use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckNoClientIdFromClientConfigurationEndpoint method evaluate.
@Override
@PreEnvironment(required = "registration_client_endpoint_response")
public Environment evaluate(Environment env) {
JsonElement clientId = env.getElementFromObject("registration_client_endpoint_response", "body_json.client_id");
if (clientId != null) {
throw error("'client_id' field found in response from client configuration endpoint, but the request was expected to fail.", args("client_id", clientId));
}
logSuccess("Client configuration endpoint did not return a client_id.");
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckJwksUriIsHostedOnOpenBankingDirectory method evaluate.
@Override
@PreEnvironment(required = "server")
public Environment evaluate(Environment env) {
JsonElement server = super.getServerValueOrDie(env, "jwks_uri");
URL theURL = super.extractURLOrDie(server);
if (!theURL.getHost().equals(requiredHostname)) {
throw error("JWKS URI is not hosted on the OpenBanking Directory. This is acceptable on a sandbox, but production systems must use an OpenBanking Directory hosted JWKS.", args("expected", requiredHostname, "actual", theURL.getHost()));
} else {
logSuccess("JWKS is hosted on the OpenBanking Directory", args("required", requiredHostname, "actual", theURL.getHost()));
}
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckDiscEndpointDiscoveryUrl method evaluate.
@Override
@PreEnvironment(required = "config")
public Environment evaluate(Environment env) {
JsonElement configUrl = env.getElementFromObject(environmentBaseObject, environmentVariable);
if (configUrl == null) {
throw error("Unable to find Discovery URL", args("No discoveryUrl", env.getObject("config")));
}
if (!configUrl.isJsonPrimitive()) {
throw error(errorMessageNotJsonPrimitive, args("Failure", configUrl));
} else {
try {
String discoveryUrl = OIDFJSON.getString(configUrl);
if (!discoveryUrl.endsWith("/.well-known/openid-configuration")) {
throw error("discoveryUrl is missing '/.well-known/openid-configuration'", args("actual", discoveryUrl));
}
URL extractedUrl = new URL(discoveryUrl);
if (!extractedUrl.getProtocol().equals(requiredProtocol)) {
throw error(errorMessageNotRequiredProtocol, args("actual", extractedUrl.getProtocol(), "expected", requiredProtocol));
}
logSuccess("discoveryUrl", args("actual", configUrl));
} catch (MalformedURLException invalidURL) {
throw error(errorMessageInvalidURL, args("Failure", configUrl));
}
}
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class UnregisterDynamicallyRegisteredClient method evaluate.
@Override
@PreEnvironment(required = "client")
public Environment evaluate(Environment env) {
String accessToken = env.getString("client", "registration_access_token");
if (Strings.isNullOrEmpty(accessToken)) {
log("Couldn't find registration_access_token.");
return env;
}
String registrationClientUri = env.getString("client", "registration_client_uri");
if (Strings.isNullOrEmpty(registrationClientUri)) {
log("Couldn't find registration_client_uri.");
return env;
}
try {
RestTemplate restTemplate = createRestTemplate(env);
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
headers.set("Authorization", "Bearer " + accessToken);
HttpEntity<?> request = new HttpEntity<>(headers);
try {
ResponseEntity<?> response = restTemplate.exchange(registrationClientUri, HttpMethod.DELETE, request, String.class);
if (response.getStatusCode() != HttpStatus.NO_CONTENT) {
throw error("registration_client_uri returned a http status code other than 204 No Content", args("code", response.getStatusCode()));
}
} catch (RestClientResponseException e) {
throw error("Error when calling registration_client_uri", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
} catch (RestClientException e) {
String msg = "Call to registration client uri " + registrationClientUri + " failed";
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
} catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
throw error("Error creating HTTP Client", e);
}
logSuccess("Client successfully unregistered");
return env;
}
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class UnregisterDynamicallyRegisteredClientExpectingFailure method evaluate.
@Override
@PreEnvironment(required = "client")
public Environment evaluate(Environment env) {
String accessToken = env.getString("client", "registration_access_token");
if (Strings.isNullOrEmpty(accessToken)) {
throw error("Couldn't find registration_access_token.");
}
String registrationClientUri = env.getString("client", "registration_client_uri");
if (Strings.isNullOrEmpty(registrationClientUri)) {
throw error("Couldn't find registration_client_uri.");
}
try {
RestTemplate restTemplate = createRestTemplate(env);
restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
@Override
public boolean hasError(ClientHttpResponse response) throws IOException {
// status code meaning the rest of our code can handle http status codes how it likes
return false;
}
});
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
headers.setAcceptCharset(Collections.singletonList(StandardCharsets.UTF_8));
headers.set("Authorization", "Bearer " + accessToken);
HttpEntity<?> request = new HttpEntity<>(headers);
try {
ResponseEntity<?> response = restTemplate.exchange(registrationClientUri, HttpMethod.DELETE, request, String.class);
if (response.getStatusCode() != HttpStatus.UNAUTHORIZED && response.getStatusCode() != HttpStatus.BAD_REQUEST) {
throw error("registration_client_uri when called with an issue returned a http status code other than 400 Bad Request / 401 Unauthorized", args("code", response.getStatusCode()));
}
} catch (RestClientResponseException e) {
throw error("Error when calling registration_client_uri", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
} catch (RestClientException e) {
if (e instanceof ResourceAccessException && (e.getCause() instanceof SSLException || e.getCause() instanceof SocketException)) {
logSuccess("Call to registration_client_uri failed due to a TLS issue as expected", ex(e));
return env;
}
String msg = "Call to registration client uri " + registrationClientUri + " failed";
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
} catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
throw error("Error creating HTTP Client", e);
}
logSuccess("registration_client_uri returned 400 bad request or 401 unauthorized when called with a TLS issue");
return env;
}
Aggregations