use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method failIfSsaIsHasSoftwareIdDifferentFromRequestObject_register.
@Test
public void failIfSsaIsHasSoftwareIdDifferentFromRequestObject_register() throws DynamicClientRegistrationException, InvalidPsd2EidasCertificate {
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
X509Authentication principal = testSpec.getPrincipal(authorities);
RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
String directoryName = "ForgeRock";
given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
Mockito.doThrow(new DynamicClientRegistrationException("blah", DynamicClientRegistrationErrorType.INVALID_SOFTWARE_STATEMENT)).when(this.tppRegistrationService).verifyTPPRegistrationRequestAgainstSSA(regRequest);
// when
DynamicClientRegistrationException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal), DynamicClientRegistrationException.class);
assertThat(exception.getErrorType()).isEqualTo(DynamicClientRegistrationErrorType.INVALID_SOFTWARE_STATEMENT);
}
use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method failWithInvalidClientIfSoftwareStatementDoesNotBelongToApiClient_register.
@Test
public void failWithInvalidClientIfSoftwareStatementDoesNotBelongToApiClient_register() throws InvalidPsd2EidasCertificate {
// Given
Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
X509Authentication principal = testSpec.getPrincipal(authorities);
String registrationRequestJwtSerial = testSpec.getRegRequestIssuedToDifferentTpp();
// When
OAuth2InvalidClientException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerial, principal), OAuth2InvalidClientException.class);
assertThat(exception.getRfc6750ErrorCode()).isEqualTo(OAuth2Exception.INVALID_CLIENT);
}
use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.
the class AccountsApiEndpointWrapperTest method testMatls_failMatlsCheck.
@Test
public void testMatls_failMatlsCheck() {
// Given
String authorisatioNumber = "PSDGB-OB-2345343";
String clientId = "clientId";
FRAccountRequest accountRequest = new FRAccountRequest();
accountRequest.setClientId(clientId);
wrapper.accountRequest = accountRequest;
Collection<? extends GrantedAuthority> authorities = Collections.emptyList();
Authentication authentication = new X509Authentication(authorisatioNumber, authorities, null);
wrapper.principal = authentication;
Tpp tpp = new Tpp();
tpp.setAuthorisationNumber("PSDGB-OB-45434324");
given(this.tppStoreService.findByClientId(clientId)).willReturn(Optional.of(tpp));
// Then
OBErrorException exception = catchThrowableOfType(() -> wrapper.verifyMatlsFromAccountRequest(), OBErrorException.class);
assertThat(exception.getObriErrorType()).isEqualTo(MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST);
}
use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.
the class AccountsApiEndpointWrapperTest method testMatls_failOauth2RegistrationDeleted.
@Test
public void testMatls_failOauth2RegistrationDeleted() {
// Given
String authorisatioNumber = "PSDGB-OB-2345343";
String clientId = "clientId";
FRAccountRequest accountRequest = new FRAccountRequest();
accountRequest.setClientId(clientId);
wrapper.accountRequest = accountRequest;
Collection<? extends GrantedAuthority> authorities = Collections.emptyList();
Authentication authentication = new X509Authentication(authorisatioNumber, authorities, null);
wrapper.principal = authentication;
given(this.tppStoreService.findByClientId(clientId)).willReturn(Optional.empty());
// Then
OBErrorException exception = catchThrowableOfType(() -> wrapper.verifyMatlsFromAccountRequest(), OBErrorException.class);
assertThat(exception.getObriErrorType()).isEqualTo(MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST);
}
use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.
the class DynamicRegistrationApiControllerTest method willRegisterIfCertHasBeenUsedToPreviouslyRegister_register.
@Test
public void willRegisterIfCertHasBeenUsedToPreviouslyRegister_register() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException {
// given
Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_AISP, OBRIRole.ROLE_AISP));
X509Authentication principal = testSpec.getPrincipal(authorities);
String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
Tpp tpp = new Tpp();
tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
registrationResponse.setRegistrationAccessToken(authToken);
tpp.setRegistrationResponse(registrationResponse);
given(tppStoreService.findByClientId("testname")).willReturn(Optional.of(tpp));
given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
// when
ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
// then
assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Aggregations