Examples with Tpp com.forgerock.openbanking.model.Tpp used on opensource projects

Search in sources :

Example 26 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class DetachedJwsVerifier method verifyDetachedJws.

public void verifyDetachedJws(String detachedJws, OBVersion obVersion, HttpServletRequest request, String oauth2ClientId) throws OBErrorException {
    if (StringUtils.isEmpty(detachedJws)) {
        log.warn("Detached signature not provided");
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "Not provided");
    }
    try {
        MultiReadHttpServletRequest multiReadRequest = new MultiReadHttpServletRequest(request);
        String body = multiReadRequest.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
        log.debug("Verify detached signature {} with payload {}", detachedJws, body);
        // obVersion is only set from 3.1.3 onwards
        if ((obVersion == null || obVersion.isBeforeVersion(v3_1_4)) && isBase64Encoded(detachedJws)) {
            log.warn("Invalid detached signature {}, {}", detachedJws, "b64 claim header not set to false in version: " + obVersion);
            throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "b64 claim header not set to false");
        }
        if (obVersion != null && obVersion.isAfterVersion(v3_1_3) && isB64ClaimHeaderPresent(detachedJws)) {
            log.warn("Invalid detached signature {}, {}", detachedJws, "b64 claim header must not be present in version: " + obVersion);
            throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, "b64 claim header must not be present");
        }
        Tpp tpp = tppStoreService.findByClientId(oauth2ClientId).get();
        DirectorySoftwareStatement softwareStatement = tpp.getDirectorySoftwareStatement();
        String orgId = softwareStatement.getOrg_id();
        String softwareId = softwareStatement.getSoftware_id();
        String expectedIssuer = orgId + "/" + softwareId;
        if (tpp.getRegistrationResponse().getJwks() != null) {
            cryptoApiClient.validateDetachedJWSWithJWK(detachedJws, body, null, expectedIssuer, tpp.getRegistrationResponse().getJwks().getKeys().get(0));
        } else {
            cryptoApiClient.validateDetachedJWS(detachedJws, body, null, expectedIssuer, tpp.getRegistrationResponse().getJwks_uri());
        }
    } catch (InvalidTokenException e) {
        log.warn("Invalid detached signature {}", detachedJws, e);
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, e.getMessage());
    } catch (IOException e) {
        log.error("Can't get the request body", e);
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_UN_ACCESSIBLE);
    } catch (ParseException e) {
        log.error("Can't parse JWS", e);
        throw new OBErrorException(OBRIErrorType.DETACHED_JWS_INVALID, detachedJws, e.getMessage());
    }
}
Also used : InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException) MultiReadHttpServletRequest(com.forgerock.openbanking.aspsp.rs.filter.MultiReadHttpServletRequest) Tpp(com.forgerock.openbanking.model.Tpp) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) IOException(java.io.IOException) ParseException(java.text.ParseException)

Example 27 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class FilePaymentConsentsApiController method createFilePaymentConsents.

public ResponseEntity<OBWriteFileConsentResponse4> createFilePaymentConsents(OBWriteFileConsent3 obWriteFileConsent3, String authorization, String xIdempotencyKey, String xJwsSignature, DateTime xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, String clientId, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
    log.debug("Received: '{}'", obWriteFileConsent3);
    FRWriteFileConsent frWriteFileConsent = toFRWriteFileConsent(obWriteFileConsent3);
    log.trace("Converted to: '{}'", frWriteFileConsent);
    final Tpp tpp = Optional.ofNullable(tppRepository.findByClientId(clientId)).orElseThrow(() -> new OBErrorResponseException(HttpStatus.BAD_REQUEST, OBRIErrorResponseCategory.REQUEST_INVALID, "TPP not found for client id", Collections.singletonList(OBRIErrorType.REQUEST_INVALID_HEADER.toOBError1("x-ob-client-id"))));
    log.debug("Got TPP '{}' for client Id '{}'", tpp, clientId);
    Optional<FRFileConsent> consentByIdempotencyKey = fileConsentRepository.findByIdempotencyKeyAndPispId(xIdempotencyKey, tpp.getId());
    if (consentByIdempotencyKey.isPresent()) {
        validateIdempotencyRequest(xIdempotencyKey, frWriteFileConsent, consentByIdempotencyKey.get(), () -> consentByIdempotencyKey.get().getWriteFileConsent());
        log.info("Idempotent request is valid. Returning [201 CREATED] but take no further action.");
        return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(consentByIdempotencyKey.get()));
    }
    log.debug("No consent with matching idempotency key has been found. Creating new consent.");
    FRFileConsent fileConsent = FRFileConsent.builder().id(IntentType.PAYMENT_FILE_CONSENT.generateIntentId()).status(ConsentStatusCode.AWAITINGUPLOAD).writeFileConsent(frWriteFileConsent).pispId(tpp.getId()).pispName(tpp.getOfficialName()).statusUpdate(DateTime.now()).updated(new Date()).idempotencyKey(xIdempotencyKey).obVersion(VersionPathExtractor.getVersionFromPath(request)).build();
    log.debug("Saving consent: '{}'", fileConsent);
    consentMetricService.sendConsentActivity(new ConsentStatusEntry(fileConsent.getId(), fileConsent.getStatus().name()));
    fileConsent = fileConsentRepository.save(fileConsent);
    log.info("Created consent id: '{}'", fileConsent.getId());
    return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(fileConsent));
}
Also used : FRWriteFileConsent(com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteFileConsent) FRWriteFileConsentConverter.toFRWriteFileConsent(com.forgerock.openbanking.common.services.openbanking.converter.payment.FRWriteFileConsentConverter.toFRWriteFileConsent) Tpp(com.forgerock.openbanking.model.Tpp) FRFileConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRFileConsent) OBErrorResponseException(com.forgerock.openbanking.exceptions.OBErrorResponseException) Date(java.util.Date) ConsentStatusEntry(com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)

Example 28 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class InternationalPaymentConsentsApiController method createInternationalPaymentConsents.

public ResponseEntity<OBWriteInternationalConsentResponse6> createInternationalPaymentConsents(OBWriteInternationalConsent5 obWriteInternationalConsent5, String authorization, String xIdempotencyKey, String xJwsSignature, DateTime xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, String clientId, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
    log.debug("Received: '{}'", obWriteInternationalConsent5);
    FRWriteInternationalConsent frWriteInternationalConsent = toFRWriteInternationalConsent(obWriteInternationalConsent5);
    log.trace("Converted to: '{}'", frWriteInternationalConsent);
    final Tpp tpp = tppRepository.findByClientId(clientId);
    log.debug("Got TPP '{}' for client Id '{}'", tpp, clientId);
    Optional<FRInternationalConsent> consentByIdempotencyKey = internationalConsentRepository.findByIdempotencyKeyAndPispId(xIdempotencyKey, tpp.getId());
    if (consentByIdempotencyKey.isPresent()) {
        validateIdempotencyRequest(xIdempotencyKey, frWriteInternationalConsent, consentByIdempotencyKey.get(), () -> consentByIdempotencyKey.get().getInternationalConsent());
        log.info("Idempotent request is valid. Returning [201 CREATED] but take no further action.");
        return ResponseEntity.status(HttpStatus.CREATED).body(responseEntity(consentByIdempotencyKey.get()));
    }
    log.debug("No consent with matching idempotency key has been found. Creating new consent.");
    log.debug("Got TPP '{}' for client Id '{}'", tpp, clientId);
    FRInternationalConsent internationalConsent = FRInternationalConsent.builder().id(IntentType.PAYMENT_INTERNATIONAL_CONSENT.generateIntentId()).status(ConsentStatusCode.AWAITINGAUTHORISATION).internationalConsent(frWriteInternationalConsent).pispId(tpp.getId()).pispName(tpp.getOfficialName()).statusUpdate(DateTime.now()).obVersion(VersionPathExtractor.getVersionFromPath(request)).build();
    log.debug("Saving consent: '{}'", internationalConsent);
    consentMetricService.sendConsentActivity(new ConsentStatusEntry(internationalConsent.getId(), internationalConsent.getStatus().name()));
    internationalConsent = internationalConsentRepository.save(internationalConsent);
    log.info("Created consent id: '{}'", internationalConsent.getId());
    return ResponseEntity.status(HttpStatus.CREATED).body(responseEntity(internationalConsent));
}
Also used : FRWriteInternationalConsentConverter.toFRWriteInternationalConsent(com.forgerock.openbanking.common.services.openbanking.converter.payment.FRWriteInternationalConsentConverter.toFRWriteInternationalConsent) FRWriteInternationalConsent(com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteInternationalConsent) Tpp(com.forgerock.openbanking.model.Tpp) FRInternationalConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRInternationalConsent) ConsentStatusEntry(com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)

Example 29 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class DomesticVrpConsentsApiController method domesticVrpConsentsPost.

@Override
public ResponseEntity<OBDomesticVRPConsentResponse> domesticVrpConsentsPost(String authorization, String xIdempotencyKey, String xJwsSignature, OBDomesticVRPConsentRequest obDomesticVRPConsentRequest, String xFapiAuthDate, String xFapiCustomerIpAddress, String xFapiInteractionId, String xCustomerUserAgent, String clientId, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
    log.debug("(store) Received Domestic VRP consent: '{}'", obDomesticVRPConsentRequest);
    log.debug("(store) Request to create a VRP consent received, interactionId '{}'", xFapiInteractionId);
    FRDomesticVRPConsentDetails frDomesticVRPDetails = toFRDomesticVRPConsentDetails(obDomesticVRPConsentRequest);
    log.trace("Converted OB Domestic VRP consent to: '{}'", frDomesticVRPDetails);
    final Tpp tpp = tppRepository.findByClientId(clientId);
    log.debug("Got TPP '{}' for client Id '{}'", tpp, clientId);
    Optional<FRDomesticVRPConsent> vrpConsentByIdempotencyKey = domesticVRPConsentRepository.findByIdempotencyKeyAndPispId(xIdempotencyKey, tpp.getId());
    if (vrpConsentByIdempotencyKey.isPresent()) {
        validateIdempotencyRequest(xIdempotencyKey, frDomesticVRPDetails, vrpConsentByIdempotencyKey.get(), () -> vrpConsentByIdempotencyKey.get().getVrpDetails());
        log.info("Idempotent request for VRP payment consent is valid. Returning [201 CREATED] but take no further action.");
        return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(vrpConsentByIdempotencyKey.get()));
    }
    log.debug("No Domestic VRP payment consent with matching idempotency key has been found. Creating new consent.");
    FRDomesticVRPConsent domesticVrpConsent = FRDomesticVRPConsent.builder().id(IntentType.DOMESTIC_VRP_PAYMENT_CONSENT.generateIntentId()).status(ConsentStatusCode.AWAITINGAUTHORISATION).vrpDetails(frDomesticVRPDetails).pispId(tpp.getId()).pispName(tpp.getOfficialName()).statusUpdate(DateTime.now()).idempotencyKey(xIdempotencyKey).obVersion(VersionPathExtractor.getVersionFromPath(request)).build();
    log.debug("Saving Domestic VRP payment consent: '{}'", domesticVrpConsent);
    consentMetricService.sendConsentActivity(new ConsentStatusEntry(domesticVrpConsent.getId(), domesticVrpConsent.getStatus().name()));
    domesticVRPConsentRepository.save(domesticVrpConsent);
    log.info("Created domestic VRP payment consent id: '{}'", domesticVrpConsent.getId());
    return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(domesticVrpConsent));
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) FRDomesticVRPConsentDetails(com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsentDetails) FRDomesticVRPConsentConverter.toFRDomesticVRPConsentDetails(com.forgerock.openbanking.common.services.openbanking.converter.vrp.FRDomesticVRPConsentConverter.toFRDomesticVRPConsentDetails) FRDomesticVRPConsent(com.forgerock.openbanking.common.model.openbanking.persistence.vrp.FRDomesticVRPConsent) ConsentStatusEntry(com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)

Example 30 with Tpp

use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.

the class AccessTokenService method verifyMatlsFromAccessToken.

public void verifyMatlsFromAccessToken(SignedJWT accessToken, String tppName) throws OAuth2BearerTokenUsageInvalidTokenException {
    log.debug("verifyMatlsFromAccessToken() called");
    try {
        JWTClaimsSet jwtClaimSet = getJwtClaims(accessToken);
        String oauth2ClientId = getAudience(jwtClaimSet);
        Optional<Tpp> tpp = this.tppStoreService.findByClientId(oauth2ClientId);
        if (tpp.isPresent()) {
            String authorisationNumberFromTppRecord = tpp.get().getAuthorisationNumber();
            if (!tppName.equals(authorisationNumberFromTppRecord)) {
                log.warn("TPP ID from account token {} is not the one associated with the certificate {}", authorisationNumberFromTppRecord, tppName);
                throw new OBErrorException(OBRIErrorType.MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCESS_TOKEN, tppName, oauth2ClientId);
            }
        }
    } catch (OAuth2BearerTokenUsageInvalidTokenException oe) {
        log.info("verifyMatlsFromAccessToken() caught exception", oe);
        throw oe;
    } catch (Exception e) {
        log.info("verifyMatlsFromAccessToken() caught exception", e);
        throw new OAuth2BearerTokenUsageInvalidTokenException("Access token was not issued to the organisation " + "that owns the TLS certificate used to make the request.");
    }
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) OAuth2BearerTokenUsageInvalidTokenException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2BearerTokenUsageInvalidTokenException) PermissionDenyException(com.forgerock.openbanking.common.error.exception.PermissionDenyException) InvalidTokenException(com.forgerock.openbanking.jwt.exceptions.InvalidTokenException) ParseException(java.text.ParseException) IOException(java.io.IOException) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException)

Aggregations

Tpp (com.forgerock.openbanking.model.Tpp)131 ConsentStatusEntry (com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)39 Test (org.junit.Test)28 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)19 Before (org.junit.Before)13 SpringSecForTest (com.forgerock.openbanking.integration.test.support.SpringSecForTest)12 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)12 JacksonObjectMapper (kong.unirest.JacksonObjectMapper)11 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)9 OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)9 OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9 AccountWithBalance (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountWithBalance)8 URI (java.net.URI)8 FRInternationalStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRInternationalStandingOrderConsent)7 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)7 FRWriteInternationalStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteInternationalStandingOrderConsent)6 FRDomesticConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticConsent)6 FRDomesticScheduledConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticScheduledConsent)6 FRDomesticStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticStandingOrderConsent)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial