diff --git a/web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java b/web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java index b43a87f87..3f3bd8c2e 100644 --- a/web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java +++ b/web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java @@ -54,7 +54,7 @@ public class ExchangeTokenServiceV2 { private static final String PRIVATE_KEY_HEADER_TEMPLATE = "-----BEGIN %s-----"; private static final String PRIVATE_KEY_FOOTER_TEMPLATE = "-----END %s-----"; - + private static final String ID = "ID"; private final String billingUrl; private final String billingAudience; private final PrivateKey jwtSigningKey; @@ -204,6 +204,8 @@ private TokenExchangeClaims retrieveAndSetClaims(String credential, Institution claims.setDesiredExpiration(claims.getExpiration()); claims.setIssuedAt(new Date()); claims.setExpiration(Date.from(claims.getIssuedAt().toInstant().plus(duration))); + claims.setSubject(UUID.fromString(userId).toString()); + claims.setType(ID); return claims; } @@ -336,6 +338,7 @@ static class TokenExchangeClaims extends DefaultClaims { public static final String DESIRED_EXPIRATION = "desired_exp"; public static final String INSTITUTION = "organization"; public static final String EMAIL = "email"; + public static final String TYPE = "typ"; public TokenExchangeClaims(Map map) { super(map); @@ -356,6 +359,11 @@ public Claims setEmail(String email) { return this; } + public Claims setType(String type) { + setValue(TYPE, type); + return this; + } + } } diff --git a/web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java b/web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java index e17641aeb..fb8d87485 100644 --- a/web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java +++ b/web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java @@ -283,10 +283,6 @@ void exchange_noInstitutionInfo() throws Exception { // given String institutionId = "institutionId"; String productId = "productId"; - String jti = "id"; - String sub = "subject"; - Date iat = Date.from(Instant.now().minusSeconds(1)); - Date exp = Date.from(iat.toInstant().plusSeconds(5)); File file = ResourceUtils.getFile("classpath:certs/PKCS8key.pem"); String jwtSigningKey = Files.readString(file.toPath(), Charset.defaultCharset()); ExchangeTokenProperties properties = new ExchangeTokenProperties(); @@ -444,7 +440,7 @@ void exchange_nullGroupInfo(PrivateKey privateKey) throws Exception { TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody()); assertNotEquals(jti, exchangedClaims.getId()); assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration())); - assertEquals(sub, exchangedClaims.getSubject()); + assertEquals(userId.toString(), exchangedClaims.getSubject()); assertEquals(issuer, exchangedClaims.getIssuer()); assertEquals(realm, exchangedClaims.getAudience()); // https://github.com/jwtk/jjwt/issues/122: @@ -591,7 +587,6 @@ void exchange_ok(PrivateKey privateKey) throws Exception { final ExchangedToken exchangedToken = ExchangeTokenServiceV2.exchange(institutionId, productId, Optional.empty()); // then assertEquals(product.getUrlBO(), exchangedToken.getBackOfficeUrl()); - assertNotNull(exchangedToken.getIdentityToken()); Jws claimsJws = Jwts.parser() .setSigningKey(loadPublicKey()) .parseClaimsJws(exchangedToken.getIdentityToken()); @@ -601,12 +596,9 @@ void exchange_ok(PrivateKey privateKey) throws Exception { TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody()); assertNotEquals(jti, exchangedClaims.getId()); assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration())); - assertEquals(sub, exchangedClaims.getSubject()); + assertEquals(userId.toString(), exchangedClaims.getSubject()); assertEquals(issuer, exchangedClaims.getIssuer()); assertEquals(realm, exchangedClaims.getAudience()); - // https://github.com/jwtk/jjwt/issues/122: - // The JWT RFC *mandates* NumericDate values are represented as seconds. - // Because java.util.Date requires milliseconds, we need to multiply by 1000: assertEquals(exp.toInstant().getEpochSecond(), exchangedClaims.getDesiredExpiration().toInstant().getEpochSecond()); assertTrue(exchangedClaims.getIssuedAt().after(iat)); assertTrue(exchangedClaims.getExpiration().after(exp)); @@ -857,7 +849,7 @@ void billingExchange_nullGroupInfo(PrivateKey privateKey) throws Exception { TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody()); assertNotEquals(jti, exchangedClaims.getId()); assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration())); - assertEquals(sub, exchangedClaims.getSubject()); + assertEquals(userId.toString(), exchangedClaims.getSubject()); assertEquals(issuer, exchangedClaims.getIssuer()); // https://github.com/jwtk/jjwt/issues/122: // The JWT RFC *mandates* NumericDate values are represented as seconds. @@ -888,7 +880,6 @@ void billingExchange_nullGroupInfo(PrivateKey privateKey) throws Exception { void billingExchange_ok(PrivateKey privateKey) throws Exception { // given String jti = "id"; - String sub = "subject"; Date iat = Date.from(Instant.now().minusSeconds(1)); Date exp = Date.from(iat.toInstant().plusSeconds(5)); String institutionId = "institutionId"; @@ -904,7 +895,6 @@ void billingExchange_ok(PrivateKey privateKey) throws Exception { when(jwtServiceMock.getClaims(any())) .thenReturn(Jwts.claims() .setId(jti) - .setSubject(sub) .setIssuedAt(iat) .setExpiration(exp)); InstitutionService institutionServiceMock = mock(InstitutionService.class); @@ -982,7 +972,7 @@ void billingExchange_ok(PrivateKey privateKey) throws Exception { TestTokenExchangeClaims exchangedClaims = new TestTokenExchangeClaims(claimsJws.getBody()); assertNotEquals(jti, exchangedClaims.getId()); assertNotEquals(0, exp.compareTo(exchangedClaims.getExpiration())); - assertEquals(sub, exchangedClaims.getSubject()); + assertEquals(userId.toString(), exchangedClaims.getSubject()); assertEquals(issuer, exchangedClaims.getIssuer()); // https://github.com/jwtk/jjwt/issues/122: // The JWT RFC *mandates* NumericDate values are represented as seconds.