Example 21 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class AccessTokenService method verifyAccessTokenGrantTypes.
public void verifyAccessTokenGrantTypes(List<OIDCConstants.GrantType> expectedGrantTypes, SignedJWT accessToken) throws OAuth2BearerTokenUsageInvalidTokenException {
try {
String grantTypeSerialised = getGrantTypes(accessToken);
OIDCConstants.GrantType grantType = OIDCConstants.GrantType.fromType(grantTypeSerialised);
if (!OIDCConstants.GrantType.REFRESH_TOKEN.equals(grantType) && !expectedGrantTypes.contains(grantType)) {
log.debug("Access token grant type '{}' is not one of the expected grant types {}", grantType, expectedGrantTypes);
throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_GRANT_TYPE, grantType, expectedGrantTypes);
}
log.debug("verifyAccessTokenGrantTypes() - access token contains expected grant type");
} catch (Exception e) {
log.info("verifyAccessTokenGrantTypes() caught exception", e);
throw new OAuth2BearerTokenUsageInvalidTokenException(e.getMessage());
}
}
Also used :
OIDCConstants(com.forgerock.openbanking.constants.OIDCConstants)
OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)
PermissionDenyException(com.forgerock.openbanking.common.error.exception.PermissionDenyException)
InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)
ParseException(java.text.ParseException)
IOException(java.io.IOException)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Example 22 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class AccessTokenService method verifyMatlsFromAccessToken.
public void verifyMatlsFromAccessToken(SignedJWT accessToken, String tppName) throws OAuth2BearerTokenUsageInvalidTokenException {
log.debug("verifyMatlsFromAccessToken() called");
try {
JWTClaimsSet jwtClaimSet = getJwtClaims(accessToken);
String oauth2ClientId = getAudience(jwtClaimSet);
Optional<Tpp> tpp = this.tppStoreService.findByClientId(oauth2ClientId);
if (tpp.isPresent()) {
String authorisationNumberFromTppRecord = tpp.get().getAuthorisationNumber();
if (!tppName.equals(authorisationNumberFromTppRecord)) {
log.warn("TPP ID from account token {} is not the one associated with the certificate {}", authorisationNumberFromTppRecord, tppName);
throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCESS_TOKEN, tppName, oauth2ClientId);
}
}
} catch (OAuth2BearerTokenUsageInvalidTokenException oe) {
log.info("verifyMatlsFromAccessToken() caught exception", oe);
throw oe;
} catch (Exception e) {
log.info("verifyMatlsFromAccessToken() caught exception", e);
throw new OAuth2BearerTokenUsageInvalidTokenException("Access token was not issued to the organisation " + "that owns the TLS certificate used to make the request.");
}
}
Also used :
Tpp(com.forgerock.openbanking.model.Tpp)
OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)
PermissionDenyException(com.forgerock.openbanking.common.error.exception.PermissionDenyException)
InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)
ParseException(java.text.ParseException)
IOException(java.io.IOException)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Example 23 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class EventValidationService method verifyValidCallbackUrl.
public static void verifyValidCallbackUrl(final String callbackUrl) throws OBErrorException {
// It is valid to not use a callback URL here as TPP may be using polling only. But, if submitted, callback URL must be valid.
if (!StringUtils.isEmpty(callbackUrl)) {
try {
// Will throw exception is bad URL
new URL(callbackUrl);
// Already checked URL above so just check path must end /<OB_Version>/event-subscriptions
String regex = "[^\\s]+\\/(v(\\d+\\.)?(\\d+\\.)?(\\*|\\d+))\\/event-notifications$";
boolean matches = Pattern.matches(regex, callbackUrl);
if (!matches) {
log.debug("Event subscription callback URL must end with /{OB_VERSION>/event-notifications (e.g. /v3.1.1/). Submitted callback: was '{}'", callbackUrl);
throw new OBErrorException(OBRIErrorType.INVALID_CALLBACK_URL, callbackUrl);
}
} catch (MalformedURLException e) {
log.debug("Event subscription callback URL is malformed. Submitted callback: was '{}'", callbackUrl, e);
throw new OBErrorException(OBRIErrorType.INVALID_CALLBACK_URL, callbackUrl);
}
}
}
Also used :
MalformedURLException(java.net.MalformedURLException)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
URL(java.net.URL)
Example 24 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class PaymentsSubmissionEndpointWrapperTest method verifyPaymentStatus_notConsented.
@Test
public void verifyPaymentStatus_notConsented() throws Exception {
// given
PaymentConsent payment = FRDomesticConsent.builder().status(ConsentStatusCode.ACCEPTEDTECHNICALVALIDATION).build();
// When
OBErrorException obErrorException = catchThrowableOfType(() -> wrapper.payment(payment).verifyPaymentStatus(), OBErrorException.class);
assertThat(obErrorException.getObriErrorType().getHttpStatus().value()).isEqualTo(406);
assertThat(obErrorException.getMessage()).isEqualTo("Payment invalid. Payment request hasn't been authorised by the PSU yet. Payment request status: 'ACCEPTEDTECHNICALVALIDATION'");
}
Also used :
PaymentConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Test(org.junit.Test)
Example 25 with OBErrorException
use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.
the class PaymentsSubmissionEndpointWrapperTest method verifyAccessUsing_GrantTypeWrong.
@Test
public void verifyAccessUsing_GrantTypeWrong() throws Exception {
// given
PaymentConsent payment = FRDomesticConsent.builder().status(ConsentStatusCode.AUTHORISED).build();
String jws = jws("payments", OIDCConstants.GrantType.CLIENT_CREDENTIAL);
wrapper.authorization("Bearer " + jws);
// mock handled stubbed
when(amResourceServerService.verifyAccessToken("Bearer " + jws)).thenReturn((SignedJWT) JWTParser.parse(jws));
// then
// When
OBErrorException obErrorException = catchThrowableOfType(() -> wrapper.payment(payment).applyFilters(), OBErrorException.class);
assertThat(obErrorException.getObriErrorType().getHttpStatus().value()).isEqualTo(403);
assertThat(obErrorException.getOBError().getErrorCode()).isEqualTo(ErrorCode.OBRI_ACCESS_TOKEN_INVALID.getValue());
assertThat(obErrorException.getMessage()).isEqualTo("The access token grant type CLIENT_CREDENTIAL doesn't match one of the expected grant types [AUTHORIZATION_CODE, HEADLESS_AUTH]");
}
Also used :
PaymentConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent)
OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)
Test(org.junit.Test)
Aggregations
OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)69
Test (org.junit.Test)20
ParseException (java.text.ParseException)19
IOException (java.io.IOException)13
OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9
SignedJWT (com.nimbusds.jwt.SignedJWT)9
ResponseEntity (org.springframework.http.ResponseEntity)9
InvalidTokenException (com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)8
Tpp (com.forgerock.openbanking.model.Tpp)8
HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)6
PaymentConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent)5
List (java.util.List)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4
AccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)4
OIDCConstants (com.forgerock.openbanking.constants.OIDCConstants)4
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4
PermissionDenyException (com.forgerock.openbanking.common.error.exception.PermissionDenyException)3
OAuth2BearerTokenUsageInvalidTokenException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)3
OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)3
