diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/constants/Constants.java b/esignet-core/src/main/java/io/mosip/esignet/core/constants/Constants.java index e22197277..5ada1fb16 100644 --- a/esignet-core/src/main/java/io/mosip/esignet/core/constants/Constants.java +++ b/esignet-core/src/main/java/io/mosip/esignet/core/constants/Constants.java @@ -50,4 +50,5 @@ public class Constants { public static final String SERVER_NONCE_SEPARATOR = "~###~"; public static final String RESUMED = "RESUMED"; public static final String RESUME_NOT_APPLICABLE = "RESUME_NOT_APPLICABLE"; + public static final String VERIFIED_CLAIMS = "verified_claims"; } diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/dto/OIDCTransaction.java b/esignet-core/src/main/java/io/mosip/esignet/core/dto/OIDCTransaction.java index fba42dac5..2587e7139 100644 --- a/esignet-core/src/main/java/io/mosip/esignet/core/dto/OIDCTransaction.java +++ b/esignet-core/src/main/java/io/mosip/esignet/core/dto/OIDCTransaction.java @@ -5,6 +5,7 @@ */ package io.mosip.esignet.core.dto; +import com.fasterxml.jackson.databind.JsonNode; import io.mosip.esignet.api.dto.claim.Claims; import io.mosip.esignet.api.dto.claim.VerificationDetail; import io.mosip.esignet.api.util.ConsentAction; @@ -26,7 +27,7 @@ public class OIDCTransaction implements Serializable { String clientId; String relyingPartyId; String redirectUri; - Claims requestedClaims; + Claims resolvedClaims; List essentialClaims; List voluntaryClaims; List requestedAuthorizeScopes; @@ -68,4 +69,5 @@ public class OIDCTransaction implements Serializable { boolean isInternalAuthSuccess; Map> claimMetadata; + Map requestedClaimDetails; } diff --git a/esignet-core/src/main/java/io/mosip/esignet/core/util/AuditHelper.java b/esignet-core/src/main/java/io/mosip/esignet/core/util/AuditHelper.java index 4f9a12b1b..bf718f3fa 100644 --- a/esignet-core/src/main/java/io/mosip/esignet/core/util/AuditHelper.java +++ b/esignet-core/src/main/java/io/mosip/esignet/core/util/AuditHelper.java @@ -32,7 +32,7 @@ public static AuditDTO buildAuditDto(String transactionId, String idType, OIDCTr if(transaction != null) { auditDTO.setRelyingPartyId(transaction.getRelyingPartyId()); auditDTO.setClientId(transaction.getClientId()); - auditDTO.setRequestedClaims(transaction.getRequestedClaims()); + auditDTO.setRequestedClaims(transaction.getResolvedClaims()); auditDTO.setRequestedAuthorizeScopes(transaction.getRequestedAuthorizeScopes()); auditDTO.setRedirectUri(transaction.getRedirectUri()); auditDTO.setClaimsLocales(transaction.getClaimsLocales()); diff --git a/esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/VerifiedKycExchangeDto.java b/esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/VerifiedKycExchangeDto.java index 691afd23b..3e665a640 100644 --- a/esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/VerifiedKycExchangeDto.java +++ b/esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/VerifiedKycExchangeDto.java @@ -5,6 +5,7 @@ */ package io.mosip.esignet.api.dto; +import com.fasterxml.jackson.databind.JsonNode; import lombok.Data; import java.util.List; @@ -13,5 +14,5 @@ @Data public class VerifiedKycExchangeDto extends KycExchangeDto { - private Map>> acceptedVerifiedClaims; + private Map acceptedClaimDetails; } diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java index 49a989b43..f7fcd44ee 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java @@ -287,7 +287,7 @@ protected SendOtpResult delegateSendOtpRequest(OtpRequest otpRequest, OIDCTransa protected Set> getProvidedAuthFactors(OIDCTransaction transaction, List challengeList) throws EsignetException { List> resolvedAuthFactors = authenticationContextClassRefUtil.getAuthFactors( - (String[]) transaction.getRequestedClaims().getId_token().get(ACR).get("values")); + (String[]) transaction.getResolvedClaims().getId_token().get(ACR).get("values")); List providedAuthFactors = challengeList.stream() .map(AuthChallenge::getAuthFactorType) .collect(Collectors.toList()); diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java index f95adf6a7..0779b463f 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java @@ -272,12 +272,12 @@ public ClaimDetailResponse getClaimDetails(String transactionId) { List list = new ArrayList<>(); log.debug("Get claims status based on stored claim metadata : {}", transaction.getClaimMetadata()); - for(Map.Entry>> entry : transaction.getRequestedClaims().getUserinfo().entrySet()) { + for(Map.Entry>> entry : transaction.getResolvedClaims().getUserinfo().entrySet()) { list.add(claimsHelperService.getClaimStatus(entry.getKey(), entry.getValue(), transaction.getClaimMetadata())); } //Profile update is mandated only if any essential verified claim is requested - boolean isEssentialVerifiedClaimRequested = transaction.getRequestedClaims().getUserinfo() + boolean isEssentialVerifiedClaimRequested = transaction.getResolvedClaims().getUserinfo() .entrySet() .stream() .anyMatch( entry -> entry.getValue().stream() @@ -399,7 +399,7 @@ private Pair checkAndBuildOIDCTransaction( IdentityProviderUtil.validateRedirectURI(clientDetailDto.getRedirectUris(), oauthDetailReqDto.getRedirectUri()); //Resolve the final set of claims based on registered and request parameter. - Claims resolvedClaims = claimsHelperService.getRequestedClaims(oauthDetailReqDto, clientDetailDto); + Claims resolvedClaims = claimsHelperService.resolveRequestedClaims(oauthDetailReqDto, clientDetailDto); //Resolve and set ACR claim resolvedClaims.getId_token().put(ACR, resolveACRClaim(clientDetailDto.getAcrValues(), oauthDetailReqDto.getAcrValues(), @@ -427,7 +427,7 @@ private Pair checkAndBuildOIDCTransaction( oidcTransaction.setRedirectUri(oauthDetailReqDto.getRedirectUri()); oidcTransaction.setRelyingPartyId(clientDetailDto.getRpId()); oidcTransaction.setClientId(clientDetailDto.getId()); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); oidcTransaction.setRequestedAuthorizeScopes(oAuthDetailResponse.getAuthorizeScopes()); oidcTransaction.setNonce(oauthDetailReqDto.getNonce()); oidcTransaction.setState(oauthDetailReqDto.getState()); @@ -438,6 +438,7 @@ private Pair checkAndBuildOIDCTransaction( oidcTransaction.setServerNonce(UUID.randomUUID().toString()); oidcTransaction.setRequestedCredentialScopes(authorizationHelperService.getCredentialScopes(oauthDetailReqDto.getScope())); oidcTransaction.setInternalAuthSuccess(false); + oidcTransaction.setRequestedClaimDetails(oauthDetailReqDto.getClaims()!=null? oauthDetailReqDto.getClaims().getUserinfo() : null); return Pair.of(oAuthDetailResponse, oidcTransaction); } diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/ClaimsHelperService.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/ClaimsHelperService.java index 4609c5c70..c296a4449 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/ClaimsHelperService.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/ClaimsHelperService.java @@ -34,7 +34,6 @@ @Component public class ClaimsHelperService { - private static final String VERIFIED_CLAIMS = "verified_claims"; @Value("#{${mosip.esignet.openid.scope.claims}}") private Map> claims; @@ -61,7 +60,7 @@ protected Map> getClaimNames(Claims resolvedClaims) { } - protected Claims getRequestedClaims(OAuthDetailRequest oauthDetailRequest, ClientDetail clientDetailDto) + protected Claims resolveRequestedClaims(OAuthDetailRequest oauthDetailRequest, ClientDetail clientDetailDto) throws EsignetException { Claims resolvedClaims = new Claims(); resolvedClaims.setUserinfo(new HashMap<>()); @@ -119,8 +118,8 @@ else if(claimBasedOnScope.contains(claimName)) } protected boolean isVerifiedClaimRequested(OIDCTransaction transaction) { - return transaction.getRequestedClaims().getUserinfo() != null && - transaction.getRequestedClaims().getUserinfo() + return transaction.getResolvedClaims().getUserinfo() != null && + transaction.getResolvedClaims().getUserinfo() .entrySet() .stream() .anyMatch( entry -> entry.getValue().stream().anyMatch( m-> m.get("verification") != null)); @@ -142,7 +141,7 @@ protected boolean isVerifiedClaimRequested(OIDCTransaction transaction) { * */ protected void validateAcceptedClaims(OIDCTransaction transaction, List acceptedClaims) throws EsignetException { - Map>> userinfo = Optional.ofNullable(transaction.getRequestedClaims()) + Map>> userinfo = Optional.ofNullable(transaction.getResolvedClaims()) .map(Claims::getUserinfo) .orElse(Collections.emptyMap()); diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java index 357c07b3d..8eaa59e4e 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/ConsentHelperService.java @@ -102,7 +102,7 @@ public void updateUserConsent(OIDCTransaction transaction, String signature) { UserConsent userConsent = new UserConsent(); userConsent.setClientId(transaction.getClientId()); userConsent.setPsuToken(transaction.getPartnerSpecificUserToken()); - Claims claims = transaction.getRequestedClaims(); + Claims claims = transaction.getResolvedClaims(); List acceptedClaims = transaction.getAcceptedClaims(); Map normalizedClaims = new HashMap<>(); normalizedClaims.put("userinfo", normalizeUserInfoClaims(claims.getUserinfo())); @@ -196,8 +196,8 @@ private ConsentAction evaluateConsentAction(OIDCTransaction transaction, Consent Map authorizeScopes = authorizeScope != null ? authorizeScope.stream() .collect(Collectors.toMap(Function.identity(), s->false)) : Collections.emptyMap(); Map normalizedClaims = new HashMap<>(); - normalizedClaims.put("userinfo", normalizeUserInfoClaims(transaction.getRequestedClaims().getUserinfo())); - normalizedClaims.put("id_token", normalizeIdTokenClaims(transaction.getRequestedClaims().getId_token())); + normalizedClaims.put("userinfo", normalizeUserInfoClaims(transaction.getResolvedClaims().getUserinfo())); + normalizedClaims.put("id_token", normalizeIdTokenClaims(transaction.getResolvedClaims().getId_token())); hash = hashUserConsent(normalizedClaims, authorizeScopes); } catch (JsonProcessingException e) { log.error("Failed to hash the user consent", e); diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/LinkedAuthorizationServiceImpl.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/LinkedAuthorizationServiceImpl.java index 280a1e5a6..d9ab0c683 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/LinkedAuthorizationServiceImpl.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/LinkedAuthorizationServiceImpl.java @@ -169,7 +169,7 @@ private Pair checkAndPublishLinkedTransac linkTransactionResponse.setLinkTransactionId(linkedTransactionId); linkTransactionResponse.setAuthFactors(authenticationContextClassRefUtil.getAuthFactors( - (String[]) transaction.getRequestedClaims().getId_token().get(ACR).get("values"))); + (String[]) transaction.getResolvedClaims().getId_token().get(ACR).get("values"))); linkTransactionResponse.setEssentialClaims(transaction.getEssentialClaims()); linkTransactionResponse.setVoluntaryClaims(transaction.getVoluntaryClaims()); linkTransactionResponse.setAuthorizeScopes(transaction.getRequestedAuthorizeScopes()); diff --git a/oidc-service-impl/src/main/java/io/mosip/esignet/services/OAuthServiceImpl.java b/oidc-service-impl/src/main/java/io/mosip/esignet/services/OAuthServiceImpl.java index 31af24650..d7c0b37bb 100644 --- a/oidc-service-impl/src/main/java/io/mosip/esignet/services/OAuthServiceImpl.java +++ b/oidc-service-impl/src/main/java/io/mosip/esignet/services/OAuthServiceImpl.java @@ -5,6 +5,10 @@ */ package io.mosip.esignet.services; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.ArrayNode; +import com.fasterxml.jackson.databind.node.ObjectNode; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.jwk.JWK; import io.mosip.esignet.api.dto.KycExchangeDto; @@ -72,6 +76,9 @@ public class OAuthServiceImpl implements OAuthService { @Autowired private SecurityHelperService securityHelperService; + @Autowired + private ObjectMapper objectMapper; + @Value("${mosip.esignet.access-token-expire-seconds:60}") private int accessTokenExpireSeconds; @@ -253,30 +260,41 @@ private KycExchangeResult doKycExchange(OIDCTransaction transaction) { kycExchangeDto.setAcceptedClaims(transaction.getAcceptedClaims()); kycExchangeDto.setClaimsLocales(transaction.getClaimsLocales()); kycExchangeDto.setIndividualId(authorizationHelperService.getIndividualId(transaction)); - kycExchangeDto.setAcceptedVerifiedClaims(new HashMap<>()); - if(!CollectionUtils.isEmpty(transaction.getAcceptedClaims()) && transaction.getRequestedClaims().getUserinfo() != null) { + Map acceptedClaimDetails = new HashMap<>(); + if(!CollectionUtils.isEmpty(transaction.getAcceptedClaims())) { for(String claim : transaction.getAcceptedClaims()) { - List> claimDetails = transaction.getRequestedClaims().getUserinfo().get(claim); - - List> result = claimDetails == null ? null : claimDetails.stream() - .filter( m -> m.get("verification") != null) - .map( m -> (Map)m.get("verification")) - .collect(Collectors.toList()); - if(result != null) { - kycExchangeDto.getAcceptedVerifiedClaims().put(claim, result); + acceptedClaimDetails.put(claim, transaction.getRequestedClaimDetails() != null ? + transaction.getRequestedClaimDetails().get(claim) : null); + } + + JsonNode verifiedClaims = transaction.getRequestedClaimDetails() != null ? transaction.getRequestedClaimDetails().get(VERIFIED_CLAIMS) : null; + if (verifiedClaims != null) { + if(verifiedClaims.isArray()) { + ArrayNode arrayNode = objectMapper.createArrayNode(); + Iterator itr = verifiedClaims.iterator(); + while(itr.hasNext()) { + JsonNode jsonNode = removeDeniedClaims(transaction.getAcceptedClaims(), itr.next()); + if(jsonNode != null) { arrayNode.add(jsonNode); } + } + acceptedClaimDetails.put(VERIFIED_CLAIMS, arrayNode); + } + else { + JsonNode jsonNode = removeDeniedClaims(transaction.getAcceptedClaims(), verifiedClaims); + if(jsonNode != null) { acceptedClaimDetails.put(VERIFIED_CLAIMS, verifiedClaims); } } } } + kycExchangeDto.setAcceptedClaimDetails(acceptedClaimDetails); if(transaction.isInternalAuthSuccess()) { log.info("Internal kyc exchange is invoked as the transaction is marked as internal auth success"); kycExchangeResult = doInternalKycExchange(kycExchangeDto); } else { - kycExchangeResult = kycExchangeDto.getAcceptedVerifiedClaims().isEmpty() ? - authenticationWrapper.doKycExchange(transaction.getRelyingPartyId(), - transaction.getClientId(), kycExchangeDto) : + kycExchangeResult = acceptedClaimDetails.containsKey(VERIFIED_CLAIMS) ? authenticationWrapper.doVerifiedKycExchange(transaction.getRelyingPartyId(), + transaction.getClientId(), kycExchangeDto) : + authenticationWrapper.doKycExchange(transaction.getRelyingPartyId(), transaction.getClientId(), kycExchangeDto); } @@ -306,4 +324,18 @@ private boolean isTransactionVCScoped(OIDCTransaction transaction) { transaction.getPermittedScopes().stream() .anyMatch(scope -> transaction.getRequestedCredentialScopes().contains(scope))); } + + private JsonNode removeDeniedClaims(List acceptedClaims, JsonNode verifiedClaim) { + if(verifiedClaim.hasNonNull("claims")) { + Iterator requestedClaims = verifiedClaim.get("claims").deepCopy().fieldNames(); + while(requestedClaims.hasNext()) { + String claimName = requestedClaims.next(); + if(!acceptedClaims.contains(claimName)) { + ((ObjectNode)verifiedClaim.get("claims")).remove(claimName); + } + } + return verifiedClaim.get("claims").isEmpty() ? null : verifiedClaim; + } + return null; + } } diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationHelperServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationHelperServiceTest.java index 6fbde28f2..39d5180ce 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationHelperServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationHelperServiceTest.java @@ -8,7 +8,6 @@ import com.fasterxml.jackson.databind.ObjectMapper; import io.mosip.esignet.api.dto.*; -import io.mosip.esignet.api.dto.claim.ClaimDetail; import io.mosip.esignet.api.dto.claim.Claims; import io.mosip.esignet.api.exception.KycAuthException; import io.mosip.esignet.api.exception.SendOtpException; @@ -225,7 +224,7 @@ public void delegateAuthenticateRequest_withValidDetails_thenPass() throws KycAu oidcTransaction.setRelyingPartyId("rp-id"); oidcTransaction.setClientId("client-id"); oidcTransaction.setAuthTransactionId("auth-transaction-id"); - oidcTransaction.setRequestedClaims(new Claims()); + oidcTransaction.setResolvedClaims(new Claims()); KycAuthResult kycAuthResult = new KycAuthResult(); kycAuthResult.setKycToken("kyc-token"); kycAuthResult.setPartnerSpecificUserToken("psut"); @@ -245,7 +244,7 @@ public void delegateAuthenticateRequest_withInvalidResult_thenFail() throws KycA oidcTransaction.setRelyingPartyId("rp-id"); oidcTransaction.setClientId("client-id"); oidcTransaction.setAuthTransactionId("auth-transaction-id"); - oidcTransaction.setRequestedClaims(new Claims()); + oidcTransaction.setResolvedClaims(new Claims()); Mockito.when(authenticationWrapper.doKycAuth(Mockito.anyString(), Mockito.anyString(), anyBoolean(), any(KycAuthDto.class))).thenReturn(null); try { @@ -294,7 +293,7 @@ public void delegateAuthenticateRequest_ThrowsKycAuthException_thenFail() throws oidcTransaction.setRelyingPartyId("rp-id"); oidcTransaction.setClientId("client-id"); oidcTransaction.setAuthTransactionId("auth-transaction-id"); - oidcTransaction.setRequestedClaims(new Claims()); + oidcTransaction.setResolvedClaims(new Claims()); Mockito.when(authenticationWrapper.doKycAuth(Mockito.anyString(), Mockito.anyString(), anyBoolean(), any(KycAuthDto.class))).thenThrow(KycAuthException.class); try{ authorizationHelperService.delegateAuthenticateRequest(transactionId, individualId, challengeList, oidcTransaction); @@ -397,7 +396,7 @@ public void getProvidedAuthFactors_withValidInput_thenPass() { map.put("values", new String [] {"generated-code", "static-code"}); resolvedClaims.getId_token().put(ACR, map); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); List challengeList = new ArrayList<>(); AuthChallenge authChallenge = new AuthChallenge(); @@ -426,7 +425,7 @@ public void getProvidedAuthFactors_withAuthFactorMismatch_thenFail() { map.put("values", new String [] {"generated-code", "static-code"}); resolvedClaims.getId_token().put(ACR, map); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); List challengeList = new ArrayList<>(); AuthChallenge authChallenge = new AuthChallenge(); diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationServiceTest.java index 3bd94fb5f..4bca34aac 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/AuthorizationServiceTest.java @@ -1346,7 +1346,7 @@ public void getAuthCode_withValidInput_thenPass() { nameMap.put("essential", true); userinfo.put("fullName", Arrays.asList(nameMap)); requestedClaims.setUserinfo(userinfo); - transaction.setRequestedClaims(requestedClaims); + transaction.setResolvedClaims(requestedClaims); Mockito.when(cacheUtilService.getAuthenticatedTransaction(Mockito.anyString())).thenReturn(transaction); Mockito.when(cacheUtilService.setAuthCodeGeneratedTransaction(Mockito.anyString(), Mockito.any())).thenReturn(transaction); Assert.assertEquals(authorizationServiceImpl.getAuthCode(authCodeRequest).getNonce(), "test-nonce"); @@ -1378,7 +1378,7 @@ public void getClaimDetails_withValidTransaction_thenPass(){ map.put("verification", new HashMap<>()); resolvedClaims.getUserinfo().put("name", Arrays.asList(map)); - transaction.setRequestedClaims(resolvedClaims); + transaction.setResolvedClaims(resolvedClaims); transaction.setEssentialClaims(List.of("name", "email")); transaction.setVoluntaryClaims(List.of("phone_number")); transaction.setConsentAction(ConsentAction.NOCAPTURE); @@ -1484,7 +1484,7 @@ private OIDCTransaction createIdpTransaction(String[] acrs) { idClaims.put(ACR, map); Claims requestedClaims = new Claims(); requestedClaims.setId_token(idClaims); - oidcTransaction.setRequestedClaims(requestedClaims); + oidcTransaction.setResolvedClaims(requestedClaims); oidcTransaction.setClientId("test-client"); oidcTransaction.setRelyingPartyId("test-rp-client"); return oidcTransaction; diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/ClaimsHelperServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/ClaimsHelperServiceTest.java index d2a37ac6b..bd0cf4172 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/ClaimsHelperServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/ClaimsHelperServiceTest.java @@ -100,7 +100,7 @@ public void validateAcceptedClaims_withEmptyRequestedClaims_thenFail() { Claims resolvedClaims = new Claims(); resolvedClaims.setUserinfo(new HashMap<>()); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); try { claimsHelperService.validateAcceptedClaims(oidcTransaction, Arrays.asList("name", "gender")); Assert.fail(); @@ -124,7 +124,7 @@ public void validateAcceptedClaims_withInvalidAcceptedClaims_thenFail() { userinfoClaims.put("gender", null); resolvedClaims.setUserinfo(userinfoClaims); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); try { claimsHelperService.validateAcceptedClaims(oidcTransaction, Arrays.asList("email", "phone_number")); Assert.fail(); @@ -148,7 +148,7 @@ public void validateAcceptedClaims_withValidAcceptedEssentialClaims_thenPass() { userinfoClaims.put("gender", null); resolvedClaims.setUserinfo(userinfoClaims); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); claimsHelperService.validateAcceptedClaims(oidcTransaction, Arrays.asList("name", "birthdate")); } @@ -167,7 +167,7 @@ public void validateAcceptedClaims_withAllOptionalClaimsNotAccepted_thenPass() { userinfoClaims.put("gender", null); resolvedClaims.setUserinfo(userinfoClaims); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); claimsHelperService.validateAcceptedClaims(oidcTransaction, List.of()); } @@ -186,7 +186,7 @@ public void validateAcceptedClaims_withSomeValidAcceptedEssentialClaims_thenFail userinfoClaims.put("gender", null); resolvedClaims.setUserinfo(userinfoClaims); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); oidcTransaction.setEssentialClaims(Arrays.asList("name", "birthdate")); try { claimsHelperService.validateAcceptedClaims(oidcTransaction, Arrays.asList("name", "address")); @@ -211,7 +211,7 @@ public void validateAcceptedClaims_withAllOptionalClaims_thenFail() { userinfoClaims.put("gender", null); resolvedClaims.setUserinfo(userinfoClaims); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(resolvedClaims); + oidcTransaction.setResolvedClaims(resolvedClaims); try { claimsHelperService.validateAcceptedClaims(oidcTransaction, Arrays.asList("email", "phone_number")); Assert.fail(); @@ -221,7 +221,7 @@ public void validateAcceptedClaims_withAllOptionalClaims_thenFail() { } @Test - public void getRequestedClaims_withoutOpenidScope_thenFail() { + public void resolveRequestedClaims_withoutOpenidScope_thenFail() { OAuthDetailRequest oAuthDetailRequest = new OAuthDetailRequest(); ClaimsV2 claimsV2 = new ClaimsV2(); @@ -232,7 +232,7 @@ public void getRequestedClaims_withoutOpenidScope_thenFail() { oAuthDetailRequest.setClaims(claimsV2); try { - claimsHelperService.getRequestedClaims(oAuthDetailRequest, new ClientDetail()); + claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, new ClientDetail()); Assert.fail(); } catch (EsignetException e) { Assert.assertEquals(INVALID_SCOPE, e.getErrorCode()); @@ -240,7 +240,7 @@ public void getRequestedClaims_withoutOpenidScope_thenFail() { } @Test - public void getRequestedClaims_withValidVerifiedClaims_thenPass() throws JsonProcessingException { + public void resolveRequestedClaims_withValidVerifiedClaims_thenPass() throws JsonProcessingException { ClientDetail clientDetail = new ClientDetail(); clientDetail.setClaims(Arrays.asList("name", "gender")); OAuthDetailRequest oAuthDetailRequest = new OAuthDetailRequest(); @@ -254,7 +254,7 @@ public void getRequestedClaims_withValidVerifiedClaims_thenPass() throws JsonPro oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); Assert.assertNotNull(claims); Assert.assertEquals(2, claims.getUserinfo().size()); Assert.assertTrue(claims.getUserinfo().containsKey("name")); @@ -266,7 +266,7 @@ public void getRequestedClaims_withValidVerifiedClaims_thenPass() throws JsonPro } @Test - public void getRequestedClaims_withValidVerifiedClaimList_thenPass() throws JsonProcessingException { + public void resolveRequestedClaims_withValidVerifiedClaimList_thenPass() throws JsonProcessingException { ClientDetail clientDetail = new ClientDetail(); clientDetail.setClaims(Arrays.asList("name", "gender", "email")); OAuthDetailRequest oAuthDetailRequest = new OAuthDetailRequest(); @@ -281,7 +281,7 @@ public void getRequestedClaims_withValidVerifiedClaimList_thenPass() throws Json oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); Assert.assertNotNull(claims); Assert.assertEquals(3, claims.getUserinfo().size()); Assert.assertTrue(claims.getUserinfo().containsKey("name")); @@ -310,7 +310,7 @@ public void getClaimStatus_withNullStoredVerificationMetadata_thenPass() throws oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); ClaimStatus nameClaimStatus = claimsHelperService.getClaimStatus("name", claims.getUserinfo().get("name"), null); Assert.assertNotNull(nameClaimStatus); @@ -359,7 +359,7 @@ public void getClaimStatus_withValidClaims_thenPass() throws JsonProcessingExcep oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); ClaimStatus nameClaimStatus = claimsHelperService.getClaimStatus("name", claims.getUserinfo().get("name"), storedVerificationMetadata); Assert.assertNotNull(nameClaimStatus); @@ -412,7 +412,7 @@ public void getClaimStatus_withDifferentStoredClaimMetadata_thenPass() throws Js oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); ClaimStatus nameClaimStatus = claimsHelperService.getClaimStatus("name", claims.getUserinfo().get("name"), storedVerificationMetadata); Assert.assertNotNull(nameClaimStatus); @@ -437,10 +437,10 @@ public void isVerifiedClaimRequested_withVerificationMetadata_thenTrue() throws oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); Assert.assertTrue(claimsHelperService.isVerifiedClaimRequested(oidcTransaction)); } @@ -458,15 +458,15 @@ public void isVerifiedClaimRequested_withoutVerificationMetadata_thenFalse() thr oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); - Claims claims = claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + Claims claims = claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); OIDCTransaction oidcTransaction = new OIDCTransaction(); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); Assert.assertFalse(claimsHelperService.isVerifiedClaimRequested(oidcTransaction)); } @Test - public void getRequestedClaims_withInvalidVerifiedClaims_thenFail() throws JsonProcessingException { + public void resolveRequestedClaims_withInvalidVerifiedClaims_thenFail() throws JsonProcessingException { ClientDetail clientDetail = new ClientDetail(); clientDetail.setClaims(Arrays.asList("name", "gender", "email")); OAuthDetailRequest oAuthDetailRequest = new OAuthDetailRequest(); @@ -481,7 +481,7 @@ public void getRequestedClaims_withInvalidVerifiedClaims_thenFail() throws JsonP oAuthDetailRequest.setScope("openid profile"); oAuthDetailRequest.setClaims(claimsV2); try { - claimsHelperService.getRequestedClaims(oAuthDetailRequest, clientDetail); + claimsHelperService.resolveRequestedClaims(oAuthDetailRequest, clientDetail); Assert.fail(); } catch (EsignetException e) { Assert.assertEquals(INVALID_VERIFICATION, e.getErrorCode()); diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java index e3d154bc8..f45d3f558 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/ConsentHelperServiceTest.java @@ -143,7 +143,7 @@ public void addUserConsent_withValidLinkedTransaction_thenPass() throws Exceptio oidcTransaction.setAcceptedClaims(Arrays.asList("name","email","gender")); oidcTransaction.setPermittedScopes(Arrays.asList("openid","profile","email")); oidcTransaction.setRequestedAuthorizeScopes(Arrays.asList("openid","profile","email")); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); List acceptedClaims =oidcTransaction.getAcceptedClaims(); List permittedScopes =oidcTransaction.getPermittedScopes(); @@ -196,7 +196,7 @@ public void addUserConsent_withValidWebTransaction_thenPass() claims.setUserinfo(userinfo); claims.setId_token(id_token); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); Mockito.when(consentService.saveUserConsent(Mockito.any())).thenReturn(new ConsentDetail()); @@ -259,7 +259,7 @@ public void processConsent_withWebFlowAndValidConsentAndGetConsentActionAsNoCapt claims.setUserinfo(userinfo); claims.setId_token(id_token); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); UserConsentRequest userConsentRequest = new UserConsentRequest(); userConsentRequest.setClientId(oidcTransaction.getClientId()); @@ -336,7 +336,7 @@ public void processConsent_withLinkedFlowAndValidConsentAndGetConsentActionAsCap claims.setUserinfo(userinfo); claims.setId_token(id_token); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); UserConsentRequest userConsentRequest = new UserConsentRequest(); userConsentRequest.setClientId(oidcTransaction.getClientId()); @@ -446,7 +446,7 @@ public void processConsent_withInvalidIdHashOrThumbPrint_thenPass() throws Excep claims.setUserinfo(userinfo); claims.setId_token(id_token); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); UserConsentRequest userConsentRequest = new UserConsentRequest(); userConsentRequest.setClientId(oidcTransaction.getClientId()); diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/LinkedAuthorizationServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/LinkedAuthorizationServiceTest.java index a3c45ba26..0005aa5f4 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/LinkedAuthorizationServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/LinkedAuthorizationServiceTest.java @@ -223,7 +223,7 @@ public void linkTransaction_withValidInput_thenPass() { claims.setUserinfo(userinfoMap); OIDCTransaction oidcTransaction = new OIDCTransaction(); oidcTransaction.setClientId("client-id"); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); LinkTransactionMetadata linkTransactionMetadata = new LinkTransactionMetadata(transactionId, null); Mockito.when(cacheUtilService.getLinkCodeGenerated(Mockito.anyString())).thenReturn(linkTransactionMetadata); @@ -291,7 +291,7 @@ public void linkTransactionV2_withValidInput_thenPass() { claims.setUserinfo(userinfoMap); OIDCTransaction oidcTransaction = new OIDCTransaction(); oidcTransaction.setClientId("client-id"); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); LinkTransactionMetadata linkTransactionMetadata = new LinkTransactionMetadata(transactionId, null); Mockito.when(cacheUtilService.getLinkCodeGenerated(Mockito.anyString())).thenReturn(linkTransactionMetadata); @@ -650,7 +650,7 @@ private OIDCTransaction createIdpTransaction(String[] acrs) { idClaims.put(ACR, map); Claims requestedClaims = new Claims(); requestedClaims.setId_token(idClaims); - oidcTransaction.setRequestedClaims(requestedClaims); + oidcTransaction.setResolvedClaims(requestedClaims); oidcTransaction.setClientId("test-client"); oidcTransaction.setRelyingPartyId("test-rp-client"); return oidcTransaction; diff --git a/oidc-service-impl/src/test/java/io/mosip/esignet/services/OAuthServiceTest.java b/oidc-service-impl/src/test/java/io/mosip/esignet/services/OAuthServiceTest.java index abf0b5127..f158ed4e9 100644 --- a/oidc-service-impl/src/test/java/io/mosip/esignet/services/OAuthServiceTest.java +++ b/oidc-service-impl/src/test/java/io/mosip/esignet/services/OAuthServiceTest.java @@ -5,6 +5,9 @@ */ package io.mosip.esignet.services; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import io.mosip.esignet.api.dto.KycExchangeResult; import io.mosip.esignet.api.dto.KycSigningCertificateData; import io.mosip.esignet.api.dto.claim.Claims; @@ -23,6 +26,7 @@ import io.mosip.kernel.keymanagerservice.dto.CertificateDataResponseDto; import io.mosip.kernel.keymanagerservice.service.KeymanagerService; import org.junit.Assert; +import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InjectMocks; @@ -70,6 +74,13 @@ public class OAuthServiceTest { @Mock private SecurityHelperService securityHelperService; + private ObjectMapper objectMapper = new ObjectMapper(); + + @Before + public void setup() { + ReflectionTestUtils.setField(oAuthService, "objectMapper", objectMapper); + } + @Test public void getTokens_withValidRequest_thenPass() throws KycExchangeException { TokenRequest tokenRequest = new TokenRequest(); @@ -146,7 +157,61 @@ public void getTokens_withValidRequestWithPKCE_thenPass() throws KycExchangeExce } @Test - public void getTokens_withValidVerifiedClaimRequest_thenPass() throws KycExchangeException { + public void getTokens_withValidVerifiedClaimRequest_thenPass() throws KycExchangeException, JsonProcessingException { + TokenRequest tokenRequest = new TokenRequest(); + tokenRequest.setCode("test-code"); + tokenRequest.setClient_id("client-id"); + tokenRequest.setRedirect_uri("https://test-redirect-uri/test-page"); + tokenRequest.setClient_assertion_type(JWT_BEARER_TYPE); + tokenRequest.setClient_assertion("client-assertion"); + + OIDCTransaction oidcTransaction = new OIDCTransaction(); + oidcTransaction.setClientId("client-id"); + oidcTransaction.setKycToken("kyc-token"); + oidcTransaction.setAuthTransactionId("auth-transaction-id"); + oidcTransaction.setRelyingPartyId("rp-id"); + oidcTransaction.setRedirectUri("https://test-redirect-uri/test-page"); + oidcTransaction.setIndividualId("individual-id"); + oidcTransaction.setAcceptedClaims(Arrays.asList("name", "email")); + + Claims claims = new Claims(); + claims.setUserinfo(new HashMap<>()); + Map map = new HashMap<>(); + map.put("essential", true); + map.put("verification", new HashMap<>()); + ((Map)map.get("verification")).put("trust_framework", null); + claims.getUserinfo().put("name", Arrays.asList(map)); + oidcTransaction.setResolvedClaims(claims); + + Map requestedClaimDetail = new HashMap<>(); + requestedClaimDetail.put("name", null); + requestedClaimDetail.put("email", objectMapper.readTree("{\"essential\":false}")); + requestedClaimDetail.put("phone_number", objectMapper.readTree("{\"essential\":true}")); + requestedClaimDetail.put("verified_claims", objectMapper.readTree("{\"verification\":{\"trust_framework\":null}, \"claims\":{\"email\":{\"essential\":true},\"address\":{\"essential\":true}}}")); + oidcTransaction.setRequestedClaimDetails(requestedClaimDetail); + + ClientDetail clientDetail = new ClientDetail(); + clientDetail.setRedirectUris(Arrays.asList("https://test-redirect-uri/**", "http://test-redirect-uri-2")); + KycExchangeResult kycExchangeResult = new KycExchangeResult(); + kycExchangeResult.setEncryptedKyc("encrypted-kyc"); + + Mockito.when(authorizationHelperService.getKeyHash(Mockito.anyString())).thenReturn("code-hash"); + ReflectionTestUtils.setField(authorizationHelperService, "secureIndividualId", false); + Mockito.when(cacheUtilService.getAuthCodeTransaction(Mockito.anyString())).thenReturn(oidcTransaction); + Mockito.when(clientManagementService.getClientDetails(Mockito.anyString())).thenReturn(clientDetail); + Mockito.when(authenticationWrapper.doVerifiedKycExchange(Mockito.anyString(), Mockito.anyString(), Mockito.any())).thenReturn(kycExchangeResult); + Mockito.when(tokenService.getAccessToken(Mockito.any(),Mockito.any())).thenReturn("test-access-token"); + Mockito.when(tokenService.getIDToken(Mockito.any())).thenReturn("test-id-token"); + TokenResponse tokenResponse = oAuthService.getTokens(tokenRequest,false); + Assert.assertNotNull(tokenResponse); + Assert.assertNotNull(tokenResponse.getId_token()); + Assert.assertNotNull(tokenResponse.getAccess_token()); + Assert.assertEquals(BEARER, tokenResponse.getToken_type()); + Assert.assertEquals(kycExchangeResult.getEncryptedKyc(), oidcTransaction.getEncryptedKyc()); + } + + @Test + public void getTokens_withListOfVerifiedClaimRequest_thenPass() throws KycExchangeException, JsonProcessingException { TokenRequest tokenRequest = new TokenRequest(); tokenRequest.setCode("test-code"); tokenRequest.setClient_id("client-id"); @@ -170,7 +235,17 @@ public void getTokens_withValidVerifiedClaimRequest_thenPass() throws KycExchang map.put("verification", new HashMap<>()); ((Map)map.get("verification")).put("trust_framework", null); claims.getUserinfo().put("name", Arrays.asList(map)); - oidcTransaction.setRequestedClaims(claims); + oidcTransaction.setResolvedClaims(claims); + + Map requestedClaimDetail = new HashMap<>(); + requestedClaimDetail.put("name", null); + requestedClaimDetail.put("email", objectMapper.readTree("{\"essential\":false}")); + requestedClaimDetail.put("phone_number", objectMapper.readTree("{\"essential\":true}")); + requestedClaimDetail.put("verified_claims", objectMapper.readTree("[{\"verification\":{\"trust_framework\":null}, \"claims\":{\"email\":{\"essential\":true},\"address\":{\"essential\":true}}}," + + "{\"verification\":{\"trust_framework\":\"Test\"}, \"claims\":{\"phone_number\":{\"essential\":true},\"name\":{\"essential\":true}}}," + + "{\"verification\":{\"trust_framework\":\"Test\"}}," + + "{\"verification\":{\"trust_framework\":\"Test\"}, \"claims\":{\"phone_number\":{\"essential\":true},\"address\":{\"essential\":true}}}]")); + oidcTransaction.setRequestedClaimDetails(requestedClaimDetail); ClientDetail clientDetail = new ClientDetail(); clientDetail.setRedirectUris(Arrays.asList("https://test-redirect-uri/**", "http://test-redirect-uri-2"));