Search in sources :

Example 86 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class EnsureRedirectUriInRequestObjectMatchesOneOfClientRedirectUris method evaluate.

@Override
@PreEnvironment(required = { "client", "authorization_request_object" })
@PostEnvironment(strings = { "authorization_endpoint_request_redirect_uri" })
public Environment evaluate(Environment env) {
    // get the client ID from the configuration
    JsonArray redirectUris = env.getElementFromObject("client", "redirect_uris").getAsJsonArray();
    String actual = env.getString("authorization_request_object", "claims.redirect_uri");
    for (JsonElement redirUri : redirectUris) {
        String uriString = OIDFJSON.getString(redirUri);
        if (actual.equals(uriString)) {
            env.putString("authorization_endpoint_request_redirect_uri", actual);
            logSuccess("Redirect URI matched one of client redirect_uris", args("actual", Strings.nullToEmpty(actual)));
            return env;
        }
    }
    throw error("Redirect URI is not one of the registered ones for the client", args("expected", redirectUris, "actual", Strings.nullToEmpty(actual)));
}
Also used : JsonArray(com.google.gson.JsonArray) JsonElement(com.google.gson.JsonElement) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 87 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class CallAccountRequestsEndpointWithBearerToken method evaluate.

@Override
@PreEnvironment(required = { "access_token", "resource", "account_requests_endpoint_request", "resource_endpoint_request_headers" })
@PostEnvironment(required = { "resource_endpoint_response_headers", "account_requests_endpoint_response" })
public Environment evaluate(Environment env) {
    String accessToken = env.getString("access_token", "value");
    if (Strings.isNullOrEmpty(accessToken)) {
        throw error("Access token not found");
    }
    String tokenType = env.getString("access_token", "type");
    if (Strings.isNullOrEmpty(tokenType)) {
        throw error("Token type not found");
    } else if (!tokenType.equalsIgnoreCase("Bearer")) {
        throw error("Access token is not a bearer token", args("token_type", tokenType));
    }
    String resourceEndpoint = FAPIOBGetResourceEndpoint.getBaseResourceURL(env, FAPIOBGetResourceEndpoint.Endpoint.ACCOUNT_REQUESTS);
    if (Strings.isNullOrEmpty(resourceEndpoint)) {
        throw error("Resource endpoint not found");
    }
    // Check which OB API version is used in the configuration by inspecting the url
    // As per https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937656404/Read%2BWrite%2BData%2BAPI%2BSpecification%2B-%2Bv3.1
    // Resource URI Path Structure
    // The path of the URI must follow the structure below (from the OB API Release Management document).
    // [participant-path-prefix]/open-banking/[version]/[resource-group]/[resource]/[resource-id]/[sub-resource]
    // [version] The version of the APIs expressed as /v[major-version].[minor-version]/.
    String urlPath;
    if (resourceEndpoint.contains("/v3.")) {
        urlPath = ACCOUNT_REQUESTS_RESOURCE_V3;
        env.putInteger("ob_api_version", 3);
        log("Found '/v3.' in the resource url, using OB V3 API '" + urlPath + "'", args("resource_endpoint", resourceEndpoint));
    } else {
        urlPath = ACCOUNT_REQUESTS_RESOURCE_V2;
        env.putInteger("ob_api_version", 2);
        log("'/v3.' not found in the resource url, defaulting to OB V1/V2 API '" + urlPath + "'", args("resource_endpoint", resourceEndpoint));
    }
    JsonObject requestHeaders = env.getObject("resource_endpoint_request_headers");
    JsonObject requestObject = env.getObject("account_requests_endpoint_request");
    if (requestObject == null) {
        throw error("Couldn't find request object");
    }
    // Build the endpoint URL
    String accountRequestsUrl = UriComponentsBuilder.fromUriString(resourceEndpoint).path(urlPath).toUriString();
    try {
        RestTemplate restTemplate = createRestTemplate(env);
        HttpHeaders headers = headersFromJson(requestHeaders);
        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        headers.setContentType(MediaType.APPLICATION_JSON);
        headers.set("Authorization", "Bearer " + accessToken);
        HttpEntity<String> request = new HttpEntity<>(requestObject.toString(), headers);
        ResponseEntity<String> response = restTemplate.exchange(accountRequestsUrl, HttpMethod.POST, request, String.class);
        String jsonString = response.getBody();
        if (Strings.isNullOrEmpty(jsonString)) {
            throw error("Empty/missing response from the account requests endpoint");
        } else {
            log("Account requests endpoint response", args("account_requests_endpoint_response", jsonString));
            try {
                JsonElement jsonRoot = JsonParser.parseString(jsonString);
                if (jsonRoot == null || !jsonRoot.isJsonObject()) {
                    throw error("Account requests endpoint did not return a JSON object");
                }
                // lowercase incoming headers
                JsonObject responseHeaders = mapToJsonObject(response.getHeaders(), true);
                env.putObject("account_requests_endpoint_response", jsonRoot.getAsJsonObject());
                env.putObject("resource_endpoint_response_headers", responseHeaders);
                logSuccess("Parsed account requests endpoint response", args("body", jsonString, "headers", responseHeaders));
                return env;
            } catch (JsonParseException e) {
                throw error(e);
            }
        }
    } catch (RestClientResponseException e) {
        throw error("Error from the account requests endpoint", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
    } catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
        throw error("Error creating HTTP Client", e);
    } catch (RestClientException e) {
        String msg = "Call to account requests endpoint " + resourceEndpoint + " failed";
        if (e.getCause() != null) {
            msg += " - " + e.getCause().getMessage();
        }
        throw error(msg, e);
    }
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) JsonObject(com.google.gson.JsonObject) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) JsonParseException(com.google.gson.JsonParseException) KeyManagementException(java.security.KeyManagementException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) JsonElement(com.google.gson.JsonElement) RestTemplate(org.springframework.web.client.RestTemplate) RestClientException(org.springframework.web.client.RestClientException) RestClientResponseException(org.springframework.web.client.RestClientResponseException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 88 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class CallBackchannelAuthenticationEndpoint method evaluate.

@Override
@PreEnvironment(required = { "server", "backchannel_authentication_endpoint_request_form_parameters" })
@PostEnvironment(required = "backchannel_authentication_endpoint_response")
public Environment evaluate(Environment env) {
    final String endpointKey = "backchannel_authentication_endpoint";
    final String bcAuthEndpoint = env.getString(endpointKey) != null ? env.getString(endpointKey) : env.getString("server", endpointKey);
    if (bcAuthEndpoint == null) {
        throw error("Couldn't find backchannel authentication endpoint");
    }
    // build up the form
    JsonObject formJson = env.getObject("backchannel_authentication_endpoint_request_form_parameters");
    MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
    for (String key : formJson.keySet()) {
        form.add(key, OIDFJSON.getString(formJson.get(key)));
    }
    try {
        RestTemplate restTemplate = createRestTemplate(env);
        restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {

            @Override
            public boolean hasError(ClientHttpResponse response) throws IOException {
                // status code meaning the rest of our code can handle http status codes how it likes
                return false;
            }
        });
        HttpHeaders headers = headersFromJson(env.getObject("backchannel_authentication_endpoint_request_headers"));
        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(form, headers);
        String jsonString = null;
        try {
            ResponseEntity<String> response = restTemplate.postForEntity(bcAuthEndpoint, request, String.class);
            JsonObject responseHeaders = mapToJsonObject(response.getHeaders(), true);
            env.putObject("backchannel_authentication_endpoint_response_headers", responseHeaders);
            env.putInteger("backchannel_authentication_endpoint_response_http_status", response.getStatusCode().value());
            jsonString = response.getBody();
        } catch (RestClientResponseException e) {
            throw error("Error from the backchannel authentication endpoint", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
        } catch (RestClientException e) {
            String msg = "Call to backchannel authentication endpoint " + bcAuthEndpoint + " failed";
            if (e.getCause() != null) {
                msg += " - " + e.getCause().getMessage();
            }
            throw error(msg, e);
        }
        if (Strings.isNullOrEmpty(jsonString)) {
            throw error("Got an empty response from the backchannel authentication endpoint");
        } else {
            log("Backchannel Authentication endpoint response", args("backchannel_authentication_endpoint_response", jsonString));
            try {
                JsonElement jsonRoot = JsonParser.parseString(jsonString);
                if (jsonRoot == null || !jsonRoot.isJsonObject()) {
                    throw error("Backchannel Authentication Endpoint did not return a JSON object");
                }
                logSuccess("Parsed backchannel authentication endpoint response", jsonRoot.getAsJsonObject());
                env.putObject("backchannel_authentication_endpoint_response", jsonRoot.getAsJsonObject());
                return env;
            } catch (JsonParseException e) {
                throw error(e);
            }
        }
    } catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
        throw error("Error creating HTTP Client", e);
    }
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) JsonObject(com.google.gson.JsonObject) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JsonParseException(com.google.gson.JsonParseException) KeyManagementException(java.security.KeyManagementException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RestClientException(org.springframework.web.client.RestClientException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) MultiValueMap(org.springframework.util.MultiValueMap) LinkedMultiValueMap(org.springframework.util.LinkedMultiValueMap) DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) JsonElement(com.google.gson.JsonElement) RestTemplate(org.springframework.web.client.RestTemplate) RestClientResponseException(org.springframework.web.client.RestClientResponseException) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 89 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class AddPromptLoginToAuthorizationEndpointRequest method evaluate.

@Override
@PreEnvironment(required = "authorization_endpoint_request")
@PostEnvironment(required = "authorization_endpoint_request")
public Environment evaluate(Environment env) {
    JsonObject authorizationEndpointRequest = env.getObject("authorization_endpoint_request");
    authorizationEndpointRequest.addProperty("prompt", "login");
    env.putObject("authorization_endpoint_request", authorizationEndpointRequest);
    logSuccess("Added prompt=login to authorization endpoint request", authorizationEndpointRequest);
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 90 with PostEnvironment

use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.

the class AddPublicJwksToDynamicRegistrationRequest method evaluate.

@Override
@PreEnvironment(required = { "dynamic_registration_request", "client_public_jwks" })
@PostEnvironment(required = "dynamic_registration_request")
public Environment evaluate(Environment env) {
    JsonObject publicJwks = env.getObject("client_public_jwks");
    JsonObject dynamicRegistrationRequest = env.getObject("dynamic_registration_request");
    dynamicRegistrationRequest.add("jwks", publicJwks);
    env.putObject("dynamic_registration_request", dynamicRegistrationRequest);
    log("Added client public JWKS to dynamic registration request", args("dynamic_registration_request", dynamicRegistrationRequest));
    return env;
}
Also used : JsonObject(com.google.gson.JsonObject) PostEnvironment(net.openid.conformance.condition.PostEnvironment) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Aggregations

PostEnvironment (net.openid.conformance.condition.PostEnvironment)399 PreEnvironment (net.openid.conformance.condition.PreEnvironment)379 JsonObject (com.google.gson.JsonObject)372 JsonElement (com.google.gson.JsonElement)61 JsonArray (com.google.gson.JsonArray)49 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)22 Instant (java.time.Instant)21 ParseException (java.text.ParseException)17 CertificateException (java.security.cert.CertificateException)16 IOException (java.io.IOException)15 KeyManagementException (java.security.KeyManagementException)15 KeyStoreException (java.security.KeyStoreException)15 UnrecoverableKeyException (java.security.UnrecoverableKeyException)15 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)15 RestClientException (org.springframework.web.client.RestClientException)15 RestTemplate (org.springframework.web.client.RestTemplate)15 JOSEException (com.nimbusds.jose.JOSEException)9 JWK (com.nimbusds.jose.jwk.JWK)9 RestClientResponseException (org.springframework.web.client.RestClientResponseException)9 JWKSet (com.nimbusds.jose.jwk.JWKSet)7