private async Task <ApiResponseType> PostDomesticPayment <ApiRequestType, ApiResponseType>( ApiRequestType payment, ApiProfile apiProfile, SoftwareStatementProfile softwareStatementProfile, BankClientProfile bankClientProfile, TokenEndpointResponse tokenEndpointResponse) where ApiRequestType : class where ApiResponseType : class { string payloadJson = JsonConvert.SerializeObject(payment); UriBuilder ub = new UriBuilder(new Uri(apiProfile.BaseUrl + "/domestic-payments")); List <HttpHeader> headers = CreateRequestHeaders( softwareStatement: softwareStatementProfile, payment: payment, client: bankClientProfile, tokenEndpointResponse: tokenEndpointResponse); return(await new HttpRequestBuilder() .SetMethod(HttpMethod.Post) .SetUri(ub.Uri) .SetHeaders(headers) .SetContentType("application/json") .SetContent(payloadJson) .Create() .RequestJsonAsync <ApiResponseType>(client: _apiClient, requestContentIsJson: true)); }
public async Task CreateAsync(AuthorisationCallbackDataPublic redirectData) { redirectData.ArgNotNull(nameof(redirectData)); // Load relevant data objects DomesticConsent consent = (await _domesticConsentRepo.GetAsync(dc => dc.State == redirectData.Response.State)) .FirstOrDefault() ?? throw new KeyNotFoundException( $"Consent with redirect state '{redirectData.Response.State}' not found."); ApiProfile apiProfile = await _apiProfileRepo.GetAsync(consent.ApiProfileId) ?? throw new KeyNotFoundException("API profile cannot be found."); BankClientProfile bankClientProfile = await _openBankingClientRepo.GetAsync(apiProfile.BankClientProfileId) ?? throw new KeyNotFoundException("Bank client profile cannot be found."); SoftwareStatementProfile softwareStatementProfile = _softwareStatementProfileService.GetSoftwareStatementProfile( bankClientProfile.SoftwareStatementProfileId); // Obtain token for consent string redirectUrl = softwareStatementProfile.DefaultFragmentRedirectUrl; TokenEndpointResponse tokenEndpointResponse = await PostAuthCodeGrant( authCode : redirectData.Response.Code, redirectUrl : redirectUrl, client : bankClientProfile); // Update consent with token consent.TokenEndpointResponse = tokenEndpointResponse; await _dbContextService.SaveChangesAsync(); }
private static List <HttpHeader> CreateRequestHeaders <ApiRequestType>( SoftwareStatementProfile softwareStatement, ApiRequestType payment, BankClientProfile client, TokenEndpointResponse tokenEndpointResponse) where ApiRequestType : class { JwtFactory jwtFactory = new JwtFactory(); string jwt = jwtFactory.CreateJwt( profile: softwareStatement, claims: payment, useOpenBankingJwtHeaders: true); string[] jwsComponents = jwt.Split('.'); string jwsSig = $"{jwsComponents[0]}..{jwsComponents[2]}"; List <HttpHeader> headers = new List <HttpHeader> { new HttpHeader(name: "x-fapi-financial-id", value: client.XFapiFinancialId), new HttpHeader(name: "Authorization", value: "Bearer " + tokenEndpointResponse.AccessToken), new HttpHeader(name: "x-idempotency-key", value: Guid.NewGuid().ToString()), new HttpHeader(name: "x-jws-signature", value: jwsSig) }; return(headers); }
public void GlobalSetup() { _entityMapper = new EntityMapper(); _dataInitiation = CreateDataInitiation(); _risk = CreateRisk(); _domesticConsent = CreateDomesticConsent(); _softwareStatement = CreateSoftwareStatement(); _client = CreateClient(); }
private async Task <BankClientProfile> PersistOpenBankingClientProfile( BankClientProfile value, string openBankingClientId) { value.Id = Guid.NewGuid().ToString(); value.State = "ok"; await _bankClientProfileRepo.UpsertAsync(value); return(value); }
private async Task <BankClientProfile> PersistOpenBankingClient( BankClientProfile value, OpenIdConfiguration openIdConfiguration, OpenBankingClientRegistrationClaims registrationClaims, BankClientRegistrationData openBankingRegistrationData) { value.State = "ok"; value.OpenIdConfiguration = openIdConfiguration; value.BankClientRegistrationClaims = _mapper.Map <BankClientRegistrationClaims>(registrationClaims); value.BankClientRegistrationData = openBankingRegistrationData; await _bankClientProfileRepo.UpsertAsync(value); return(value); }
protected override void ProcessRecord() { BankClientProfile output = new BankClientProfile { Id = Id, SoftwareStatementProfileId = SoftwareStatementProfileId, IssuerUrl = IssuerUrl, XFapiFinancialId = XFapiFinancialId, OpenIdConfigurationOverrides = null, HttpMtlsConfigurationOverrides = null, BankClientRegistrationClaimsOverrides = BankClientRegistrationClaimsOverrides, BankClientRegistrationDataOverrides = null }; WriteObject(output); }
public Property DeleteAsync_KnownId_ReturnsItem(StringNotNullAndContainsNoNulls id, BankClientProfile value) { Func <bool> rule = () => { value.Id = id.Item; BankClientProfile _ = _repo.UpsertAsync(value).Result; _dbMultiEntityMethods.SaveChangesAsync().Wait(); _repo.RemoveAsync(value).Wait(); _dbMultiEntityMethods.SaveChangesAsync().Wait(); return(_repo.GetAsync(id.Item).Result == null); }; return(rule.When(value != null)); }
public Property GetAsync_KnownId_ReturnsItem(StringNotNullAndContainsNoNulls id) { Func <bool> rule = () => { BankClientProfile value = new BankClientProfile { Id = id.Item }; BankClientProfile _ = _repo.UpsertAsync(value).GetAwaiter().GetResult(); _dbMultiEntityMethods.SaveChangesAsync().Wait(); return(_repo.GetAsync(id.Item).Result.Id == id.Item); }; return(rule.ToProperty()); }
public async Task <IActionResult> ClientProfilesPostAsync([FromBody] BankClientProfile request) { BankClientProfileFluentResponse?clientResp = await _obRequestBuilder.BankClientProfile() .Data(request) .SubmitAsync(); BankClientProfileHttpResponse?result = new BankClientProfileHttpResponse( data: clientResp.Data, messages: clientResp.ToMessagesResponse()); return(clientResp.HasErrors ? new BadRequestObjectResult(result.Messages) as IActionResult : new ObjectResult(result) { StatusCode = StatusCodes.Status201Created }); }
public static OAuth2RequestObjectClaims CreateOAuth2RequestObjectClaims( BankClientProfile openBankingClient, string redirectUrl, string[] scope, string intentId) { OAuth2RequestObjectClaims oAuth2RequestObjectClaims = new OAuth2RequestObjectClaims { Iss = openBankingClient.BankClientRegistrationData.ClientId, Aud = openBankingClient.IssuerUrl, Jti = Guid.NewGuid().ToString(), ResponseType = "code id_token", ClientId = openBankingClient.BankClientRegistrationData.ClientId, RedirectUri = redirectUrl, Scope = scope.JoinString(" "), MaxAge = 86400, Claims = new OAuth2RequestObjectInnerClaims(intentId) }; return(oAuth2RequestObjectClaims); }
public Property SetAsync_KnownId_ElementReplaced( StringNotNullAndContainsNoNulls id, BankClientProfile value, BankClientProfile value2) { Func <bool> rule = () => { value.Id = id.Item; value2.Id = id.Item; BankClientProfile _ = _repo.UpsertAsync(value).Result; BankClientProfile __ = _repo.UpsertAsync(value2).Result; _dbMultiEntityMethods.SaveChangesAsync().Wait(); BankClientProfile item = _repo.GetAsync(id.Item).Result; return(item.Id == id.Item && item.XFapiFinancialId == value2.XFapiFinancialId); }; // Run test avoiding C null character return(rule.When( value != null && value2 != null && value.XFapiFinancialId != value2.XFapiFinancialId)); }
private async Task <ApiResponseType> PostDomesticConsent <ApiRequestType, ApiResponseType>( JwtFactory jwtFactory, SoftwareStatementProfile softwareStatementProfile, ApiRequestType consent, ApiProfile apiProfile, BankClientProfile bankClientProfile, TokenEndpointResponse tokenEndpointResponse) where ApiRequestType : class where ApiResponseType : class { string jwt = jwtFactory.CreateJwt( profile: softwareStatementProfile, claims: consent, useOpenBankingJwtHeaders: true); string[] jwsComponents = jwt.Split('.'); string jwsSignature = $"{jwsComponents[0]}..{jwsComponents[2]}"; UriBuilder ub = new UriBuilder(new Uri(apiProfile.BaseUrl + "/domestic-payment-consents")); string payloadJson = JsonConvert.SerializeObject(consent); List <HttpHeader> headers = new List <HttpHeader> { new HttpHeader(name: "x-fapi-financial-id", value: bankClientProfile.XFapiFinancialId), new HttpHeader(name: "Authorization", value: "Bearer " + tokenEndpointResponse.AccessToken), new HttpHeader(name: "x-idempotency-key", value: Guid.NewGuid().ToString()), new HttpHeader(name: "x-jws-signature", value: jwsSignature) }; return(await new HttpRequestBuilder() .SetMethod(HttpMethod.Post) .SetUri(ub.Uri) .SetHeaders(headers) .SetContentType("application/json") .SetContent(payloadJson) .Create() .RequestJsonAsync <ApiResponseType>(client: _apiClient, requestContentIsJson: true)); }
public async Task <BankClientProfileResponse> CreateAsync(BankClientProfilePublic bankClientProfile) { bankClientProfile.ArgNotNull(nameof(bankClientProfile)); // Load relevant objects SoftwareStatementProfile softwareStatementProfile = _softwareStatementProfileService.GetSoftwareStatementProfile( bankClientProfile.SoftwareStatementProfileId); // STEP 1 // Compute claims associated with Open Banking client // Get OpenID Connect configuration info OpenIdConfiguration openIdConfiguration = await GetOpenIdConfigurationAsync(bankClientProfile.IssuerUrl); new OpenBankingOpenIdConfigurationResponseValidator().Validate(openIdConfiguration) .RaiseErrorOnValidationError(); // Create claims for client reg OpenBankingClientRegistrationClaims registrationClaims = Factories.CreateRegistrationClaims( issuerUrl: bankClientProfile.IssuerUrl, sProfile: softwareStatementProfile, concatScopes: false); BankClientRegistrationClaimsOverrides registrationClaimsOverrides = bankClientProfile.BankClientRegistrationClaimsOverrides; if (!(registrationClaimsOverrides is null)) { if (!(registrationClaimsOverrides.RequestAudience is null)) { registrationClaims.Aud = registrationClaimsOverrides.RequestAudience; } } BankClientRegistrationClaims persistentRegistrationClaims = _mapper.Map <BankClientRegistrationClaims>(registrationClaims); // STEP 2 // Check for existing Open Banking client for issuer URL // If we have an Open Banking client with the same issuer URL we will check if the claims match. // If they do, we will re-use this client. // Otherwise we will return an error as only support a single client per issuer URL at present. IQueryable <BankClientProfile> clientList = await _bankClientProfileRepo .GetAsync(c => c.IssuerUrl == bankClientProfile.IssuerUrl); BankClientProfile existingClient = clientList .SingleOrDefault(); if (existingClient is object) { if (existingClient.BankClientRegistrationClaims != persistentRegistrationClaims) { throw new Exception( "There is already a client for this issuer URL but it cannot be re-used because claims are different."); } } // STEP 3 // Create new Open Banking client by posting JWT BankClientProfile client; if (existingClient is null) { JwtFactory jwtFactory = new JwtFactory(); string jwt = jwtFactory.CreateJwt( profile: softwareStatementProfile, claims: registrationClaims, useOpenBankingJwtHeaders: false); OpenBankingClientRegistrationResponse registrationResponse = await new HttpRequestBuilder() .SetMethod(HttpMethod.Post) .SetUri(openIdConfiguration.RegistrationEndpoint) .SetContent(jwt) .SetContentType("application/jwt") .Create() .RequestJsonAsync <OpenBankingClientRegistrationResponse>( client: _apiClient, requestContentIsJson: false); BankClientRegistrationData openBankingClientResponse = new BankClientRegistrationData { ClientId = registrationResponse.ClientId, ClientIdIssuedAt = registrationResponse.ClientIdIssuedAt, ClientSecret = registrationResponse.ClientSecret, ClientSecretExpiresAt = registrationResponse.ClientSecretExpiresAt }; // Create and store Open Banking client BankClientProfile newClient = _mapper.Map <BankClientProfile>(bankClientProfile); client = await PersistOpenBankingClient( value : newClient, openIdConfiguration : openIdConfiguration, registrationClaims : registrationClaims, openBankingRegistrationData : openBankingClientResponse); await _dbMultiEntityMethods.SaveChangesAsync(); } else { client = existingClient; } // Return return(new BankClientProfileResponse(client)); }
private async Task <TokenEndpointResponse> PostClientCredentialsGrant(string scope, BankClientProfile client) { UriBuilder ub = new UriBuilder(new Uri(client.OpenIdConfiguration.TokenEndpoint)); // Assemble URL-encoded form data string authHeader = null; Dictionary <string, string> keyValuePairs = new Dictionary <string, string> { { "grant_type", "client_credentials" }, { "scope", scope } }; if (client.BankClientRegistrationClaims.TokenEndpointAuthMethod == "tls_client_auth") { keyValuePairs["client_id"] = client.BankClientRegistrationData.ClientId; } else if (client.BankClientRegistrationClaims.TokenEndpointAuthMethod == "client_secret_basic") { client.BankClientRegistrationData.ClientSecret.InvalidOpOnNull("No client secret available."); string authString = client.BankClientRegistrationData.ClientId + ":" + client.BankClientRegistrationData.ClientSecret; byte[] plainTextBytes = Encoding.UTF8.GetBytes(authString); authHeader = "Basic " + Convert.ToBase64String(plainTextBytes); } else { if (client.BankClientRegistrationClaims.TokenEndpointAuthMethod == "tls_client_auth") { throw new InvalidOperationException("Found unsupported TokenEndpointAuthMethod"); } } string content = keyValuePairs.ToUrlEncoded(); // Assemble headers List <HttpHeader> headers = new List <HttpHeader> { new HttpHeader(name: "x-fapi-financial-id", value: client.XFapiFinancialId) }; if (authHeader != null) { headers.Add(new HttpHeader(name: "Authorization", value: authHeader)); } return(await new HttpRequestBuilder() .SetMethod(HttpMethod.Post) .SetUri(ub.Uri) .SetHeaders(headers) .SetContentType("application/x-www-form-urlencoded") .SetContent(content) .Create() .RequestJsonAsync <TokenEndpointResponse>(client: _apiClient, requestContentIsJson: false)); }
public static BankClientProfileContext Data(this BankClientProfileContext context, BankClientProfile value) { context.ArgNotNull(nameof(context)); value.ArgNotNull(nameof(value)); context.Data = value; return(context); }
public async Task <PaymentConsentResponse> CreateAsync(DomesticPaymentConsent consent) { consent.ArgNotNull(nameof(consent)); // Load relevant objects ApiProfile apiProfile = await _apiProfileRepo.GetAsync(consent.ApiProfileId) ?? throw new KeyNotFoundException("The API Profile does not exist."); BankClientProfile bankClientProfile = await _bankClientProfileRepo.GetAsync(apiProfile.BankClientProfileId) ?? throw new KeyNotFoundException( "The Bank Client Profile does not exist."); SoftwareStatementProfile softwareStatementProfile = _softwareStatementProfileService.GetSoftwareStatementProfile( bankClientProfile.SoftwareStatementProfileId); // Get client credentials grant (we will not cache token for now but simply use to POST consent) TokenEndpointResponse tokenEndpointResponse = await PostClientCredentialsGrant(scope : "payments", client : bankClientProfile); // TODO: validate the response??? // Create new Open Banking consent by posting JWT JwtFactory jwtFactory = new JwtFactory(); OBWriteDomesticConsentResponse4 consentResponse; switch (apiProfile.ApiVersion) { case ApiVersion.V3P1P1: OBWriteDomesticConsent2 newDomesticConsent = _mapper.Map <OBWriteDomesticConsent2>(consent.DomesticConsent); OBWriteDomesticConsentResponse2 rawConsentResponse = await PostDomesticConsent <OBWriteDomesticConsent2, OBWriteDomesticConsentResponse2>( jwtFactory : jwtFactory, softwareStatementProfile : softwareStatementProfile, consent : newDomesticConsent, apiProfile : apiProfile, bankClientProfile : bankClientProfile, tokenEndpointResponse : tokenEndpointResponse); consentResponse = _mapper.Map <OBWriteDomesticConsentResponse4>(rawConsentResponse); break; case ApiVersion.V3P1P2: throw new ArgumentOutOfRangeException(); case ApiVersion.V3P1P4: consentResponse = await PostDomesticConsent <OBWriteDomesticConsent4, OBWriteDomesticConsentResponse4>( jwtFactory : jwtFactory, softwareStatementProfile : softwareStatementProfile, consent : consent.DomesticConsent, apiProfile : apiProfile, bankClientProfile : bankClientProfile, tokenEndpointResponse : tokenEndpointResponse); break; default: throw new ArgumentOutOfRangeException(); } // Generate URL for user auth string consentId = consentResponse.Data.ConsentId; string redirectUrl = softwareStatementProfile.DefaultFragmentRedirectUrl; if (redirectUrl == "") { redirectUrl = bankClientProfile.BankClientRegistrationClaims.RedirectUris[0]; } OAuth2RequestObjectClaims oAuth2RequestObjectClaims = Factories.CreateOAuth2RequestObjectClaims( openBankingClient: bankClientProfile, redirectUrl: redirectUrl, scope: new[] { "openid", "payments" }, intentId: consentId); string requestObjectJwt = jwtFactory.CreateJwt( profile: softwareStatementProfile, claims: oAuth2RequestObjectClaims, useOpenBankingJwtHeaders: false); Dictionary <string, string> keyValuePairs = new Dictionary <string, string> { { "response_type", oAuth2RequestObjectClaims.ResponseType }, { "client_id", oAuth2RequestObjectClaims.ClientId }, { "redirect_uri", oAuth2RequestObjectClaims.RedirectUri }, { "scope", oAuth2RequestObjectClaims.Scope }, { "request", requestObjectJwt }, { "nonce", oAuth2RequestObjectClaims.Nonce }, { "state", oAuth2RequestObjectClaims.State } }; string queryString = keyValuePairs.ToUrlEncoded(); string authUrl = bankClientProfile.OpenIdConfiguration.AuthorizationEndpoint + "?" + queryString; // Create and store persistent object string domesticConsentId = Guid.NewGuid().ToString(); DomesticConsent value = new DomesticConsent { State = oAuth2RequestObjectClaims.State, SoftwareStatementProfileId = bankClientProfile.SoftwareStatementProfileId, IssuerUrl = bankClientProfile.IssuerUrl, ApiProfileId = apiProfile.Id, ObWriteDomesticConsent = consent.DomesticConsent, TokenEndpointResponse = null, Id = domesticConsentId, BankId = consentId }; await _domesticConsentRepo.UpsertAsync(value); await _dbMultiEntityMethods.SaveChangesAsync(); return(new PaymentConsentResponse { AuthUrl = authUrl, ConsentId = domesticConsentId }); }
public async Task <OBWriteDomesticResponse4> CreateAsync(string consentId) { // Load relevant data objects DomesticConsent consent = await _domesticConsentRepo.GetAsync(consentId) ?? throw new KeyNotFoundException("The Consent does not exist."); ApiProfile apiProfile = await _apiProfileRepo.GetAsync(consent.ApiProfileId) ?? throw new KeyNotFoundException("The API Profile does not exist."); BankClientProfile bankClientProfile = await _openBankingClientRepo.GetAsync(apiProfile.BankClientProfileId) ?? throw new KeyNotFoundException( "The Bank Client Profile does not exist."); SoftwareStatementProfile softwareStatementProfile = _softwareStatementProfileService.GetSoftwareStatementProfile( bankClientProfile.SoftwareStatementProfileId); TokenEndpointResponse tokenEndpointResponse = _mapper.Map <TokenEndpointResponse>(consent.TokenEndpointResponse); // Create new Open Banking payment by posting JWT OBWriteDomesticConsent4 obConsent = consent.ObWriteDomesticConsent; OBWriteDomestic2 referencePayment = new OBWriteDomestic2 { Data = new OBWriteDomestic2Data { ConsentId = consent.BankId, Initiation = obConsent.Data.Initiation }, Risk = obConsent.Risk }; // Create new Open Banking payment by posting JWT OBWriteDomesticResponse4 paymentResponse; switch (apiProfile.ApiVersion) { case ApiVersion.V3P1P1: ObModels.PaymentInitiation.V3p1p1.Model.OBWriteDomestic2 newPayment = _mapper.Map <ObModels.PaymentInitiation.V3p1p1.Model.OBWriteDomestic2>(referencePayment); OBWriteDomesticResponse2 rawPaymentResponse = await PostDomesticPayment <ObModels.PaymentInitiation.V3p1p1.Model.OBWriteDomestic2, OBWriteDomesticResponse2>( payment : newPayment, apiProfile : apiProfile, softwareStatementProfile : softwareStatementProfile, bankClientProfile : bankClientProfile, tokenEndpointResponse : tokenEndpointResponse); paymentResponse = _mapper.Map <OBWriteDomesticResponse4>(rawPaymentResponse); break; case ApiVersion.V3P1P2: throw new ArgumentOutOfRangeException(); case ApiVersion.V3P1P4: paymentResponse = await PostDomesticPayment <OBWriteDomestic2, OBWriteDomesticResponse4>( payment : referencePayment, apiProfile : apiProfile, softwareStatementProfile : softwareStatementProfile, bankClientProfile : bankClientProfile, tokenEndpointResponse : tokenEndpointResponse); break; default: throw new ArgumentOutOfRangeException(); } return(paymentResponse); }
public BankClientProfileResponse(BankClientProfile persistentProfile) { Id = persistentProfile.Id; BankClientRegistrationClaims = persistentProfile.BankClientRegistrationClaims; }