Search in sources :

Example 1 with PSD2GrantType

use of com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method successful_updateClient.

@Test
public void successful_updateClient() throws InvalidPsd2EidasCertificate, OAuth2InvalidClientException, DynamicClientRegistrationException, OAuth2BearerTokenUsageMissingAuthInfoException, OAuth2BearerTokenUsageInvalidTokenException {
    // Given
    String clientId = "3105f70b-b417-427e-922d-7ba04d16278a";
    String authToken = "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
    String authTokenHeaderValue = "Bearer " + "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwia2lkIjoiRm9sN0lwZEtlTFptekt0Q0VnaTFMRGhTSXpNPSIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiIzMTA1ZjcwYi1iNDE3LTQyN2UtOTIyZC03YmEwNGQxNjI3OGEiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXVkaXRUcmFja2luZ0lkIjoiZTY2MDZiOGYtNDA2Ni00Y2U2LWIxZDAtYTQ1MzM0MDEzYjA5LTIwNTkiLCJpc3MiOiJodHRwczovL2FzLmFzcHNwLmRldi1vYi5mb3JnZXJvY2suZmluYW5jaWFsOjgwNzQvb2F1dGgyIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiMW9zekR5NTJxNlByUU51anpGVDhOT1U4U1VZIiwiYXVkIjoiMzEwNWY3MGItYjQxNy00MjdlLTkyMmQtN2JhMDRkMTYyNzhhIiwibmJmIjoxNjI2MzUxNzMxLCJzY29wZSI6W10sImF1dGhfdGltZSI6MTYyNjM1MTczMSwicmVhbG0iOiIvb3BlbmJhbmtpbmciLCJleHAiOjE2MjY0MzgxMzEsImlhdCI6MTYyNjM1MTczMSwiZXhwaXJlc19pbiI6ODY0MDAsImp0aSI6IldmYm13OGtkUFk1bEhZSldMa3lDS3RmekZ1NCJ9.vhH9AGDKbxK1R_tnq8_nOkIpPH7se68MxOC8y-Wq4SW4_ffMBj1ChkckU-q2wJ_4hh_l1sgdlCdkom_VQFvN9Q";
    Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    String directoryName = "ForgeRock";
    given(this.tppRegistrationService.validateSsaAgainstIssuingDirectoryJwksUri(anyString(), eq("ForgeRock"))).willReturn(directoryName);
    given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
    Tpp tpp = this.getValidTpp();
    tpp.setClientId("3105f70b-b417-427e-922d-7ba04d16278a");
    OIDCRegistrationResponse registrationResponse = new OIDCRegistrationResponse();
    registrationResponse.setRegistrationAccessToken(authToken);
    tpp.setRegistrationResponse(registrationResponse);
    given(tppRegistrationService.getTpp(clientId)).willReturn(tpp);
    given(tppRegistrationService.validateAccessTokenIsValidForOidcRegistration(tpp, authTokenHeaderValue)).willReturn(authToken);
    given(this.tppRegistrationService.updateTpp(any(ApiClientIdentity.class), eq(tpp), eq(authToken), any(RegistrationRequest.class))).willReturn(tpp);
    given(tokenExtractor.extract(authTokenHeaderValue)).willReturn(authToken);
    // when
    ResponseEntity<OIDCRegistrationResponse> response = dynamicRegistrationApiController.updateRegistration(clientId, authTokenHeaderValue, registrationRequestJwtSerialised, principal);
    assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
}
Also used : RoleOfPsp(com.forgerock.cert.psd2.RoleOfPsp) Tpp(com.forgerock.openbanking.model.Tpp) OIDCRegistrationResponse(com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse) PSD2GrantType(com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) ApiClientIdentity(com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity) RegistrationRequest(com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest) Test(org.junit.Test)

Example 2 with PSD2GrantType

use of com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType in project openbanking-aspsp by OpenBankingToolkit.

the class DynamicRegistrationApiControllerTest method failWithInvalidClientIfSoftwareStatementDoesNotBelongToApiClient_register.

@Test
public void failWithInvalidClientIfSoftwareStatementDoesNotBelongToApiClient_register() throws InvalidPsd2EidasCertificate {
    // Given
    Collection<? extends GrantedAuthority> authorities = new ArrayList<>(List.of(OBRIRole.ROLE_DATA, OBRIRole.ROLE_AISP, OBRIRole.ROLE_CBPII, OBRIRole.ROLE_EIDAS, new PSD2GrantType(new RoleOfPsp(Psd2Role.PSP_IC))));
    X509Authentication principal = testSpec.getPrincipal(authorities);
    String registrationRequestJwtSerial = testSpec.getRegRequestIssuedToDifferentTpp();
    // When
    OAuth2InvalidClientException exception = catchThrowableOfType(() -> dynamicRegistrationApiController.register(registrationRequestJwtSerial, principal), OAuth2InvalidClientException.class);
    assertThat(exception.getRfc6750ErrorCode()).isEqualTo(OAuth2Exception.INVALID_CLIENT);
}
Also used : RoleOfPsp(com.forgerock.cert.psd2.RoleOfPsp) PSD2GrantType(com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType) X509Authentication(com.forgerock.spring.security.multiauth.model.authentication.X509Authentication) Test(org.junit.Test)

Aggregations

RoleOfPsp (com.forgerock.cert.psd2.RoleOfPsp)2 X509Authentication (com.forgerock.spring.security.multiauth.model.authentication.X509Authentication)2 PSD2GrantType (com.forgerock.spring.security.multiauth.model.granttypes.PSD2GrantType)2 Test (org.junit.Test)2 ApiClientIdentity (com.forgerock.openbanking.common.services.onboarding.apiclient.ApiClientIdentity)1 RegistrationRequest (com.forgerock.openbanking.common.services.onboarding.registrationrequest.RegistrationRequest)1 Tpp (com.forgerock.openbanking.model.Tpp)1 OIDCRegistrationResponse (com.forgerock.openbanking.model.oidc.OIDCRegistrationResponse)1