Example 71 with RegisterResponse
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method requestClientRead1.
@Test(dependsOnMethods = "requestClientAssociate1")
public void requestClientRead1() throws Exception {
showTitle("requestClientRead1");
RegisterRequest registerRequest = new RegisterRequest(registrationAccessToken1);
RegisterClient registerClient = new RegisterClient(registrationClientUri1);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
RegisterClient(io.jans.as.client.RegisterClient)
JSONArray(org.json.JSONArray)
ArrayList(java.util.ArrayList)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 72 with RegisterResponse
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method shareSubjectIdBetweenClientsWithSameSectorId.
// Run this test with both pairwiseIdType persistent and algorithmic
// And ensure shareSubjectIdBetweenClientsWithSameSectorId is set to true
@Parameters({ "redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret" })
@Test(enabled = true)
public void shareSubjectIdBetweenClientsWithSameSectorId(final String redirectUris, final String sectorIdentifierUri, final String redirectUri, final String userId, final String userSecret) throws Exception {
showTitle("shareSubjectIdBetweenClientsWithSameSectorId");
RegisterResponse registerResponse1 = requestClientRegistration(redirectUris, sectorIdentifierUri);
RegisterResponse registerResponse2 = requestClientRegistration(redirectUris, sectorIdentifierUri);
String sub1 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub2 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertEquals(sub1, sub2, "Each client must share the same sub value");
String sub3 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub4 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertEquals(sub1, sub3, "Same client must receive the same sub value");
assertEquals(sub2, sub4, "Same client must receive the same sub value");
}
Also used :
RegisterResponse(io.jans.as.client.RegisterResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 73 with RegisterResponse
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method sectorIdentifierUrlVerificationFail2.
@Parameters({ "sectorIdentifierUri" })
@Test
public void sectorIdentifierUrlVerificationFail2(final String sectorIdentifierUri) throws Exception {
showTitle("sectorIdentifierUrlVerificationFail2");
String redirectUris = "https://INVALID_REDIRECT_URI https://client.example.com/cb https://client.example.com/cb1 https://client.example.com/cb2";
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseFail(response);
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
RegisterResponse(io.jans.as.client.RegisterResponse)
RegisterClient(io.jans.as.client.RegisterClient)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 74 with RegisterResponse
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation.
// Run this test with both pairwiseIdType persistent and algorithmic
// And ensure shareSubjectIdBetweenClientsWithSameSectorId is set to false
@Parameters({ "redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret" })
@Test(enabled = false)
public void pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation(final String redirectUris, final String sectorIdentifierUri, final String redirectUri, final String userId, final String userSecret) throws Exception {
showTitle("pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation");
RegisterResponse registerResponse1 = requestClientRegistration(redirectUris, sectorIdentifierUri);
RegisterResponse registerResponse2 = requestClientRegistration(redirectUris, sectorIdentifierUri);
String sub1 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub2 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertNotEquals(sub1, sub2, "Each client must receive a different sub value");
String sub3 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub4 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertEquals(sub1, sub3, "Same client must receive the same sub value");
assertEquals(sub2, sub4, "Same client must receive the same sub value");
}
Also used :
RegisterResponse(io.jans.as.client.RegisterResponse)
Parameters(org.testng.annotations.Parameters)
Test(org.testng.annotations.Test)
BaseTest(io.jans.as.client.BaseTest)
Example 75 with RegisterResponse
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method requestAuthorizationCodeWithPublicSectorIdentifierType.
public String requestAuthorizationCodeWithPublicSectorIdentifierType(final String redirectUris, final String redirectUri, final String userId, final String userSecret) throws Exception {
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client with Sector Identifier URL
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSubjectType(SubjectType.PUBLIC);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
assertAuthorizationResponse(authorizationResponse, true);
assertEquals(authorizationResponse.getState(), state);
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, false);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
// 4. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
String accessToken = tokenResponse.getAccessToken();
// 5. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
return sub;
}
Also used :
RegisterRequest(io.jans.as.client.RegisterRequest)
AuthorizationRequest(io.jans.as.client.AuthorizationRequest)
Jwt(io.jans.as.model.jwt.Jwt)
UserInfoClient(io.jans.as.client.UserInfoClient)
ResponseType(io.jans.as.model.common.ResponseType)
AuthorizationResponse(io.jans.as.client.AuthorizationResponse)
RegisterResponse(io.jans.as.client.RegisterResponse)
RSAPublicKey(io.jans.as.model.crypto.signature.RSAPublicKey)
TokenResponse(io.jans.as.client.TokenResponse)
RegisterClient(io.jans.as.client.RegisterClient)
RSASigner(io.jans.as.model.jws.RSASigner)
TokenRequest(io.jans.as.client.TokenRequest)
UserInfoResponse(io.jans.as.client.UserInfoResponse)
AuthorizeClient(io.jans.as.client.AuthorizeClient)
TokenClient(io.jans.as.client.TokenClient)
Aggregations
RegisterResponse (io.jans.as.client.RegisterResponse)1571
Test (org.testng.annotations.Test)1541
BaseTest (io.jans.as.client.BaseTest)1537
Parameters (org.testng.annotations.Parameters)1528
ResponseType (io.jans.as.model.common.ResponseType)1304
AuthorizationRequest (io.jans.as.client.AuthorizationRequest)928
RegisterClient (io.jans.as.client.RegisterClient)752
RegisterRequest (io.jans.as.client.RegisterRequest)751
AuthorizationResponse (io.jans.as.client.AuthorizationResponse)726
AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)675
JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)607
Claim (io.jans.as.client.model.authorize.Claim)434
TokenResponse (io.jans.as.client.TokenResponse)245
TokenClient (io.jans.as.client.TokenClient)239
TokenRequest (io.jans.as.client.TokenRequest)225
AuthorizeClient (io.jans.as.client.AuthorizeClient)197
UserInfoResponse (io.jans.as.client.UserInfoResponse)190
UserInfoClient (io.jans.as.client.UserInfoClient)189
Jwt (io.jans.as.model.jwt.Jwt)167
BackchannelAuthenticationClient (io.jans.as.client.BackchannelAuthenticationClient)105
