Skip to content

Commit

Permalink
PYIC-7961: pass only dcmaw VC to DL cri (#2913)
Browse files Browse the repository at this point in the history
  • Loading branch information
@thebauSoftwire
thebauSoftwire authored Jan 31, 2025
2 parents 6f43671 + 579bd3d commit b5a30dc
Show file tree
Hide file tree
Showing 4 changed files with 112 additions and 12 deletions.
5 changes: 4 additions & 1 deletion ...st/src/main/java/uk/gov/di/ipv/core/buildcrioauthrequest/BuildCriOauthRequestHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,10 @@ private JWEObject signEncryptJar(

var sharedClaims =
SharedClaimsHelper.generateSharedClaims(
ipvSessionItem.getEmailAddress(), vcs, getAllowedSharedClaimAttrs(cri));
ipvSessionItem.getEmailAddress(),
vcs,
getAllowedSharedClaimAttrs(cri),
cri);

if (cri.equals(F2F)) {
evidenceRequest =
Expand Down
19 changes: 17 additions & 2 deletions ...est/src/main/java/uk/gov/di/ipv/core/buildcrioauthrequest/helpers/SharedClaimsHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import uk.gov.di.ipv.core.buildcrioauthrequest.domain.SharedClaims;
import uk.gov.di.ipv.core.library.domain.Cri;
import uk.gov.di.ipv.core.library.domain.VerifiableCredential;
import uk.gov.di.ipv.core.library.helpers.LogHelper;
import uk.gov.di.ipv.core.library.helpers.NameHelper;
Expand All @@ -28,14 +29,27 @@ public class SharedClaimsHelper {
private SharedClaimsHelper() {}

public static SharedClaims generateSharedClaims(
String emailAddress, List<VerifiableCredential> vcs, List<String> allowedSharedClaims) {
String emailAddress,
List<VerifiableCredential> vcs,
List<String> allowedSharedClaims,
Cri targetCri) {
var sharedClaims = new SharedClaims();

// Email address is provided separately in the session, not from a VC
sharedClaims.setEmailAddress(emailAddress);

// Other shared claims are added from successful VCs
vcs.stream()
// If the target CRI is the Driving Licence CRI, we filter out
// any driving licence VCs so they aren't included in the shared claims.
// This is to handle the case where a user has a DL and DCMAW VC with driving permit
// details and needs to go through an authoritative source check with the DL CRI. In
// this scenario, we only want to share the driving permit details from the DCMAW
// VC.
.filter(
vc ->
!(Cri.DRIVING_LICENCE.equals(targetCri)
&& Cri.DRIVING_LICENCE.equals(vc.getCri())))
.filter(VcHelper::isSuccessfulVc)
.forEach(vc -> addSharedClaimsFromVc(sharedClaims, vc));

Expand Down Expand Up @@ -64,6 +78,7 @@ private static int safeSize(Set<?> set) {

private static void addSharedClaimsFromVc(SharedClaims sharedClaims, VerifiableCredential vc) {
var credentialSubject = vc.getCredential().getCredentialSubject();
var vcCri = vc.getCri();

if (credentialSubject instanceof PersonWithIdentity personWithIdentity
&& personWithIdentity.getName() != null) {
Expand All @@ -73,7 +88,7 @@ private static void addSharedClaimsFromVc(SharedClaims sharedClaims, VerifiableC
&& personWithIdentity.getBirthDate() != null) {
sharedClaims.getBirthDate().addAll(personWithIdentity.getBirthDate());
}
if (ADDRESS.equals(vc.getCri())
if (ADDRESS.equals(vcCri)
&& credentialSubject instanceof AddressAssertion addressAssertion
&& addressAssertion.getAddress() != null) {
sharedClaims.getAddress().addAll(addressAssertion.getAddress());
Expand Down
2 changes: 1 addition & 1 deletion ...rc/test/java/uk/gov/di/ipv/core/buildcrioauthrequest/BuildCriOauthRequestHandlerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -276,7 +276,7 @@ void setUp() throws URISyntaxException {
ipvSessionItem.setTargetVot(Vot.P2);

mockSharedClaimsHelper
.when(() -> SharedClaimsHelper.generateSharedClaims(any(), any(), any()))
.when(() -> SharedClaimsHelper.generateSharedClaims(any(), any(), any(), any()))
.thenReturn(TEST_SHARED_CLAIMS);
}

Expand Down
98 changes: 90 additions & 8 deletions ...src/test/java/uk/gov/di/ipv/core/buildcrioauthrequest/helpers/SharedClaimsHelperTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ class SharedClaimsHelperTest {
SHARED_CLAIM_ATTR_SOCIAL_SECURITY_RECORD,
SHARED_CLAIM_ATTR_DRIVING_PERMIT);

private static final Cri TEST_CRI = Cri.DCMAW;

private static final String TEST_EMAIL = "[email protected]";
private static final Name TEST_NAME = createName("Test", "User");
private static final BirthDate TEST_DOB = createBirthDate("1970-01-01");
Expand Down Expand Up @@ -76,7 +78,7 @@ void generatesSharedClaimsForAllSupportedAttributes() {
.drivingPermit(List.of(TEST_DRIVING_PERMIT))
.build()));

var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES);
var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES, TEST_CRI);

assertEquals(TEST_EMAIL, sharedClaims.getEmailAddress());
assertEquals(Set.of(TEST_NAME), sharedClaims.getName());
Expand All @@ -86,9 +88,85 @@ void generatesSharedClaimsForAllSupportedAttributes() {
assertEquals(Set.of(TEST_DRIVING_PERMIT), sharedClaims.getDrivingPermit());
}

@Test
void
generatesSharedClaimsShouldNotReturnDrivingPermitSharedClaimFromDrivingLicenceIfTargetCriIsDrivingLicence() {
var dlCredentialSubjectBuilder =
TestVc.TestCredentialSubject.builder()
.name(List.of(Map.of(VC_NAME_PARTS, TEST_NAME.getNameParts())))
.birthDate(List.of(TEST_DOB))
.socialSecurityRecord(List.of(TEST_NINO));

var updatedTestDrivingPermit =
createDrivingPermitDetails("another-number", "2062-02-02", "ISSUER", "2005-02-02");

var anotherDrivingPermit =
createDrivingPermitDetails("another-number1", "2062-02-02", "ISSUER", "2005-02-02");
var vcs =
List.of(
generateIdentityVc(
dlCredentialSubjectBuilder
.drivingPermit(List.of(TEST_DRIVING_PERMIT))
.build(),
Cri.DRIVING_LICENCE),
generateIdentityVc(
dlCredentialSubjectBuilder
.drivingPermit(List.of(updatedTestDrivingPermit))
.build(),
Cri.DCMAW),
generateIdentityVc(
dlCredentialSubjectBuilder
.drivingPermit(List.of(anotherDrivingPermit))
.build(),
Cri.DRIVING_LICENCE));

var sharedClaims =
generateSharedClaims(
TEST_EMAIL,
vcs,
List.of(SHARED_CLAIM_ATTR_DRIVING_PERMIT),
Cri.DRIVING_LICENCE);

assertEquals(1, sharedClaims.getDrivingPermit().size());
assertEquals(Set.of(updatedTestDrivingPermit), sharedClaims.getDrivingPermit());
}

@Test
void
generatesSharedClaimsShouldReturnDrivingPermitFromDrivingLicenceCriIfTargetCriIsNotDrivingLicence() {
var dlCredentialSubjectBuilder =
TestVc.TestCredentialSubject.builder()
.name(List.of(Map.of(VC_NAME_PARTS, TEST_NAME.getNameParts())))
.birthDate(List.of(TEST_DOB))
.socialSecurityRecord(List.of(TEST_NINO));

var updatedTestDrivingPermit =
createDrivingPermitDetails("another-number", "2062-02-02", "ISSUER", "2005-02-02");
var vcs =
List.of(
generateIdentityVc(
dlCredentialSubjectBuilder
.drivingPermit(List.of(TEST_DRIVING_PERMIT))
.build(),
Cri.DRIVING_LICENCE),
generateIdentityVc(
dlCredentialSubjectBuilder
.drivingPermit(List.of(updatedTestDrivingPermit))
.build(),
Cri.DRIVING_LICENCE));

var sharedClaims =
generateSharedClaims(
TEST_EMAIL, vcs, List.of(SHARED_CLAIM_ATTR_DRIVING_PERMIT), TEST_CRI);

assertEquals(
Set.of(TEST_DRIVING_PERMIT, updatedTestDrivingPermit),
sharedClaims.getDrivingPermit());
}

@Test
void generatesEmptySetsIfNoAttributePresent() {
var sharedClaims = generateSharedClaims(TEST_EMAIL, List.of(), ALL_ATTRIBUTES);
var sharedClaims = generateSharedClaims(TEST_EMAIL, List.of(), ALL_ATTRIBUTES, TEST_CRI);

assertTrue(sharedClaims.getName().isEmpty());
assertTrue(sharedClaims.getBirthDate().isEmpty());
Expand Down Expand Up @@ -117,7 +195,7 @@ void doesNotIncludeClaimsIfNoneAllowed() {
.drivingPermit(List.of(TEST_DRIVING_PERMIT))
.build()));

var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, List.of());
var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, List.of(), TEST_CRI);

assertNull(sharedClaims.getEmailAddress());
assertNull(sharedClaims.getName());
Expand All @@ -136,7 +214,7 @@ void doesNotIncludeAddressFromNonAddressVc() {
.address(List.of(TEST_ADDRESS))
.build()));

var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES);
var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES, TEST_CRI);

assertTrue(sharedClaims.getAddress().isEmpty());
}
Expand Down Expand Up @@ -165,7 +243,7 @@ void doesNotIncludeFailedVcAttributes() {
.evidence(DCMAW_FAILED_EVIDENCE)
.build()));

var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES);
var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES, TEST_CRI);

assertTrue(sharedClaims.getName().isEmpty());
assertTrue(sharedClaims.getBirthDate().isEmpty());
Expand Down Expand Up @@ -216,7 +294,7 @@ void includesMultipleAttributes() {
.drivingPermit(List.of(otherDrivingPermit))
.build()));

var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES);
var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES, TEST_CRI);

assertEquals(Set.of(TEST_NAME, otherName), sharedClaims.getName());
assertEquals(Set.of(TEST_DOB, otherDob), sharedClaims.getBirthDate());
Expand Down Expand Up @@ -261,7 +339,7 @@ void deduplicatesAttributes() {
.drivingPermit(List.of(TEST_DRIVING_PERMIT))
.build()));

var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES);
var sharedClaims = generateSharedClaims(TEST_EMAIL, vcs, ALL_ATTRIBUTES, TEST_CRI);

assertEquals(Set.of(TEST_NAME), sharedClaims.getName());
assertEquals(Set.of(TEST_DOB), sharedClaims.getBirthDate());
Expand All @@ -271,9 +349,13 @@ void deduplicatesAttributes() {
}

private VerifiableCredential generateIdentityVc(TestVc.TestCredentialSubject subject) {
return generateIdentityVc(subject, Cri.DCMAW);
}

private VerifiableCredential generateIdentityVc(TestVc.TestCredentialSubject subject, Cri cri) {
return generateVerifiableCredential(
TEST_SUBJECT,
Cri.DCMAW,
cri,
TestVc.builder()
.credentialSubject(subject)
.evidence(DCMAW_EVIDENCE_VRI_CHECK)
Expand Down

0 comments on commit b5a30dc

Please sign in to comment.