Search in sources :

Example 76 with TokenRequest

use of io.jans.as.client.TokenRequest in project jans by JanssenProject.

the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodRS512.

@Parameters({ "redirectUris", "clientJwksUri", "RS512_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodRS512(final String redirectUris, final String clientJwksUri, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS512");
    List<String> scopes = Arrays.asList("clientinfo");
    List<GrantType> grantTypes = Arrays.asList(GrantType.CLIENT_CREDENTIALS);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request Client Credentials Grant
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, false, false);
    assertNotNull(tokenResponse.getScope());
    assertNull(tokenResponse.getRefreshToken());
    String accessToken = tokenResponse.getAccessToken();
    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse clientInfoResponse = clientInfoClient.execClientInfo(accessToken);
    showClient(clientInfoClient);
    assertEquals(clientInfoResponse.getStatus(), 200, "Unexpected response code: " + clientInfoResponse.getStatus());
    assertNotNull(clientInfoResponse.getClaim("name"), "Unexpected result: displayName not found");
    assertNotNull(clientInfoResponse.getClaim("inum"), "Unexpected result: inum not found");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) GrantType(io.jans.as.model.common.GrantType) ClientInfoResponse(io.jans.as.client.ClientInfoResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) ClientInfoClient(io.jans.as.client.ClientInfoClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 77 with TokenRequest

use of io.jans.as.client.TokenRequest in project jans by JanssenProject.

the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodRS512Fail.

@Parameters({ "redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodRS512Fail(final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS512Fail");
    List<String> scopes = Arrays.asList("clientinfo");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request Client Credentials Grant
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("RS512SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 78 with TokenRequest

use of io.jans.as.client.TokenRequest in project jans by JanssenProject.

the class OPRegistrationJwks method opRegistrationJwks.

@Parameters({ "redirectUri", "postLogoutRedirectUri", "clientJwksUri", "userId", "userSecret", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void opRegistrationJwks(final String redirectUri, final String postLogoutRedirectUri, final String clientJwksUri, final String userId, final String userSecret, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("opRegistrationJwks");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<GrantType> grantTypes = Arrays.asList(GrantType.AUTHORIZATION_CODE);
    List<String> contacts = Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com");
    // 1. Register client
    JwkClient jwkClient = new JwkClient(clientJwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUri));
    registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setContacts(contacts);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwks(jwkResponse.getJwks().toString());
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertNotNull(registerResponse.getResponseTypes());
    assertTrue(registerResponse.getResponseTypes().containsAll(responseTypes));
    assertNotNull(registerResponse.getGrantTypes());
    assertTrue(registerResponse.getGrantTypes().containsAll(grantTypes));
    assertNotNull(registerResponse.getClaims().get(RegisterRequestParam.JWKS.getName()));
    assertNotNull(registerResponse.getClaims().get(RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD.getName()));
    assertEquals(AuthenticationMethod.PRIVATE_KEY_JWT.toString(), registerResponse.getClaims().get(RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD.getName()));
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getState());
    assertNotNull(authorizationResponse.getScope());
    String authorizationCode = authorizationResponse.getCode();
    // 3. Request access token using the authorization code.
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) GrantType(io.jans.as.model.common.GrantType) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JwkResponse(io.jans.as.client.JwkResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 79 with TokenRequest

use of io.jans.as.client.TokenRequest in project jans by JanssenProject.

the class CanMakeAccessTokenRequestWithClientSecretJwtAuthentication method canMakeAccessTokenRequestWithClientSecretJwtAuthentication.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void canMakeAccessTokenRequestWithClientSecretJwtAuthentication(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Can Make Access Token Request with client secret jwt Authentication");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String authorizationCode = authorizationResponse.getCode();
    // 3. Get Access Token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 80 with TokenRequest

use of io.jans.as.client.TokenRequest in project jans by JanssenProject.

the class MTSLClientAuthenticationMain method main.

public static void main(String[] args) throws Exception {
    File jdkJks = new File("u:\\tmp\\ce-ob\\clientkeystore");
    assertTrue(jdkJks.exists(), "Failed to find jks trust store");
    File certificate = new File("u:\\tmp\\ce-ob\\fullchain.p12");
    assertTrue(certificate.exists(), "Failed to find certificate");
    HttpClient httpclient = new DefaultHttpClient();
    // truststore
    KeyStore ts = KeyStore.getInstance("JKS", "SUN");
    ts.load(new FileInputStream(jdkJks), "secret".toCharArray());
    // if you remove me, you've got 'javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated' on missing truststore
    if (0 == ts.size())
        throw new IOException("Error loading truststore");
    // tmf
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ts);
    // keystore
    KeyStore ks = KeyStore.getInstance("PKCS12", "SunJSSE");
    ks.load(new FileInputStream(certificate), "".toCharArray());
    // if you remove me, you've got 'javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated' on missing keystore
    if (0 == ks.size())
        throw new IOException("Error loading keystore");
    // kmf
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, "".toCharArray());
    // SSL
    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    // socket
    SSLSocketFactory socketFactory = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    Scheme sch = new Scheme("https", 443, socketFactory);
    httpclient.getConnectionManager().getSchemeRegistry().register(sch);
    String clientId = "@!D445.22BF.5EF1.0D87!0001!03F2.297D!0008!F599.E2C7";
    String clientSecret = "testClientSecret";
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode("testCode");
    tokenRequest.setRedirectUri("https://ce-ob.gluu.org/cas/login");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.TLS_CLIENT_AUTH);
    TokenClient tokenClient = new TokenClient("https://ce-ob.gluu.org/jans-auth/restv1/token");
    tokenClient.setExecutor(new ApacheHttpClient43Engine(httpclient));
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    System.out.println(tokenResponse);
    showClient(tokenClient);
}
Also used : Scheme(org.apache.http.conn.scheme.Scheme) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) FileInputStream(java.io.FileInputStream) ApacheHttpClient43Engine(org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TokenResponse(io.jans.as.client.TokenResponse) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) HttpClient(org.apache.http.client.HttpClient) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) TokenRequest(io.jans.as.client.TokenRequest) SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory) File(java.io.File) TokenClient(io.jans.as.client.TokenClient)

Aggregations

TokenRequest (io.jans.as.client.TokenRequest)287 Parameters (org.testng.annotations.Parameters)266 Test (org.testng.annotations.Test)265 TokenResponse (io.jans.as.client.TokenResponse)241 TokenClient (io.jans.as.client.TokenClient)240 RegisterResponse (io.jans.as.client.RegisterResponse)230 BaseTest (io.jans.as.client.BaseTest)227 RegisterClient (io.jans.as.client.RegisterClient)212 RegisterRequest (io.jans.as.client.RegisterRequest)212 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)170 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)168 ResponseType (io.jans.as.model.common.ResponseType)165 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)154 GrantType (io.jans.as.model.common.GrantType)46 JSONObject (org.json.JSONObject)42 Builder (javax.ws.rs.client.Invocation.Builder)41 MultivaluedHashMap (javax.ws.rs.core.MultivaluedHashMap)41 Response (javax.ws.rs.core.Response)41 ResteasyClientBuilder (org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder)40 JSONException (org.json.JSONException)40