use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactoryTest method returnsApiClientQWac_getApiClientIdentity.
@Test
public void returnsApiClientQWac_getApiClientIdentity() throws CertificateException, IOException, InvalidPsd2EidasCertificate, ApiClientException, OAuth2InvalidClientException {
// given
X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/QWac.pem");
Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
String tppName = "TestTppName";
Collection<OBRIRole> authorities = new ArrayList<>();
authorities.add(OBRIRole.UNREGISTERED_TPP);
PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
// when
ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
// then
assertThat(identity).isInstanceOf(ApiClientIdentityQWac.class);
}
use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactory method getApiClientIdentity.
public ApiClientIdentity getApiClientIdentity(Principal principal) throws ApiClientException, OAuth2InvalidClientException {
ApiClientIdentity apiClientIdentity = null;
if (principal instanceof PSD2Authentication) {
PSD2Authentication authentication = (PSD2Authentication) principal;
Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
if (certInfo.isPsd2Cert()) {
ApiClientCertificateType certType = getApiClientCertificateTypeFromPSD2(authentication);
switch(certType) {
case FR_TRANSPORT:
apiClientIdentity = new ApiClientIdentityFRTransport(authentication);
break;
case OBWAC:
apiClientIdentity = new ApiClientIdentityOBWac(authentication);
break;
case QWAC:
apiClientIdentity = new ApiClientIdentityQWac(authentication);
break;
default:
String errorString = "Client presented an invalid Certificate " + "Type for use as a Transport certificate. Type presented ': " + certType + "'";
log.info("getApiClientIdentity() {}", errorString);
throw new ApiClientException(errorString);
}
} else {
log.info("ApiClient presented a deprecated OBTransport certificate.");
throw new OAuth2InvalidClientException("Onboarding must be done with a PSD2 eIDAS certificate. " + "OBTransport certificates have been depricated");
}
} else if (principal instanceof X509Authentication) {
X509Authentication authentication = (X509Authentication) principal;
apiClientIdentity = createOBTransportIdentity(authentication);
} else {
log.info("getApiClientIdentity() Principal is not of recognised type. Class name is '{}'", apiClientIdentity.getClass().getName());
throw new ApiClientException("Unrecognised Principal type. Was expecting a PSDAuthentication or a " + "X509Authentication");
}
return apiClientIdentity;
}
use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactory method getApiClientCertificateTypeFromPSD2.
private ApiClientCertificateType getApiClientCertificateTypeFromPSD2(PSD2Authentication authentication) throws ApiClientException {
String methodName = "getApiClientCertificateTypeFromPSD2()";
log.debug("{} called, authentication; '{}'", methodName, authentication);
ApiClientCertificateType type;
X509Certificate[] certChain = authentication.getCertificateChain();
String issuer = getTransportCertificateIssuer(certChain);
log.debug("{} certificate issuer is '{}'", methodName, issuer);
Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
EidasCertType eidasCertType = getEidasCertType(certInfo);
if (issuer.equalsIgnoreCase(FORGEROCK_ISSUER_NAME)) {
switch(eidasCertType) {
case ESEAL:
type = ApiClientCertificateType.FR_SIGNING;
break;
case WEB:
type = ApiClientCertificateType.FR_TRANSPORT;
break;
// ESIGN certificates are meant as electronic replacements for signatures for natural people
case ESIGN:
default:
String errorMessage = "Unrecognised ForgeRock eidas certificate type: " + eidasCertType + ". Etsi" + " qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
log.info("{} {}", methodName, errorMessage);
throw new ApiClientException(errorMessage);
}
} else if (issuer.equalsIgnoreCase(OBIE_ISSUER_NAME)) {
switch(eidasCertType) {
case ESEAL:
type = ApiClientCertificateType.OBSEAL;
break;
case WEB:
type = ApiClientCertificateType.OBWAC;
break;
case ESIGN:
default:
String errorMessage = "Unrecognised OBIE eidas certificate type: " + eidasCertType + ". Etsi " + "qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
log.info("{} {}", methodName, errorMessage);
throw new ApiClientException(errorMessage);
}
} else {
// Must be a QTSP issued eidas certificate??
switch(eidasCertType) {
case ESEAL:
type = ApiClientCertificateType.QSEAL;
break;
case WEB:
type = ApiClientCertificateType.QWAC;
break;
case ESIGN:
default:
String errorMessage = "Unrecognised QTSP issued eidas certificate type: " + eidasCertType + ". " + "Etsi qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
log.info("{} {}", methodName, errorMessage);
throw new ApiClientException(errorMessage);
}
}
log.debug("{} type is '{}'", methodName, type);
return type;
}
use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactoryTest method returnsApiClientFRTransport_getApiClientIdentity.
@Test
public void returnsApiClientFRTransport_getApiClientIdentity() throws CertificateException, IOException, ApiClientException, InvalidPsd2EidasCertificate, OAuth2InvalidClientException {
// given
X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/fr-transport.pem");
Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
String tppName = "TestTppName";
Collection<OBRIRole> authorities = new ArrayList<>();
authorities.add(OBRIRole.UNREGISTERED_TPP);
PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
// when
ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
// then
assertThat(identity).isInstanceOf(ApiClientIdentityFRTransport.class);
}
use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactoryTest method returnsApiClientOBWac_getApiClientIdentity.
@Test
public void returnsApiClientOBWac_getApiClientIdentity() throws CertificateException, IOException, ApiClientException, InvalidPsd2EidasCertificate, OAuth2InvalidClientException {
// given
X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/OBWac.pem");
Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
String tppName = "TestTppName";
Collection<OBRIRole> authorities = new ArrayList<>();
authorities.add(OBRIRole.UNREGISTERED_TPP);
PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
// when
ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
// then
assertThat(identity).isInstanceOf(ApiClientIdentityOBWac.class);
}
Aggregations