use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationResponseTest method convert.
@Test
public void convert() {
RSAKey rsaKey = new RSAKey();
rsaKey.setKty("RSA");
rsaKey.setKid("kidRSA");
rsaKey.setUse("enc");
rsaKey.setE("exponent");
rsaKey.setN("modulus");
ECKey ecKey = new ECKey();
ecKey.setKty("EC");
ecKey.setKid("kidEC");
ecKey.setUse("enc");
ecKey.setCrv("P-256");
ecKey.setX("vBT2JhFHd62Jcf4yyBzSV9NuDBNBssR1zlmnHelgZcs");
ecKey.setY("up8E8b3TjeKS2v2GCH23UJP0bak0La77lkQ7_n4djqE");
OKPKey okpKey = new OKPKey();
okpKey.setKty("OKP");
okpKey.setKid("kidOKP");
okpKey.setCrv("Ed25519");
okpKey.setX("vBNW8f19leF79U4U6NrDDQaK_i5kL0iMKghB39AUT2I");
OCTKey octKey = new OCTKey();
octKey.setKty("oct");
octKey.setKid("kidOCT");
octKey.setK("FdFYFzERwC2uCBB46pZQi4GG85LujR8obt-KWRBICVQ");
JWKSet jwkSet = new JWKSet();
jwkSet.setKeys(Arrays.asList(rsaKey, ecKey, okpKey, octKey));
Client client = new Client();
client.setClientId("clientId");
client.setClientName("clientName");
client.setJwks(jwkSet);
DynamicClientRegistrationResponse response = DynamicClientRegistrationResponse.fromClient(client);
assertNotNull("expecting response", response);
assertEquals(response.getClientId(), "clientId");
assertEquals(response.getClientName(), "clientName");
assertTrue(response.getJwks().getKeys().size() == 4);
}
use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method create_FapiBrazil_SoftwareStatement_invalid_jwks_uri.
@Test
public void create_FapiBrazil_SoftwareStatement_invalid_jwks_uri() throws Exception {
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setRedirectUris(Optional.empty());
request.setRequireParRequest(Optional.of(false));
request.setRequestObjectEncryptionAlg(Optional.of(JWEAlgorithm.RSA_OAEP.getName()));
request.setRequestObjectEncryptionEnc(Optional.of(EncryptionMethod.A256GCM.getName()));
request.setJwksUri(Optional.of("https://invalid"));
final RSAKey rsaKey = generateRSAKey();
request.setSoftwareStatement(Optional.of(generateSoftwareStatement(rsaKey, JWSAlgorithm.PS256, Instant.now())));
when(domain.useFapiBrazilProfile()).thenReturn(true);
when(environment.getProperty(DynamicClientRegistrationServiceImpl.FAPI_OPENBANKING_BRAZIL_DIRECTORY_JWKS_URI)).thenReturn(DUMMY_JWKS_URI);
when(jwkService.getKeys(anyString())).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(new io.gravitee.am.model.jose.RSAKey()));
when(jwsService.isValidSignature(any(), any())).thenReturn(true);
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertError(InvalidClientMetadataException.class);
testObserver.assertErrorMessage("jwks_uri doesn't match the software_jwks_uri");
testObserver.assertNotComplete();
}
use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method create_FapiBrazil_SoftwareStatement_missing_jwks_uri.
@Test
public void create_FapiBrazil_SoftwareStatement_missing_jwks_uri() throws Exception {
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setRedirectUris(Optional.empty());
request.setRequireParRequest(Optional.of(false));
request.setRequestObjectEncryptionAlg(Optional.of(JWEAlgorithm.RSA_OAEP.getName()));
request.setRequestObjectEncryptionEnc(Optional.of(EncryptionMethod.A256GCM.getName()));
final RSAKey rsaKey = generateRSAKey();
request.setSoftwareStatement(Optional.of(generateSoftwareStatement(rsaKey, JWSAlgorithm.PS256, Instant.now())));
when(domain.useFapiBrazilProfile()).thenReturn(true);
when(environment.getProperty(DynamicClientRegistrationServiceImpl.FAPI_OPENBANKING_BRAZIL_DIRECTORY_JWKS_URI)).thenReturn(DUMMY_JWKS_URI);
when(jwkService.getKeys(anyString())).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(new io.gravitee.am.model.jose.RSAKey()));
when(jwsService.isValidSignature(any(), any())).thenReturn(true);
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertError(InvalidClientMetadataException.class);
testObserver.assertErrorMessage("jwks_uri is required");
testObserver.assertNotComplete();
}
use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method createFromTemplate.
@Test
public void createFromTemplate() {
Client template = new Client();
template.setId(ID_SOURCE);
template.setClientName("shouldBeRemoved");
template.setClientId("shouldBeReplaced");
template.setClientSecret("shouldBeRemoved");
template.setRedirectUris(Arrays.asList("shouldBeRemoved"));
template.setSectorIdentifierUri("shouldBeRemoved");
template.setJwks(new JWKSet());
template.setTemplate(true);
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setSoftwareId(Optional.of(ID_SOURCE));
request.setApplicationType(Optional.of("app"));
when(formService.copyFromClient(DOMAIN_ID, ID_SOURCE, ID_TARGET)).thenReturn(Single.just(Collections.emptyList()));
when(emailTemplateService.copyFromClient(DOMAIN_ID, ID_SOURCE, ID_TARGET)).thenReturn(Flowable.empty());
when(domain.isDynamicClientRegistrationTemplateEnabled()).thenReturn(true);
when(clientService.findById("123")).thenReturn(Maybe.just(template));
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertComplete().assertNoErrors();
testObserver.assertValue(client -> client.getId().equals("abc") && client.getApplicationType().equals("app") && client.getClientId() != null && !client.getClientId().equals("shouldBeReplaced") && client.getRedirectUris() == null && client.getClientName().equals(ClientServiceImpl.DEFAULT_CLIENT_NAME) && client.getClientSecret() == null && client.getJwks() == null && client.getSectorIdentifierUri() == null);
verify(clientService, times(1)).create(any());
}
use of io.gravitee.am.model.oidc.JWKSet in project gravitee-access-management by gravitee-io.
the class DynamicClientRegistrationServiceTest method create_FapiBrazil_SoftwareStatement_invalid_redirect_uris.
@Test
public void create_FapiBrazil_SoftwareStatement_invalid_redirect_uris() throws Exception {
DynamicClientRegistrationRequest request = new DynamicClientRegistrationRequest();
request.setRedirectUris(Optional.empty());
request.setRequireParRequest(Optional.of(false));
request.setRequestObjectEncryptionAlg(Optional.of(JWEAlgorithm.RSA_OAEP.getName()));
request.setRequestObjectEncryptionEnc(Optional.of(EncryptionMethod.A256GCM.getName()));
request.setJwksUri(Optional.of(DUMMY_JWKS_URI));
request.setRedirectUris(Optional.of(Arrays.asList("https://invalid")));
final RSAKey rsaKey = generateRSAKey();
request.setSoftwareStatement(Optional.of(generateSoftwareStatement(rsaKey, JWSAlgorithm.PS256, Instant.now())));
when(domain.useFapiBrazilProfile()).thenReturn(true);
when(environment.getProperty(DynamicClientRegistrationServiceImpl.FAPI_OPENBANKING_BRAZIL_DIRECTORY_JWKS_URI)).thenReturn(DUMMY_JWKS_URI);
when(jwkService.getKeys(anyString())).thenReturn(Maybe.just(new JWKSet()));
when(jwkService.getKey(any(), any())).thenReturn(Maybe.just(new io.gravitee.am.model.jose.RSAKey()));
when(jwsService.isValidSignature(any(), any())).thenReturn(true);
TestObserver<Client> testObserver = dcrService.create(request, BASE_PATH).test();
testObserver.assertError(InvalidClientMetadataException.class);
testObserver.assertErrorMessage("redirect_uris contains unknown uri from software_statement");
testObserver.assertNotComplete();
}
Aggregations