use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.
the class RegistrationRequestTest method overwriteRegistrationRequestFieldsFromSSAClaims.
@Test
public void overwriteRegistrationRequestFieldsFromSSAClaims() throws DynamicClientRegistrationException {
// Given
ApiClientIdentity clientIdentity = mock(ApiClientIdentity.class);
// When
this.registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(clientIdentity);
// Then
assertThat(registrationRequest.getJwks_uri()).isEqualTo("https://service.directory.dev-ob.forgerock" + ".financial:8074/api/software-statement/60c75ba3c450450011efa679/application/jwk_uri");
}
use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method shouldSucceed_register.
@Test
public void shouldSucceed_register() throws OAuth2InvalidClientException, DynamicClientRegistrationException, InvalidPsd2EidasCertificate, ApiClientException {
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
X509Authentication principal = testSpec.getPrincipal(authorities);
ApiClientIdentity apiClientIdentity = this.identityFactory.getApiClientIdentity(principal);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
Tpp tpp = new Tpp();
tpp.setRegistrationResponse(new OIDCRegistrationResponse());
given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.
the class ManualRegistrationApiController method registerApplication.
@Override
public ResponseEntity<ManualRegistrationApplication> registerApplication(@ApiParam(value = "Registration request", required = true) @Valid @RequestBody ManualRegistrationRequest manualRegistrationRequest, @CookieValue(value = "obri-session", required = true) String obriSession, Principal principal) throws OAuth2InvalidClientException {
log.debug("registerApplication called. manualRegistrationRequest is '{}'", manualRegistrationRequest);
ApiClientIdentity apiClientIdentity = null;
try {
String userNameOfSessionHolder = this.getUserNameFromSession(obriSession);
apiClientIdentity = identityFactory.getApiClientIdentity(principal);
log.debug("ApiClientIdentity is '{}'", apiClientIdentity);
// Prepare the request
String registrationRequestDefaultJsonClaims = getRegistrationRequestDefaultJsonClaims();
RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromManualRegistrationJson(registrationRequestDefaultJsonClaims, manualRegistrationRequest, objectMapper);
registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
log.debug("The OIDC registration request we are going to send to AM {}", registrationRequest);
// Register the TPP
String tppIdentifier = registrationRequest.getSoftwareIdFromSSA();
Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
log.debug("Successfully performed manual onboarding! the tpp resulting: {}", tpp);
ManualRegistrationApplication manualRegistrationApplication = ManualRegistrationApplication.builder().userId(userNameOfSessionHolder).manualRegistrationRequest(manualRegistrationRequest).description(manualRegistrationRequest.getApplicationDescription()).softwareClientId(tpp.getClientId()).oidcRegistrationResponse(tpp.getRegistrationResponse()).build();
return ResponseEntity.status(HttpStatus.CREATED).body(manualRegistrationApplicationService.createApplication(manualRegistrationApplication));
} catch (ApiClientException e) {
log.info("registerApplication() caught ApiClientException; ", e);
throw new OAuth2InvalidClientException(e.getMessage());
} catch (DynamicClientRegistrationException e) {
log.info("registerApplication() caught DynamicClientRegistrationException; ", e);
throw new OAuth2InvalidClientException(e.getMessage());
}
}
use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiController method updateRegistration.
/**
* Update the information relating to an existing OAuth2 client registration
* @param clientId the client_id of the OAuth2 client registration that the ApiClient wishes to update
* @param authorization An Authorisation Token as per https://tools.ietf.org/html/rfc6750
* @param registrationRequestJwtSerialised A request to register a Software Statement Assertion with an ASPSP
* @param principal - the principal identity that is making the request
* @return returns a ResponseEntity used to determine if the request was successful and, if so, gain access to any
* body returned, headers etc.
* @throws OAuth2InvalidClientException
* @throws OAuth2BearerTokenUsageInvalidTokenException
* @throws OAuth2BearerTokenUsageMissingAuthInfoException
* @throws DynamicClientRegistrationException
*/
@Override
public ResponseEntity<OIDCRegistrationResponse> updateRegistration(String clientId, String authorization, String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException, OAuth2BearerTokenUsageMissingAuthInfoException, DynamicClientRegistrationException {
String methodName = "updateRegistration()";
try {
log.info("{} called for ClientId '{}'. Princpal is {}", methodName, clientId, principal);
ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
log.info("updateRegistration() {}", errorString);
throw new OAuth2InvalidClientException(errorString);
}
Tpp tpp = tppRegistrationService.getTpp(clientId);
tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
String accessToken = tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorization);
// Override client ID
registrationRequest.setClientId(clientId);
verifyRegistrationRequest(apiClientIdentity, registrationRequest);
registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
tpp = tppRegistrationService.updateTpp(apiClientIdentity, tpp, accessToken, registrationRequest);
log.info("{} Updated registration information for ClientId {}", methodName, tpp.getClientId());
return ResponseEntity.status(HttpStatus.OK).body(tpp.getRegistrationResponse());
} catch (ApiClientException e) {
String errorMessage = "Error updating registration for clientId '" + clientId + " Error was: " + e.getMessage();
log.info("{} {}", methodName, errorMessage, e);
throw new OAuth2InvalidClientException(errorMessage);
}
}
use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiController method register.
@Override
public ResponseEntity<OIDCRegistrationResponse> register(@ApiParam(value = "A request to register a Software Statement Assertion with an ASPSP") @Valid @RequestBody String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, DynamicClientRegistrationException {
String methodName = "register()";
log.info("{} Received request to create a new client registration. {}", methodName, registrationRequestJwtSerialised);
try {
ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
String tppIdentifier = apiClientIdentity.getTppIdentifier();
RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
// delete client ID
registrationRequest.setClientId(null);
if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
log.info("register() {}", errorString);
throw new OAuth2InvalidClientException(errorString);
}
verifyRegistrationRequest(apiClientIdentity, registrationRequest);
registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
OIDCRegistrationResponse registrationResponse = tpp.getRegistrationResponse();
log.info("{} Registration succeeded. tpp {} now has OAuth2 ClientId of {}", methodName, tppIdentifier, tpp.getClientId());
return ResponseEntity.status(HttpStatus.CREATED).body(registrationResponse);
} catch (ApiClientException e) {
log.info("Failed to create new client registration. There was an error related to the client requesting " + "the registration; '{}'", e.getMessage());
log.debug("register() caught ApiClientException.", e);
throw new OAuth2InvalidClientException("Invalid certificate presented. Error was " + e.getMessage());
}
}
Aggregations