Search in sources :

Example 6 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method shouldSucceed_register.

@Test
public void shouldSucceed_register() throws OAuth2InvalidClientException, DynamicClientRegistrationException, InvalidPsd2EidasCertificate, ApiClientException {
    Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    ApiClientIdentity apiClientIdentity = this.identityFactory.getApiClientIdentity(principal);
    String directoryName = "ForgeRock";
    given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
    RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
    Tpp tpp = new Tpp();
    tpp.setRegistrationResponse(new OIDCRegistrationResponse());
    given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
    // when
    ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) Test(org.junit.Test)

Example 7 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method successful_updateClient.

@Test
public void successful_updateClient() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException, OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2BearerTokenUsageInvalidTokenException {
    // Given
    String clientId = "3105f70b-b417-427e-922d-7ba04d16278a";
    String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
    String authTokenHeaderValue = "Bearer " + "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
    Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    String directoryName = "ForgeRock";
    given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
    given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
    Tpp tpp = this.getValidTpp();
    tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setRegistrationAccessToken(authToken);
    tpp.setRegistrationResponse(registrationResponse);
    given(tppRegistrationService.getTpp(clientId)).willReturn(tpp);
    given(tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authTokenHeaderValue)).willReturn(authToken);
    given(this.tppRegistrationService.updateTpp(any(ApiClientIdentity.class), eq(tpp), eq(authToken), any(RegistrationRequest.class))).willReturn(tpp);
    given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
    // when
    ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.updateRegistration(clientId, authTokenHeaderValue, registrationRequestJwtSerialised, principal);
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
}
Also used : RoleOfPsp(com.forgerock.cert.psd2.RoleOfPsp) Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) PSD2GrantType(com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) Test(org.junit.Test)

Example 8 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class AuthorisationApiControllerTest method shouldReturnRedirectActionWhenJwtScopesDoNotMatchQueryParamScope.

@Test
public void shouldReturnRedirectActionWhenJwtScopesDoNotMatchQueryParamScope() throws OBErrorException, OBErrorResponseException {
    // Given
    List<String> responseTypes = List.of("code id_token");
    given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
    String jwt = toEncodedSignedTestJwt("jwt/authorisation.jwt");
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setJwks_uri("url");
    Tpp tpp = new Tpp();
    tpp.setRegistrationResponse(registrationResponse);
    given(tppStoreService.findByClientId(this.clientId)).willReturn(Optional.of(tpp));
    // When
    ResponseEntity responseEntity = authorisationApiController.getAuthorisation(responseTypes.get(0), "98e119f6-196f-4296-98d4-f1a2f445bca2", "98e119f6-xxxx-yyyy-zzzz-f1a2f445bca2", null, "openid accounts", "https://www.google.com", jwt, true, null, null, null, null, null);
    // Then
    assertThat(responseEntity).isNotNull();
    assertThat(responseEntity.getHeaders().getLocation()).isNotNull();
    assertTrue(responseEntity.getHeaders().getLocation().toString().contains("error"));
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.Test)

Example 9 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class AuthorisationApiControllerTest method shouldGetAuthorisationGivenAllScopes.

@Test
public void shouldGetAuthorisationGivenAllScopes() throws OBErrorException, OBErrorResponseException, InvalidTokenException, ParseException, IOException {
    // Given
    String clientId = "98e119f6-196f-4296-98d4-f1a2f445bca2";
    List<String> responseTypes = List.of("code id_token");
    given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
    String jwt = toEncodedSignedTestJwt("jwt/authorisation.jwt");
    Tpp tpp = new Tpp();
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setJwks_uri("url");
    tpp.setRegistrationResponse(registrationResponse);
    given(tppStoreService.findByClientId(clientId)).willReturn(Optional.of(tpp));
    SignedJWT signedJwt = mock(SignedJWT.class);
    given(cryptoApiClient.validateJws(anyString(), anyString(), anyString())).willReturn(signedJwt);
    AMGateway amGateway = mock(AMGateway.class);
    given(amGatewayService.getAmGateway(jwt)).willReturn(amGateway);
    String state = "10d260bf-a7d9-444a-92d9-7b7a5f088208";
    String scopes = "openid accounts payments";
    given(headLessAuthorisationService.getAuthorisation(amGateway, responseTypes.get(0), clientId, state, null, scopes, null, jwt, null, null)).willReturn(new ResponseEntity(HttpStatus.FOUND));
    // When
    ResponseEntity responseEntity = authorisationApiController.getAuthorisation(responseTypes.get(0), clientId, null, null, scopes, null, jwt, true, null, null, null, null, null);
    // Then no exception
    assertThat(responseEntity).isNotNull();
    assertThat(responseEntity.getStatusCode()).isEqualTo(HttpStatus.FOUND);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) Tpp(com.forgerock.openbanking.model.Tpp) AMGateway(com.forgerock.openbanking.am.gateway.AMGateway) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.Test)

Example 10 with OIDCRegistrationResponse

use of com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse in project openbanking-aspsp by OpenBankingToolkit.

the class AuthorisationApiControllerTest method shouldNotThrowExceptionWhenNoUserInfo.

@Test
public void shouldNotThrowExceptionWhenNoUserInfo() throws OBErrorException, OBErrorResponseException, InvalidTokenException, ParseException, IOException {
    // Given
    String clientId = "98e119f6-196f-4296-98d4-f1a2f445bca2";
    List<String> responseTypes = List.of("code id_token");
    given(discoveryConfig.getSupportedResponseTypes()).willReturn(responseTypes);
    String jwt = toEncodedSignedTestJwt("jwt/authorisation-no-user-info.jwt");
    Tpp tpp = new Tpp();
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setJwks_uri("url");
    tpp.setRegistrationResponse(registrationResponse);
    given(tppStoreService.findByClientId(clientId)).willReturn(Optional.of(tpp));
    SignedJWT signedJwt = mock(SignedJWT.class);
    given(cryptoApiClient.validateJws(anyString(), anyString(), anyString())).willReturn(signedJwt);
    // When
    authorisationApiController.getAuthorisation(responseTypes.get(0), clientId, null, null, "payments openid accounts", null, jwt, true, null, null, null, null, null);
// Then no exception
}
Also used : Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SignedJWT(com.nimbusds.jwt.SignedJWT) Test(org.junit.Test)

Aggregations

OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)22 Tpp (com.forgerock.openbanking.model.Tpp)19 Test (org.junit.Test)9 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)6 SignedJWT (com.nimbusds.jwt.SignedJWT)5 ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)4 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)4 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)3 X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)3 OBRIRole (com.forgerock.openbanking.model.OBRIRole)2 URI (java.net.URI)2 ParseException (java.text.ParseException)2 ParameterizedTypeReference (org.springframework.core.ParameterizedTypeReference)2 ResponseEntity (org.springframework.http.ResponseEntity)2 UriComponentsBuilder (org.springframework.web.util.UriComponentsBuilder)2 RoleOfPsp (com.forgerock.cert.psd2.RoleOfPsp)1 AMGateway (com.forgerock.openbanking.am.gateway.AMGateway)1 ManualRegistrationApplication (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationApplication)1 ManualRegistrationRequest (com.forgerock.openbanking.common.model.onboarding.ManualRegistrationRequest)1 RedirectionAction (com.forgerock.openbanking.common.model.rcs.RedirectionAction)1