Search in sources :

Example 41 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CheckNoClientIdFromClientConfigurationEndpoint method evaluate.

@Override
@PreEnvironment(required = "registration_client_endpoint_response")
public Environment evaluate(Environment env) {
    JsonElement clientId = env.getElementFromObject("registration_client_endpoint_response", "body_json.client_id");
    if (clientId != null) {
        throw error("'client_id' field found in response from client configuration endpoint, but the request was expected to fail.", args("client_id", clientId));
    }
    logSuccess("Client configuration endpoint did not return a client_id.");
    return env;
}
Also used : JsonElement(com.google.gson.JsonElement) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 42 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CheckJwksUriIsHostedOnOpenBankingDirectory method evaluate.

@Override
@PreEnvironment(required = "server")
public Environment evaluate(Environment env) {
    JsonElement server = super.getServerValueOrDie(env, "jwks_uri");
    URL theURL = super.extractURLOrDie(server);
    if (!theURL.getHost().equals(requiredHostname)) {
        throw error("JWKS URI is not hosted on the OpenBanking Directory. This is acceptable on a sandbox, but production systems must use an OpenBanking Directory hosted JWKS.", args("expected", requiredHostname, "actual", theURL.getHost()));
    } else {
        logSuccess("JWKS is hosted on the OpenBanking Directory", args("required", requiredHostname, "actual", theURL.getHost()));
    }
    return env;
}
Also used : JsonElement(com.google.gson.JsonElement) URL(java.net.URL) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 43 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class CheckDiscEndpointDiscoveryUrl method evaluate.

@Override
@PreEnvironment(required = "config")
public Environment evaluate(Environment env) {
    JsonElement configUrl = env.getElementFromObject(environmentBaseObject, environmentVariable);
    if (configUrl == null) {
        throw error("Unable to find Discovery URL", args("No discoveryUrl", env.getObject("config")));
    }
    if (!configUrl.isJsonPrimitive()) {
        throw error(errorMessageNotJsonPrimitive, args("Failure", configUrl));
    } else {
        try {
            String discoveryUrl = OIDFJSON.getString(configUrl);
            if (!discoveryUrl.endsWith("/.well-known/openid-configuration")) {
                throw error("discoveryUrl is missing '/.well-known/openid-configuration'", args("actual", discoveryUrl));
            }
            URL extractedUrl = new URL(discoveryUrl);
            if (!extractedUrl.getProtocol().equals(requiredProtocol)) {
                throw error(errorMessageNotRequiredProtocol, args("actual", extractedUrl.getProtocol(), "expected", requiredProtocol));
            }
            logSuccess("discoveryUrl", args("actual", configUrl));
        } catch (MalformedURLException invalidURL) {
            throw error(errorMessageInvalidURL, args("Failure", configUrl));
        }
    }
    return env;
}
Also used : MalformedURLException(java.net.MalformedURLException) JsonElement(com.google.gson.JsonElement) URL(java.net.URL) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 44 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class UnregisterDynamicallyRegisteredClient method evaluate.

@Override
@PreEnvironment(required = "client")
public Environment evaluate(Environment env) {
    String accessToken = env.getString("client", "registration_access_token");
    if (Strings.isNullOrEmpty(accessToken)) {
        log("Couldn't find registration_access_token.");
        return env;
    }
    String registrationClientUri = env.getString("client", "registration_client_uri");
    if (Strings.isNullOrEmpty(registrationClientUri)) {
        log("Couldn't find registration_client_uri.");
        return env;
    }
    try {
        RestTemplate restTemplate = createRestTemplate(env);
        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        headers.set("Authorization", "Bearer " + accessToken);
        HttpEntity<?> request = new HttpEntity<>(headers);
        try {
            ResponseEntity<?> response = restTemplate.exchange(registrationClientUri, HttpMethod.DELETE, request, String.class);
            if (response.getStatusCode() != HttpStatus.NO_CONTENT) {
                throw error("registration_client_uri returned a http status code other than 204 No Content", args("code", response.getStatusCode()));
            }
        } catch (RestClientResponseException e) {
            throw error("Error when calling registration_client_uri", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
        } catch (RestClientException e) {
            String msg = "Call to registration client uri " + registrationClientUri + " failed";
            if (e.getCause() != null) {
                msg += " - " + e.getCause().getMessage();
            }
            throw error(msg, e);
        }
    } catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
        throw error("Error creating HTTP Client", e);
    }
    logSuccess("Client successfully unregistered");
    return env;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpEntity(org.springframework.http.HttpEntity) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) KeyManagementException(java.security.KeyManagementException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RestTemplate(org.springframework.web.client.RestTemplate) RestClientException(org.springframework.web.client.RestClientException) RestClientResponseException(org.springframework.web.client.RestClientResponseException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Example 45 with PreEnvironment

use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.

the class UnregisterDynamicallyRegisteredClientExpectingFailure method evaluate.

@Override
@PreEnvironment(required = "client")
public Environment evaluate(Environment env) {
    String accessToken = env.getString("client", "registration_access_token");
    if (Strings.isNullOrEmpty(accessToken)) {
        throw error("Couldn't find registration_access_token.");
    }
    String registrationClientUri = env.getString("client", "registration_client_uri");
    if (Strings.isNullOrEmpty(registrationClientUri)) {
        throw error("Couldn't find registration_client_uri.");
    }
    try {
        RestTemplate restTemplate = createRestTemplate(env);
        restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {

            @Override
            public boolean hasError(ClientHttpResponse response) throws IOException {
                // status code meaning the rest of our code can handle http status codes how it likes
                return false;
            }
        });
        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        headers.setAcceptCharset(Collections.singletonList(StandardCharsets.UTF_8));
        headers.set("Authorization", "Bearer " + accessToken);
        HttpEntity<?> request = new HttpEntity<>(headers);
        try {
            ResponseEntity<?> response = restTemplate.exchange(registrationClientUri, HttpMethod.DELETE, request, String.class);
            if (response.getStatusCode() != HttpStatus.UNAUTHORIZED && response.getStatusCode() != HttpStatus.BAD_REQUEST) {
                throw error("registration_client_uri when called with an issue returned a http status code other than 400 Bad Request / 401 Unauthorized", args("code", response.getStatusCode()));
            }
        } catch (RestClientResponseException e) {
            throw error("Error when calling registration_client_uri", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
        } catch (RestClientException e) {
            if (e instanceof ResourceAccessException && (e.getCause() instanceof SSLException || e.getCause() instanceof SocketException)) {
                logSuccess("Call to registration_client_uri failed due to a TLS issue as expected", ex(e));
                return env;
            }
            String msg = "Call to registration client uri " + registrationClientUri + " failed";
            if (e.getCause() != null) {
                msg += " - " + e.getCause().getMessage();
            }
            throw error(msg, e);
        }
    } catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
        throw error("Error creating HTTP Client", e);
    }
    logSuccess("registration_client_uri returned 400 bad request or 401 unauthorized when called with a TLS issue");
    return env;
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) SocketException(java.net.SocketException) DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler) HttpEntity(org.springframework.http.HttpEntity) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) SSLException(javax.net.ssl.SSLException) ResourceAccessException(org.springframework.web.client.ResourceAccessException) KeyManagementException(java.security.KeyManagementException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RestTemplate(org.springframework.web.client.RestTemplate) RestClientException(org.springframework.web.client.RestClientException) RestClientResponseException(org.springframework.web.client.RestClientResponseException) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) ClientHttpResponse(org.springframework.http.client.ClientHttpResponse) PreEnvironment(net.openid.conformance.condition.PreEnvironment)

Aggregations

PreEnvironment (net.openid.conformance.condition.PreEnvironment)591 JsonObject (com.google.gson.JsonObject)469 PostEnvironment (net.openid.conformance.condition.PostEnvironment)379 JsonElement (com.google.gson.JsonElement)143 JsonArray (com.google.gson.JsonArray)74 Instant (java.time.Instant)40 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29 IOException (java.io.IOException)25 CertificateException (java.security.cert.CertificateException)24 ParseException (java.text.ParseException)24 KeyManagementException (java.security.KeyManagementException)20 KeyStoreException (java.security.KeyStoreException)20 UnrecoverableKeyException (java.security.UnrecoverableKeyException)20 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)20 RestClientException (org.springframework.web.client.RestClientException)20 RestTemplate (org.springframework.web.client.RestTemplate)20 JsonPrimitive (com.google.gson.JsonPrimitive)18 Date (java.util.Date)17 JWK (com.nimbusds.jose.jwk.JWK)13 JOSEException (com.nimbusds.jose.JOSEException)11