technoforte Co-authored-by: kameshsr Co-authored-by: Loganathan Sekar Co-authored-by: pramod444 Co-authored-by: syed salman <72004356+syedsalman3753@users.noreply.github.com> Co-authored-by: ckm007 Co-authored-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Co-authored-by: M1044292 Co-authored-by: Mohan E Co-authored-by: Neha2365 <110969715+Neha2365@users.noreply.github.com> Co-authored-by: Neha Farheen Co-authored-by: Anusha Sunkada Co-authored-by: Himaja Dhanyamraju <43470317+HimajaDhanyamraju2@users.noreply.github.com> Co-authored-by: Loganathan Sekar Co-authored-by: Vishwa Co-authored-by: Rakshitha650 <76676196+Rakshitha650@users.noreply.github.com> Co-authored-by: Akila Lakshmanan <77330852+akilalakshmanan@users.noreply.github.com> Co-authored-by: akilalakshmanan * ES-187 (#1092) Co-authored-by: ase-101 <> * [ES-280], [ES-281] (#1094) * Corrected dependency versions. * Fixed NotReadablePropertyException error and added VID or UIN in VC. * Fixed test cases error. (#1095) * Fixed Test cases error. (#1096) * Fixed test case error. (#1097) * Fixed Test cases error. (#1098) * Fixed test case error. * Fixed test cases error. * [ES-261] test cases for idaVCIssuancePluginImpl (#1093) * added test cases for idaVCIssuancePluginImpl * test cases added for idaVCIssuancePluginImpl * added test cases for idaVCIssuancePluginImpl * added langCode converter in idaVCIssuancePluginImpl * [ES-261] changes in testCases for IdaVCIssuancePluginImpl (#1100) * added test cases for idaVCIssuancePluginImpl * test cases added for idaVCIssuancePluginImpl * added test cases for idaVCIssuancePluginImpl * added langCode converter in idaVCIssuancePluginImpl * fix the build failed * [MOSIP-29163] updated reusable workflows (#1103) * [MOSIP-29163] updated secret in reusable workflows * Revert "[MOSIP-29163] updated secret in reusable workflows" This reverts commit 6d55aafca23e13b8dd929f8515735dc8437cc9d1. * [MOSIP-29163] updated secret in reusable workflows * [MOSIP-29163] removed tag.origin * [ES-313] Fixed blank attribute issue & language not available issue. (#1105) * Resolved Merge issues. --------- Signed-off-by: Keshav Mishra Co-authored-by: Neha2365 <110969715+Neha2365@users.noreply.github.com> Co-authored-by: Neha Farheen Co-authored-by: Hitesh Jain Co-authored-by: Vishwa Co-authored-by: anshulv1401 Co-authored-by: Akila Lakshmanan <77330852+akilalakshmanan@users.noreply.github.com> Co-authored-by: akilalakshmanan Co-authored-by: ase-101 <> Co-authored-by: bhumi46 <111699703+bhumi46@users.noreply.github.com> Co-authored-by: Manoj SP <43261486+manojsp12@users.noreply.github.com> Co-authored-by: Loganathan Sekar <42532387+LoganathanSekar7627@users.noreply.github.com> Co-authored-by: Keshav Mishra Co-authored-by: syed-salman-technoforte <72004356+syed-salman-technoforte@users.noreply.github.com> Co-authored-by: syed-salman-technoforte Co-authored-by: kameshsr Co-authored-by: Loganathan Sekar Co-authored-by: pramod444 Co-authored-by: syed salman <72004356+syedsalman3753@users.noreply.github.com> Co-authored-by: ckm007 Co-authored-by: Mahesh-Binayak <76687012+Mahesh-Binayak@users.noreply.github.com> Co-authored-by: M1044292 Co-authored-by: Mohan E Co-authored-by: Anusha Sunkada Co-authored-by: Himaja Dhanyamraju <43470317+HimajaDhanyamraju2@users.noreply.github.com> Co-authored-by: Loganathan Sekar Co-authored-by: Rakshitha650 <76676196+Rakshitha650@users.noreply.github.com> Co-authored-by: kaifk468 <74772315+kaifk468@users.noreply.github.com> --- .../service/helper/TokenValidationHelper.java | 68 +---- .../service/kyc/facade/KycFacadeImpl.java | 16 +- .../service/kyc/facade/VciFacadeImpl.java | 15 +- .../service/kyc/impl/KycServiceImpl.java | 5 +- .../service/kyc/impl/VciServiceImpl.java | 28 +- .../kyc/util/ExchangeDataAttributesUtil.java | 90 ++++++ .../service/IdaVCIssuancePluginImpl.java | 13 +- .../service/IdaVCIssuancePluginImplTest.java | 281 ++++++++++++++++++ 8 files changed, 426 insertions(+), 90 deletions(-) create mode 100644 authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/util/ExchangeDataAttributesUtil.java create mode 100644 authentication/esignet-integration-impl/src/test/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImplTest.java diff --git a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/helper/TokenValidationHelper.java b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/helper/TokenValidationHelper.java index b3a56eba064..49cf16533ac 100644 --- a/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/helper/TokenValidationHelper.java +++ b/authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/helper/TokenValidationHelper.java @@ -1,26 +1,17 @@ package io.mosip.authentication.common.service.helper; import java.time.LocalDateTime; -import java.util.Collection; -import java.util.List; import java.util.Optional; -import java.util.Set; -import java.util.stream.Collectors; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; import io.mosip.authentication.common.service.entity.KycTokenData; -import io.mosip.authentication.common.service.entity.OIDCClientData; import io.mosip.authentication.common.service.repository.KycTokenDataRepository; -import io.mosip.authentication.common.service.repository.OIDCClientDataRepository; -import io.mosip.authentication.common.service.util.EnvUtil; -import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil; import io.mosip.authentication.core.constant.IdAuthCommonConstants; import io.mosip.authentication.core.constant.IdAuthenticationErrorConstants; import io.mosip.authentication.core.constant.KycTokenStatusType; import io.mosip.authentication.core.exception.IdAuthenticationBusinessException; -import io.mosip.authentication.core.indauth.dto.BaseRequestDTO; import io.mosip.authentication.core.logger.IdaLogger; import io.mosip.authentication.core.spi.indauth.service.KycService; import io.mosip.kernel.core.logger.spi.Logger; @@ -31,15 +22,12 @@ * @author Mahammed Taheer */ +@Component public class TokenValidationHelper { /** The mosip logger. */ private static Logger mosipLogger = IdaLogger.getLogger(TokenValidationHelper.class); - @Value("${ida.idp.consented.individual_id.attribute.name:individual_id}") - private String consentedIndividualIdAttributeName; - - /** The Kyc Service */ @Autowired private KycService kycService; @@ -47,13 +35,6 @@ public class TokenValidationHelper { @Autowired private KycTokenDataRepository kycTokenDataRepo; - @Autowired - private IdInfoHelper idInfoHelper; - - @Autowired - private OIDCClientDataRepository oidcClientDataRepo; - - public KycTokenData findAndValidateIssuedToken(String tokenData, String oidcClientId, String reqTransactionId, String idvidHash) throws IdAuthenticationBusinessException { @@ -131,49 +112,4 @@ private void validateToken(KycTokenData kycTokenData, String oidcClientId, Strin IdAuthenticationErrorConstants.KYC_TOKEN_EXPIRED.getErrorMessage()); } } - - public void mapConsentedAttributesToIdSchemaAttributes(List consentAttributes, Set filterAttributes, - List policyAllowedKycAttribs) throws IdAuthenticationBusinessException { - - if(consentAttributes != null && !consentAttributes.isEmpty()) { - for (String attrib : consentAttributes) { - Collection idSchemaAttribute = idInfoHelper.getIdentityAttributesForIdName(attrib); - filterAttributes.addAll(idSchemaAttribute); - } - // removing individual id from consent if the claim is not allowed in policy. - if (!policyAllowedKycAttribs.contains(consentedIndividualIdAttributeName)) { - consentAttributes.remove(consentedIndividualIdAttributeName); - } - } - } - - public Set filterByPolicyAllowedAttributes(Set filterAttributes, List policyAllowedKycAttribs) { - return policyAllowedKycAttribs.stream() - .filter(attribute -> filterAttributes.contains(attribute)) - .collect(Collectors.toSet()); - } - - public String getKycExchangeResponseTime(BaseRequestDTO authRequestDTO) { - String dateTimePattern = EnvUtil.getDateTimePattern(); - return IdaRequestResponsConsumerUtil.getResponseTime(authRequestDTO.getRequestTime(), dateTimePattern); - } - - public List filterAllowedUserClaims(String oidcClientId, List consentAttributes) { - mosipLogger.info(IdAuthCommonConstants.IDA, this.getClass().getSimpleName(), "filterAllowedUserClaims", - "Checking for OIDC client allowed userclaims"); - Optional oidcClientData = oidcClientDataRepo.findByClientId(oidcClientId); - - List oidcClientAllowedUserClaims = List.of(oidcClientData.get().getUserClaims()) - .stream() - .map(String::toLowerCase) - .collect(Collectors.toList()); - if (consentAttributes.isEmpty()) { - return oidcClientAllowedUserClaims; - } - - return consentAttributes.stream() - .filter(claim -> oidcClientAllowedUserClaims.contains(claim.toLowerCase())) - .collect(Collectors.toList()); - - } } diff --git a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/KycFacadeImpl.java b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/KycFacadeImpl.java index 7e3582f9732..a181c6a7cd9 100644 --- a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/KycFacadeImpl.java +++ b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/KycFacadeImpl.java @@ -3,6 +3,7 @@ */ package io.mosip.authentication.service.kyc.facade; +import java.time.LocalDateTime; import java.util.AbstractMap.SimpleEntry; import java.util.Collection; import java.util.HashSet; @@ -26,11 +27,13 @@ import io.mosip.authentication.common.service.builder.AuthTransactionBuilder; import io.mosip.authentication.common.service.entity.AutnTxn; import io.mosip.authentication.common.service.entity.KycTokenData; +import io.mosip.authentication.common.service.entity.OIDCClientData; import io.mosip.authentication.common.service.helper.AuditHelper; import io.mosip.authentication.common.service.helper.TokenValidationHelper; import io.mosip.authentication.common.service.integration.TokenIdManager; import io.mosip.authentication.common.service.repository.IdaUinHashSaltRepo; import io.mosip.authentication.common.service.repository.KycTokenDataRepository; +import io.mosip.authentication.common.service.repository.OIDCClientDataRepository; import io.mosip.authentication.common.service.transaction.manager.IdAuthSecurityManager; import io.mosip.authentication.common.service.util.EnvUtil; import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil; @@ -70,6 +73,7 @@ import io.mosip.authentication.core.spi.indauth.match.IdInfoFetcher; import io.mosip.authentication.core.spi.indauth.service.KycService; import io.mosip.authentication.core.spi.partner.service.PartnerService; +import io.mosip.authentication.service.kyc.util.ExchangeDataAttributesUtil; import io.mosip.kernel.core.logger.spi.Logger; import reactor.util.function.Tuple3; @@ -133,6 +137,9 @@ public class KycFacadeImpl implements KycFacade { @Autowired private TokenValidationHelper tokenValidationHelper; + @Autowired + private ExchangeDataAttributesUtil exchangeDataAttributesUtil; + /* * (non-Javadoc) * @@ -399,15 +406,15 @@ public KycExchangeResponseDTO processKycExchange(KycExchangeRequestDTO kycExchan } List consentAttributes = kycExchangeRequestDTO.getConsentObtained(); - List allowedConsentAttributes = tokenValidationHelper.filterAllowedUserClaims(oidcClientId, consentAttributes); + List allowedConsentAttributes = exchangeDataAttributesUtil.filterAllowedUserClaims(oidcClientId, consentAttributes); PolicyDTO policyDto = policyDtoOpt.get(); List policyAllowedKycAttribs = Optional.ofNullable(policyDto.getAllowedKycAttributes()).stream() .flatMap(Collection::stream).map(KYCAttributes::getAttributeName).collect(Collectors.toList()); Set filterAttributes = new HashSet<>(); - tokenValidationHelper.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs); - Set policyAllowedAttributes = tokenValidationHelper.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs); + exchangeDataAttributesUtil.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs); + Set policyAllowedAttributes = exchangeDataAttributesUtil.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs); boolean isBioRequired = false; if (filterAttributes.contains(CbeffDocType.FACE.getType().value().toLowerCase()) || @@ -438,7 +445,7 @@ public KycExchangeResponseDTO processKycExchange(KycExchangeRequestDTO kycExchan kycExchangeResponseDTO.setId(kycExchangeRequestDTO.getId()); kycExchangeResponseDTO.setTransactionID(kycExchangeRequestDTO.getTransactionID()); kycExchangeResponseDTO.setVersion(kycExchangeRequestDTO.getVersion()); - kycExchangeResponseDTO.setResponseTime(tokenValidationHelper.getKycExchangeResponseTime(kycExchangeRequestDTO)); + kycExchangeResponseDTO.setResponseTime(exchangeDataAttributesUtil.getKycExchangeResponseTime(kycExchangeRequestDTO)); EncryptedKycRespDTO encryptedKycRespDTO = new EncryptedKycRespDTO(); encryptedKycRespDTO.setEncryptedKyc(respJson); @@ -455,7 +462,6 @@ public KycExchangeResponseDTO processKycExchange(KycExchangeRequestDTO kycExchan } } - // Need to move below duplicate code to common to be used by OTPService and KycExchange. private void saveToTxnTable(KycExchangeRequestDTO kycExchangeRequestDTO, boolean isInternal, boolean status, String partnerId, String token, KycExchangeResponseDTO kycExchangeResponseDTO, ObjectWithMetadata requestWithMetadata) diff --git a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/VciFacadeImpl.java b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/VciFacadeImpl.java index 19b7b49ef92..86d104ca8d0 100644 --- a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/VciFacadeImpl.java +++ b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/VciFacadeImpl.java @@ -1,6 +1,3 @@ -/** - * - */ package io.mosip.authentication.service.kyc.facade; import java.util.ArrayList; @@ -52,6 +49,7 @@ import io.mosip.authentication.core.spi.indauth.match.IdInfoFetcher; import io.mosip.authentication.core.spi.partner.service.PartnerService; import io.mosip.authentication.service.kyc.impl.VciServiceImpl; +import io.mosip.authentication.service.kyc.util.ExchangeDataAttributesUtil; import io.mosip.kernel.core.logger.spi.Logger; /** @@ -104,6 +102,9 @@ public class VciFacadeImpl implements VciFacade { @Autowired private KycTokenDataRepository kycTokenDataRepo; + @Autowired + private ExchangeDataAttributesUtil exchangeDataAttributesUtil; + @Override public VciExchangeResponseDTO processVciExchange(VciExchangeRequestDTO vciExchangeRequestDTO, String partnerId, String oidcClientId, Map metadata, ObjectWithMetadata requestWithMetadata) throws IdAuthenticationBusinessException { @@ -133,15 +134,15 @@ public VciExchangeResponseDTO processVciExchange(VciExchangeRequestDTO vciExchan // Will implement later the consent claims based on credential definition input List consentAttributes = Collections.emptyList(); - List allowedConsentAttributes = tokenValidationHelper.filterAllowedUserClaims(oidcClientId, consentAttributes); + List allowedConsentAttributes = exchangeDataAttributesUtil.filterAllowedUserClaims(oidcClientId, consentAttributes); PolicyDTO policyDto = policyDtoOpt.get(); List policyAllowedKycAttribs = Optional.ofNullable(policyDto.getAllowedKycAttributes()).stream() .flatMap(Collection::stream).map(KYCAttributes::getAttributeName).collect(Collectors.toList()); Set filterAttributes = new HashSet<>(); - tokenValidationHelper.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs); - Set policyAllowedAttributes = tokenValidationHelper.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs); + exchangeDataAttributesUtil.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs); + Set policyAllowedAttributes = exchangeDataAttributesUtil.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs); boolean isBioRequired = false; if (filterAttributes.contains(CbeffDocType.FACE.getType().value().toLowerCase()) || @@ -178,7 +179,7 @@ public VciExchangeResponseDTO processVciExchange(VciExchangeRequestDTO vciExchan vciExchangeResponseDTO.setId(vciExchangeRequestDTO.getId()); vciExchangeResponseDTO.setTransactionID(vciExchangeRequestDTO.getTransactionID()); vciExchangeResponseDTO.setVersion(vciExchangeRequestDTO.getVersion()); - vciExchangeResponseDTO.setResponseTime(tokenValidationHelper.getKycExchangeResponseTime(vciExchangeRequestDTO)); + vciExchangeResponseDTO.setResponseTime(exchangeDataAttributesUtil.getKycExchangeResponseTime(vciExchangeRequestDTO)); vciExchangeResponseDTO.setResponse(vcResponseDTO); saveToTxnTable(vciExchangeRequestDTO, false, true, partnerId, token, vciExchangeResponseDTO, requestWithMetadata); auditHelper.audit(AuditModules.VCI_EXCHANGE, AuditEvents.VCI_EXCHANGE_REQUEST_RESPONSE, diff --git a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/KycServiceImpl.java b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/KycServiceImpl.java index d456c2b2221..a2bf7d0196f 100644 --- a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/KycServiceImpl.java +++ b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/KycServiceImpl.java @@ -4,6 +4,7 @@ import java.nio.ByteBuffer; import java.time.LocalDateTime; import java.time.temporal.ChronoUnit; +import java.time.temporal.ValueRange; import java.util.AbstractMap.SimpleEntry; import java.util.ArrayList; import java.util.HashMap; @@ -441,9 +442,11 @@ public boolean isKycTokenExpire(LocalDateTime tokenIssuedDateTime, String kycTok LocalDateTime currentTime = LocalDateTime.now(); long diffSeconds = ChronoUnit.SECONDS.between(tokenIssuedDateTime, currentTime); + long adjustmentSeconds = EnvUtil.getKycTokenExpireTimeAdjustmentSeconds(); + ValueRange valueRange = ValueRange.of(0, adjustmentSeconds); - if (tokenIssuedDateTime != null && adjustmentSeconds < diffSeconds) { + if (tokenIssuedDateTime != null && !valueRange.isValidIntValue(diffSeconds)) { return true; } return false; diff --git a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/VciServiceImpl.java b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/VciServiceImpl.java index 91ed5a865cb..2d1418f2141 100644 --- a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/VciServiceImpl.java +++ b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/VciServiceImpl.java @@ -399,15 +399,21 @@ private Map getCredSubjectMap(String credSubjectId, Map 0)) + credSubjectMap.put(idSchemaAttribute, value); + } else { Map valueMap = new HashMap<>(); String lang = identityInfo.getLanguage(); if (locales.contains(lang)) { - valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, lang); - valueMap.put(IdAuthCommonConstants.VALUE_STRING, identityInfo.getValue()); - credSubjectMap.put(idSchemaAttribute, valueMap); + String value = identityInfo.getValue(); + if (Objects.nonNull(value) && (value.trim().length() > 0)) { + valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, lang); + valueMap.put(IdAuthCommonConstants.VALUE_STRING, value); + credSubjectMap.put(idSchemaAttribute, valueMap); + } } } continue; @@ -417,12 +423,16 @@ private Map getCredSubjectMap(String credSubjectId, Map valueMap = new HashMap<>(); String lang = identityInfo.getLanguage(); if (locales.contains(lang)) { - valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, identityInfo.getLanguage()); - valueMap.put(IdAuthCommonConstants.VALUE_STRING, identityInfo.getValue()); - valueList.add(valueMap); + String value = identityInfo.getValue(); + if (Objects.nonNull(value) && (value.trim().length() > 0)) { + valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, identityInfo.getLanguage()); + valueMap.put(IdAuthCommonConstants.VALUE_STRING, identityInfo.getValue()); + valueList.add(valueMap); + } } } - credSubjectMap.put(idSchemaAttribute, valueList); + if (valueList.size() > 0) + credSubjectMap.put(idSchemaAttribute, valueList); } } return credSubjectMap; diff --git a/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/util/ExchangeDataAttributesUtil.java b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/util/ExchangeDataAttributesUtil.java new file mode 100644 index 00000000000..0497cbc9ca5 --- /dev/null +++ b/authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/util/ExchangeDataAttributesUtil.java @@ -0,0 +1,90 @@ +package io.mosip.authentication.service.kyc.util; + +import java.util.Collection; +import java.util.List; +import java.util.Optional; +import java.util.Set; +import java.util.stream.Collectors; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Component; + +import io.mosip.authentication.common.service.entity.OIDCClientData; +import io.mosip.authentication.common.service.helper.IdInfoHelper; +import io.mosip.authentication.common.service.repository.OIDCClientDataRepository; +import io.mosip.authentication.common.service.util.EnvUtil; +import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil; +import io.mosip.authentication.core.constant.IdAuthCommonConstants; +import io.mosip.authentication.core.exception.IdAuthenticationBusinessException; +import io.mosip.authentication.core.indauth.dto.BaseRequestDTO; +import io.mosip.authentication.core.logger.IdaLogger; +import io.mosip.kernel.core.logger.spi.Logger; + +/** + * Utility class to filter the consented attribute and policy allowed attributes. + * + * @author Mahammed Taheer + */ + +@Component +public class ExchangeDataAttributesUtil { + + /** The mosip logger. */ + private static Logger mosipLogger = IdaLogger.getLogger(ExchangeDataAttributesUtil.class); + + @Value("${ida.idp.consented.individual_id.attribute.name:individual_id}") + private String consentedIndividualIdAttributeName; + + @Autowired + private IdInfoHelper idInfoHelper; + + @Autowired + private OIDCClientDataRepository oidcClientDataRepo; + + public void mapConsentedAttributesToIdSchemaAttributes(List consentAttributes, Set filterAttributes, + List policyAllowedKycAttribs) throws IdAuthenticationBusinessException { + + if(consentAttributes != null && !consentAttributes.isEmpty()) { + for (String attrib : consentAttributes) { + Collection idSchemaAttribute = idInfoHelper.getIdentityAttributesForIdName(attrib); + filterAttributes.addAll(idSchemaAttribute); + } + // removing individual id from consent if the claim is not allowed in policy. + if (!policyAllowedKycAttribs.contains(consentedIndividualIdAttributeName)) { + consentAttributes.remove(consentedIndividualIdAttributeName); + } + } + } + + public Set filterByPolicyAllowedAttributes(Set filterAttributes, List policyAllowedKycAttribs) { + return policyAllowedKycAttribs.stream() + .filter(attribute -> filterAttributes.contains(attribute)) + .collect(Collectors.toSet()); + } + + public String getKycExchangeResponseTime(BaseRequestDTO authRequestDTO) { + String dateTimePattern = EnvUtil.getDateTimePattern(); + return IdaRequestResponsConsumerUtil.getResponseTime(authRequestDTO.getRequestTime(), dateTimePattern); + } + + public List filterAllowedUserClaims(String oidcClientId, List consentAttributes) { + mosipLogger.info(IdAuthCommonConstants.IDA, this.getClass().getSimpleName(), "filterAllowedUserClaims", + "Checking for OIDC client allowed userclaims"); + Optional oidcClientData = oidcClientDataRepo.findByClientId(oidcClientId); + + List oidcClientAllowedUserClaims = List.of(oidcClientData.get().getUserClaims()) + .stream() + .map(String::toLowerCase) + .collect(Collectors.toList()); + if (consentAttributes.isEmpty()) { + return oidcClientAllowedUserClaims; + } + + return consentAttributes.stream() + .filter(claim -> oidcClientAllowedUserClaims.contains(claim.toLowerCase())) + .collect(Collectors.toList()); + + } + +} diff --git a/authentication/esignet-integration-impl/src/main/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImpl.java b/authentication/esignet-integration-impl/src/main/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImpl.java index b8fbe203d2e..5883893a871 100644 --- a/authentication/esignet-integration-impl/src/main/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImpl.java +++ b/authentication/esignet-integration-impl/src/main/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImpl.java @@ -4,6 +4,7 @@ import java.time.LocalDateTime; import java.time.ZoneOffset; import java.util.*; +import java.util.stream.Collectors; import javax.crypto.Cipher; @@ -111,8 +112,7 @@ public VCResult getVerifiableCredentialWithLinkedDataProof(VCReque idaVciExchangeRequest.setIndividualId(individualId); idaVciExchangeRequest.setCredSubjectId(holderId); idaVciExchangeRequest.setVcFormat(vcRequestDto.getFormat()); - idaVciExchangeRequest.setLocales(transaction.getClaimsLocales() != null ? - Arrays.asList(transaction.getClaimsLocales()) : List.of("eng")); + idaVciExchangeRequest.setLocales(convertLangCodesToISO3LanguageCodes(transaction.getClaimsLocales())); vciCred.setCredentialSubject(vcRequestDto.getCredentialSubject()); vciCred.setType(vcRequestDto.getType()); vciCred.setContext(vcRequestDto.getContext()); @@ -194,5 +194,14 @@ private String getKeyAlias(String keyAppId, String keyRefId) throws Exception { private byte[] b64Decode(String value) { return urlSafeDecoder.decode(value); + }; + + //Converts an array of two-letter language codes to their corresponding ISO 639-2/T language codes. + private List convertLangCodesToISO3LanguageCodes(String[] langCodes) { + if(langCodes == null || langCodes.length == 0) + return List.of("eng"); + return Arrays.stream(langCodes) + .map(langCode -> new Locale(langCode).getISO3Language()) + .collect(Collectors.toList()); } } diff --git a/authentication/esignet-integration-impl/src/test/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImplTest.java b/authentication/esignet-integration-impl/src/test/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImplTest.java new file mode 100644 index 00000000000..b37730feed7 --- /dev/null +++ b/authentication/esignet-integration-impl/src/test/java/io/mosip/authentication/esignet/integration/service/IdaVCIssuancePluginImplTest.java @@ -0,0 +1,281 @@ +package io.mosip.authentication.esignet.integration.service; + +import com.fasterxml.jackson.databind.ObjectMapper; +import foundation.identity.jsonld.JsonLDObject; +import io.mosip.authentication.esignet.integration.dto.IdaResponseWrapper; +import io.mosip.authentication.esignet.integration.dto.IdaVcExchangeRequest; +import io.mosip.authentication.esignet.integration.dto.IdaVcExchangeResponse; +import io.mosip.authentication.esignet.integration.helper.VCITransactionHelper; +import io.mosip.esignet.api.dto.VCRequestDto; +import io.mosip.esignet.api.dto.VCResult; +import io.mosip.esignet.core.constants.ErrorConstants; +import io.mosip.esignet.core.dto.OIDCTransaction; +import io.mosip.esignet.core.exception.EsignetException; +import io.mosip.esignet.core.util.IdentityProviderUtil; +import io.mosip.kernel.core.keymanager.spi.KeyStore; +import io.mosip.kernel.keymanagerservice.entity.KeyAlias; +import io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.MockitoJUnitRunner; +import org.springframework.core.ParameterizedTypeReference; +import org.springframework.http.RequestEntity; +import org.springframework.http.ResponseEntity; +import org.springframework.test.util.ReflectionTestUtils; +import org.springframework.web.client.RestTemplate; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import java.nio.charset.StandardCharsets; +import java.security.Key; +import java.time.LocalDateTime; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant.CURRENTKEYALIAS; + +@RunWith(MockitoJUnitRunner.class) +public class IdaVCIssuancePluginImplTest { + + @Mock + VCITransactionHelper vciTransactionHelper; + + @Mock + ObjectMapper objectMapper; + + @Mock + RestTemplate restTemplate; + + @Mock + HelperService helperService; + + @Mock + KeymanagerDBHelper keymanagerDBHelper; + + @Mock + KeyStore keyStore; + + @InjectMocks + IdaVCIssuancePluginImpl idaVCIssuancePlugin=new IdaVCIssuancePluginImpl(); + + @Test + public void getVerifiableCredentialWithLinkedDataProof_withValidDetails_thenPass() throws Exception { + + ReflectionTestUtils.setField(idaVCIssuancePlugin,"vciExchangeUrl","http://example.com"); + + VCRequestDto vcRequestDto = new VCRequestDto(); + vcRequestDto.setFormat("ldp_vc"); + vcRequestDto.setContext(Arrays.asList("context1","context2")); + vcRequestDto.setType(Arrays.asList("VerifiableCredential")); + vcRequestDto.setCredentialSubject(Map.of("subject1","subject1","subject2","subject2")); + + OIDCTransaction oidcTransaction = new OIDCTransaction(); + oidcTransaction.setIndividualId("individualId"); + oidcTransaction.setKycToken("kycToken"); + oidcTransaction.setAuthTransactionId("authTransactionId"); + oidcTransaction.setRelyingPartyId("relyingPartyId"); + oidcTransaction.setClaimsLocales(new String[]{"eng"}); + + IdaResponseWrapper> mockResponseWrapper = new IdaResponseWrapper<>(); + IdaVcExchangeResponse mockResponse = new IdaVcExchangeResponse<>(); + JsonLDObject jsonLDObject = new JsonLDObject(); + jsonLDObject.setJsonObjectKeyValue("key", "value"); + mockResponse.setVerifiableCredentials(jsonLDObject); + mockResponseWrapper.setResponse(mockResponse); + mockResponseWrapper.setId("id"); + mockResponseWrapper.setVersion("version"); + mockResponseWrapper.setTransactionID("transactionID"); + + ResponseEntity>> mockResponseEntity = ResponseEntity.ok(mockResponseWrapper); + ParameterizedTypeReference>> responseType = + new ParameterizedTypeReference>>() { + }; + + Mockito.when(vciTransactionHelper.getOAuthTransaction(Mockito.any())).thenReturn(oidcTransaction); + Mockito.when(objectMapper.writeValueAsString(Mockito.any(IdaVcExchangeRequest.class))).thenReturn("jsonString"); + Mockito.when(restTemplate.exchange( + Mockito.any(RequestEntity.class), + Mockito.eq(responseType) + )).thenReturn(mockResponseEntity); + + VCResult result=idaVCIssuancePlugin.getVerifiableCredentialWithLinkedDataProof(vcRequestDto,"holderId",Map.of("accessTokenHash","ACCESS_TOKEN_HASH","client_id","CLIENT_ID")); + Assert.assertNotNull(result.getCredential()); + Assert.assertEquals(jsonLDObject,result.getCredential()); + Assert.assertEquals(result.getFormat(),"ldp_vc"); + } + + @Test + public void getVerifiableCredentialWithLinkedDataProof_withValidDetailsAndStoreIndividualId_thenPass() throws Exception { + + ReflectionTestUtils.setField(idaVCIssuancePlugin,"vciExchangeUrl","http://example.com"); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"storeIndividualId",true); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"secureIndividualId",true); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"aesECBTransformation","AES/ECB/PKCS5Padding"); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"cacheSecretKeyRefId","cacheSecretKeyRefId"); + + VCRequestDto vcRequestDto = new VCRequestDto(); + vcRequestDto.setFormat("ldp_vc"); + vcRequestDto.setContext(Arrays.asList("context1","context2")); + vcRequestDto.setType(Arrays.asList("VerifiableCredential")); + vcRequestDto.setCredentialSubject(Map.of("subject1","subject1","subject2","subject2")); + + KeyGenerator generator = KeyGenerator.getInstance("AES"); + generator.init(256); + SecretKey key = generator.generateKey(); + String individualId = encryptIndividualId("individual-id",key); + + OIDCTransaction oidcTransaction = new OIDCTransaction(); + oidcTransaction.setIndividualId(individualId); + oidcTransaction.setKycToken("kycToken"); + oidcTransaction.setAuthTransactionId("authTransactionId"); + oidcTransaction.setRelyingPartyId("relyingPartyId"); + + Map> keyaliasesMap = new HashMap<>(); + KeyAlias keyAlias = new KeyAlias(); + keyAlias.setAlias("test"); + keyaliasesMap.put(CURRENTKEYALIAS, Arrays.asList(keyAlias)); + Mockito.when(keymanagerDBHelper.getKeyAliases(Mockito.anyString(), Mockito.anyString(), Mockito.any(LocalDateTime.class))).thenReturn(keyaliasesMap); + Mockito.when(keyStore.getSymmetricKey(Mockito.anyString())).thenReturn(key, key); + + IdaResponseWrapper> mockResponseWrapper = new IdaResponseWrapper<>(); + IdaVcExchangeResponse mockResponse = new IdaVcExchangeResponse<>(); + JsonLDObject jsonLDObject = new JsonLDObject(); + jsonLDObject.setJsonObjectKeyValue("key", "value"); + mockResponse.setVerifiableCredentials(jsonLDObject); + mockResponseWrapper.setResponse(mockResponse); + mockResponseWrapper.setId("id"); + mockResponseWrapper.setVersion("version"); + mockResponseWrapper.setTransactionID("transactionID"); + + ResponseEntity>> mockResponseEntity = ResponseEntity.ok(mockResponseWrapper); + ParameterizedTypeReference>> responseType = + new ParameterizedTypeReference>>() { + }; + + Mockito.when(vciTransactionHelper.getOAuthTransaction(Mockito.any())).thenReturn(oidcTransaction); + Mockito.when(objectMapper.writeValueAsString(Mockito.any())).thenReturn("jsonString"); + Mockito.when(restTemplate.exchange( + Mockito.any(RequestEntity.class), + Mockito.eq(responseType) + )).thenReturn(mockResponseEntity); + + VCResult result=idaVCIssuancePlugin.getVerifiableCredentialWithLinkedDataProof(vcRequestDto,"holderId",Map.of("accessTokenHash","ACCESS_TOKEN_HASH","client_id","CLIENT_ID")); + Assert.assertNotNull(result.getCredential()); + Assert.assertEquals(jsonLDObject,result.getCredential()); + Assert.assertEquals(result.getFormat(),"ldp_vc"); + Mockito.verify(keymanagerDBHelper).getKeyAliases(Mockito.anyString(), Mockito.anyString(), Mockito.any(LocalDateTime.class)); + } + + @Test + public void getVerifiableCredentialWithLinkedDataProof_withInValidIndividualId_thenFail() throws Exception { + + ReflectionTestUtils.setField(idaVCIssuancePlugin,"vciExchangeUrl","http://example.com"); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"storeIndividualId",true); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"secureIndividualId",true); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"aesECBTransformation","AES/ECB/PKCS5Padding"); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"cacheSecretKeyRefId","cacheSecretKeyRefId"); + + VCRequestDto vcRequestDto = new VCRequestDto(); + vcRequestDto.setFormat("ld_vc"); + vcRequestDto.setContext(Arrays.asList("context1","context2")); + vcRequestDto.setType(Arrays.asList("VerifiableCredential")); + vcRequestDto.setCredentialSubject(Map.of("subject1","subject1","subject2","subject2")); + + OIDCTransaction oidcTransaction = new OIDCTransaction(); + oidcTransaction.setIndividualId("individualId"); + oidcTransaction.setKycToken("kycToken"); + oidcTransaction.setAuthTransactionId("authTransactionId"); + oidcTransaction.setRelyingPartyId("relyingPartyId"); + + Mockito.when(vciTransactionHelper.getOAuthTransaction(Mockito.any())).thenReturn(oidcTransaction); + try{ + VCResult result= idaVCIssuancePlugin.getVerifiableCredentialWithLinkedDataProof(vcRequestDto,"holderId",Map.of("accessTokenHash","ACCESS_TOKEN_HASH","client_id","CLIENT_ID")); + Assert.fail(); + }catch (Exception e) + { + Assert.assertEquals("vci_exchange_failed",e.getMessage()); + } + } + + @Test + public void getVerifiableCredentialWithLinkedDataProof_withInVlidResponse_thenFail() throws Exception { + + ReflectionTestUtils.setField(idaVCIssuancePlugin,"vciExchangeUrl","http://example.com"); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"storeIndividualId",true); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"secureIndividualId",true); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"aesECBTransformation","AES/ECB/PKCS5Padding"); + ReflectionTestUtils.setField(idaVCIssuancePlugin,"cacheSecretKeyRefId","cacheSecretKeyRefId"); + + VCRequestDto vcRequestDto = new VCRequestDto(); + vcRequestDto.setFormat("ldp_vc"); + vcRequestDto.setContext(Arrays.asList("context1","context2")); + vcRequestDto.setType(Arrays.asList("VerifiableCredential")); + vcRequestDto.setCredentialSubject(Map.of("subject1","subject1","subject2","subject2")); + + KeyGenerator generator = KeyGenerator.getInstance("AES"); + generator.init(256); + SecretKey key = generator.generateKey(); + String individualId = encryptIndividualId("individual-id",key); + + OIDCTransaction oidcTransaction = new OIDCTransaction(); + oidcTransaction.setIndividualId(individualId); + oidcTransaction.setKycToken("kycToken"); + oidcTransaction.setAuthTransactionId("authTransactionId"); + oidcTransaction.setRelyingPartyId("relyingPartyId"); + + Map> keyaliasesMap = new HashMap<>(); + KeyAlias keyAlias = new KeyAlias(); + keyAlias.setAlias("test"); + keyaliasesMap.put(CURRENTKEYALIAS, Arrays.asList(keyAlias)); + Mockito.when(vciTransactionHelper.getOAuthTransaction(Mockito.any())).thenReturn(oidcTransaction); + Mockito.when(objectMapper.writeValueAsString(Mockito.any())).thenReturn("jsonString"); + Mockito.when(keymanagerDBHelper.getKeyAliases(Mockito.anyString(), Mockito.anyString(), Mockito.any(LocalDateTime.class))).thenReturn(keyaliasesMap); + Mockito.when(keyStore.getSymmetricKey(Mockito.anyString())).thenReturn(key, key); + + IdaResponseWrapper> mockResponseWrapper = new IdaResponseWrapper<>(); + IdaVcExchangeResponse mockResponse = new IdaVcExchangeResponse<>(); + JsonLDObject jsonLDObject = new JsonLDObject(); + jsonLDObject.setJsonObjectKeyValue("key", "value"); + mockResponse.setVerifiableCredentials(jsonLDObject); + mockResponseWrapper.setResponse(null); + mockResponseWrapper.setId("id"); + mockResponseWrapper.setVersion("version"); + mockResponseWrapper.setTransactionID("transactionID"); + + ResponseEntity>> mockResponseEntity = ResponseEntity.ok(mockResponseWrapper); + ParameterizedTypeReference>> responseType = + new ParameterizedTypeReference>>() { + }; + Mockito.when(restTemplate.exchange( + Mockito.any(RequestEntity.class), + Mockito.eq(responseType) + )).thenReturn(mockResponseEntity); + + try{ + VCResult result= idaVCIssuancePlugin.getVerifiableCredentialWithLinkedDataProof(vcRequestDto,"holderId",Map.of("accessTokenHash","ACCESS_TOKEN_HASH","client_id","CLIENT_ID")); + Assert.fail(); + }catch (Exception e) + { + Assert.assertEquals("vci_exchange_failed",e.getMessage()); + } + } + + private String encryptIndividualId(String individualId, Key key) { + try { + Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); + byte[] secretDataBytes = individualId.getBytes(StandardCharsets.UTF_8); + cipher.init(Cipher.ENCRYPT_MODE,key); + return IdentityProviderUtil.b64Encode(cipher.doFinal(secretDataBytes, 0, secretDataBytes.length)); + } catch(Exception e) { + throw new EsignetException(ErrorConstants.AES_CIPHER_FAILED); + } + } + +}