Example 41 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class DomesticScheduledPaymentConsentsApiController method createDomesticScheduledPaymentConsents.
@Override
public ResponseEntity<OBWriteDomesticScheduledConsentResponse2> createDomesticScheduledPaymentConsents(@ApiParam(value = "Default", required = true) @Valid @RequestBody OBWriteDomesticScheduledConsent2 obWriteDomesticScheduledConsent2, @ApiParam(value = "The unique id of the ASPSP to which the request is issued. The unique id will be issued by OB.", required = true) @RequestHeader(value = "x-fapi-financial-id", required = true) String xFapiFinancialId, @ApiParam(value = "An Authorisation Token as per https://tools.ietf.org/html/rfc6750", required = true) @RequestHeader(value = "Authorization", required = true) String authorization, @ApiParam(value = "Every request will be processed only once per x-idempotency-key. The Idempotency Key will be valid for 24 hours.", required = true) @RequestHeader(value = "x-idempotency-key", required = true) String xIdempotencyKey, @ApiParam(value = "A detached JWS signature of the body of the payload.", required = true) @RequestHeader(value = "x-jws-signature", required = true) String xJwsSignature, @ApiParam(value = "The time when the PSU last logged in with the TPP. All dates in the HTTP headers are represented as RFC 7231 Full Dates. An example is below: Sun, 10 Sep 2017 19:43:31 UTC") @RequestHeader(value = "x-fapi-customer-last-logged-time", required = false) @DateTimeFormat(pattern = HTTP_DATE_FORMAT) DateTime xFapiCustomerLastLoggedTime, @ApiParam(value = "The PSU's IP address if the PSU is currently logged in with the TPP.") @RequestHeader(value = "x-fapi-customer-ip-address", required = false) String xFapiCustomerIpAddress, @ApiParam(value = "An RFC4122 UID used as a correlation id.") @RequestHeader(value = "x-fapi-interaction-id", required = false) String xFapiInteractionId, @ApiParam(value = "Indicates the user-agent that the PSU is using.") @RequestHeader(value = "x-customer-user-agent", required = false) String xCustomerUserAgent, @ApiParam(value = "The PISP ID") @RequestHeader(value = "x-ob-client-id", required = false) String clientId, HttpServletRequest request, Principal principal) throws OBErrorResponseException {
log.debug("Received: '{}'", obWriteDomesticScheduledConsent2);
FRWriteDomesticScheduledConsent frDomesticScheduledConsent = toFRWriteDomesticScheduledConsent(obWriteDomesticScheduledConsent2);
log.trace("Converted to: '{}'", frDomesticScheduledConsent);
final Tpp tpp = tppRepository.findByClientId(clientId);
log.debug("Got TPP '{}' for client Id '{}'", tpp, clientId);
Optional<FRDomesticScheduledConsent> consentByIdempotencyKey = domesticScheduledConsentRepository.findByIdempotencyKeyAndPispId(xIdempotencyKey, tpp.getId());
if (consentByIdempotencyKey.isPresent()) {
validateIdempotencyRequest(xIdempotencyKey, frDomesticScheduledConsent, consentByIdempotencyKey.get(), () -> consentByIdempotencyKey.get().getDomesticScheduledConsent());
log.info("Idempotent request is valid. Returning [201 CREATED] but take no further action.");
return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(consentByIdempotencyKey.get()));
}
log.debug("No consent with matching idempotency key has been found. Creating new consent...");
FRDomesticScheduledConsent domesticScheduledConsent = FRDomesticScheduledConsent.builder().id(IntentType.PAYMENT_DOMESTIC_SCHEDULED_CONSENT.generateIntentId()).status(ConsentStatusCode.AWAITINGAUTHORISATION).domesticScheduledConsent(frDomesticScheduledConsent).pispId(tpp.getId()).pispName(tpp.getOfficialName()).statusUpdate(DateTime.now()).idempotencyKey(xIdempotencyKey).obVersion(VersionPathExtractor.getVersionFromPath(request)).build();
log.debug("Saving consent: '{}'", domesticScheduledConsent);
consentMetricService.sendConsentActivity(new ConsentStatusEntry(domesticScheduledConsent.getId(), domesticScheduledConsent.getStatus().name()));
domesticScheduledConsent = domesticScheduledConsentRepository.save(domesticScheduledConsent);
log.info("Created consent id: '{}'", domesticScheduledConsent.getId());
return ResponseEntity.status(HttpStatus.CREATED).body(packageResponse(domesticScheduledConsent));
}
Also used :
FRDomesticScheduledConsent(com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticScheduledConsent)
Tpp(com.forgerock.openbanking.model.Tpp)
FRWriteDomesticScheduledConsent(com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteDomesticScheduledConsent)
FRWriteDomesticScheduledConsentConverter.toFRWriteDomesticScheduledConsent(com.forgerock.openbanking.common.services.openbanking.converter.payment.FRWriteDomesticScheduledConsentConverter.toFRWriteDomesticScheduledConsent)
ConsentStatusEntry(com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)
Example 42 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method throwsOAuth2BearerTokenUsageInvalidTokenExceptionWhenInvalidAuthorizationString_unregister.
@Test
public void throwsOAuth2BearerTokenUsageInvalidTokenExceptionWhenInvalidAuthorizationString_unregister() throws OAuth2InvalidClientException, OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2BearerTokenUsageInvalidTokenException {
// given
String clientId = this.clientId;
Principal principal = mock(Principal.class);
Tpp tpp = this.getValidTpp();
given(principal.getName()).willReturn(tppName);
given(tppRegistrationService.getTpp(clientId)).willReturn(tpp);
given(tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authorizationString)).willThrow(new OAuth2BearerTokenUsageInvalidTokenException("test"));
// when
OAuth2BearerTokenUsageInvalidTokenException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.deleteRegistration(clientId, this.authorizationString, principal), OAuth2BearerTokenUsageInvalidTokenException.class);
// then
assertThat(exception).isNotNull();
assertThat(exception.getHttpStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
assertThat(exception.getWwwAuthenticateResponseHeaderValue()).isNull();
assertThat(exception.getErrorCode()).isEqualTo(OAuth2BearerTokenUsageException.ErrorEnum.INVALID_TOKEN);
}Example 43 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method shouldSucceed_register.
@Test
public void shouldSucceed_register() throws OAuth2InvalidClientException, DynamicClientRegistrationException, InvalidPsd2EidasCertificate, ApiClientException {
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
X509Authentication principal = testSpec.getPrincipal(authorities);
ApiClientIdentity apiClientIdentity = this.identityFactory.getApiClientIdentity(principal);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
Tpp tpp = new Tpp();
tpp.setRegistrationResponse(new OIDCRegistrationResponse());
given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Also used :
OBRIRole(com.forgerock.openbanking.model.OBRIRole)
Tpp(com.forgerock.openbanking.model.Tpp)
OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)
X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)
ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)
RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)
Test(org.junit.Test)
Example 44 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method successful_updateClient.
@Test
public void successful_updateClient() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException, OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2BearerTokenUsageInvalidTokenException {
// Given
String clientId = "3105f70b-b417-427e-922d-7ba04d16278a";
String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
String authTokenHeaderValue = "Bearer " + "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
X509Authentication principal = testSpec.getPrincipal(authorities);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
Tpp tpp = this.getValidTpp();
tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setRegistrationAccessToken(authToken);
tpp.setRegistrationResponse(registrationResponse);
given(tppRegistrationService.getTpp(clientId)).willReturn(tpp);
given(tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authTokenHeaderValue)).willReturn(authToken);
given(this.tppRegistrationService.updateTpp(any(ApiClientIdentity.class), eq(tpp), eq(authToken), any(RegistrationRequest.class))).willReturn(tpp);
given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.updateRegistration(clientId, authTokenHeaderValue, registrationRequestJwtSerialised, principal);
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
}
Also used :
RoleOfPsp(com.forgerock.cert.psd2.RoleOfPsp)
Tpp(com.forgerock.openbanking.model.Tpp)
OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)
PSD2GrantType(com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType)
X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)
ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)
RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)
Test(org.junit.Test)
Example 45 with Tpp
use of com.forgerock.openbanking.model.Tpp in project openbanking-aspsp by OpenBankingToolkit.
the class AuthorisationApiControllerTest method shouldReturnRedirectActionWhenJwtScopesDoNotMatchQueryParamScope.
@Test
public void shouldReturnRedirectActionWhenJwtScopesDoNotMatchQueryParamScope() throws OBErrorException, OBErrorResponseException {
// Given
List<String> responseTypes = List.of("code id_token");
given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
String jwt = toEncodedSignedTestJwt("jwt/authorisation.jwt");
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setJwks_uri("url");
Tpp tpp = new Tpp();
tpp.setRegistrationResponse(registrationResponse);
given(tppStoreService.findByClientId(this.clientId)).willReturn(Optional.of(tpp));
// When
ResponseEntity responseEntity = authorisationApiController.getAuthorisation(responseTypes.get(0), "98e119f6-196f-4296-98d4-f1a2f445bca2", "98e119f6-xxxx-yyyy-zzzz-f1a2f445bca2", null, "openid accounts", "https://www.google.com", jwt, true, null, null, null, null, null);
// Then
assertThat(responseEntity).isNotNull();
assertThat(responseEntity.getHeaders().getLocation()).isNotNull();
assertTrue(responseEntity.getHeaders().getLocation().toString().contains("error"));
}
Also used :
ResponseEntity(org.springframework.http.ResponseEntity)
Tpp(com.forgerock.openbanking.model.Tpp)
OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Test(org.junit.Test)
Aggregations
Tpp (com.forgerock.openbanking.model.Tpp)131
ConsentStatusEntry (com.forgerock.openbanking.analytics.model.entries.ConsentStatusEntry)39
Test (org.junit.Test)28
OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)19
Before (org.junit.Before)13
SpringSecForTest (com.forgerock.openbanking.integration.test.support.SpringSecForTest)12
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)12
JacksonObjectMapper (kong.unirest.JacksonObjectMapper)11
OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)9
OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)9
OBErrorResponseException (com.forgerock.openbanking.exceptions.OBErrorResponseException)9
AccountWithBalance (com.forgerock.openbanking.common.model.openbanking.persistence.account.AccountWithBalance)8
URI (java.net.URI)8
FRInternationalStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRInternationalStandingOrderConsent)7
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)7
UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)7
FRWriteInternationalStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.domain.payment.FRWriteInternationalStandingOrderConsent)6
FRDomesticConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticConsent)6
FRDomesticScheduledConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticScheduledConsent)6
FRDomesticStandingOrderConsent (com.forgerock.openbanking.common.model.openbanking.persistence.payment.FRDomesticStandingOrderConsent)6
