Examples with OAuth2InvalidClientException com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException used on opensource projects

Example 11 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method getRegistration.

/**
 * Implementation of the GET /register endpoint
 * @param clientId      the id of the client registration resource to be returned.
 * @param authorization the value of the authorization header - this must match the registration_access_token
 *        issued when the client registered.
 * @param principal     the Principal of the certificate used in the TLS connection used to call the endpoint. This
 *        is used to identify the client that is making the request
 * @return
 * @throws OAuth2InvalidClientException - the OAuth2 Dynamic Client Registration spec says "When an OAuth 2.0
 * error condition occurs, such as the client presenting an invalid initial access token, the authorization server
 *    returns an error response appropriate to the OAuth 2.0 token type. This exception will be thrown if the
 *    principal was not present. This is likely because an incorrect or no SSL certificate was provided.
 * @throws OAuth2BearerTokenUsageInvalidTokenException -
 * @throws OAuth2BearerTokenUsageMissingAuthInfoException
 */
@Override
public ResponseEntity<OIDCRegistrationResponse> getRegistration(String clientId, String authorization, Principal principal) throws OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException, OAuth2BearerTokenUsageMissingAuthInfoException {
    log.info("Received a request to get registration information for clientId {}, principal is {}", clientId, principal);
    checkAuthArgsContainValidInformation(principal, authorization);
    if (clientId == null) {
        throw new OAuth2InvalidClientException("No client id provided. Request must be of the form " + "/register/{clientId) where client Id is taken from the client_id in the registration response");
    }
    Tpp tpp = tppRegistrationService.getTpp(clientId);
    tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
    String accessToken = tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorization);
    OIDCRegistrationResponse registrationResponse = tppRegistrationService.getOIDCClient(accessToken, tpp);
    log.info("Successfully returning registration information for clientId {}", registrationResponse.getClientId());
    return ResponseEntity.ok(registrationResponse);
}

Example 12 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method updateRegistration.

/**
 * Update the information relating to an existing OAuth2 client registration
 * @param clientId the client_id of the OAuth2 client registration that the ApiClient wishes to update
 * @param authorization An Authorisation Token as per https://tools.ietf.org/html/rfc6750
 * @param registrationRequestJwtSerialised A request to register a Software Statement Assertion with an ASPSP
 * @param principal - the principal identity that is making the request
 * @return returns a ResponseEntity used to determine if the request was successful and, if so, gain access to any
 * body returned, headers etc.
 * @throws OAuth2InvalidClientException
 * @throws OAuth2BearerTokenUsageInvalidTokenException
 * @throws OAuth2BearerTokenUsageMissingAuthInfoException
 * @throws DynamicClientRegistrationException
 */
@Override
public ResponseEntity<OIDCRegistrationResponse> updateRegistration(String clientId, String authorization, String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException, OAuth2BearerTokenUsageMissingAuthInfoException, DynamicClientRegistrationException {
    String methodName = "updateRegistration()";
    try {
        log.info("{} called for ClientId '{}'. Princpal is {}", methodName, clientId, principal);
        ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
        if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
            String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
            log.info("updateRegistration() {}", errorString);
            throw new OAuth2InvalidClientException(errorString);
        }
        Tpp tpp = tppRegistrationService.getTpp(clientId);
        tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
        String accessToken = tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorization);
        // Override client ID
        registrationRequest.setClientId(clientId);
        verifyRegistrationRequest(apiClientIdentity, registrationRequest);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        tpp = tppRegistrationService.updateTpp(apiClientIdentity, tpp, accessToken, registrationRequest);
        log.info("{} Updated registration information for ClientId {}", methodName, tpp.getClientId());
        return ResponseEntity.status(HttpStatus.OK).body(tpp.getRegistrationResponse());
    } catch (ApiClientException e) {
        String errorMessage = "Error updating registration for clientId '" + clientId + " Error was: " + e.getMessage();
        log.info("{} {}", methodName, errorMessage, e);
        throw new OAuth2InvalidClientException(errorMessage);
    }
}

Example 13 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method register.

@Override
public ResponseEntity<OIDCRegistrationResponse> register(@ApiParam(value = "A request to register a Software Statement Assertion with an ASPSP") @Valid @RequestBody String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, DynamicClientRegistrationException {
    String methodName = "register()";
    log.info("{} Received request to create a new client registration. {}", methodName, registrationRequestJwtSerialised);
    try {
        ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
        String tppIdentifier = apiClientIdentity.getTppIdentifier();
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
        // delete client ID
        registrationRequest.setClientId(null);
        if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
            String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
            log.info("register() {}", errorString);
            throw new OAuth2InvalidClientException(errorString);
        }
        verifyRegistrationRequest(apiClientIdentity, registrationRequest);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
        OIDCRegistrationResponse registrationResponse = tpp.getRegistrationResponse();
        log.info("{} Registration succeeded. tpp {} now has OAuth2 ClientId of {}", methodName, tppIdentifier, tpp.getClientId());
        return ResponseEntity.status(HttpStatus.CREATED).body(registrationResponse);
    } catch (ApiClientException e) {
        log.info("Failed to create new client registration. There was an error related to the client requesting " + "the registration; '{}'", e.getMessage());
        log.debug("register() caught ApiClientException.", e);
        throw new OAuth2InvalidClientException("Invalid certificate presented. Error was " + e.getMessage());
    }
}

Example 14 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method unregisterApplication.

@Override
public ResponseEntity<ManualRegistrationApplication> unregisterApplication(@ApiParam(value = "Unregister application", required = true) @Valid @PathVariable(value = "applicationId") String applicationId, @CookieValue(value = "obri-session", required = true) String obriSession, Principal principal) throws OBErrorResponseException, OAuth2InvalidClientException, OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2BearerTokenUsageInvalidTokenException {
    String methodName = "unregisterApplication()";
    log.info("{} called for ClientId '{}', tpp is '{}'", methodName, applicationId, principal.getName());
    String userNameOfSessionHolder = this.getUserNameFromSession(obriSession);
    ManualRegistrationApplication manualRegistrationApplication = getManualApplicationIfOwnedBySessionOwner(applicationId, userNameOfSessionHolder);
    String oauth2ClientId = manualRegistrationApplication.getOidcRegistrationResponse().getClientId();
    Tpp tpp = tppRegistrationService.getTpp(oauth2ClientId);
    tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
    if (!sessionHolderOwnsManualRegistration(userNameOfSessionHolder, manualRegistrationApplication)) {
        log.info("unregisterApplication() logged in user does not own this manual registration application");
        throw new OAuth2InvalidClientException("Logged in user does not own this manual registration application");
    }
    tppRegistrationService.deleteOAuth2RegistrationAndTppRecord(tpp);
    log.info("{} Unregistered ClientId '{}'", methodName, applicationId);
    manualRegistrationApplicationService.deleteApplication(manualRegistrationApplication);
    return ResponseEntity.ok(manualRegistrationApplication);
}

Example 15 with OAuth2InvalidClientException

use of com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method getOrganizationIdentifier.

@Override
public ResponseEntity<String> getOrganizationIdentifier(Principal principal) throws OAuth2InvalidClientException {
    try {
        ApiClientIdentity apiClientIdentity = identityFactory.getApiClientIdentity(principal);
        String organizationIdentifier = apiClientIdentity.getAuthorisationNumber().orElseThrow(() -> new OAuth2InvalidClientException("Could not get OrganizationIdentifier from  " + "certificate"));
        return ResponseEntity.status(HttpStatus.OK).body(organizationIdentifier);
    } catch (ApiClientException e) {
        log.info("getOrganizationIdentifier() caught ApiClientException; ", e);
        throw new OAuth2InvalidClientException("Failed to obtain OrganizationIdentifier from certificate");
    }
}