diff --git a/kernel/kernel-authcodeflowproxy-api/.gitignore b/kernel/kernel-authcodeflowproxy-api/.gitignore
deleted file mode 100644
index 31c592ccddd..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/.gitignore
+++ /dev/null
@@ -1,22 +0,0 @@
-*.class
-.mtj.tmp/
-*.war
-*.ear
-hs_err_pid*
-target/
-.springBeans
-.metadata
-.factorypath
-.classpath
-.project
-.settings/
-bin/
-tmp/
-*.tmp
-*.bak
-*.swp
-*~.nib
-local.properties
-.loadpath
-.DS_Store
-test.txt
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/README.md b/kernel/kernel-authcodeflowproxy-api/README.md
deleted file mode 100644
index f74030a10ef..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/README.md
+++ /dev/null
@@ -1,41 +0,0 @@
-## Kernel Authcodeflowproxy Api
-
-## Overview
-This library provides server side functions related login using authorization code flow. The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token. For an overview on Authorization Code grant type [refer](https://oauth.net/2/grant-types/authorization-code/).
-
-## Technical features
-- Provides REST APIs for login, logout and online token validate funtionalities.
-
-## Usage
-1. To use this api, add this to dependency list:
-
-```
-
- io.mosip.kernel
- kernel-authcodeflowproxy-api
- 1.2.0
-
-```
-
-
-2. Properties to be added:
-
-```
-auth.server.admin.validate.url=https:///v1/authmanager/authorize/admin/validateToken
-mosip.iam.module.clientID=
-mosip.iam.module.clientsecret=
-mosip.iam.module.redirecturi=https:////login-redirect/
-mosip.iam.module.admin_realm_id=
-mosip.iam.base-url=
-mosip.iam.authorization_endpoint=${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/auth
-mosip.iam.token_endpoint=${mosip.iam.base-url}/auth/realms/{realmId}/protocol/openid-connect/token
-```
-
-3. Add following package to scan for beans
-
-```
-io.mosip.kernel.authcodeflowproxy.api.*
-```
-
-4. When the server is up it will have 4 new rest apis.
-
diff --git a/kernel/kernel-authcodeflowproxy-api/pom.xml b/kernel/kernel-authcodeflowproxy-api/pom.xml
deleted file mode 100644
index 3ba3ede2f85..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/pom.xml
+++ /dev/null
@@ -1,434 +0,0 @@
-
- 4.0.0
- io.mosip.kernel
- kernel-authcodeflowproxy-api
- 1.2.1-SNAPSHOT
- jar
- kernel-authcodeflowproxy-api
- Mosip commons project
- https://github.com/mosip/commons
-
- UTF-8
-
-
- 11
- 11
- 3.8.0
-
-
- 3.0.2
- 3.1.0
-
-
- 3.2.0
- 2.3
-
-
- 2.0.2.RELEASE
- 2.0.7.RELEASE
- 5.0.5.RELEASE
- 2.0.4.RELEASE
-
-
- 2.0.7
- 1.5.21
- 2.9.2
-
-
- 3.6.2
- 3.7.0
-
-
-
- 1.2
- 3.0.0
- 1.3
- 2.2
- 2.0.1.Final
- 2.2.6
-
-
- 1.4.197
- 5.1.46
- 42.2.2
- 2.5.0
- 5.2.17.Final
- 6.0.12.Final
-
-
- 4.12
- 2.23.4
- 1.7.4
- 2.0.7
-
-
- 1.2.3
- 1.7.19
- 1.7.7
- 1.7.25
-
-
- 2.9.5
- 2.9.8
- 2.9.6
- 20180130
- 2.2.10
- 20180813
- 1.1.1
-
-
- 3.6.1
- 3.7
- 2.6
- 1.11
- 4.3
- 1.9.2
- 2.2
- 4.5.6
- 19.0
- 1.18.8
- 0.1.54
- 1.4.0
- 7.1.0
- 2.0.0
- 5.5.13
- 2.3.23
- 1.7
- 2.0
- 1.5.2
- 2.1.1
- 1.66
- 63.1
- 1.0.0
- 3.3.3
- 3.1.0
- 4.1.0-incubating
- 1.11.368
- 0.2.4
- 2.3.0
- 3.0.1
- 1.9.12
- 0.6.0
- 2.0.0.AM2
- 1.8.12
- 1.4.2
- 1.4.2
- UTF-8
-
-
- 11
- 11
- 3.8.0
-
-
- 3.0.2
- 3.1.0
-
-
- 3.2.0
- 2.3
-
-
- 2.0.2.RELEASE
- 2.0.7.RELEASE
- 5.0.5.RELEASE
- 2.0.4.RELEASE
-
-
- 2.0.7
- 1.5.21
- 2.9.2
-
-
- 3.6.2
- 3.7.0
-
-
-
- 1.2
- 3.0.0
- 1.3
- 2.2
- 2.0.1.Final
- 2.2.6
-
-
- 1.4.197
- 5.1.46
- 42.2.2
- 2.5.0
- 5.2.17.Final
- 6.0.12.Final
-
-
- 4.12
- 2.23.4
- 1.7.4
- 2.0.7
-
-
- 1.2.3
- 1.7.19
- 1.7.7
- 1.7.25
-
-
- 2.9.5
- 2.9.8
- 2.9.6
- 20180130
- 2.2.10
- 20180813
- 1.1.1
-
-
- 3.6.1
- 3.7
- 2.6
- 1.11
- 4.3
- 1.9.2
- 2.2
- 4.5.6
- 19.0
- 1.18.8
- 0.1.54
- 1.4.0
- 7.1.0
- 2.0.0
- 5.5.13
- 2.3.23
- 1.7
- 2.0
- 1.5.2
- 2.1.1
- 1.66
- 63.1
- 1.0.0
- 3.3.3
- 3.1.0
- 4.1.0-incubating
- 1.11.368
- 0.2.4
- 2.3.0
- 3.0.1
- 1.9.12
- 0.6.0
- 2.0.0.AM2
- 1.8.12
- 1.4.2
- 1.4.2
- 1.2.1-SNAPSHOT
- 0.8.5
- 2.0.0
-
-
-
- io.mosip.kernel
- kernel-core
- ${kernel.core.version}
-
-
- org.springframework.boot
- spring-boot-starter-web
- ${spring.boot.version}
-
-
- com.auth0
- jwks-rsa
- 0.18.0
-
-
- org.powermock
- powermock-api-mockito2
- ${powermock.version}
- test
-
-
- org.powermock
- powermock-module-junit4
- ${powermock.version}
- test
-
-
-
-
- ossrh
- https://oss.sonatype.org/content/repositories/snapshots
-
-
- ossrh
- https://oss.sonatype.org/service/local/staging/deploy/maven2/
-
-
-
-
-
- maven-deploy-plugin
- 2.8.1
-
-
- default-deploy
- deploy
-
- deploy
-
-
-
-
-
- org.sonatype.plugins
- nexus-staging-maven-plugin
- 1.6.7
- true
-
-
- default-deploy
- deploy
-
- deploy
-
-
-
-
- ossrh
- https://oss.sonatype.org/
- false
-
-
-
-
- org.apache.maven.plugins
- maven-source-plugin
- true
- 2.2.1
-
-
- attach-sources
-
- jar-no-fork
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-javadoc-plugin
- 3.2.0
-
-
- attach-javadocs
-
- jar
-
-
-
-
- none
-
-
-
- org.apache.maven.plugins
- maven-gpg-plugin
- 1.5
-
-
- sign-artifacts
- verify
-
- sign
-
-
-
- --pinentry-mode
- loopback
-
-
-
-
-
-
- pl.project13.maven
- git-commit-id-plugin
- 3.0.1
-
-
- get-the-git-infos
-
- revision
-
- validate
-
-
-
- true
- ${project.build.outputDirectory}/git.properties
-
- ^git.build.(time|version)$
- ^git.commit.id.(abbrev|full)$
-
- full
- ${project.basedir}/.git
-
-
-
-
- org.apache.maven.plugins
- maven-surefire-plugin
- 2.22.0
-
- false
- false
-
- ${argLine} --add-opens
- java.xml/jdk.xml.internal=ALL-UNNAMED
- --illegal-access=permit
-
-
-
-
- org.jacoco
- jacoco-maven-plugin
- ${jacoco.maven.plugin.version}
-
-
-
- prepare-agent
-
-
-
- report
- prepare-package
-
- report
-
-
-
-
-
-
-
- scm:git:git://github.com/mosip/commons.git
- scm:git:ssh://github.com:mosip/commons.git
- https://github.com/mosip/commons
- HEAD
-
-
-
- MPL 2.0
- https://www.mozilla.org/en-US/MPL/2.0/
-
-
-
-
- Mosip
- mosip.emailnotifier@gmail.com
- io.mosip
- https://github.com/mosip/commons
-
-
-
-
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/META-INF/MANIFEST.MF b/kernel/kernel-authcodeflowproxy-api/src/main/java/META-INF/MANIFEST.MF
deleted file mode 100644
index 254272e1c07..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,3 +0,0 @@
-Manifest-Version: 1.0
-Class-Path:
-
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/auditmanager/dto/AuthorizedRolesDto.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/auditmanager/dto/AuthorizedRolesDto.java
deleted file mode 100644
index f8a48cfc95f..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/auditmanager/dto/AuthorizedRolesDto.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package io.mosip.kernel.auditmanager.dto;
-
-import java.util.List;
-
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.stereotype.Component;
-
-import lombok.Getter;
-import lombok.Setter;
-
-
-@Component("authorizedRoles")
-@ConfigurationProperties(prefix = "mosip.role.kernel")
-@Getter
-@Setter
-public class AuthorizedRolesDto {
-
- //AuditManager
- private List postaudits;
-
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/config/AuthCodeProxyConfig.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/config/AuthCodeProxyConfig.java
deleted file mode 100644
index 278e037f6ca..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/config/AuthCodeProxyConfig.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.config;
-
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.client.RestTemplate;
-
-@Configuration
-public class AuthCodeProxyConfig {
-
- @ConditionalOnMissingBean(RestTemplate.class)
- @Bean
- RestTemplate restTemplate() {
- return new RestTemplate();
- }
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/AuthConstant.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/AuthConstant.java
deleted file mode 100644
index e477f357406..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/AuthConstant.java
+++ /dev/null
@@ -1,19 +0,0 @@
-/**
- *
- */
-package io.mosip.kernel.authcodeflowproxy.api.constants;
-
-/**
- * @author Ramadurai Saravana Pandian
- *
- */
-public class AuthConstant {
-
- public static final String PREFERRED_USERNAME = "preferred_username";
-
- public static final String AZP = "azp";
-
- public static final String ISSUER = "iss";
-
-
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/AuthErrorCode.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/AuthErrorCode.java
deleted file mode 100644
index 20af3106a1b..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/AuthErrorCode.java
+++ /dev/null
@@ -1,64 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.constants;
-
-/**
- * Error Code for Auth Adapter
- *
- * @author Urvil Joshi
- * @since 1.0.0
- *
- */
-public enum AuthErrorCode {
- /**
- * UNAUTHORIZED
- */
- UNAUTHORIZED("KER-ATH-401", "Authentication Failed"),
- /**
- * FORBIDDEN
- */
- FORBIDDEN("KER-ATH-403", "Forbidden"),
- /**
- * FORBIDDEN
- */
-
- ;
-
-
- /**
- * The error code
- */
- private final String errorCode;
- /**
- * The error message
- */
- private final String errorMessage;
-
- /**
- * Constructor to set error code and message
- *
- * @param errorCode the error code
- * @param errorMessage the error message
- */
- private AuthErrorCode(final String errorCode, final String errorMessage) {
- this.errorCode = errorCode;
- this.errorMessage = errorMessage;
- }
-
- /**
- * Function to get error code
- *
- * @return {@link #errorCode}
- */
- public String getErrorCode() {
- return errorCode;
- }
-
- /**
- * Function to get the error message
- *
- * @return {@link #errorMessage}r
- */
- public String getErrorMessage() {
- return errorMessage;
- }
-
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Constants.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Constants.java
deleted file mode 100644
index de347ac4244..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Constants.java
+++ /dev/null
@@ -1,61 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.constants;
-
-/**
- * Constants related to KEYCLOAK
- *
- * @author Urvil Joshi
- *
- */
-public class Constants {
-
- public static final Object SUB = "sub";
- public static final Object AUD = "aud";
- public static final Object EXP = "exp";
- public static final Object ISS = "iss";
- public static final Object IAT = "iat";
- public static final String JWT_EXPIRY_TIME = "mosip.iam.module.token.endpoint.private-key-jwt.expiry.seconds";
- public static final String BASE_URL = "mosip.iam.base.url";
- public static final String APPLICATION_ID = "APPLICATION_Id";
- public static final String CLIENT_ASSERTION_REFERENCE_ID = "mosip.client.assertion.reference.id";
- public static final String IS_INCLUDE_PAYLOAD = "mosip.include.payload";
- public static final String IS_INCLUDE_CERTIFICATE = "mosip.include.certificate";
- public static final String IS_iNCLUDE_CERT_HASH = "mosip.include.cert.hash";
- public static final String KEYMANAGER_JWT_SIGN_END_POINT = "mosip.keymanager.jwt.sign.end.point";
- public static final String CLIENT_ASSERTION_TYPE = "client_assertion_type";
- public static final String CLIENT_ASSERTION_TYPE_PROPERTY = "mosip.client.assertion.type";
-
- /**
- * Private constructor
- */
- private Constants() {
- // TODO Auto-generated constructor stub
- }
-
- public static final String REDIRECT_URI = "redirect_uri";
-
- public static final String CODE = "code";
-
- public static final String CLIENT_SECRET = "client_secret";
-
- public static final String CLIENT_ID = "client_id";
-
- public static final String GRANT_TYPE = "grant_type";
-
- public static final String STATE = "state";
-
- public static final String RESPONSE_TYPE = "response_type";
-
- public static final String SCOPE = "scope";
-
- public static final String REALM_ID = "realmId";
-
- public static final String ID_TOKEN_HINT = "id_token_hint";
-
- public static final String WHITESPACE = " ";
-
- public static final String CLAIM = "claim";
-
- public static final String CLAIM_PROPERTY = "mosip.iam.module.login_flow.claim";
-
- public static final String CLIENT_ASSERTION = "client_assertion";
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Errors.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Errors.java
deleted file mode 100644
index a5978135bfe..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/Errors.java
+++ /dev/null
@@ -1,81 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.constants;
-
-//TODO Use from core when adapter api will merge
-public enum Errors {
-
- /**
- * Empty Cookie error
- */
- COOKIE_NOTPRESENT_ERROR("KER-ACP-001", "Cookies are empty"),
- /**
- * Empty Cookie error
- */
- TOKEN_NOTPRESENT_ERROR("KER-ACP-002", "Token is not present in cookies"),
- /**
- * IO Exception
- */
- IO_EXCEPTION("KER-ACP-003", "IO Exception occured while passing paging request"),
- /**
- * Cannot connect to auth service
- */
-
- CANNOT_CONNECT_TO_AUTH_SERVICE("KER-ACP-004", "Problem in connecting to auth service"),
-
- /**
- * RESPONSE_PARSE_ERROR
- */
- RESPONSE_PARSE_ERROR("KER-ACP-005", "Error occur while parsing error from response"),
-
- ACESSTOKEN_EXCEPTION("KER-ACP-006", "Error Occured while getting access token from iam"),
-
- STATE_EXCEPTION("KER-ACP-007", "state is not maching"),
-
- REST_EXCEPTION("KER-ACP-008", "Exception occured while consuming service"),
- INVALID_TOKEN("KER-ATH-401", "Authentication Failed : Invalid Token :"),
- EXCEPTION("KER-ACP-500", "Exception occured "),
- ALLOWED_URL_EXCEPTION("KER-ACP-009", "url not found in allowed url's"),
- STATE_NULL_EXCEPTION("KER-ACP-010", "state is null or empty"),
- STATE_NOT_UUID_EXCEPTION("KER-ACP-011", "state is not uuid"),
- UNSUPPORTED_ENCODING_EXCEPTION("KER-ACP-012", "unsupported encoding exception :"),
- JWT_SIGN_EXCEPTION("KER-ACP-013", "Failed to sign jwt" ),
- JSON_PROCESSING_EXCEPTION("KER-ACP-014", "Json Processing Exception");
-
- /**
- * The error code
- */
- private final String errorCode;
- /**
- * The error message
- */
- private final String errorMessage;
-
- /**
- * Constructor to set error code and message
- *
- * @param errorCode the error code
- * @param errorMessage the error message
- */
- private Errors(final String errorCode, final String errorMessage) {
- this.errorCode = errorCode;
- this.errorMessage = errorMessage;
- }
-
- /**
- * Function to get error code
- *
- * @return {@link #errorCode}
- */
- public String getErrorCode() {
- return errorCode;
- }
-
- /**
- * Function to get the error message
- *
- * @return {@link #errorMessage}r
- */
- public String getErrorMessage() {
- return errorMessage;
- }
-
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/IAMConstants.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/IAMConstants.java
deleted file mode 100644
index 8f783f1d75a..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/constants/IAMConstants.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.constants;
-
-/**
- * Constants related to KEYCLOAK
- *
- * @author Urvil Joshi
- *
- */
-public class IAMConstants {
-
- /**
- * Private constructor
- */
- private IAMConstants() {
- // TODO Auto-generated constructor stub
- }
-
- public static final String REDIRECT_URI = "redirect_uri";
-
- public static final String CODE = "code";
-
- public static final String CLIENT_SECRET = "client_secret";
-
- public static final String CLIENT_ID = "client_id";
-
- public static final String GRANT_TYPE = "grant_type";
-
- public static final String STATE = "state";
-
- public static final String RESPONSE_TYPE = "response_type";
-
- public static final String SCOPE = "scope";
-
- public static final String REALM_ID = "realmId";
-
- public static final String ID_TOKEN_HINT = "id_token_hint";
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java
deleted file mode 100644
index 602cd7d0157..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java
+++ /dev/null
@@ -1,189 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.controller;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.UUID;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.codec.binary.Base64;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.core.env.Environment;
-import org.springframework.web.bind.annotation.CookieValue;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.RestController;
-
-import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
-import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
-import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
-import io.mosip.kernel.authcodeflowproxy.api.exception.ClientException;
-import io.mosip.kernel.authcodeflowproxy.api.exception.ServiceException;
-import io.mosip.kernel.authcodeflowproxy.api.service.LoginService;
-import io.mosip.kernel.authcodeflowproxy.api.service.validator.ValidateTokenHelper;
-import io.mosip.kernel.core.http.ResponseFilter;
-import io.mosip.kernel.core.http.ResponseWrapper;
-import io.mosip.kernel.core.util.EmptyCheckUtils;
-
-@RestController
-public class LoginController {
-
- private static final String ID_TOKEN = "id_token";
-
- private final static Logger LOGGER= LoggerFactory.getLogger(LoginController.class);
- private static final String IDTOKEN = "idToken";
-
- @Value("${auth.token.header:Authorization}")
- private String authTokenHeader;
-
- @Value("${iam.locale.cookie.name:KEYCLOAK_LOCALE}")
- private String localeCookieName;
-
- @Value("${iam.locale.cookie.name:/auth/realms/}")
- private String localeCookiePath;
-
-
- @Value("#{'${auth.allowed.urls}'.split(',')}")
- private List allowedUrls;
-
- @Autowired
- private LoginService loginService;
-
- @Autowired
- private ValidateTokenHelper validateTokenHelper;
-
- @Autowired
- private Environment environment;
-
- @Value("${auth.validate.id-token:false}")
- private boolean validateIdToken;
-
- @GetMapping(value = "/login/{redirectURI}")
- public void login(@CookieValue(name = "state", required = false) String state,
- @PathVariable("redirectURI") String redirectURI,
- @RequestParam(name = "state", required = false) String stateParam, HttpServletResponse res)
- throws IOException {
- String stateValue = EmptyCheckUtils.isNullEmpty(state) ? stateParam : state;
- if (EmptyCheckUtils.isNullEmpty(stateValue)) {
- throw new ServiceException(Errors.STATE_NULL_EXCEPTION.getErrorCode(),
- Errors.STATE_NULL_EXCEPTION.getErrorMessage());
- }
-
- // there is no UUID.parse method till so using this as alternative
- try {
- if (!UUID.fromString(stateValue).toString().equals(stateValue)) {
- throw new ServiceException(Errors.STATE_NOT_UUID_EXCEPTION.getErrorCode(),
- Errors.STATE_NOT_UUID_EXCEPTION.getErrorMessage());
- }
- } catch (IllegalArgumentException exception) {
- throw new ServiceException(Errors.STATE_NOT_UUID_EXCEPTION.getErrorCode(),
- Errors.STATE_NOT_UUID_EXCEPTION.getErrorMessage());
- }
-
- String uri = loginService.login(redirectURI, stateValue);
- Cookie stateCookie = new Cookie("state", stateValue);
- setCookieParams(stateCookie,true,true,"/");
- res.addCookie(stateCookie);
- res.setStatus(302);
- res.sendRedirect(uri);
- }
-
- @GetMapping(value = "/login-redirect/{redirectURI}")
- public void loginRedirect(@PathVariable("redirectURI") String redirectURI, @RequestParam("state") String state,
- @RequestParam(value="session_state",required = false) String sessionState, @RequestParam("code") String code,
- @CookieValue("state") String stateCookie, HttpServletRequest req, HttpServletResponse res) throws IOException {
- AccessTokenResponseDTO jwtResponseDTO = loginService.loginRedirect(state, sessionState, code, stateCookie,
- redirectURI);
- String accessToken = jwtResponseDTO.getAccessToken();
- validateToken(accessToken);
- Cookie cookie = loginService.createCookie(accessToken);
- res.addCookie(cookie);
- if(validateIdToken) {
- String idTokenProperty = this.environment.getProperty(IDTOKEN, ID_TOKEN);
- String idToken = jwtResponseDTO.getIdToken();
- if(idToken == null) {
- throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(),
- Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage() + ": " + idTokenProperty);
- }
- validateToken(idToken);
- Cookie idTokenCookie = new Cookie(idTokenProperty, idToken);
- setCookieParams(idTokenCookie,true,true,"/");
- res.addCookie(idTokenCookie);
- }
- res.setStatus(302);
- String url = new String(Base64.decodeBase64(redirectURI.getBytes()));
- if(url.contains("#")) {
- url= url.split("#")[0];
- }
- if(!allowedUrls.contains(url)) {
- LOGGER.error("Url {} was not part of allowed url's",url);
- throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
- }
- res.sendRedirect(url);
- }
-
- private void setCookieParams(Cookie idTokenCookie, boolean isHttpOnly, boolean isSecure,String path) {
- idTokenCookie.setHttpOnly(isHttpOnly);
- idTokenCookie.setSecure(isSecure);
- idTokenCookie.setPath(path);
- }
-
- private void validateToken(String accessToken) {
- if(!validateTokenHelper.isTokenValid(accessToken).getKey()){
- throw new ServiceException(Errors.INVALID_TOKEN.getErrorCode(), Errors.INVALID_TOKEN.getErrorMessage());
- }
- }
-
- @ResponseFilter
- @GetMapping(value = "/authorize/admin/validateToken")
- public ResponseWrapper validateAdminToken(HttpServletRequest request, HttpServletResponse res) {
- String authToken = null;
- Cookie[] cookies = request.getCookies();
- if (cookies == null) {
- throw new ClientException(Errors.COOKIE_NOTPRESENT_ERROR.getErrorCode(),
- Errors.COOKIE_NOTPRESENT_ERROR.getErrorMessage());
- }
- MosipUserDto mosipUserDto = null;
-
- for (Cookie cookie : cookies) {
- if (cookie.getName().contains(authTokenHeader)) {
- authToken = cookie.getValue();
- }
- }
- if (authToken == null) {
- throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(),
- Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage());
- }
-
- mosipUserDto = loginService.valdiateToken(authToken);
- Cookie cookie = loginService.createCookie(authToken);
- res.addCookie(cookie);
- ResponseWrapper responseWrapper = new ResponseWrapper<>();
- responseWrapper.setResponse(mosipUserDto);
- return responseWrapper;
- }
-
- @ResponseFilter
- @GetMapping(value = "/logout/user")
- public void logoutUser(
- @CookieValue(value = "Authorization", required = false) String token,@RequestParam(name = "redirecturi", required = true) String redirectURI, HttpServletResponse res) throws IOException {
- redirectURI = new String(Base64.decodeBase64(redirectURI));
- if(redirectURI.contains("#")) {
- redirectURI= redirectURI.split("#")[0];
- }
- if(!allowedUrls.contains(redirectURI)) {
- LOGGER.error("Url {} was not part of allowed url's",redirectURI);
- throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
- }
- String uri = loginService.logoutUser(token,redirectURI);
- res.setStatus(302);
- res.sendRedirect(uri);
- }
-
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/AccessTokenResponse.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/AccessTokenResponse.java
deleted file mode 100644
index 48b48d55fa7..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/AccessTokenResponse.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.dto;
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-@AllArgsConstructor
-@NoArgsConstructor
-@Data
-public class AccessTokenResponse {
- private String access_token;
- private String expires_in;
- private String refresh_expires_in;
- private String refresh_token;
- private String token_type;
- private String session_state;
- private String scope;
- private String id_token;
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/AccessTokenResponseDTO.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/AccessTokenResponseDTO.java
deleted file mode 100644
index bfe49e319f3..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/AccessTokenResponseDTO.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.dto;
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-@AllArgsConstructor
-@NoArgsConstructor
-@Data
-public class AccessTokenResponseDTO {
- private String accessToken;
- private String expiresIn;
- private String idToken;
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/IAMErrorResponseDto.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/IAMErrorResponseDto.java
deleted file mode 100644
index 744ebdb3756..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/IAMErrorResponseDto.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.dto;
-
-import lombok.Data;
-
-@Data
-public class IAMErrorResponseDto {
-
- /** The error. */
- private String error;
-
- /** The error description. */
- private String error_description;
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/JWSSignatureRequestDto.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/JWSSignatureRequestDto.java
deleted file mode 100644
index 1c1bbd24645..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/JWSSignatureRequestDto.java
+++ /dev/null
@@ -1,79 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.dto;
-
-import javax.validation.constraints.NotBlank;
-
-import io.swagger.annotations.ApiModelProperty;
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-/**
- *
- * @author Mahammed Taheer
- * @since 1.2.0-SNAPSHOT
- *
- */
-
-@Data
-@NoArgsConstructor
-@AllArgsConstructor
-public class JWSSignatureRequestDto {
-
- @NotBlank
- @ApiModelProperty(notes = "Base64 encoded JSON Data to sign", example = "ewogICAiYW55S2V5IjogIlRlc3QgSnNvbiIKfQ", required = true)
- private String dataToSign;
-
- /**
- * Application id of decrypting module
- */
- @ApiModelProperty(notes = "Application id to be used for signing", example = "KERNEL", required = false)
- private String applicationId;
-
- /**
- * Refrence Id
- */
- @ApiModelProperty(notes = "Refrence Id", example = "SIGN", required = false)
- private String referenceId;
-
- /**
- * Flag to include payload in JWT Signature Header
- */
- @ApiModelProperty(notes = "Flag to include payload in JWT Signature Header.", example = "false", required = false)
- private Boolean includePayload;
-
- /**
- * Flag to include certificate in JWT Signature Header
- */
- @ApiModelProperty(notes = "Flag to include certificate in JWT Signature Header.", example = "false", required = false)
- private Boolean includeCertificate;
-
- /**
- * Flag to include certificate hash in JWT Signature Header
- */
- @ApiModelProperty(notes = "Flag to include certificate hash(sha256) in JWT Signature Header.", example = "false", required = false)
- private Boolean includeCertHash;
-
- /**
- * Certificate URL to include in JWT Signature Header
- */
- @ApiModelProperty(notes = "Flag to include certificate URL in JWT Signature Header.", required = false)
- private String certificateUrl;
-
- /**
- * Validate inputted JSON to be valid JSON
- */
- @ApiModelProperty(notes = "Flag to validate inputted JSON to be a valid JSON.", required = false)
- private Boolean validateJson;
-
- /**
- * Flag to determine the inputted data to be Base64URL encoded in signature process.
- */
- @ApiModelProperty(notes = "Flag to determine the inputted data to be Base64URL encoded in signature process", required = false)
- private Boolean b64JWSHeaderParam;
-
- /**
- * JWS Algorithm to use for data signing. Current supported Algorithm PS256
- */
- @ApiModelProperty(notes = "JWS Algorithm to use for data signing. Current supported Algorithm PS256.", required = false)
- private String signAlgorithm;
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/JWTSignatureResponseDto.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/JWTSignatureResponseDto.java
deleted file mode 100644
index 539d5ded477..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/JWTSignatureResponseDto.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.dto;
-
-import java.time.LocalDateTime;
-
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-/**
- *
- * @author Mahammed Taheer
- * @since 1.2.0-SNAPSHOT
- *
- */
-@Data
-@NoArgsConstructor
-@AllArgsConstructor
-public class JWTSignatureResponseDto {
-
- /**
- * encrypted data
- */
- private String jwtSignedData;
-
- /**
- * response time.
- */
- private LocalDateTime timestamp;
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/MosipUserDto.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/MosipUserDto.java
deleted file mode 100644
index 9bd0cfb74a3..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/dto/MosipUserDto.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.dto;
-
-import lombok.AllArgsConstructor;
-import lombok.Data;
-import lombok.NoArgsConstructor;
-
-//TODO use this dto from core when adapter changes are pushed
-@Data
-@AllArgsConstructor
-@NoArgsConstructor
-public class MosipUserDto {
- private String userId;
- private String mobile;
- private String mail;
- private String langCode;
- private String userPassword;
- private String name;
- private String role;
- private String rId;
- private String token;
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthCodeProxyExceptionHandler.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthCodeProxyExceptionHandler.java
deleted file mode 100644
index adbf343b7d5..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthCodeProxyExceptionHandler.java
+++ /dev/null
@@ -1,101 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.exception;
-
-import java.io.IOException;
-import java.time.LocalDateTime;
-import java.time.ZoneId;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.RestControllerAdvice;
-import org.springframework.web.util.ContentCachingRequestWrapper;
-
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
-
-import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
-import io.mosip.kernel.core.exception.ExceptionUtils;
-import io.mosip.kernel.core.exception.ServiceError;
-import io.mosip.kernel.core.http.ResponseWrapper;
-import io.mosip.kernel.core.util.EmptyCheckUtils;
-
-@RestControllerAdvice
-@Order(Ordered.HIGHEST_PRECEDENCE)
-public class AuthCodeProxyExceptionHandler {
-
- @Autowired
- private ObjectMapper objectMapper;
-
-
- @ExceptionHandler(ClientException.class)
- public ResponseEntity> clientException(
- HttpServletRequest httpServletRequest, final ClientException e) throws IOException {
- ExceptionUtils.logRootCause(e);
- return new ResponseEntity<>(
- getErrorResponse(httpServletRequest, e.getErrorCode(), e.getErrorText()), HttpStatus.OK);
- }
-
- @ExceptionHandler(ServiceException.class)
- public ResponseEntity> servieException(
- HttpServletRequest httpServletRequest, final ServiceException e) throws IOException {
- ExceptionUtils.logRootCause(e);
- HttpStatus status;
- if(e.getErrorCode().equals(Errors.INVALID_TOKEN.getErrorCode())) {
- status = HttpStatus.UNAUTHORIZED;
- } else {
- status = HttpStatus.OK;
- }
- return new ResponseEntity<>(
- getErrorResponse(httpServletRequest, e.getErrorCode(), e.getErrorText()), status);
- }
-
- @ExceptionHandler(AuthenticationServiceException.class)
- public ResponseEntity> servieException(
- HttpServletRequest httpServletRequest, final AuthenticationServiceException e) throws IOException {
- ExceptionUtils.logRootCause(e);
- return new ResponseEntity<>(
- getErrorResponse(httpServletRequest,Errors.INVALID_TOKEN.getErrorCode(), e.getMessage()), HttpStatus.OK);
- }
-
- @ExceptionHandler(AuthRestException.class)
- public ResponseEntity> authRestException(
- HttpServletRequest httpServletRequest, final AuthRestException exception) throws IOException {
- ExceptionUtils.logRootCause(exception);
- ResponseWrapper errorResponse = setErrors(httpServletRequest);
- errorResponse.getErrors().addAll(exception.getList());
- return new ResponseEntity<>(errorResponse, exception.getHttpStatus());
- }
-
-
- private ResponseWrapper setErrors(HttpServletRequest httpServletRequest) throws IOException {
- ResponseWrapper responseWrapper = new ResponseWrapper<>();
- responseWrapper.setResponsetime(LocalDateTime.now(ZoneId.of("UTC")));
- String requestBody = null;
- if (httpServletRequest instanceof ContentCachingRequestWrapper) {
- requestBody = new String(((ContentCachingRequestWrapper) httpServletRequest).getContentAsByteArray());
- }
- if (EmptyCheckUtils.isNullEmpty(requestBody)) {
- return responseWrapper;
- }
- objectMapper.registerModule(new JavaTimeModule());
- JsonNode reqNode = objectMapper.readTree(requestBody);
- responseWrapper.setId(reqNode.path("id").asText());
- responseWrapper.setVersion(reqNode.path("version").asText());
- return responseWrapper;
- }
-
- private ResponseWrapper getErrorResponse(HttpServletRequest httpServletRequest, String errorCode,
- String errorMessage) throws IOException {
- ServiceError error = new ServiceError(errorCode, errorMessage);
- ResponseWrapper errorResponse = setErrors(httpServletRequest);
- errorResponse.getErrors().add(error);
- return errorResponse;
- }
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthRestException.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthRestException.java
deleted file mode 100644
index 2e179c0aaab..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/AuthRestException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.exception;
-import java.util.List;
-
-import org.springframework.http.HttpStatus;
-
-import io.mosip.kernel.core.exception.BaseUncheckedException;
-import io.mosip.kernel.core.exception.ServiceError;
-import lombok.Getter;
-
-public class AuthRestException extends BaseUncheckedException {
- /**
- * Serializable version ID.
- */
- private static final long serialVersionUID = 8152409863253682472L;
-
- @Getter
- private HttpStatus httpStatus;
- /**
- * This variable holds the MosipErrors list.
- */
- private final List list;
-
- /**
- * @param list The error list.
- * @param httpStatus
- */
- public AuthRestException(List list, HttpStatus httpStatus) {
- this.list = list;
- this.httpStatus = httpStatus;
- }
-
- /**
- * Getter for error list.
- *
- * @return The error list.
- */
- public List getList() {
- return list;
- }
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/ClientException.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/ClientException.java
deleted file mode 100644
index 29e4082f8ed..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/ClientException.java
+++ /dev/null
@@ -1,23 +0,0 @@
-
-package io.mosip.kernel.authcodeflowproxy.api.exception;
-
-import io.mosip.kernel.core.exception.BaseUncheckedException;
-
-public class ClientException extends BaseUncheckedException {
-
- private static final long serialVersionUID = 4060346018688709387L;
-
- /**
- * Constructor the initialize Handler exception
- *
- * @param errorCode The error code for this exception
- * @param errorMessage The error message for this exception
- */
- public ClientException(String errorCode, String errorMessage) {
- super(errorMessage, errorCode);
- }
-
- public ClientException(String errorCode, String errorMessage, Throwable cause) {
- super(errorMessage, errorCode, cause);
- }
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/ServiceException.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/ServiceException.java
deleted file mode 100644
index cb5df759e61..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/exception/ServiceException.java
+++ /dev/null
@@ -1,23 +0,0 @@
-
-package io.mosip.kernel.authcodeflowproxy.api.exception;
-
-import io.mosip.kernel.core.exception.BaseUncheckedException;
-
-public class ServiceException extends BaseUncheckedException {
-
- private static final long serialVersionUID = 4060346018688709387L;
-
- /**
- * Constructor the initialize Handler exception
- *
- * @param errorCode The error code for this exception
- * @param errorMessage The error message for this exception
- */
- public ServiceException(String errorCode, String errorMessage) {
- super(errorCode, errorMessage);
- }
-
- public ServiceException(String errorCode, String errorMessage, Throwable cause) {
- super(errorCode, errorMessage, cause);
- }
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/LoginService.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/LoginService.java
deleted file mode 100644
index 9762d3f217b..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/LoginService.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.service;
-
-import javax.servlet.http.Cookie;
-
-
-import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
-
-import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
-import io.mosip.kernel.core.authmanager.model.AuthResponseDto;
-
-public interface LoginService {
-
- String login(String redirectURI, String state);
-
- Cookie createCookie(String authCookie);
-
- MosipUserDto valdiateToken(String authToken);
-
-
- AccessTokenResponseDTO loginRedirect(String state, String sessionState, String code, String stateCookie,
- String redirectURI);
-
- String logoutUser(String token, String redirectURI);
-
-
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/impl/LoginServiceImpl.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/impl/LoginServiceImpl.java
deleted file mode 100644
index c815be75d1a..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/impl/LoginServiceImpl.java
+++ /dev/null
@@ -1,338 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.service.impl;
-
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
-import java.time.Instant;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-
-import javax.servlet.http.Cookie;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.core.env.Environment;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.stereotype.Service;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
-import org.springframework.web.client.HttpClientErrorException;
-import org.springframework.web.client.HttpServerErrorException;
-import org.springframework.web.client.HttpStatusCodeException;
-import org.springframework.web.client.RestTemplate;
-import org.springframework.web.util.UriComponentsBuilder;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import io.mosip.kernel.authcodeflowproxy.api.constants.Constants;
-import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
-import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponse;
-import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponseDTO;
-import io.mosip.kernel.authcodeflowproxy.api.dto.IAMErrorResponseDto;
-import io.mosip.kernel.authcodeflowproxy.api.dto.JWSSignatureRequestDto;
-import io.mosip.kernel.authcodeflowproxy.api.dto.JWTSignatureResponseDto;
-import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
-import io.mosip.kernel.authcodeflowproxy.api.exception.AuthRestException;
-import io.mosip.kernel.authcodeflowproxy.api.exception.ClientException;
-import io.mosip.kernel.authcodeflowproxy.api.exception.ServiceException;
-import io.mosip.kernel.authcodeflowproxy.api.service.LoginService;
-import io.mosip.kernel.authcodeflowproxy.api.utils.AuthCodeProxyFlowUtils;
-import io.mosip.kernel.core.exception.ExceptionUtils;
-import io.mosip.kernel.core.exception.ServiceError;
-import io.mosip.kernel.core.http.RequestWrapper;
-import io.mosip.kernel.core.http.ResponseWrapper;
-import io.mosip.kernel.core.util.CryptoUtil;
-import io.mosip.kernel.core.util.DateUtils;
-import io.mosip.kernel.core.util.EmptyCheckUtils;
-
-@Service
-public class LoginServiceImpl implements LoginService {
-
- @Value("${mosip.kernel.auth-code-url-splitter:#URISPLITTER#}")
- private String urlSplitter;
-
- @Value("${mosip.security.secure-cookie:false}")
- private boolean isSecureCookie;
-
- @Value("${auth.token.header:Authorization}")
- private String authTokenHeader;
-
- @Value("${auth.jwt.expiry:1800000}")
- private int authTokenExpiry;
-
- @Value("${mosip.iam.module.login_flow.name:authorization_code}")
- private String loginFlowName;
-
- @Value("${mosip.iam.module.clientid}")
- private String clientID;
-
- @Value("${mosip.iam.module.clientsecret}")
- private String clientSecret;
-
- @Value("${mosip.iam.module.redirecturi}")
- private String redirectURI;
-
- @Value("${mosip.iam.module.login_flow.scope:cls}")
- private String scope;
-
- @Value("${mosip.iam.module.login_flow.response_type:code}")
- private String responseType;
-
- @Value("${mosip.iam.authorization_endpoint}")
- private String authorizationEndpoint;
-
- @Value("${mosip.iam.module.admin_realm_id}")
- private String realmID;
-
- @Value("${mosip.iam.token_endpoint}")
- private String tokenEndpoint;
-
- @Value("${auth.server.admin.validate.url}")
- private String validateUrl;
-
-
- @Value("${mosip.iam.post-logout-uri-param-key:post_logout_redirect_uri}")
- private String postLogoutRedirectURIParamKey;
-
- @Value("${mosip.iam.end-session-endpoint-path:/protocol/openid-connect/logout}")
- private String endSessionEndpointPath;
-
- @Value("${mosip.iam.module.token.endpoint.private-key-jwt.auth.enabled:false}")
- private boolean isJwtAuthEnabled;
-
- @Autowired
- private RestTemplate restTemplate;
-
- @Autowired(required = false)
- @Qualifier("selfTokenRestTemplate")
- private RestTemplate selfTokenRestTemplate;
-
- @Autowired
- private ObjectMapper objectMapper;
-
- @Autowired
- private Environment environment;
-
- @Override
- public String login(String redirectURI, String state) {
- Map pathParam = new HashMap<>();
- pathParam.put("realmId", realmID);
- UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromHttpUrl(authorizationEndpoint);
- uriComponentsBuilder.queryParam(Constants.CLIENT_ID, clientID);
- uriComponentsBuilder.queryParam(Constants.REDIRECT_URI, this.redirectURI + redirectURI);
- uriComponentsBuilder.queryParam(Constants.STATE, state);
- uriComponentsBuilder.queryParam(Constants.RESPONSE_TYPE, responseType);
- uriComponentsBuilder.queryParam(Constants.SCOPE, scope);
- String claim = this.environment.getProperty(Constants.CLAIM_PROPERTY);
- if(claim != null){
- uriComponentsBuilder.queryParam(Constants.CLAIM, urlEncode(claim));
- }
- return uriComponentsBuilder.buildAndExpand(pathParam).toString();
- }
-
- private static String urlEncode(String value) {
- try {
- return URLEncoder.encode(value, StandardCharsets.UTF_8.toString());
- } catch (UnsupportedEncodingException e) {
- throw new ServiceException(Errors.UNSUPPORTED_ENCODING_EXCEPTION.getErrorCode(),
- Errors.UNSUPPORTED_ENCODING_EXCEPTION.getErrorMessage() + Constants.WHITESPACE + e.getMessage(), e);
- }
- }
-
- @Override
- public Cookie createCookie(String authCookie) {
- final Cookie cookie = new Cookie(authTokenHeader, authCookie);
- cookie.setMaxAge(authTokenExpiry);
- cookie.setHttpOnly(true);
- cookie.setSecure(isSecureCookie);
- cookie.setPath("/");
- return cookie;
- }
-
- @Override
- public MosipUserDto valdiateToken(String authToken) {
-
- HttpHeaders headers = new HttpHeaders();
- headers.add("Cookie", authTokenHeader + "=" + authToken);
- HttpEntity requestEntity = new HttpEntity<>(headers);
- ResponseEntity response = null;
- try {
- response = restTemplate.exchange(validateUrl, HttpMethod.GET, requestEntity, String.class);
- } catch (HttpClientErrorException | HttpServerErrorException e) {
- String responseBody = e.getResponseBodyAsString();
- List validationErrorList = ExceptionUtils.getServiceErrorList(responseBody);
-
- if (!validationErrorList.isEmpty()) {
- throw new AuthRestException(validationErrorList, e.getStatusCode());
- } else {
- throw new ServiceException(Errors.REST_EXCEPTION.getErrorCode(), e.getResponseBodyAsString());
- }
-
- }
- String responseBody = response.getBody();
- List validationErrorList = ExceptionUtils.getServiceErrorList(responseBody);
-
- if (!validationErrorList.isEmpty()) {
- throw new AuthRestException(validationErrorList, response.getStatusCode());
- }
- ResponseWrapper responseObject;
- MosipUserDto mosipUserDto;
- try {
- responseObject = objectMapper.readValue(response.getBody(), ResponseWrapper.class);
- mosipUserDto = objectMapper.readValue(objectMapper.writeValueAsString(responseObject.getResponse()),
- MosipUserDto.class);
- } catch (IOException e) {
- throw new ServiceException(Errors.IO_EXCEPTION.getErrorCode(), Errors.IO_EXCEPTION.getErrorMessage());
- }
- return mosipUserDto;
- }
-
- @Override
- public AccessTokenResponseDTO loginRedirect(String state, String sessionState, String code, String stateCookie,
- String redirectURI) {
- // Compare states
- if (!stateCookie.equals(state)) {
- throw new ClientException(Errors.STATE_EXCEPTION.getErrorCode(), Errors.STATE_EXCEPTION.getErrorMessage());
- }
-
- HttpHeaders headers = new HttpHeaders();
- headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
- MultiValueMap map = new LinkedMultiValueMap<>();
- map.add(Constants.GRANT_TYPE, loginFlowName);
- map.add(Constants.CLIENT_ID, clientID);
- if(isJwtAuthEnabled){
- map.add(Constants.CLIENT_ASSERTION, getClientAssertion());
- map.add(Constants.CLIENT_ASSERTION_TYPE, this.environment.getProperty(Constants.CLIENT_ASSERTION_TYPE_PROPERTY));
- } else{
- map.add(Constants.CLIENT_SECRET, clientSecret);
- }
- map.add(Constants.CODE, code);
- map.add(Constants.REDIRECT_URI, this.redirectURI + redirectURI);
- Map pathParam = new HashMap<>();
- pathParam.put("realmId", realmID);
- UriComponentsBuilder uriBuilder = UriComponentsBuilder.fromUriString(tokenEndpoint);
- HttpEntity> entity = new HttpEntity<>(map, headers);
- ResponseEntity responseEntity = null;
- try {
- responseEntity = restTemplate.exchange(uriBuilder.buildAndExpand(pathParam).toUriString(), HttpMethod.POST,
- entity, String.class);
-
- } catch (HttpClientErrorException | HttpServerErrorException e) {
- IAMErrorResponseDto keycloakErrorResponseDto = parseKeyClockErrorResponse(e);
-
- throw new ServiceException(Errors.ACESSTOKEN_EXCEPTION.getErrorCode(),
- Errors.ACESSTOKEN_EXCEPTION.getErrorMessage() + Constants.WHITESPACE
- + keycloakErrorResponseDto.getError_description(), e);
- }
- AccessTokenResponse accessTokenResponse = null;
- try {
- accessTokenResponse = objectMapper.readValue(responseEntity.getBody(), AccessTokenResponse.class);
- } catch (IOException exception) {
- throw new ServiceException(Errors.RESPONSE_PARSE_ERROR.getErrorCode(),
- Errors.RESPONSE_PARSE_ERROR.getErrorMessage() + Constants.WHITESPACE + exception.getMessage(), exception);
- }
- AccessTokenResponseDTO accessTokenResponseDTO = new AccessTokenResponseDTO();
- accessTokenResponseDTO.setAccessToken(accessTokenResponse.getAccess_token());
- accessTokenResponseDTO.setExpiresIn(accessTokenResponse.getExpires_in());
- accessTokenResponseDTO.setIdToken(accessTokenResponse.getId_token());
- return accessTokenResponseDTO;
- }
-
- private String getClientAssertion() {
- JWSSignatureRequestDto jwsSignatureRequestDto = new JWSSignatureRequestDto();
- try {
- jwsSignatureRequestDto.setDataToSign(getDataToSign());
- jwsSignatureRequestDto.setReferenceId(this.environment.getProperty(Constants.CLIENT_ASSERTION_REFERENCE_ID));
- jwsSignatureRequestDto.setApplicationId(this.environment.getProperty(Constants.APPLICATION_ID));
- jwsSignatureRequestDto.setIncludePayload(Boolean.valueOf(this.environment.getProperty(Constants.IS_INCLUDE_PAYLOAD)));
- jwsSignatureRequestDto.setIncludeCertificate(Boolean.valueOf(this.environment.getProperty(Constants.IS_INCLUDE_CERTIFICATE)));
- jwsSignatureRequestDto.setIncludeCertHash(Boolean.valueOf(this.environment.getProperty(Constants.IS_iNCLUDE_CERT_HASH)));
-
- RequestWrapper requestWrapper = new RequestWrapper<>();
- requestWrapper.setRequest(jwsSignatureRequestDto);
- requestWrapper.setRequesttime(DateUtils.getUTCCurrentDateTime());
- HttpEntity> requestWrapperHttpEntity = new HttpEntity<>(requestWrapper);
- ResponseWrapper responseWrapper =
- selfTokenRestTemplate.exchange(URI.create(Objects.requireNonNull(this.environment.getProperty(Constants.KEYMANAGER_JWT_SIGN_END_POINT))),
- HttpMethod.POST, requestWrapperHttpEntity, ResponseWrapper.class).getBody();
- Object responseObject = Objects.requireNonNull(responseWrapper).getResponse();
- JWTSignatureResponseDto responseDto= objectMapper.convertValue(responseObject, JWTSignatureResponseDto.class);
- return responseDto.getJwtSignedData();
- } catch (HttpClientErrorException | HttpServerErrorException e) {
- throw new ServiceException(Errors.JWT_SIGN_EXCEPTION.getErrorCode(),
- Errors.JWT_SIGN_EXCEPTION.getErrorMessage());
- }
- }
-
- private String getDataToSign() {
- Map dataToSignMap = new LinkedHashMap();
- dataToSignMap.put(Constants.SUB, clientID);
- dataToSignMap.put(Constants.ISS, clientID);
- dataToSignMap.put(Constants.AUD, this.environment.getProperty(Constants.BASE_URL));
- dataToSignMap.put(Constants.EXP, getExpiryTime());
- dataToSignMap.put(Constants.IAT, getEpochTime());
- String jsonObject = null;
- try {
- jsonObject = objectMapper.writeValueAsString(dataToSignMap);
- } catch (JsonProcessingException e) {
- throw new ServiceException(Errors.JSON_PROCESSING_EXCEPTION.getErrorCode(),
- Errors.JSON_PROCESSING_EXCEPTION.getErrorMessage());
- }
- return CryptoUtil.encodeToPlainBase64(jsonObject.getBytes());
- }
-
- private Object getEpochTime() {
- Instant instant = Instant.now();
- return instant.getEpochSecond();
- }
-
- private Object getExpiryTime() {
- int expirySec = Integer.parseInt(Objects.requireNonNull(this.environment.getProperty(Constants.JWT_EXPIRY_TIME)));
- Instant instant = Instant.now().plusSeconds(expirySec);
- return instant.getEpochSecond();
- }
-
- private IAMErrorResponseDto parseKeyClockErrorResponse(HttpStatusCodeException exception) {
- IAMErrorResponseDto keycloakErrorResponseDto = null;
- try {
- keycloakErrorResponseDto = objectMapper.readValue(exception.getResponseBodyAsString(),
- IAMErrorResponseDto.class);
-
- } catch (IOException e) {
- throw new ServiceException(Errors.RESPONSE_PARSE_ERROR.getErrorCode(),
- Errors.RESPONSE_PARSE_ERROR.getErrorMessage() + Constants.WHITESPACE + e.getMessage());
- }
- return keycloakErrorResponseDto;
- }
-
- @Override
- public String logoutUser(String token,String redirectURI) {
- if (EmptyCheckUtils.isNullEmpty(token)) {
- throw new AuthenticationServiceException(Errors.INVALID_TOKEN.getErrorMessage());
- }
- String issuer = AuthCodeProxyFlowUtils.getissuer(token);
- StringBuilder urlBuilder = new StringBuilder().append(issuer).append(endSessionEndpointPath);
- UriComponentsBuilder uriComponentsBuilder;
- try {
- uriComponentsBuilder = UriComponentsBuilder.fromUriString(urlBuilder.toString())
- .queryParam(postLogoutRedirectURIParamKey, URLEncoder.encode(redirectURI, StandardCharsets.UTF_8.toString()));
- } catch (UnsupportedEncodingException e) {
- throw new ServiceException(Errors.UNSUPPORTED_ENCODING_EXCEPTION.getErrorCode(),
- Errors.UNSUPPORTED_ENCODING_EXCEPTION.getErrorMessage() + Constants.WHITESPACE + e.getMessage(), e);
- }
- return uriComponentsBuilder.build().toString();
- }
-
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/validator/ValidateTokenHelper.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/validator/ValidateTokenHelper.java
deleted file mode 100644
index b0ea910f363..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/service/validator/ValidateTokenHelper.java
+++ /dev/null
@@ -1,226 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.service.validator;
-
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.time.LocalDateTime;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.tuple.ImmutablePair;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.core.env.Environment;
-import org.springframework.stereotype.Component;
-
-import com.auth0.jwk.Jwk;
-import com.auth0.jwk.JwkException;
-import com.auth0.jwk.JwkProvider;
-import com.auth0.jwk.UrlJwkProvider;
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.SignatureVerificationException;
-import com.auth0.jwt.impl.NullClaim;
-import com.auth0.jwt.interfaces.Claim;
-import com.auth0.jwt.interfaces.DecodedJWT;
-
-import io.mosip.kernel.authcodeflowproxy.api.constants.AuthConstant;
-import io.mosip.kernel.authcodeflowproxy.api.constants.AuthErrorCode;
-import io.mosip.kernel.core.util.DateUtils;
-import io.mosip.kernel.core.util.EmptyCheckUtils;
-
-/**
- * Token validator
- *
- * @author Loganathan S
- *
- */
-@Component
-public class ValidateTokenHelper {
-
- private static final Logger LOGGER = LoggerFactory.getLogger(ValidateTokenHelper.class);
-
- private Map publicKeys = new HashMap<>();
-
- @Value("${mosip.iam.certs_endpoint}")
- private String certsPathUrl;
-
- @Value("${auth.server.admin.issuer.domain.validate:true}")
- private boolean validateIssuerDomain;
-
- @Value("${auth.server.admin.audience.claim.validate:true}")
- private boolean validateAudClaim;
-
- // @Value("${auth.server.admin.allowed.audience:}")
- private List allowedAudience;
-
- @Autowired
- private Environment environment;
-
- @PostConstruct
- @SuppressWarnings("unchecked")
- private void init() {
- String applName = getApplicationName();
- this.allowedAudience = (List) environment.getProperty("auth.server.admin.allowed.audience." + applName,
- List.class,
- environment.getProperty("auth.server.admin.allowed.audience", List.class, Collections.EMPTY_LIST));
- }
-
- private String getApplicationName() {
- String appNames = environment.getProperty("spring.application.name");
- if (!EmptyCheckUtils.isNullEmpty(appNames)) {
- List appNamesList = Stream.of(appNames.split(",")).collect(Collectors.toList());
- return appNamesList.get(0);
- } else {
- throw new RuntimeException("property spring.application.name not found");
- }
- }
-
- public ImmutablePair isTokenValid(String jwtToken) {
- return isTokenValid(JWT.decode(jwtToken));
- }
-
- public ImmutablePair isTokenValid(DecodedJWT decodedJWT) {
- PublicKey publicKey = getPublicKey(decodedJWT);
- // First, token expire
- LocalDateTime expiryTime = DateUtils
- .convertUTCToLocalDateTime(DateUtils.getUTCTimeFromDate(decodedJWT.getExpiresAt()));
- String userName = decodedJWT.getClaim(AuthConstant.PREFERRED_USERNAME).asString();
- if (!DateUtils.before(DateUtils.getUTCCurrentDateTime(), expiryTime)) {
- LOGGER.error("Provided Auth Token expired. Throwing Authentication Exception. UserName: " + userName);
- return ImmutablePair.of(Boolean.FALSE, AuthErrorCode.UNAUTHORIZED);
- }
-
- // Second, issuer domain check.
- if (validateIssuerDomain && !getTokenIssuerDomain(decodedJWT)) {
- LOGGER.error(
- "Provided Auth Token Issue domain does not match. Throwing Authentication Exception. UserName: "
- + userName);
- return ImmutablePair.of(Boolean.FALSE, AuthErrorCode.UNAUTHORIZED);
- }
-
- // Third, signature validation.
- ImmutablePair signatureVerificationResult = verifyJWTSignagure(decodedJWT);
- // If signature validation fails return the error code
- if(!signatureVerificationResult.getLeft()) {
- return signatureVerificationResult;
- }
-
- // Fourth, audience | azp validation.
- // No match found after comparing audience & azp
- if (validateAudClaim && !validateAudience(decodedJWT)) {
- LOGGER.error("Provided Client Id does not match with Aud/AZP. Throwing Authorizaion Exception. UserName: "
- + userName);
- return ImmutablePair.of(Boolean.FALSE, AuthErrorCode.FORBIDDEN);
- }
- return ImmutablePair.of(Boolean.TRUE, null);
- }
-
- private boolean validateAudience(DecodedJWT decodedJWT) {
- boolean matchFound;
-
- List tokenAudience = decodedJWT.getAudience();
- matchFound = tokenAudience != null && tokenAudience.stream().anyMatch(allowedAudience::contains);
-
- // comparing with azp.
- if (!matchFound) {
- Claim azp = decodedJWT.getClaim(AuthConstant.AZP);
- matchFound = azp != null && !(azp instanceof NullClaim) && allowedAudience.stream().anyMatch(azp.asString()::equalsIgnoreCase);
- }
-
- return matchFound;
- }
-
- /**
- * This method validates if the issuer domain in the JWT matches the issuerURI
- * configured in the properties.
- *
- * @param decodedJWT
- * @return
- */
- private boolean getTokenIssuerDomain(DecodedJWT decodedJWT) {
- String domain = decodedJWT.getClaim(AuthConstant.ISSUER).asString();
- try {
- String tokenHost = new URI(domain).getHost();
- return tokenHost.equalsIgnoreCase(new URI(certsPathUrl).getHost());
- } catch (URISyntaxException synExp) {
- LOGGER.error("Unable to parse domain from issuer.", synExp);
- }
- return false;
- }
-
- public PublicKey getPublicKey(DecodedJWT decodedJWT) {
- String userName = decodedJWT.getClaim(AuthConstant.PREFERRED_USERNAME).asString();
- LOGGER.info("offline verification for environment profile. UserName: " + userName);
-
- String keyId = decodedJWT.getKeyId();
- PublicKey publicKey = publicKeys.get(keyId);
-
- if (Objects.isNull(publicKey)) {
- publicKey = getIssuerPublicKey(keyId);
- publicKeys.put(keyId, publicKey);
- }
- return publicKey;
- }
-
- /**
- * Verify the signature of the given JWT.
- *
- * @param decodedJWT - the decoded JWT
- * @return if it is valid or not and any error code in case if it not valid.
- */
- public ImmutablePair verifyJWTSignagure(DecodedJWT decodedJWT) {
- try {
- String tokenAlgo = decodedJWT.getAlgorithm();
- PublicKey publicKey = getPublicKey(decodedJWT);
- Algorithm algorithm = getVerificationAlgorithm(tokenAlgo, publicKey);
- algorithm.verify(decodedJWT);
- } catch (SignatureVerificationException signatureException) {
- LOGGER.error("Signature validation failed for User Info, Throwing Authentication Exception.",
- signatureException);
- return ImmutablePair.of(Boolean.FALSE, AuthErrorCode.UNAUTHORIZED);
- }
-
- return ImmutablePair.of(Boolean.TRUE, null);
-
- }
-
- private PublicKey getIssuerPublicKey(String keyId) {
- try {
-
- URI uri = new URI(certsPathUrl).normalize();
- JwkProvider provider = new UrlJwkProvider(uri.toURL());
- Jwk jwk = provider.get(keyId);
- return jwk.getPublicKey();
- } catch (JwkException | URISyntaxException | MalformedURLException e) {
- LOGGER.error("Error downloading Public key from server".concat(e.getMessage()));
- }
- return null;
- }
-
- private Algorithm getVerificationAlgorithm(String tokenAlgo, PublicKey publicKey) {
- // Later will add other Algorithms.
- switch (tokenAlgo) {
- case "RS256":
- return Algorithm.RSA256((RSAPublicKey) publicKey, null);
- case "RS384":
- return Algorithm.RSA384((RSAPublicKey) publicKey, null);
- case "RS512":
- return Algorithm.RSA512((RSAPublicKey) publicKey, null);
- default:
- return Algorithm.RSA256((RSAPublicKey) publicKey, null);
- }
- }
-
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/utils/AuthCodeProxyFlowUtils.java b/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/utils/AuthCodeProxyFlowUtils.java
deleted file mode 100644
index e450576fa9e..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/utils/AuthCodeProxyFlowUtils.java
+++ /dev/null
@@ -1,27 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.utils;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.interfaces.DecodedJWT;
-
-public class AuthCodeProxyFlowUtils {
-
- private AuthCodeProxyFlowUtils() {
-
- }
-
- static Map decodedJWTCache = new HashMap<>();
-
- public static String getissuer(String token) {
- DecodedJWT decodedJWT = null;
- if(decodedJWTCache.get(token)!=null)
- decodedJWT = decodedJWTCache.get(token);
- else{
- decodedJWT = JWT.decode(token);
- decodedJWTCache.put(token, decodedJWT);
- }
- return decodedJWT.getClaim("iss").asString();
- }
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/main/resources/META-INF/spring.factories b/kernel/kernel-authcodeflowproxy-api/src/main/resources/META-INF/spring.factories
deleted file mode 100644
index 3230fb97de2..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/main/resources/META-INF/spring.factories
+++ /dev/null
@@ -1,6 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-io.mosip.kernel.authcodeflowproxy.api.controller.LoginController,\
-io.mosip.kernel.authcodeflowproxy.api.service.impl.LoginServiceImpl,\
-io.mosip.kernel.authcodeflowproxy.api.config.AuthCodeProxyConfig,\
-io.mosip.kernel.authcodeflowproxy.api.exception.AuthCodeProxyExceptionHandler,\
-io.mosip.kernel.authcodeflowproxy.api.service.validator.ValidateTokenHelper
diff --git a/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/AuthProxyFlowTestBootApplication.java b/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/AuthProxyFlowTestBootApplication.java
deleted file mode 100644
index 09de5b9bbc5..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/AuthProxyFlowTestBootApplication.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.test;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-
-/**
- * Audit manager application
- *
- * @author Dharmesh Khandelwal
- * @since 1.0.0
- *
- */
-@SpringBootApplication(scanBasePackages = { "io.mosip.kernel.authcodeflowproxy.api.*" })
-public class AuthProxyFlowTestBootApplication {
-
- /**
- * Main method to run spring boot application
- *
- * @param args args
- */
- public static void main(String[] args) {
- SpringApplication.run(AuthProxyFlowTestBootApplication.class, args);
- }
-}
diff --git a/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/config/TestSecurityConfig.java b/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/config/TestSecurityConfig.java
deleted file mode 100644
index a0a69cbb73c..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/config/TestSecurityConfig.java
+++ /dev/null
@@ -1,86 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.test.config;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.provisioning.InMemoryUserDetailsManager;
-import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.security.web.firewall.DefaultHttpFirewall;
-import org.springframework.security.web.firewall.HttpFirewall;
-import org.springframework.web.client.RestTemplate;
-
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = false)
-public class TestSecurityConfig extends WebSecurityConfigurerAdapter {
-
- @Bean
- public RestTemplate restTemplate() {
- return new RestTemplate();
- }
-
- @Bean
- public HttpFirewall defaultHttpFirewall() {
- return new DefaultHttpFirewall();
- }
-
- @Override
- public void configure(WebSecurity webSecurity) throws Exception {
- webSecurity.ignoring().antMatchers("**");
- super.configure(webSecurity);
- webSecurity.httpFirewall(defaultHttpFirewall());
- }
-
- private String[] allowedEndPoints() {
- return new String[] { "/assets/**", "/icons/**", "/screenshots/**", "/favicon**", "/**/favicon**", "/css/**",
- "/js/**", "/*/error**", "/*/webjars/**", "/*/v2/api-docs", "/*/configuration/ui",
- "/*/configuration/security", "/*/swagger-resources/**", "/*/swagger-ui.html" };
- }
-
- @Override
- protected void configure(final HttpSecurity httpSecurity) throws Exception {
- httpSecurity.csrf().disable();
- httpSecurity.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling()
- .authenticationEntryPoint(unauthorizedEntryPoint());
- }
-
- @Bean
- public AuthenticationEntryPoint unauthorizedEntryPoint() {
- return (request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- }
-
- @Bean
- public UserDetailsService userDetailsService() {
- List users = new ArrayList<>();
- users.add(new User("reg-officer", "mosip",
- Arrays.asList(new SimpleGrantedAuthority("ROLE_REGISTRATION_OFFICER"))));
- users.add(new User("reg-supervisor", "mosip",
- Arrays.asList(new SimpleGrantedAuthority("ROLE_REGISTRATION_SUPERVISOR"))));
- users.add(new User("reg-admin", "mosip", Arrays.asList(new SimpleGrantedAuthority("ROLE_REGISTRATION_ADMIN"))));
- users.add(new User("reg-processor", "mosip",
- Arrays.asList(new SimpleGrantedAuthority("ROLE_REGISTRATION_PROCESSOR"))));
- users.add(new User("id-auth", "mosip", Arrays.asList(new SimpleGrantedAuthority("ROLE_ID_AUTHENTICATION"))));
- users.add(new User("individual", "mosip", Arrays.asList(new SimpleGrantedAuthority("ROLE_INDIVIDUAL"))));
- users.add(new User("test", "mosip", Arrays.asList(new SimpleGrantedAuthority("ROLE_TEST"))));
- return new InMemoryUserDetailsManager(users);
- }
-
-
-
-}
\ No newline at end of file
diff --git a/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/controller/AuthProxyControllerTests.java b/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/controller/AuthProxyControllerTests.java
deleted file mode 100644
index 1dcd4c8d829..00000000000
--- a/kernel/kernel-authcodeflowproxy-api/src/test/java/io/mosip/kernel/authcodeflowproxy/api/test/controller/AuthProxyControllerTests.java
+++ /dev/null
@@ -1,687 +0,0 @@
-package io.mosip.kernel.authcodeflowproxy.api.test.controller;
-
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.JWTCreator.Builder;
-import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.SignatureVerificationException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import io.mosip.kernel.authcodeflowproxy.api.constants.AuthConstant;
-import io.mosip.kernel.authcodeflowproxy.api.constants.Constants;
-import io.mosip.kernel.authcodeflowproxy.api.constants.Errors;
-import io.mosip.kernel.authcodeflowproxy.api.dto.AccessTokenResponse;
-import io.mosip.kernel.authcodeflowproxy.api.dto.IAMErrorResponseDto;
-import io.mosip.kernel.authcodeflowproxy.api.dto.JWTSignatureResponseDto;
-import io.mosip.kernel.authcodeflowproxy.api.dto.MosipUserDto;
-import io.mosip.kernel.authcodeflowproxy.api.service.LoginService;
-import io.mosip.kernel.authcodeflowproxy.api.service.validator.ValidateTokenHelper;
-import io.mosip.kernel.authcodeflowproxy.api.test.AuthProxyFlowTestBootApplication;
-import io.mosip.kernel.core.exception.ServiceError;
-import io.mosip.kernel.core.http.ResponseWrapper;
-import io.mosip.kernel.core.util.CryptoUtil;
-import io.mosip.kernel.core.util.DateUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.Mock;
-import org.powermock.api.mockito.PowerMockito;
-import org.powermock.core.classloader.annotations.PowerMockIgnore;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-import org.powermock.modules.junit4.PowerMockRunnerDelegate;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.boot.test.mock.mockito.SpyBean;
-import org.springframework.core.env.Environment;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
-import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.test.util.ReflectionTestUtils;
-import org.springframework.test.web.client.ExpectedCount;
-import org.springframework.test.web.client.MockRestServiceServer;
-import org.springframework.test.web.servlet.MockMvc;
-import org.springframework.web.client.RestTemplate;
-
-import javax.servlet.http.Cookie;
-import java.net.URI;
-import java.time.Instant;
-import java.time.ZoneOffset;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
-
-import static org.hamcrest.CoreMatchers.is;
-import static org.hamcrest.CoreMatchers.isA;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doThrow;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
-import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
-import static org.springframework.test.web.client.response.MockRestResponseCreators.withStatus;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
-
-@SpringBootTest(classes = { AuthProxyFlowTestBootApplication.class })
-@AutoConfigureMockMvc
-@RunWith(PowerMockRunner.class)
-@PowerMockRunnerDelegate(SpringRunner.class)
-@PowerMockIgnore({ "com.sun.org.apache.xerces.*", "javax.xml.*", "org.xml.*", "javax.management.*", "com.sun.org.apache.xalan.*" })
-@PrepareForTest(Algorithm.class)
-public class AuthProxyControllerTests {
-
- private static final int UNAUTHORIZED_STATUS = 401;
-
- @Value("${auth.server.admin.validate.url}")
- private String validateUrl;
-
- @Value("${mosip.iam.post-logout-uri-param-key}")
- private String postLogoutRedirectURIParamKey;
-
- @Autowired
- private RestTemplate restTemplate;
-
- private MockRestServiceServer mockServer;
-
- @SpyBean
- private ValidateTokenHelper validateTokenHelper;
-
- @SpyBean
- private LoginService loginService;
-
- @Mock
- private Algorithm mockAlgo;
-
- @Mock
- private Environment environment;
-
- @MockBean
- @Qualifier("selfTokenRestTemplate")
- private RestTemplate selfTokenRestTemplate;
-
- @Before
- public void init() throws Exception {
- mockServer = MockRestServiceServer.createServer(restTemplate);
- PowerMockito.mockStatic(Algorithm.class);
- when(Algorithm.RSA256(any(), any())).thenReturn(mockAlgo);
- ReflectionTestUtils.setField(validateTokenHelper, "validateIssuerDomain", false);
- ReflectionTestUtils.setField(validateTokenHelper, "validateAudClaim", false);
- ReflectionTestUtils.setField(loginService, "isJwtAuthEnabled", false);
- }
-
- @Autowired
- private MockMvc mockMvc;
-
- @Autowired
- private ObjectMapper objectMapper;
-
- @Test
- public void validateTokenTest() throws Exception {
- ResponseWrapper responseWrapper = new ResponseWrapper();
- MosipUserDto mosipUserDto = new MosipUserDto();
- mosipUserDto.setUserId("mock-user");
- mosipUserDto.setMail("mock-user@mosip.io");
- mosipUserDto.setMobile("9999999999");
- mosipUserDto.setRole("MOCK-ROLE");
- responseWrapper.setResponse(mosipUserDto);
-
- mockServer.expect(ExpectedCount.once(), requestTo(new URI(validateUrl))).andExpect(method(HttpMethod.GET))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(responseWrapper)));
- Cookie cookie = new Cookie("Authorization", "mock_access_token");
- mockMvc.perform(get("/authorize/admin/validateToken").contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().isOk()).andExpect(jsonPath("$.response.userId", is("mock-user")));
- }
-
- @Test
- public void validateTokenHttpClientExceptionTest() throws Exception {
- ResponseWrapper responseWrapper = new ResponseWrapper();
- ServiceError serviceError = new ServiceError("KER-ATH-401", "un auth");
- List serviceErrors = new ArrayList<>();
- serviceErrors.add(serviceError);
- responseWrapper.setErrors(serviceErrors);
- mockServer.expect(ExpectedCount.once(), requestTo(new URI(validateUrl))).andExpect(method(HttpMethod.GET))
- .andRespond(withStatus(HttpStatus.UNAUTHORIZED).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(responseWrapper)));
- Cookie cookie = new Cookie("Authorization", "mock_access_token");
- mockMvc.perform(get("/authorize/admin/validateToken").contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().isUnauthorized()).andExpect(jsonPath("$.errors[0].errorCode", is("KER-ATH-401")));
- }
-
- @Test
- public void validateTokenInternalServerTest() throws Exception {
- ResponseWrapper responseWrapper = new ResponseWrapper();
- ServiceError serviceError = new ServiceError("KER-ATH-401", "un auth");
- List serviceErrors = new ArrayList<>();
- serviceErrors.add(serviceError);
- responseWrapper.setErrors(serviceErrors);
- mockServer.expect(ExpectedCount.once(), requestTo(new URI(validateUrl))).andExpect(method(HttpMethod.GET))
- .andRespond(withStatus(HttpStatus.INTERNAL_SERVER_ERROR).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString("internal server error")));
- Cookie cookie = new Cookie("Authorization", "mock_access_token");
- mockMvc.perform(get("/authorize/admin/validateToken").contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().isOk())
- .andExpect(jsonPath("$.errors[0].errorCode", is(Errors.REST_EXCEPTION.getErrorCode())));
- }
-
- @Test
- public void validateTokenErrorResponseTest() throws Exception {
- ResponseWrapper responseWrapper = new ResponseWrapper();
- List errors = new ArrayList<>();
- ServiceError error = new ServiceError("MOCKERRORCODE", "MOCKERROR");
- errors.add(error);
- responseWrapper.setErrors(errors);
- mockServer.expect(ExpectedCount.once(), requestTo(new URI(validateUrl))).andExpect(method(HttpMethod.GET))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(responseWrapper)));
- Cookie cookie = new Cookie("Authorization", "mock_access_token");
- mockMvc.perform(get("/authorize/admin/validateToken").contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().isOk()).andExpect(jsonPath("$.errors[0].errorCode", is("MOCKERRORCODE")));
- }
-
- @Test
- public void logoutTest() throws Exception {
- String mockToken = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzNmYxcDYwYWVDTTBrNy1NaW9sN0Zib2FTdXlRYm95UC03S1RUTmVWLWZNIn0.eyJqdGkiOiJmYTU4Y2NjMC00ZDRiLTQ2ZjAtYjgwOC0yMWI4ZTdhNmMxNDMiLCJleHAiOjE2NDAxODc3MTksIm5iZiI6MCwiaWF0IjoxNjQwMTUxNzE5LCJpc3MiOiJodHRwczovL2Rldi5tb3NpcC5uZXQva2V5Y2xvYWsvYXV0aC9yZWFsbXMvbW9zaXAiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiOWRiZTE0MDEtNTQ1NC00OTlhLTlhMWItNzVhZTY4M2Q0MjZhIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibW9zaXAtcmVzaWRlbnQtY2xpZW50IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiY2QwYjU5NjEtOTYzMi00NmE0LWIzMzgtODc4MWEzNDVmMTZiIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2Rldi5tb3NpcC5uZXQiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIkNSRURFTlRJQUxfUkVRVUVTVCIsIlJFU0lERU5UIiwib2ZmbGluZV9hY2Nlc3MiLCJQQVJUTkVSX0FETUlOIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtb3NpcC1yZXNpZGVudC1jbGllbnQiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImNsaWVudEhvc3QiOiIxMC4yNDQuNS4xNDgiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudElkIjoibW9zaXAtcmVzaWRlbnQtY2xpZW50IiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LW1vc2lwLXJlc2lkZW50LWNsaWVudCIsImNsaWVudEFkZHJlc3MiOiIxMC4yNDQuNS4xNDgifQ.xZq1m3mBTEvFDENKFOI59QsSl3sd_TSDNbhTAOq4x_x_4voPc4hh08gIxUdsVHfXY4T0P8DdZ1xNt8xd1VWc33Hc4b_3kK7ksGY4wwqtb0-pDLQGajCGuG6vebC1rYcjsGRbJ1Gnrj_F2RNY4Ky6Nq5SAJ1Lh_NVKNKFghAXb3YrlmqlmCB1fCltC4XBqNnF5_k4uzLCu_Wr0lt_M87X97DktaRGLOD2_HY1Ire9YPsWkoO8y7X_DRCY59yQDVgYs2nAiR6Am-c55Q0fEQ0HuB4IJHlhtMHm27dXPdOEhFhR8ZPOyeO6ZIcIm0ZTDjusrruqWy2_yO5fe3XIHkCOAw";
- Cookie cookie = new Cookie("Authorization", mockToken);
- mockMvc.perform(get(
- "/logout/user?redirecturi=" + CryptoUtil.encodeToURLSafeBase64("http://localhost:5000/".getBytes()))
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void logoutNullTokenTest() throws Exception {
- mockMvc.perform(get(
- "/logout/user?redirecturi=" + CryptoUtil.encodeToURLSafeBase64("http://localhost:5000/".getBytes()))
- .contentType(MediaType.APPLICATION_JSON))
- .andExpect(jsonPath("$.errors[0].errorCode", is(Errors.INVALID_TOKEN.getErrorCode())));
- }
-
- @Test
- public void logoutServerErrorTokenTest() throws Exception {
-
- String mockToken = "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJzNmYxcDYwYWVDTTBrNy1NaW9sN0Zib2FTdXlRYm95UC03S1RUTmVWLWZNIn0.eyJqdGkiOiJmYTU4Y2NjMC00ZDRiLTQ2ZjAtYjgwOC0yMWI4ZTdhNmMxNDMiLCJleHAiOjE2NDAxODc3MTksIm5iZiI6MCwiaWF0IjoxNjQwMTUxNzE5LCJpc3MiOiJodHRwczovL2Rldi5tb3NpcC5uZXQva2V5Y2xvYWsvYXV0aC9yZWFsbXMvbW9zaXAiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiOWRiZTE0MDEtNTQ1NC00OTlhLTlhMWItNzVhZTY4M2Q0MjZhIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibW9zaXAtcmVzaWRlbnQtY2xpZW50IiwiYXV0aF90aW1lIjowLCJzZXNzaW9uX3N0YXRlIjoiY2QwYjU5NjEtOTYzMi00NmE0LWIzMzgtODc4MWEzNDVmMTZiIiwiYWNyIjoiMSIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL2Rldi5tb3NpcC5uZXQiXSwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIkNSRURFTlRJQUxfUkVRVUVTVCIsIlJFU0lERU5UIiwib2ZmbGluZV9hY2Nlc3MiLCJQQVJUTkVSX0FETUlOIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJtb3NpcC1yZXNpZGVudC1jbGllbnQiOnsicm9sZXMiOlsidW1hX3Byb3RlY3Rpb24iXX0sImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCIsImNsaWVudEhvc3QiOiIxMC4yNDQuNS4xNDgiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudElkIjoibW9zaXAtcmVzaWRlbnQtY2xpZW50IiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LW1vc2lwLXJlc2lkZW50LWNsaWVudCIsImNsaWVudEFkZHJlc3MiOiIxMC4yNDQuNS4xNDgifQ.xZq1m3mBTEvFDENKFOI59QsSl3sd_TSDNbhTAOq4x_x_4voPc4hh08gIxUdsVHfXY4T0P8DdZ1xNt8xd1VWc33Hc4b_3kK7ksGY4wwqtb0-pDLQGajCGuG6vebC1rYcjsGRbJ1Gnrj_F2RNY4Ky6Nq5SAJ1Lh_NVKNKFghAXb3YrlmqlmCB1fCltC4XBqNnF5_k4uzLCu_Wr0lt_M87X97DktaRGLOD2_HY1Ire9YPsWkoO8y7X_DRCY59yQDVgYs2nAiR6Am-c55Q0fEQ0HuB4IJHlhtMHm27dXPdOEhFhR8ZPOyeO6ZIcIm0ZTDjusrruqWy2_yO5fe3XIHkCOAw";
- Cookie cookie = new Cookie("Authorization", mockToken);
- mockMvc.perform(get(
- "/logout/user?redirecturi=" + CryptoUtil.encodeToURLSafeBase64("http://localhost:2000/".getBytes())).contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().isOk()).andExpect(jsonPath("$.errors[0].errorCode", is(Errors.ALLOWED_URL_EXCEPTION.getErrorCode())));
- }
-
-
- @Test
- public void loginTest() throws Exception {
- //http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/auth?client_id=mosip-admin-client&redirect_uri=http://localhost:8082/v1/admin/login-redirect/abc&state=mock-state&response_type=code&scope=cls
- Cookie cookie = new Cookie("state", UUID.randomUUID().toString());
- mockMvc.perform(get("/login/abc").contentType(MediaType.APPLICATION_JSON).cookie(cookie)).andExpect(status().is3xxRedirection());
- }
-
-
- @Test
- public void loginRedirectTest() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://localhost");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setId_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void loginRedirectTest_signatureVerification_negative() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://localhost");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- doThrow(new SignatureVerificationException(mockAlgo)).when(mockAlgo).verify(any());
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is(UNAUTHORIZED_STATUS));
- }
-
- @Test
- public void loginRedirectTest_expiredToken() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().minusDays(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://localhost");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is(401));
- }
-
- @Test
- public void loginRedirectTest_domain_match_positive() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://localhost");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- ReflectionTestUtils.setField(validateTokenHelper, "validateIssuerDomain", true);
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setId_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void loginRedirectTest_invalid_issuer() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "~!::#@///wrongurl");
- ReflectionTestUtils.setField(validateTokenHelper, "validateIssuerDomain", true);
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is(401));
- }
-
- @Test
- public void loginRedirectTest_domain_match_negative() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://someotherdomain");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- ReflectionTestUtils.setField(validateTokenHelper, "validateIssuerDomain", true);
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is(401));
- }
-
- @Test
- public void loginRedirectTest_aud_match_positive() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withAudience("myapp-client");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- ReflectionTestUtils.setField(validateTokenHelper, "validateAudClaim", true);
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setId_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void loginRedirectTest_aud_match_negative_azp_positive() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withAudience("somether-app-client");
- withExpiresAt.withClaim(AuthConstant.AZP, "myapp-client");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- ReflectionTestUtils.setField(validateTokenHelper, "validateAudClaim", true);
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setId_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void loginRedirectTest_aud_match_null_azp_null() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- ReflectionTestUtils.setField(validateTokenHelper, "validateAudClaim", true);
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is(401));
- }
-
- @Test
- public void loginRedirectTest_aud_match_negative_azp_negative() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withAudience("someother-app-client");
- withExpiresAt.withClaim(AuthConstant.AZP, "someother-app-client");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- ReflectionTestUtils.setField(validateTokenHelper, "validateAudClaim", true);
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is(401));
- }
-
- @Test
- public void loginRedirectTestWithHash() throws Exception {
-
-
- Builder jwtbuilder = JWT.create();
- jwtbuilder.withExpiresAt(Date.from(Instant.now().plusSeconds(100)));
- jwtbuilder.withClaim(AuthConstant.PREFERRED_USERNAME, "12345");
- jwtbuilder.withClaim(AuthConstant.ISSUER, "http://localhost");
- Algorithm alg = mock(Algorithm.class);
- when(alg.getName()).thenReturn("none");
- String jwtToken = jwtbuilder.sign(alg);
-
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- accessTokenResponse.setAccess_token(jwtToken);
- accessTokenResponse.setId_token(jwtToken);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:5000/keycloak/auth/realms/mosip/protocol/openid-connect/certs")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLyMvcmFuZG9tcGF0bS9yYW5kb21wYXRo?state=mockstate&session_state=mock-session-state&code=mockcode")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void loginRedirectWithClaimTest() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://localhost");
-
- when(mockAlgo.getName()).thenReturn("RSA256");
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
-
- when(environment.getProperty(Constants.CLAIM_PROPERTY)).thenReturn("claim");
-
- accessTokenResponse.setAccess_token(token);
- accessTokenResponse.setId_token(token);
- accessTokenResponse.setExpires_in("111");
-
- mockServer
- .expect(ExpectedCount.once(),
- requestTo(new URI(
- "http://localhost:8080/keycloak/auth/realms/mosip/protocol/openid-connect/token")))
- .andExpect(method(HttpMethod.POST))
- .andRespond(withStatus(HttpStatus.OK).contentType(MediaType.APPLICATION_JSON)
- .body(objectMapper.writeValueAsString(accessTokenResponse)));
-
- Cookie cookie = new Cookie("state", "mockstate");
- mockMvc.perform(get(
- "/login-redirect/aHR0cDovL2xvY2FsaG9zdDo1MDAwLw==?state=mockstate&session_state=mock-session-state&code=mockcode&claims=mockClaim")
- .contentType(MediaType.APPLICATION_JSON).cookie(cookie))
- .andExpect(status().is3xxRedirection());
- }
-
- @Test
- public void loginRedirectWithPrivateKeyJwtAuthEnabled() throws Exception {
- AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
-
- Builder withExpiresAt = JWT.create().withExpiresAt(Date.from(DateUtils.getUTCCurrentDateTime().plusHours(1).toInstant(ZoneOffset.UTC)));
- withExpiresAt.withClaim(AuthConstant.ISSUER, "http://localhost");
- ReflectionTestUtils.setField(loginService, "isJwtAuthEnabled", true);
- when(mockAlgo.getName()).thenReturn("RSA256");
-
- String token = withExpiresAt.withClaim("scope", "aaa bbb").sign(mockAlgo);
- JWTSignatureResponseDto jwtSignatureResponseDto = new JWTSignatureResponseDto();
- jwtSignatureResponseDto.setJwtSignedData("abc");
- jwtSignatureResponseDto.setTimestamp(DateUtils.getUTCCurrentDateTime());
- ResponseWrapper responseWrapper = new ResponseWrapper<>();
- responseWrapper.setResponse(jwtSignatureResponseDto);
- when(selfTokenRestTemplate.exchange((URI) any(), (HttpMethod) any(), (HttpEntity) any(), (Class