Examples with JwkResponse io.jans.as.client.JwkResponse used on opensource projects

Search in sources :

Example 81 with JwkResponse

use of io.jans.as.client.JwkResponse in project jans by JanssenProject.

the class AuthorizationResponseModeQueryJwtResponseTypeCodeTokenEncryptedHttpTest method authorizationRequestObjectAlgRSA15EncA128CBCPLUSHS256.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA1_5_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSA15EncA128CBCPLUSHS256(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("authorizationRequestObjectAlgRSA15EncA128CBCPLUSHS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA1_5);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.QUERY_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA1_5, BlockEncryptionAlgorithm.A128CBC_PLUS_HS256, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    authorizationRequest(authorizationRequest, ResponseMode.QUERY_JWT, userId, userSecret);
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 82 with JwkResponse

use of io.jans.as.client.JwkResponse in project jans by JanssenProject.

the class AuthorizationResponseModeQueryJwtResponseTypeTokenEncryptedHttpTest method authorizationRequestObjectAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void authorizationRequestObjectAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUri, final String redirectUris, final String clientJwksUri, final String clientKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("requestParameterMethodAlgRSAOAEPEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, null, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Choose encryption key
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    // 3. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider.getPrivateKey(clientKeyId);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setResponseMode(ResponseMode.QUERY_JWT);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
    jwtAuthorizationRequest.setKeyId(serverKeyId);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwt);
    authorizationRequest(authorizationRequest, ResponseMode.QUERY_JWT, userId, userSecret);
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : RegisterResponse(io.jans.as.client.RegisterResponse) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Claim(io.jans.as.client.model.authorize.Claim) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 83 with JwkResponse

use of io.jans.as.client.JwkResponse in project jans by JanssenProject.

the class AuthClientFactory method getJSONWebKeys.

public static JSONWebKeySet getJSONWebKeys(String jwksUri) {
    log.debug("JSONWebKeys - jwksUri:{}", jwksUri);
    Builder clientBuilder = getClientBuilder(jwksUri);
    clientBuilder.header(CONTENT_TYPE, MediaType.APPLICATION_JSON);
    Response webKeyResponse = clientBuilder.get();
    log.trace("AuthClientFactory::getJSONWebKeys() - webKeyResponse:{}", webKeyResponse);
    if (webKeyResponse.getStatus() == 200) {
        String jsonWebKeySetEntity = webKeyResponse.readEntity(String.class);
        log.trace("AuthClientFactory::getJSONWebKeys() - jsonWebKeySetEntity:{}", jsonWebKeySetEntity);
        JwkResponse jwkResponse = new JwkResponse(200);
        JSONWebKeySet jwks = null;
        if (StringUtils.isNotBlank(jsonWebKeySetEntity)) {
            JSONObject jsonObj = new JSONObject(jsonWebKeySetEntity);
            if (jsonObj.has(JSON_WEB_KEY_SET)) {
                jwks = JSONWebKeySet.fromJSONObject(jsonObj);
                jwkResponse.setJwks(jwks);
            }
            log.trace("AuthClientFactory::getJSONWebKeys() - jwkResponse:{}, jwks:{}", jwkResponse, jwks);
            return jwks;
        }
    }
    return null;
}
Also used : IntrospectionResponse(io.jans.as.model.common.IntrospectionResponse) JwkResponse(io.jans.as.client.JwkResponse) TokenResponse(io.jans.as.client.TokenResponse) Response(javax.ws.rs.core.Response) JwkResponse(io.jans.as.client.JwkResponse) JSONObject(org.json.JSONObject) JSONWebKeySet(io.jans.as.model.jwk.JSONWebKeySet) ClientBuilder(javax.ws.rs.client.ClientBuilder) Builder(javax.ws.rs.client.Invocation.Builder) UriBuilder(javax.ws.rs.core.UriBuilder) RestClientBuilder(org.eclipse.microprofile.rest.client.RestClientBuilder)

Example 84 with JwkResponse

use of io.jans.as.client.JwkResponse in project jans by JanssenProject.

the class RegistrationTest method backchannelTokenDeliveryModePing5.

@Parameters({ "clientJwksUri", "backchannelClientNotificationEndpoint" })
public void backchannelTokenDeliveryModePing5(final String clientJwksUri, final String backchannelClientNotificationEndpoint) {
    showTitle("backchannelTokenDeliveryModePing5");
    // 1. Dynamic Client Registration
    JwkClient jwkClient = new JwkClient(clientJwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwks(jwkResponse.getJwks().toString());
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.PING);
    registerRequest.setBackchannelClientNotificationEndpoint(backchannelClientNotificationEndpoint);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS256);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
    registerRequest.setBackchannelUserCodeParameter(false);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS256);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsNotNull(registerResponse, APPLICATION_TYPE, SUBJECT_TYPE, ID_TOKEN_SIGNED_RESPONSE_ALG, JWKS, CLIENT_NAME, SCOPE);
    assertRegisterResponseClaimsAreContained(registerResponse, ID_TOKEN_SIGNED_RESPONSE_ALG, TOKEN_ENDPOINT_AUTH_SIGNING_ALG, TOKEN_ENDPOINT_AUTH_METHOD);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS256, BackchannelTokenDeliveryMode.PING, false);
    assertEquals(registerResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client Read
    RegisterRequest clientReadRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient clientReadClient = new RegisterClient(registrationClientUri);
    clientReadClient.setRequest(clientReadRequest);
    RegisterResponse clientReadResponse = clientReadClient.exec();
    showClient(clientReadClient);
    assertRegisterResponseOk(clientReadResponse, 200, true);
    assertRegisterResponseClaimsNotNull(clientReadResponse, APPLICATION_TYPE, SUBJECT_TYPE, ID_TOKEN_SIGNED_RESPONSE_ALG, JWKS, CLIENT_NAME, SCOPE);
    assertRegisterResponseClaimsAreContained(clientReadResponse, ID_TOKEN_SIGNED_RESPONSE_ALG, TOKEN_ENDPOINT_AUTH_SIGNING_ALG, TOKEN_ENDPOINT_AUTH_METHOD);
    assertRegisterResponseClaimsBackChannel(clientReadResponse, AsymmetricSignatureAlgorithm.PS256, BackchannelTokenDeliveryMode.PING, true);
    assertEquals(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) JwkResponse(io.jans.as.client.JwkResponse) RegisterClient(io.jans.as.client.RegisterClient) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters)

Example 85 with JwkResponse

use of io.jans.as.client.JwkResponse in project jans by JanssenProject.

the class RegistrationTest method backchannelTokenDeliveryModePoll5.

@Parameters({ "clientJwksUri" })
public void backchannelTokenDeliveryModePoll5(final String clientJwksUri) {
    showTitle("backchannelTokenDeliveryModePoll5");
    // 1. Dynamic Client Registration
    JwkClient jwkClient = new JwkClient(clientJwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", null);
    registerRequest.setJwks(jwkResponse.getJwks().toString());
    registerRequest.setGrantTypes(Collections.singletonList(GrantType.CIBA));
    registerRequest.setBackchannelTokenDeliveryMode(BackchannelTokenDeliveryMode.POLL);
    registerRequest.setBackchannelAuthenticationRequestSigningAlg(AsymmetricSignatureAlgorithm.PS256);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.PS256);
    registerRequest.setBackchannelUserCodeParameter(false);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setTokenEndpointAuthSigningAlg(SignatureAlgorithm.PS256);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertRegisterResponseClaimsNotNull(registerResponse, APPLICATION_TYPE, SUBJECT_TYPE, ID_TOKEN_SIGNED_RESPONSE_ALG, JWKS, CLIENT_NAME, SCOPE);
    assertRegisterResponseClaimsAreContained(registerResponse, ID_TOKEN_SIGNED_RESPONSE_ALG, TOKEN_ENDPOINT_AUTH_SIGNING_ALG, TOKEN_ENDPOINT_AUTH_METHOD);
    assertRegisterResponseClaimsBackChannel(registerResponse, AsymmetricSignatureAlgorithm.PS256, BackchannelTokenDeliveryMode.POLL, false);
    assertEquals(registerResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(registerResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
    String registrationAccessToken = registerResponse.getRegistrationAccessToken();
    String registrationClientUri = registerResponse.getRegistrationClientUri();
    // 2. Client Read
    RegisterRequest clientReadRequest = new RegisterRequest(registrationAccessToken);
    RegisterClient clientReadClient = new RegisterClient(registrationClientUri);
    clientReadClient.setRequest(clientReadRequest);
    RegisterResponse clientReadResponse = clientReadClient.exec();
    showClient(clientReadClient);
    assertRegisterResponseOk(clientReadResponse, 200, true);
    assertRegisterResponseClaimsNotNull(clientReadResponse, APPLICATION_TYPE, SUBJECT_TYPE, ID_TOKEN_SIGNED_RESPONSE_ALG, JWKS, CLIENT_NAME, SCOPE);
    assertRegisterResponseClaimsAreContained(clientReadResponse, ID_TOKEN_SIGNED_RESPONSE_ALG, TOKEN_ENDPOINT_AUTH_SIGNING_ALG, TOKEN_ENDPOINT_AUTH_METHOD);
    assertRegisterResponseClaimsBackChannel(clientReadResponse, AsymmetricSignatureAlgorithm.PS256, BackchannelTokenDeliveryMode.POLL, false);
    assertEquals(clientReadResponse.getClaims().get(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()), SignatureAlgorithm.PS256.getName());
    assertEquals(clientReadResponse.getClaims().get(TOKEN_ENDPOINT_AUTH_METHOD.toString()), AuthenticationMethod.PRIVATE_KEY_JWT.toString());
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) JwkResponse(io.jans.as.client.JwkResponse) RegisterClient(io.jans.as.client.RegisterClient) JwkClient(io.jans.as.client.JwkClient) Parameters(org.testng.annotations.Parameters)

Aggregations

JwkResponse (io.jans.as.client.JwkResponse)107 JwkClient (io.jans.as.client.JwkClient)106 Parameters (org.testng.annotations.Parameters)103 BaseTest (io.jans.as.client.BaseTest)102 Test (org.testng.annotations.Test)102 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)100 RegisterResponse (io.jans.as.client.RegisterResponse)96 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)94 ResponseType (io.jans.as.model.common.ResponseType)94 JSONObject (org.json.JSONObject)85 Claim (io.jans.as.client.model.authorize.Claim)84 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)84 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)40 RegisterClient (io.jans.as.client.RegisterClient)24 RegisterRequest (io.jans.as.client.RegisterRequest)24 AuthorizeClient (io.jans.as.client.AuthorizeClient)15 UserInfoClient (io.jans.as.client.UserInfoClient)12 UserInfoResponse (io.jans.as.client.UserInfoResponse)12 Jwe (io.jans.as.model.jwe.Jwe)9 Jwt (io.jans.as.model.jwt.Jwt)9
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial