adorsys / xs2a

Open Source NextGenPSD2 XS2A Implementation from adorsys.
https://adorsys.com/en/products/
GNU Affero General Public License v3.0
134 stars 63 forks source link

ASPSP consent data is not decrypted in case of PIIS Consent #89

Closed benmoeARZ closed 2 years ago

benmoeARZ commented 3 years ago

Setup:

We want to use piisConsentSupported: TPP_CONSENT_SUPPORTED

Problem:

When the aspsp-consent-data is loaded in the FundsConfirmationSpiImpl e.g. here https://github.com/adorsys/xs2a-connector-examples/blob/9cd3d6f2ccb816ed4a943b79e23c22d5960c8b81/xs2a-connector/src/main/java/de/adorsys/aspsp/xs2a/connector/spi/impl/FundsConfirmationSpiImpl.java#L73-L75 the data is still encrypted and so can't get deserialized.

The root cause of this problem is in passing the unencrypted consent id to the SpiAspspConsentDataProviderImpl here: https://github.com/adorsys/xs2a/blob/f4e3706909eb4fa5da53a9af8e143d9e613fda2a/xs2a-impl/src/main/java/de/adorsys/psd2/xs2a/service/FundsConfirmationService.java#L135-L136

When the unencrypted consent-id is sent via http to cms-standalone, cms doesn't decrypt the data due to this piece of code: https://github.com/adorsys/xs2a/blob/052562c2e056ac915a64ef80da24f73b76adb220/consent-management/consent-management-lib/src/main/java/de/adorsys/psd2/consent/service/AspspDataServiceInternal.java#L44-L47

In our setup with your xs2a-connector-examples, ledgers and XS2A-Sandbox the TPP_CONSENT_SUPPORTED doesn't work because of this bug.

OlgaLevandovska commented 3 years ago

Hello @benmoeARZ, thanks for the input. We will investigate this issue and will come back with the solution.

Regards, Olga

OlgaLevandovska commented 2 years ago

Hello @benmoeARZ, I would like to inform you, that the solution to this issue will be included in the first release in 2022.

Thank you for your collaboration. Kind regards, Olga