[MOSIP-25539] Made corrections in API body, Task 1,5 (mosip#660)

* [MOSIP-24670] Updated API correction id and version

* [MOSIP-24670] Updated API body correction

* [MOSIP-22640] Fixed Sonar Bugs

* updated PR

* updated PR

* updated review code

* [MOSIP-22640] Fixed sonar bugs

* updated PR

* updated PR

* [MOSIP-22639] Resolved security hotspots in code

* [MOSIP-24630] Fixed Security Vulnerability in code

* added error for isValidUrl method

* renamed vaildateURL method

* updated PR

* updated PR

* [MOSIP-24670] Made corrections in  id and version

* resolved conflicts

* updated PR

* updated PR

* [MOSIP-24670] Made corrections n API body, response code

* updated PR

* updated PR

* updated dateTime

* updated PR

* [MOSIP-25539] Made corrections in API body, response code

* [MOSIP-25539] made corrections in API body

* updated error message

* updated error code

resident/resident-service/src/main/java/io/mosip/resident/constant/TransactionStage.java

@@ -20,6 +20,10 @@ public enum TransactionStage {
         this.name = name;
         this.listOfName = listOfName;
     }
+
+    public String getName() {
+    	return name;
+    }
 
     public static String getTypeCode(String transactionTypeCode){
         for (TransactionStage transactionStage : values()) {

resident/resident-service/src/main/java/io/mosip/resident/controller/DownloadCardController.java

@@ -133,9 +133,9 @@ public ResponseEntity<Object> requestVidCard(@PathVariable("VID") String vid) th
 				.body(tupleResponse.getT1());
     }
 
-    @GetMapping("/status/individualId/{individualId}")
-    public ResponseEntity<Object> getStatus(@PathVariable("individualId") String individualId) throws BaseCheckedException, IOException {
-        ResponseWrapper<CheckStatusResponseDTO> responseWrapper = downloadCardService.getIndividualIdStatus(individualId);
+    @GetMapping("/aid-stage/{aid}")
+    public ResponseEntity<Object> getStatus(@PathVariable("aid") String aid) throws BaseCheckedException, IOException {
+        ResponseWrapper<CheckStatusResponseDTO> responseWrapper = downloadCardService.getIndividualIdStatus(aid);
         return ResponseEntity.ok()
                 .body(responseWrapper);
     }

resident/resident-service/src/main/java/io/mosip/resident/controller/ResidentController.java

@@ -115,6 +115,12 @@ public class ResidentController {
 
 	@Value("${resident.download.card.eventid.version}")
 	private String downloadCardEventidVersion;
+
+	@Value("${resident.vid.version.new}")
+	private String newVersion;
+
+	@Value("${resident.checkstatus.id}")
+	private String checkStatusId;
 
 	private static final Logger logger = LoggerConfiguration.logConfig(ResidentController.class);
 
@@ -471,7 +477,7 @@ private String getIdType(String id) {
 	}
 
 	@ResponseFilter
-	@PostMapping("/aid/get-individual-id")
+	@PostMapping("/aid/status")
 	@Operation(summary = "checkAidStatus", description = "Get AID Status", tags = { "resident-controller" })
 	@ApiResponses(value = { @ApiResponse(responseCode = "200", description = "OK"),
 			@ApiResponse(responseCode = "201", description = "Created", content = @Content(schema = @Schema(hidden = true))),
@@ -488,6 +494,8 @@ public ResponseWrapper<AidStatusResponseDTO> checkAidStatus(@RequestBody Request
 		logger.debug("ResidentController::getAidStatus()::exit");
 		ResponseWrapper<AidStatusResponseDTO> responseWrapper = new ResponseWrapper<>();
 		responseWrapper.setResponse(resp);
+		responseWrapper.setId(checkStatusId);
+		responseWrapper.setVersion(newVersion);
 		return responseWrapper;
 	}
 

resident/resident-service/src/main/java/io/mosip/resident/controller/ResidentOtpController.java

@@ -3,12 +3,13 @@
 import java.security.NoSuchAlgorithmException;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
 import io.mosip.resident.constant.ResidentErrorCode;
-import io.mosip.resident.dto.AidOtpRequestDTO;
+import io.mosip.resident.dto.IndividualIdOtpRequestDTO;
 import io.mosip.resident.dto.OtpRequestDTO;
 import io.mosip.resident.dto.OtpResponseDTO;
 import io.mosip.resident.exception.ApisResourceAccessException;
@@ -32,6 +33,12 @@ public class ResidentOtpController {
 
 	@Autowired
 	private AuditUtil audit;
+
+	@Value("${mosip.resident.api.id.otp.request}")
+	private String otpRequestId;
+
+	@Value("${resident.version.new}")
+	private String otpRequestVersion;
 
 	@PostMapping(value = "/req/otp")
 	@Operation(summary = "reqOtp", description = "reqOtp", tags = { "resident-otp-controller" })
@@ -49,20 +56,22 @@ public OtpResponseDTO reqOtp(@RequestBody OtpRequestDTO otpRequestDto) throws Re
 	}
 
 	@PostMapping(value = "/req/individualId/otp")
-	@Operation(summary = "reqAidOtp", description = "reqAidOtp", tags = { "resident-otp-controller" })
+	@Operation(summary = "reqIndividualIdOtp", description = "reqIndividualIdOtp", tags = { "resident-otp-controller" })
 	@ApiResponses(value = {
 			@ApiResponse(responseCode = "200", description = "OK"),
 			@ApiResponse(responseCode = "201", description = "Created" ,content = @Content(schema = @Schema(hidden = true))),
 			@ApiResponse(responseCode = "401", description = "Unauthorized" ,content = @Content(schema = @Schema(hidden = true))),
 			@ApiResponse(responseCode = "403", description = "Forbidden" ,content = @Content(schema = @Schema(hidden = true))),
 			@ApiResponse(responseCode = "404", description = "Not Found" ,content = @Content(schema = @Schema(hidden = true)))})
-	public OtpResponseDTO reqOtpForAid(@RequestBody AidOtpRequestDTO otpRequestDto) throws ResidentServiceCheckedException, NoSuchAlgorithmException, ApisResourceAccessException {
-		audit.setAuditRequestDto(EventEnum.OTP_AID_GEN);
-		if(otpRequestDto.getAid() == null) {
-			throw new ResidentServiceCheckedException(ResidentErrorCode.INVALID_INPUT.getErrorCode(), ResidentErrorCode.INVALID_INPUT.getErrorMessage() + "aid");
+	public OtpResponseDTO reqOtpForIndividualId(@RequestBody IndividualIdOtpRequestDTO otpRequestDto) throws ResidentServiceCheckedException, NoSuchAlgorithmException, ApisResourceAccessException {
+		audit.setAuditRequestDto(EventEnum.OTP_INDIVIDUALID_GEN);
+		if(otpRequestDto.getIndividualId()  == null) {
+			throw new ResidentServiceCheckedException(ResidentErrorCode.INVALID_INPUT.getErrorCode(), ResidentErrorCode.INVALID_INPUT.getErrorMessage() + "individualId");
 		}
-		OtpResponseDTO otpResponseDTO = residentOtpService.generateOtpForAid(otpRequestDto);
-		audit.setAuditRequestDto(EventEnum.OTP_AID_GEN_SUCCESS);
+		OtpResponseDTO otpResponseDTO = residentOtpService.generateOtpForIndividualId(otpRequestDto);
+		audit.setAuditRequestDto(EventEnum.OTP_INDIVIDUALID_GEN_SUCCESS);
+		otpResponseDTO.setId(otpRequestId);
+		otpResponseDTO.setVersion(otpRequestVersion);
 		return otpResponseDTO;
 	}
 

resident/resident-service/src/main/java/io/mosip/resident/dto/AidStatusRequestDTO.java

@@ -7,6 +7,6 @@ public class AidStatusRequestDTO {
 
 	private String aid;
 	private String otp;
-	private String transactionID;
+	private String transactionId;
 
 }

resident/resident-service/src/main/java/io/mosip/resident/dto/AidStatusResponseDTO.java

@@ -6,8 +6,7 @@
 public class AidStatusResponseDTO {
 
 	private String individualId;
-	private String individualIdType;
-	private String transactionID;
+	private String transactionId;
 	private String aidStatus;
 
 }

resident/resident-service/src/main/java/io/mosip/resident/dto/AidOtpRequestDTO.java → resident/resident-service/src/main/java/io/mosip/resident/dto/IndividualIdOtpRequestDTO.java

@@ -6,15 +6,15 @@
 /**
  * This class is used to provide request for OTP generation.
  * 
- * @author Dinesh Karuppiah
+ * @author Aiham Hasan
  *
  */
 
 @Data
 @EqualsAndHashCode(callSuper=true)
-public class AidOtpRequestDTO extends OtpRequestDTO{
+public class IndividualIdOtpRequestDTO extends OtpRequestDTO{
 
 	/** Variable to hold individualID */
-	private String aid;
+	private String individualId;
 
 }

resident/resident-service/src/main/java/io/mosip/resident/dto/OtpRequestDTO.java

@@ -22,7 +22,7 @@ public class OtpRequestDTO {
 	private String version;
 
 	/** Variable to hold Transaction ID */
-	private String transactionID;
+	private String transactionId;
 
 	/** Variable to hold Request time */
 	private String requestTime;

resident/resident-service/src/main/java/io/mosip/resident/dto/OtpResponseDTO.java

@@ -22,7 +22,7 @@ public class OtpResponseDTO {
 	private String version;
 
 	/** Variable to hold id */
-	private String transactionID;
+	private String transactionId;
 
 	/** Variable to hold id */
 	private String responseTime;

resident/resident-service/src/main/java/io/mosip/resident/service/ResidentOtpService.java

@@ -1,6 +1,6 @@
 package io.mosip.resident.service;
 
-import io.mosip.resident.dto.AidOtpRequestDTO;
+import io.mosip.resident.dto.IndividualIdOtpRequestDTO;
 import io.mosip.resident.dto.OtpRequestDTO;
 import io.mosip.resident.dto.OtpResponseDTO;
 import io.mosip.resident.exception.ApisResourceAccessException;
@@ -23,6 +23,6 @@ public interface ResidentOtpService {
 
 	public void insertData(OtpRequestDTO otpRequestDTO) throws ResidentServiceCheckedException, NoSuchAlgorithmException, ApisResourceAccessException;
 
-	public OtpResponseDTO generateOtpForAid(AidOtpRequestDTO otpRequestDto) throws NoSuchAlgorithmException, ResidentServiceCheckedException, ApisResourceAccessException;
+	public OtpResponseDTO generateOtpForIndividualId(IndividualIdOtpRequestDTO otpRequestDto) throws NoSuchAlgorithmException, ResidentServiceCheckedException, ApisResourceAccessException;
 
 }

resident/resident-service/src/main/java/io/mosip/resident/service/impl/DownloadCardServiceImpl.java

@@ -13,6 +13,7 @@
 import io.mosip.resident.constant.RequestType;
 import io.mosip.resident.constant.ResidentConstants;
 import io.mosip.resident.constant.ResidentErrorCode;
+import io.mosip.resident.constant.TransactionStage;
 import io.mosip.resident.dto.CheckStatusResponseDTO;
 import io.mosip.resident.dto.CredentialReqestDto;
 import io.mosip.resident.dto.DownloadCardRequestDTO;
@@ -124,7 +125,15 @@ public Tuple2<byte[], String> getDownloadCardPDF(MainRequestDTO<DownloadCardRequ
                 String idType = identityService.getIndividualIdType(individualId);
                 if (idType.equalsIgnoreCase(AID)) {
                     rid = individualId;
-                    pdfBytes = residentService.getUINCard(rid);
+                    HashMap<String, String> ridStatus = utilities.getPacketStatus(rid);
+                    String transactionTypeCode = ridStatus.get(ResidentConstants.TRANSACTION_TYPE_CODE);
+                    String aidStatus = ridStatus.get(ResidentConstants.AID_STATUS);
+                    if (transactionTypeCode==TransactionStage.CARD_READY_TO_DOWNLOAD.getName() && aidStatus==EventStatus.SUCCESS.name()) {
+                    	pdfBytes = residentService.getUINCard(rid);
+                    } else {
+                         throw new ResidentServiceException(ResidentErrorCode.CARD_NOT_READY.getErrorCode(),
+                                ResidentErrorCode.CARD_NOT_READY.getErrorMessage());
+                    }
                 } else if (idType.equalsIgnoreCase(VID)) {
                     ResidentTransactionEntity residentTransactionEntity = residentTransactionRepository.findTopByAidOrderByCrDtimesDesc(individualId);
                     if(residentTransactionEntity !=null ){
@@ -382,8 +391,8 @@ public Tuple2<ResponseWrapper<VidDownloadCardResponseDto>, String> getVidCardEve
     }
 
     @Override
-    public ResponseWrapper<CheckStatusResponseDTO> getIndividualIdStatus(String individualId) throws ApisResourceAccessException, IOException {
-        HashMap<String, String> packetStatusMap = utilities.getPacketStatus(individualId);
+    public ResponseWrapper<CheckStatusResponseDTO> getIndividualIdStatus(String aid) throws ApisResourceAccessException, IOException {
+        HashMap<String, String> packetStatusMap = utilities.getPacketStatus(aid);
         return getCheckStatusResponse(packetStatusMap);
     }
 

resident/resident-service/src/main/java/io/mosip/resident/service/impl/ResidentOtpServiceImpl.java

@@ -8,7 +8,7 @@
 import io.mosip.resident.constant.ResidentConstants;
 import io.mosip.resident.constant.ResidentErrorCode;
 import io.mosip.resident.constant.ServiceType;
-import io.mosip.resident.dto.AidOtpRequestDTO;
+import io.mosip.resident.dto.IndividualIdOtpRequestDTO;
 import io.mosip.resident.dto.OtpRequestDTO;
 import io.mosip.resident.dto.OtpResponseDTO;
 import io.mosip.resident.entity.ResidentTransactionEntity;
@@ -97,7 +97,7 @@ public void insertData(OtpRequestDTO otpRequestDTO) throws ResidentServiceChecke
 		residentTransactionEntity.setEventId(utilitiy.createEventId());
 		residentTransactionEntity.setRequestDtimes(LocalDateTime.now());
 		residentTransactionEntity.setResponseDtime(LocalDateTime.now());
-		residentTransactionEntity.setRequestTrnId(otpRequestDTO.getTransactionID());
+		residentTransactionEntity.setRequestTrnId(otpRequestDTO.getTransactionId());
 		residentTransactionEntity.setRequestTypeCode(RequestType.SEND_OTP.name());
 		String attributeList = otpRequestDTO.getOtpChannel().stream().collect(Collectors.joining(", "));
 		residentTransactionEntity.setAttributeList(attributeList);
@@ -124,11 +124,11 @@ private String getRefIdHash(String individualId) throws NoSuchAlgorithmException
 	}
 
 	@Override
-	public OtpResponseDTO generateOtpForAid(AidOtpRequestDTO otpRequestDto)
+	public OtpResponseDTO generateOtpForIndividualId(IndividualIdOtpRequestDTO otpRequestDto)
 			throws NoSuchAlgorithmException, ResidentServiceCheckedException, ApisResourceAccessException {
 		String individualId;
 		try {
-			individualId = identityServiceImpl.getIndividualIdForAid(otpRequestDto.getAid());
+			individualId = identityServiceImpl.getIndividualIdForAid(otpRequestDto.getIndividualId());
 			otpRequestDto.setIndividualId(individualId);
 			return generateOtp(otpRequestDto);
 		} catch (ResidentServiceCheckedException | ApisResourceAccessException e) {

resident/resident-service/src/main/java/io/mosip/resident/service/impl/ResidentServiceImpl.java

@@ -1940,13 +1940,13 @@ public AidStatusResponseDTO getAidStatus(AidStatusRequestDTO reqDto, boolean per
 			String individualId = identityServiceImpl.getIndividualIdForAid(reqDto.getAid());
 			boolean validStatus = individualId != null;
 			if (performOtpValidation) {
-				validStatus = idAuthServiceImpl.validateOtp(reqDto.getTransactionID(), individualId, reqDto.getOtp());
+				validStatus = idAuthServiceImpl.validateOtp(reqDto.getTransactionId(), individualId, reqDto.getOtp());
 			}
 			if (validStatus) {
 				AidStatusResponseDTO aidStatusResponseDTO = new AidStatusResponseDTO();
 				aidStatusResponseDTO.setIndividualId(individualId);
 				aidStatusResponseDTO.setAidStatus(PROCESSED);
-				aidStatusResponseDTO.setTransactionID(reqDto.getTransactionID());
+				aidStatusResponseDTO.setTransactionId(reqDto.getTransactionId());
 				return aidStatusResponseDTO;
 			}
 			throw new ResidentServiceCheckedException(ResidentErrorCode.AID_STATUS_IS_NOT_READY);

resident/resident-service/src/main/java/io/mosip/resident/util/EventEnum.java

@@ -455,10 +455,10 @@ public enum EventEnum {
 			"Residence service", "NO_ID", "NO_ID_TYPE", RegistrationConstants.APPLICATIONID,
 			RegistrationConstants.APPLICATIONNAME),
 
-	OTP_AID_GEN("RES-SER-194", RegistrationConstants.SYSTEM, "generating otp for aid", "Request for generating otp for aid", "RES-SER",
+	OTP_INDIVIDUALID_GEN("RES-SER-194", RegistrationConstants.SYSTEM, "generating otp for Individual ID", "Request for generating otp for Individual ID", "RES-SER",
 			"Residence service", "NO_ID", "NO_ID_TYPE", RegistrationConstants.APPLICATIONID,
 			RegistrationConstants.APPLICATIONNAME),
-	OTP_AID_GEN_SUCCESS("RES-SER-195", RegistrationConstants.SYSTEM, "generating otp for aid success", "otp generation for aid is success",
+	OTP_INDIVIDUALID_GEN_SUCCESS("RES-SER-195", RegistrationConstants.SYSTEM, "generating otp for Individual ID success", "otp generation for Individual ID is success",
 			"RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE", RegistrationConstants.APPLICATIONID,
 			RegistrationConstants.APPLICATIONNAME),
 	OTP_AID_GEN_EXCEPTION("RES-SER-196", RegistrationConstants.SYSTEM, "generating otp for aid failure", "otp generation for aid is failed",
@@ -480,12 +480,18 @@ public enum EventEnum {
 	AID_STATUS("RES-SER-210", RegistrationConstants.SYSTEM, "Checking AID status", "Request for checking AID status",
 			"RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE", RegistrationConstants.APPLICATIONID,
 			RegistrationConstants.APPLICATIONNAME),
+	INDIVIDUALID_STATUS("RES-SER-210", RegistrationConstants.SYSTEM, "Checking Individual ID status", "Request for checking Individual ID status",
+			"RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE", RegistrationConstants.APPLICATIONID,
+			RegistrationConstants.APPLICATIONNAME),
 	AID_STATUS_RESPONSE("RES-SER-211", RegistrationConstants.SYSTEM, "Checking AID status Response", "AID status is %s",
 			"RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE", RegistrationConstants.APPLICATIONID,
 			RegistrationConstants.APPLICATIONNAME),
 	AID_STATUS_SUCCESS("RES-SER-212", RegistrationConstants.SYSTEM, "Checking AID status Success",
 			"Request for checking AID status is success", "RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE",
 			RegistrationConstants.APPLICATIONID, RegistrationConstants.APPLICATIONNAME),
+	INDIVIDUALID_STATUS_SUCCESS("RES-SER-212", RegistrationConstants.SYSTEM, "Checking Individual ID status Success",
+			"Request for checking Individual ID status is success", "RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE",
+			RegistrationConstants.APPLICATIONID, RegistrationConstants.APPLICATIONNAME),
 	REQ_AUTH_TYPE_LOCK("RES-SER-213", RegistrationConstants.SYSTEM, "Request auth type lock",
 			"Requesting auth type lock is success", "RES-SER", "Residence service", "NO_ID", "NO_ID_TYPE",
 			RegistrationConstants.APPLICATIONID, RegistrationConstants.APPLICATIONNAME),

resident/resident-service/src/main/java/io/mosip/resident/validator/RequestValidator.java

@@ -679,6 +679,25 @@ public boolean validateRequest(RequestWrapper<?> request, RequestIdType requestI
 		return true;
 
 	}
+
+	public boolean validateAidStatusRequest(RequestWrapper<?> request, RequestIdType requestIdType) {
+		if (StringUtils.isEmpty(request.getId()) || !request.getId().equals(map.get(requestIdType)))
+			throw new InvalidInputException("id");
+		try {
+			DateUtils.parseToLocalDateTime(request.getRequesttime());
+		} catch (Exception e) {
+			throw new InvalidInputException("requesttime");
+		}
+		if (StringUtils.isEmpty(request.getVersion()) || !request.getVersion().equals(newVersion))
+			throw new InvalidInputException("version");
+
+		if (request.getRequest() == null) {
+			audit.setAuditRequestDto(EventEnum.INPUT_DOESNT_EXISTS);
+			throw new InvalidInputException("request");
+		}
+		return true;
+
+	}
 
 	public static boolean isNumeric(String strNum) {
 		return !strNum.matches(("[0-9]+"));
@@ -840,10 +859,10 @@ private boolean validateIndividualIdvIdWithoutIdType(String individualId) {
 	}
 
 	public void validateAidStatusRequestDto(RequestWrapper<AidStatusRequestDTO> reqDto) throws ResidentServiceCheckedException {
-		validateRequest(reqDto, RequestIdType.CHECK_STATUS);
+		validateAidStatusRequest(reqDto, RequestIdType.CHECK_STATUS);
 
 		if(reqDto.getRequest().getAid() == null) {
-			throw new InvalidInputException("aid");
+			throw new InvalidInputException("individualId");
 		}
 
 	}

resident/resident-service/src/main/resources/application-local.properties

@@ -48,6 +48,10 @@ resident.event.ack.download.id=mosip.resident.event.ack.download
 resident.event.ack.download.version=1.0
 resident.download.card.eventid.id =mosip.resident.download.card.eventid
 resident.download.card.eventid.version=1.0
+resident.vid.version.new=1.0
+mosip.resident.checkstatus.individualid.id=mosip.resident.check-stage-status
+resident.version.new=1.0
+mosip.resident.api.id.otp.request=mosip.identity.otp.internal
 #-----------------------------RID Properties---------------------------------------
 # length of the rid
 mosip.kernel.rid.length=29