Examples with OAuth2InvalidClientException com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException used on opensource projects

Search in sources :

Example 6 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ApiClientIdentityFactory method getApiClientIdentity.

public ApiClientIdentity getApiClientIdentity(Principal principal) throws ApiClientException, OAuth2InvalidClientException {
    ApiClientIdentity apiClientIdentity = null;
    if (principal instanceof PSD2Authentication) {
        PSD2Authentication authentication = (PSD2Authentication) principal;
        Psd2CertInfo certInfo = authentication.getPsd2CertInfo();
        if (certInfo.isPsd2Cert()) {
            ApiClientCertificateType certType = getApiClientCertificateTypeFromPSD2(authentication);
            switch(certType) {
                case FR_TRANSPORT:
                    apiClientIdentity = new ApiClientIdentityFRTransport(authentication);
                    break;
                case OBWAC:
                    apiClientIdentity = new ApiClientIdentityOBWac(authentication);
                    break;
                case QWAC:
                    apiClientIdentity = new ApiClientIdentityQWac(authentication);
                    break;
                default:
                    String errorString = "Client presented an invalid Certificate " + "Type for use as a Transport certificate. Type presented ': " + certType + "'";
                    log.info("getApiClientIdentity() {}", errorString);
                    throw new ApiClientException(errorString);
            }
        } else {
            log.info("ApiClient presented a deprecated OBTransport certificate.");
            throw new OAuth2InvalidClientException("Onboarding must be done with a PSD2 eIDAS certificate. " + "OBTransport certificates have been depricated");
        }
    } else if (principal instanceof X509Authentication) {
        X509Authentication authentication = (X509Authentication) principal;
        apiClientIdentity = createOBTransportIdentity(authentication);
    } else {
        log.info("getApiClientIdentity() Principal is not of recognised type. Class name is '{}'", apiClientIdentity.getClass().getName());
        throw new ApiClientException("Unrecognised Principal type. Was expecting a PSDAuthentication or a " + "X509Authentication");
    }
    return apiClientIdentity;
}
Also used : PSD2Authentication(com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) Psd2CertInfo(com.forgerock.cert.Psd2CertInfo) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)

Example 7 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method ensurePrincipalOwnsTppRegistrations.

private void ensurePrincipalOwnsTppRegistrations(Collection<ManualRegistrationApplication> applications, Principal principal) throws OAuth2InvalidClientException {
    log.debug("ensurePrincipalOwnsTppRegistrations() checking that '{}' applications are owned by '{}'", applications.size(), principal.getName());
    for (ManualRegistrationApplication application : applications) {
        OIDCRegistrationResponse regResponse = application.getOidcRegistrationResponse();
        if (regResponse == null) {
            String errorString = "Failed to determine if MATLS client cert belongs to the TPP that owns the " + "application with id ";
            log.info("principalOwnsTppRegistration() {}'{}'", errorString, application.getId());
            throw new OAuth2InvalidClientException(errorString + application.getId() + "'");
        }
        String oauth2ClientId = regResponse.getClientId();
        Tpp tpp = tppRegistrationService.getTpp(oauth2ClientId);
        tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
    }
    log.debug("ensurePrincipalOwnsTppRegistrations() all application's OAuth2 clients owned by '{}'", principal.getName());
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ManualRegistrationApplication(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)

Example 8 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class Psd2WithSessionApiHelperService method getTppName.

/**
 * getTppName
 * @param principal - A principal representing the TPP that made a request to the service
 * @return A <code>String</code> containing the tppName
 */
@NotNull
public String getTppName(Principal principal) throws OAuth2InvalidClientException {
    String tppName = null;
    Authentication authentication = (Authentication) principal;
    if (authentication != null) {
        Object authPrincipal = authentication.getPrincipal();
        if (authPrincipal != null) {
            UserDetails requestApiClient = (UserDetails) authentication.getPrincipal();
            if (requestApiClient != null) {
                tppName = requestApiClient.getUsername();
                log.debug("getTppName() tppName is '{}'", tppName);
                return tppName;
            } else {
                log.info("getTppName() Unable to obtain UserDetails from Principal '{}'", principal.getName());
            }
        } else {
            log.info("getTppName() Unable to obtain authPrincipal from Authentication '{}'", authentication);
        }
    } else {
        log.info("getTppName() Principal is not of type Authentication; '{}'", principal);
    }
    throw new OAuth2InvalidClientException("Could not obtain tppId from principal " + principal.toString());
}
Also used : UserDetails(org.springframework.security.core.userdetails.UserDetails) Authentication(org.springframework.security.core.Authentication) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) NotNull(javax.validation.constraints.NotNull)

Example 9 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method deleteRegistration.

/**
 * Implementation of the DELETE /register endpoint
 *
 * @param clientId      the client Id to be unregistered
 * @param authorization the value of the authorization header - this must match the registration_access_token
 *        issued when the client registered.
 * @param principal     the Principal of the certificate used in the TLS connection used to call the endpoint. This
 *        is used to identify the client that is making the request
 * @return A
 * @throws OAuth2BearerTokenUsageMissingAuthInfoException
 * @throws OAuth2InvalidClientException
 * @throws OAuth2BearerTokenUsageInvalidTokenException
 */
@Override
public ResponseEntity<Void> deleteRegistration(String clientId, String authorization, Principal principal) throws OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException {
    String methodName = "deleteRegistration()";
    log.info("{} called for ClientId '{}'", methodName, clientId);
    if (StringUtils.isEmpty(clientId))
        throw new OAuth2InvalidClientException("ClientId is null");
    checkAuthArgsContainValidInformation(principal, authorization);
    Tpp tpp = tppRegistrationService.getTpp(clientId);
    tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
    String accessToken = tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorization);
    tppRegistrationService.deleteOAuth2RegistrationAndTppRecord(tpp);
    log.info("{} Unregistered ClientId '{}'", methodName, clientId);
    return ResponseEntity.ok().build();
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)

Example 10 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method registerApplication.

@Override
public ResponseEntity<ManualRegistrationApplication> registerApplication(@ApiParam(value = "Registration request", required = true) @Valid @RequestBody ManualRegistrationRequest manualRegistrationRequest, @CookieValue(value = "obri-session", required = true) String obriSession, Principal principal) throws OAuth2InvalidClientException {
    log.debug("registerApplication called. manualRegistrationRequest is '{}'", manualRegistrationRequest);
    ApiClientIdentity apiClientIdentity = null;
    try {
        String userNameOfSessionHolder = this.getUserNameFromSession(obriSession);
        apiClientIdentity = identityFactory.getApiClientIdentity(principal);
        log.debug("ApiClientIdentity is '{}'", apiClientIdentity);
        // Prepare the request
        String registrationRequestDefaultJsonClaims = getRegistrationRequestDefaultJsonClaims();
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromManualRegistrationJson(registrationRequestDefaultJsonClaims, manualRegistrationRequest, objectMapper);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        log.debug("The OIDC registration request we are going to send to AM {}", registrationRequest);
        // Register the TPP
        String tppIdentifier = registrationRequest.getSoftwareIdFromSSA();
        Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
        log.debug("Successfully performed manual onboarding! the tpp resulting: {}", tpp);
        ManualRegistrationApplication manualRegistrationApplication = ManualRegistrationApplication.builder().userId(userNameOfSessionHolder).manualRegistrationRequest(manualRegistrationRequest).description(manualRegistrationRequest.getApplicationDescription()).softwareClientId(tpp.getClientId()).oidcRegistrationResponse(tpp.getRegistrationResponse()).build();
        return ResponseEntity.status(HttpStatus.CREATED).body(manualRegistrationApplicationService.createApplication(manualRegistrationApplication));
    } catch (ApiClientException e) {
        log.info("registerApplication() caught ApiClientException; ", e);
        throw new OAuth2InvalidClientException(e.getMessage());
    } catch (DynamicClientRegistrationException e) {
        log.info("registerApplication() caught DynamicClientRegistrationException; ", e);
        throw new OAuth2InvalidClientException(e.getMessage());
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) DynamicClientRegistrationException(com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) ManualRegistrationRequest(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) ManualRegistrationApplication(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)

Aggregations

OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)19 Tpp (com.forgerock.openbanking.model.Tpp)9 Test (org.junit.Test)5 DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)4 ApiClientException (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException)4 ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)4 OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)4 ManualRegistrationApplication (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)3 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)3 OIDCException (com.forgerock.openbanking.exceptions.OIDCException)3 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)3 X509Certificate (java.security.cert.X509Certificate)3 ArrayList (java.util.ArrayList)2 NotNull (javax.validation.constraints.NotNull)2 Authentication (org.springframework.security.core.Authentication)2 GrantedAuthority (org.springframework.security.core.GrantedAuthority)2 UserDetails (org.springframework.security.core.userdetails.UserDetails)2 Psd2CertInfo (com.forgerock.cert.Psd2CertInfo)1 PsuCounterEntry (com.forgerock.openbanking.analytics.model.entries.PsuCounterEntry)1 PsuCounterEntryKPIService (com.forgerock.openbanking.analytics.services.PsuCounterEntryKPIService)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial