Search in sources :

Example 6 with X509Authentication

use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method failIfSsaIsHasSoftwareIdDifferentFromRequestObject_register.

@Test
public void failIfSsaIsHasSoftwareIdDifferentFromRequestObject_register() throws DynamicClientRegistrationException, InvalidPsd2EidasCertificate {
    Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_ANONYMOUS, OBRIRole.UNREGISTERED_TPP, OBRIRole.ROLE_EIDAS));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    RegistrationRequest regRequest = registrationRequestFactory.getRegistrationRequestFromJwt(registrationRequestJwtSerialised);
    String directoryName = "ForgeRock";
    given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
    Mockito.doThrow(new DynamicClientRegistrationException("blah", DynamicClientRegistrationErrorType.INVALID_SOFTWARE_STATEMENT)).when(this.tppRegistrationService).verifyTPPRegistrationRequestAgainstSSA(regRequest);
    // when
    DynamicClientRegistrationException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal), DynamicClientRegistrationException.class);
    assertThat(exception.getErrorType()).isEqualTo(DynamicClientRegistrationErrorType.INVALID_SOFTWARE_STATEMENT);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) DynamicClientRegistrationException(com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) Test(org.junit.Test)

Example 7 with X509Authentication

use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method failWithInvalidClientIfSoftwareStatementDoesNotBelongToApiClient_register.

@Test
public void failWithInvalidClientIfSoftwareStatementDoesNotBelongToApiClient_register() throws InvalidPsd2EidasCertificate {
    // Given
    Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    String registrationRequestJwtSerial = testSpec.getRegRequestIssuedToDifferentTpp();
    // When
    OAuth2InvalidClientException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerial, principal), OAuth2InvalidClientException.class);
    assertThat(exception.getRfc6750ErrorCode()).isEqualTo(OAuth2Exception.INVALID_CLIENT);
}
Also used : RoleOfPsp(com.forgerock.cert.psd2.RoleOfPsp) PSD2GrantType(com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) Test(org.junit.Test)

Example 8 with X509Authentication

use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.

the class AccountsApiEndpointWrapperTest method testMatls_failMatlsCheck.

@Test
public void testMatls_failMatlsCheck() {
    // Given
    String authorisatioNumber = "PSDGB-OB-2345343";
    String clientId = "clientId";
    FRAccountRequest accountRequest = new FRAccountRequest();
    accountRequest.setClientId(clientId);
    wrapper.accountRequest = accountRequest;
    Collection<? extends GrantedAuthority> authorities = Collections.emptyList();
    Authentication authentication = new X509Authentication(authorisatioNumber, authorities, null);
    wrapper.principal = authentication;
    Tpp tpp = new Tpp();
    tpp.setAuthorisationNumber("PSDGB-OB-45434324");
    given(this.tppStoreService.findByClientId(clientId)).willReturn(Optional.of(tpp));
    // Then
    OBErrorException exception = catchThrowableOfType(() -> wrapper.verifyMatlsFromAccountRequest(), OBErrorException.class);
    assertThat(exception.getObriErrorType()).isEqualTo(MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST);
}
Also used : FRAccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountRequest) Tpp(com.forgerock.openbanking.model.Tpp) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) Authentication(org.springframework.security.core.Authentication) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) Test(org.junit.Test)

Example 9 with X509Authentication

use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.

the class AccountsApiEndpointWrapperTest method testMatls_failOauth2RegistrationDeleted.

@Test
public void testMatls_failOauth2RegistrationDeleted() {
    // Given
    String authorisatioNumber = "PSDGB-OB-2345343";
    String clientId = "clientId";
    FRAccountRequest accountRequest = new FRAccountRequest();
    accountRequest.setClientId(clientId);
    wrapper.accountRequest = accountRequest;
    Collection<? extends GrantedAuthority> authorities = Collections.emptyList();
    Authentication authentication = new X509Authentication(authorisatioNumber, authorities, null);
    wrapper.principal = authentication;
    given(this.tppStoreService.findByClientId(clientId)).willReturn(Optional.empty());
    // Then
    OBErrorException exception = catchThrowableOfType(() -> wrapper.verifyMatlsFromAccountRequest(), OBErrorException.class);
    assertThat(exception.getObriErrorType()).isEqualTo(MATLS_TPP_AUTHENTICATION_INVALID_FROM_ACCOUNT_REQUEST);
}
Also used : FRAccountRequest(com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountRequest) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) Authentication(org.springframework.security.core.Authentication) OBErrorException(com.forgerock.openbanking.exceptions.OBErrorException) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) Test(org.junit.Test)

Example 10 with X509Authentication

use of com.forgerock.spring.security.multiauth.model.authentication.X509Authentication in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method willRegisterIfCertHasBeenUsedToPreviouslyRegister_register.

@Test
public void willRegisterIfCertHasBeenUsedToPreviouslyRegister_register() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException {
    // given
    Collection<OBRIRole> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_AISP, OBRIRole.ROLE_AISP));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
    Tpp tpp = new Tpp();
    tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setRegistrationAccessToken(authToken);
    tpp.setRegistrationResponse(registrationResponse);
    given(tppStoreService.findByClientId("testname")).willReturn(Optional.of(tpp));
    given(this.tppRegistrationService.registerTpp(any(ApiClientIdentity.class), any(RegistrationRequest.class))).willReturn(tpp);
    // when
    ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.register(registrationRequestJwtSerialised, principal);
    // then
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CREATED);
}
Also used : OBRIRole(com.forgerock.openbanking.model.OBRIRole) Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) Test(org.junit.Test)

Aggregations

X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)11 Test (org.junit.Test)10 OBRIRole (com.forgerock.openbanking.model.OBRIRole)5 Tpp (com.forgerock.openbanking.model.Tpp)5 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)4 FRAccountRequest (com.forgerock.openbanking.common.model.openbanking.persistence.account.FRAccountRequest)3 ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)3 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)3 Authentication (org.springframework.security.core.Authentication)3 RoleOfPsp (com.forgerock.cert.psd2.RoleOfPsp)2 DynamicClientRegistrationException (com.forgerock.openbanking.common.error.exception.dynamicclientregistration.DynamicClientRegistrationException)2 OBErrorException (com.forgerock.openbanking.exceptions.OBErrorException)2 PSD2GrantType (com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType)2 Psd2CertInfo (com.forgerock.cert.Psd2CertInfo)1 OAuth2InvalidClientException (com.forgerock.openbanking.common.error.exception.oauth2.OAuth2InvalidClientException)1 PSD2Authentication (com.forgerock.spring.security.multiauth.model.authentication.PSD2Authentication)1