[SELC-4950] Feat: Added typ and sub in Jwt claims in ExchangeTokenSer…

…viceV2 (#452)

web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java

@@ -54,7 +54,7 @@ public class ExchangeTokenServiceV2 {
 
     private static final String PRIVATE_KEY_HEADER_TEMPLATE = "-----BEGIN %s-----";
     private static final String PRIVATE_KEY_FOOTER_TEMPLATE = "-----END %s-----";
-
+    private static final String ID = "ID";
     private final String billingUrl;
     private final String billingAudience;
     private final PrivateKey jwtSigningKey;
@@ -204,6 +204,8 @@ private TokenExchangeClaims retrieveAndSetClaims(String credential, Institution
         claims.setDesiredExpiration(claims.getExpiration());
         claims.setIssuedAt(new Date());
         claims.setExpiration(Date.from(claims.getIssuedAt().toInstant().plus(duration)));
+        claims.setSubject(UUID.fromString(userId).toString());
+        claims.setType(ID);
 
         return claims;
     }
@@ -336,6 +338,7 @@ static class TokenExchangeClaims extends DefaultClaims {
         public static final String DESIRED_EXPIRATION = "desired_exp";
         public static final String INSTITUTION = "organization";
         public static final String EMAIL = "email";
+        public static final String TYPE = "typ";
 
         public TokenExchangeClaims(Map<String, Object> map) {
             super(map);
@@ -356,6 +359,11 @@ public Claims setEmail(String email) {
             return this;
         }
 
+        public Claims setType(String type) {
+            setValue(TYPE, type);
+            return this;
+        }
+
     }
 
 }

web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java

@@ -283,10 +283,6 @@ void exchange_noInstitutionInfo() throws Exception {
         // given
         String institutionId = "institutionId";
         String productId = "productId";
-        String jti = "id";
-        String sub = "subject";
-        Date iat = Date.from(Instant.now().minusSeconds(1));
-        Date exp = Date.from(iat.toInstant().plusSeconds(5));
         File file = ResourceUtils.getFile("classpath:certs/PKCS8key.pem");
         String jwtSigningKey = Files.readString(file.toPath(), Charset.defaultCharset());
         ExchangeTokenProperties properties = new ExchangeTokenProperties();
@@ -444,7 +440,7 @@ void exchange_nullGroupInfo(PrivateKey privateKey) throws Exception {
         TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody());
         assertNotEquals(jti, exchangedClaims.getId());
         assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration()));
-        assertEquals(sub, exchangedClaims.getSubject());
+        assertEquals(userId.toString(), exchangedClaims.getSubject());
         assertEquals(issuer, exchangedClaims.getIssuer());
         assertEquals(realm, exchangedClaims.getAudience());
         // https://github.com/jwtk/jjwt/issues/122:
@@ -591,7 +587,6 @@ void exchange_ok(PrivateKey privateKey) throws Exception {
         final ExchangedToken exchangedToken = ExchangeTokenServiceV2.exchange(institutionId, productId, Optional.empty());
         // then
         assertEquals(product.getUrlBO(), exchangedToken.getBackOfficeUrl());
-        assertNotNull(exchangedToken.getIdentityToken());
         Jws<Claims> claimsJws = Jwts.parser()
                 .setSigningKey(loadPublicKey())
                 .parseClaimsJws(exchangedToken.getIdentityToken());
@@ -601,12 +596,9 @@ void exchange_ok(PrivateKey privateKey) throws Exception {
         TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody());
         assertNotEquals(jti, exchangedClaims.getId());
         assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration()));
-        assertEquals(sub, exchangedClaims.getSubject());
+        assertEquals(userId.toString(), exchangedClaims.getSubject());
         assertEquals(issuer, exchangedClaims.getIssuer());
         assertEquals(realm, exchangedClaims.getAudience());
-        // https://github.com/jwtk/jjwt/issues/122:
-        // The JWT RFC *mandates* NumericDate values are represented as seconds.
-        // Because java.util.Date requires milliseconds, we need to multiply by 1000:
         assertEquals(exp.toInstant().getEpochSecond(), exchangedClaims.getDesiredExpiration().toInstant().getEpochSecond());
         assertTrue(exchangedClaims.getIssuedAt().after(iat));
         assertTrue(exchangedClaims.getExpiration().after(exp));
@@ -857,7 +849,7 @@ void billingExchange_nullGroupInfo(PrivateKey privateKey) throws Exception {
         TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody());
         assertNotEquals(jti, exchangedClaims.getId());
         assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration()));
-        assertEquals(sub, exchangedClaims.getSubject());
+        assertEquals(userId.toString(), exchangedClaims.getSubject());
         assertEquals(issuer, exchangedClaims.getIssuer());
         // https://github.com/jwtk/jjwt/issues/122:
         // The JWT RFC *mandates* NumericDate values are represented as seconds.
@@ -888,7 +880,6 @@ void billingExchange_nullGroupInfo(PrivateKey privateKey) throws Exception {
     void billingExchange_ok(PrivateKey privateKey) throws Exception {
         // given
         String jti = "id";
-        String sub = "subject";
         Date iat = Date.from(Instant.now().minusSeconds(1));
         Date exp = Date.from(iat.toInstant().plusSeconds(5));
         String institutionId = "institutionId";
@@ -904,7 +895,6 @@ void billingExchange_ok(PrivateKey privateKey) throws Exception {
         when(jwtServiceMock.getClaims(any()))
                 .thenReturn(Jwts.claims()
                         .setId(jti)
-                        .setSubject(sub)
                         .setIssuedAt(iat)
                         .setExpiration(exp));
         InstitutionService institutionServiceMock = mock(InstitutionService.class);
@@ -982,7 +972,7 @@ void billingExchange_ok(PrivateKey privateKey) throws Exception {
         TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody());
         assertNotEquals(jti, exchangedClaims.getId());
         assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration()));
-        assertEquals(sub, exchangedClaims.getSubject());
+        assertEquals(userId.toString(), exchangedClaims.getSubject());
         assertEquals(issuer, exchangedClaims.getIssuer());
         // https://github.com/jwtk/jjwt/issues/122:
         // The JWT RFC *mandates* NumericDate values are represented as seconds.