mosip · mahammedtaheer · Nov 26, 2025 · Nov 21, 2025 · Nov 21, 2025 · Nov 23, 2025
diff --git a/...er-service/src/test/java/io/mosip/kernel/signature/test/service/SignatureServiceTest.java b/...er-service/src/test/java/io/mosip/kernel/signature/test/service/SignatureServiceTest.java
@@ -4,11 +4,14 @@
 import io.mosip.kernel.core.signatureutil.model.SignatureResponse;
 import io.mosip.kernel.core.util.CryptoUtil;
 import io.mosip.kernel.core.util.DateUtils;
+import io.mosip.kernel.keymanagerservice.constant.KeymanagerErrorConstant;
 import io.mosip.kernel.keymanagerservice.dto.KeyPairGenerateRequestDto;
 import io.mosip.kernel.keymanagerservice.exception.KeymanagerServiceException;
 import io.mosip.kernel.keymanagerservice.repository.KeyAliasRepository;
 import io.mosip.kernel.keymanagerservice.service.KeymanagerService;
 import io.mosip.kernel.keymanagerservice.test.KeymanagerTestBootApplication;
+import io.mosip.kernel.keymanagerservice.util.KeymanagerUtil;
+import io.mosip.kernel.signature.constant.SignatureErrorCode;
 import io.mosip.kernel.signature.constant.SignatureProviderEnum;
 import io.mosip.kernel.signature.dto.*;
 import io.mosip.kernel.signature.exception.RequestException;
@@ -28,8 +31,11 @@
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
-import java.util.HashMap;
-import java.util.Map;
+import java.security.cert.Certificate;
+import java.util.*;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 
 @SpringBootTest(classes = { KeymanagerTestBootApplication.class })
@@ -48,6 +54,9 @@ public class SignatureServiceTest {
     @Autowired
     private KeyAliasRepository keyAliasRepository;
 
+    @Autowired
+    KeymanagerUtil keymanagerUtil;
+
     @Before
     public void setUp() {
         KeyPairGenerateRequestDto keyPairGenRequestDto = new KeyPairGenerateRequestDto();
@@ -204,6 +213,15 @@ public void testJwtVerify() {
         Assert.assertNotNull(verifyResponse);
         Assert.assertTrue(verifyResponse.isSignatureValid());
         Assert.assertEquals("Validation Successful", verifyResponse.getMessage());
+
+        keyPairGenRequestDto.setReferenceId("ED25519_SIGN");
+        keymanagerService.generateECSignKey("CSR", keyPairGenRequestDto);
+        jwtSignRequestDto.setReferenceId("ED25519_SIGN");
+        signResponse = signatureService.jwtSign(jwtSignRequestDto);
+        verifyRequestDto.setJwtSignatureData(signResponse.getJwtSignedData());
+        verifyResponse = signatureService.jwtVerify(verifyRequestDto);
+
+        Assert.assertNotNull(verifyResponse);
     }
 
     @Test
@@ -300,6 +318,18 @@ public void testJwsSign() {
         jwsSignRequestDto.setCertificateUrl("https:://test/certificate.com");
         response = signatureService.jwsSign(jwsSignRequestDto);
         Assert.assertNotNull(response);
+
+        jwsSignRequestDto.setApplicationId("");
+        response = signatureService.jwsSign(jwsSignRequestDto);
+        Assert.assertNotNull(response);
+
+        keyPairGenRequestDto.setApplicationId("TEST");
+        keyPairGenRequestDto.setReferenceId("ED25519_SIGN");
+        keymanagerService.generateECSignKey("CSR", keyPairGenRequestDto);
+        jwsSignRequestDto.setApplicationId("TEST");
+        jwsSignRequestDto.setReferenceId("ED25519_SIGN");
+        response = signatureService.jwsSign(jwsSignRequestDto);
+        Assert.assertNotNull(response);
     }
 
     @Test
@@ -362,6 +392,15 @@ public void testSignv2() {
         Assert.assertNotNull(response);
         Assert.assertNotNull(response.getSignature());
         Assert.assertNotNull(response.getTimestamp());
+
+        keyPairGenRequestDto.setApplicationId("KERNEL");
+        keyPairGenRequestDto.setReferenceId("SIGN");
+        keymanagerService.generateMasterKey("CSR", keyPairGenRequestDto);
+
+        signRequestDto.setApplicationId("");
+        response = signatureServicev2.signv2(signRequestDto);
+        Assert.assertNotNull(response);
+        Assert.assertNotNull(response.getSignature());
     }
 
     @Test
@@ -440,6 +479,24 @@ public void testJwtSignV2() {
         JWTSignatureResponseDto response = signatureService.jwtSignV2(jwtSignRequestDto);
         Assert.assertNotNull(response);
         Assert.assertNotNull(response.getJwtSignedData());
+
+        keyPairGenRequestDto.setApplicationId("KERNEL");
+        keyPairGenRequestDto.setReferenceId("SIGN");
+        keymanagerService.generateMasterKey("CSR", keyPairGenRequestDto);
+
+        jwtSignRequestDto.setApplicationId(null);
+        jwtSignRequestDto.setReferenceId(null);
+        response = signatureService.jwtSignV2(jwtSignRequestDto);
+        Assert.assertNotNull(response);
+        Assert.assertNotNull(response.getJwtSignedData());
+
+        Map<String, String> additionalHeaders2 = new HashMap<>();
+        additionalHeaders2.put("test", "header");
+        additionalHeaders2.put("kid", "test");
+        additionalHeaders2.put("aud", "test");
+        jwtSignRequestDto.setAdditionalHeaders(additionalHeaders2);
+        response = signatureService.jwtSignV2(jwtSignRequestDto);
+        Assert.assertNotNull(response);
     }
 
     @Test
@@ -593,6 +650,16 @@ public void testValidateTrustV2() {
 
         String trustResult = signatureService.validateTrustV2(jwtVerifyRequestDto, null, null);
         Assert.assertEquals("TRUST_NOT_VERIFIED", trustResult);
+
+        jwtVerifyRequestDto.setValidateTrust(true);
+        String pemCertificate = keymanagerService.getCertificate("TEST", Optional.empty()).getCertificate();
+        List<Certificate> certificateList = new ArrayList<>(Collections.singleton(keymanagerUtil.convertToCertificate(pemCertificate)));
+        trustResult = signatureService.validateTrustV2(jwtVerifyRequestDto, certificateList, pemCertificate);
+        Assert.assertEquals("TRUST_NOT_VERIFIED_NO_DOMAIN", trustResult);
+
+        jwtVerifyRequestDto.setDomain("DEVICE");
+        trustResult = signatureService.validateTrustV2(jwtVerifyRequestDto, certificateList, pemCertificate);
+        Assert.assertEquals("TRUST_CERT_PATH_NOT_VALID", trustResult);
     }
 
     @Test
@@ -623,6 +690,22 @@ public void testJwtVerifyV2() {
         Assert.assertNotNull(verifyResponse);
         Assert.assertTrue(verifyResponse.isSignatureValid());
         Assert.assertEquals("Validation Successful", verifyResponse.getMessage());
+
+        keyPairGenRequestDto.setApplicationId("KERNEL");
+        keyPairGenRequestDto.setReferenceId("SIGN");
+        keymanagerService.generateMasterKey("CSR", keyPairGenRequestDto);
+
+        jwtSignRequestDtoV2.setApplicationId("");
+        jwtSignRequestDtoV2.setReferenceId("");
+        jwtSignRequestDtoV2.setIncludeCertificateChain(false);
+        signResponse = signatureService.jwtSignV2(jwtSignRequestDtoV2);
+
+        verifyRequestDto.setJwtSignatureData(signResponse.getJwtSignedData());
+        verifyRequestDto.setApplicationId("");
+        verifyResponse = signatureService.jwtVerifyV2(verifyRequestDto);
+        Assert.assertNotNull(verifyResponse);
+        Assert.assertTrue(verifyResponse.isSignatureValid());
+        Assert.assertEquals("Validation Successful", verifyResponse.getMessage());
     }
 
     @Test
@@ -665,5 +748,187 @@ public void testJwsSignV2() {
         jwsSignRequestDtoV2.setCertificateUrl("https:://test/certificate.com");
         response = signatureService.jwsSignV2(jwsSignRequestDtoV2);
         Assert.assertNotNull(response);
+
+        jwsSignRequestDtoV2.setApplicationId("");
+        response = signatureService.jwsSignV2(jwsSignRequestDtoV2);
+        Assert.assertNotNull(response);
+
+        keyPairGenRequestDto.setApplicationId("TEST");
+        keyPairGenRequestDto.setReferenceId("ED25519_SIGN");
+        keymanagerService.generateECSignKey("CSR", keyPairGenRequestDto);
+
+        jwsSignRequestDtoV2.setApplicationId("TEST");
+        jwsSignRequestDtoV2.setReferenceId("ED25519_SIGN");
+        response = signatureService.jwsSignV2(jwsSignRequestDtoV2);
+        Assert.assertNotNull(response);
+    }
+
+    @Test
+    public void testJwtVerifyDefaultAppIDAndRefID() {
+        KeyPairGenerateRequestDto keyPairGenRequestDto = new KeyPairGenerateRequestDto();
+        keyPairGenRequestDto.setApplicationId("KERNEL");
+        keyPairGenRequestDto.setReferenceId("SIGN");
+        keymanagerService.generateMasterKey("CSR", keyPairGenRequestDto);
+
+        // First sign
+        JWTSignatureRequestDto jwtSignRequestDto = new JWTSignatureRequestDto();
+        jwtSignRequestDto.setDataToSign(CryptoUtil.encodeToURLSafeBase64("{\"test\":\"data\"}".getBytes()));
+        jwtSignRequestDto.setIncludePayload(true);
+        jwtSignRequestDto.setIncludeCertificate(false);
+        JWTSignatureResponseDto signResponse = signatureService.jwtSign(jwtSignRequestDto);
+
+        // Then verify
+        JWTSignatureVerifyRequestDto verifyRequestDto = new JWTSignatureVerifyRequestDto();
+        verifyRequestDto.setJwtSignatureData(signResponse.getJwtSignedData());
+        JWTSignatureVerifyResponseDto verifyResponse = signatureService.jwtVerify(verifyRequestDto);
+
+        Assert.assertNotNull(verifyResponse);
+        Assert.assertTrue(verifyResponse.isSignatureValid());
+        Assert.assertEquals("Validation Successful", verifyResponse.getMessage());
+    }
+
+    @Test
+    public void testJsonParsingError() {
+        String signData = "ewogICJhbGciOiAiUlMyNTYiLAogIHg1YzogWwogICAgIlNmN21UV2pmOE91VWlVTksybXNYTXN2SEZhdjlmaGJJNkNvVlhyUlJPY0xPVFZrNk9lSSsrckZaQ0w4NDZsSk82MlpRTHZuZSs2IgogIF0sCiAgImtpZCI6ICJNQ1NTSjZBdjhiV0FZNzBXUk5nNHVPS04yLUhFMGRGOW1pWUI3Q2lqT1BzIgp9.eyAibW9kdWxlIjogIktleW1hbmFnZXIiLCAicHJvamVjdCI6ICJNb3NpcCIgfQ.bZIrGgpKoZAsL0NyKKshS78LzlvLp3xdlWiHtrB---UVL0cAenbMaxrjgWphQAzH4l2NCOz7BYeL1UN1sUvMOBCNfplRaG8aEDb4TTG6aQjMRXZg7LJJnuBQjuU4pdPLa8qYMBhW5nssc-WZ9DK4aLH2YW68FF4zUezvAsJWexftNkVE0n9Vf05sxI4olVh696t-xrNFsMDHlrHyOWVzkQOI6i9OMsyOqgBdo6hNJG7DXTzPRV_xKkiR3SGRP0AmF57zvS7kQm8SwkGQQE9rGYPqkLG1x_3pHL4P9NeqTT77kIcKR22lOyeWKcKR1NSzmDA_RKbJBD_w9kHF0hdytg";
+        JWTSignatureVerifyRequestDto verifyRequestDto = new JWTSignatureVerifyRequestDto();
+        verifyRequestDto.setJwtSignatureData(signData);
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtVerify(verifyRequestDto);
+        });
+        assertEquals(SignatureErrorCode.INVALID_VERIFY_INPUT.getErrorCode(), exception.getErrorCode());
+
+        exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtVerifyV2(verifyRequestDto);
+        });
+        assertEquals(SignatureErrorCode.INVALID_VERIFY_INPUT.getErrorCode(), exception.getErrorCode());
+    }
+
+    @Test
+    public void testJWSsignEmptyDataException() {
+        JWTSignatureRequestDto requestDto = new JWTSignatureRequestDto();
+        requestDto.setDataToSign("");
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtSign(requestDto);
+        });
+
+        assertEquals(SignatureErrorCode.INVALID_INPUT.getErrorCode(), exception.getErrorCode());
+    }
+
+    @Test
+    public void testSignV2EmptyDataException() {
+        SignRequestDtoV2 requestDto = new SignRequestDtoV2();
+        requestDto.setApplicationId("INVALID_APP_ID");
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureServicev2.signv2(requestDto);
+        });
+
+        assertEquals(SignatureErrorCode.SIGN_NOT_ALLOWED.getErrorCode(), exception.getErrorCode());
+
+        requestDto.setApplicationId("TEST");
+        exception = assertThrows(RequestException.class, () -> {
+            signatureServicev2.signv2(requestDto);
+        });
+        assertEquals(SignatureErrorCode.INVALID_INPUT.getErrorCode(), exception.getErrorCode());
+    }
+
+    @Test
+    public void rawSignException() {
+        SignRequestDtoV2 requestDto = new SignRequestDtoV2();
+        requestDto.setApplicationId("INVALID_APP_ID");
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureServicev2.rawSign(requestDto);
+        });
+
+        assertEquals(SignatureErrorCode.SIGN_NOT_ALLOWED.getErrorCode(), exception.getErrorCode());
+
+        requestDto.setApplicationId("TEST");
+        exception = assertThrows(RequestException.class, () -> {
+            signatureServicev2.rawSign(requestDto);
+        });
+
+        assertEquals(SignatureErrorCode.INVALID_INPUT.getErrorCode(), exception.getErrorCode());
+
+
+        KeyPairGenerateRequestDto keyPairGenRequestDto = new KeyPairGenerateRequestDto();
+        keyPairGenRequestDto.setApplicationId("KERNEL");
+        keyPairGenRequestDto.setReferenceId("SIGN");
+        keymanagerService.generateMasterKey("CSR", keyPairGenRequestDto);
+
+        requestDto.setApplicationId(null);
+        requestDto.setDataToSign("c2lnbiByYXcgZGF0YQ==");
+        requestDto.setResponseEncodingFormat("INVALID_FORMAT");
+        KeymanagerServiceException exception1 = assertThrows(KeymanagerServiceException.class, () -> {
+            signatureServicev2.rawSign(requestDto);
+        });
+        assertEquals(KeymanagerErrorConstant.INVALID_FORMAT_ERROR.getErrorCode(), exception1.getErrorCode());
+
+        requestDto.setResponseEncodingFormat("base64url");
+        SignResponseDtoV2 response = signatureServicev2.rawSign(requestDto);
+        Assert.assertNotNull(response);
+    }
+
+    @Test
+    public void testJWTSignV2Exception() {
+        JWTSignatureRequestDtoV2 requestDtoV2 = new JWTSignatureRequestDtoV2();
+        requestDtoV2.setApplicationId("INVALID_APP_ID");
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtSignV2(requestDtoV2);
+        });
+
+        assertEquals(SignatureErrorCode.SIGN_NOT_ALLOWED.getErrorCode(), exception.getErrorCode());
+
+        requestDtoV2.setApplicationId("TEST");
+        exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtSignV2(requestDtoV2);
+        });
+        assertEquals(SignatureErrorCode.INVALID_INPUT.getErrorCode(), exception.getErrorCode());
+
+        requestDtoV2.setDataToSign("c2lnbiByYXcgZGF0YQ==");
+        exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtSignV2(requestDtoV2);
+        });
+        assertEquals(SignatureErrorCode.INVALID_JSON.getErrorCode(), exception.getErrorCode());
+    }
+
+    @Test
+    public void testJWSsignV2Exception() {
+        JWSSignatureRequestDtoV2 requestDtoV2 = new JWSSignatureRequestDtoV2();
+        requestDtoV2.setApplicationId("INVALID_APP_ID");
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwsSignV2(requestDtoV2);
+        });
+
+        assertEquals(SignatureErrorCode.SIGN_NOT_ALLOWED.getErrorCode(), exception.getErrorCode());
+
+        requestDtoV2.setApplicationId("TEST");
+        exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwsSignV2(requestDtoV2);
+        });
+        assertEquals(SignatureErrorCode.INVALID_INPUT.getErrorCode(), exception.getErrorCode());
+
+        requestDtoV2.setDataToSign("c2lnbiByYXcgZGF0YQ==");
+        requestDtoV2.setValidateJson(true);
+        exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwsSignV2(requestDtoV2);
+        });
+        assertEquals(SignatureErrorCode.INVALID_JSON.getErrorCode(), exception.getErrorCode());
+    }
+
+    @Test
+    public void testJWTVerifyV2EmptySignData() {
+        JWTSignatureVerifyRequestDto verifyRequestDto = new JWTSignatureVerifyRequestDto();
+        verifyRequestDto.setJwtSignatureData("");
+
+        RequestException exception = assertThrows(RequestException.class, () -> {
+            signatureService.jwtVerifyV2(verifyRequestDto);
+        });
+
+        assertEquals(SignatureErrorCode.INVALID_INPUT.getErrorCode(), exception.getErrorCode());
     }
 }