From 1d9137356fe1463954d925d2bf30993f7b1c1d3e Mon Sep 17 00:00:00 2001
From: Eduard Tihomirov <tikhomirov@micord.ru>
Date: Thu, 14 Nov 2024 10:42:53 +0300
Subject: [PATCH] SUPPORT-8711: Fix

---
 .../ru/micord/ervu/security/esia/config/EsiaConfig.java    | 7 +++++++
 .../micord/ervu/security/esia/service/EsiaAuthService.java | 4 ++--
 config/micord.env                                          | 1 +
 config/standalone/dev/standalone.xml                       | 1 +
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
index e3efcbb..99e5d44 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/config/EsiaConfig.java
@@ -47,6 +47,9 @@ public class EsiaConfig {
   @Value("${sign.verify.url}")
   private String signVerifyUrl;
 
+  @Value("${esia.issuer.url}")
+  private String esiaIssuerUrl;
+
   public String getEsiaScopes() {
     String[] scopeItems = esiaScopes.split(",");
     return String.join(" ", Arrays.stream(scopeItems).map(String::trim).toArray(String[]::new));
@@ -93,4 +96,8 @@ public class EsiaConfig {
   public String getSignVerifyUrl() {
     return signVerifyUrl;
   }
+
+  public String getEsiaIssuerUrl() {
+    return esiaIssuerUrl;
+  }
 }
diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
index 736530b..f87e134 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@@ -410,8 +410,8 @@ public class EsiaAuthService {
     if (!esiaAccessToken.getClient_id().equals(esiaConfig.getClientId())) {
       return "Token invalid. Token clientId: " + esiaAccessToken.getClient_id() + " invalid";
     }
-    if (!esiaAccessToken.getIss().equals(esiaConfig.getEsiaBaseUri())) {
-      return "Token invalid. The token publisher does not comply with the standard accepted in the ESIA";
+    if (!esiaAccessToken.getIss().equals(esiaConfig.getEsiaIssuerUrl())) {
+      return "Token invalid. Token issuer:" + esiaAccessToken.getIss() + " invalid";
     }
     LocalDateTime iatTime = LocalDateTime.ofInstant(Instant.ofEpochSecond(esiaAccessToken.getIat()),
         ZoneId.systemDefault()
diff --git a/config/micord.env b/config/micord.env
index 3718b33..c8fab5e 100644
--- a/config/micord.env
+++ b/config/micord.env
@@ -9,6 +9,7 @@ DB_APP_NAME=ervu-lkrp-fl
 
 ESIA_SCOPES=snils, fullname, birthdate, id_doc
 ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/
+ESIA_BASE_URI=https://esia-portal1.test.gosuslugi.ru/
 ESIA_CLIENT_ID=MNSV89
 ESIA_CLIENT_CERT_HASH=04508B4B0B58776A954A0E15F574B4E58799D74C61EE020B3330716C203E3BDD
 ESIA_REDIRECT_URL=https://lkrp-dev.micord.ru/fl/
diff --git a/config/standalone/dev/standalone.xml b/config/standalone/dev/standalone.xml
index 4b1cd70..8de5044 100644
--- a/config/standalone/dev/standalone.xml
+++ b/config/standalone/dev/standalone.xml
@@ -56,6 +56,7 @@
         <property name="com.arjuna.ats.arjuna.allowMultipleLastResources" value="true"/>
         <property name="esia.scopes" value="snils, fullname, birthdate, id_doc"/>
         <property name="esia.base.uri" value="https://esia-portal1.test.gosuslugi.ru/"/>
+        <property name="esia.issuer.url" value="http://esia-portal1.test.gosuslugi.ru/"/>
         <property name="esia.client.id" value="MNSV89"/>
         <property name="esia.redirect.url" value="https://lkrp.micord.ru"/>
         <property name="sign.url" value="https://ervu-sign-dev.k8s.micord.ru/sign"/>