Example 1 with OAuth2InvalidClientException
use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.
the class TppRegistrationServiceTest method ensureTppOwnsOidcRegistration_ThrowsWhenNoMatch.
@Test
public void ensureTppOwnsOidcRegistration_ThrowsWhenNoMatch() throws OAuth2InvalidClientException {
// Given
String clientId = "ClientId";
String clientName = "Name";
String authorizationNumber = "PSDUK-FCA-12345";
Tpp tpp = TestHelperFunctions.getValidTpp(clientId, clientName);
tpp.setAuthorisationNumber(authorizationNumber);
// When
Exception e = catchThrowableOfType(() -> tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, "PSDUK-FCA" + "-54321"), Exception.class);
// Then
assertThat(e).isNotNull();
assertThat(e).isInstanceOf(OAuth2InvalidClientException.class);
}
Also used :
Tpp(com.forgerock.openbanking.model.Tpp)
DynamicClientRegistrationException(com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)
OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
OIDCException(com.forgerock.openbanking.exceptions.OIDCException)
Test(org.junit.Test)
Example 2 with OAuth2InvalidClientException
use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityOBWacTest method throwIfNotValidCertAuthority.
@Test
public void throwIfNotValidCertAuthority() throws CertificateException, IOException {
// Given
X509Certificate[] certChain = TestHelperFunctions.getCertChainFromFile(QWAC_CERT_PATH);
when(authentication.getCertificateChain()).thenReturn(certChain);
Collection<GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.UNKNOWN_CERTIFICATE));
when(authentication.getAuthorities()).thenReturn(authorities);
// When
OAuth2InvalidClientException exception = catchThrowableOfType(() -> new ApiClientIdentityOBWac(authentication), OAuth2InvalidClientException.class);
// Then
assertThat(exception.getRfc6750ErrorCode()).isEqualTo(OAuth2Exception.INVALID_CLIENT);
}
Also used :
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 3 with OAuth2InvalidClientException
use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityQWacTest method throwIfNotValidCertAuthority.
@Test
public void throwIfNotValidCertAuthority() throws CertificateException, IOException {
// Given
X509Certificate[] certChain = TestHelperFunctions.getCertChainFromFile(OBWAC_CERT_PATH);
when(authentication.getCertificateChain()).thenReturn(certChain);
Collection<GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.UNKNOWN_CERTIFICATE));
when(authentication.getAuthorities()).thenReturn(authorities);
// When
OAuth2InvalidClientException exception = catchThrowableOfType(() -> new ApiClientIdentityOBWac(authentication), OAuth2InvalidClientException.class);
// Then
assertThat(exception.getRfc6750ErrorCode()).isEqualTo(OAuth2Exception.INVALID_CLIENT);
}
Also used :
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ArrayList(java.util.ArrayList)
OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 4 with OAuth2InvalidClientException
use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.
the class TppRegistrationService method getTpp.
/**
* getTpp returns the tpp associated with the principal. If not tpp can be found will throw.
* @param clientId the principal as obtained from the client MATLS certificate used to make the request
* @return a Tpp object belonging to the principal. If no tpp can be found then will throw
* OAuth2InvalidClientException
* @throws OAuth2InvalidClientException
*/
@NotNull
public Tpp getTpp(@NotNull String clientId) throws OAuth2InvalidClientException {
Optional<Tpp> optionalTpp = tppStoreService.findByClientId(clientId);
if (optionalTpp.isEmpty()) {
String errorMessage = "No registration exists for the clientId in the request path. clientId was '" + clientId + "'";
log.info("getTpp() {}", errorMessage);
throw new OAuth2InvalidClientException(errorMessage);
}
Tpp tpp = optionalTpp.get();
log.debug("getTpp(): Tpp is {}", tpp);
return tpp;
}
Also used :
Tpp(com.forgerock.openbanking.model.Tpp)
OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)
NotNull(javax.validation.constraints.NotNull)
Example 5 with OAuth2InvalidClientException
use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentity method throwIfNotValidCertAuthority.
/**
* Check the transport certificate is issued by a recognised authority. Will throw with errors that can be
* directly returned from Client Registration Endpoints.
*/
public void throwIfNotValidCertAuthority() throws OAuth2InvalidClientException {
if (this.authentication.getAuthorities().contains(OBRIRole.UNKNOWN_CERTIFICATE)) {
String helpString = "The transport certificate is not signed by a recognised " + "authority";
X509Certificate certificate = this.getTransportCertificate();
if (certificate != null) {
X500Principal principal = certificate.getIssuerX500Principal();
if (principal != null) {
helpString += " '" + principal + "'";
}
}
log.info("throwIfNotValidCertAuthority() {}. X509Authentication; {}", helpString, this.authentication);
throw new OAuth2InvalidClientException(helpString);
}
}
Also used :
X500Principal(javax.security.auth.x500.X500Principal)
OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)19
Tpp (com.forgerock.openbanking.model.Tpp)9
Test (org.junit.Test)5
DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)4
ApiClientException (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException)4
ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)4
OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)4
ManualRegistrationApplication (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)3
RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)3
OIDCException (com.forgerock.openbanking.exceptions.OIDCException)3
OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)3
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)2
NotNull (javax.validation.constraints.NotNull)2
Authentication (org.springframework.security.core.Authentication)2
GrantedAuthority (org.springframework.security.core.GrantedAuthority)2
UserDetails (org.springframework.security.core.userdetails.UserDetails)2
Psd2CertInfo (com.forgerock.cert.Psd2CertInfo)1
PsuCounterEntry (com.forgerock.openbanking.analytics.model.entries.PsuCounterEntry)1
PsuCounterEntryKPIService (com.forgerock.openbanking.analytics.services.PsuCounterEntryKPIService)1
