use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.
the class AccountsApiEndpointWrapper method verifyMatlsFromAccountRequest.
public void verifyMatlsFromAccountRequest() throws OBErrorException {
// MTLS check. We verify that the certificate is associated with the expected AISP ID
log.debug("verifyMatlsFromAccountRequest() verifying account request token was issued to the Tpp indicated" + " by the MATLS tranport certificate presented");
UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
AccountRequest accountRequest = getAccountRequest();
String oauth2ClientIdFromAccountRequest = accountRequest.getClientId();
log.debug("verifyMatlsFromAccountRequest() oauth2 clientId from account request is '{}'", oauth2ClientIdFromAccountRequest);
Optional<Tpp> isTpp = this.tppStoreService.findByClientId(oauth2ClientIdFromAccountRequest);
if (isTpp.isEmpty()) {
log.info("The OAuth2 client to which the accountAccessToken was issued no longer exists. ClientId is " + "'{}'", oauth2ClientIdFromAccountRequest);
throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST, currentUser.getUsername(), getAccountRequest().getClientId());
} else {
Tpp tpp = isTpp.get();
String tppAuthorisationNumber = tpp.getAuthorisationNumber();
if (!currentUser.getUsername().equals(tppAuthorisationNumber)) {
log.warn("AISP ID from account request '{}' is not the one associated with the certificate '{}'", tppAuthorisationNumber, currentUser.getUsername());
throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST, currentUser.getUsername(), getAccountRequest().getClientId());
}
}
log.info("Account Request with clientId of {} has been verified as belonging to X509 certificate (MTLS) " + "principal '{}'", oauth2ClientIdFromAccountRequest, currentUser.getUsername());
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.
the class CustomerInfoApiEndpointWrapper method verifyCustomerInfoRequest.
public void verifyCustomerInfoRequest() throws OBErrorException {
log.debug("Verifying Customer Info Consent");
verifyAccountRequestStatus();
AccountRequest accountConsent = getAccountRequest();
List<FRExternalPermissionsCode> permissions = accountConsent.getPermissions();
for (FRExternalPermissionsCode permssion : permissions) {
if (permssion != FRExternalPermissionsCode.READCUSTOMERINFOCONSENT) {
log.info("The associated AccountRequest contains a permission that is not '{}'", FRExternalPermissionsCode.READCUSTOMERINFOCONSENT);
throw new OBErrorException(OBRIErrorType.PERMISSIONS_INVALID, List.of(FRExternalPermissionsCode.READCUSTOMERINFOCONSENT, permissions));
}
}
log.debug("verifyCustomerInfoRequest() - request has correct permissions for customer info");
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.
the class AccountsApiEndpointWrapper method getAccountRequest.
public AccountRequest getAccountRequest() throws OBErrorException {
log.debug("getAccountRequest() called");
if (accountRequest == null) {
try {
log.info("getAccountRequest() Introspecting the access token locally, as it is a JWS");
String accountRequestId = rsEndpointWrapperService.accessTokenService.getIntentId(accessToken);
log.info("getAccountRequest() Account request id {}", accountRequestId);
Optional<AccountRequest> isAccountRequest = rsEndpointWrapperService.accountRequestStore.get(accountRequestId);
if (!isAccountRequest.isPresent()) {
log.warn("getAccountRequest() Couldn't not find the account request {}", accountRequestId);
throw new OBErrorException(OBRIErrorType.ACCOUNT_REQUEST_NOT_FOUND, accountRequestId);
}
accountRequest = isAccountRequest.get();
} catch (ParseException | IOException e) {
log.warn("Could not parse the claims of the access token '{}'", accessToken.serialize());
throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_FORMAT);
}
}
return accountRequest;
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.
the class RCSAccountDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String accountRequestId, String clientId) throws OBErrorException {
log.debug("Received a consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The account request id '{}''", accountRequestId);
Optional<AccountRequest> isAccountRequest = accountRequestStoreService.get(accountRequestId);
if (!isAccountRequest.isPresent()) {
log.error("The AISP '{}' is referencing an account request {} that doesn't exist", clientId, accountRequestId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, accountRequestId);
}
AccountRequest accountRequest = isAccountRequest.get();
// Verify the aisp is the same than the one that created this accountRequest ^
if (!clientId.equals(accountRequest.getClientId())) {
log.error("The AISP '{}' created the account request '{}' but it's AISP '{}' that is trying to get" + " consent for it.", accountRequest.getClientId(), clientId, accountRequestId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, accountRequest.getClientId(), clientId, accountRequestId);
}
Optional<Tpp> isTpp = tppStoreService.findById(accountRequest.getAispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this consent id '{}' doesn't exist anymore.", accountRequest.getAispId(), clientId, accountRequest.getId());
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, accountRequest.getId());
}
Tpp tpp = isTpp.get();
log.debug("Populate the model with the payment and consent data");
accountRequest.setUserId(username);
accountRequestStoreService.save(accountRequest);
log.debug("Populate the model with the payment and consent data");
return ok(AccountsConsentDetails.builder().permissions(toOBExternalPermissions1CodeList(accountRequest.getPermissions())).fromTransaction(accountRequest.getTransactionFromDateTime()).toTransaction(accountRequest.getTransactionToDateTime()).accounts(accounts).username(username).logo(tpp.getLogo()).clientId(clientId).pispName(accountRequest.getAispName()).expiredDate(accountRequest.getExpirationDateTime()).build());
}
use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.
the class RCSCustomerInfoDetailsApi method consentDetails.
@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
log.debug("Received a Customer info account consent request with consent_request='{}'", remoteConsentRequest);
log.debug("=> The Customer info account consent id '{}'", consentId);
Optional<AccountRequest> isCustomerInfoConsent = accountRequestStoreService.get(consentId);
if (!isCustomerInfoConsent.isPresent()) {
log.error("The AISP '{}' is referencing an customer info account request {} that doesn't exist", clientId, consentId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, consentId);
}
FRAccountAccessConsent customerInfoAccountConsent = (FRAccountAccessConsent) isCustomerInfoConsent.get();
// Verify the aisp is the same than the one that created this customer info accountRequest ^
if (!clientId.equals(customerInfoAccountConsent.getClientId())) {
log.error("The AISP '{}' created the customer info account request '{}' but it's AISP '{}' that is " + "trying to get consent for it.", customerInfoAccountConsent.getClientId(), consentId, clientId);
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, customerInfoAccountConsent.getClientId(), clientId, consentId);
}
Optional<Tpp> isTpp = tppStoreService.findById(customerInfoAccountConsent.getAispId());
if (!isTpp.isPresent()) {
log.error("The TPP '{}' (Client ID {}) that created this customer info account consent id '{}' " + "doesn't exist anymore.", customerInfoAccountConsent.getAispId(), clientId, customerInfoAccountConsent.getId());
return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, customerInfoAccountConsent.getId());
}
Tpp tpp = isTpp.get();
log.debug("Populate the customer info model with details data");
customerInfoAccountConsent.setUserId(username);
accountRequestStoreService.save(customerInfoAccountConsent);
log.debug("Populate the model with the customer info and consent data");
log.debug("get the customer info to add it in account consent data.");
FRCustomerInfo customerInfo = customerInfoRepository.findByUserID(username);
log.debug("customer info data {}", customerInfo);
if (customerInfo == null) {
return rcsErrorService.invalidConsentError(remoteConsentRequest, new OBErrorException(OBRIErrorType.CUSTOMER_INFO_NOT_FOUND));
}
customerInfoAccountConsent.setCustomerInfo(customerInfo);
log.debug("customer info to added in account consent data {}", consentId);
return ok(CustomerInfoConsentDetails.builder().username(username).merchantName(customerInfoAccountConsent.getAispName()).logo(tpp.getLogo()).clientId(clientId).customerInfo(customerInfoAccountConsent.getCustomerInfo()).build());
}
Aggregations