Examples with JWKSet io.gravitee.am.model.oidc.JWKSet used on opensource projects

Search in sources :

Example 1 with JWKSet

use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.

the class DynamicClientRegistrationResponseTest method convert.

@Test
public void convert() {
    RSAKey rsaKey = new RSAKey();
    rsaKey.setKty("RSA");
    rsaKey.setKid("kidRSA");
    rsaKey.setUse("enc");
    rsaKey.setE("exponent");
    rsaKey.setN("modulus");
    ECKey ecKey = new ECKey();
    ecKey.setKty("EC");
    ecKey.setKid("kidEC");
    ecKey.setUse("enc");
    ecKey.setCrv("P-256");
    ecKey.setX("vBT2JhFHd62Jcf4yyBzSV9NuDBNBssR1zlmnHelgZcs");
    ecKey.setY("up8E8b3TjeKS2v2GCH23UJP0bak0La77lkQ7_n4djqE");
    OKPKey okpKey = new OKPKey();
    okpKey.setKty("OKP");
    okpKey.setKid("kidOKP");
    okpKey.setCrv("Ed25519");
    okpKey.setX("vBNW8f19leF79U4U6NrDDQaK_i5kL0iMKghB39AUT2I");
    OCTKey octKey = new OCTKey();
    octKey.setKty("oct");
    octKey.setKid("kidOCT");
    octKey.setK("FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ");
    JWKSet jwkSet = new JWKSet();
    jwkSet.setKeys(Arrays.asList(rsaKey, ecKey, okpKey, octKey));
    Client client = new Client();
    client.setClientId("clientId");
    client.setClientName("clientName");
    client.setJwks(jwkSet);
    DynamicClientRegistrationResponse response = DynamicClientRegistrationResponse.fromClient(client);
    assertNotNull("expecting response", response);
    assertEquals(response.getClientId(), "clientId");
    assertEquals(response.getClientName(), "clientName");
    assertTrue(response.getJwks().getKeys().size() == 4);
}
Also used : RSAKey(io.gravitee.am.model.jose.RSAKey) JWKSet(io.gravitee.am.model.oidc.JWKSet) OCTKey(io.gravitee.am.model.jose.OCTKey) ECKey(io.gravitee.am.model.jose.ECKey) Client(io.gravitee.am.model.oidc.Client) OKPKey(io.gravitee.am.model.jose.OKPKey) Test(org.junit.Test)

Example 2 with JWKSet

use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.

the class DynamicClientRegistrationServiceTest method create_FapiBrazil_SoftwareStatement_invalid_jwks_uri.

@Test
public void create_FapiBrazil_SoftwareStatement_invalid_jwks_uri() throws Exception {
    DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
    request.setRedirectUris(Optional.empty());
    request.setRequireParRequest(Optional.of(false));
    request.setRequestObjectEncryptionAlg(Optional.of(JWEAlgorithm.RSA_OAEP.getName()));
    request.setRequestObjectEncryptionEnc(Optional.of(EncryptionMethod.A256GCM.getName()));
    request.setJwksUri(Optional.of("https://invalid"));
    final RSAKey rsaKey = generateRSAKey();
    request.setSoftwareStatement(Optional.of(generateSoftwareStatement(rsaKey, JWSAlgorithm.PS256, Instant.now())));
    when(domain.useFapiBrazilProfile()).thenReturn(true);
    when(environment.getProperty(DynamicClientRegistrationServiceImpl.FAPI_OPENBANKING_BRAZIL_DIRECTORY_JWKS_URI)).thenReturn(DUMMY_JWKS_URI);
    when(jwkService.getKeys(anyString())).thenReturn(Maybe.just(new JWKSet()));
    when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(new io.gravitee.am.model.jose.RSAKey()));
    when(jwsService.isValidSignature(any(), any())).thenReturn(true);
    TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
    testObserver.assertError(InvalidClientMetadataException.class);
    testObserver.assertErrorMessage("jwks_uri doesn't match the software_jwks_uri");
    testObserver.assertNotComplete();
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWKSet(io.gravitee.am.model.oidc.JWKSet) WebClient(io.vertx.reactivex.ext.web.client.WebClient) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 3 with JWKSet

use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.

the class DynamicClientRegistrationServiceTest method create_FapiBrazil_SoftwareStatement_missing_jwks_uri.

@Test
public void create_FapiBrazil_SoftwareStatement_missing_jwks_uri() throws Exception {
    DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
    request.setRedirectUris(Optional.empty());
    request.setRequireParRequest(Optional.of(false));
    request.setRequestObjectEncryptionAlg(Optional.of(JWEAlgorithm.RSA_OAEP.getName()));
    request.setRequestObjectEncryptionEnc(Optional.of(EncryptionMethod.A256GCM.getName()));
    final RSAKey rsaKey = generateRSAKey();
    request.setSoftwareStatement(Optional.of(generateSoftwareStatement(rsaKey, JWSAlgorithm.PS256, Instant.now())));
    when(domain.useFapiBrazilProfile()).thenReturn(true);
    when(environment.getProperty(DynamicClientRegistrationServiceImpl.FAPI_OPENBANKING_BRAZIL_DIRECTORY_JWKS_URI)).thenReturn(DUMMY_JWKS_URI);
    when(jwkService.getKeys(anyString())).thenReturn(Maybe.just(new JWKSet()));
    when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(new io.gravitee.am.model.jose.RSAKey()));
    when(jwsService.isValidSignature(any(), any())).thenReturn(true);
    TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
    testObserver.assertError(InvalidClientMetadataException.class);
    testObserver.assertErrorMessage("jwks_uri is required");
    testObserver.assertNotComplete();
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWKSet(io.gravitee.am.model.oidc.JWKSet) WebClient(io.vertx.reactivex.ext.web.client.WebClient) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 4 with JWKSet

use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.

the class DynamicClientRegistrationServiceTest method createFromTemplate.

@Test
public void createFromTemplate() {
    Client template = new Client();
    template.setId(ID_SOURCE);
    template.setClientName("shouldBeRemoved");
    template.setClientId("shouldBeReplaced");
    template.setClientSecret("shouldBeRemoved");
    template.setRedirectUris(Arrays.asList("shouldBeRemoved"));
    template.setSectorIdentifierUri("shouldBeRemoved");
    template.setJwks(new JWKSet());
    template.setTemplate(true);
    DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
    request.setSoftwareId(Optional.of(ID_SOURCE));
    request.setApplicationType(Optional.of("app"));
    when(formService.copyFromClient(DOMAIN_ID, ID_SOURCE, ID_TARGET)).thenReturn(Single.just(Collections.emptyList()));
    when(emailTemplateService.copyFromClient(DOMAIN_ID, ID_SOURCE, ID_TARGET)).thenReturn(Flowable.empty());
    when(domain.isDynamicClientRegistrationTemplateEnabled()).thenReturn(true);
    when(clientService.findById("123")).thenReturn(Maybe.just(template));
    TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
    testObserver.assertComplete().assertNoErrors();
    testObserver.assertValue(client -> client.getId().equals("abc") && client.getApplicationType().equals("app") && client.getClientId() != null && !client.getClientId().equals("shouldBeReplaced") && client.getRedirectUris() == null && client.getClientName().equals(ClientServiceImpl.DEFAULT_CLIENT_NAME) && client.getClientSecret() == null && client.getJwks() == null && client.getSectorIdentifierUri() == null);
    verify(clientService, times(1)).create(any());
}
Also used : JWKSet(io.gravitee.am.model.oidc.JWKSet) WebClient(io.vertx.reactivex.ext.web.client.WebClient) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Example 5 with JWKSet

use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.

the class DynamicClientRegistrationServiceTest method create_FapiBrazil_SoftwareStatement_invalid_redirect_uris.

@Test
public void create_FapiBrazil_SoftwareStatement_invalid_redirect_uris() throws Exception {
    DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
    request.setRedirectUris(Optional.empty());
    request.setRequireParRequest(Optional.of(false));
    request.setRequestObjectEncryptionAlg(Optional.of(JWEAlgorithm.RSA_OAEP.getName()));
    request.setRequestObjectEncryptionEnc(Optional.of(EncryptionMethod.A256GCM.getName()));
    request.setJwksUri(Optional.of(DUMMY_JWKS_URI));
    request.setRedirectUris(Optional.of(Arrays.asList("https://invalid")));
    final RSAKey rsaKey = generateRSAKey();
    request.setSoftwareStatement(Optional.of(generateSoftwareStatement(rsaKey, JWSAlgorithm.PS256, Instant.now())));
    when(domain.useFapiBrazilProfile()).thenReturn(true);
    when(environment.getProperty(DynamicClientRegistrationServiceImpl.FAPI_OPENBANKING_BRAZIL_DIRECTORY_JWKS_URI)).thenReturn(DUMMY_JWKS_URI);
    when(jwkService.getKeys(anyString())).thenReturn(Maybe.just(new JWKSet()));
    when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(new io.gravitee.am.model.jose.RSAKey()));
    when(jwsService.isValidSignature(any(), any())).thenReturn(true);
    TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
    testObserver.assertError(InvalidClientMetadataException.class);
    testObserver.assertErrorMessage("redirect_uris contains unknown uri from software_statement");
    testObserver.assertNotComplete();
}
Also used : RSAKey(com.nimbusds.jose.jwk.RSAKey) JWKSet(io.gravitee.am.model.oidc.JWKSet) WebClient(io.vertx.reactivex.ext.web.client.WebClient) Client(io.gravitee.am.model.oidc.Client) Test(org.junit.Test)

Aggregations

JWKSet (io.gravitee.am.model.oidc.JWKSet)59 Test (org.junit.Test)52 Client (io.gravitee.am.model.oidc.Client)37 TestObserver (io.reactivex.observers.TestObserver)31 RSAKey (com.nimbusds.jose.jwk.RSAKey)13 OCTKey (io.gravitee.am.model.jose.OCTKey)13 WebClient (io.vertx.reactivex.ext.web.client.WebClient)13 JWEObject (com.nimbusds.jose.JWEObject)12 RSAKey (io.gravitee.am.model.jose.RSAKey)10 JWK (io.gravitee.am.model.jose.JWK)9 OctetSequenceKey (com.nimbusds.jose.jwk.OctetSequenceKey)8 com.nimbusds.jose (com.nimbusds.jose)5 OKPKey (io.gravitee.am.model.jose.OKPKey)5 JSONObject (net.minidev.json.JSONObject)5 JOSEException (com.nimbusds.jose.JOSEException)4 CibaAuthenticationRequest (io.gravitee.am.gateway.handler.ciba.service.request.CibaAuthenticationRequest)4 KeyPair (java.security.KeyPair)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 SecureRandom (java.security.SecureRandom)4 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial