use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method registerClientWithRequestObject.
/**
* Request client registration with signed request object and software statement (with jwks_uri against which validation has to be performed).
* It should be run with following server configuration settings:
* - "dcrSignatureValidationEnabled": true,
* - "dcrSignatureValidationSoftwareStatementJwksURIClaim": "jwks_uri",
* - "dcrSignatureValidationSoftwareStatementJwksClaim": null,
* - "dcrSignatureValidationJwks": null,
* - "dcrSignatureValidationJwksUri": null,
* - "softwareStatementValidationType": "jwks_uri",
* - "softwareStatementValidationClaimName": "jwks_uri",
*/
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Ignore("server's `dcrSignatureValidationEnabled` configuration property should be set to true to get this test passed.")
public // @Test
void registerClientWithRequestObject(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("registerClientWithRequestObject");
String softwareId = UUID.randomUUID().toString();
String softwareVersion = "5.0";
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
softwareStatement.setKeyId(keyId);
softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
softwareStatement.getClaims().put(REQUEST_URIS.toString(), Arrays.asList("http://www.gluu.org/request"));
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
RegisterRequest registerRequest = new RegisterRequest();
registerRequest.setSoftwareStatement(encodedSoftwareStatement);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest.sign(SignatureAlgorithm.RS256, keyId, cryptoProvider));
registerClient.setExecutor(clientEngine(true));
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
registrationAccessToken2 = response.getRegistrationAccessToken();
registrationClientUri2 = response.getRegistrationClientUri();
}
use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method requestClientAssociate1.
/**
* Verify signature with JWKS_URI
*/
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void requestClientAssociate1(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("requestClientAssociate1");
String softwareId = UUID.randomUUID().toString();
String softwareVersion = "version_3.1.5";
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
softwareStatement.setKeyId(keyId);
softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
RegisterRequest registerRequest = new RegisterRequest();
registerRequest.setSoftwareStatement(encodedSoftwareStatement);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
registerClient.setExecutor(clientEngine(true));
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertEquals(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()), logoutUri);
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
registrationAccessToken1 = response.getRegistrationAccessToken();
registrationClientUri1 = response.getRegistrationClientUri();
}
use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.
the class RegisterRequest method sign.
public RegisterRequest sign(SignatureAlgorithm signatureAlgorithm, String kid, AuthCryptoProvider cryptoProvider) throws Exception {
final SoftwareStatement ssa = new SoftwareStatement(signatureAlgorithm, cryptoProvider);
ssa.setKeyId(kid);
return sign(ssa);
}
use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method registerClientWithRequestObjectAndUpdateWithClientCredentialsGrant.
/**
* Request client registration with signed request object and software statement (with jwks_uri against which validation has to be performed).
* It should be run with following server configuration settings:
* - "dcrSignatureValidationEnabled": true,
* - "dcrSignatureValidationSoftwareStatementJwksURIClaim": "jwks_uri",
* - "dcrSignatureValidationSoftwareStatementJwksClaim": null,
* - "dcrSignatureValidationJwks": null,
* - "dcrSignatureValidationJwksUri": null,
* - "softwareStatementValidationType": "jwks_uri",
* - "softwareStatementValidationClaimName": "jwks_uri",
* - "dcrAuthorizationWithClientCredentials": true
*/
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Ignore("server's `dcrSignatureValidationEnabled` and `dcrAuthorizationWithClientCredentials` configuration properties should be set to true to get this test passed.")
public // @Test
void registerClientWithRequestObjectAndUpdateWithClientCredentialsGrant(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("registerClientWithRequestObjectAndUpdateWithClientCredentialsGrant");
String softwareId = UUID.randomUUID().toString();
String softwareVersion = "5.0";
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
softwareStatement.setKeyId(keyId);
softwareStatement.getClaims().put(GRANT_TYPES.toString(), Collections.singletonList(GrantType.CLIENT_CREDENTIALS.getValue()));
softwareStatement.getClaims().put(RESPONSE_TYPES.toString(), Arrays.asList(ResponseType.TOKEN.getValue(), ResponseType.ID_TOKEN.getValue(), ResponseType.CODE.getValue()));
softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
softwareStatement.getClaims().put(CONTACTS.toString(), Collections.singletonList("yuriy@gluu.org"));
softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_BASIC);
softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_BASIC);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
RegisterRequest registerRequest = new RegisterRequest();
registerRequest.setSoftwareStatement(encodedSoftwareStatement);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest.sign(SignatureAlgorithm.RS256, keyId, cryptoProvider));
registerClient.setExecutor(clientEngine(true));
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 200, false);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_BASIC);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
TokenClient tokenClient = new TokenClient(tokenEndpoint);
tokenClient.setExecutor(clientEngine(true));
TokenResponse tokenResponse = tokenClient.execClientCredentialsGrant("openid", response.getClientId(), response.getClientSecret());
showClient(tokenClient);
assertNotNull(tokenResponse);
assertNotNull(tokenResponse.getAccessToken());
RegisterRequest updateRequest = new RegisterRequest();
// client credentials token
updateRequest.setAccessToken(tokenResponse.getAccessToken());
updateRequest.setHttpMethod("PUT");
updateRequest.setClientName("UpdatedName");
RegisterClient updateClient = new RegisterClient(registrationEndpoint);
updateClient.setRequest(updateRequest);
final RegisterResponse updateResponse = updateClient.exec();
showClient(tokenClient);
assertNotNull(updateResponse);
assertEquals(updateResponse.getStatus(), 200, "Unexpected response code: " + response.getEntity());
}
use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.
the class RegistrationWithSoftwareStatementTest method requestClientAssociate2.
/**
* Verify signature with JWKS
*/
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void requestClientAssociate2(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
showTitle("requestClientAssociate2");
String softwareId = UUID.randomUUID().toString();
String softwareVersion = "version_3.1.5";
AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
softwareStatement.setKeyId(keyId);
softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
RegisterRequest registerRequest = new RegisterRequest();
registerRequest.setSoftwareStatement(encodedSoftwareStatement);
RegisterClient registerClient = new RegisterClient(registrationEndpoint);
registerClient.setRequest(registerRequest);
registerClient.setExecutor(clientEngine(true));
RegisterResponse response = registerClient.exec();
showClient(registerClient);
assertRegisterResponseOk(response, 201, true);
assertNotNull(response.getFirstClaim(SCOPE.toString()));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
List<String> scopes = new ArrayList<>();
for (int i = 0; i < scopesJsonArray.length(); i++) {
scopes.add(scopesJsonArray.get(i).toString());
}
assertTrue(scopes.contains("openid"));
assertTrue(scopes.contains("address"));
assertTrue(scopes.contains("email"));
assertTrue(scopes.contains("profile"));
assertTrue(scopes.contains("phone"));
assertTrue(scopes.contains("clientinfo"));
assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
registrationAccessToken2 = response.getRegistrationAccessToken();
registrationClientUri2 = response.getRegistrationClientUri();
}
Aggregations