Example 1 with OBRIRole
use of com.forgerock.openbanking.model.OBRIRole in project openbanking-aspsp by OpenBankingToolkit.
the class ApiClientIdentityFactoryTest method returnsApiClientQWac_getApiClientIdentity.
@Test
public void returnsApiClientQWac_getApiClientIdentity() throws CertificateException, IOException, InvalidPsd2EidasCertificate, ApiClientException, OAuth2InvalidClientException {
// given
X509Certificate[] certificatesChain = TestHelperFunctions.getCertChainFromFile("src/test/resources/certificates/QWac.pem");
Psd2CertInfo certInfo = new Psd2CertInfo(certificatesChain);
String tppName = "TestTppName";
Collection<OBRIRole> authorities = new ArrayList<>();
authorities.add(OBRIRole.UNREGISTERED_TPP);
PSD2Authentication authentication = new PSD2Authentication(tppName, authorities, certificatesChain, certInfo);
ApiClientIdentityFactory identityFactory = new ApiClientIdentityFactory();
// when
ApiClientIdentity identity = identityFactory.getApiClientIdentity(authentication);
// then
assertThat(identity).isInstanceOf(ApiClientIdentityQWac.class);
}
Also used :
OBRIRole(com.forgerock.openbanking.model.OBRIRole)
ArrayList(java.util.ArrayList)
PSD2Authentication(com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication)
Psd2CertInfo(com.forgerock.cert.Psd2CertInfo)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Example 2 with OBRIRole
use of com.forgerock.openbanking.model.OBRIRole in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method shouldSucceed_register.
@Test
public void shouldSucceed_register() throws OAuth2InvalidClientException, DynamicClientRegistrationException, InvalidPsd2EidasCertificate, ApiClientException {
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
X509Authentication principal = testSpec.getPrincipal(authorities);
ApiClientIdentity apiClientIdentity = this.identityFactory.getApiClientIdentity(principal);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
Tpp tpp = new Tpp();
tpp.setRegistrationResponse(new OIDCRegistrationResponse());
given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Also used :
OBRIRole(com.forgerock.openbanking.model.OBRIRole)
Tpp(com.forgerock.openbanking.model.Tpp)
OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)
X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)
ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)
RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)
Test(org.junit.Test)
Example 3 with OBRIRole
use of com.forgerock.openbanking.model.OBRIRole in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method failWithInvalidClientIfCertificateIsNotFromATrustedParty_register.
@Test
public void failWithInvalidClientIfCertificateIsNotFromATrustedParty_register() throws InvalidPsd2EidasCertificate {
// given
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.UNKNOWN_CERTIFICATE));
X509Authentication principal = testSpec.getPrincipal(authorities);
// when
OAuth2InvalidClientException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal), OAuth2InvalidClientException.class);
// then
assertThat(exception.getRfc6750ErrorCode()).isEqualTo(OAuth2Exception.INVALID_CLIENT);
}
Also used :
OBRIRole(com.forgerock.openbanking.model.OBRIRole)
X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)
Test(org.junit.Test)
Example 4 with OBRIRole
use of com.forgerock.openbanking.model.OBRIRole in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method failIfSsaIsHasSoftwareIdDifferentFromRequestObject_register.
@Test
public void failIfSsaIsHasSoftwareIdDifferentFromRequestObject_register() throws DynamicClientRegistrationException, InvalidPsd2EidasCertificate {
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
X509Authentication principal = testSpec.getPrincipal(authorities);
RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
Mockito.doThrow(new DynamicClientRegistrationException("blah", DynamicClientRegistrationErrorType.INVALID_SOFTWARE_STATEMENT)).when(this.tppRegistrationService).verifyTPPRegistrationRequestAgainstSSA(regRequest);
// when
DynamicClientRegistrationException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal), DynamicClientRegistrationException.class);
assertThat(exception.getErrorType()).isEqualTo(DynamicClientRegistrationErrorType.INVALID_SOFTWARE_STATEMENT);
}
Also used :
OBRIRole(com.forgerock.openbanking.model.OBRIRole)
DynamicClientRegistrationException(com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)
X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)
RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)
Test(org.junit.Test)
Example 5 with OBRIRole
use of com.forgerock.openbanking.model.OBRIRole in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method willRegisterIfCertHasBeenUsedToPreviouslyRegister_register.
@Test
public void willRegisterIfCertHasBeenUsedToPreviouslyRegister_register() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException {
// given
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_AISP, OBRIRole.ROLE_AISP));
X509Authentication principal = testSpec.getPrincipal(authorities);
String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
Tpp tpp = new Tpp();
tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setRegistrationAccessToken(authToken);
tpp.setRegistrationResponse(registrationResponse);
given(tppStoreService.findByClientId("testname")).willReturn(Optional.of(tpp));
given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
// then
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Also used :
OBRIRole(com.forgerock.openbanking.model.OBRIRole)
Tpp(com.forgerock.openbanking.model.Tpp)
OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)
X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)
ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)
RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)
Test(org.junit.Test)
Aggregations
OBRIRole (com.forgerock.openbanking.model.OBRIRole)8
Test (org.junit.Test)8
X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)5
Psd2CertInfo (com.forgerock.cert.Psd2CertInfo)3
RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)3
PSD2Authentication (com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication)3
X509Certificate (java.security.cert.X509Certificate)3
ArrayList (java.util.ArrayList)3
DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)2
ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)2
Tpp (com.forgerock.openbanking.model.Tpp)2
OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)2
