Search in sources :

Example 1 with DirectorySoftwareStatement

use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.

the class DirectorySoftwareStatementFactoryTest method succeedWithOBSSA_getSoftwareStatement.

@Test
public void succeedWithOBSSA_getSoftwareStatement() throws ParseException, DynamicClientRegistrationException {
    // Given
    String registrationRequestJwtSerialised = TestHelperFunctions.getValidOBSsaSerialised();
    SignedJWT registrationRequestJws = SignedJWT.parse(registrationRequestJwtSerialised);
    JWTClaimsSet ssaJwtClaims = registrationRequestJws.getJWTClaimsSet();
    RegistrationRequestJWTClaims ssaJWTClaims = new RegistrationRequestJWTClaims(ssaJwtClaims, JWTClaimsOrigin.REGISTRATION_REQUEST_JWT);
    // When
    DirectorySoftwareStatement statement = softwareStatementFactory.getSoftwareStatement(ssaJWTClaims);
    // Then
    assertThat(statement).isNotNull();
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.Test)

Example 2 with DirectorySoftwareStatement

use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.

the class DetachedJwsVerifierTest method setupMocksForValidJws.

private void setupMocksForValidJws() throws ParseException, InvalidTokenException, IOException {
    DirectorySoftwareStatement ssa = DirectorySoftwareStatementOpenBanking.builder().org_jwks_endpoint("TODO").software_mode("TEST").software_redirect_uris(List.of()).org_status("Active").software_client_id("5f98223fc10e5100103e2c5a").iss("ForgeRock").software_jwks_endpoint("https://service.directory.dev-ob.forgerock.financial:8074/api/software-statement/5f98223fc10e5100103e2c5a/application/jwk_uri").software_id("5f98223fc10e5100103e2c5a").org_contacts(List.of()).build();
    Tpp tpp = mock(Tpp.class);
    given(tppStoreService.findByClientId(anyString())).willReturn(Optional.of(tpp));
    OIDCRegistrationResponse oidcRegistrationResponse = mock(OIDCRegistrationResponse.class);
    given(tpp.getRegistrationResponse()).willReturn(oidcRegistrationResponse);
    given(tpp.getDirectorySoftwareStatement()).willReturn(ssa);
    given(oidcRegistrationResponse.getJwks()).willReturn(null);
    given(oidcRegistrationResponse.getJwks_uri()).willReturn(null);
    given(cryptoApiClient.validateDetachedJWS(any(), any(), any(), any(), any())).willReturn(null);
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement)

Example 3 with DirectorySoftwareStatement

use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.

the class DetachedJwsVerifier method verifyDetachedJws.

public void verifyDetachedJws(String detachedJws, OBVersion obVersion, HttpServletRequest request, String oauth2ClientId) throws OBErrorException {
    if (StringUtils.isEmpty(detachedJws)) {
        log.warn("Detached signature not provided");
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "Not provided");
    }
    try {
        MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(request);
        String body = multiReadRequest.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
        log.debug("Verify detached signature {} with payload {}", detachedJws, body);
        // obVersion is only set from 3.1.3 onwards
        if ((obVersion == null || obVersion.isBeforeVersion(v3_1_4)) && isBase64Encoded(detachedJws)) {
            log.warn("Invalid detached signature {}, {}", detachedJws, "b64 claim header not set to false in version: " + obVersion);
            throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "b64 claim header not set to false");
        }
        if (obVersion != null && obVersion.isAfterVersion(v3_1_3) && isB64ClaimHeaderPresent(detachedJws)) {
            log.warn("Invalid detached signature {}, {}", detachedJws, "b64 claim header must not be present in version: " + obVersion);
            throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "b64 claim header must not be present");
        }
        Tpp tpp = tppStoreService.findByClientId(oauth2ClientId).get();
        DirectorySoftwareStatement softwareStatement = tpp.getDirectorySoftwareStatement();
        String orgId = softwareStatement.getOrg_id();
        String softwareId = softwareStatement.getSoftware_id();
        String expectedIssuer = orgId + "/" + softwareId;
        if (tpp.getRegistrationResponse().getJwks() != null) {
            cryptoApiClient.validateDetachedJWSWithJWK(detachedJws, body, null, expectedIssuer, tpp.getRegistrationResponse().getJwks().getKeys().get(0));
        } else {
            cryptoApiClient.validateDetachedJWS(detachedJws, body, null, expectedIssuer, tpp.getRegistrationResponse().getJwks_uri());
        }
    } catch (InvalidTokenException e) {
        log.warn("Invalid detached signature {}", detachedJws, e);
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, e.getMessage());
    } catch (IOException e) {
        log.error("Can't get the request body", e);
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_UN_ACCESSIBLE);
    } catch (ParseException e) {
        log.error("Can't parse JWS", e);
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, e.getMessage());
    }
}
Also used : InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException) MultiReadHttpServletRequest(com.forgerock.openbanking.aspsp.rs.filter.MultiReadHttpServletRequest) Tpp(com.forgerock.openbanking.model.Tpp) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) IOException(java.io.IOException) ParseException(java.text.ParseException)

Example 4 with DirectorySoftwareStatement

use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.

the class MongoTppSchemaChangeLog method migrateTpps.

@ChangeSet(order = "001", id = "tpp-to-multi-software-statement-tpp", author = "Jamie Bowen")
public void migrateTpps(MongoTemplate mongoTemplate) throws IOException {
    StopWatch elapsedTime = new StopWatch();
    elapsedTime.start();
    long docsUpdated = 0;
    long docsWithNoAuthorisationNumber = 0;
    log.info("-----------------------------------------------------------------------");
    log.info("Migrating Tpp data to have full softwareStatement info");
    OpenBankingDirectoryConfiguration openBankingDirectoryConfiguration = new OpenBankingDirectoryConfiguration();
    openBankingDirectoryConfiguration.issuerId = "OpenBanking Ltd";
    DirectorySoftwareStatementFactory directorySoftwareStatementFactory = new DirectorySoftwareStatementFactory(openBankingDirectoryConfiguration);
    Query query = new Query();
    List<Tpp> tpps = mongoTemplate.find(query, Tpp.class);
    log.info("Found {} tpps", tpps.size());
    for (Tpp tpp : tpps) {
        String ssa = tpp.getSsa();
        DirectorySoftwareStatement directorySoftwareStatement = directorySoftwareStatementFactory.getSoftwareStatementFromJsonString(ssa, objectMapper);
        String authorisationNumber = directorySoftwareStatement.getAuthorisationNumber();
        if (authorisationNumber == null || authorisationNumber.isBlank()) {
            log.error("Failed to set authorisation number of document id '{}'", tpp.getId());
            docsWithNoAuthorisationNumber++;
        } else {
            tpp.setAuthorisationNumber(authorisationNumber);
        }
        tpp.setSoftwareId(directorySoftwareStatement.getSoftware_client_id());
        tpp.setDirectorySoftwareStatement(directorySoftwareStatement);
        mongoTemplate.save(tpp);
        docsUpdated++;
    }
    elapsedTime.stop();
    log.info("Upgraded {} documents in {} seconds.", docsUpdated, elapsedTime.getTotalTimeSeconds());
    log.info("Failed to create authorisationNumbers for {} documents", docsWithNoAuthorisationNumber);
    log.info("-----------------------------------------------------------------------");
    log.info("Finished updating Tpps to have full software statement information");
}
Also used : Query(org.springframework.data.mongodb.core.query.Query) Tpp(com.forgerock.openbanking.model.Tpp) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement) OpenBankingDirectoryConfiguration(com.forgerock.openbanking.common.services.onboarding.configuration.OpenBankingDirectoryConfiguration) DirectorySoftwareStatementFactory(com.forgerock.openbanking.common.services.onboarding.registrationrequest.DirectorySoftwareStatementFactory) StopWatch(org.springframework.util.StopWatch) ChangeSet(com.github.mongobee.changeset.ChangeSet)

Example 5 with DirectorySoftwareStatement

use of com.forgerock.openbanking.model.DirectorySoftwareStatement in project openbanking-aspsp by OpenBankingToolkit.

the class DirectorySoftwareStatementFactoryTest method succeedWithFRSsa_getSoftwareStatement.

@Test
public void succeedWithFRSsa_getSoftwareStatement() throws ParseException, DynamicClientRegistrationException {
    // Given
    String registrationRequestJwtSerialised = TestHelperFunctions.getValidSsaSerialised();
    SignedJWT registrationRequestJws = SignedJWT.parse(registrationRequestJwtSerialised);
    JWTClaimsSet ssaJwtClaims = registrationRequestJws.getJWTClaimsSet();
    RegistrationRequestJWTClaims ssaJWTClaims = new RegistrationRequestJWTClaims(ssaJwtClaims, JWTClaimsOrigin.REGISTRATION_REQUEST_JWT);
    // When
    DirectorySoftwareStatement statement = softwareStatementFactory.getSoftwareStatement(ssaJWTClaims);
    // Then
    assertThat(statement).isNotNull();
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.Test)

Aggregations

DirectorySoftwareStatement (com.forgerock.openbanking.model.DirectorySoftwareStatement)11 Test (org.junit.Test)5 DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)3 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)3 Tpp (com.forgerock.openbanking.model.Tpp)3 IOException (java.io.IOException)3 ParseException (java.text.ParseException)3 ManualRegistrationRequest (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest)2 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)2 SignedJWT (com.nimbusds.jwt.SignedJWT)2 TppEntry (com.forgerock.openbanking.analytics.model.entries.TppEntry)1 MultiReadHttpServletRequest (com.forgerock.openbanking.aspsp.rs.filter.MultiReadHttpServletRequest)1 OpenBankingDirectoryConfiguration (com.forgerock.openbanking.common.services.onboarding.configuration.OpenBankingDirectoryConfiguration)1 DirectorySoftwareStatementFactory (com.forgerock.openbanking.common.services.onboarding.registrationrequest.DirectorySoftwareStatementFactory)1 OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)1 InvalidTokenException (com.forgerock.openbanking.jwt.exceptions.InvalidTokenException)1 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)1 ChangeSet (com.github.mongobee.changeset.ChangeSet)1 DateTime (org.joda.time.DateTime)1 Ignore (org.junit.Ignore)1