Search in sources :

Example 1 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class IndividualClaimsRequestsTest method requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson.

@Parameters({ "userId", "userSecret", "redirectUris", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson(final String userId, final String userSecret, final String redirectUris, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestClaimsIndividuallyRequestObjectSigningAlgNoneUserInfoSignedResponseJson");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.TOKEN, ResponseType.ID_TOKEN);
    // 1. Register client
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    registerRequest.setRequestObjectSigningAlg(SignatureAlgorithm.NONE);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE);
    registerRequest.setClaims(Arrays.asList(JwtClaimName.NAME, JwtClaimName.NICKNAME, JwtClaimName.GIVEN_NAME, JwtClaimName.FAMILY_NAME, JwtClaimName.PICTURE, JwtClaimName.ZONEINFO, JwtClaimName.LOCALE, JwtClaimName.ADDRESS_STREET_ADDRESS, JwtClaimName.ADDRESS_LOCALITY, JwtClaimName.ADDRESS_REGION, JwtClaimName.ADDRESS_POSTAL_CODE, JwtClaimName.ADDRESS_COUNTRY));
    RegisterClient registerClient = newRegisterClient(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization
    AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
    List<String> scopes = Arrays.asList("openid", "clientinfo");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    JwtAuthorizationRequest jwtAuthorizationRequest = new JwtAuthorizationRequest(authorizationRequest, SignatureAlgorithm.NONE, clientSecret, cryptoProvider);
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NAME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.PICTURE, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ZONEINFO, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.LOCALE, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_STREET_ADDRESS, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_LOCALITY, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_REGION, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_POSTAL_CODE, ClaimValue.createNull()));
    jwtAuthorizationRequest.addUserInfoClaim(new Claim(JwtClaimName.ADDRESS_COUNTRY, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_TIME, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.AUTHENTICATION_CONTEXT_CLASS_REFERENCE, ClaimValue.createValueList(new String[] { ACR_VALUE })));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NAME, ClaimValue.createEssential(true)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.NICKNAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.GIVEN_NAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.FAMILY_NAME, ClaimValue.createEssential(false)));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL, ClaimValue.createNull()));
    jwtAuthorizationRequest.addIdTokenClaim(new Claim(JwtClaimName.EMAIL_VERIFIED, ClaimValue.createNull()));
    jwtAuthorizationRequest.getIdTokenMember().setMaxAge(86400);
    String authJwt = jwtAuthorizationRequest.getEncodedJwt();
    authorizationRequest.setRequest(authJwt);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertAuthorizationResponse(authorizationResponse, responseTypes, true);
    String idToken = authorizationResponse.getIdToken();
    String accessToken = authorizationResponse.getAccessToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    assertJwtStandarClaimsNotNull(jwt, true);
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NAME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.NICKNAME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.GIVEN_NAME));
    assertNotNull(jwt.getClaims().getClaimAsString(JwtClaimName.FAMILY_NAME));
    assertNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL));
    assertNull(jwt.getClaims().getClaimAsString(JwtClaimName.EMAIL_VERIFIED));
    PlainTextSignature signer = new PlainTextSignature();
    assertTrue(signer.validate(jwt));
    // 4. Request user info
    UserInfoClient userInfoClient = new UserInfoClient(userInfoEndpoint);
    UserInfoResponse userInfoResponse = userInfoClient.execUserInfo(accessToken);
    showClient(userInfoClient);
    assertUserInfoBasicMinimumResponseOk(userInfoResponse, 200);
    assertUserInfoPersonalDataNotNull(userInfoResponse, false);
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.NICKNAME));
    assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL));
    assertNull(userInfoResponse.getClaim(JwtClaimName.EMAIL_VERIFIED));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_STREET_ADDRESS));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_LOCALITY));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_REGION));
    assertNotNull(userInfoResponse.getClaim(JwtClaimName.ADDRESS_COUNTRY));
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) PlainTextSignature(io.jans.as.model.jws.PlainTextSignature) UserInfoClient(io.jans.as.client.UserInfoClient) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) RegisterClient(io.jans.as.client.RegisterClient) JwtAuthorizationRequest(io.jans.as.client.model.authorize.JwtAuthorizationRequest) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) UserInfoResponse(io.jans.as.client.UserInfoResponse) Claim(io.jans.as.client.model.authorize.Claim) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Example 2 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class RedirectUriTest method getQueryString_responseModeFormPostJWT_responseEncodedNoEmpty.

@Test
public void getQueryString_responseModeFormPostJWT_responseEncodedNoEmpty() throws CryptoProviderException {
    RedirectUri redirectUri = getRedirectUriTemplateGetQueryString(ResponseMode.FORM_POST_JWT, null, null, null);
    AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
    when(cryptoProvider.sign(anyString(), anyString(), anyString(), any())).thenReturn("12345");
    redirectUri.setCryptoProvider(cryptoProvider);
    redirectUri.addResponseParameter(AuthorizeResponseParam.EXPIRES_IN, "3000");
    String queryResult = redirectUri.getQueryString();
    System.out.println(queryResult);
    // No empty Result
    assertTrue(queryResult.length() > 0);
    assertEquals(queryResult, "eyJraWQiOiJrZXkxMjMiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJ1c2VyMTIzIiwiZXhwIjoiMzAwMCIsImV4cGlyZXNfaW4iOiIzMDAwIn0.12345");
}
Also used : AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.testng.annotations.Test)

Example 3 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class RedirectUriTest method getQueryString_withEncriptionAlgorithm128NoSignatureAlgorithm_responseEncoded.

@Test
public void getQueryString_withEncriptionAlgorithm128NoSignatureAlgorithm_responseEncoded() throws UnsupportedEncodingException {
    RedirectUri redirectUri = getRedirectUriTemplateGetQueryString(ResponseMode.JWT, KeyEncryptionAlgorithm.A128KW, BlockEncryptionAlgorithm.A128GCM, null);
    AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
    redirectUri.setCryptoProvider(cryptoProvider);
    redirectUri.setNestedKeyId("nestedKey123");
    redirectUri.setNestedSharedSecret("nested_shared_secret");
    redirectUri.setSharedSymmetricKey("0123456789012345".getBytes());
    redirectUri.addResponseParameter(EXPIRES_IN, "1644270473301");
    String queryResult = redirectUri.getQueryString();
    System.out.println(queryResult);
    assertNoEmptyQueryString(queryResult, RESPONSE, 1);
    assertTrue(queryResult.startsWith("response=eyJ0eXAiOiJqd3QiLCJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiQTEyOEtXIn0."));
}
Also used : AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.testng.annotations.Test)

Example 4 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class RedirectUriTest method toString_withResponseModeJwtAndresponseTypeCode_validURLQueryString.

@Test
public void toString_withResponseModeJwtAndresponseTypeCode_validURLQueryString() throws CryptoProviderException {
    String valTestCase = "http://redirecturl.com/?response=eyJraWQiOiJrZXkxMjMiLCJ0eXAiOiJqd3QiLCJhbGciOiJSUzI1NiJ9.eyJleHAiOiIxNjQ0MjcwNDczMzAxIiwiZXhwaXJlc19pbiI6IjE2NDQyNzA0NzMzMDEiLCJjbGllbnRfaWQiOiIxMjMifQ.12345";
    List<ResponseType> typeList = new ArrayList<>();
    typeList.add(ResponseType.CODE);
    RedirectUri redirectUri = new RedirectUri("http://redirecturl.com/", typeList, ResponseMode.JWT);
    redirectUri.setKeyId("key123");
    redirectUri.setSharedSecret("shared_secret");
    redirectUri.addResponseParameter(CLIENT_ID, "123");
    redirectUri.addResponseParameter(EXPIRES_IN, "1644270473301");
    AbstractCryptoProvider cryptoProvider = mock(AbstractCryptoProvider.class);
    when(cryptoProvider.sign(anyString(), anyString(), anyString(), any(SignatureAlgorithm.class))).thenReturn("12345");
    redirectUri.setCryptoProvider(cryptoProvider);
    assertEquals(redirectUri.toString(), valTestCase);
}
Also used : ArrayList(java.util.ArrayList) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) SignatureAlgorithm(io.jans.as.model.crypto.signature.SignatureAlgorithm) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) ResponseType(io.jans.as.model.common.ResponseType) Test(org.testng.annotations.Test)

Example 5 with AbstractCryptoProvider

use of io.jans.as.model.crypto.AbstractCryptoProvider in project jans by JanssenProject.

the class TokenSignaturesHttpTest method requestAuthorizationIdTokenNone.

@Parameters({ "redirectUris", "userId", "userSecret", "redirectUri", "sectorIdentifierUri" })
@Test
public void requestAuthorizationIdTokenNone(final String redirectUris, final String userId, final String userSecret, final String redirectUri, final String sectorIdentifierUri) throws Exception {
    showTitle("requestAuthorizationIdTokenNone");
    List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE);
    // 1. Registration
    RegisterRequest registerRequest = new RegisterRequest(ApplicationType.WEB, "jans test app", StringUtils.spaceSeparatedToList(redirectUris));
    registerRequest.setContacts(Arrays.asList("javier@gluu.org", "javier.rojas.blum@gmail.com"));
    registerRequest.setResponseTypes(responseTypes);
    registerRequest.setIdTokenSignedResponseAlg(SignatureAlgorithm.NONE);
    registerRequest.setSectorIdentifierUri(sectorIdentifierUri);
    RegisterClient registerClient = new RegisterClient(registrationEndpoint);
    registerClient.setRequest(registerRequest);
    RegisterResponse registerResponse = registerClient.exec();
    showClient(registerClient);
    assertRegisterResponseOk(registerResponse, 201, true);
    String clientId = registerResponse.getClientId();
    String clientSecret = registerResponse.getClientSecret();
    // 2. Request authorization and receive the authorization code.
    List<String> scopes = Arrays.asList("openid", "profile", "address", "email");
    String nonce = UUID.randomUUID().toString();
    String state = UUID.randomUUID().toString();
    AuthorizationRequest authorizationRequest = new AuthorizationRequest(responseTypes, clientId, scopes, redirectUri, nonce);
    authorizationRequest.setState(state);
    AuthorizationResponse authorizationResponse = authenticateResourceOwnerAndGrantAccess(authorizationEndpoint, authorizationRequest, userId, userSecret);
    assertNotNull(authorizationResponse.getLocation());
    assertNotNull(authorizationResponse.getCode());
    assertNotNull(authorizationResponse.getState());
    assertNotNull(authorizationResponse.getScope());
    assertNull(authorizationResponse.getIdToken());
    String scope = authorizationResponse.getScope();
    String authorizationCode = authorizationResponse.getCode();
    // 3. Request access token using the authorization code.
    TokenRequest tokenRequest = new TokenRequest(GrantType.AUTHORIZATION_CODE);
    tokenRequest.setCode(authorizationCode);
    tokenRequest.setRedirectUri(redirectUri);
    tokenRequest.setAuthUsername(clientId);
    tokenRequest.setAuthPassword(clientSecret);
    tokenRequest.setAuthenticationMethod(AuthenticationMethod.CLIENT_SECRET_BASIC);
    TokenClient tokenClient = new TokenClient(tokenEndpoint);
    tokenClient.setRequest(tokenRequest);
    TokenResponse tokenResponse = tokenClient.exec();
    showClient(tokenClient);
    assertEquals(tokenResponse.getStatus(), 200);
    assertNotNull(tokenResponse.getEntity());
    assertNotNull(tokenResponse.getAccessToken());
    assertNotNull(tokenResponse.getExpiresIn());
    assertNotNull(tokenResponse.getTokenType());
    assertNotNull(tokenResponse.getRefreshToken());
    String idToken = tokenResponse.getIdToken();
    // 3. Validate id_token
    Jwt jwt = Jwt.parse(idToken);
    AbstractCryptoProvider cryptoProvider = createCryptoProviderWithAllowedNone();
    boolean validJwt = cryptoProvider.verifySignature(jwt.getSigningInput(), jwt.getEncodedSignature(), null, null, null, SignatureAlgorithm.NONE);
    assertTrue(validJwt);
}
Also used : RegisterRequest(io.jans.as.client.RegisterRequest) AuthorizationRequest(io.jans.as.client.AuthorizationRequest) Jwt(io.jans.as.model.jwt.Jwt) ResponseType(io.jans.as.model.common.ResponseType) AuthorizationResponse(io.jans.as.client.AuthorizationResponse) RegisterResponse(io.jans.as.client.RegisterResponse) TokenResponse(io.jans.as.client.TokenResponse) RegisterClient(io.jans.as.client.RegisterClient) TokenRequest(io.jans.as.client.TokenRequest) AbstractCryptoProvider(io.jans.as.model.crypto.AbstractCryptoProvider) TokenClient(io.jans.as.client.TokenClient) Parameters(org.testng.annotations.Parameters) Test(org.testng.annotations.Test) BaseTest(io.jans.as.client.BaseTest)

Aggregations

AbstractCryptoProvider (io.jans.as.model.crypto.AbstractCryptoProvider)23 Test (org.testng.annotations.Test)17 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)10 ResponseType (io.jans.as.model.common.ResponseType)7 BaseTest (io.jans.as.client.BaseTest)6 SignatureAlgorithm (io.jans.as.model.crypto.signature.SignatureAlgorithm)6 Jwt (io.jans.as.model.jwt.Jwt)6 AuthorizationRequest (io.jans.as.client.AuthorizationRequest)5 AuthorizationResponse (io.jans.as.client.AuthorizationResponse)5 RegisterClient (io.jans.as.client.RegisterClient)5 RegisterRequest (io.jans.as.client.RegisterRequest)5 RegisterResponse (io.jans.as.client.RegisterResponse)5 Parameters (org.testng.annotations.Parameters)5 UserInfoClient (io.jans.as.client.UserInfoClient)4 UserInfoResponse (io.jans.as.client.UserInfoResponse)4 Claim (io.jans.as.client.model.authorize.Claim)4 JwtAuthorizationRequest (io.jans.as.client.model.authorize.JwtAuthorizationRequest)4 PlainTextSignature (io.jans.as.model.jws.PlainTextSignature)3 ArrayList (java.util.ArrayList)3 JSONObject (org.json.JSONObject)3