Search in sources :

Example 1 with AccountRequest

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.

the class AccountsApiEndpointWrapper method verifyMatlsFromAccountRequest.

public void verifyMatlsFromAccountRequest() throws OBErrorException {
    // MTLS check. We verify that the certificate is associated with the expected AISP ID
    log.debug("verifyMatlsFromAccountRequest() verifying account request token was issued to the Tpp indicated" + " by the MATLS tranport certificate presented");
    UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
    AccountRequest accountRequest = getAccountRequest();
    String oauth2ClientIdFromAccountRequest = accountRequest.getClientId();
    log.debug("verifyMatlsFromAccountRequest() oauth2 clientId from account request is '{}'", oauth2ClientIdFromAccountRequest);
    Optional<Tpp> isTpp = this.tppStoreService.findByClientId(oauth2ClientIdFromAccountRequest);
    if (isTpp.isEmpty()) {
        log.info("The OAuth2 client to which the accountAccessToken was issued no longer exists. ClientId is " + "'{}'", oauth2ClientIdFromAccountRequest);
        throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST, currentUser.getUsername(), getAccountRequest().getClientId());
    } else {
        Tpp tpp = isTpp.get();
        String tppAuthorisationNumber = tpp.getAuthorisationNumber();
        if (!currentUser.getUsername().equals(tppAuthorisationNumber)) {
            log.warn("AISP ID from account request '{}' is not the one associated with the certificate '{}'", tppAuthorisationNumber, currentUser.getUsername());
            throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST, currentUser.getUsername(), getAccountRequest().getClientId());
        }
    }
    log.info("Account Request with clientId of {} has been verified as belonging to X509 certificate (MTLS) " + "principal '{}'", oauth2ClientIdFromAccountRequest, currentUser.getUsername());
}
Also used : AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) UserDetails(org.springframework.security.core.userdetails.UserDetails) Tpp(com.forgerock.openbanking.model.Tpp) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Example 2 with AccountRequest

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.

the class CustomerInfoApiEndpointWrapper method verifyCustomerInfoRequest.

public void verifyCustomerInfoRequest() throws OBErrorException {
    log.debug("Verifying Customer Info Consent");
    verifyAccountRequestStatus();
    AccountRequest accountConsent = getAccountRequest();
    List<FRExternalPermissionsCode> permissions = accountConsent.getPermissions();
    for (FRExternalPermissionsCode permssion : permissions) {
        if (permssion != FRExternalPermissionsCode.READCUSTOMERINFOCONSENT) {
            log.info("The associated AccountRequest contains a permission that is not '{}'", FRExternalPermissionsCode.READCUSTOMERINFOCONSENT);
            throw new OBErrorException(OBRIErrorType.PERMISSIONS_INVALID, List.of(FRExternalPermissionsCode.READCUSTOMERINFOCONSENT, permissions));
        }
    }
    log.debug("verifyCustomerInfoRequest() - request has correct permissions for customer info");
}
Also used : AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) FRExternalPermissionsCode(com.forgerock.openbanking.common.model.openbanking.domain.account.common.FRExternalPermissionsCode) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Example 3 with AccountRequest

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.

the class AccountsApiEndpointWrapper method getAccountRequest.

public AccountRequest getAccountRequest() throws OBErrorException {
    log.debug("getAccountRequest() called");
    if (accountRequest == null) {
        try {
            log.info("getAccountRequest() Introspecting the access token locally, as it is a JWS");
            String accountRequestId = rsEndpointWrapperService.accessTokenService.getIntentId(accessToken);
            log.info("getAccountRequest() Account request id {}", accountRequestId);
            Optional<AccountRequest> isAccountRequest = rsEndpointWrapperService.accountRequestStore.get(accountRequestId);
            if (!isAccountRequest.isPresent()) {
                log.warn("getAccountRequest() Couldn't not find the account request {}", accountRequestId);
                throw new OBErrorException(OBRIErrorType.ACCOUNT_REQUEST_NOT_FOUND, accountRequestId);
            }
            accountRequest = isAccountRequest.get();
        } catch (ParseException | IOException e) {
            log.warn("Could not parse the claims of the access token '{}'", accessToken.serialize());
            throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_FORMAT);
        }
    }
    return accountRequest;
}
Also used : AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) ParseException(java.text.ParseException) IOException(java.io.IOException)

Example 4 with AccountRequest

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.

the class RCSAccountDetailsApi method consentDetails.

@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String accountRequestId, String clientId) throws OBErrorException {
    log.debug("Received a consent request with consent_request='{}'", remoteConsentRequest);
    log.debug("=> The account request id '{}''", accountRequestId);
    Optional<AccountRequest> isAccountRequest = accountRequestStoreService.get(accountRequestId);
    if (!isAccountRequest.isPresent()) {
        log.error("The AISP '{}' is referencing an account request {} that doesn't exist", clientId, accountRequestId);
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, accountRequestId);
    }
    AccountRequest accountRequest = isAccountRequest.get();
    // Verify the aisp is the same than the one that created this accountRequest ^
    if (!clientId.equals(accountRequest.getClientId())) {
        log.error("The AISP '{}' created the account request '{}' but it's AISP '{}' that is trying to get" + " consent for it.", accountRequest.getClientId(), clientId, accountRequestId);
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, accountRequest.getClientId(), clientId, accountRequestId);
    }
    Optional<Tpp> isTpp = tppStoreService.findById(accountRequest.getAispId());
    if (!isTpp.isPresent()) {
        log.error("The TPP '{}' (Client ID {}) that created this consent id '{}' doesn't exist anymore.", accountRequest.getAispId(), clientId, accountRequest.getId());
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, accountRequest.getId());
    }
    Tpp tpp = isTpp.get();
    log.debug("Populate the model with the payment and consent data");
    accountRequest.setUserId(username);
    accountRequestStoreService.save(accountRequest);
    log.debug("Populate the model with the payment and consent data");
    return ok(AccountsConsentDetails.builder().permissions(toOBExternalPermissions1CodeList(accountRequest.getPermissions())).fromTransaction(accountRequest.getTransactionFromDateTime()).toTransaction(accountRequest.getTransactionToDateTime()).accounts(accounts).username(username).logo(tpp.getLogo()).clientId(clientId).pispName(accountRequest.getAispName()).expiredDate(accountRequest.getExpirationDateTime()).build());
}
Also used : AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) Tpp(com.forgerock.openbanking.model.Tpp)

Example 5 with AccountRequest

use of com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest in project openbanking-aspsp by OpenBankingToolkit.

the class RCSCustomerInfoDetailsApi method consentDetails.

@Override
public ResponseEntity consentDetails(String remoteConsentRequest, List<AccountWithBalance> accounts, String username, String consentId, String clientId) throws OBErrorException {
    log.debug("Received a Customer info account consent request with consent_request='{}'", remoteConsentRequest);
    log.debug("=> The Customer info account consent id '{}'", consentId);
    Optional<AccountRequest> isCustomerInfoConsent = accountRequestStoreService.get(consentId);
    if (!isCustomerInfoConsent.isPresent()) {
        log.error("The AISP '{}' is referencing an customer info account request {} that doesn't exist", clientId, consentId);
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_UNKNOWN_ACCOUNT_REQUEST, clientId, consentId);
    }
    FRAccountAccessConsent customerInfoAccountConsent = (FRAccountAccessConsent) isCustomerInfoConsent.get();
    // Verify the aisp is the same than the one that created this customer info accountRequest ^
    if (!clientId.equals(customerInfoAccountConsent.getClientId())) {
        log.error("The AISP '{}' created the customer info account request '{}' but it's AISP '{}' that is " + "trying to get consent for it.", customerInfoAccountConsent.getClientId(), consentId, clientId);
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_INVALID_CONSENT, customerInfoAccountConsent.getClientId(), clientId, consentId);
    }
    Optional<Tpp> isTpp = tppStoreService.findById(customerInfoAccountConsent.getAispId());
    if (!isTpp.isPresent()) {
        log.error("The TPP '{}' (Client ID {}) that created this customer info account consent id '{}' " + "doesn't exist anymore.", customerInfoAccountConsent.getAispId(), clientId, customerInfoAccountConsent.getId());
        return rcsErrorService.error(OBRIErrorType.RCS_CONSENT_REQUEST_NOT_FOUND_TPP, clientId, customerInfoAccountConsent.getId());
    }
    Tpp tpp = isTpp.get();
    log.debug("Populate the customer info model with details data");
    customerInfoAccountConsent.setUserId(username);
    accountRequestStoreService.save(customerInfoAccountConsent);
    log.debug("Populate the model with the customer info and consent data");
    log.debug("get the customer info to add it in account consent data.");
    FRCustomerInfo customerInfo = customerInfoRepository.findByUserID(username);
    log.debug("customer info data {}", customerInfo);
    if (customerInfo == null) {
        return rcsErrorService.invalidConsentError(remoteConsentRequest, new OBErrorException(OBRIErrorType.CUSTOMER_INFO_NOT_FOUND));
    }
    customerInfoAccountConsent.setCustomerInfo(customerInfo);
    log.debug("customer info to added in account consent data {}", consentId);
    return ok(CustomerInfoConsentDetails.builder().username(username).merchantName(customerInfoAccountConsent.getAispName()).logo(tpp.getLogo()).clientId(clientId).customerInfo(customerInfoAccountConsent.getCustomerInfo()).build());
}
Also used : FRAccountAccessConsent(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent) AccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest) Tpp(com.forgerock.openbanking.model.Tpp) FRCustomerInfo(com.forgerock.openbanking.common.model.data.FRCustomerInfo) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Aggregations

AccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)6 OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)4 Tpp (com.forgerock.openbanking.model.Tpp)3 FRCustomerInfo (com.forgerock.openbanking.common.model.data.FRCustomerInfo)1 FRExternalPermissionsCode (com.forgerock.openbanking.common.model.openbanking.domain.account.common.FRExternalPermissionsCode)1 FRAccountAccessConsent (com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountAccessConsent)1 FRAccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountRequest)1 IOException (java.io.IOException)1 ParseException (java.text.ParseException)1 HttpEntity (org.springframework.http.HttpEntity)1 HttpHeaders (org.springframework.http.HttpHeaders)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1