Search in sources :

Example 21 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class AccessTokenService method verifyAccessTokenGrantTypes.

public void verifyAccessTokenGrantTypes(List<OIDCConstants.GrantType> expectedGrantTypes, SignedJWT accessToken) throws OAuth2BearerTokenUsageInvalidTokenException {
    try {
        String grantTypeSerialised = getGrantTypes(accessToken);
        OIDCConstants.GrantType grantType = OIDCConstants.GrantType.fromType(grantTypeSerialised);
        if (!OIDCConstants.GrantType.REFRESH_TOKEN.equals(grantType) && !expectedGrantTypes.contains(grantType)) {
            log.debug("Access token grant type '{}' is not one of the expected grant types {}", grantType, expectedGrantTypes);
            throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_GRANT_TYPE, grantType, expectedGrantTypes);
        }
        log.debug("verifyAccessTokenGrantTypes() - access token contains expected grant type");
    } catch (Exception e) {
        log.info("verifyAccessTokenGrantTypes() caught exception", e);
        throw new OAuth2BearerTokenUsageInvalidTokenException(e.getMessage());
    }
}
Also used : OIDCConstants(com.forgerock.openbanking.constants.OIDCConstants) OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException) PermissionDenyException(com.forgerock.openbanking.common.error.exception.PermissionDenyException) InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException) ParseException(java.text.ParseException) IOException(java.io.IOException) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Example 22 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class AccessTokenService method verifyMatlsFromAccessToken.

public void verifyMatlsFromAccessToken(SignedJWT accessToken, String tppName) throws OAuth2BearerTokenUsageInvalidTokenException {
    log.debug("verifyMatlsFromAccessToken() called");
    try {
        JWTClaimsSet jwtClaimSet = getJwtClaims(accessToken);
        String oauth2ClientId = getAudience(jwtClaimSet);
        Optional<Tpp> tpp = this.tppStoreService.findByClientId(oauth2ClientId);
        if (tpp.isPresent()) {
            String authorisationNumberFromTppRecord = tpp.get().getAuthorisationNumber();
            if (!tppName.equals(authorisationNumberFromTppRecord)) {
                log.warn("TPP ID from account token {} is not the one associated with the certificate {}", authorisationNumberFromTppRecord, tppName);
                throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCESS_TOKEN, tppName, oauth2ClientId);
            }
        }
    } catch (OAuth2BearerTokenUsageInvalidTokenException oe) {
        log.info("verifyMatlsFromAccessToken() caught exception", oe);
        throw oe;
    } catch (Exception e) {
        log.info("verifyMatlsFromAccessToken() caught exception", e);
        throw new OAuth2BearerTokenUsageInvalidTokenException("Access token was not issued to the organisation " + "that owns the TLS certificate used to make the request.");
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException) PermissionDenyException(com.forgerock.openbanking.common.error.exception.PermissionDenyException) InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException) ParseException(java.text.ParseException) IOException(java.io.IOException) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Example 23 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class EventValidationService method verifyValidCallbackUrl.

public static void verifyValidCallbackUrl(final String callbackUrl) throws OBErrorException {
    // It is valid to not use a callback URL here as TPP may be using polling only. But, if submitted, callback URL must be valid.
    if (!StringUtils.isEmpty(callbackUrl)) {
        try {
            // Will throw exception is bad URL
            new URL(callbackUrl);
            // Already checked URL above so just check path must end /<OB_Version>/event-subscriptions
            String regex = "[^\\s]+\\/(v(\\d+\\.)?(\\d+\\.)?(\\*|\\d+))\\/event-notifications$";
            boolean matches = Pattern.matches(regex, callbackUrl);
            if (!matches) {
                log.debug("Event subscription callback URL must end with /{OB_VERSION>/event-notifications (e.g. /v3.1.1/). Submitted callback: was '{}'", callbackUrl);
                throw new OBErrorException(OBRIErrorType.INVALID_CALLBACK_URL, callbackUrl);
            }
        } catch (MalformedURLException e) {
            log.debug("Event subscription callback URL is malformed. Submitted callback: was '{}'", callbackUrl, e);
            throw new OBErrorException(OBRIErrorType.INVALID_CALLBACK_URL, callbackUrl);
        }
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) URL(java.net.URL)

Example 24 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class PaymentsSubmissionEndpointWrapperTest method verifyPaymentStatus_notConsented.

@Test
public void verifyPaymentStatus_notConsented() throws Exception {
    // given
    PaymentConsent payment = FRDomesticConsent.builder().status(ConsentStatusCode.ACCEPTEDTECHNICALVALIDATION).build();
    // When
    OBErrorException obErrorException = catchThrowableOfType(() -> wrapper.payment(payment).verifyPaymentStatus(), OBErrorException.class);
    assertThat(obErrorException.getObriErrorType().getHttpStatus().value()).isEqualTo(406);
    assertThat(obErrorException.getMessage()).isEqualTo("Payment invalid. Payment request hasn't been authorised by the PSU yet. Payment request status: 'ACCEPTEDTECHNICALVALIDATION'");
}
Also used : PaymentConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) Test(org.junit.Test)

Example 25 with OBErrorException

use of com.forgerock.openbanking.exceptions.OBErrorException in project openbanking-aspsp by OpenBankingToolkit.

the class PaymentsSubmissionEndpointWrapperTest method verifyAccessUsing_GrantTypeWrong.

@Test
public void verifyAccessUsing_GrantTypeWrong() throws Exception {
    // given
    PaymentConsent payment = FRDomesticConsent.builder().status(ConsentStatusCode.AUTHORISED).build();
    String jws = jws("payments", OIDCConstants.GrantType.CLIENT_CREDENTIAL);
    wrapper.authorization("Bearer " + jws);
    // mock handled stubbed
    when(amResourceServerService.verifyAccessToken("Bearer " + jws)).thenReturn((SignedJWT) JWTParser.parse(jws));
    // then
    // When
    OBErrorException obErrorException = catchThrowableOfType(() -> wrapper.payment(payment).applyFilters(), OBErrorException.class);
    assertThat(obErrorException.getObriErrorType().getHttpStatus().value()).isEqualTo(403);
    assertThat(obErrorException.getOBError().getErrorCode()).isEqualTo(ErrorCode.OBRI_ACCESS_TOKEN_INVALID.getValue());
    assertThat(obErrorException.getMessage()).isEqualTo("The access token grant type CLIENT_CREDENTIAL doesn't match one of the expected grant types [AUTHORIZATION_CODE, HEADLESS_AUTH]");
}
Also used : PaymentConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) Test(org.junit.Test)

Aggregations

OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)69 Test (org.junit.Test)20 ParseException (java.text.ParseException)19 IOException (java.io.IOException)13 OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9 SignedJWT (com.nimbusds.jwt.SignedJWT)9 ResponseEntity (org.springframework.http.ResponseEntity)9 InvalidTokenException (com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)8 Tpp (com.forgerock.openbanking.model.Tpp)8 HttpClientErrorException (org.springframework.web.client.HttpClientErrorException)6 PaymentConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.PaymentConsent)5 List (java.util.List)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)4 AccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountRequest)4 OIDCConstants (com.forgerock.openbanking.constants.OIDCConstants)4 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)4 PermissionDenyException (com.forgerock.openbanking.common.error.exception.PermissionDenyException)3 OAuth2BearerTokenUsageInvalidTokenException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException)3 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)3