use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.
the class DirectorySoftwareStatementFactoryTest method succeedWithOBSSA_getSoftwareStatement.
@Test
public void succeedWithOBSSA_getSoftwareStatement() throws ParseException, DynamicClientRegistrationException {
// Given
String registrationRequestJwtSerialised = TestHelperFunctions.getValidOBSsaSerialised();
SignedJWT registrationRequestJws = SignedJWT.parse(registrationRequestJwtSerialised);
JWTClaimsSet ssaJwtClaims = registrationRequestJws.getJWTClaimsSet();
RegistrationRequestJWTClaims ssaJWTClaims = new RegistrationRequestJWTClaims(ssaJwtClaims, JWTClaimsOrigin.REGISTRATION_REQUEST_JWT);
// When
DirectorySoftwareStatement statement = softwareStatementFactory.getSoftwareStatement(ssaJWTClaims);
// Then
assertThat(statement).isNotNull();
}
use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.
the class DetachedJwsVerifierTest method setupMocksForValidJws.
private void setupMocksForValidJws() throws ParseException, InvalidTokenException, IOException {
DirectorySoftwareStatement ssa = DirectorySoftwareStatementOpenBanking.builder().org_jwks_endpoint("TODO").software_mode("TEST").software_redirect_uris(List.of()).org_status("Active").software_client_id("5f98223fc10e5100103e2c5a").iss("ForgeRock").software_jwks_endpoint("https://service.directory.dev-ob.forgerock.financial:8074/api/software-statement/5f98223fc10e5100103e2c5a/application/jwk_uri").software_id("5f98223fc10e5100103e2c5a").org_contacts(List.of()).build();
Tpp tpp = mock(Tpp.class);
given(tppStoreService.findByClientId(anyString())).willReturn(Optional.of(tpp));
OIDCRegistrationResponse oidcRegistrationResponse = mock(OIDCRegistrationResponse.class);
given(tpp.getRegistrationResponse()).willReturn(oidcRegistrationResponse);
given(tpp.getDirectorySoftwareStatement()).willReturn(ssa);
given(oidcRegistrationResponse.getJwks()).willReturn(null);
given(oidcRegistrationResponse.getJwks_uri()).willReturn(null);
given(cryptoApiClient.validateDetachedJWS(any(), any(), any(), any(), any())).willReturn(null);
}
use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.
the class DetachedJwsVerifier method verifyDetachedJws.
public void verifyDetachedJws(String detachedJws, OBVersion obVersion, HttpServletRequest request, String oauth2ClientId) throws OBErrorException {
if (StringUtils.isEmpty(detachedJws)) {
log.warn("Detached signature not provided");
throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "Not provided");
}
try {
MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(request);
String body = multiReadRequest.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
log.debug("Verify detached signature {} with payload {}", detachedJws, body);
// obVersion is only set from 3.1.3 onwards
if ((obVersion == null || obVersion.isBeforeVersion(v3_1_4)) && isBase64Encoded(detachedJws)) {
log.warn("Invalid detached signature {}, {}", detachedJws, "b64 claim header not set to false in version: " + obVersion);
throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "b64 claim header not set to false");
}
if (obVersion != null && obVersion.isAfterVersion(v3_1_3) && isB64ClaimHeaderPresent(detachedJws)) {
log.warn("Invalid detached signature {}, {}", detachedJws, "b64 claim header must not be present in version: " + obVersion);
throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "b64 claim header must not be present");
}
Tpp tpp = tppStoreService.findByClientId(oauth2ClientId).get();
DirectorySoftwareStatement softwareStatement = tpp.getDirectorySoftwareStatement();
String orgId = softwareStatement.getOrg_id();
String softwareId = softwareStatement.getSoftware_id();
String expectedIssuer = orgId + "/" + softwareId;
if (tpp.getRegistrationResponse().getJwks() != null) {
cryptoApiClient.validateDetachedJWSWithJWK(detachedJws, body, null, expectedIssuer, tpp.getRegistrationResponse().getJwks().getKeys().get(0));
} else {
cryptoApiClient.validateDetachedJWS(detachedJws, body, null, expectedIssuer, tpp.getRegistrationResponse().getJwks_uri());
}
} catch (InvalidTokenException e) {
log.warn("Invalid detached signature {}", detachedJws, e);
throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, e.getMessage());
} catch (IOException e) {
log.error("Can't get the request body", e);
throw new OBErrorException(OBRIErrorType.DETACHED_JWS_UN_ACCESSIBLE);
} catch (ParseException e) {
log.error("Can't parse JWS", e);
throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, e.getMessage());
}
}
use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.
the class MongoTppSchemaChangeLog method migrateTpps.
@ChangeSet(order = "001", id = "tpp-to-multi-software-statement-tpp", author = "Jamie Bowen")
public void migrateTpps(MongoTemplate mongoTemplate) throws IOException {
StopWatch elapsedTime = new StopWatch();
elapsedTime.start();
long docsUpdated = 0;
long docsWithNoAuthorisationNumber = 0;
log.info("-----------------------------------------------------------------------");
log.info("Migrating Tpp data to have full softwareStatement info");
OpenBankingDirectoryConfiguration openBankingDirectoryConfiguration = new OpenBankingDirectoryConfiguration();
openBankingDirectoryConfiguration.issuerId = "OpenBanking Ltd";
DirectorySoftwareStatementFactory directorySoftwareStatementFactory = new DirectorySoftwareStatementFactory(openBankingDirectoryConfiguration);
Query query = new Query();
List<Tpp> tpps = mongoTemplate.find(query, Tpp.class);
log.info("Found {} tpps", tpps.size());
for (Tpp tpp : tpps) {
String ssa = tpp.getSsa();
DirectorySoftwareStatement directorySoftwareStatement = directorySoftwareStatementFactory.getSoftwareStatementFromJsonString(ssa, objectMapper);
String authorisationNumber = directorySoftwareStatement.getAuthorisationNumber();
if (authorisationNumber == null || authorisationNumber.isBlank()) {
log.error("Failed to set authorisation number of document id '{}'", tpp.getId());
docsWithNoAuthorisationNumber++;
} else {
tpp.setAuthorisationNumber(authorisationNumber);
}
tpp.setSoftwareId(directorySoftwareStatement.getSoftware_client_id());
tpp.setDirectorySoftwareStatement(directorySoftwareStatement);
mongoTemplate.save(tpp);
docsUpdated++;
}
elapsedTime.stop();
log.info("Upgraded {} documents in {} seconds.", docsUpdated, elapsedTime.getTotalTimeSeconds());
log.info("Failed to create authorisationNumbers for {} documents", docsWithNoAuthorisationNumber);
log.info("-----------------------------------------------------------------------");
log.info("Finished updating Tpps to have full software statement information");
}
use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.
the class DirectorySoftwareStatementFactoryTest method succeedWithFRSsa_getSoftwareStatement.
@Test
public void succeedWithFRSsa_getSoftwareStatement() throws ParseException, DynamicClientRegistrationException {
// Given
String registrationRequestJwtSerialised = TestHelperFunctions.getValidSsaSerialised();
SignedJWT registrationRequestJws = SignedJWT.parse(registrationRequestJwtSerialised);
JWTClaimsSet ssaJwtClaims = registrationRequestJws.getJWTClaimsSet();
RegistrationRequestJWTClaims ssaJWTClaims = new RegistrationRequestJWTClaims(ssaJwtClaims, JWTClaimsOrigin.REGISTRATION_REQUEST_JWT);
// When
DirectorySoftwareStatement statement = softwareStatementFactory.getSoftwareStatement(ssaJWTClaims);
// Then
assertThat(statement).isNotNull();
}
Aggregations