Search in sources :

Example 1 with Psd2CertInfo

use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactoryTest method returnsApiClientQWac_getApiClientIdentity.

@Test
public void returnsApiClientQWac_getApiClientIdentity() throws CertificateException, IOException, InvalidPsd2EidasCertificate, ApiClientException, OAuth2InvalidClientException {
    // given
    X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/QWac.pem");
    Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
    String tppName = "TestTppName";
    Collection<OBRIRole> authorities = new ArrayList<>();
    authorities.add(OBRIRole.UNREGISTERED_TPP);
    PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
    ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
    // when
    ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
    // then
    assertThat(identity).isInstanceOf(ApiClientIdentityQWac.class);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) ArrayList(java.util.ArrayList) PSD2Authentication(com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication) Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 2 with Psd2CertInfo

use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactory method getApiClientIdentity.

public ApiClientIdentity getApiClientIdentity(Principal principal) throws ApiClientException, OAuth2InvalidClientException {
    ApiClientIdentity apiClientIdentity = null;
    if (principal instanceof PSD2Authentication) {
        PSD2Authentication authentication = (PSD2Authentication) principal;
        Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
        if (certInfo.isPsd2Cert()) {
            ApiClientCertificateType certType = getApiClientCertificateTypeFromPSD2(authentication);
            switch(certType) {
                case FR_TRANSPORT:
                    apiClientIdentity = new ApiClientIdentityFRTransport(authentication);
                    break;
                case OBWAC:
                    apiClientIdentity = new ApiClientIdentityOBWac(authentication);
                    break;
                case QWAC:
                    apiClientIdentity = new ApiClientIdentityQWac(authentication);
                    break;
                default:
                    String errorString = "Client presented an invalid Certificate " + "Type for use as a Transport certificate. Type presented ': " + certType + "'";
                    log.info("getApiClientIdentity() {}", errorString);
                    throw new ApiClientException(errorString);
            }
        } else {
            log.info("ApiClient presented a deprecated OBTransport certificate.");
            throw new OAuth2InvalidClientException("Onboarding must be done with a PSD2 eIDAS certificate. " + "OBTransport certificates have been depricated");
        }
    } else if (principal instanceof X509Authentication) {
        X509Authentication authentication = (X509Authentication) principal;
        apiClientIdentity = createOBTransportIdentity(authentication);
    } else {
        log.info("getApiClientIdentity() Principal is not of recognised type. Class name is '{}'", apiClientIdentity.getClass().getName());
        throw new ApiClientException("Unrecognised Principal type. Was expecting a PSDAuthentication or a " + "X509Authentication");
    }
    return apiClientIdentity;
}
Also used : PSD2Authentication(com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)

Example 3 with Psd2CertInfo

use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactory method getApiClientCertificateTypeFromPSD2.

private ApiClientCertificateType getApiClientCertificateTypeFromPSD2(PSD2Authentication authentication) throws ApiClientException {
    String methodName = "getApiClientCertificateTypeFromPSD2()";
    log.debug("{} called, authentication; '{}'", methodName, authentication);
    ApiClientCertificateType type;
    X509Certificate[] certChain = authentication.getCertificateChain();
    String issuer = getTransportCertificateIssuer(certChain);
    log.debug("{} certificate issuer is '{}'", methodName, issuer);
    Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
    EidasCertType eidasCertType = getEidasCertType(certInfo);
    if (issuer.equalsIgnoreCase(FORGEROCK_ISSUER_NAME)) {
        switch(eidasCertType) {
            case ESEAL:
                type = ApiClientCertificateType.FR_SIGNING;
                break;
            case WEB:
                type = ApiClientCertificateType.FR_TRANSPORT;
                break;
            // ESIGN certificates are meant as electronic replacements for signatures for natural people
            case ESIGN:
            default:
                String errorMessage = "Unrecognised ForgeRock eidas certificate type: " + eidasCertType + ". Etsi" + " qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
                log.info("{} {}", methodName, errorMessage);
                throw new ApiClientException(errorMessage);
        }
    } else if (issuer.equalsIgnoreCase(OBIE_ISSUER_NAME)) {
        switch(eidasCertType) {
            case ESEAL:
                type = ApiClientCertificateType.OBSEAL;
                break;
            case WEB:
                type = ApiClientCertificateType.OBWAC;
                break;
            case ESIGN:
            default:
                String errorMessage = "Unrecognised OBIE eidas certificate type: " + eidasCertType + ". Etsi " + "qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
                log.info("{} {}", methodName, errorMessage);
                throw new ApiClientException(errorMessage);
        }
    } else {
        // Must be a QTSP issued eidas certificate??
        switch(eidasCertType) {
            case ESEAL:
                type = ApiClientCertificateType.QSEAL;
                break;
            case WEB:
                type = ApiClientCertificateType.QWAC;
                break;
            case ESIGN:
            default:
                String errorMessage = "Unrecognised QTSP issued eidas certificate type: " + eidasCertType + ". " + "Etsi qcStatements must include field 0.4.0.1862.1.6 indicating qc type.";
                log.info("{} {}", methodName, errorMessage);
                throw new ApiClientException(errorMessage);
        }
    }
    log.debug("{} type is '{}'", methodName, type);
    return type;
}
Also used : Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) InvalidEidasCertType(com.forgerock.cert.exception.InvalidEidasCertType) EidasCertType(com.forgerock.cert.eidas.EidasCertType) X509Certificate(java.security.cert.X509Certificate)

Example 4 with Psd2CertInfo

use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactoryTest method returnsApiClientFRTransport_getApiClientIdentity.

@Test
public void returnsApiClientFRTransport_getApiClientIdentity() throws CertificateException, IOException, ApiClientException, InvalidPsd2EidasCertificate, OAuth2InvalidClientException {
    // given
    X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/fr-transport.pem");
    Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
    String tppName = "TestTppName";
    Collection<OBRIRole> authorities = new ArrayList<>();
    authorities.add(OBRIRole.UNREGISTERED_TPP);
    PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
    ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
    // when
    ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
    // then
    assertThat(identity).isInstanceOf(ApiClientIdentityFRTransport.class);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) ArrayList(java.util.ArrayList) PSD2Authentication(com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication) Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 5 with Psd2CertInfo

use of com.forgerock.cert.Psd2CertInfo in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactoryTest method returnsApiClientOBWac_getApiClientIdentity.

@Test
public void returnsApiClientOBWac_getApiClientIdentity() throws CertificateException, IOException, ApiClientException, InvalidPsd2EidasCertificate, OAuth2InvalidClientException {
    // given
    X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/OBWac.pem");
    Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
    String tppName = "TestTppName";
    Collection<OBRIRole> authorities = new ArrayList<>();
    authorities.add(OBRIRole.UNREGISTERED_TPP);
    PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
    ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
    // when
    ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
    // then
    assertThat(identity).isInstanceOf(ApiClientIdentityOBWac.class);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) ArrayList(java.util.ArrayList) PSD2Authentication(com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication) Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Aggregations

Psd2CertInfo (com.forgerock.cert.Psd2CertInfo)5 PSD2Authentication (com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication)4 X509Certificate (java.security.cert.X509Certificate)4 OBRIRole (com.forgerock.openbanking.model.OBRIRole)3 ArrayList (java.util.ArrayList)3 Test (org.junit.Test)3 EidasCertType (com.forgerock.cert.eidas.EidasCertType)1 InvalidEidasCertType (com.forgerock.cert.exception.InvalidEidasCertType)1 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)1 X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)1