Examples with Tpp com.forgerock.openbanking.model.Tpp used on opensource projects

Example 11 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class AggregatedPollingApiControllerIT method pollEvents_v3_1_2.

@Test
public void pollEvents_v3_1_2() throws Exception {
    // Given
    String jws = jws(OpenBankingConstants.Scope.EVENT_POLLING, OIDCConstants.GrantType.CLIENT_CREDENTIAL);
    springSecForTest.mockAuthCollector.mockAuthorities(OBRIRole.ROLE_AISP);
    mockAccessTokenVerification(jws);
    OBEventPollingResponse1 obEventPollingResponse = new OBEventPollingResponse1().sets(Map.of("asdfasdfas", "eyJhbG....asefasefa", "asdfasdfas2", "eyJhbG2....asefasefa")).moreAvailable(false);
    given(rsStoreGateway.toRsStore(any(), any(), any(), any(), any())).willReturn(ResponseEntity.ok(obEventPollingResponse));
    Tpp tpp = new Tpp();
    tpp.setAuthorisationNumber("test-tpp");
    given(tppStoreService.findByClientId(any())).willReturn(Optional.of(tpp));
    OBEventPolling1 obEventPolling = new OBEventPolling1().returnImmediately(true);
    // When
    HttpResponse<OBEventPollingResponse1> response = Unirest.post("https://rs-api:" + port + "/open-banking/v3.1.2/events").body(obEventPolling).header(OBHeaders.X_FAPI_FINANCIAL_ID, rsConfiguration.financialId).header(OBHeaders.AUTHORIZATION, "Bearer " + jws).header(OBHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON.getMimeType()).asObject(OBEventPollingResponse1.class);
    // Then
    assertThat(response.getStatus()).isEqualTo(200);
}

Example 12 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class AggregatedPollingApiControllerIT method pollEvents_v3_1_3.

@Test
public void pollEvents_v3_1_3() throws Exception {
    // Given
    String jws = jws(OpenBankingConstants.Scope.EVENT_POLLING, OIDCConstants.GrantType.CLIENT_CREDENTIAL);
    springSecForTest.mockAuthCollector.mockAuthorities(OBRIRole.ROLE_AISP);
    mockAccessTokenVerification(jws);
    OBEventPollingResponse1 obEventPollingResponse = new OBEventPollingResponse1().sets(Map.of("asdfasdfas", "eyJhbG....asefasefa", "asdfasdfas2", "eyJhbG2....asefasefa")).moreAvailable(false);
    given(rsStoreGateway.toRsStore(any(), any(), any(), any(), any())).willReturn(ResponseEntity.ok(obEventPollingResponse));
    Tpp tpp = new Tpp();
    tpp.setAuthorisationNumber("test-tpp");
    given(tppStoreService.findByClientId(any())).willReturn(Optional.of(tpp));
    OBEventPolling1 obEventPolling = new OBEventPolling1().returnImmediately(true);
    // When
    HttpResponse<OBEventPollingResponse1> response = Unirest.post("https://rs-api:" + port + "/open-banking/v3.1.3/events").body(obEventPolling).header(OBHeaders.X_FAPI_FINANCIAL_ID, rsConfiguration.financialId).header(OBHeaders.AUTHORIZATION, "Bearer " + jws).header(OBHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON.getMimeType()).asObject(OBEventPollingResponse1.class);
    // Then
    assertThat(response.getStatus()).isEqualTo(200);
}

Example 13 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class CallbackUrlApiControllerIT method createCallbackUrls_badRequest_InvalidObject.

@Test
public void createCallbackUrls_badRequest_InvalidObject() throws Exception {
    // Given
    String jws = jws(OpenBankingConstants.Scope.ACCOUNTS, OIDCConstants.GrantType.CLIENT_CREDENTIAL);
    springSecForTest.mockAuthCollector.mockAuthorities(OBRIRole.ROLE_AISP);
    mockAccessTokenVerification(jws);
    OBCallbackUrl1 obCallbackUrl1 = new OBCallbackUrl1().data(new OBCallbackUrlData1().url("https://tpp.domain/v3.1/event-notifications").version(OBVersion.v3_0.getCanonicalVersion()));
    Tpp tpp = new Tpp();
    tpp.setAuthorisationNumber("test-tpp");
    given(tppStoreService.findByClientId(any())).willReturn(Optional.of(tpp));
    HttpResponse<OBCallbackUrlResponse1> response = Unirest.post("https://rs-api:" + port + "/open-banking/" + OBVersion.v3_0.getCanonicalName() + "/callback-urls").header(OBHeaders.X_FAPI_FINANCIAL_ID, rsConfiguration.financialId).header(OBHeaders.AUTHORIZATION, "Bearer " + jws).header(OBHeaders.CONTENT_TYPE, "application/json; charset=utf-8").body(obCallbackUrl1).asObject(OBCallbackUrlResponse1.class);
    // Then
    assertThat(response.getStatus()).isEqualTo(400);
    assertThat(response.getParsingError().get().getOriginalBody()).contains("Version on the callback url field https://tpp.domain/v3.1/event-notifications doesn't match with the version value field 3.0");
    assertThat(response.getParsingError().get().getOriginalBody()).contains(OBRIErrorType.REQUEST_OBJECT_INVALID.getCode().getValue());
}

Example 14 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class DetachedJwsVerifierTest method setupMocksForValidJws.

private void setupMocksForValidJws() throws ParseException, InvalidTokenException, IOException {
    DirectorySoftwareStatement ssa = DirectorySoftwareStatementOpenBanking.builder().org_jwks_endpoint("TODO").software_mode("TEST").software_redirect_uris(List.of()).org_status("Active").software_client_id("5f98223fc10e5100103e2c5a").iss("ForgeRock").software_jwks_endpoint("https://service.directory.dev-ob.forgerock.financial:8074/api/software-statement/5f98223fc10e5100103e2c5a/application/jwk_uri").software_id("5f98223fc10e5100103e2c5a").org_contacts(List.of()).build();
    Tpp tpp = mock(Tpp.class);
    given(tppStoreService.findByClientId(anyString())).willReturn(Optional.of(tpp));
    OIDCRegistrationResponse oidcRegistrationResponse = mock(OIDCRegistrationResponse.class);
    given(tpp.getRegistrationResponse()).willReturn(oidcRegistrationResponse);
    given(tpp.getDirectorySoftwareStatement()).willReturn(ssa);
    given(oidcRegistrationResponse.getJwks()).willReturn(null);
    given(oidcRegistrationResponse.getJwks_uri()).willReturn(null);
    given(cryptoApiClient.validateDetachedJWS(any(), any(), any(), any(), any())).willReturn(null);
}

Example 15 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class RSEndpointWrapper method verifyMatlsFromAccessToken.

// This method ensures that the certificate used for MATLS to access the endpoint belongs to the same
// organisation that the access token provided in the request authorization header was issued to.
public void verifyMatlsFromAccessToken() throws OBErrorException {
    try {
        log.debug("verifyMatlsFromAccessToken() called");
        String oauth2ClientId = accessToken.getJWTClaimsSet().getAudience().get(0);
        // MTLS check. We verify that the certificate is associated with the expected AISP ID
        Optional<Tpp> tpp = this.tppStoreService.findByClientId(oauth2ClientId);
        UserDetails currentUser = (UserDetails) ((Authentication) principal).getPrincipal();
        if (tpp.isPresent()) {
            String authorisationNumberFromTppRecord = tpp.get().getAuthorisationNumber();
            if (!currentUser.getUsername().equals(authorisationNumberFromTppRecord)) {
                log.warn("TPP ID from account token {} is not the one associated with the certificate {}", oauth2ClientId, currentUser.getUsername());
                throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCESS_TOKEN, currentUser.getUsername(), oauth2ClientId);
            }
        }
        this.oAuth2ClientId = oauth2ClientId;
        log.info("TPP AuthorizationNumber {} has been verified against X509 certificate (MTLS)", currentUser.getUsername());
    } catch (ParseException e) {
        log.warn("Access token {} doesn't look to be a JWT. You need to enable stateless", authorization);
        throw new OBErrorException(OBRIErrorType.ACCESS_TOKEN_INVALID_FORMAT);
    }
}