Search in sources :

Example 1 with ApiClientException

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method registerApplication.

@Override
public ResponseEntity<ManualRegistrationApplication> registerApplication(@ApiParam(value = "Registration request", required = true) @Valid @RequestBody ManualRegistrationRequest manualRegistrationRequest, @CookieValue(value = "obri-session", required = true) String obriSession, Principal principal) throws OAuth2InvalidClientException {
    log.debug("registerApplication called. manualRegistrationRequest is '{}'", manualRegistrationRequest);
    ApiClientIdentity apiClientIdentity = null;
    try {
        String userNameOfSessionHolder = this.getUserNameFromSession(obriSession);
        apiClientIdentity = identityFactory.getApiClientIdentity(principal);
        log.debug("ApiClientIdentity is '{}'", apiClientIdentity);
        // Prepare the request
        String registrationRequestDefaultJsonClaims = getRegistrationRequestDefaultJsonClaims();
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromManualRegistrationJson(registrationRequestDefaultJsonClaims, manualRegistrationRequest, objectMapper);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        log.debug("The OIDC registration request we are going to send to AM {}", registrationRequest);
        // Register the TPP
        String tppIdentifier = registrationRequest.getSoftwareIdFromSSA();
        Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
        log.debug("Successfully performed manual onboarding! the tpp resulting: {}", tpp);
        ManualRegistrationApplication manualRegistrationApplication = ManualRegistrationApplication.builder().userId(userNameOfSessionHolder).manualRegistrationRequest(manualRegistrationRequest).description(manualRegistrationRequest.getApplicationDescription()).softwareClientId(tpp.getClientId()).oidcRegistrationResponse(tpp.getRegistrationResponse()).build();
        return ResponseEntity.status(HttpStatus.CREATED).body(manualRegistrationApplicationService.createApplication(manualRegistrationApplication));
    } catch (ApiClientException e) {
        log.info("registerApplication() caught ApiClientException; ", e);
        throw new OAuth2InvalidClientException(e.getMessage());
    } catch (DynamicClientRegistrationException e) {
        log.info("registerApplication() caught DynamicClientRegistrationException; ", e);
        throw new OAuth2InvalidClientException(e.getMessage());
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) DynamicClientRegistrationException(com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) ManualRegistrationRequest(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) ManualRegistrationApplication(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)

Example 2 with ApiClientException

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method updateRegistration.

/**
 * Update the information relating to an existing OAuth2 client registration
 * @param clientId the client_id of the OAuth2 client registration that the ApiClient wishes to update
 * @param authorization An Authorisation Token as per https://tools.ietf.org/html/rfc6750
 * @param registrationRequestJwtSerialised A request to register a Software Statement Assertion with an ASPSP
 * @param principal - the principal identity that is making the request
 * @return returns a ResponseEntity used to determine if the request was successful and, if so, gain access to any
 * body returned, headers etc.
 * @throws OAuth2InvalidClientException
 * @throws OAuth2BearerTokenUsageInvalidTokenException
 * @throws OAuth2BearerTokenUsageMissingAuthInfoException
 * @throws DynamicClientRegistrationException
 */
@Override
public ResponseEntity<OIDCRegistrationResponse> updateRegistration(String clientId, String authorization, String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException, OAuth2BearerTokenUsageMissingAuthInfoException, DynamicClientRegistrationException {
    String methodName = "updateRegistration()";
    try {
        log.info("{} called for ClientId '{}'. Princpal is {}", methodName, clientId, principal);
        ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
        if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
            String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
            log.info("updateRegistration() {}", errorString);
            throw new OAuth2InvalidClientException(errorString);
        }
        Tpp tpp = tppRegistrationService.getTpp(clientId);
        tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
        String accessToken = tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorization);
        // Override client ID
        registrationRequest.setClientId(clientId);
        verifyRegistrationRequest(apiClientIdentity, registrationRequest);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        tpp = tppRegistrationService.updateTpp(apiClientIdentity, tpp, accessToken, registrationRequest);
        log.info("{} Updated registration information for ClientId {}", methodName, tpp.getClientId());
        return ResponseEntity.status(HttpStatus.OK).body(tpp.getRegistrationResponse());
    } catch (ApiClientException e) {
        String errorMessage = "Error updating registration for clientId '" + clientId + " Error was: " + e.getMessage();
        log.info("{} {}", methodName, errorMessage, e);
        throw new OAuth2InvalidClientException(errorMessage);
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)

Example 3 with ApiClientException

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method register.

@Override
public ResponseEntity<OIDCRegistrationResponse> register(@ApiParam(value = "A request to register a Software Statement Assertion with an ASPSP") @Valid @RequestBody String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, DynamicClientRegistrationException {
    String methodName = "register()";
    log.info("{} Received request to create a new client registration. {}", methodName, registrationRequestJwtSerialised);
    try {
        ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
        String tppIdentifier = apiClientIdentity.getTppIdentifier();
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
        // delete client ID
        registrationRequest.setClientId(null);
        if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
            String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
            log.info("register() {}", errorString);
            throw new OAuth2InvalidClientException(errorString);
        }
        verifyRegistrationRequest(apiClientIdentity, registrationRequest);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
        OIDCRegistrationResponse registrationResponse = tpp.getRegistrationResponse();
        log.info("{} Registration succeeded. tpp {} now has OAuth2 ClientId of {}", methodName, tppIdentifier, tpp.getClientId());
        return ResponseEntity.status(HttpStatus.CREATED).body(registrationResponse);
    } catch (ApiClientException e) {
        log.info("Failed to create new client registration. There was an error related to the client requesting " + "the registration; '{}'", e.getMessage());
        log.debug("register() caught ApiClientException.", e);
        throw new OAuth2InvalidClientException("Invalid certificate presented. Error was " + e.getMessage());
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)

Example 4 with ApiClientException

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method getOrganizationIdentifier.

@Override
public ResponseEntity<String> getOrganizationIdentifier(Principal principal) throws OAuth2InvalidClientException {
    try {
        ApiClientIdentity apiClientIdentity = identityFactory.getApiClientIdentity(principal);
        String organizationIdentifier = apiClientIdentity.getAuthorisationNumber().orElseThrow(() -> new OAuth2InvalidClientException("Could not get OrganizationIdentifier from  " + "certificate"));
        return ResponseEntity.status(HttpStatus.OK).body(organizationIdentifier);
    } catch (ApiClientException e) {
        log.info("getOrganizationIdentifier() caught ApiClientException; ", e);
        throw new OAuth2InvalidClientException("Failed to obtain OrganizationIdentifier from certificate");
    }
}
Also used : ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)

Aggregations

OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)4 ApiClientException (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException)4 ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)4 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)3 Tpp (com.forgerock.openbanking.model.Tpp)3 DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)1 ManualRegistrationApplication (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)1 ManualRegistrationRequest (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest)1 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)1