Release 1.3.x testcase

kernel/kernel-keymanager-service/pom.xml

@@ -144,6 +144,12 @@
 			<version>${mockito.core.version}</version>
 			<scope>test</scope>
 		</dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <version>${mockito.core.version}</version>
+            <scope>test</scope>
+        </dependency>
 		<dependency>
 			<groupId>com.h2database</groupId>
 			<artifactId>h2</artifactId>

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/SignatureService.java

@@ -3,6 +3,9 @@
 import io.mosip.kernel.core.signatureutil.model.SignatureResponse;
 import io.mosip.kernel.signature.dto.*;
 
+import java.security.cert.Certificate;
+import java.util.List;
+
 public interface SignatureService {
 	/**
 	 * Validate signature
@@ -74,4 +77,22 @@ public interface SignatureService {
 	 */
 	public JWTSignatureVerifyResponseDto jwtVerifyV2(JWTSignatureVerifyRequestDto jwtSignatureVerifyRequestDto);
 
+    /**
+     * Validate trust for the given JWT signature verify request.
+     *
+     * @param jwtVerifyRequestDto the JWTSignatureVerifyRequestDto
+     * @param reqCertData         the certificate data from the request
+     * @return a String indicating the validation result
+     */
+    public String validateTrust(JWTSignatureVerifyRequestDto jwtVerifyRequestDto, Certificate reqCertData);
+
+    /**
+     * Validate trust for the given JWT signature verify request with Certificate Chain.
+     *
+     * @param jwtVerifyRequestDto the JWTSignatureVerifyRequestDto
+     * @param headerCertificates   the list of certificates from the JWT header
+     * @param reqCertData         the certificate data from the request
+     * @return a String indicating the validation result
+     */
+    public String validateTrustV2(JWTSignatureVerifyRequestDto jwtVerifyRequestDto, List<Certificate> headerCertificates, String reqCertData);
 }

kernel/kernel-keymanager-service/src/main/java/io/mosip/kernel/signature/service/impl/SignatureServiceImpl.java

@@ -148,7 +148,7 @@ public class SignatureServiceImpl implements SignatureService, SignatureServicev
 
 	private static Map<String, SignatureProvider> SIGNATURE_PROVIDER = new HashMap<>();
 
-//	AlgorithmFactory<JsonWebSignatureAlgorithm> jwsAlgorithmFactory;
+//	AlgorithmFactory<JsonWebSignatureAlgorithm> jwsAlgorithmFactory; //no usage
 
 	static {
 		SIGNATURE_PROVIDER.put(SignatureConstant.JWS_PS256_SIGN_ALGO_CONST, new PS256SIgnatureProviderImpl());
@@ -664,7 +664,7 @@ private boolean verifySignature(String[] jwtTokens, String actualData, Certifica
 		}
 	}
 
-	private String validateTrust(JWTSignatureVerifyRequestDto jwtVerifyRequestDto, Certificate reqCertToVerify) {
+	public String validateTrust(JWTSignatureVerifyRequestDto jwtVerifyRequestDto, Certificate reqCertToVerify) {
 		LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
 				"JWT Signature Verification Request - Trust Validation.");
 		boolean validateTrust = SignatureUtil.isIncludeAttrsValid(jwtVerifyRequestDto.getValidateTrust());
@@ -1274,37 +1274,37 @@ private List<Certificate> certificateExistsInHeaderV2(String jwtHeader) {
 		if (jwtTokenHeadersMap.containsKey(SignatureConstant.JWT_HEADER_CERT_KEY)) {
 			LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
 					"Certificate found in JWT Header.");
-			List<String> certList = (List<String>) jwtTokenHeadersMap.get(SignatureConstant.JWT_HEADER_CERT_KEY);
-			List<Certificate> certChain = new ArrayList<>();
-			for (String certData : certList) {
-				certChain.add(keymanagerUtil.convertToCertificate(Base64.decodeBase64(certData)));
-			}
-			return certChain;
-		}
-		LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
-				"Certificate not found in JWT Header.");
-		return null;
-	}
+            List<String> certList = (List<String>) jwtTokenHeadersMap.get(SignatureConstant.JWT_HEADER_CERT_KEY);
+            List<Certificate> certChain = new ArrayList<>();
+            for (String certData : certList) {
+                certChain.add(keymanagerUtil.convertToCertificate(Base64.decodeBase64(certData)));
+            }
+            return certChain;
+        }
+        LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
+                "Certificate not found in JWT Header.");
+        return null;
+    }
 
-	private String validateTrustV2(JWTSignatureVerifyRequestDto jwtVerifyRequestDto, List<Certificate> headerCertificateChain, String reqCertData) {
-		LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
-				"JWT Signature Verification Request - Trust Validation.");
-		boolean validateTrust = SignatureUtil.isIncludeAttrsValid(jwtVerifyRequestDto.getValidateTrust());
-		if (!validateTrust) {
-			return SignatureConstant.TRUST_NOT_VERIFIED;
-		}
+    public String validateTrustV2(JWTSignatureVerifyRequestDto jwtVerifyRequestDto, List<Certificate> headerCertificateChain, String reqCertData) {
+        LOGGER.info(SignatureConstant.SESSIONID, SignatureConstant.JWT_SIGN, SignatureConstant.BLANK,
+                "JWT Signature Verification Request - Trust Validation.");
+        boolean validateTrust = SignatureUtil.isIncludeAttrsValid(jwtVerifyRequestDto.getValidateTrust());
+        if (!validateTrust) {
+            return SignatureConstant.TRUST_NOT_VERIFIED;
+        }
 
-		List<X509Certificate> x509CertChain = headerCertificateChain.stream()
-				.map(cert -> (X509Certificate) cert)
-				.toList();
+        List<X509Certificate> x509CertChain = headerCertificateChain.stream()
+                .map(cert -> (X509Certificate) cert)
+                .toList();
 
-		X509Certificate rootCert = x509CertChain.getLast();
+        X509Certificate rootCert = x509CertChain.getLast();
 
-		Set<X509Certificate> intermediateCerts = new HashSet<>();
-		intermediateCerts.addAll(x509CertChain.subList(0, x509CertChain.size() - 1));
+        Set<X509Certificate> intermediateCerts = new HashSet<>();
+        intermediateCerts.addAll(x509CertChain.subList(0, x509CertChain.size() - 1));
 
         String domain = jwtVerifyRequestDto.getDomain();
-		if(!SignatureUtil.isDataValid(domain))
+        if (!SignatureUtil.isDataValid(domain))
 			return SignatureConstant.TRUST_NOT_VERIFIED_NO_DOMAIN;
 
 		X509Certificate leafCert = x509CertChain.getFirst();