Merge pull request #1082 from nandhu-kumar/develop

MOSIP-29513
mosip · Sep 25, 2023 · 2de8d56 · 2de8d56
2 parents 33a548d + 500ae71
commit 2de8d56
Show file tree

Hide file tree

Showing 25 changed files with 327 additions and 129 deletions.
diff --git a/automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/AdminTestUtil.java b/automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/AdminTestUtil.java
@@ -3248,9 +3248,9 @@ public static String signJWK(String clientId, String accessToken, RSAKey jwkKey,
 				GlobalConstants.MOSIP_ESIGNET_ID_TOKEN_EXPIRE_SECONDS));
 		JWSSigner signer;
 		String proofJWT = "";
-		String nonce = "jwt_payload.c_nonce123";
 		String typ = "openid4vci-proof+jwt";
 		JWK jwkHeader = jwkKey.toPublicJWK();
+		SignedJWT signedJWT = null;
 
 		try {
 			signer = new RSASSASigner(jwkKey);
@@ -3260,22 +3260,28 @@ public static String signJWK(String clientId, String accessToken, RSAKey jwkKey,
 			byte[] jwtPayloadBytes = Base64.getDecoder().decode(jwtPayloadBase64);
 			String jwtPayload = new String(jwtPayloadBytes, StandardCharsets.UTF_8);
 			JWTClaimsSet claimsSet = null;
-
-			if (testCaseName.contains("_Invalid_C_nonce_")) {
-				claimsSet = new JWTClaimsSet.Builder().audience(tempUrl)
-						.claim("nonce", nonce)
-						.issuer(clientId).issueTime(new Date())
-						.expirationTime(new Date(new Date().getTime() + idTokenExpirySecs)).build();
-			} else {
+			String nonce = new ObjectMapper().readTree(jwtPayload).get("c_nonce").asText();
+
+			if (testCaseName.contains("_Invalid_C_nonce_"))
+				nonce = "jwt_payload.c_nonce123";
+			if (testCaseName.contains("_Empty_Typ_"))
+				typ = "";
+			if (testCaseName.contains("_Invalid_Typ_"))
+				typ = "openid4vci-123@proof+jwt";
 
-				claimsSet = new JWTClaimsSet.Builder().audience(tempUrl)
-						.claim("nonce", new ObjectMapper().readTree(jwtPayload).get("c_nonce").asText())
-						.issuer(clientId).issueTime(new Date())
-						.expirationTime(new Date(new Date().getTime() + idTokenExpirySecs)).build();
+			claimsSet = new JWTClaimsSet.Builder().audience(tempUrl).claim("nonce", nonce).issuer(clientId)
+					.issueTime(new Date()).expirationTime(new Date(new Date().getTime() + idTokenExpirySecs)).build();
+
+			if (testCaseName.contains("_Missing_Typ_")) {
+				signedJWT = new SignedJWT(
+						new JWSHeader.Builder(JWSAlgorithm.RS256).jwk(jwkHeader).build(),
+						claimsSet);
+			} else {
+				signedJWT = new SignedJWT(
+						new JWSHeader.Builder(JWSAlgorithm.RS256).type(new JOSEObjectType(typ)).jwk(jwkHeader).build(),
+						claimsSet);
 			}
 
-			SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.RS256)
-					.type(new JOSEObjectType(typ)).jwk(jwkHeader).build(), claimsSet);
 
 			signedJWT.sign(signer);
 			proofJWT = signedJWT.serialize();

diff --git a/automationtests/src/main/resources/esignet/VCI/AuthenticateUserVCI/AuthenticateUserVCI.yml b/automationtests/src/main/resources/esignet/VCI/AuthenticateUserVCI/AuthenticateUserVCI.yml
@@ -32,39 +32,6 @@ AuthenticateUserVCI:
     }
 }'
 
-   ESignet_AuthenticateUserVCI_Vid_Otp_Valid_Smoke:
-      endPoint: /v1/esignet/authorization/authenticate
-      role: resident
-      restMethod: post
-      checkErrorsOnlyInResponse: true
-      validityCheckRequired: true
-      inputTemplate: esignet/VCI/AuthenticateUserVCI/AuthenticateUserVCI
-      outputTemplate: esignet/VCI/AuthenticateUserVCI/AuthenticateUserVCIResultResult
-      input: '{
-        "encodedHash": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_encodedResp$",
-      	"requestTime": "$TIMESTAMP$",
-      	"transactionId": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_transactionId$",
-      	"individualId": "$ID:Generate_Perpetual_VID_VCI_Valid_Smoke_sid_vid$",
-      	"authFactorType" : "OTP",
-      	"challenge" : "$ID:AddIdentity_Valid_Params_VCI_Vid_smoke_Pos_EMAIL$",
-        "sendOtp":{
-    "encodedHash": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_encodedResp$",
-    "requestTime": "$TIMESTAMP$",
-    "transactionId": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_transactionId$",
-	"individualId": "$ID:Generate_Perpetual_VID_VCI_Valid_Smoke_sid_vid$",
-    "otpChannels": [{channel: "email"},{channel: "phone"}],
-    "sendOtpReqTemplate": "esignet/SendOtp/SendOtp",
-    "sendOtpEndPoint": "/v1/esignet/authorization/send-otp"
-    }
-    }'
-      output: '{
-  "sendOtpResp":{
-        "maskedMobile": "XXXXXX3210",
-        "sendOtpResTemplate":"esignet/SendOtp/SendOtpResult",
-        "maskedEmail": "$IGNORE$"
-    }
-}'
-
    ESignet_AuthenticateUserVCI_uin_Otp_1stLang_Valid_Smoke:
       endPoint: /v1/esignet/authorization/authenticate
       role: resident

diff --git a/automationtests/src/main/resources/esignet/VCI/AuthorizationCodeVCI/AuthorizationCodeVCI.yml b/automationtests/src/main/resources/esignet/VCI/AuthorizationCodeVCI/AuthorizationCodeVCI.yml
@@ -15,22 +15,6 @@ AuthorizationCodeVCI:
       output: '{
 }'
 
-   ESignet_AuthorizationCode_VCI_Vid_All_Valid_Smoke_sid:
-      endPoint: /v1/esignet/authorization/auth-code
-      role: resident
-      restMethod: post
-      checkErrorsOnlyInResponse: true
-      validityCheckRequired: true
-      inputTemplate: esignet/VCI/AuthorizationCodeVCI/AuthorizationCodeVCI
-      outputTemplate: esignet/VCI/AuthorizationCodeVCI/AuthorizationCodeVCIResult
-      input: '{
-        "encodedHash": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_encodedResp$",
-      	"requestTime": "$TIMESTAMP$",
-      	"transactionId": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_transactionId$"
-}'
-      output: '{
-}'
-
    ESignet_AuthorizationCode_VCI_uin_All_1stLang_Valid_Smoke_sid:
       endPoint: /v1/esignet/authorization/auth-code
       role: resident

diff --git a/automationtests/src/main/resources/esignet/VCI/GenerateTokenVCI/GenerateTokenVCI.yml b/automationtests/src/main/resources/esignet/VCI/GenerateTokenVCI/GenerateTokenVCI.yml
@@ -19,26 +19,6 @@ GenerateTokenVCI:
    		"token_type": "Bearer" 
 }'
 
-   ESignet_GenerateTokenVCI_Vid_Valid_Smoke_sid:
-      endPoint: /v1/esignet/oauth/v2/token
-      role: resident
-      restMethod: post
-      validityCheckRequired: true
-      inputTemplate: esignet/VCI/GenerateTokenVCI/GenerateTokenVCI
-      outputTemplate: esignet/VCI/GenerateTokenVCI/GenerateTokenVCIResult
-      input: '{
-		  "grant_type": "authorization_code",
-		  "code": "$ID:AuthorizationCode_VCI_Vid_All_Valid_Smoke_sid_code$",
-		  "client_id": "$ID:CreateOIDCClient_all_Valid_Smoke_sid_clientId$",
-		  "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
-		  "client_assertion": "$CLIENT_ASSERTION_JWK$",
-		  "redirect_uri": "$IDPREDIRECTURI$",
-  		  "code_verifier": "$CODEVERIFIER$"
-}'
-      output: '{
-   		"token_type": "Bearer" 
-}'
-
    ESignet_GenerateTokenVCI_uin_1stLang_Valid_Smoke_sid:
       endPoint: /v1/esignet/oauth/v2/token
       role: resident

diff --git a/automationtests/src/main/resources/esignet/VCI/GetCredential/GetCredential.yml b/automationtests/src/main/resources/esignet/VCI/GetCredential/GetCredential.yml
@@ -78,24 +78,4 @@ GetCredential:
 }'
       output: '{
       "error":"vci_exchange_failed"
-}'
-
-   ESignet_GetCredential_Vid_IdpAccessToken_all_Valid_Smoke:
-      endPoint: /v1/esignet/vci/credential
-      role: resident
-      checkErrorsOnlyInResponse: true
-      restMethod: post
-      validityCheckRequired: true
-      inputTemplate: esignet/VCI/GetCredential/GetCredential
-      outputTemplate: esignet/VCI/GetCredential/GetCredentialResult
-      input: '{
-      	"client_id": "$ID:CreateOIDCClient_all_Valid_Smoke_sid_clientId$",
-        "idpAccessToken": "$ID:GenerateTokenVCI_Vid_Valid_Smoke_sid_access_token$",
-        "format": "ldp_vc",
-      	"type": [{types: "VerifiableCredential"}, {types: "MOSIPVerifiableCredential"}],
-      	"@context": [{context: "$VCICONTEXTURL$"}],
-      	"proof_type": "jwt",
-        "proof_jwt": "$PROOFJWT$"
-}'
-      output: '{
 }'
diff --git a/...iontests/src/main/resources/esignet/VCI/OAuthDetailsRequestVCI/OAuthDetailsRequestVCI.yml b/...iontests/src/main/resources/esignet/VCI/OAuthDetailsRequestVCI/OAuthDetailsRequestVCI.yml
@@ -23,32 +23,6 @@ OAuthDetailsRequestVCI:
 }'
       output: '{
 
-}'
-
-   ESignet_OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid:
-      endPoint: /v1/esignet/authorization/v2/oauth-details
-      role: resident
-      restMethod: post
-      checkErrorsOnlyInResponse: true
-      inputTemplate: esignet/VCI/OAuthDetailsRequestVCI/OAuthDetailsRequestVCI
-      outputTemplate: esignet/VCI/OAuthDetailsRequestVCI/OAuthDetailsRequestVCIResult
-      input: '{
-      	"requestTime": "$TIMESTAMP$",
-      	"clientId": "$ID:CreateOIDCClient_all_Valid_Smoke_sid_clientId$",
-      	"scope": "mosip_identity_vc_ldp",
-      	"responseType": "code",
-      	"redirectUri": "$IDPREDIRECTURI$",
-      	"display": "popup",
-	    "prompt": "login",
-	    "acrValues": "mosip:idp:acr:generated-code mosip:idp:acr:linked-wallet mosip:idp:acr:biometrics",
-	    "nonce": "973eieljzng",
-	    "state": "eree2311",
-	    "claimsLocales": "en",
-	    "codeChallenge": "$CODECHALLENGE$",
-        "codeChallengeMethod": "S256"
-}'
-      output: '{
-
 }'
 
    ESignet_OAuthDetailsRequest_VCI_uin_1stLang_all_Valid_Smoke_sid:

diff --git a/automationtests/src/main/resources/esignet/VCINegTC/GetCredential/GetCredential.yml b/automationtests/src/main/resources/esignet/VCINegTC/GetCredential/GetCredential.yml
@@ -559,4 +559,67 @@ GetCredentialNegTC:
 }'
       output: '{
       "error":"invalid_proof"
+}'
+
+   ESignet_GetCredential_uin_IdpAccessToken_Empty_Typ_Neg:
+      endPoint: /v1/esignet/vci/credential
+      role: resident
+      checkErrorsOnlyInResponse: true
+      restMethod: post
+      validityCheckRequired: true
+      inputTemplate: esignet/VCINegTC/GetCredential/GetCredential
+      outputTemplate: esignet/error2
+      input: '{
+      	"client_id": "$ID:CreateOIDCClient_all_Valid_Smoke_sid_clientId$",
+        "idpAccessToken": "$ID:GenerateTokenVCI_uin_NegCredScen9_Smoke_sid_access_token$",
+        "format": "ldp_vc",
+      	"type": [{types: "VerifiableCredential"}, {types: "MOSIPVerifiableCredential"}],
+      	"@context": [{context: "$VCICONTEXTURL$"}],
+      	"proof_type": "jwt",
+        "proof_jwt": "$PROOFJWT$"
+}'
+      output: '{
+      "error":"invalid_proof"
+}'
+
+   ESignet_GetCredential_uin_IdpAccessToken_Invalid_Typ_Neg:
+      endPoint: /v1/esignet/vci/credential
+      role: resident
+      checkErrorsOnlyInResponse: true
+      restMethod: post
+      validityCheckRequired: true
+      inputTemplate: esignet/VCINegTC/GetCredential/GetCredential
+      outputTemplate: esignet/error2
+      input: '{
+      	"client_id": "$ID:CreateOIDCClient_all_Valid_Smoke_sid_clientId$",
+        "idpAccessToken": "$ID:GenerateTokenVCI_uin_NegCredScen9_Smoke_sid_access_token$",
+        "format": "ldp_vc",
+      	"type": [{types: "VerifiableCredential"}, {types: "MOSIPVerifiableCredential"}],
+      	"@context": [{context: "$VCICONTEXTURL$"}],
+      	"proof_type": "jwt",
+        "proof_jwt": "$PROOFJWT$"
+}'
+      output: '{
+      "error":"invalid_proof"
+}'
+
+   ESignet_GetCredential_uin_IdpAccessToken_Missing_Typ_Neg:
+      endPoint: /v1/esignet/vci/credential
+      role: resident
+      checkErrorsOnlyInResponse: true
+      restMethod: post
+      validityCheckRequired: true
+      inputTemplate: esignet/VCINegTC/GetCredential/GetCredential
+      outputTemplate: esignet/error2
+      input: '{
+      	"client_id": "$ID:CreateOIDCClient_all_Valid_Smoke_sid_clientId$",
+        "idpAccessToken": "$ID:GenerateTokenVCI_uin_NegCredScen9_Smoke_sid_access_token$",
+        "format": "ldp_vc",
+      	"type": [{types: "VerifiableCredential"}, {types: "MOSIPVerifiableCredential"}],
+      	"@context": [{context: "$VCICONTEXTURL$"}],
+      	"proof_type": "jwt",
+        "proof_jwt": "$PROOFJWT$"
+}'
+      output: '{
+      "error":"invalid_proof"
 }'
diff --git a/...mationtests/src/main/resources/esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCI.hbs b/...mationtests/src/main/resources/esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCI.hbs
@@ -0,0 +1,15 @@
+{
+	"encodedHash": "{{encodedHash}}",
+    "requestTime": "{{requestTime}}",
+    "request": {
+        "transactionId": "{{transactionId}}",
+        "individualId": "{{individualId}}",
+        "challengeList" : [
+            {
+                "authFactorType" : "{{authFactorType}}",
+                "challenge" : "{{challenge}}",
+                "format": "alpha-numeric"
+            }
+        ]
+    }
+}
diff --git a/...mationtests/src/main/resources/esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCI.yml b/...mationtests/src/main/resources/esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCI.yml
@@ -0,0 +1,33 @@
+AuthenticateUserVCIVid:
+   ESignet_AuthenticateUserVCI_Vid_Otp_Valid_Smoke:
+      endPoint: /v1/esignet/authorization/authenticate
+      role: resident
+      restMethod: post
+      checkErrorsOnlyInResponse: true
+      validityCheckRequired: true
+      inputTemplate: esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCI
+      outputTemplate: esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCIResultResult
+      input: '{
+        "encodedHash": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_encodedResp$",
+      	"requestTime": "$TIMESTAMP$",
+      	"transactionId": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_transactionId$",
+      	"individualId": "$ID:Generate_Perpetual_VID_VCI_Valid_Smoke_sid_vid$",
+      	"authFactorType" : "OTP",
+      	"challenge" : "$ID:AddIdentity_Valid_Params_VCI_Vid_smoke_Pos_EMAIL$",
+        "sendOtp":{
+    "encodedHash": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_encodedResp$",
+    "requestTime": "$TIMESTAMP$",
+    "transactionId": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_transactionId$",
+	"individualId": "$ID:Generate_Perpetual_VID_VCI_Valid_Smoke_sid_vid$",
+    "otpChannels": [{channel: "email"},{channel: "phone"}],
+    "sendOtpReqTemplate": "esignet/SendOtp/SendOtp",
+    "sendOtpEndPoint": "/v1/esignet/authorization/send-otp"
+    }
+    }'
+      output: '{
+  "sendOtpResp":{
+        "maskedMobile": "XXXXXX3210",
+        "sendOtpResTemplate":"esignet/SendOtp/SendOtpResult",
+        "maskedEmail": "$IGNORE$"
+    }
+}'
diff --git a/...tests/src/main/resources/esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCIResult.hbs b/...tests/src/main/resources/esignet/VCIVid/AuthenticateUserVCI/AuthenticateUserVCIResult.hbs
@@ -0,0 +1 @@
+{}
diff --git a/...tiontests/src/main/resources/esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCI.hbs b/...tiontests/src/main/resources/esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCI.hbs
@@ -0,0 +1,19 @@
+{
+    "encodedHash": "{{encodedHash}}",
+    "requestTime": "{{requestTime}}",
+    "request": {
+        "transactionId": "{{transactionId}}",
+        "acceptedClaims": [
+	      {{#each acceptedClaims}}
+	            "{{claim}}"
+	          {{#unless @last}},{{/unless}}
+	      	{{/each}}
+        ],
+        "permittedAuthorizeScopes": [
+	      {{#each permittedAuthorizeScopes}}
+	            "{{scope}}"
+	          {{#unless @last}},{{/unless}}
+	      	{{/each}}
+    ]
+    }
+}
diff --git a/...tiontests/src/main/resources/esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCI.yml b/...tiontests/src/main/resources/esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCI.yml
@@ -0,0 +1,16 @@
+AuthorizationCodeVCIVid:
+   ESignet_AuthorizationCode_VCI_Vid_All_Valid_Smoke_sid:
+      endPoint: /v1/esignet/authorization/auth-code
+      role: resident
+      restMethod: post
+      checkErrorsOnlyInResponse: true
+      validityCheckRequired: true
+      inputTemplate: esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCI
+      outputTemplate: esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCIResult
+      input: '{
+        "encodedHash": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_encodedResp$",
+      	"requestTime": "$TIMESTAMP$",
+      	"transactionId": "$ID:OAuthDetailsRequest_VCI_Vid_all_Valid_Smoke_sid_transactionId$"
+}'
+      output: '{
+}'
diff --git a/...sts/src/main/resources/esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCIResult.hbs b/...sts/src/main/resources/esignet/VCIVid/AuthorizationCodeVCI/AuthorizationCodeVCIResult.hbs
@@ -0,0 +1 @@
+{}
diff --git a/automationtests/src/main/resources/esignet/VCIVid/GenerateTokenVCI/GenerateTokenVCI.hbs b/automationtests/src/main/resources/esignet/VCIVid/GenerateTokenVCI/GenerateTokenVCI.hbs
@@ -0,0 +1,9 @@
+{
+  "grant_type": "{{grant_type}}",
+  "code": "{{code}}",
+  "client_id": "{{client_id}}",
+  "client_assertion_type": "{{client_assertion_type}}",
+  "client_assertion": "{{client_assertion}}",
+  "redirect_uri": "{{redirect_uri}}",
+  "code_verifier": "{{code_verifier}}"
+}