Search in sources :

Example 81 with TokenResponse

use of io.jans.as.client.TokenResponse in project jans by JanssenProject.

the class ClientCredentialsGrantHttpTest method privateKeyJwtAuthenticationMethodRS512Fail.

@Parameters({ "redirectUris", "clientJwksUri", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
@Test
public void privateKeyJwtAuthenticationMethodRS512Fail(final String redirectUris, final String clientJwksUri, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("privateKeyJwtAuthenticationMethodRS512Fail");
    List<String> scopes = Arrays.asList("clientinfo");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setScope(scopes);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwksUri(clientJwksUri);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request Client Credentials Grant
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.CLIENT_CREDENTIALS);
    tokenRequest.setScope("clientinfo");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS512);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId("RS512SIG_INVALID_KEYID");
    tokenRequest.setAudience(tokenEndpoint);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 401, "Unexpected response code: " + tokenResponse.getStatus());
    assertNotNull(tokenResponse.getErrorType());
    assertEquals(tokenResponse.getErrorType(), TokenErrorResponseType.INVALID_CLIENT);
    assertNotNull(tokenResponse.getErrorDescription());
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 82 with TokenResponse

use of io.jans.as.client.TokenResponse in project jans by JanssenProject.

the class ClientInfoRestWebServiceHttpTest method requestClientInfoPasswordFlow.

@Parameters({ "userId", "userSecret", "redirectUris", "sectorIdentifierUri" })
@Test
public void requestClientInfoPasswordFlow(final String userId, final String userSecret, final String redirectUris, final String sectorIdentifierUri) {
    showTitle("requestClientInfoPasswordFlow");
    List<GrantType> grantTypes = Collections.singletonList(GrantType.RESOURCE_OWNER_PASSWORD_CREDENTIALS);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setGrantTypes(grantTypes);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    String scope = "clientinfo";
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    TokenResponse response1 = tokenClient.execResourceOwnerPasswordCredentialsGrant(userId, userSecret, scope, clientId, clientSecret);
    showClient(tokenClient);
    assertTokenResponseOk(response1, false, false);
    assertNotNull(response1.getScope(), "The scope is null");
    String accessToken = response1.getAccessToken();
    // 3. Request client info
    ClientInfoClient clientInfoClient = new ClientInfoClient(clientInfoEndpoint);
    ClientInfoResponse response2 = clientInfoClient.execClientInfo(accessToken);
    showClient(clientInfoClient);
    assertEquals(response2.getStatus(), 200, "Unexpected response code: " + response2.getStatus());
    assertNotNull(response2.getClaim("name"), "Unexpected result: displayName not found");
    assertNotNull(response2.getClaim("inum"), "Unexpected result: inum not found");
    assertNotNull(response2.getClaim("jansAppType"), "Unexpected result: jansAppTyp not found");
    assertNotNull(response2.getClaim("jansIdTknSignedRespAlg"), "Unexpected result: jansIdTknSignedRespAlg not found");
    assertNotNull(response2.getClaim("jansRedirectURI"), "Unexpected result: jansRedirectURI not found");
    assertNotNull(response2.getClaim("jansScope"), "Unexpected result: jansScope not found");
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) GrantType(io.jans.as.model.common.GrantType) TokenClient(io.jans.as.client.TokenClient) ClientInfoClient(io.jans.as.client.ClientInfoClient) ClientInfoResponse(io.jans.as.client.ClientInfoResponse) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 83 with TokenResponse

use of io.jans.as.client.TokenResponse in project jans by JanssenProject.

the class OPRegistrationJwks method opRegistrationJwks.

@Parameters({ "redirectUri", "postLogoutRedirectUri", "clientJwksUri", "userId", "userSecret", "RS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret" })
@Test
public void opRegistrationJwks(final String redirectUri, final String postLogoutRedirectUri, final String clientJwksUri, final String userId, final String userSecret, final String keyId, final String dnName, final String keyStoreFile, final String keyStoreSecret) throws Exception {
    showTitle("opRegistrationJwks");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<GrantType> grantTypes = Arrays.asList(GrantType.AUTHORIZATION_CODE);
    List<String> contacts = Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com");
    // 1. Register client
    JwkClient jwkClient = new JwkClient(clientJwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUri));
    registerRequest.setPostLogoutRedirectUris(Arrays.asList(postLogoutRedirectUri));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setGrantTypes(grantTypes);
    registerRequest.setContacts(contacts);
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    registerRequest.setJwks(jwkResponse.getJwks().toString());
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    assertNotNull(registerResponse.getResponseTypes());
    assertTrue(registerResponse.getResponseTypes().containsAll(responseTypes));
    assertNotNull(registerResponse.getGrantTypes());
    assertTrue(registerResponse.getGrantTypes().containsAll(grantTypes));
    assertNotNull(registerResponse.getClaims().get(RegisterRequestParam.JWKS.getName()));
    assertNotNull(registerResponse.getClaims().get(RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD.getName()));
    assertEquals(AuthenticationMethod.PRIVATE_KEY_JWT.toString(), registerResponse.getClaims().get(RegisterRequestParam.TOKEN_ENDPOINT_AUTH_METHOD.getName()));
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<String> scopes = Arrays.asList("openid");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getState());
    assertNotNull(authorizationResponse.getScope());
    String authorizationCode = authorizationResponse.getCode();
    // 3. Request access token using the authorization code.
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.PRIVATE_KEY_JWT);
    tokenRequest.setAlgorithm(SignatureAlgorithm.RS256);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setKeyId(keyId);
    tokenRequest.setAudience(tokenEndpoint);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) GrantType(io.jans.as.model.common.GrantType) ResponseType(io.jans.as.model.common.ResponseType) JwkClient(io.jans.as.client.JwkClient) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JwkResponse(io.jans.as.client.JwkResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 84 with TokenResponse

use of io.jans.as.client.TokenResponse in project jans by JanssenProject.

the class CanMakeAccessTokenRequestWithClientSecretJwtAuthentication method canMakeAccessTokenRequestWithClientSecretJwtAuthentication.

@Parameters({ "redirectUris", "redirectUri", "userId", "userSecret", "sectorIdentifierUri" })
@Test
public void canMakeAccessTokenRequestWithClientSecretJwtAuthentication(final String redirectUris, final String redirectUri, final String userId, final String userSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("OC5:FeatureTest-Can Make Access Token Request with client secret jwt Authentication");
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setTokenEndpointAuthMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, null);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String authorizationCode = authorizationResponse.getCode();
    // 3. Get Access Token
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_JWT);
    tokenRequest.setCryptoProvider(cryptoProvider);
    tokenRequest.setAudience(tokenEndpoint);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertTokenResponseOk(tokenResponse, true);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) BaseTest(io.jans.as.client.BaseTest) Test(org.testng.annotations.Test)

Example 85 with TokenResponse

use of io.jans.as.client.TokenResponse in project jans by JanssenProject.

the class MTSLClientAuthenticationMain method main.

public static void main(String[] args) throws Exception {
    File jdkJks = new File("u:\\tmp\\ce-ob\\clientkeystore");
    assertTrue(jdkJks.exists(), "Failed to find jks trust store");
    File certificate = new File("u:\\tmp\\ce-ob\\fullchain.p12");
    assertTrue(certificate.exists(), "Failed to find certificate");
    HttpClient httpclient = new DefaultHttpClient();
    // truststore
    KeyStore ts = KeyStore.getInstance("JKS", "SUN");
    ts.load(new FileInputStream(jdkJks), "secret".toCharArray());
    // if you remove me, you've got 'javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated' on missing truststore
    if (0 == ts.size())
        throw new IOException("Error loading truststore");
    // tmf
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ts);
    // keystore
    KeyStore ks = KeyStore.getInstance("PKCS12", "SunJSSE");
    ks.load(new FileInputStream(certificate), "".toCharArray());
    // if you remove me, you've got 'javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated' on missing keystore
    if (0 == ks.size())
        throw new IOException("Error loading keystore");
    // kmf
    KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, "".toCharArray());
    // SSL
    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    // socket
    SSLSocketFactory socketFactory = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    Scheme sch = new Scheme("https", 443, socketFactory);
    httpclient.getConnectionManager().getSchemeRegistry().register(sch);
    String clientId = "@!D445.22BF.5EF1.0D87!0001!03F2.297D!0008!F599.E2C7";
    String clientSecret = "testClientSecret";
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode("testCode");
    tokenRequest.setRedirectUri("https://ce-ob.gluu.org/cas/login");
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.TLS_CLIENT_AUTH);
    TokenClient tokenClient = new TokenClient("https://ce-ob.gluu.org/jans-auth/restv1/token");
    tokenClient.setExecutor(new ApacheHttpClient43Engine(httpclient));
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    System.out.println(tokenResponse);
    showClient(tokenClient);
}
Also used : Scheme(org.apache.http.conn.scheme.Scheme) IOException(java.io.IOException) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) FileInputStream(java.io.FileInputStream) ApacheHttpClient43Engine(org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient43Engine) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TokenResponse(io.jans.as.client.TokenResponse) DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient) HttpClient(org.apache.http.client.HttpClient) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) TokenRequest(io.jans.as.client.TokenRequest) SSLSocketFactory(org.apache.http.conn.ssl.SSLSocketFactory) File(java.io.File) TokenClient(io.jans.as.client.TokenClient)

Aggregations

TokenResponse (io.jans.as.client.TokenResponse)280 TokenClient (io.jans.as.client.TokenClient)263 Parameters (org.testng.annotations.Parameters)259 Test (org.testng.annotations.Test)254 BaseTest (io.jans.as.client.BaseTest)253 RegisterResponse (io.jans.as.client.RegisterResponse)245 TokenRequest (io.jans.as.client.TokenRequest)241 RegisterClient (io.jans.as.client.RegisterClient)223 RegisterRequest (io.jans.as.client.RegisterRequest)223 ResponseType (io.jans.as.model.common.ResponseType)185 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)178 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)160 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)159 GrantType (io.jans.as.model.common.GrantType)53 UserInfoResponse (io.jans.as.client.UserInfoResponse)37 UserInfoClient (io.jans.as.client.UserInfoClient)36 Jwt (io.jans.as.model.jwt.Jwt)30 RSAPublicKey (io.jans.as.model.crypto.signature.RSAPublicKey)24 RSASigner (io.jans.as.model.jws.RSASigner)24 ClientInfoClient (io.jans.as.client.ClientInfoClient)16