Example 41 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckNoClientIdFromClientConfigurationEndpoint method evaluate.
@Override
@PreEnvironment(required = "registration_client_endpoint_response")
public Environment evaluate(Environment env) {
JsonElement clientId = env.getElementFromObject("registration_client_endpoint_response", "body_json.client_id");
if (clientId != null) {
throw error("'client_id' field found in response from client configuration endpoint, but the request was expected to fail.", args("client_id", clientId));
}
logSuccess("Client configuration endpoint did not return a client_id.");
return env;
}
Also used :
JsonElement(com.google.gson.JsonElement)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 42 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckJwksUriIsHostedOnOpenBankingDirectory method evaluate.
@Override
@PreEnvironment(required = "server")
public Environment evaluate(Environment env) {
JsonElement server = super.getServerValueOrDie(env, "jwks_uri");
URL theURL = super.extractURLOrDie(server);
if (!theURL.getHost().equals(requiredHostname)) {
throw error("JWKS URI is not hosted on the OpenBanking Directory. This is acceptable on a sandbox, but production systems must use an OpenBanking Directory hosted JWKS.", args("expected", requiredHostname, "actual", theURL.getHost()));
} else {
logSuccess("JWKS is hosted on the OpenBanking Directory", args("required", requiredHostname, "actual", theURL.getHost()));
}
return env;
}
Also used :
JsonElement(com.google.gson.JsonElement)
URL(java.net.URL)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 43 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class CheckDiscEndpointDiscoveryUrl method evaluate.
@Override
@PreEnvironment(required = "config")
public Environment evaluate(Environment env) {
JsonElement configUrl = env.getElementFromObject(environmentBaseObject, environmentVariable);
if (configUrl == null) {
throw error("Unable to find Discovery URL", args("No discoveryUrl", env.getObject("config")));
}
if (!configUrl.isJsonPrimitive()) {
throw error(errorMessageNotJsonPrimitive, args("Failure", configUrl));
} else {
try {
String discoveryUrl = OIDFJSON.getString(configUrl);
if (!discoveryUrl.endsWith("/.well-known/openid-configuration")) {
throw error("discoveryUrl is missing '/.well-known/openid-configuration'", args("actual", discoveryUrl));
}
URL extractedUrl = new URL(discoveryUrl);
if (!extractedUrl.getProtocol().equals(requiredProtocol)) {
throw error(errorMessageNotRequiredProtocol, args("actual", extractedUrl.getProtocol(), "expected", requiredProtocol));
}
logSuccess("discoveryUrl", args("actual", configUrl));
} catch (MalformedURLException invalidURL) {
throw error(errorMessageInvalidURL, args("Failure", configUrl));
}
}
return env;
}
Also used :
MalformedURLException(java.net.MalformedURLException)
JsonElement(com.google.gson.JsonElement)
URL(java.net.URL)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 44 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class UnregisterDynamicallyRegisteredClient method evaluate.
@Override
@PreEnvironment(required = "client")
public Environment evaluate(Environment env) {
String accessToken = env.getString("client", "registration_access_token");
if (Strings.isNullOrEmpty(accessToken)) {
log("Couldn't find registration_access_token.");
return env;
}
String registrationClientUri = env.getString("client", "registration_client_uri");
if (Strings.isNullOrEmpty(registrationClientUri)) {
log("Couldn't find registration_client_uri.");
return env;
}
try {
RestTemplate restTemplate = createRestTemplate(env);
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
headers.set("Authorization", "Bearer " + accessToken);
HttpEntity<?> request = new HttpEntity<>(headers);
try {
ResponseEntity<?> response = restTemplate.exchange(registrationClientUri, HttpMethod.DELETE, request, String.class);
if (response.getStatusCode() != HttpStatus.NO_CONTENT) {
throw error("registration_client_uri returned a http status code other than 204 No Content", args("code", response.getStatusCode()));
}
} catch (RestClientResponseException e) {
throw error("Error when calling registration_client_uri", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
} catch (RestClientException e) {
String msg = "Call to registration client uri " + registrationClientUri + " failed";
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
} catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
throw error("Error creating HTTP Client", e);
}
logSuccess("Client successfully unregistered");
return env;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
HttpEntity(org.springframework.http.HttpEntity)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
KeyManagementException(java.security.KeyManagementException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
RestTemplate(org.springframework.web.client.RestTemplate)
RestClientException(org.springframework.web.client.RestClientException)
RestClientResponseException(org.springframework.web.client.RestClientResponseException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Example 45 with PreEnvironment
use of net.openid.conformance.condition.PreEnvironment in project conformance-suite by openid-certification.
the class UnregisterDynamicallyRegisteredClientExpectingFailure method evaluate.
@Override
@PreEnvironment(required = "client")
public Environment evaluate(Environment env) {
String accessToken = env.getString("client", "registration_access_token");
if (Strings.isNullOrEmpty(accessToken)) {
throw error("Couldn't find registration_access_token.");
}
String registrationClientUri = env.getString("client", "registration_client_uri");
if (Strings.isNullOrEmpty(registrationClientUri)) {
throw error("Couldn't find registration_client_uri.");
}
try {
RestTemplate restTemplate = createRestTemplate(env);
restTemplate.setErrorHandler(new DefaultResponseErrorHandler() {
@Override
public boolean hasError(ClientHttpResponse response) throws IOException {
// status code meaning the rest of our code can handle http status codes how it likes
return false;
}
});
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
headers.setAcceptCharset(Collections.singletonList(StandardCharsets.UTF_8));
headers.set("Authorization", "Bearer " + accessToken);
HttpEntity<?> request = new HttpEntity<>(headers);
try {
ResponseEntity<?> response = restTemplate.exchange(registrationClientUri, HttpMethod.DELETE, request, String.class);
if (response.getStatusCode() != HttpStatus.UNAUTHORIZED && response.getStatusCode() != HttpStatus.BAD_REQUEST) {
throw error("registration_client_uri when called with an issue returned a http status code other than 400 Bad Request / 401 Unauthorized", args("code", response.getStatusCode()));
}
} catch (RestClientResponseException e) {
throw error("Error when calling registration_client_uri", args("code", e.getRawStatusCode(), "status", e.getStatusText(), "body", e.getResponseBodyAsString()));
} catch (RestClientException e) {
if (e instanceof ResourceAccessException && (e.getCause() instanceof SSLException || e.getCause() instanceof SocketException)) {
logSuccess("Call to registration_client_uri failed due to a TLS issue as expected", ex(e));
return env;
}
String msg = "Call to registration client uri " + registrationClientUri + " failed";
if (e.getCause() != null) {
msg += " - " + e.getCause().getMessage();
}
throw error(msg, e);
}
} catch (NoSuchAlgorithmException | KeyManagementException | CertificateException | InvalidKeySpecException | KeyStoreException | IOException | UnrecoverableKeyException e) {
throw error("Error creating HTTP Client", e);
}
logSuccess("registration_client_uri returned 400 bad request or 401 unauthorized when called with a TLS issue");
return env;
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
SocketException(java.net.SocketException)
DefaultResponseErrorHandler(org.springframework.web.client.DefaultResponseErrorHandler)
HttpEntity(org.springframework.http.HttpEntity)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SSLException(javax.net.ssl.SSLException)
ResourceAccessException(org.springframework.web.client.ResourceAccessException)
KeyManagementException(java.security.KeyManagementException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
RestTemplate(org.springframework.web.client.RestTemplate)
RestClientException(org.springframework.web.client.RestClientException)
RestClientResponseException(org.springframework.web.client.RestClientResponseException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
ClientHttpResponse(org.springframework.http.client.ClientHttpResponse)
PreEnvironment(net.openid.conformance.condition.PreEnvironment)
Aggregations
PreEnvironment (net.openid.conformance.condition.PreEnvironment)591
JsonObject (com.google.gson.JsonObject)469
PostEnvironment (net.openid.conformance.condition.PostEnvironment)379
JsonElement (com.google.gson.JsonElement)143
JsonArray (com.google.gson.JsonArray)74
Instant (java.time.Instant)40
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)29
IOException (java.io.IOException)25
CertificateException (java.security.cert.CertificateException)24
ParseException (java.text.ParseException)24
KeyManagementException (java.security.KeyManagementException)20
KeyStoreException (java.security.KeyStoreException)20
UnrecoverableKeyException (java.security.UnrecoverableKeyException)20
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)20
RestClientException (org.springframework.web.client.RestClientException)20
RestTemplate (org.springframework.web.client.RestTemplate)20
JsonPrimitive (com.google.gson.JsonPrimitive)18
Date (java.util.Date)17
JWK (com.nimbusds.jose.jwk.JWK)13
JOSEException (com.nimbusds.jose.JOSEException)11
