Search in sources :

Example 1 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class DetachedJwsVerifierTest method setupMocksForValidJws.

private void setupMocksForValidJws() throws ParseException, InvalidTokenException, IOException {
    DirectorySoftwareStatement ssa = DirectorySoftwareStatementOpenBanking.builder().org_jwks_endpoint("TODO").software_mode("TEST").software_redirect_uris(List.of()).org_status("Active").software_client_id("5f98223fc10e5100103e2c5a").iss("ForgeRock").software_jwks_endpoint("https://service.directory.dev-ob.forgerock.financial:8074/api/software-statement/5f98223fc10e5100103e2c5a/application/jwk_uri").software_id("5f98223fc10e5100103e2c5a").org_contacts(List.of()).build();
    Tpp tpp = mock(Tpp.class);
    given(tppStoreService.findByClientId(anyString())).willReturn(Optional.of(tpp));
    OIDCRegistrationResponse oidcRegistrationResponse = mock(OIDCRegistrationResponse.class);
    given(tpp.getRegistrationResponse()).willReturn(oidcRegistrationResponse);
    given(tpp.getDirectorySoftwareStatement()).willReturn(ssa);
    given(oidcRegistrationResponse.getJwks()).willReturn(null);
    given(oidcRegistrationResponse.getJwks_uri()).willReturn(null);
    given(cryptoApiClient.validateDetachedJWS(any(), any(), any(), any(), any())).willReturn(null);
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) DirectorySoftwareStatement(com.forgerock.openbanking.model.DirectorySoftwareStatement)

Example 2 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class TppRegistrationService method updateTpp.

public Tpp updateTpp(ApiClientIdentity clientIdentity, Tpp tpp, String token, RegistrationRequest oidcRegistrationRequest) throws DynamicClientRegistrationException {
    log.debug("updateTpp() Updating tpp '{}'", tpp.getClientId());
    log.debug("updateTpp() Sending the OAuth2 dynamic registration request to AM");
    OIDCRegistrationResponse oidcRegistrationResponse = amoidcRegistrationService.updateOIDCClient(token, oidcRegistrationRequest, tpp.getClientId());
    log.debug("updateTpp() Response from AM: {}", oidcRegistrationResponse);
    String ssaIssuer = oidcRegistrationRequest.getSsaIssuer();
    String directoryId = this.getDirectoryIdFromSsaIssuer(ssaIssuer);
    removeSecretIfNeeded(oidcRegistrationResponse);
    String officialName = getOrgSoftwareCombinedTppName(oidcRegistrationRequest, oidcRegistrationResponse);
    Tpp updatedTpp = Tpp.builder().created(tpp.getCreated()).id(tpp.getId()).certificateCn(tpp.getCertificateCn()).name(oidcRegistrationResponse.getClientName()).officialName(officialName).clientId(oidcRegistrationResponse.getClientId()).types(oidcRegistrationRequest.getSoftwareStatementRoles()).softwareId(oidcRegistrationRequest.getDirectorySoftwareStatement().getSoftware_id()).authorisationNumber(clientIdentity.getAuthorisationNumber().orElse(null)).directorySoftwareStatement(oidcRegistrationRequest.getDirectorySoftwareStatement()).tppRequest(oidcRegistrationRequest.toJson()).registrationResponse(oidcRegistrationResponse).directoryId(directoryId).build();
    updateTppMetrics(tpp, false);
    return tppStoreService.save(updatedTpp);
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)

Example 3 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class ManualOnboardingService method registerApplication.

public OIDCRegistrationResponse registerApplication(JwtAuthentication authentication, String aspspManualOnboardingEndpoint, ManualRegistrationRequest manualRegistrationRequest) {
    log.debug("registerApplication() called. aspspManualOnboardingEndpoint is '{}'", aspspManualOnboardingEndpoint);
    HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.set("userId", ((UserDetails) authentication.getPrincipal()).getUsername());
    try {
        String directoryID = authentication.getJwtClaimsSet().getStringClaim("directoryID");
        httpHeaders.set("directoryID", directoryID);
        if (directoryID == "EIDAS") {
            manualRegistrationRequest.setAppId(authentication.getJwtClaimsSet().getStringClaim("app_id"));
            manualRegistrationRequest.setOrganisationId(authentication.getJwtClaimsSet().getStringClaim("org_id"));
            manualRegistrationRequest.setPsd2Roles(authentication.getJwtClaimsSet().getStringClaim("psd2_roles"));
        }
    } catch (ParseException e) {
        log.error("Couldn't read claims from user context", e);
    }
    HttpEntity<ManualRegistrationRequest> request = new HttpEntity<>(manualRegistrationRequest, httpHeaders);
    return restTemplate.exchange(aspspManualOnboardingEndpoint, HttpMethod.POST, request, OIDCRegistrationResponse.class).getBody();
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) ManualRegistrationRequest(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest) HttpEntity(org.springframework.http.HttpEntity) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) ParseException(java.text.ParseException)

Example 4 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class ManualRegistrationApiController method ensurePrincipalOwnsTppRegistrations.

private void ensurePrincipalOwnsTppRegistrations(Collection<ManualRegistrationApplication> applications, Principal principal) throws OAuth2InvalidClientException {
    log.debug("ensurePrincipalOwnsTppRegistrations() checking that '{}' applications are owned by '{}'", applications.size(), principal.getName());
    for (ManualRegistrationApplication application : applications) {
        OIDCRegistrationResponse regResponse = application.getOidcRegistrationResponse();
        if (regResponse == null) {
            String errorString = "Failed to determine if MATLS client cert belongs to the TPP that owns the " + "application with id ";
            log.info("principalOwnsTppRegistration() {}'{}'", errorString, application.getId());
            throw new OAuth2InvalidClientException(errorString + application.getId() + "'");
        }
        String oauth2ClientId = regResponse.getClientId();
        Tpp tpp = tppRegistrationService.getTpp(oauth2ClientId);
        tppRegistrationService.ensureTppOwnsOidcRegistration(tpp, principal.getName());
    }
    log.debug("ensurePrincipalOwnsTppRegistrations() all application's OAuth2 clients owned by '{}'", principal.getName());
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) OAuth2InvalidClientException(com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException) ManualRegistrationApplication(com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)

Example 5 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class TestHelperFunctions method getValidTpp.

public static Tpp getValidTpp(String clientId, String tppName) {
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setRegistrationAccessToken("tpps-registration-access-token");
    Tpp tpp = new Tpp();
    tpp.setRegistrationResponse(registrationResponse);
    tpp.setClientId(clientId);
    tpp.setName(tppName);
    tpp.setAuthorisationNumber(tppName);
    return tpp;
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)

Aggregations

OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)22 Tpp (com.forgerock.openbanking.model.Tpp)19 Test (org.junit.Test)9 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 SignedJWT (com.nimbusds.jwt.SignedJWT)5 ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)4 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)4 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)3 X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)3 OBRIRole (com.forgerock.openbanking.model.OBRIRole)2 URI (java.net.URI)2 ParseException (java.text.ParseException)2 ParameterizedTypeReference (org.springframework.core.ParameterizedTypeReference)2 ResponseEntity (org.springframework.http.ResponseEntity)2 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)2 RoleOfPsp (com.forgerock.cert.psd2.RoleOfPsp)1 AMGateway (com.forgerock.openbanking.am.gateway.AMGateway)1 ManualRegistrationApplication (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)1 ManualRegistrationRequest (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest)1 RedirectionAction (com.forgerock.openbanking.common.model.rcs.RedirectionAction)1