use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method requestClientRead1.
@Test(dependsOnMethods = "requestClientAssociate1")
public void requestClientRead1() throws Exception {
showTitle("requestClientRead1");
RegisterRequest registerRequest = new RegisterRequest(registrationAccessToken1);
RegisterClient registerClient = new RegisterClient(registrationClientUri1);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method shareSubjectIdBetweenClientsWithSameSectorId.
// Run this test with both pairwiseIdType persistent and algorithmic
// And ensure shareSubjectIdBetweenClientsWithSameSectorId is set to true
@Parameters({ "redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret" })
@Test(enabled = true)
public void shareSubjectIdBetweenClientsWithSameSectorId(final String redirectUris, final String sectorIdentifierUri, final String redirectUri, final String userId, final String userSecret) throws Exception {
showTitle("shareSubjectIdBetweenClientsWithSameSectorId");
RegisterResponse registerResponse1 = requestClientRegistration(redirectUris, sectorIdentifierUri);
RegisterResponse registerResponse2 = requestClientRegistration(redirectUris, sectorIdentifierUri);
String sub1 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub2 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertEquals(sub1, sub2, "Each client must share the same sub value");
String sub3 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub4 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertEquals(sub1, sub3, "Same client must receive the same sub value");
assertEquals(sub2, sub4, "Same client must receive the same sub value");
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method sectorIdentifierUrlVerificationFail2.
@Parameters({ "sectorIdentifierUri" })
@Test
public void sectorIdentifierUrlVerificationFail2(final String sectorIdentifierUri) throws Exception {
showTitle("sectorIdentifierUrlVerificationFail2");
String redirectUris = "https://INVALID_REDIRECT_URI https://client.example.com/cb https://client.example.com/cb1 https://client.example.com/cb2";
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseFail(response);
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation.
// Run this test with both pairwiseIdType persistent and algorithmic
// And ensure shareSubjectIdBetweenClientsWithSameSectorId is set to false
@Parameters({ "redirectUris", "sectorIdentifierUri", "redirectUri", "userId", "userSecret" })
@Test(enabled = false)
public void pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation(final String redirectUris, final String sectorIdentifierUri, final String redirectUri, final String userId, final String userSecret) throws Exception {
showTitle("pairwiseSectorIdentifierTypeToPreventSubjectIdentifierCorrelation");
RegisterResponse registerResponse1 = requestClientRegistration(redirectUris, sectorIdentifierUri);
RegisterResponse registerResponse2 = requestClientRegistration(redirectUris, sectorIdentifierUri);
String sub1 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub2 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertNotEquals(sub1, sub2, "Each client must receive a different sub value");
String sub3 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse1.getClientId(), registerResponse1.getClientSecret(), registerResponse1.getResponseTypes());
String sub4 = requestAuthorizationCodeWithPairwiseSectorIdentifierType(redirectUri, userId, userSecret, registerResponse2.getClientId(), registerResponse2.getClientSecret(), registerResponse2.getResponseTypes());
assertEquals(sub1, sub3, "Same client must receive the same sub value");
assertEquals(sub2, sub4, "Same client must receive the same sub value");
}
use of io.jans.as.client.RegisterResponse in project jans by JanssenProject.
the class SectorIdentifierUrlVerificationHttpTest method requestAuthorizationCodeWithPublicSectorIdentifierType.
public String requestAuthorizationCodeWithPublicSectorIdentifierType(final String redirectUris, final String redirectUri, final String userId, final String userSecret) throws Exception {
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE, ResponseType.ID_TOKEN);
// 1. Register client with Sector Identifier URL
RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
registerRequest.addCustomAttribute("jansTrustedClnt", "true");
registerRequest.setResponseTypes(responseTypes);
registerRequest.setSubjectType(SubjectType.PUBLIC);
registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_POST);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
RegisterResponse registerResponse = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(registerResponse, 201, true);
String clientId = registerResponse.getClientId();
String clientSecret = registerResponse.getClientSecret();
// 2. Request authorization and receive the authorization code.
List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
String state = UUID.randomUUID().toString();
String nonce = UUID.randomUUID().toString();
AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
authorizationRequest.setState(state);
authorizationRequest.setAuthUsername(userId);
authorizationRequest.setAuthPassword(userSecret);
authorizationRequest.getPrompts().add(Prompt.NONE);
AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
authorizeClient.setRequest(authorizationRequest);
AuthorizationResponse authorizationResponse = authorizeClient.exec();
showClient(authorizeClient);
assertEquals(authorizationResponse.getStatus(), 302, "Unexpected response code: " + authorizationResponse.getStatus());
assertAuthorizationResponse(authorizationResponse, true);
assertEquals(authorizationResponse.getState(), state);
String authorizationCode = authorizationResponse.getCode();
String idToken = authorizationResponse.getIdToken();
// 3. Validate id_token
Jwt jwt = Jwt.parse(idToken);
assertJwtStandarClaimsNotNull(jwt, false);
assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.CODE_HASH));
RSAPublicKey publicKey = JwkClient.getRSAPublicKey(jwksUri, jwt.getHeader().getClaimAsString(JwtHeaderName.KEY_ID));
RSASigner rsaSigner = new RSASigner(SignatureAlgorithm.RS256, publicKey);
assertTrue(rsaSigner.validate(jwt));
String sub = jwt.getClaims().getClaimAsString(JwtClaimName.SUBJECT_IDENTIFIER);
// 4. Request access token using the authorization code.
TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
tokenRequest.setCode(authorizationCode);
tokenRequest.setRedirectUri(redirectUri);
tokenRequest.setAuthUsername(clientId);
tokenRequest.setAuthPassword(clientSecret);
tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_POST);
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setRequest(tokenRequest);
TokenResponse tokenResponse = tokenClient.exec();
showClient(tokenClient);
assertTokenResponseOk(tokenResponse, true);
String accessToken = tokenResponse.getAccessToken();
// 5. Request user info
UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
showClient(userInfoClient);
assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
assertUserInfoPersonalDataNotNull(userInfoResponse);
return sub;
}
Aggregations