From fc5edba37c9a7167204ef86d8ffb180da26db1ad Mon Sep 17 00:00:00 2001
From: Eduard Tihomirov <tikhomirov@micord.ru>
Date: Thu, 27 Feb 2025 11:06:04 +0300
Subject: [PATCH] return SUPPORT-8822

---
 .../esia/service/EsiaAuthService.java         | 28 +++++++++++--------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
index 076100e..052ba6d 100644
--- a/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
+++ b/backend/src/main/java/ru/micord/ervu/security/esia/service/EsiaAuthService.java
@@ -43,7 +43,9 @@ import ru.micord.ervu.security.esia.model.EsiaHeader;
 import ru.micord.ervu.security.esia.model.EsiaTokenResponse;
 import ru.micord.ervu.security.esia.model.FormUrlencoded;
 import ru.micord.ervu.security.esia.model.PersonModel;
+import ru.micord.ervu.security.esia.model.SignResponse;
 import ru.micord.ervu.security.esia.EsiaAuthInfoStore;
+import ru.micord.ervu.security.esia.model.SignResponse;
 import ru.micord.ervu.security.esia.config.EsiaConfig;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpHeaders;
@@ -103,7 +105,6 @@ public class EsiaAuthService {
       DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
       ZonedDateTime dt = ZonedDateTime.now();
       String timestamp = dt.format(formatter);
-      String state = UUID.randomUUID().toString();
       String prnsUUID = UUID.randomUUID().toString();
       String redirectUrl = esiaConfig.getRedirectUrl();
       String redirectUrlEncoded = redirectUrl.replaceAll(":", "%3A")
@@ -114,10 +115,12 @@ public class EsiaAuthService {
       parameters.put("client_id", clientId);
       parameters.put("scope", scope);
       parameters.put("timestamp", timestamp);
-      parameters.put("state", state);
+      parameters.put("state", "%s");
       parameters.put("redirect_uri", esiaConfig.getRedirectUrl());
 
-      String clientSecret = signMap(parameters);
+      SignResponse signResponse = signMap(parameters);
+      String state = signResponse.getState();
+      String clientSecret = signResponse.getSignature();
       EsiaAuthInfoStore.addState(prnsUUID, state, esiaConfig.getEsiaStateCookieLifeTime());
       ResponseCookie prnsCookie = securityHelper.createCookie(PRNS_UUID, prnsUUID, "/")
           .maxAge(esiaConfig.getEsiaStateCookieLifeTime())
@@ -185,7 +188,6 @@ public class EsiaAuthService {
       DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
       ZonedDateTime dt = ZonedDateTime.now();
       String timestamp = dt.format(formatter);
-      String newState = UUID.randomUUID().toString();
       String redirectUrl = esiaConfig.getRedirectUrl();
       String scope = esiaConfig.getEsiaScopes();
 
@@ -193,13 +195,14 @@ public class EsiaAuthService {
       parameters.put("client_id", clientId);
       parameters.put("scope", scope);
       parameters.put("timestamp", timestamp);
-      parameters.put("state", newState);
+      parameters.put("state", "%s");
       parameters.put("redirect_uri", redirectUrl);
       parameters.put("code", esiaAuthCode);
-
       long startTime = System.currentTimeMillis();
-      String clientSecret = signMap(parameters);
+      SignResponse signResponse = signMap(parameters);
       signSecret = System.currentTimeMillis() - startTime;
+      String newState = signResponse.getState();
+      String clientSecret = signResponse.getSignature();
       String authUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaTokenUrl();
       String postBody = new FormUrlencoded()
           .setParameter("client_id", clientId)
@@ -289,18 +292,19 @@ public class EsiaAuthService {
       DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy.MM.dd HH:mm:ss xx");
       ZonedDateTime dt = ZonedDateTime.now();
       String timestamp = dt.format(formatter);
-      String state = UUID.randomUUID().toString();
       String redirectUrl = esiaConfig.getRedirectUrl();
 
       Map<String, String> parameters = new LinkedHashMap<String, String>();
       parameters.put("client_id", clientId);
       parameters.put("scope", esiaConfig.getEsiaScopes());
       parameters.put("timestamp", timestamp);
-      parameters.put("state", state);
+      parameters.put("state", "%s");
       parameters.put("redirect_uri", esiaConfig.getRedirectUrl());
       parameters.put("refresh_token", refreshToken);
 
-      String clientSecret = signMap(parameters);
+      SignResponse signResponse = signMap(parameters);
+      String state = signResponse.getState();
+      String clientSecret = signResponse.getSignature();
       String authUrl = esiaConfig.getEsiaBaseUri() + esiaConfig.getEsiaTokenUrl();
       String postBody = new FormUrlencoded()
           .setParameter("client_id", clientId)
@@ -350,7 +354,7 @@ public class EsiaAuthService {
     }
   }
 
-  private String signMap(Map<String, String> paramsToSign) {
+  private SignResponse signMap(Map<String, String> paramsToSign) {
     try {
       StringBuilder toSign = new StringBuilder();
       for (String s : paramsToSign.values()) {
@@ -369,7 +373,7 @@ public class EsiaAuthService {
           .build()
           .send(request, HttpResponse.BodyHandlers.ofString());
       errorHandler(response);
-      return response.body();
+      return objectMapper.readValue(response.body(), SignResponse.class);
 
     }
     catch (Exception e) {