Search in sources :

Example 11 with JwtState

use of io.jans.as.client.model.JwtState in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterPS256.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "PS256_keyId" })
@Test
public void encodeClaimsInStateParameterPS256(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
    showTitle("encodeClaimsInStateParameterPS256");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.PS256, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String state = authorizationResponse.getState();
    // 3. Validate state
    Jwt jwt = Jwt.parse(state);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.PS256);
    assertTrue(validJwt);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 12 with JwtState

use of io.jans.as.client.model.JwtState in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method jwtStateES256Test.

@Parameters({ "keyStoreFile", "keyStoreSecret", "dnName", "ES256_keyId" })
@Test
public void jwtStateES256Test(final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
    showTitle("jwtStateES256Test");
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.ES256, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    assertNotNull(encodedState);
    System.out.println("Signed JWS State: " + encodedState);
    Jwt jwt = Jwt.parse(encodedState);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.ES256);
    assertTrue(validJwt);
}
Also used : JSONObject(org.json.JSONObject) Jwt(io.jans.as.model.jwt.Jwt) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 13 with JwtState

use of io.jans.as.client.model.JwtState in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method jwtStateHS256Test.

@Test
public void jwtStateHS256Test() throws Exception {
    showTitle("jwtStateHS256Test");
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider();
    String sharedKey = "shared_key";
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.HS256, sharedKey, cryptoProvider);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    assertNotNull(encodedState);
    System.out.println("Signed JWS State: " + encodedState);
    Jwt jwt = Jwt.parse(encodedState);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, sharedKey, SignatureAlgorithm.HS256);
    assertTrue(validJwt);
}
Also used : JSONObject(org.json.JSONObject) Jwt(io.jans.as.model.jwt.Jwt) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 14 with JwtState

use of io.jans.as.client.model.JwtState in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("encodeClaimsInStateParameterAlgRSAOAEPEncA256GCM");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    JSONObject jwks = JwtUtil.getJSONWebKeys(clientJwksUri);
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt(jwks);
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String state = authorizationResponse.getState();
    // 3. Decrypt state
    PrivateKey privateKey = cryptoProvider.getPrivateKey(keyId);
    Jwe jwe = Jwe.parse(state, privateKey, null);
    assertNotNull(jwe.getClaims().getClaimAsString(KID));
    assertNotNull(jwe.getClaims().getClaimAsString(RFP));
    assertNotNull(jwe.getClaims().getClaimAsString(JTI));
    assertNotNull(jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS));
    JSONObject addClaims = jwe.getClaims().getClaimAsJSON(ADDITIONAL_CLAIMS);
    assertEquals(addClaims.getString("first_name"), "Javier");
    assertEquals(addClaims.getString("last_name"), "Rojas");
    assertEquals(addClaims.getInt("age"), 34);
    assertNotNull(addClaims.getJSONArray("more"));
    assertEquals(addClaims.getJSONArray("more").length(), 2);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) PrivateKey(java.security.PrivateKey) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) Jwe(io.jans.as.model.jwe.Jwe) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 15 with JwtState

use of io.jans.as.client.model.JwtState in project jans by JanssenProject.

the class EncodeClaimsInStateParameter method encodeClaimsInStateParameterPS384.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri", "keyStoreFile", "keyStoreSecret", "dnName", "PS384_keyId" })
@Test
public void encodeClaimsInStateParameterPS384(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId) throws Exception {
    showTitle("encodeClaimsInStateParameterPS384");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String rfp = UUID.randomUUID().toString();
    String jti = UUID.randomUUID().toString();
    JwtState jwtState = new JwtState(SignatureAlgorithm.PS384, cryptoProvider);
    jwtState.setKeyId(keyId);
    jwtState.setRfp(rfp);
    jwtState.setJti(jti);
    jwtState.setAdditionalClaims(new JSONObject(additionalClaims));
    String encodedState = jwtState.getEncodedJwt();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(encodedState);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String state = authorizationResponse.getState();
    // 3. Validate state
    Jwt jwt = Jwt.parse(state);
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), keyId, null, null, SignatureAlgorithm.PS384);
    assertTrue(validJwt);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) Asserter.assertAuthorizationResponse(io.jans.as.client.client.Asserter.assertAuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) JSONObject(org.json.JSONObject) RegisterClient(io.jans.as.client.RegisterClient) JwtState(io.jans.as.client.model.JwtState) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

BaseTest (io.jans.as.client.BaseTest)35 JwtState (io.jans.as.client.model.JwtState)35 JSONObject (org.json.JSONObject)35 Test (org.testng.annotations.Test)35 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)30 Parameters (org.testng.annotations.Parameters)29 Jwt (io.jans.as.model.jwt.Jwt)25 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)17 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)17 RegisterClient (io.jans.as.client.RegisterClient)17 RegisterRequest (io.jans.as.client.RegisterRequest)17 RegisterResponse (io.jans.as.client.RegisterResponse)17 Asserter.assertAuthorizationResponse (io.jans.as.client.client.Asserter.assertAuthorizationResponse)17 ResponseType (io.jans.as.model.common.ResponseType)17 Jwe (io.jans.as.model.jwe.Jwe)10 PrivateKey (java.security.PrivateKey)6 AbstractCryptoProvider (io.jans.as.model.crypto.AbstractCryptoProvider)1