[ES-313] fixes merged from develop to release branch

authentication/authentication-common/src/main/java/io/mosip/authentication/common/service/helper/TokenValidationHelper.java

@@ -1,26 +1,17 @@
 package io.mosip.authentication.common.service.helper;
 
 import java.time.LocalDateTime;
-import java.util.Collection;
-import java.util.List;
 import java.util.Optional;
-import java.util.Set;
-import java.util.stream.Collectors;
 
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
 
 import io.mosip.authentication.common.service.entity.KycTokenData;
-import io.mosip.authentication.common.service.entity.OIDCClientData;
 import io.mosip.authentication.common.service.repository.KycTokenDataRepository;
-import io.mosip.authentication.common.service.repository.OIDCClientDataRepository;
-import io.mosip.authentication.common.service.util.EnvUtil;
-import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil;
 import io.mosip.authentication.core.constant.IdAuthCommonConstants;
 import io.mosip.authentication.core.constant.IdAuthenticationErrorConstants;
 import io.mosip.authentication.core.constant.KycTokenStatusType;
 import io.mosip.authentication.core.exception.IdAuthenticationBusinessException;
-import io.mosip.authentication.core.indauth.dto.BaseRequestDTO;
 import io.mosip.authentication.core.logger.IdaLogger;
 import io.mosip.authentication.core.spi.indauth.service.KycService;
 import io.mosip.kernel.core.logger.spi.Logger;
@@ -31,29 +22,19 @@
  * @author Mahammed Taheer
  */
 
+@Component
 public class TokenValidationHelper {
 
     	/** The mosip logger. */
 	private static Logger mosipLogger = IdaLogger.getLogger(TokenValidationHelper.class);
 
-    @Value("${ida.idp.consented.individual_id.attribute.name:individual_id}")
-	private String consentedIndividualIdAttributeName;
-
-
     /** The Kyc Service */
 	@Autowired
 	private KycService kycService;
 
     @Autowired
 	private KycTokenDataRepository kycTokenDataRepo;
 
-	@Autowired
-	private IdInfoHelper idInfoHelper;
-
-    @Autowired
-	private OIDCClientDataRepository oidcClientDataRepo; 
-
-
     public KycTokenData findAndValidateIssuedToken(String tokenData, String oidcClientId, String reqTransactionId, 
         String idvidHash) throws IdAuthenticationBusinessException {
 
@@ -131,49 +112,4 @@ private void validateToken(KycTokenData kycTokenData, String oidcClientId, Strin
 						IdAuthenticationErrorConstants.KYC_TOKEN_EXPIRED.getErrorMessage());
 		}
 	}
-
-	public void mapConsentedAttributesToIdSchemaAttributes(List<String> consentAttributes, Set<String> filterAttributes, 
-			List<String> policyAllowedKycAttribs) throws IdAuthenticationBusinessException {
-
-		if(consentAttributes != null && !consentAttributes.isEmpty()) {
-			for (String attrib : consentAttributes) {
-				Collection<? extends String> idSchemaAttribute = idInfoHelper.getIdentityAttributesForIdName(attrib);
-				filterAttributes.addAll(idSchemaAttribute);
-			}
-			// removing individual id from consent if the claim is not allowed in policy.
-			if (!policyAllowedKycAttribs.contains(consentedIndividualIdAttributeName)) {
-				consentAttributes.remove(consentedIndividualIdAttributeName);
-			}
-		}
-	} 
-
-	public Set<String> filterByPolicyAllowedAttributes(Set<String> filterAttributes, List<String> policyAllowedKycAttribs) {
-		return policyAllowedKycAttribs.stream()
-							.filter(attribute -> filterAttributes.contains(attribute))
-							.collect(Collectors.toSet());
-	}
-
-	public String getKycExchangeResponseTime(BaseRequestDTO authRequestDTO) {
-		String dateTimePattern = EnvUtil.getDateTimePattern();
-		return IdaRequestResponsConsumerUtil.getResponseTime(authRequestDTO.getRequestTime(), dateTimePattern);
-	}
-
-	public List<String> filterAllowedUserClaims(String oidcClientId, List<String> consentAttributes) {
-		mosipLogger.info(IdAuthCommonConstants.IDA, this.getClass().getSimpleName(), "filterAllowedUserClaims", 
-					"Checking for OIDC client allowed userclaims");
-		Optional<OIDCClientData> oidcClientData = oidcClientDataRepo.findByClientId(oidcClientId);
-
-		List<String> oidcClientAllowedUserClaims = List.of(oidcClientData.get().getUserClaims())
-													   .stream()
-													   .map(String::toLowerCase)
-													   .collect(Collectors.toList());
-		if (consentAttributes.isEmpty()) {
-			return oidcClientAllowedUserClaims;
-		}
-
-		return consentAttributes.stream()
-							    .filter(claim -> oidcClientAllowedUserClaims.contains(claim.toLowerCase()))
-								.collect(Collectors.toList());
-
-	}
 }

authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/KycFacadeImpl.java

@@ -3,6 +3,7 @@
  */
 package io.mosip.authentication.service.kyc.facade;
 
+import java.time.LocalDateTime;
 import java.util.AbstractMap.SimpleEntry;
 import java.util.Collection;
 import java.util.HashSet;
@@ -26,11 +27,13 @@
 import io.mosip.authentication.common.service.builder.AuthTransactionBuilder;
 import io.mosip.authentication.common.service.entity.AutnTxn;
 import io.mosip.authentication.common.service.entity.KycTokenData;
+import io.mosip.authentication.common.service.entity.OIDCClientData;
 import io.mosip.authentication.common.service.helper.AuditHelper;
 import io.mosip.authentication.common.service.helper.TokenValidationHelper;
 import io.mosip.authentication.common.service.integration.TokenIdManager;
 import io.mosip.authentication.common.service.repository.IdaUinHashSaltRepo;
 import io.mosip.authentication.common.service.repository.KycTokenDataRepository;
+import io.mosip.authentication.common.service.repository.OIDCClientDataRepository;
 import io.mosip.authentication.common.service.transaction.manager.IdAuthSecurityManager;
 import io.mosip.authentication.common.service.util.EnvUtil;
 import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil;
@@ -70,6 +73,7 @@
 import io.mosip.authentication.core.spi.indauth.match.IdInfoFetcher;
 import io.mosip.authentication.core.spi.indauth.service.KycService;
 import io.mosip.authentication.core.spi.partner.service.PartnerService;
+import io.mosip.authentication.service.kyc.util.ExchangeDataAttributesUtil;
 import io.mosip.kernel.core.logger.spi.Logger;
 import reactor.util.function.Tuple3;
 
@@ -133,6 +137,9 @@ public class KycFacadeImpl implements KycFacade {
 	@Autowired
 	private TokenValidationHelper tokenValidationHelper;
 
+	@Autowired
+	private ExchangeDataAttributesUtil exchangeDataAttributesUtil;
+
 	/*
 	 * (non-Javadoc)
 	 * 
@@ -399,15 +406,15 @@ public KycExchangeResponseDTO processKycExchange(KycExchangeRequestDTO kycExchan
 			}
 
 			List<String> consentAttributes = kycExchangeRequestDTO.getConsentObtained();
-			List<String> allowedConsentAttributes = tokenValidationHelper.filterAllowedUserClaims(oidcClientId, consentAttributes);
+			List<String> allowedConsentAttributes = exchangeDataAttributesUtil.filterAllowedUserClaims(oidcClientId, consentAttributes);
 
 			PolicyDTO policyDto = policyDtoOpt.get();
 			List<String> policyAllowedKycAttribs = Optional.ofNullable(policyDto.getAllowedKycAttributes()).stream()
 						.flatMap(Collection::stream).map(KYCAttributes::getAttributeName).collect(Collectors.toList());
 
 			Set<String> filterAttributes = new HashSet<>();
-			tokenValidationHelper.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs);
-			Set<String> policyAllowedAttributes = tokenValidationHelper.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs);
+			exchangeDataAttributesUtil.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs);
+			Set<String> policyAllowedAttributes = exchangeDataAttributesUtil.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs);
 
 			boolean isBioRequired = false;
 			if (filterAttributes.contains(CbeffDocType.FACE.getType().value().toLowerCase()) || 
@@ -438,7 +445,7 @@ public KycExchangeResponseDTO processKycExchange(KycExchangeRequestDTO kycExchan
 			kycExchangeResponseDTO.setId(kycExchangeRequestDTO.getId());
 			kycExchangeResponseDTO.setTransactionID(kycExchangeRequestDTO.getTransactionID());
 			kycExchangeResponseDTO.setVersion(kycExchangeRequestDTO.getVersion());
-			kycExchangeResponseDTO.setResponseTime(tokenValidationHelper.getKycExchangeResponseTime(kycExchangeRequestDTO));
+			kycExchangeResponseDTO.setResponseTime(exchangeDataAttributesUtil.getKycExchangeResponseTime(kycExchangeRequestDTO));
 
 			EncryptedKycRespDTO encryptedKycRespDTO = new EncryptedKycRespDTO();
 			encryptedKycRespDTO.setEncryptedKyc(respJson);
@@ -455,7 +462,6 @@ public KycExchangeResponseDTO processKycExchange(KycExchangeRequestDTO kycExchan
 		}
 	}
 
-
 	// Need to move below duplicate code to common to be used by OTPService and KycExchange.
 	private void saveToTxnTable(KycExchangeRequestDTO kycExchangeRequestDTO, boolean isInternal, boolean status, String partnerId, String token, 
 				KycExchangeResponseDTO kycExchangeResponseDTO, ObjectWithMetadata requestWithMetadata)

authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/facade/VciFacadeImpl.java

@@ -1,6 +1,3 @@
-/**
- * 
- */
 package io.mosip.authentication.service.kyc.facade;
 
 import java.util.ArrayList;
@@ -52,6 +49,7 @@
 import io.mosip.authentication.core.spi.indauth.match.IdInfoFetcher;
 import io.mosip.authentication.core.spi.partner.service.PartnerService;
 import io.mosip.authentication.service.kyc.impl.VciServiceImpl;
+import io.mosip.authentication.service.kyc.util.ExchangeDataAttributesUtil;
 import io.mosip.kernel.core.logger.spi.Logger;
 
 /**
@@ -104,6 +102,9 @@ public class VciFacadeImpl implements VciFacade {
 	@Autowired
 	private KycTokenDataRepository kycTokenDataRepo;
 
+	@Autowired
+	private ExchangeDataAttributesUtil exchangeDataAttributesUtil;
+
 	@Override
 	public VciExchangeResponseDTO processVciExchange(VciExchangeRequestDTO vciExchangeRequestDTO, String partnerId, 
 			String oidcClientId, Map<String, Object>  metadata, ObjectWithMetadata requestWithMetadata) throws IdAuthenticationBusinessException {
@@ -133,15 +134,15 @@ public VciExchangeResponseDTO processVciExchange(VciExchangeRequestDTO vciExchan
 
 			// Will implement later the consent claims based on credential definition input
 			List<String> consentAttributes = Collections.emptyList();  
-			List<String> allowedConsentAttributes = tokenValidationHelper.filterAllowedUserClaims(oidcClientId, consentAttributes);
+			List<String> allowedConsentAttributes = exchangeDataAttributesUtil.filterAllowedUserClaims(oidcClientId, consentAttributes);
 
 			PolicyDTO policyDto = policyDtoOpt.get();
 			List<String> policyAllowedKycAttribs = Optional.ofNullable(policyDto.getAllowedKycAttributes()).stream()
 						.flatMap(Collection::stream).map(KYCAttributes::getAttributeName).collect(Collectors.toList());
 
 			Set<String> filterAttributes = new HashSet<>();
-			tokenValidationHelper.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs);
-			Set<String> policyAllowedAttributes = tokenValidationHelper.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs);
+			exchangeDataAttributesUtil.mapConsentedAttributesToIdSchemaAttributes(allowedConsentAttributes, filterAttributes, policyAllowedKycAttribs);
+			Set<String> policyAllowedAttributes = exchangeDataAttributesUtil.filterByPolicyAllowedAttributes(filterAttributes, policyAllowedKycAttribs);
 
 			boolean isBioRequired = false;
 			if (filterAttributes.contains(CbeffDocType.FACE.getType().value().toLowerCase()) || 
@@ -178,7 +179,7 @@ public VciExchangeResponseDTO processVciExchange(VciExchangeRequestDTO vciExchan
 			vciExchangeResponseDTO.setId(vciExchangeRequestDTO.getId());
 			vciExchangeResponseDTO.setTransactionID(vciExchangeRequestDTO.getTransactionID());
 			vciExchangeResponseDTO.setVersion(vciExchangeRequestDTO.getVersion());
-			vciExchangeResponseDTO.setResponseTime(tokenValidationHelper.getKycExchangeResponseTime(vciExchangeRequestDTO));
+			vciExchangeResponseDTO.setResponseTime(exchangeDataAttributesUtil.getKycExchangeResponseTime(vciExchangeRequestDTO));
 			vciExchangeResponseDTO.setResponse(vcResponseDTO);
 			saveToTxnTable(vciExchangeRequestDTO, false, true, partnerId, token, vciExchangeResponseDTO, requestWithMetadata);
 			auditHelper.audit(AuditModules.VCI_EXCHANGE, AuditEvents.VCI_EXCHANGE_REQUEST_RESPONSE,

authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/KycServiceImpl.java

@@ -4,6 +4,7 @@
 import java.nio.ByteBuffer;
 import java.time.LocalDateTime;
 import java.time.temporal.ChronoUnit;
+import java.time.temporal.ValueRange;
 import java.util.AbstractMap.SimpleEntry;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -441,9 +442,11 @@ public boolean isKycTokenExpire(LocalDateTime tokenIssuedDateTime, String kycTok
 		LocalDateTime currentTime = LocalDateTime.now();
 
 		long diffSeconds = ChronoUnit.SECONDS.between(tokenIssuedDateTime, currentTime);
+
 		long adjustmentSeconds = EnvUtil.getKycTokenExpireTimeAdjustmentSeconds();
+		ValueRange valueRange = ValueRange.of(0, adjustmentSeconds);
 
-		if (tokenIssuedDateTime != null && adjustmentSeconds < diffSeconds) {
+		if (tokenIssuedDateTime != null && !valueRange.isValidIntValue(diffSeconds)) {
 			return true;
 		}
 		return false;

authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/impl/VciServiceImpl.java

@@ -399,15 +399,21 @@ private Map<String, Object> getCredSubjectMap(String credSubjectId, Map<String,
 					continue;
 				if (idInfoList.size() == 1) {
 					IdentityInfoDTO identityInfo = idInfoList.get(0);
-					if (Objects.isNull(identityInfo.getLanguage()))
-						credSubjectMap.put(idSchemaAttribute, idInfoList.get(0).getValue());
+					if (Objects.isNull(identityInfo.getLanguage())) {
+						String value = identityInfo.getValue();
+						if (Objects.nonNull(value) && (value.trim().length() > 0))
+							credSubjectMap.put(idSchemaAttribute, value);
+					}
 					else {
 						Map<String, String> valueMap = new HashMap<>();
 						String lang = identityInfo.getLanguage();
 						if (locales.contains(lang)) {
-							valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, lang);
-							valueMap.put(IdAuthCommonConstants.VALUE_STRING, identityInfo.getValue());
-							credSubjectMap.put(idSchemaAttribute, valueMap);
+							String value = identityInfo.getValue();
+							if (Objects.nonNull(value) && (value.trim().length() > 0)) {
+								valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, lang);
+								valueMap.put(IdAuthCommonConstants.VALUE_STRING, value);
+								credSubjectMap.put(idSchemaAttribute, valueMap);
+							}
 						}
 					}
 					continue;
@@ -417,12 +423,16 @@ private Map<String, Object> getCredSubjectMap(String credSubjectId, Map<String,
 					Map<String, String> valueMap = new HashMap<>();
 					String lang = identityInfo.getLanguage();
 					if (locales.contains(lang)) {
-						valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, identityInfo.getLanguage());
-						valueMap.put(IdAuthCommonConstants.VALUE_STRING, identityInfo.getValue());
-						valueList.add(valueMap);
+						String value = identityInfo.getValue();
+						if (Objects.nonNull(value) && (value.trim().length() > 0)) {
+							valueMap.put(IdAuthCommonConstants.LANGUAGE_STRING, identityInfo.getLanguage());
+							valueMap.put(IdAuthCommonConstants.VALUE_STRING, identityInfo.getValue());
+							valueList.add(valueMap);
+						}
 					}
 				}
-				credSubjectMap.put(idSchemaAttribute, valueList);
+				if (valueList.size() > 0)
+					credSubjectMap.put(idSchemaAttribute, valueList);
 			}
 		}
 		return credSubjectMap;

authentication/authentication-service/src/main/java/io/mosip/authentication/service/kyc/util/ExchangeDataAttributesUtil.java

@@ -0,0 +1,90 @@
+package io.mosip.authentication.service.kyc.util;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import io.mosip.authentication.common.service.entity.OIDCClientData;
+import io.mosip.authentication.common.service.helper.IdInfoHelper;
+import io.mosip.authentication.common.service.repository.OIDCClientDataRepository;
+import io.mosip.authentication.common.service.util.EnvUtil;
+import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil;
+import io.mosip.authentication.core.constant.IdAuthCommonConstants;
+import io.mosip.authentication.core.exception.IdAuthenticationBusinessException;
+import io.mosip.authentication.core.indauth.dto.BaseRequestDTO;
+import io.mosip.authentication.core.logger.IdaLogger;
+import io.mosip.kernel.core.logger.spi.Logger;
+
+/**
+ * Utility class to filter the consented attribute and policy allowed attributes.
+ *
+ * @author Mahammed Taheer
+ */
+
+@Component
+public class ExchangeDataAttributesUtil {
+
+    /** The mosip logger. */
+	private static Logger mosipLogger = IdaLogger.getLogger(ExchangeDataAttributesUtil.class);
+
+    @Value("${ida.idp.consented.individual_id.attribute.name:individual_id}")
+	private String consentedIndividualIdAttributeName;
+
+    @Autowired
+	private IdInfoHelper idInfoHelper;
+
+    @Autowired
+	private OIDCClientDataRepository oidcClientDataRepo; 
+
+    public void mapConsentedAttributesToIdSchemaAttributes(List<String> consentAttributes, Set<String> filterAttributes, 
+			List<String> policyAllowedKycAttribs) throws IdAuthenticationBusinessException {
+
+		if(consentAttributes != null && !consentAttributes.isEmpty()) {
+			for (String attrib : consentAttributes) {
+				Collection<? extends String> idSchemaAttribute = idInfoHelper.getIdentityAttributesForIdName(attrib);
+				filterAttributes.addAll(idSchemaAttribute);
+			}
+			// removing individual id from consent if the claim is not allowed in policy.
+			if (!policyAllowedKycAttribs.contains(consentedIndividualIdAttributeName)) {
+				consentAttributes.remove(consentedIndividualIdAttributeName);
+			}
+		}
+	} 
+
+	public Set<String> filterByPolicyAllowedAttributes(Set<String> filterAttributes, List<String> policyAllowedKycAttribs) {
+		return policyAllowedKycAttribs.stream()
+							.filter(attribute -> filterAttributes.contains(attribute))
+							.collect(Collectors.toSet());
+	}
+
+	public String getKycExchangeResponseTime(BaseRequestDTO authRequestDTO) {
+		String dateTimePattern = EnvUtil.getDateTimePattern();
+		return IdaRequestResponsConsumerUtil.getResponseTime(authRequestDTO.getRequestTime(), dateTimePattern);
+	}
+
+	public List<String> filterAllowedUserClaims(String oidcClientId, List<String> consentAttributes) {
+		mosipLogger.info(IdAuthCommonConstants.IDA, this.getClass().getSimpleName(), "filterAllowedUserClaims", 
+					"Checking for OIDC client allowed userclaims");
+		Optional<OIDCClientData> oidcClientData = oidcClientDataRepo.findByClientId(oidcClientId);
+
+		List<String> oidcClientAllowedUserClaims = List.of(oidcClientData.get().getUserClaims())
+													   .stream()
+													   .map(String::toLowerCase)
+													   .collect(Collectors.toList());
+		if (consentAttributes.isEmpty()) {
+			return oidcClientAllowedUserClaims;
+		}
+
+		return consentAttributes.stream()
+							    .filter(claim -> oidcClientAllowedUserClaims.contains(claim.toLowerCase()))
+								.collect(Collectors.toList());
+
+	}
+
+}