ES-842

esignet-core/src/main/java/io/mosip/esignet/core/dto/OIDCTransaction.java

@@ -6,12 +6,14 @@
 package io.mosip.esignet.core.dto;
 
 import io.mosip.esignet.api.dto.claim.Claims;
+import io.mosip.esignet.api.dto.claim.VerificationDetail;
 import io.mosip.esignet.api.util.ConsentAction;
 import io.mosip.esignet.core.util.LinkCodeQueue;
 import lombok.Data;
 
 import java.util.List;
 import java.io.Serializable;
+import java.util.Map;
 import java.util.Set;
 
 @Data
@@ -62,4 +64,5 @@ public class OIDCTransaction implements Serializable {
     List<String> requestedCredentialScopes;
 
     boolean isInternalAuthSuccess;
+    Map<String, List<VerificationDetail>> claimMetadata;
 }

esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/VerifiedKycExchangeDto.java

@@ -7,12 +7,10 @@
 
 import io.mosip.esignet.api.dto.claim.VerificationFilter;
 import lombok.Data;
-
-import java.util.List;
 import java.util.Map;
 
 @Data
 public class VerifiedKycExchangeDto extends KycExchangeDto  {
 
-    private Map<String, List<VerificationFilter>> acceptedVerifiedClaims;
+    private Map<String, VerificationFilter> acceptedVerifiedClaims;
 }

esignet-integration-api/src/main/java/io/mosip/esignet/api/dto/claim/VerificationDetail.java

@@ -6,10 +6,12 @@
 package io.mosip.esignet.api.dto.claim;
 
 import lombok.Data;
+
+import java.io.Serializable;
 import java.util.List;
 
 @Data
-public class VerificationDetail {
+public class VerificationDetail implements Serializable {
 
     private String trust_framework;
     private String time;

esignet-service/src/test/java/io/mosip/esignet/TestAuthenticationService.java

@@ -317,12 +317,12 @@ public List<KycSigningCertificateData> getAllKycSigningCertificates() {
 
     @Override
     public KycAuthResult doKycAuth(String relyingPartyId, String clientId, boolean claimsMetadataRequired, KycAuthDto kycAuthDto) throws KycAuthException {
-        return null;
+        return doKycAuth(relyingPartyId, clientId, kycAuthDto);
     }
 
     @Override
     public KycExchangeResult doVerifiedKycExchange(String relyingPartyId, String clientId, VerifiedKycExchangeDto kycExchangeDto) throws KycExchangeException {
-        return null;
+        return doKycExchange(relyingPartyId, clientId, kycExchangeDto);
     }
 
     private boolean authenticateUser(String transactionId, String individualId, AuthChallenge authChallenge) {

oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationHelperService.java

@@ -209,8 +209,9 @@ protected KycAuthResult delegateAuthenticateRequest(String transactionId, String
 
         KycAuthResult kycAuthResult;
         try {
+            KycAuthDto kycAuthDto = new KycAuthDto(transaction.getAuthTransactionId(), individualId, challengeList);
             kycAuthResult = authenticationWrapper.doKycAuth(transaction.getRelyingPartyId(), transaction.getClientId(),
-                    new KycAuthDto(transaction.getAuthTransactionId(), individualId, challengeList));
+                    isVerifiedClaimRequested(transaction), kycAuthDto);
         } catch (KycAuthException e) {
             log.error("KYC auth failed for transaction : {}", transactionId, e);
             throw new EsignetException(e.getErrorCode());
@@ -439,4 +440,12 @@ private String getKeyAlias(String keyAppId, String keyRefId) {
         log.error("CurrentKeyAlias is not unique. KeyAlias count: {}", currentKeyAliases.size());
         throw new EsignetException(NO_UNIQUE_ALIAS);
     }
+
+    private boolean isVerifiedClaimRequested(OIDCTransaction transaction) {
+        return transaction.getRequestedClaims().getUserinfo() != null &&
+                transaction.getRequestedClaims().getUserinfo()
+                .entrySet()
+                .stream()
+                .anyMatch( entry -> entry.getValue() != null && entry.getValue().getVerification() != null);
+    }
 }

oidc-service-impl/src/main/java/io/mosip/esignet/services/AuthorizationServiceImpl.java

@@ -8,11 +8,9 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
-import io.mosip.esignet.api.dto.claim.ClaimDetail;
-import io.mosip.esignet.api.dto.claim.Claims;
+import io.mosip.esignet.api.dto.claim.*;
 import io.mosip.esignet.api.dto.KycAuthResult;
 import io.mosip.esignet.api.dto.SendOtpResult;
-import io.mosip.esignet.api.dto.claim.ClaimsV2;
 import io.mosip.esignet.api.spi.AuditPlugin;
 import io.mosip.esignet.api.spi.Authenticator;
 import io.mosip.esignet.api.util.Action;
@@ -39,6 +37,10 @@
 import org.springframework.data.util.Pair;
 import org.springframework.stereotype.Service;
 
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -58,6 +60,8 @@
 public class AuthorizationServiceImpl implements AuthorizationService {
 
     private static final String VERIFIED_CLAIMS = "verified_claims";
+    private static final SimpleDateFormat dateTimeFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+    private static final SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
 
     @Autowired
     private ClientManagementService clientManagementService;
@@ -272,12 +276,8 @@ public ClaimDetailResponse getClaimDetails(String transactionId) {
         claimDetailResponse.setTransactionId(transactionId);
         List<ClaimStatus> list = new ArrayList<>();
 
-        //TODO need to compute this
-        for(String claim : transaction.getEssentialClaims()) {
-            list.add(new ClaimStatus(claim, false, (claim.equals("name") || claim.equals("phone_number")) ));
-        }
-        for(String claim : transaction.getVoluntaryClaims()) {
-            list.add(new ClaimStatus(claim, false, (claim.equals("name") || claim.equals("phone_number")) ));
+        for(Map.Entry<String, ClaimDetail> entry : transaction.getRequestedClaims().getUserinfo().entrySet()) {
+            list.add(getClaimStatus(entry.getKey(), entry.getValue(), transaction.getClaimMetadata()));
         }
 
         //Profile update is mandated only if any essential verified claim is requested
@@ -339,6 +339,7 @@ private OIDCTransaction authenticate(AuthRequest authRequest, boolean checkConse
         transaction.setPartnerSpecificUserToken(kycAuthResult.getPartnerSpecificUserToken());
         transaction.setKycToken(kycAuthResult.getKycToken());
         transaction.setAuthTimeInSeconds(IdentityProviderUtil.getEpochSeconds());
+        transaction.setClaimMetadata(kycAuthResult.getClaimsMetadata());
         transaction.setProvidedAuthFactors(providedAuthFactors.stream().map(acrFactors -> acrFactors.stream()
                 .map(AuthenticationFactor::getType)
                 .collect(Collectors.toList())).collect(Collectors.toSet()));
@@ -450,6 +451,7 @@ private Claims getRequestedClaims(OAuthDetailRequest oauthDetailRequest, ClientD
                         else if(claimBasedOnScope.contains(claimName))
                             resolvedClaims.getUserinfo().put(claimName, null);
 
+                        //Verified claim request takes priority
                         if(verifiedClaimsMap.containsKey(claimName))
                             resolvedClaims.getUserinfo().put(claimName, verifiedClaimsMap.get(claimName));
                     });
@@ -570,4 +572,77 @@ private String getSubject(String idTokenHint) {
         }
         throw new EsignetException(ErrorConstants.INVALID_ID_TOKEN_HINT);
     }
+
+    private ClaimStatus getClaimStatus(String claim, ClaimDetail claimDetail, Map<String,
+            List<VerificationDetail>> storedVerificationData) {
+        if(storedVerificationData == null || storedVerificationData.isEmpty())
+            return new ClaimStatus(claim, false, false);
+
+        if(claimDetail == null || claimDetail.getVerification() == null || !CollectionUtils.isEmpty(storedVerificationData.get(claim)))
+            return new ClaimStatus(claim, false, storedVerificationData.containsKey(claim));
+
+        List<VerificationDetail> verificationDetails = storedVerificationData.get(claim);
+
+        //check trust_framework
+        Optional<VerificationDetail> result = verificationDetails.stream()
+                .filter( vd -> doMatch(claimDetail.getVerification().getTrust_framework(), vd.getTrust_framework()))
+                .findFirst();
+
+        if(result.isEmpty())
+            return new ClaimStatus(claim, false, true);
+
+        //check verification datetime
+        result = verificationDetails.stream()
+                .filter( vd -> doMatch(claimDetail.getVerification().getTime(), vd.getTime(), dateTimeFormat))
+                .findFirst();
+
+        if(result.isEmpty())
+            return new ClaimStatus(claim, false, true);
+
+        //check verification_process
+        result = verificationDetails.stream()
+                .filter( vd -> doMatch(claimDetail.getVerification().getVerification_process(), vd.getVerification_process()))
+                .findFirst();
+
+        if(result.isEmpty())
+            return new ClaimStatus(claim, false, true);
+
+        //check assuranceLevel
+        result = verificationDetails.stream()
+                .filter( vd -> doMatch(claimDetail.getVerification().getAssurance_level(), vd.getAssurance_level()))
+                .findFirst();
+
+        if(result.isEmpty())
+            return new ClaimStatus(claim, false, true);
+
+        return new ClaimStatus(claim, true, true);
+    }
+
+    private boolean doMatch(FilterCriteria filterCriteria, String value) {
+        if(filterCriteria == null)
+            return true;
+        if(filterCriteria.getValue() != null)
+           return filterCriteria.getValue().equals(value);
+        if(filterCriteria.getValues() != null)
+            return filterCriteria.getValues().contains(value);
+        return false;
+    }
+
+    private boolean doMatch(FilterDateTime filterDateTime, String value, SimpleDateFormat format) {
+        if(filterDateTime == null)
+            return true;
+
+        if(value == null || value.isEmpty())
+            return false;
+
+        try {
+            format.setTimeZone(TimeZone.getTimeZone("UTC"));
+            Date date = format.parse(value);
+            return ((System.currentTimeMillis() - date.getTime())/1000) < filterDateTime.getMax_age();
+        } catch (ParseException e) {
+            log.error("Failed to parse the given date-time : {}", value, e);
+        }
+        return false;
+    }
+
 }

oidc-service-impl/src/main/java/io/mosip/esignet/services/OAuthServiceImpl.java

@@ -10,6 +10,8 @@
 import io.mosip.esignet.api.dto.KycExchangeDto;
 import io.mosip.esignet.api.dto.KycExchangeResult;
 import io.mosip.esignet.api.dto.KycSigningCertificateData;
+import io.mosip.esignet.api.dto.VerifiedKycExchangeDto;
+import io.mosip.esignet.api.dto.claim.ClaimDetail;
 import io.mosip.esignet.api.exception.KycExchangeException;
 import io.mosip.esignet.api.exception.KycSigningCertificateException;
 import io.mosip.esignet.api.spi.AuditPlugin;
@@ -30,6 +32,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
 import java.nio.charset.StandardCharsets;
@@ -245,18 +248,31 @@ private TokenResponse getTokenResponse(OIDCTransaction transaction, boolean isTr
     private KycExchangeResult doKycExchange(OIDCTransaction transaction) {
         KycExchangeResult kycExchangeResult;
         try {
-            KycExchangeDto kycExchangeDto = new KycExchangeDto();
+            VerifiedKycExchangeDto kycExchangeDto = new VerifiedKycExchangeDto();
             kycExchangeDto.setTransactionId(transaction.getAuthTransactionId());
             kycExchangeDto.setKycToken(transaction.getKycToken());
             kycExchangeDto.setAcceptedClaims(transaction.getAcceptedClaims());
             kycExchangeDto.setClaimsLocales(transaction.getClaimsLocales());
             kycExchangeDto.setIndividualId(authorizationHelperService.getIndividualId(transaction));
+            kycExchangeDto.setAcceptedVerifiedClaims(new HashMap<>());
+
+            if(!CollectionUtils.isEmpty(transaction.getAcceptedClaims()) && transaction.getRequestedClaims().getUserinfo() != null) {
+                for(String claim : transaction.getAcceptedClaims()) {
+                    ClaimDetail claimDetail = transaction.getRequestedClaims().getUserinfo().get(claim);
+                    if(claimDetail != null) {
+                        kycExchangeDto.getAcceptedVerifiedClaims().put(claim, claimDetail.getVerification());
+                    }
+                }
+            }
 
             if(transaction.isInternalAuthSuccess()) {
                 log.info("Internal kyc exchange is invoked as the transaction is marked as internal auth success");
                 kycExchangeResult = doInternalKycExchange(kycExchangeDto);
             } else {
-                kycExchangeResult = authenticationWrapper.doKycExchange(transaction.getRelyingPartyId(),
+                kycExchangeResult = kycExchangeDto.getAcceptedVerifiedClaims().isEmpty() ?
+                        authenticationWrapper.doKycExchange(transaction.getRelyingPartyId(),
+                        transaction.getClientId(), kycExchangeDto) :
+                        authenticationWrapper.doVerifiedKycExchange(transaction.getRelyingPartyId(),
                         transaction.getClientId(), kycExchangeDto);
             }