Search in sources :

Example 16 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRequestObjectWithoutNbfFails.

@Parameters({ "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRequestObjectWithoutNbfFails(final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String signingKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRequestObjectWithoutNbfFails");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS256, cryptoProvider1);
    jwsAuthorizationRequest.setResponseTypes(responseTypes);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setScopes(scope);
    jwsAuthorizationRequest.setKeyId(signingKeyId);
    jwsAuthorizationRequest.setRedirectUri(redirectUri);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // FAPI: nbf param is required
    jwsAuthorizationRequest.setNbf(null);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp((int) Instant.now().getEpochSecond() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertNotNull(authorizationResponse.getResponse());
    Jwe response = Jwe.parse(authorizationResponse.getResponse(), privateKey, null);
    assertJweResponse(response);
    assertTrue(Arrays.asList("invalid_request", "invalid_request_object", "invalid_request_uri", "access_denied").contains(response.getClaims().getClaimAsString("error")));
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 17 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRegisteredRedirectUri.

@Parameters({ "audience", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRegisteredRedirectUri(final String audience, final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String signingKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRegisteredRedirectUri");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS256, cryptoProvider1);
    jwsAuthorizationRequest.setKeyId(signingKeyId);
    jwsAuthorizationRequest.setAud(audience);
    jwsAuthorizationRequest.setIss(clientId);
    jwsAuthorizationRequest.setScopes(scope);
    jwsAuthorizationRequest.setResponseTypes(responseTypes);
    jwsAuthorizationRequest.setRedirectUri(redirectUri);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setClientId(clientId);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setNbf((int) Instant.now().getEpochSecond());
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp(jwsAuthorizationRequest.getNbf() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertEquals(authorizationResponse.getStatus(), 400);
    assertNotNull(authorizationResponse.getEntity());
    assertNotNull(authorizationResponse.getErrorType());
    assertNotNull(authorizationResponse.getErrorDescription());
    assertEquals(authorizationResponse.getErrorType(), AuthorizeErrorResponseType.INVALID_REQUEST);
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 18 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRequestObjectWithNbfOver60Ffails.

@Parameters({ "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRequestObjectWithNbfOver60Ffails(final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String signingKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRequestObjectWithNbfOver60Ffails");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS256, cryptoProvider1);
    jwsAuthorizationRequest.setKeyId(signingKeyId);
    jwsAuthorizationRequest.setRedirectUri(redirectUri);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // Added invalid nbf value to request object which is 70 minutes in the past
    jwsAuthorizationRequest.setNbf((int) Instant.now().getEpochSecond() - 4200);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp((int) Instant.now().getEpochSecond() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertNotNull(authorizationResponse.getResponse());
    Jwe response = Jwe.parse(authorizationResponse.getResponse(), privateKey, null);
    assertJweResponse(response);
    assertEquals(response.getClaims().getClaimAsString("error"), "invalid_request_object");
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 19 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRequestObjectSignatureAlgorithmIsNotNone.

@Parameters({ "audience", "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRequestObjectSignatureAlgorithmIsNotNone(final String audience, final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRequestObjectSignatureAlgorithmIsNotNone");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.RS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    authorizationRequest.setState(state);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    // none Request Object is not permitted by the FAPI-RW specification.
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.NONE, cryptoProvider1);
    jwsAuthorizationRequest.setAud(audience);
    jwsAuthorizationRequest.setIss(clientId);
    jwsAuthorizationRequest.setScopes(scope);
    jwsAuthorizationRequest.setResponseTypes(responseTypes);
    jwsAuthorizationRequest.setRedirectUri(redirectUri);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setClientId(clientId);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setNbf((int) Instant.now().getEpochSecond());
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp(jwsAuthorizationRequest.getNbf() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertNotNull(authorizationResponse.getResponse());
    Jwe response = Jwe.parse(authorizationResponse.getResponse(), privateKey, null);
    assertJweResponse(response);
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Example 20 with JwtAuthorizationRequest

use of io.jans.as.client.model.authorize.JwtAuthorizationRequest in project jans by JanssenProject.

the class AuthorizationResponseModeJwtResponseTypeCodeSignedEncryptedHttpTest method ensureRequestObjectWithBadAudFails.

@Parameters({ "redirectUri", "redirectUris", "clientJwksUri", "RSA_OAEP_keyId", "PS256_keyId", "dnName", "keyStoreFile", "keyStoreSecret", "sectorIdentifierUri" })
// Enable FAPI to run this test!
@Test(enabled = false)
public void ensureRequestObjectWithBadAudFails(final String redirectUri, final String redirectUris, final String clientJwksUri, final String encryptionKeyId, final String signingKeyId, final String dnName, final String keyStoreFile, final String keyStoreSecret, final String sectorIdentifierUri) throws Exception {
    showTitle("ensureRequestObjectWithBadAudFails");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Dynamic Client Registration
    RegisterResponse registerResponse = registerClient(redirectUris, responseTypes, sectorIdentifierUri, clientJwksUri, SignatureAlgorithm.PS256, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM);
    String clientId = registerResponse.getClientId();
    // 2. Request authorization
    List<String> scope = Arrays.asList("openid", "profile", "address", "email");
    String state = UUID.randomUUID().toString();
    String nonce = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scope, redirectUri, null);
    AuthCryptoProvider cryptoProvider1 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    JwtAuthorizationRequest jwsAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.PS256, cryptoProvider1);
    jwsAuthorizationRequest.setKeyId(signingKeyId);
    // Added bad aud to request object claims
    jwsAuthorizationRequest.setAud("https://www.other1.example.com/");
    jwsAuthorizationRequest.setRedirectUri(redirectUri);
    jwsAuthorizationRequest.setResponseMode(ResponseMode.JWT);
    jwsAuthorizationRequest.setState(state);
    // FAPI: nonce param is required
    jwsAuthorizationRequest.setNonce(nonce);
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setNbf((int) Instant.now().getEpochSecond());
    // FAPI: require the request object to contain an exp claim that has a lifetime of no longer than 60 minutes after the nbf claim
    jwsAuthorizationRequest.setExp(jwsAuthorizationRequest.getNbf() + 3600);
    Jwt authJws = Jwt.parse(jwsAuthorizationRequest.getEncodedJwt());
    JwkClient jwkClient = new JwkClient(jwksUri);
    JwkResponse jwkResponse = jwkClient.exec();
    String serverKeyId = jwkResponse.getKeyId(Algorithm.RSA_OAEP);
    assertNotNull(serverKeyId);
    JSONObject jwks = JwtUtil.getJSONWebKeys(jwksUri);
    AuthCryptoProvider cryptoProvider2 = new AuthCryptoProvider(keyStoreFile, keyStoreSecret, dnName);
    privateKey = cryptoProvider2.getPrivateKey(encryptionKeyId);
    JwtAuthorizationRequest jweAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, KeyEncryptionAlgorithm.RSA_OAEP, BlockEncryptionAlgorithm.A256GCM, cryptoProvider2);
    jweAuthorizationRequest.setKeyId(serverKeyId);
    jweAuthorizationRequest.setNestedPayload(authJws);
    String authJwe = jweAuthorizationRequest.getEncodedJwt(jwks);
    authorizationRequest.setRequest(authJwe);
    AuthorizeClient authorizeClient = new AuthorizeClient(authorizationEndpoint);
    authorizeClient.setRequest(authorizationRequest);
    AuthorizationResponse authorizationResponse = authorizeClient.exec();
    showClient(authorizeClient);
    assertNotNull(authorizationResponse.getResponse());
    Jwe response = Jwe.parse(authorizationResponse.getResponse(), privateKey, null);
    assertJweResponse(response);
    assertEquals(response.getClaims().getClaimAsString("error"), "invalid_request_object");
    // Clear private key to do not affect to other tests
    privateKey = null;
}
Also used : JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) AuthorizeErrorResponseType(io.jans.as.model.authorize.AuthorizeErrorResponseType) ResponseType(io.jans.as.model.common.ResponseType) JSONObject(org.json.JSONObject) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwe(io.jans.as.model.jwe.Jwe) AuthCryptoProvider(io.jans.as.model.crypto.AuthCryptoProvider) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test)

Aggregations

JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)512 Parameters (org.testng.annotations.Parameters)510 Test (org.testng.annotations.Test)510 ResponseType (io.jans.as.model.common.ResponseType)492 Claim (io.jans.as.client.model.authorize.Claim)472 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)465 BaseTest (io.jans.as.client.BaseTest)453 RegisterResponse (io.jans.as.client.RegisterResponse)435 AuthCryptoProvider (io.jans.as.model.crypto.AuthCryptoProvider)434 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)192 JSONObject (org.json.JSONObject)102 RegisterClient (io.jans.as.client.RegisterClient)99 RegisterRequest (io.jans.as.client.RegisterRequest)99 UserInfoClient (io.jans.as.client.UserInfoClient)95 UserInfoResponse (io.jans.as.client.UserInfoResponse)95 JwkClient (io.jans.as.client.JwkClient)84 JwkResponse (io.jans.as.client.JwkResponse)84 AuthorizeClient (io.jans.as.client.AuthorizeClient)73 Jwt (io.jans.as.model.jwt.Jwt)65 UserInfoRequest (io.jans.as.client.UserInfoRequest)46