use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class EnsureRedirectUriInRequestObjectMatchesOneOfClientRedirectUris method evaluate.
@Override
@PreEnvironment(required = { "client", "authorization_request_object" })
@PostEnvironment(strings = { "authorization_endpoint_request_redirect_uri" })
public Environment evaluate(Environment env) {
// get the client ID from the configuration
JsonArray redirectUris = env.getElementFromObject("client", "redirect_uris").getAsJsonArray();
String actual = env.getString("authorization_request_object", "claims.redirect_uri");
for (JsonElement redirUri : redirectUris) {
String uriString = OIDFJSON.getString(redirUri);
if (actual.equals(uriString)) {
env.putString("authorization_endpoint_request_redirect_uri", actual);
logSuccess("Redirect URI matched one of client redirect_uris", args("actual", Strings.nullToEmpty(actual)));
return env;
}
}
throw error("Redirect URI is not one of the registered ones for the client", args("expected", redirectUris, "actual", Strings.nullToEmpty(actual)));
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class CallAccountRequestsEndpointWithBearerToken method evaluate.
@Override
@PreEnvironment(required = { "access_token", "resource", "account_requests_endpoint_request", "resource_endpoint_request_headers" })
@PostEnvironment(required = { "resource_endpoint_response_headers", "account_requests_endpoint_response" })
public Environment evaluate(Environment env) {
String accessToken = env.getString("access_token", "value");
if (Strings.isNullOrEmpty(accessToken)) {
throw error("Access token not found");
}
String tokenType = env.getString("access_token", "type");
if (Strings.isNullOrEmpty(tokenType)) {
throw error("Token type not found");
} else if (!tokenType.equalsIgnoreCase("Bearer")) {
throw error("Access token is not a bearer token", args("token_type", tokenType));
}
String resourceEndpoint = FAPIOBGetResourceEndpoint.getBaseResourceURL(env, FAPIOBGetResourceEndpoint.Endpoint.ACCOUNT_REQUESTS);
if (Strings.isNullOrEmpty(resourceEndpoint)) {
throw error("Resource endpoint not found");
}
// Check which OB API version is used in the configuration by inspecting the url
// As per https://openbanking.atlassian.net/wiki/spaces/DZ/pages/937656404/Read%2BWrite%2BData%2BAPI%2BSpecification%2B-%2Bv3.1
// Resource URI Path Structure
// The path of the URI must follow the structure below (from the OB API Release Management document).
// [participant-path-prefix]/open-banking/[version]/[resource-group]/[resource]/[resource-id]/[sub-resource]
// [version] The version of the APIs expressed as /v[major-version].[minor-version]/.
String urlPath;
if (resourceEndpoint.contains("/v3.")) {
urlPath = ACCOUNT_REQUESTS_RESOURCE_V3;
env.putInteger("ob_api_version", 3);
log("Found '/v3.' in the resource url, using OB V3 API '" + urlPath + "'", args("resource_endpoint", resourceEndpoint));
} else {
urlPath = ACCOUNT_REQUESTS_RESOURCE_V2;
env.putInteger("ob_api_version", 2);
log("'/v3.' not found in the resource url, defaulting to OB V1/V2 API '" + urlPath + "'", args("resource_endpoint", resourceEndpoint));
}
JsonObject requestHeaders = env.getObject("resource_endpoint_request_headers");
JsonObject requestObject = env.getObject("account_requests_endpoint_request");
if (requestObject == null) {
throw error("Couldn't find request object");
}
// Build the endpoint URL
String accountRequestsUrl = UriComponentsBuilder.fromUriString(resourceEndpoint).path(urlPath).toUriString();
try {
RestTemplate restTemplate = createRestTemplate(env);
HttpHeaders headers = headersFromJson(requestHeaders);
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
headers.setContentType(MediaType.APPLICATION_JSON);
headers.set("Authorization", "Bearer " + accessToken);
HttpEntity<String> request = new HttpEntity<>(requestObject.toString(), headers);
ResponseEntity<String> response = restTemplate.exchange(accountRequestsUrl, HttpMethod.POST, request, String.class);
String jsonString = response.getBody();
if (Strings.isNullOrEmpty(jsonString)) {
throw error("Empty/missing response from the account requests endpoint");
} else {
log("Account requests endpoint response", args("account_requests_endpoint_response", jsonString));
try {
JsonElement jsonRoot = JsonParser.parseString(jsonString);
if (jsonRoot == null || !jsonRoot.isJsonObject()) {
throw error("Account requests endpoint did not return a JSON object");
}
// lowercase incoming headers
JsonObject responseHeaders = mapToJsonObject(response.getHeaders(), true);
env.putObject("account_requests_endpoint_response", jsonRoot.getAsJsonObject());
env.putObject("resource_endpoint_response_headers", responseHeaders);
logSuccess("Parsed account requests endpoint response", args("body", jsonString, "headers", responseHeaders));
return env;
} catch (JsonParseException e) {
throw error(e);
}
}
} catch (RestClientResponseException e) {
throw error("Error from the account requests endpoint", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
} catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
throw error("Error creating HTTP Client", e);
} catch (RestClientException e) {
String msg = "Call to account requests endpoint " + resourceEndpoint + " failed";
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class CallBackchannelAuthenticationEndpoint method evaluate.
@Override
@PreEnvironment(required = { "server", "backchannel_authentication_endpoint_request_form_parameters" })
@PostEnvironment(required = "backchannel_authentication_endpoint_response")
public Environment evaluate(Environment env) {
final String endpointKey = "backchannel_authentication_endpoint";
final String bcAuthEndpoint = env.getString(endpointKey) != null ? env.getString(endpointKey) : env.getString("server", endpointKey);
if (bcAuthEndpoint == null) {
throw error("Couldn't find backchannel authentication endpoint");
}
// build up the form
JsonObject formJson = env.getObject("backchannel_authentication_endpoint_request_form_parameters");
MultiValueMap<String, String> form = new LinkedMultiValueMap<>();
for (String key : formJson.keySet()) {
form.add(key, OIDFJSON.getString(formJson.get(key)));
}
try {
RestTemplate restTemplate = createRestTemplate(env);
restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
@Override
public boolean hasError(ClientHttpResponse response) throws IOException {
// status code meaning the rest of our code can handle http status codes how it likes
return false;
}
});
HttpHeaders headers = headersFromJson(env.getObject("backchannel_authentication_endpoint_request_headers"));
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(form, headers);
String jsonString = null;
try {
ResponseEntity<String> response = restTemplate.postForEntity(bcAuthEndpoint, request, String.class);
JsonObject responseHeaders = mapToJsonObject(response.getHeaders(), true);
env.putObject("backchannel_authentication_endpoint_response_headers", responseHeaders);
env.putInteger("backchannel_authentication_endpoint_response_http_status", response.getStatusCode().value());
jsonString = response.getBody();
} catch (RestClientResponseException e) {
throw error("Error from the backchannel authentication endpoint", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
} catch (RestClientException e) {
String msg = "Call to backchannel authentication endpoint " + bcAuthEndpoint + " failed";
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
if (Strings.isNullOrEmpty(jsonString)) {
throw error("Got an empty response from the backchannel authentication endpoint");
} else {
log("Backchannel Authentication endpoint response", args("backchannel_authentication_endpoint_response", jsonString));
try {
JsonElement jsonRoot = JsonParser.parseString(jsonString);
if (jsonRoot == null || !jsonRoot.isJsonObject()) {
throw error("Backchannel Authentication Endpoint did not return a JSON object");
}
logSuccess("Parsed backchannel authentication endpoint response", jsonRoot.getAsJsonObject());
env.putObject("backchannel_authentication_endpoint_response", jsonRoot.getAsJsonObject());
return env;
} catch (JsonParseException e) {
throw error(e);
}
}
} catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
throw error("Error creating HTTP Client", e);
}
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class AddPromptLoginToAuthorizationEndpointRequest method evaluate.
@Override
@PreEnvironment(required = "authorization_endpoint_request")
@PostEnvironment(required = "authorization_endpoint_request")
public Environment evaluate(Environment env) {
JsonObject authorizationEndpointRequest = env.getObject("authorization_endpoint_request");
authorizationEndpointRequest.addProperty("prompt", "login");
env.putObject("authorization_endpoint_request", authorizationEndpointRequest);
logSuccess("Added prompt=login to authorization endpoint request", authorizationEndpointRequest);
return env;
}
use of net.openid.conformance.condition.PostEnvironment in project conformance-suite by openid-certification.
the class AddPublicJwksToDynamicRegistrationRequest method evaluate.
@Override
@PreEnvironment(required = { "dynamic_registration_request", "client_public_jwks" })
@PostEnvironment(required = "dynamic_registration_request")
public Environment evaluate(Environment env) {
JsonObject publicJwks = env.getObject("client_public_jwks");
JsonObject dynamicRegistrationRequest = env.getObject("dynamic_registration_request");
dynamicRegistrationRequest.add("jwks", publicJwks);
env.putObject("dynamic_registration_request", dynamicRegistrationRequest);
log("Added client public JWKS to dynamic registration request", args("dynamic_registration_request", dynamicRegistrationRequest));
return env;
}
Aggregations