Search in sources :

Example 1 with CertificateProvider

use of io.gravitee.am.certificate.api.CertificateProvider in project gravitee-access-management by gravitee-io.

the class JWKServiceTest method shouldGetJWKSet_singleKey.

@Test
public void shouldGetJWKSet_singleKey() {
    io.gravitee.am.model.jose.JWK key = new io.gravitee.am.model.jose.RSAKey();
    key.setKid("my-test-key");
    CertificateProvider certificateProvider = mock(CertificateProvider.class);
    when(certificateProvider.keys()).thenReturn(Flowable.just(key));
    when(certificateManager.providers()).thenReturn(Collections.singletonList(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
    TestObserver<JWKSet> testObserver = jwkService.getKeys().test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    testObserver.assertValue(jwkSet -> "my-test-key".equals(jwkSet.getKeys().get(0).getKid()));
}
Also used : RSAKey(io.gravitee.am.model.jose.RSAKey) CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider) JWKSet(io.gravitee.am.model.oidc.JWKSet) JWK(io.gravitee.am.model.jose.JWK) Test(org.junit.Test)

Example 2 with CertificateProvider

use of io.gravitee.am.certificate.api.CertificateProvider in project gravitee-access-management by gravitee-io.

the class IDTokenServiceTest method shouldCreateIDToken_clientOnly_clientIdTokenCertificate.

@Test
public void shouldCreateIDToken_clientOnly_clientIdTokenCertificate() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.setClientId("client-id");
    oAuth2Request.setScopes(Collections.singleton("openid"));
    Client client = new Client();
    client.setCertificate("client-certificate");
    String idTokenPayload = "payload";
    io.gravitee.am.gateway.certificate.CertificateProvider idTokenCert = new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider);
    io.gravitee.am.gateway.certificate.CertificateProvider clientCert = new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider);
    io.gravitee.am.gateway.certificate.CertificateProvider defaultCert = new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider);
    ExecutionContext executionContext = mock(ExecutionContext.class);
    when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.just(idTokenCert));
    when(certificateManager.get(anyString())).thenReturn(Maybe.just(clientCert));
    when(certificateManager.defaultCertificateProvider()).thenReturn(defaultCert);
    when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just(idTokenPayload));
    when(executionContextFactory.create(any())).thenReturn(executionContext);
    TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, null).test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(certificateManager, times(1)).findByAlgorithm(any());
    verify(certificateManager, times(1)).get(anyString());
    verify(certificateManager, times(1)).defaultCertificateProvider();
    verify(jwtService, times(1)).encode(any(), eq(idTokenCert));
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 3 with CertificateProvider

use of io.gravitee.am.certificate.api.CertificateProvider in project gravitee-access-management by gravitee-io.

the class IDTokenServiceTest method shouldCreateIDToken_clientOnly_clientCertificate.

@Test
public void shouldCreateIDToken_clientOnly_clientCertificate() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.setClientId("client-id");
    oAuth2Request.setScopes(Collections.singleton("openid"));
    Client client = new Client();
    client.setCertificate("client-certificate");
    String idTokenPayload = "payload";
    io.gravitee.am.gateway.certificate.CertificateProvider clientCert = new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider);
    io.gravitee.am.gateway.certificate.CertificateProvider defaultCert = new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider);
    ExecutionContext executionContext = mock(ExecutionContext.class);
    when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
    when(certificateManager.get(anyString())).thenReturn(Maybe.just(clientCert));
    when(certificateManager.defaultCertificateProvider()).thenReturn(defaultCert);
    when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just(idTokenPayload));
    when(executionContextFactory.create(any())).thenReturn(executionContext);
    TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, null).test();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(certificateManager, times(1)).findByAlgorithm(any());
    verify(certificateManager, times(1)).get(anyString());
    verify(certificateManager, times(1)).defaultCertificateProvider();
    verify(jwtService, times(1)).encode(any(), eq(clientCert));
}
Also used : OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 4 with CertificateProvider

use of io.gravitee.am.certificate.api.CertificateProvider in project gravitee-access-management by gravitee-io.

the class IDTokenServiceTest method shouldCreateIDToken_withUser_scopesRequest_email_address.

@Test
public void shouldCreateIDToken_withUser_scopesRequest_email_address() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.setClientId("client-id");
    oAuth2Request.setScopes(new HashSet<>(Arrays.asList("openid", "email", "address")));
    oAuth2Request.setSubject("subject");
    Client client = new Client();
    User user = createUser();
    JWT expectedJwt = new JWT();
    expectedJwt.setSub(user.getId());
    expectedJwt.setAud("client-id");
    expectedJwt.put(StandardClaims.ADDRESS, user.getAdditionalInformation().get(StandardClaims.ADDRESS));
    expectedJwt.put(StandardClaims.EMAIL_VERIFIED, user.getAdditionalInformation().get(StandardClaims.EMAIL_VERIFIED));
    expectedJwt.setIss(null);
    expectedJwt.setExp((System.currentTimeMillis() / 1000l) + 14400);
    expectedJwt.setIat(System.currentTimeMillis() / 1000l);
    expectedJwt.put(StandardClaims.EMAIL, user.getAdditionalInformation().get(StandardClaims.EMAIL));
    ExecutionContext executionContext = mock(ExecutionContext.class);
    when(executionContextFactory.create(any())).thenReturn(executionContext);
    ArgumentCaptor<JWT> jwtCaptor = ArgumentCaptor.forClass(JWT.class);
    when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
    when(certificateManager.defaultCertificateProvider()).thenReturn(new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider));
    when(certificateManager.get(any())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
    when(jwtService.encode(jwtCaptor.capture(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
    TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(certificateManager).findByAlgorithm(any());
    verify(certificateManager).get(any());
    verify(jwtService, times(1)).encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
    JWT jwt = jwtCaptor.getValue();
    assertNotNull(jwt);
    assertTrue(jwt.get("sub") != null && expectedJwt.getSub().equals(jwt.get("sub")));
    assertTrue(jwt.get("aud") != null && expectedJwt.getAud().equals(jwt.get("aud")));
    assertTrue(jwt.get("email") != null && expectedJwt.get(StandardClaims.EMAIL).equals(jwt.get("email")));
    assertTrue(jwt.get("address") != null && expectedJwt.get(StandardClaims.ADDRESS).equals(jwt.get("address")));
}
Also used : User(io.gravitee.am.model.User) JWT(io.gravitee.am.common.jwt.JWT) OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 5 with CertificateProvider

use of io.gravitee.am.certificate.api.CertificateProvider in project gravitee-access-management by gravitee-io.

the class IDTokenServiceTest method shouldCreateIDToken_withUser_claimsRequest.

@Test
public void shouldCreateIDToken_withUser_claimsRequest() {
    OAuth2Request oAuth2Request = new OAuth2Request();
    oAuth2Request.setClientId("client-id");
    oAuth2Request.setScopes(Collections.singleton("openid"));
    oAuth2Request.setSubject("subject");
    MultiValueMap<String, String> requestParameters = new LinkedMultiValueMap<>();
    requestParameters.put("claims", Collections.singletonList("{\"id_token\":{\"name\":{\"essential\":true}}}"));
    oAuth2Request.setParameters(requestParameters);
    Client client = new Client();
    client.setCertificate("certid");
    User user = createUser();
    JWT expectedJwt = new JWT();
    expectedJwt.setSub(user.getId());
    expectedJwt.setAud("client-id");
    expectedJwt.setIss(null);
    expectedJwt.put(StandardClaims.NAME, user.getAdditionalInformation().get(StandardClaims.NAME));
    expectedJwt.setIat(System.currentTimeMillis() / 1000l);
    expectedJwt.setExp(expectedJwt.getIat() + 14400);
    ExecutionContext executionContext = mock(ExecutionContext.class);
    when(certificateManager.findByAlgorithm(any())).thenReturn(Maybe.empty());
    when(certificateManager.defaultCertificateProvider()).thenReturn(new io.gravitee.am.gateway.certificate.CertificateProvider(defaultCertificateProvider));
    when(certificateManager.get(anyString())).thenReturn(Maybe.just(new io.gravitee.am.gateway.certificate.CertificateProvider(certificateProvider)));
    when(jwtService.encode(any(), any(io.gravitee.am.gateway.certificate.CertificateProvider.class))).thenReturn(Single.just("test"));
    ((IDTokenServiceImpl) idTokenService).setObjectMapper(objectMapper);
    when(executionContextFactory.create(any())).thenReturn(executionContext);
    TestObserver<String> testObserver = idTokenService.create(oAuth2Request, client, user).test();
    testObserver.awaitTerminalEvent();
    testObserver.assertComplete();
    testObserver.assertNoErrors();
    verify(certificateManager, times(1)).get(anyString());
    verify(jwtService, times(1)).encode(eq(expectedJwt), any(io.gravitee.am.gateway.certificate.CertificateProvider.class));
}
Also used : User(io.gravitee.am.model.User) LinkedMultiValueMap(io.gravitee.common.util.LinkedMultiValueMap) JWT(io.gravitee.am.common.jwt.JWT) IDTokenServiceImpl(io.gravitee.am.gateway.handler.oidc.service.idtoken.impl.IDTokenServiceImpl) OAuth2Request(io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request) ExecutionContext(io.gravitee.gateway.api.ExecutionContext) CertificateProvider(io.gravitee.am.certificate.api.CertificateProvider) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Aggregations

CertificateProvider (io.gravitee.am.certificate.api.CertificateProvider)12 Test (org.junit.Test)10 OAuth2Request (io.gravitee.am.gateway.handler.oauth2.service.request.OAuth2Request)8 Client (io.gravitee.am.model.oidc.Client)8 ExecutionContext (io.gravitee.gateway.api.ExecutionContext)8 JWT (io.gravitee.am.common.jwt.JWT)6 User (io.gravitee.am.model.User)6 IDTokenServiceImpl (io.gravitee.am.gateway.handler.oidc.service.idtoken.impl.IDTokenServiceImpl)2 JWK (io.gravitee.am.model.jose.JWK)2 RSAKey (io.gravitee.am.model.jose.RSAKey)2 JWKSet (io.gravitee.am.model.oidc.JWKSet)2 LinkedMultiValueMap (io.gravitee.common.util.LinkedMultiValueMap)2 CertificateEvent (io.gravitee.am.common.event.CertificateEvent)1 CertificateManager (io.gravitee.am.management.service.CertificateManager)1 DomainNotifierService (io.gravitee.am.management.service.DomainNotifierService)1 Certificate (io.gravitee.am.model.Certificate)1 Payload (io.gravitee.am.model.common.event.Payload)1 CertificatePluginManager (io.gravitee.am.plugins.certificate.core.CertificatePluginManager)1 CertificateService (io.gravitee.am.service.CertificateService)1 UpdateCertificate (io.gravitee.am.service.model.UpdateCertificate)1