pagopa · taglioni-r · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 24, 2024
@@ -2,10 +2,13 @@
 
 import { isAxiosError } from "axios";
 import {
+  AgreementComponentState,
   ApiKey,
   ClientAssertion,
   ConsumerKey,
+  EServiceComponentState,
   FailedValidation,
+  PurposeComponentState,
   SuccessfulValidation,
   validateClientKindAndPlatformState,
   validateRequestParameters,
@@ -16,9 +19,11 @@ import {
   AgreementId,
   ApiError,
   ClientId,
+  DescriptorId,
   EServiceId,
   ItemState,
   PurposeId,
+  PurposeVersionId,
   TenantId,
   unsafeBrandId,
 } from "pagopa-interop-models";
@@ -320,9 +325,9 @@ async function retrieveKeyAndEservice(
         consumerId: unsafeBrandId<TenantId>(keyWithClient.client.consumerId),
         agreementId: unsafeBrandId<AgreementId>(agreement.id),
         eServiceId: unsafeBrandId<EServiceId>(agreement.eserviceId),
-        agreementState: agreementStateToItemState(agreement.state),
-        purposeState: retrievePurposeItemState(purpose),
-        descriptorState: descriptorStateToItemState(descriptor.state),
+        agreementState: agreementStateToComponentState(agreement.state),
+        purposeState: purposeToComponentState(purpose),
+        eServiceState: descriptorToComponentState(descriptor),
       },
       eservice,
       descriptor,
@@ -374,7 +379,9 @@ async function retrieveDescriptor(
   return descriptor;
 }
 
-function retrievePurposeItemState(purpose: purposeApi.Purpose): ItemState {
+function purposeToComponentState(
+  purpose: purposeApi.Purpose
+): PurposeComponentState {
   const purposeVersion = [...purpose.versions]
     .sort(
       (a, b) =>
@@ -391,9 +398,13 @@ function retrievePurposeItemState(purpose: purposeApi.Purpose): ItemState {
     throw missingActivePurposeVersion(purpose.id);
   }
 
-  return purposeVersion.state === purposeApi.PurposeVersionState.Enum.ACTIVE
-    ? ItemState.Enum.ACTIVE
-    : ItemState.Enum.INACTIVE;
+  return {
+    state:
+      purposeVersion.state === purposeApi.PurposeVersionState.Enum.ACTIVE
+        ? ItemState.Enum.ACTIVE
+        : ItemState.Enum.INACTIVE,
+    versionId: unsafeBrandId<PurposeVersionId>(purposeVersion.id),
+  };
 }
 
 function toTokenValidationEService(
@@ -408,20 +419,27 @@ function toTokenValidationEService(
   };
 }
 
-const agreementStateToItemState = (
+const agreementStateToComponentState = (
   state: agreementApi.AgreementState
-): ItemState =>
-  state === agreementApi.AgreementState.Values.ACTIVE
-    ? ItemState.Enum.ACTIVE
-    : ItemState.Enum.INACTIVE;
-
-const descriptorStateToItemState = (
-  state: catalogApi.EServiceDescriptorState
-): ItemState =>
-  state === catalogApi.EServiceDescriptorState.Enum.PUBLISHED ||
-  state === catalogApi.EServiceDescriptorState.Enum.DEPRECATED
-    ? ItemState.Enum.ACTIVE
-    : ItemState.Enum.INACTIVE;
+): AgreementComponentState => ({
+  state:
+    state === agreementApi.AgreementState.Values.ACTIVE
+      ? ItemState.Enum.ACTIVE
+      : ItemState.Enum.INACTIVE,
+});
+
+const descriptorToComponentState = (
+  descriptor: catalogApi.EServiceDescriptor
+): EServiceComponentState => ({
+  state:
+    descriptor.state === catalogApi.EServiceDescriptorState.Enum.PUBLISHED ||
+    descriptor.state === catalogApi.EServiceDescriptorState.Enum.DEPRECATED
+      ? ItemState.Enum.ACTIVE
+      : ItemState.Enum.INACTIVE,
+  descriptorId: unsafeBrandId<DescriptorId>(descriptor.id),
+  audience: descriptor.audience,
+  voucherLifespan: descriptor.voucherLifespan,
+});
 
 function apiErrorsToValidationFailures<T extends string>(
   errors: Array<ApiError<T>> | undefined

@@ -3,9 +3,11 @@ import {
   ApiError,
   ClientId,
   clientKindTokenStates,
+  DescriptorId,
   EServiceId,
   ItemState,
   PurposeId,
+  PurposeVersionId,
   TenantId,
 } from "pagopa-interop-models";
 import { z } from "zod";
@@ -50,7 +52,31 @@ export const ClientAssertion = z
   .strict();
 export type ClientAssertion = z.infer<typeof ClientAssertion>;
 
+const ComponentState = z.object({
+  state: ItemState,
+});
+
+export type ComponentState = z.infer<typeof ComponentState>;
+
+const AgreementComponentState = ComponentState;
+export type AgreementComponentState = z.infer<typeof AgreementComponentState>;
+
+const EServiceComponentState = ComponentState.extend({
+  descriptorId: DescriptorId,
+  audience: z.array(z.string()),
+  voucherLifespan: z.number(),
+});
+
+export type EServiceComponentState = z.infer<typeof EServiceComponentState>;
+
+const PurposeComponentState = ComponentState.extend({
+  versionId: PurposeVersionId,
+});
+
+export type PurposeComponentState = z.infer<typeof PurposeComponentState>;
+
 export const Base64Encoded = z.string().base64().min(1);
+
 export const Key = z
   .object({
     clientId: ClientId,
@@ -65,11 +91,12 @@ export type Key = z.infer<typeof Key>;
 export const ConsumerKey = Key.extend({
   clientKind: z.literal(clientKindTokenStates.consumer),
   purposeId: PurposeId,
-  purposeState: ItemState,
+  // TODO: can we rename the type to purposeDetails or something similar (avoid misleading "state" term)?
+  purposeState: PurposeComponentState,
   agreementId: AgreementId,
-  agreementState: ItemState,
+  agreementState: AgreementComponentState,
   eServiceId: EServiceId,
-  descriptorState: ItemState,
+  eServiceState: EServiceComponentState,
 }).strict();
 export type ConsumerKey = z.infer<typeof ConsumerKey>;
 

@@ -193,13 +193,17 @@ export const validatePlatformState = (
   key: ConsumerKey
 ): ValidationResult<ConsumerKey> => {
   const agreementError =
-    key.agreementState !== itemState.active ? inactiveAgreement() : undefined;
+    key.agreementState.state !== itemState.active
+      ? inactiveAgreement()
+      : undefined;
 
   const descriptorError =
-    key.descriptorState !== itemState.active ? inactiveEService() : undefined;
+    key.eServiceState.state !== itemState.active
+      ? inactiveEService()
+      : undefined;
 
   const purposeError =
-    key.purposeState !== itemState.active ? inactivePurpose() : undefined;
+    key.purposeState.state !== itemState.active ? inactivePurpose() : undefined;
 
   if (!agreementError && !descriptorError && !purposeError) {
     return successfulValidation(key);

@@ -2,12 +2,17 @@ import crypto from "crypto";
 import {
   ClientId,
   clientKindTokenStates,
+  DescriptorId,
   generateId,
   itemState,
   PurposeId,
+  PurposeVersionId,
   TenantId,
 } from "pagopa-interop-models";
-import * as jose from "jose";
+import {
+  generateKeySet,
+  getMockClientAssertion,
+} from "pagopa-interop-commons-test";
 import {
   ApiKey,
   ClientAssertionValidationRequest,
@@ -21,96 +26,7 @@ import {
 
 export const value64chars = crypto.randomBytes(32).toString("hex");
 
-export const getMockClientAssertion = async (props?: {
-  standardClaimsOverride?: Partial<jose.JWTPayload>;
-  customClaims?: { [k: string]: unknown };
-  customHeader?: { [k: string]: unknown };
-}): Promise<{
-  jws: string;
-  publicKeyEncodedPem: string;
-}> => {
-  const { keySet, publicKeyEncodedPem } = generateKeySet();
-
-  const clientId = generateId<ClientId>();
-  const defaultPayload: jose.JWTPayload = {
-    iss: clientId,
-    sub: clientId,
-    aud: ["test.interop.pagopa.it", "dev.interop.pagopa.it"],
-    exp: 60,
-    jti: generateId(),
-    iat: 5,
-  };
-
-  const actualPayload: jose.JWTPayload = {
-    ...defaultPayload,
-    ...props?.standardClaimsOverride,
-    ...props?.customClaims,
-  };
-
-  const headers: jose.JWTHeaderParameters = {
-    alg: "RS256",
-    kid: "kid",
-    ...props?.customHeader,
-  };
-
-  const jws = await signClientAssertion({
-    payload: actualPayload,
-    headers,
-    keySet,
-  });
-
-  return {
-    jws,
-    publicKeyEncodedPem,
-  };
-};
-
-export const generateKeySet = (): {
-  keySet: crypto.KeyPairKeyObjectResult;
-  publicKeyEncodedPem: string;
-} => {
-  const keySet: crypto.KeyPairKeyObjectResult = crypto.generateKeyPairSync(
-    "rsa",
-    {
-      modulusLength: 2048,
-    }
-  );
-
-  const pemPublicKey = keySet.publicKey
-    .export({
-      type: "spki",
-      format: "pem",
-    })
-    .toString();
-
-  const publicKeyEncodedPem = Buffer.from(pemPublicKey).toString("base64");
-  return {
-    keySet,
-    publicKeyEncodedPem,
-  };
-};
-
-const signClientAssertion = async ({
-  payload,
-  headers,
-  keySet,
-}: {
-  payload: jose.JWTPayload;
-  headers: jose.JWTHeaderParameters;
-  keySet: crypto.KeyPairKeyObjectResult;
-}): Promise<string> => {
-  const pemPrivateKey = keySet.privateKey.export({
-    type: "pkcs8",
-    format: "pem",
-  });
-
-  const privateKey = crypto.createPrivateKey(pemPrivateKey);
-  return await new jose.SignJWT(payload)
-    .setProtectedHeader(headers)
-    .sign(privateKey);
-};
-
-export const getMockKey = (): Key => ({
+export const getMockTokenKey = (): Key => ({
   clientId: generateId<ClientId>(),
   consumerId: generateId<TenantId>(),
   kid: "kid",
@@ -119,18 +35,26 @@ export const getMockKey = (): Key => ({
 });
 
 export const getMockConsumerKey = (): ConsumerKey => ({
-  ...getMockKey(),
+  ...getMockTokenKey(),
   purposeId: generateId<PurposeId>(),
   clientKind: clientKindTokenStates.consumer,
-  purposeState: itemState.active,
+  purposeState: {
+    state: itemState.active,
+    versionId: generateId<PurposeVersionId>(),
+  },
   agreementId: generateId(),
-  agreementState: itemState.active,
+  agreementState: { state: itemState.active },
   eServiceId: generateId(),
-  descriptorState: itemState.active,
+  eServiceState: {
+    state: itemState.active,
+    descriptorId: generateId<DescriptorId>(),
+    audience: ["test.interop.pagopa.it"],
+    voucherLifespan: 60,
+  },
 });
 
 export const getMockApiKey = (): ApiKey => ({
-  ...getMockKey(),
+  ...getMockTokenKey(),
   clientKind: clientKindTokenStates.api,
 });