Search in sources :

Example 1 with SoftwareStatement

use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.

the class RegistrationWithSoftwareStatementTest method registerClientWithRequestObject.

/**
 * Request client registration with signed request object and software statement (with jwks_uri against which validation has to be performed).
 * It should be run with following server configuration settings:
 * - "dcrSignatureValidationEnabled": true,
 * - "dcrSignatureValidationSoftwareStatementJwksURIClaim": "jwks_uri",
 * - "dcrSignatureValidationSoftwareStatementJwksClaim": null,
 * - "dcrSignatureValidationJwks": null,
 * - "dcrSignatureValidationJwksUri": null,
 * - "softwareStatementValidationType": "jwks_uri",
 * - "softwareStatementValidationClaimName": "jwks_uri",
 */
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Ignore("server's `dcrSignatureValidationEnabled` configuration property should be set to true to get this test passed.")
public // @Test
void registerClientWithRequestObject(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("registerClientWithRequestObject");
    String softwareId = UUID.randomUUID().toString();
    String softwareVersion = "5.0";
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
    softwareStatement.setKeyId(keyId);
    softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
    softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
    softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
    softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
    softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
    softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
    softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
    softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
    softwareStatement.getClaims().put(REQUEST_URIS.toString(), Arrays.asList("http://www.gluu.org/request"));
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
    softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
    softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
    softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
    softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
    String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
    RegisterRequest registerRequest = new RegisterRequest();
    registerRequest.setSoftwareStatement(encodedSoftwareStatement);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest.sign(SignatureAlgorithm.RS256, keyId, cryptoProvider));
    registerClient.setExecutor(clientEngine(true));
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 200, false);
    assertNotNull(response.getFirstClaim(SCOPE.toString()));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
    JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
    List<String> scopes = new ArrayList<>();
    for (int i = 0; i < scopesJsonArray.length(); i++) {
        scopes.add(scopesJsonArray.get(i).toString());
    }
    assertTrue(scopes.contains("openid"));
    assertTrue(scopes.contains("address"));
    assertTrue(scopes.contains("email"));
    assertTrue(scopes.contains("profile"));
    assertTrue(scopes.contains("phone"));
    assertTrue(scopes.contains("clientinfo"));
    assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
    assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
    assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
    registrationAccessToken2 = response.getRegistrationAccessToken();
    registrationClientUri2 = response.getRegistrationClientUri();
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) SoftwareStatement(io.jans.as.client.model.SoftwareStatement) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Ignore(org.testng.annotations.Ignore) Parameters(org.testng.annotations.Parameters)

Example 2 with SoftwareStatement

use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.

the class RegistrationWithSoftwareStatementTest method requestClientAssociate1.

/**
 * Verify signature with JWKS_URI
 */
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void requestClientAssociate1(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("requestClientAssociate1");
    String softwareId = UUID.randomUUID().toString();
    String softwareVersion = "version_3.1.5";
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
    softwareStatement.setKeyId(keyId);
    softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
    softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
    softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
    softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
    softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
    softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
    softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
    softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
    softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
    softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
    softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
    softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
    softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
    String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
    RegisterRequest registerRequest = new RegisterRequest();
    registerRequest.setSoftwareStatement(encodedSoftwareStatement);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    registerClient.setExecutor(clientEngine(true));
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    assertNotNull(response.getFirstClaim(SCOPE.toString()));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertEquals(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()), logoutUri);
    assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
    JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
    List<String> scopes = new ArrayList<>();
    for (int i = 0; i < scopesJsonArray.length(); i++) {
        scopes.add(scopesJsonArray.get(i).toString());
    }
    assertTrue(scopes.contains("openid"));
    assertTrue(scopes.contains("address"));
    assertTrue(scopes.contains("email"));
    assertTrue(scopes.contains("profile"));
    assertTrue(scopes.contains("phone"));
    assertTrue(scopes.contains("clientinfo"));
    assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
    assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
    assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
    registrationAccessToken1 = response.getRegistrationAccessToken();
    registrationClientUri1 = response.getRegistrationClientUri();
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) SoftwareStatement(io.jans.as.client.model.SoftwareStatement) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 3 with SoftwareStatement

use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.

the class RegisterRequest method sign.

public RegisterRequest sign(SignatureAlgorithm signatureAlgorithm, String kid, AuthCryptoProvider cryptoProvider) throws Exception {
    final SoftwareStatement ssa = new SoftwareStatement(signatureAlgorithm, cryptoProvider);
    ssa.setKeyId(kid);
    return sign(ssa);
}
Also used : SoftwareStatement(io.jans.as.client.model.SoftwareStatement)

Example 4 with SoftwareStatement

use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.

the class RegistrationWithSoftwareStatementTest method registerClientWithRequestObjectAndUpdateWithClientCredentialsGrant.

/**
 * Request client registration with signed request object and software statement (with jwks_uri against which validation has to be performed).
 * It should be run with following server configuration settings:
 * - "dcrSignatureValidationEnabled": true,
 * - "dcrSignatureValidationSoftwareStatementJwksURIClaim": "jwks_uri",
 * - "dcrSignatureValidationSoftwareStatementJwksClaim": null,
 * - "dcrSignatureValidationJwks": null,
 * - "dcrSignatureValidationJwksUri": null,
 * - "softwareStatementValidationType": "jwks_uri",
 * - "softwareStatementValidationClaimName": "jwks_uri",
 * - "dcrAuthorizationWithClientCredentials": true
 */
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Ignore("server's `dcrSignatureValidationEnabled` and `dcrAuthorizationWithClientCredentials` configuration properties should be set to true to get this test passed.")
public // @Test
void registerClientWithRequestObjectAndUpdateWithClientCredentialsGrant(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("registerClientWithRequestObjectAndUpdateWithClientCredentialsGrant");
    String softwareId = UUID.randomUUID().toString();
    String softwareVersion = "5.0";
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
    softwareStatement.setKeyId(keyId);
    softwareStatement.getClaims().put(GRANT_TYPES.toString(), Collections.singletonList(GrantType.CLIENT_CREDENTIALS.getValue()));
    softwareStatement.getClaims().put(RESPONSE_TYPES.toString(), Arrays.asList(ResponseType.TOKEN.getValue(), ResponseType.ID_TOKEN.getValue(), ResponseType.CODE.getValue()));
    softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
    softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
    softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
    softwareStatement.getClaims().put(CONTACTS.toString(), Collections.singletonList("yuriy@gluu.org"));
    softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
    softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_BASIC);
    softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
    softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
    softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
    softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
    softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
    softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
    softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_BASIC);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
    softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
    softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
    String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
    RegisterRequest registerRequest = new RegisterRequest();
    registerRequest.setSoftwareStatement(encodedSoftwareStatement);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest.sign(SignatureAlgorithm.RS256, keyId, cryptoProvider));
    registerClient.setExecutor(clientEngine(true));
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 200, false);
    assertNotNull(response.getFirstClaim(SCOPE.toString()));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_BASIC);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
    JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
    List<String> scopes = new ArrayList<>();
    for (int i = 0; i < scopesJsonArray.length(); i++) {
        scopes.add(scopesJsonArray.get(i).toString());
    }
    assertTrue(scopes.contains("openid"));
    assertTrue(scopes.contains("address"));
    assertTrue(scopes.contains("email"));
    assertTrue(scopes.contains("profile"));
    assertTrue(scopes.contains("phone"));
    assertTrue(scopes.contains("clientinfo"));
    assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
    assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
    assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setExecutor(clientEngine(true));
    TokenResponse tokenResponse = tokenClient.execClientCredentialsGrant("openid", response.getClientId(), response.getClientSecret());
    showClient(tokenClient);
    assertNotNull(tokenResponse);
    assertNotNull(tokenResponse.getAccessToken());
    RegisterRequest updateRequest = new RegisterRequest();
    // client credentials token
    updateRequest.setAccessToken(tokenResponse.getAccessToken());
    updateRequest.setHttpMethod("PUT");
    updateRequest.setClientName("UpdatedName");
    RegisterClient updateClient = new RegisterClient(registrationEndpoint);
    updateClient.setRequest(updateRequest);
    final RegisterResponse updateResponse = updateClient.exec();
    showClient(tokenClient);
    assertNotNull(updateResponse);
    assertEquals(updateResponse.getStatus(), 200, "Unexpected response code: " + response.getEntity());
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) SoftwareStatement(io.jans.as.client.model.SoftwareStatement) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) TokenClient(io.jans.as.client.TokenClient) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Ignore(org.testng.annotations.Ignore) Parameters(org.testng.annotations.Parameters)

Example 5 with SoftwareStatement

use of io.jans.as.client.model.SoftwareStatement in project jans by JanssenProject.

the class RegistrationWithSoftwareStatementTest method requestClientAssociate2.

/**
 * Verify signature with JWKS
 */
@Parameters({ "redirectUris", "sectorIdentifierUri", "logoutUri", "keyStoreFile", "keyStoreSecret", "dnName", "RS256_keyId", "clientJwksUri" })
@Test
public void requestClientAssociate2(final String redirectUris, final String sectorIdentifierUri, final String logoutUri, final String keyStoreFile, final String keyStoreSecret, final String dnName, final String keyId, final String clientJwksUri) throws Exception {
    showTitle("requestClientAssociate2");
    String softwareId = UUID.randomUUID().toString();
    String softwareVersion = "version_3.1.5";
    AuthCryptoProvider cryptoProvider = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    SoftwareStatement softwareStatement = new SoftwareStatement(SignatureAlgorithm.RS256, cryptoProvider);
    softwareStatement.setKeyId(keyId);
    softwareStatement.getClaims().put(APPLICATION_TYPE.toString(), ApplicationType.WEB);
    softwareStatement.getClaims().put(CLIENT_NAME.toString(), "jans test app");
    softwareStatement.getClaims().put(REDIRECT_URIS.toString(), StringUtils.spaceSeparatedToList(redirectUris));
    softwareStatement.getClaims().put(CONTACTS.toString(), Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    softwareStatement.getClaims().put(SCOPE.toString(), Util.listAsString(Arrays.asList("openid", "address", "profile", "email", "phone", "clientinfo", "invalid_scope")));
    softwareStatement.getClaims().put(LOGO_URI.toString(), "http://www.gluu.org/wp-content/themes/gluursn/images/logo.png");
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(POLICY_URI.toString(), "http://www.gluu.org/policy");
    softwareStatement.getClaims().put(JWKS_URI.toString(), clientJwksUri);
    softwareStatement.getClaims().put(SECTOR_IDENTIFIER_URI.toString(), sectorIdentifierUri);
    softwareStatement.getClaims().put(SUBJECT_TYPE.toString(), SubjectType.PAIRWISE);
    softwareStatement.getClaims().put(REQUEST_URIS.toString(), Collections.singletonList("http://www.gluu.org/request"));
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_URI.toString(), logoutUri);
    softwareStatement.getClaims().put(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString(), true);
    softwareStatement.getClaims().put(ID_TOKEN_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS512);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.RSA1_5);
    softwareStatement.getClaims().put(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    softwareStatement.getClaims().put(USERINFO_SIGNED_RESPONSE_ALG.toString(), SignatureAlgorithm.RS384);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ALG.toString(), KeyEncryptionAlgorithm.A128KW);
    softwareStatement.getClaims().put(USERINFO_ENCRYPTED_RESPONSE_ENC.toString(), BlockEncryptionAlgorithm.A128GCM);
    softwareStatement.getClaims().put(REQUEST_OBJECT_SIGNING_ALG.toString(), SignatureAlgorithm.RS256);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ALG.toString(), KeyEncryptionAlgorithm.A256KW);
    softwareStatement.getClaims().put(REQUEST_OBJECT_ENCRYPTION_ENC.toString(), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_METHOD.toString(), AuthenticationMethod.CLIENT_SECRET_JWT);
    softwareStatement.getClaims().put(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString(), SignatureAlgorithm.ES256);
    softwareStatement.getClaims().put(SOFTWARE_ID.toString(), softwareId);
    softwareStatement.getClaims().put(SOFTWARE_VERSION.toString(), softwareVersion);
    String encodedSoftwareStatement = softwareStatement.getEncodedJwt();
    RegisterRequest registerRequest = new RegisterRequest();
    registerRequest.setSoftwareStatement(encodedSoftwareStatement);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    registerClient.setExecutor(clientEngine(true));
    RegisterResponse response = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(response, 201, true);
    assertNotNull(response.getFirstClaim(SCOPE.toString()));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString()));
    assertTrue(Boolean.parseBoolean(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_SESSION_REQUIRED.toString())));
    assertNotNull(response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertEquals(logoutUri, response.getFirstClaim(FRONT_CHANNEL_LOGOUT_URI.toString()));
    assertNotNull(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(ID_TOKEN_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS512);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.RSA1_5);
    assertNotNull(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(ID_TOKEN_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128CBC_PLUS_HS256);
    assertNotNull(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(USERINFO_SIGNED_RESPONSE_ALG.toString())), SignatureAlgorithm.RS384);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ALG.toString())), KeyEncryptionAlgorithm.A128KW);
    assertNotNull(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(USERINFO_ENCRYPTED_RESPONSE_ENC.toString())), BlockEncryptionAlgorithm.A128GCM);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(REQUEST_OBJECT_SIGNING_ALG.toString())), SignatureAlgorithm.RS256);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString()));
    assertEquals(KeyEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ALG.toString())), KeyEncryptionAlgorithm.A256KW);
    assertNotNull(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString()));
    assertEquals(BlockEncryptionAlgorithm.fromName(response.getFirstClaim(REQUEST_OBJECT_ENCRYPTION_ENC.toString())), BlockEncryptionAlgorithm.A256CBC_PLUS_HS512);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString()));
    assertEquals(AuthenticationMethod.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_METHOD.toString())), AuthenticationMethod.CLIENT_SECRET_JWT);
    assertNotNull(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString()));
    assertEquals(SignatureAlgorithm.fromString(response.getFirstClaim(TOKEN_ENDPOINT_AUTH_SIGNING_ALG.toString())), SignatureAlgorithm.ES256);
    JSONArray scopesJsonArray = new JSONArray(StringUtils.spaceSeparatedToList(response.getFirstClaim(SCOPE.toString())));
    List<String> scopes = new ArrayList<>();
    for (int i = 0; i < scopesJsonArray.length(); i++) {
        scopes.add(scopesJsonArray.get(i).toString());
    }
    assertTrue(scopes.contains("openid"));
    assertTrue(scopes.contains("address"));
    assertTrue(scopes.contains("email"));
    assertTrue(scopes.contains("profile"));
    assertTrue(scopes.contains("phone"));
    assertTrue(scopes.contains("clientinfo"));
    assertTrue(response.getClaims().containsKey(SOFTWARE_ID.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_ID.toString()), softwareId);
    assertTrue(response.getClaims().containsKey(SOFTWARE_VERSION.toString()));
    assertEquals(response.getFirstClaim(SOFTWARE_VERSION.toString()), softwareVersion);
    assertTrue(response.getClaims().containsKey(SOFTWARE_STATEMENT.toString()));
    registrationAccessToken2 = response.getRegistrationAccessToken();
    registrationClientUri2 = response.getRegistrationClientUri();
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) SoftwareStatement(io.jans.as.client.model.SoftwareStatement) JSONArray(org.json.JSONArray) ArrayList(java.util.ArrayList) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

SoftwareStatement (io.jans.as.client.model.SoftwareStatement)5 RegisterClient (io.jans.as.client.RegisterClient)4 RegisterRequest (io.jans.as.client.RegisterRequest)4 RegisterResponse (io.jans.as.client.RegisterResponse)4 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)4 ArrayList (java.util.ArrayList)4 JSONArray (org.json.JSONArray)4 Parameters (org.testng.annotations.Parameters)4 BaseTest (io.jans.as.client.BaseTest)2 Ignore (org.testng.annotations.Ignore)2 Test (org.testng.annotations.Test)2 TokenClient (io.jans.as.client.TokenClient)1 TokenResponse (io.jans.as.client.TokenResponse)1