use of io.jans.as.client.JwkClient in project jans by JanssenProject.
the class AuthorizationResponseModeFragmentJwtResponseTypeTokenIdTokenEncryptedHttpTest method authorizationRequestObjectAlgRSAOAEPEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
String clientId = registerResponse.getClientId();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
privateKey = cryptoProvider.getPrivateKey(clientKeyId);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setResponseMode(ResponseMode.FRAGMENT_JWT);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
authorizationRequest(authorizationRequest, ResponseMode.FRAGMENT_JWT, userId, userSecret);
// Clear private key to do not affect to other tests
privateKey = null;
}
use of io.jans.as.client.JwkClient in project jans by JanssenProject.
the class AuthorizationResponseModeJwtResponseTypeCodeIdTokenEncryptedHttpTest method authorizationRequestObjectAlgRSAOAEPEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
String clientId = registerResponse.getClientId();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
privateKey = cryptoProvider.getPrivateKey(clientKeyId);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setResponseMode(ResponseMode.JWT);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
authorizationRequest(authorizationRequest, ResponseMode.QUERY_JWT, userId, userSecret);
// Clear private key to do not affect to other tests
privateKey = null;
}
use of io.jans.as.client.JwkClient in project jans by JanssenProject.
the class AuthorizationResponseModeJwtResponseTypeCodeIdTokenTokenEncryptedHttpTest method authorizationRequestObjectAlgRSAOAEPEncA256GCM.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN, ResponseType.TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
String clientId = registerResponse.getClientId();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
privateKey = cryptoProvider.getPrivateKey(clientKeyId);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setResponseMode(ResponseMode.JWT);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
authorizationRequest(authorizationRequest, ResponseMode.FRAGMENT_JWT, userId, userSecret);
// Clear private key to do not affect to other tests
privateKey = null;
}
use of io.jans.as.client.JwkClient in project jans by JanssenProject.
the class AuthorizationResponseModeJwtResponseTypeTokenIdTokenEncryptedHttpTest method authorizationRequestObjectAlgRSA15EncA128CBCPLUSHS256.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA1_5_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestObjectAlgRSA15EncA128CBCPLUSHS256");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
String clientId = registerResponse.getClientId();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
privateKey = cryptoProvider.getPrivateKey(clientKeyId);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setResponseMode(ResponseMode.JWT);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
authorizationRequest(authorizationRequest, ResponseMode.FRAGMENT_JWT, userId, userSecret);
// Clear private key to do not affect to other tests
privateKey = null;
}
use of io.jans.as.client.JwkClient in project jans by JanssenProject.
the class AuthorizationResponseModeFormPostJwtResponseTypeTokenEncryptedHttpTest method authorizationRequestObjectAlgRSA15EncA256CBCPLUSHS512.
@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA1_5_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSA15EncA256CBCPLUSHS512(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
showTitle("authorizationRequestObjectAlgRSA15EncA256CBCPLUSHS512");
List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
// 1. Dynamic Client Registration
RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
String clientId = registerResponse.getClientId();
// 2. Choose encryption key
JwkClient jwkClient = new JwkClient(jwksUri);
JwkResponse jwkResponse = jwkClient.exec();
String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
assertNotNull(serverKeyId);
// 3. Request authorization
JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
privateKey = cryptoProvider.getPrivateKey(clientKeyId);
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String nonce = UUID.randomUUID().toString();
String state = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setResponseMode(ResponseMode.FORM_POST_JWT);
authorizationRequest.setState(state);
JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A256CBC_PLUS_HS512, cryptoProvider);
jwtAuthorizationRequest.setKeyId(serverKeyId);
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
authorizationRequest.setRequest(authJwt);
AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
assertEquals(authorizationResponse.getResponseMode(), ResponseMode.FORM_POST_JWT);
// Clear private key to do not affect to other tests
privateKey = null;
}
Aggregations