Search in sources :

Example 1 with ApiClientIdentity

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.

the class RegistrationRequestTest method overwriteRegistrationRequestFieldsFromSSAClaims.

@Test
public void overwriteRegistrationRequestFieldsFromSSAClaims() throws DynamicClientRegistrationException {
    // Given
    ApiClientIdentity clientIdentity = mock(ApiClientIdentity.class);
    // When
    this.registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(clientIdentity);
    // Then
    assertThat(registrationRequest.getJwks_uri()).isEqualTo("https://service.directory.dev-ob.forgerock" + ".financial:8074/api/software-statement/60c75ba3c450450011efa679/application/jwk_uri");
}
Also used : ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) Test(org.junit.Test)

Example 2 with ApiClientIdentity

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method shouldSucceed_register.

@Test
public void shouldSucceed_register() throws OAuth2InvalidClientException, DynamicClientRegistrationException, InvalidPsd2EidasCertificate, ApiClientException {
    Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    ApiClientIdentity apiClientIdentity = this.identityFactory.getApiClientIdentity(principal);
    String directoryName = "ForgeRock";
    given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
    RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
    Tpp tpp = new Tpp();
    tpp.setRegistrationResponse(new OIDCRegistrationResponse());
    given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
    // when
    ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) Test(org.junit.Test)

Example 3 with ApiClientIdentity

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method registerApplication.

@Override
public ResponseEntity<ManualRegistrationApplication> registerApplication(@ApiParam(value = "Registration request", required = true) @Valid @RequestBody ManualRegistrationRequest manualRegistrationRequest, @CookieValue(value = "obri-session", required = true) String obriSession, Principal principal) throws OAuth2InvalidClientException {
    log.debug("registerApplication called. manualRegistrationRequest is '{}'", manualRegistrationRequest);
    ApiClientIdentity apiClientIdentity = null;
    try {
        String userNameOfSessionHolder = this.getUserNameFromSession(obriSession);
        apiClientIdentity = identityFactory.getApiClientIdentity(principal);
        log.debug("ApiClientIdentity is '{}'", apiClientIdentity);
        // Prepare the request
        String registrationRequestDefaultJsonClaims = getRegistrationRequestDefaultJsonClaims();
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromManualRegistrationJson(registrationRequestDefaultJsonClaims, manualRegistrationRequest, objectMapper);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        log.debug("The OIDC registration request we are going to send to AM {}", registrationRequest);
        // Register the TPP
        String tppIdentifier = registrationRequest.getSoftwareIdFromSSA();
        Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
        log.debug("Successfully performed manual onboarding! the tpp resulting: {}", tpp);
        ManualRegistrationApplication manualRegistrationApplication = ManualRegistrationApplication.builder().userId(userNameOfSessionHolder).manualRegistrationRequest(manualRegistrationRequest).description(manualRegistrationRequest.getApplicationDescription()).softwareClientId(tpp.getClientId()).oidcRegistrationResponse(tpp.getRegistrationResponse()).build();
        return ResponseEntity.status(HttpStatus.CREATED).body(manualRegistrationApplicationService.createApplication(manualRegistrationApplication));
    } catch (ApiClientException e) {
        log.info("registerApplication() caught ApiClientException; ", e);
        throw new OAuth2InvalidClientException(e.getMessage());
    } catch (DynamicClientRegistrationException e) {
        log.info("registerApplication() caught DynamicClientRegistrationException; ", e);
        throw new OAuth2InvalidClientException(e.getMessage());
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) DynamicClientRegistrationException(com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) ManualRegistrationRequest(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) ManualRegistrationApplication(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)

Example 4 with ApiClientIdentity

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method updateRegistration.

/**
 * Update the information relating to an existing OAuth2 client registration
 * @param clientId the client_id of the OAuth2 client registration that the ApiClient wishes to update
 * @param authorization An Authorisation Token as per https://tools.ietf.org/html/rfc6750
 * @param registrationRequestJwtSerialised A request to register a Software Statement Assertion with an ASPSP
 * @param principal - the principal identity that is making the request
 * @return returns a ResponseEntity used to determine if the request was successful and, if so, gain access to any
 * body returned, headers etc.
 * @throws OAuth2InvalidClientException
 * @throws OAuth2BearerTokenUsageInvalidTokenException
 * @throws OAuth2BearerTokenUsageMissingAuthInfoException
 * @throws DynamicClientRegistrationException
 */
@Override
public ResponseEntity<OIDCRegistrationResponse> updateRegistration(String clientId, String authorization, String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, OAuth2BearerTokenUsageInvalidTokenException, OAuth2BearerTokenUsageMissingAuthInfoException, DynamicClientRegistrationException {
    String methodName = "updateRegistration()";
    try {
        log.info("{} called for ClientId '{}'. Princpal is {}", methodName, clientId, principal);
        ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
        if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
            String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
            log.info("updateRegistration() {}", errorString);
            throw new OAuth2InvalidClientException(errorString);
        }
        Tpp tpp = tppRegistrationService.getTpp(clientId);
        tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
        String accessToken = tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorization);
        // Override client ID
        registrationRequest.setClientId(clientId);
        verifyRegistrationRequest(apiClientIdentity, registrationRequest);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        tpp = tppRegistrationService.updateTpp(apiClientIdentity, tpp, accessToken, registrationRequest);
        log.info("{} Updated registration information for ClientId {}", methodName, tpp.getClientId());
        return ResponseEntity.status(HttpStatus.OK).body(tpp.getRegistrationResponse());
    } catch (ApiClientException e) {
        String errorMessage = "Error updating registration for clientId '" + clientId + " Error was: " + e.getMessage();
        log.info("{} {}", methodName, errorMessage, e);
        throw new OAuth2InvalidClientException(errorMessage);
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)

Example 5 with ApiClientIdentity

use of com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiController method register.

@Override
public ResponseEntity<OIDCRegistrationResponse> register(@ApiParam(value = "A request to register a Software Statement Assertion with an ASPSP") @Valid @RequestBody String registrationRequestJwtSerialised, Principal principal) throws OAuth2InvalidClientException, DynamicClientRegistrationException {
    String methodName = "register()";
    log.info("{} Received request to create a new client registration. {}", methodName, registrationRequestJwtSerialised);
    try {
        ApiClientIdentity apiClientIdentity = this.apiClientIdentityFactory.getApiClientIdentity(principal);
        String tppIdentifier = apiClientIdentity.getTppIdentifier();
        RegistrationRequest registrationRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
        // delete client ID
        registrationRequest.setClientId(null);
        if (!apiClientIdentity.wasIssuedWith(registrationRequest)) {
            String errorString = "The MATLS transport certificate and the SSA were not issued to the same " + "organisation";
            log.info("register() {}", errorString);
            throw new OAuth2InvalidClientException(errorString);
        }
        verifyRegistrationRequest(apiClientIdentity, registrationRequest);
        registrationRequest.overwriteRegistrationRequestFieldsFromSSAClaims(apiClientIdentity);
        Tpp tpp = tppRegistrationService.registerTpp(apiClientIdentity, registrationRequest);
        OIDCRegistrationResponse registrationResponse = tpp.getRegistrationResponse();
        log.info("{} Registration succeeded. tpp {} now has OAuth2 ClientId of {}", methodName, tppIdentifier, tpp.getClientId());
        return ResponseEntity.status(HttpStatus.CREATED).body(registrationResponse);
    } catch (ApiClientException e) {
        log.info("Failed to create new client registration. There was an error related to the client requesting " + "the registration; '{}'", e.getMessage());
        log.debug("register() caught ApiClientException.", e);
        throw new OAuth2InvalidClientException("Invalid certificate presented. Error was " + e.getMessage());
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) ApiClientException(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)

Aggregations

ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)6 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)4 ApiClientException (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientException)4 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)4 Tpp (com.forgerock.openbanking.model.Tpp)4 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)2 Test (org.junit.Test)2 DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)1 ManualRegistrationApplication (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)1 ManualRegistrationRequest (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest)1 OBRIRole (com.forgerock.openbanking.model.OBRIRole)1 X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)1